3.9 Risk management
Implicit in the Engineering Council policy is the process of evaluating alternative actions and selecting the most appropriate. We can call this 'risk management'. We do it, whether consciously or subconsciously, in our daily lives when we think about different tasks (see Everyday risk management ).
Everyday risk management
Risks are everywhere. How do we decide which ones are worthy of our attention? In an ideal world, on some regular basis, we would review our priorities systematically. That would begin by listing all the risks we face, ordered according to the threat posed by each. It would continue by listing every option for controlling each risk, characterised by some estimate of its effectiveness and cost. It would conclude by identifying the 'best buys' in risk reduction, the strategies that achieve the greatest reductions at the least cost. Those costs might be measured in money, time, effort, 'nagging' or whatever other resources we have to invest in risk management. As a by-product, this analytical process would leave a list of residual risks, which we cannot reduce at any reasonable price, but may continue to concern us.
In reality, though, such systematic reviews of risk are as rare as systematic reviews of how we spend our time, money or emotions. One obvious constraint on any of these activities is lack of time to perform them. However, even with all the time in the world, there would still be daunting obstacles. Risks are so diverse that it is hard to compile either the list of threats or the set of possible control strategies.
But although we rarely systematically review the risks that affect us we do make risk management decisions all the time, sometimes based on gut feel or common sense as much as hard facts. Reviewing my daily activities, I find many examples of conscious or subconscious risk management decisions. I decide that it is better to accept the risk of electrocution by turning on the light in the morning than to face the risk of tripping and falling on my way to the bathroom. I decide the risk from a cup of morning coffee via its known carcinogens is far outweighed by the risk of driving my car before I fully wake up! Driving to work, I fasten my seat belt, because it almost doubles my chances of surviving an accident. And, of course we all make continuous risk assessments when driving.
The life expectancy in the UK rose from 71 years for men and 77 years for women born in 1981 to an estimated 78 years for men and 82 for women for those born at the end of the first decade of the 21st century. Thus, total risks have decreased. The increased interest in risk assessment and management in conjunction with a longer life span means we worry more and more about lower risks. As we define the risks in our society in more detail, we become more fascinated by smaller, less significant risks. We fear the unknown and are confident that only what we don't know can hurt us. It's no wonder that risk management, as well as risk perception can be a highly emotional issue. I can't be the only one who drives too fast when late for an appointment.
(Adapted from Johnson, 1991 and Fischhoff, 1995)
Risk management is a practice with processes, methods, and tools for managing risks in a project, activity or event. It provides a disciplined environment for proactive decision making to:
- assess continuously what could go wrong (identify risks)
- determine which risks are important to deal with
- implement strategies to deal with those risks.
It is a decision-making process that involves the consideration of political, social, economic and engineering information together with risk-related information.
So what is risk? So far I have avoided a precise definition of the term. Like the word accident, it is a word of such common usage that we have all some idea of its meaning.
Activity 30 (exploratory)
Write down your definition of risk.
The Shorter Oxford English Dictionary, says:
- Hazard, danger, exposure to mischance or peril.
- The chance or hazard of commercial loss, specifically in the case of insured property or goods.
If you look up dictionary definitions for risk, hazard, peril and similar words such as danger or jeopardy, you find that as well as all referring to each other in their definitions they virtually can all be used to convey the two concepts listed above. That is, they can be used to describe a particular generally unwanted event or outcome (see 1 above), or they can be used to describe the chance or probability of an unwanted event or outcome occurring (see 2 above). Although this double meaning can be confusing, in managing risks, dangers or perils we do have to first identify the outcome and estimate the likelihood of it happening.
Three definitions of risk taken from the Guidelines on Risk Issues from The Engineering Council (2011) are:
- Risk is the chance of an adverse event.
- Risk is the likelihood of a hazard being realised.
- Risk is the combination of the probability or frequency of occurrence of a defined hazard and the magnitude of the consequences of the occurrence (which agrees with the British Standard definition in BS 4778: Section 3.1: 1991 Quality Vocabulary). It is therefore a measure of the likelihood of a specific undesired event and the unwanted consequences or losses.
Note that all three deal with the likelihood of an event rather than the definition of the event itself. Furthermore, the third definition also tries to factor in just how undesirable the event is. We can consider events ranging from disasters to relatively minor inconvenience. To the people involved, even a relatively minor event (such as a fatal car accident) has enormous consequences; but it is unlikely to receive national attention. Major incidents, perhaps involving much loss of life, receive the greatest publicity and tend to raise general concerns about the risks of engineering failure; even though the failure might only have been avoidable with the hindsight gained from the incident.
So perceptions of risk are not based solely on quantitative measures but include subjective value judgements. These may be influenced by the degree to which the risk is imposed upon us, rather than accepted voluntarily, our knowledge of the problem, our trust in the 'management' of the risk and so on. Indeed, we can sometimes have very emotional or even irrational opinions about certain risks as illustrated when people talk about flying, for example.