Basic risk assessment

So how do we assess risk?

We have seen that the risk environment within which emergency managers operate is subject to societal pressures that can take the form of legal and media scrutiny, which leads to a focus on compliance.

In addition, there is an expectation that emergencies are resolved and emergency workers are kept safe. This requires robust incident management processes, the starting point for which is risk anticipation (Cabinet Office 2011), followed by risk assessment (Haddow, Bullock and Coppola 2017) and finally risk management, including prevention and preparation (HSE n.d. a; Cabinet Office 2011).

Anticipation is sometimes known as ‘horizon-scanning’. It requires the planner to be:

‘aware of new hazards and threats which might affect their locality and be ready to revise their risk assessments and plans accordingly’ (Cabinet Office 2011: 17).

Assessment is the way that such risk is codified and prioritised, and it provides a means by which the appropriate control measures can be undertaken to prevent, limit or otherwise manage a risk.

There are a number of different forms of risk assessment, depending upon the context where they are required. This can be different depending upon the nature of your occupation, the timeframe over which you are assessing a risk, or the phase of the emergency or disaster – for example, ‘preparation’ or ‘response’.

Quantitative or probabilistic risk approaches use information such as actuarial data to bring science to the art of prediction. Such approaches are often used in high-technology industries, and might involve methodologies such as deviation analysis, failure modes and effects analysis, hazard and operability studies or fault-tree/decision-tree analysis (HSE n.d. b).

Qualitative or semi-qualitative risk assessment involves making a formal judgement on the consequence and probability of a hazard being realised (Rausand 2013), and though many people believe this to be scientific in its basis, actually it is often more subjective in approach. It is, however, a very good way to begin to understand the basic principles of risk if you are new to the subject.

The primary steps are as follows:

  • Who should carry out the risk assessment? (ie who has a duty, are specialist skills required, etc)
  • What are the hazards? (ie fire, explosion, riot, building collapse, etc)
  • What is the likelihood? (ie possible, probable, certain, etc)
  • Who is exposed to the risk? (ie building occupants, general public, vulnerable people, emergency workers, etc)

Using a risk matrix

Perhaps the most basic method of risk assessment is to use a risk matrix. If a risk can be described as the outcome of the impact and likelihood of a hazard being realised, then a matrix provides a way to express this.

First we consider the severity of the impact of our hazard. This differs from organisation to organisation. An impact of 1 is the least impactful, and the highest might be 3, 5 or even 10, depending upon the granularity of the assessment.

Next we examine the likelihood of the hazard taking place. If we have a lot of data on the past occurrences of this hazard, we may be able to take a scientific approach on its likelihood. Alternatively, we may be basing this on more general information, at which point our assessment should be recognised as qualitative, despite its apparently numerical basis.

Once a hazard is identified, it is ascribed a score in terms of its impact and likelihood. These two elements are multiplied together to produce an overall risk score, which will then inform decisions on what should be done to control the risk. An organisation will establish its ‘risk appetite’ and may decide, for example, that it does not need to invest time and money in controlling low-scoring risks.

An example is given in the Downloads section of two risk matrices of differing granularity: a 3x3 matrix and a 6x6 matrix.


Your task

As you have seen, it is possible to use matrices of varying granularity to calculate a risk assessment score.

Investigate the potential advantages of adding more granularity to a scoring matrix. Are there any disadvantages?


References

Cabinet Office (2011) ‘Chapter 1 Emergency Preparedness’ [online] available from https://assets.publishing.service.gov.uk/government/uploads/system/uploads/attachment_data/file/61024/Chapter-1-Introduction_amends_16042012.pdf [11 May 2018]

Haddow, G., Bullock, J., and Coppola, D. P. (2017) Introduction to Emergency Management. Oxford: Butterworth-Heinmann

HSE (n.d. a) ‘Risk Management’ [online] available from http://www.hse.gov.uk/risk/ [11 May 2018]

HSE (n.d. b) ‘Quantitative Risk Assessment - HSE’ [online] available from <www.hse.gov.uk/quarries/education/overheads/topic5.doc> [11 May 2018]

Rausand, M. (2013) Risk Assessment: Theory, Methods and Applications. John Wiley & Sons

Share this article:

This article is from the free online course:

Emergency Management: Risk, Incidents and Leadership

Coventry University