3.4 Risk management
Earlier, this course considered what is meant by risk. To recap, assessing risk involves an evaluation of the severity of harm and the likelihood of the risk occurring. The process of evaluating alternative actions and selecting the most appropriate is often called risk management.
Risk management is a practice with processes, methods and tools for managing risks in a project, activity or event. It provides a disciplined environment for decision making to:
- assess continuously what could go wrong (identify risks)
- determine which risks are important to deal with
- implement strategies to deal with those risks.
At this point it is important to note that while the concept of risk, and the idea of risk management, are used in many diverse fields, their meanings differ in different disciplines. When you say you are going to take a risk, you probably mean that you are prepared to take a chance of an adverse consequence in the expectation of a benefit. Implicit in that interpretation is that risk reflects both a likelihood of ‘harm’ and a measure of the consequence. In everyday life, however, it is consequence that may be of greatest concern, rather than likelihood. Commonly people associate risk with some aspect of ‘loss’, which could include a health or environmental impact, but could also involve financial loss, societal loss, loss of equipment or operating capacity, product loss or staff loss. Risk management is the decision-making process involving consideration of political, social, economic and engineering information alongside risk-related information that could be applied to many different situations.
Risk management is proactive – that is, you should have identified your potential hazards in any given situation, evaluated whether they are likely to occur and so have an idea of your risk. If you are evaluating health and safety or environmental impacts, the next stage is to manage that risk to ‘as low as reasonably practicable’ or ALARP, as discussed earlier. This management might include a number of measures to reduce risk, a demonstration that an activity or process is ‘safe’, or an evaluation of whether it is an acceptable risk. However, whether managing the risk of an adverse health impact, a financial risk or perhaps a product risk, it is important to know that any risk is not merely managed ‘once’ – generally, risk management is an ongoing process that is regularly reviewed, and revised either over time or when given new or changed information. It is also important to take on board a number of views when managing risk, rather than relying on a single point of information. This may mean consulting with a number of stakeholders.
A stakeholder is anyone who has a ‘stake’ or interest in a risk management situation. Stakeholders typically include groups that are affected or potentially affected by the risk, the risk managers, and groups that will be affected by any efforts to manage the source of the risk. Who the stakeholders are depends entirely on the situation. The objectives, interests and responsibilities of stakeholders may be varied and contradictory. Questions that can help to identify potential stakeholders include the following.
- Who might be affected by the risk management decision? (Bear in mind that they may not know they are affected.)
- Who has information and expertise that might be helpful?
- Who has been involved in similar risk situations before?
- Who has expressed interest in being involved in similar decisions before?
- Who might reasonably be upset if not included?
Different stakeholders may have different perceptions and concerns. This section has considered hazard, risk and risk perception – it is important to recognise that various opinions will have an impact on how a risk is perceived and how it is managed.