See discussions, stats, and author profiles for this publication at: https://www.researchgate.

net/publication/341034867

Risk Assessment and Management

Research · June 2019

DOI: 10.13140/RG.2.2.13427.48160

CITATIONS READS

2 56,885

1 author:

Tanmoy Sinha
Tetra Tech Canada Inc.
11 PUBLICATIONS 5 CITATIONS

SEE PROFILE

All content following this page was uploaded by Tanmoy Sinha on 30 April 2020.

The user has requested enhancement of the downloaded file.

 Risk Assessment and Management
Tanmoy Sinha
Memorial University of Newfoundland, Canada

Abstract:
Risk assessment and management was established as a scientific field around 20-30 years prior.
Principles and processes were introduced for how to conceptualize, assess, and manage risk. Risk
assessment and management are fast becoming routine in civil engineering as well as most of the
organizations, companies, construction firms, financial institutions for capturing, assessing, and
planning for risks on their projects. Recent experience has shown that risk management techniques
employed on development projects can help reduce unexpected delay, assets failure. However,
capturing these risks and accurately predicting their impact is not a simple task as the nature of the
risk is difficult to predict and this uncertainty can often have the greatest influence on the success of
the project. This paper discusses detailed techniques and procedures of risk assessment and
management process and addresses how they can be used to help mitigate the likelihood and
consequence of risk events like asset loss, financial risk, safety risk, operational risk, etc.

Introduction:
The assessment and management of risks are key segments of the day by day errands of people.
Starting from a mode of transportation to deciding on what to eat for dinner, potential concerns are
pointed out, the outcome considered, and the probability of a mishap debated. To ensure an enjoyable
dinner or risk-free trip, a decision is made on the “best” course of action and steps are taken to prevent
an unexpected result. Risk assessment and management is also part and parcel of an engineer’s life.
All hazards or risk events need to be detected, and corresponding probabilities and consequences need
to be analyzed. The decision must be made on whether the risk is acceptable or unacceptable. If the
risk is acceptable, then appropriate risk mitigation activities need to be conducted, and if
unacceptable, activities must not be undertaken. Regular review and monitoring are required to ensure
the effectiveness of the implemented strategy or action.

Objectives:
1. Define risk assessment, risk evaluation, and risk management.
2. Describe the risk assessment and management process,
3. Discuss how risks are evaluated.
4. Discuss how risks are controlled or mitigated.

Hazard and Risk:

The terms hazard and risk are often used in risk assessment and management activities, but they
should be confused in this manner as these two terms are not the same.

1
Hazard: The potential of a machine, equipment, process, material, or physical factor in the working
environment to cause harm to people, environment, assets, or production.

Risk: The possibility of injury, loss or environmental injury created by a hazard. The significance of
risk is a function of the probability of an unwanted incident and the severity of its consequence.

There are several features of these definitions worth noting:

• Hazard emerges from risks. Intensive peril identification is vital to the powerful administration of
risk; one can't deal with the risk emerging from a hazard that has not been distinguished.

• Harm or damage can occur in four broad areas – people, the environment, assets (equipment,
property, etc.), and production (or process, i.e., business interruption).

A hazard is something that has the potential to cause harm, but the risk is the likelihood of a hazard
causing harm. So, there is a chance of occurring some degree of losses coming in contact with a
hazard event. For example, snow fall on a highway is a hazard because due to snow fall, the roads
become slippery and that has potential to cause harm to human life as well as damage to the car also.
The risk from this hazard is a function of both the probability of encountering snow while driving on
the highway and the severity of the consequences of driving over an icy patch. If a driver wants to
drive over an icy patch at the same speed during a winter storm at night, then the risk probability is
higher, and the consequence of the risk will be severe. Waiting for the storm to end and the salt
or sand trucks to complete their job, along with reducing speed and making the trip in daylight
hours, lessen both the probability and severity of consequences. Thus, the risk, in this case, would be
to be lower than in the previous high-risk scenario.

Risk analysis framework:

The risk analysis framework is developed based on the three interconnected elements. (a) Risk
assessment, (b) Risk management, and (c) Risk communication. Risk assessment is a thorough look
at your workplace to identify those things, situations, processes, etc. that may cause harm, particularly
to people. After identification is made, you analyze and evaluate how likely and severe the risk is. At
the point when this assurance is made, you can straight away, choose what measures ought to be set
up to successfully take out or control the damage from occurring. The use of risk assessments has
traditionally been an integrated part of a common risk analysis framework Fig. 1., where risk
assessment is done by risk assessors who provide scientific advice to support decision making by risk
managers. Risk communication is a fundamental piece of the risk examination, both between risk
assessors and risk directors and between assessors, administrators, and different partners.

Risk assessment process:

Step-1: Identify the hazard: To avoid harm, it is critical to comprehend what is probably going to
turn out badly as well as how and why it might turn out badly. Think about the movement within the
context of the physical environment and the culture of the association and the staff who play out the
action. Hazard can be distinguished by utilizing a few unique methods, for example, walking round

2
the working environment, asking your representatives, check the manufacturer information sheet or
accident books.
The impact of late hazard identification and early hazard identification are shown in the Fig.2. and
Fig.3. respectively. It is clear that, if it takes a long time to identify the all-hazards created, then the
cost of developing the management process will significantly higher than the early hazard
identification.

Step-2: Decide who might be harmed: When you have distinguished various hazards, you have to
comprehend who may be hurt and how, for example, 'individuals working in the warehouse', or
individuals from people in general. On the off chance that the errand makes dust or fumes, that could
spread to other workers nearby. Always consider the workers or operators, the adjacent workers,
visitors, or other occupants.

Step-3: Evaluate the risks and decide on the precautions: After ‘identifying the hazards’ and
‘deciding who might be harmed and how’ you are then required to protect the people from harm. The
hazards can either be removed completely or the risks controlled so that the injury is unlikely. In
order to reduce the consequence of the risk initially it is required to prevent access to hazard, organize
the work to reduce exposure, issuing protective equipment and welfare facilities.

Step-4: Record the findings and put them into place: Your findings should be written down it’s a
legal requirement where there are 5 or more employees; and by recording the findings it shows that
you have identified the hazards, decided who could be harmed and how, and also shows how you
plan to eliminate the risks and hazards. This record should include details of any hazards noted in
the risk assessment, and action is taken to reduce or eliminate risk. This record provides proof that
the assessment was carried out and is used as the basis for a later review of working practices. The
risk assessment is a working document. You should be able to read it. It should not be locked away
in a cupboard.

Step-5: Review the risk assessment: Risk assessments should be reviewed if there is any significant
change if any improvements that still need to be made if the proposed actions generate new hazards.
To ensure safe working practices continue to be applied and take account of any new working
practices or new machinery, it is mandatory to review the risk assessment.

Risk Management process:

A functional definition (Wilson & McCutcheon, 2003) of risk management is as follows:

Risk Management: The complete process of understanding risk, risk assessment, and
decision making to ensure effective risk controls are in place and implemented. Risk
management begins with actively identifying possible hazards leading to the ongoing
management of those risks deemed to be acceptable

Phase-1: Analysis the risk:

3
Risks represent significant vulnerabilities about outcomes. Any vulnerability may be measured in
two dimensions - the probability of the risk occasion happening and the degree of the outcomes if it
were to occur.
Risk analysis generally involves the assignment of an overall risk rating to each of the risk events
identified by following these steps:
• Analyse inherent risk - What is the likelihood and consequence of a risk event if it were to
occur in an uncontrolled environment?
• Identify and evaluate controls - What existing controls are in place to address the identified
risk and how effective are these controls in design and operation?
• Analyse residual risk - What is the likelihood and consequence of a risk event if it were to
occur in the current control environment?

Likelihood: Likelihood is the chance of an event happening, for example, a failure (asset as well as
organizational) or service reduction. It can be measured objectively, subjectively, qualitatively, or
quantitatively. Risk likelihood is divided between very likely to very unlikely based on the probability
of risk event occurring shown in Table.1.

Consequence: A consequence is the outcome of an event and has an effect on objectives. A single
event can generate a range of consequences which can have both positive and negative effects on
objectives. Consequence of risk is divided between fatality to negligible injuries based on the impact
of risk shown in Table.2.

Risk Rating: Based on the likelihood scale and consequence scale, the risk is defined by the
following equations:

Likelihood of risk impact = ∑ni=1 Li ……… (1)

Consequence of risk = ∑ni=1 Ci …………….(2)
Risk = ∑ni=0 (Li × Ci ) ……………………..(3)

Here, n = number of risk events

L = likelihood of the risk
C = consequence of the risk

Using Eq.3, the risk matrix is developed to identify the severity of risk events Fig.4. as well as
corresponding action implementation Table.3.

Phase-2: Risk treatment:

Risk treatment includes building up a scope of choices for reducing the risk, surveying those
alternatives, and after that planning and executing activity plans. The most astounding evaluated risks
ought to be tended to as an issue of earnestness.
Choosing the most suitable risk treatment means adjusting the expenses of executing every movement
against the advantages determined. In general, the cost of managing the risks needs to be
commensurate with the benefits obtained. When making cost versus benefit judgments the wider
context should also be considered.

4
Depending on the type and nature of the risk, the following options are available:
• Avoid - choosing not to continue with the action that exhibited the unsuitable risk, picking an
option less risky methodology or procedure.
• Reduce - actualizing a methodology that is intended to decrease the likelihood or consequence of
the risk to an adequate dimension, where elimination is intemperate regarding time or cost.
• Share or Transfer - executing a technique that shares or transfers the risk to another party or
parties, for example, redistributing the administration of physical resources, creating contracts with
specialist co-ops or guaranteeing against the risk. The third-party tolerating the risk ought to know
about and consent to acknowledge this commitment.
• Accept - deciding on an informed choice that the risk rating is at a satisfactory dimension or that
the expense of the treatment exceeds the advantage. This choice may likewise be applicable in
circumstances where a leftover risk stays after other treatment alternatives have been set up. No
further move is made to treat the risk; notwithstanding, ongoing checking is suggested.

Phase-3: Monitor and review:

Monitoring and review ought to be a designed part of the risk the management procedure and include
normal checking or observation. The outcomes need to be recorded and detailed remotely and inside,
as suitable. The results should also be an input to the review and continuous improvement of risk
management framework.
Duties regarding checking and survey should be unmistakably characterized. The monitoring and
review processes should encompass all aspects of the risk management process for the purposes of:
• Ensuring that controls are successful and efficient in both structure and activity
• Obtaining further information to improve risk assessment
• Analyzing and taking in exercises from risk occasions, including close misses, changes, changes,
trends, successes, and failures
• Detecting changes in the external and internal context, including changes to risk criteria and to the
risks, which may require revision of risk treatments and priorities
• Identifying emerging risks.

Summary:
1. The goal of risk management is to take corrective actions to reduce the impact and likelihood.
2. The impact can be reduced by controlling the sources from which they arise and instituting
limits to the exposures.
3. There are some risks that cannot be either eliminated or transferred and must be absorbed by
the organization.
4. To manage the risks, we have to establish a good bondage between all team members.
5. Risks are not always negative, and it is an opportunity to develop a project in a better way
with good outcome.

5
References:

1. Aven, T. (2016). Risk assessment and risk management: Review of recent advances on their
foundation. European Journal of Operational Research, 253(1), 1-13.
2. Calow, P. P. (Ed.). (2009). Handbook of environmental risk assessment and management. John
Wiley & Sons.
3. Dai, F. C., Lee, C. F., & Ngai, Y. Y. (2002). Landslide risk assessment and management: an
overview. Engineering geology, 64(1), 65-87.
4. Fell, E. L. C. B. R. (2005). Risk assessment and management. In Landslide risk
management (pp. 163-202). CRC Press.
5. Grey, S. (1995). Practical risk assessment for project management (Vol. 1). Chichester:
Wiley.
6. Haimes, Y. Y. (2015). Risk modeling, assessment, and management. John Wiley & Sons.
7. Henley, E. J., & Kumamoto, H. (1996). Probabilistic risk assessment and management for
engineers and scientists. IEEE Press (2nd Edition).
8. Huggel, C., Haeberli, W., Kääb, A., Bieri, D., & Richardson, S. (2004). An assessment
procedure for glacial hazards in the Swiss Alps. Canadian Geotechnical Journal, 41(6), 1068-
1083.
9. Iqbal, S., Choudhry, R. M., Holschemacher, K., Ali, A., & Tamošaitienė, J. (2015). Risk
management in construction projects. Technological and Economic Development of
Economy, 21(1), 65-78.
10. Packwood, T. R. (2006). U.S. Patent No. 7,006,992. Washington, DC: U.S. Patent and
Trademark Office.
11. Spross, J., Olsson, L., & Stille, H. (2018). The Swedish Geotechnical Society’s methodology
for risk management: a tool for engineers in their everyday work. Georisk: Assessment and
Management of Risk for Engineered Systems and Geohazards, 12(3), 183-189.
12. Risk.net. (2019). Retrieved from https://www.risk.net/risk-management
13. Asset Management Manual - World Road Association (PIARC). (2019). Retrieved from
https://road-asset.piarc.org/en
14. Asset Management Manual - World Road Association (PIARC). (2019). Retrieved from
https://road-asset.piarc.org/en
15. https://www.nap.edu/read/25261/chapter/9
16. https://survey.charteredaccountantsanz.com/risk_management/smallfirms/monitor.aspx
17. https://www.stakeholdermap.com/risk/risk-management-construction.html
18. https://www.researchgate.net/publication/283350329
19. https://www.researchgate.net/publication/242117931
20. https://www.researchgate.net/publication/237820979

6
 Appendix

Figures:

Fig.1. Risk analysis framework

Fig.2. Late risk identification

7
Fig.3. Early risk identification

Fig.4. Risk matrix

8
 Tables:
Table.1. Typical likelihood scale
Level Likelihood Description

4 Very likely Happens more than once a year

3 Likely Happens about once a year

2 Unlikely Happens every 10 years or more

1 Very unlikely Has only happened once

Table.2. Typical consequence scale

Level Consequence Description

4 Fatality Financial losses greater than $50,000

3 Major injuries Financial losses between $10,000 and $50,000

2 Minor injuries Financial losses between $1000 and $10,000

1 Negligible injuries Financial losses less than $1000

Table.3. Risk condition and action implementation

Risk Condition Action

Extreme / High-Risk Serious danger. Immediate action required in this type of risk

Moderate danger. Action as soon as possible to implement controls to

Medium Risk
reduce the risk to as low as reasonably practical

It may range from minor to negligible danger. Assess if further action

Low Risk
can be taken.

9
View publication stats