Wait… what?
Ha! We lured you in. And now you are stuck. You thought you were going to read something about risk assessment methods but are now realizing risk analysis and risk assessment are not the same. This might make you feel a bit embarrassed at first, disappointment maybe, or even angry? But why go down that road when you can be surprised and enlightened instead: indeed, risk assessment and risk analysis are not exactly the same thing. Let us untangle through this blog post the interchangeably used phrases ‘assessment’ versus ‘analysis’ and provide you with best practice options to start cooking.
Grocery shopping
Risk assessment is the overall process of risk identification, risk analysis and risk evaluation. In risk assessment there is basically only one method to use. What you will need for a descent risk assessment, is to take the following steps:
- A way to identify your hazards, threats or perils that contribute to risk;
- Determine their significance by stating what the potential impact is, how frequent this is going to happen and who/what may be harmed in what way;
- Decide what options you have in taking precautions to deal with them;
- Communicate as well as keep a record of the points mentioned above;
- Evaluate risk according to risk acceptance criterion;
- Iterate risk assessment for unaccepted risk after improvements made
That does sound a lot like a PDCA cycle. Perhaps you already have such a process in place. If so, do not be afraid to refurbish some of the steps with a fresh perspective on things from time to time. Once you have all these ingredients in place you are done. Right? Or is there still a bit more to it?
Start your cooking
You will not be able to serve this dish if it is not fully assembled yet. You will need an analysis method to buffer your assessment with quality insights. Therefore, risk analysis is inevitably a part of doing risk assessment. Doing a risk assessment without thorough risk analysis is like having a dusty vacuum cleaner; it surely happens a lot, but ironically defies the purpose. Without a proper risk analysis, your risk assessment will be too shallow to base management decisions on, and if that is the case, why bother at all?
The encore
Alright, alright, you probably did expect to see some sort of top-5 list in this blog to choose from, so here you have it. The most commonly used risk analysis methods are (ordered randomly):
1 – What-if Analysis
Meant to identify hazards, hazardous situations or event sequences that can result in unwanted outcomes. The method focuses on possible deviations from the entire process lifecycle, with special reference to the designed intent.
2 – Fault Tree Analysis
A top-down visual analysis that combines technical (hardware) failures and human error interactions to accumulate into an unwanted (top) event. It shows pathways plus and/or logic gates that can contribute to the next event to occur.