Welcome to the SafetyCloud Blog

How to select and adapt risk assessment approaches and methods

Posted by Jiaqi Sun on Jul 17, 2017 10:30:00 AM
Jiaqi Sun

Cover image 17 July 2017-1.jpg

Our Market Researcher, Jiaqi Sun, has put together research to provide an overview of commonly-used risk assessment approaches and processes to manage hazard, operational and strategic risks. Over the next series of blogs, we will drill down into:

  • an overview of risk assessment methodologies and trends
  • risk assessment methodologies and techniques by risk categories and industries
  • selection criteria for risk assessment methodologies and techniques
  • conclusions and strategic recommendations.


Let’s begin…


As we all know, a there are a variety of methods, but they often share commonalities in managing different types of risk, so combining them is an expected action, as this is likely to enhance the effectiveness of your risk assessment and how you go about selecting the right risk control measures for your specific safety requirements.


At NOSA, we have incorporated a combination of qualitative, semi-quantitative and quantitative methods into our existing training courses by adapting to the OHSE context.


Here’s what our research yielded

Our research reviews a diverse range of risk management, and assessment methodologies and techniques across various industries and recommends the selection criteria you’ll need to choose the risk assessment techniques that will fit your organisation’s risk profile (and fulfil the needs of other organisation-specific factors). Not only did we extensively consult relevant literature on risk management processes, methodologies and their industry-specific applications, but we gathered additional insights with the help of Bryan Keague (General Manager: Mining).


The research reviews risk assessment processes, methodologies and techniques commonly used to:

  • identify
  • analyse, and
  • evaluate risk, such as:
  • hazard
  • operational
  • strategic, and
  • financial risks.


We’ve reviewed the following industries, in terms of their application of country-, industry- or company-specific methods that suit their nature of business, risk profile, and size (among other factors):


  • Mining
  • Construction
  • Heavy engineering (electrical utilities, manufacturing supply chain)
  • Public sector, e.g. governments or municipalities
  • Law enforcement/defence force (money laundering, terrorist financing, corruption, and crime)
  • Telecommunications and IT (ITC)
  • Power generation and distribution
  • General industry
  • OHSHEQ (safety, hygiene, preventative health, environmental health, and mental health)
  • Others (oil and gas, marine, supply chain, government and financial services)


What is the industry standard at present?

Most industries have followed the ISO 31000: 2009 standard risk assessment process, while the revision in 2017/18 will give organisations more freedom to choose their own risk assessment processes. The vast majority of risk assessment techniques are based on the risk matrix methodology, which consists of frequency and severity. You can extend the matrix to include exposure and vulnerability when you apply it in the following risk management spaces:

  • Environmental
  • Health
  • Disaster
  • Cyber security


Other risk assessment approaches include crime risk assessment mechanism (a vector function), and traffic accident prediction model (regression analysis). More sophisticated methodologies are based on simulation and modelling techniques, such as the surrogate safety assessment model and neuron networks using analytics software.


Should you use a qualitative or quantitative method?

You risk assessment will either be qualitative or quantitative when assessing various internal and external risks. The qualitative approach is easy and quick to use, while the quantitative approach will generate more accurate results, but at a greater cost.


As an organisation, you are expected to balance the use of the two types of risk assessment approaches, as perfection may well lead to inefficiency and disrupt core businesses. Despite any challenges, your risk assessment or measurement should take into account the interrelationships among risk categories and risks to assess risk from a portfolio perspective (for example, regression and root cause analyses).


You will review various techniques at three points of the risk assessment process:

  • hazard identification
  • risk analysis, and
  • risk evaluation.


The majority of them are qualitative or semi-quantitative in nature, while sophisticated quantitative methods, such as Monte Carlo simulation are mostly used for assessing events of high uncertainty, such as climate change and emerging diseases.


Modelling and simulation methods (e.g. Value-at-Risk) are also used for evaluating high-consequence incidents, such as natural disasters and a large amount of data is required to conduct the analysis. The forthcoming research will focus on risk analysis and evaluation techniques that provide a comprehensive assessment, instead of only on one element of the risk evaluation equation.


General guidelines for selecting risk assessment techniques

There are general guidelines on how to select risk assessment techniques, such as purposes of analysis, resources and data requirements. Due to different industries and countries with different hazards and human behaviours, your selection of risk assessment methodologies and techniques must take into account industry- and region-specific factors, for example, the phases of project life cycle in the Australian mining industry. Business units within your enterprise should choose their own techniques that reflect the need for precision and the culture of the business unit. However, their choices of techniques should facilitate your enterprise-wide assessment of the company’s risks.


The integration of qualitative knowledge and judgement with quantitative models is a current practice to alleviate the issues of uncertainty, knowledge dimension, time dynamics, and the other disadvantages of risk assessment techniques. There is also a need for substantial research and development to obtain adequate modelling and analysis methods to handle different types of systems, such as critical infrastructure.


The next few blogs will incorporate the commonly-used methodologies and techniques deployed in different industries, and recommend a combination of qualitative and quantitative approaches that are most effective in industries, such as mining, construction and manufacturing.

Topics: Risk management, risk methodologies, risk

Subscribe to Email Updates

Recent Posts

Subscribe to OHSEQ updates