What is Risk Assessment and Management?
Risk and uncertainty are fundamental elements of human life,
affecting every aspect of society and world events. They must be managed
effectively to protect people from injury and to allow society to
develop and progress. Today, risk and uncertainty are frequently
magnified in large-scale technological systems. Nations that
successfully address such problems in future product designs, resource
availability, natural forces, market changes, and in
man/machine/software systems will dominate the technological world.
Risk is often defined as a measure of the probability and
severity of adverse effects [Lowrance 1976]. An ever-increasing number
of professionals and managers in industry, government, and academia are
devoting a larger portion of their time and resources to the task of
improving their understanding of risk-based decisionmaking and their
approach to decisionmaking under uncertainty.
Risk management is commonly distinguished from risk assessment, even
though some may use the term risk management to connote the entire
process of risk assessment and management. In risk assessment,
the analyst often attempts to answer the following set of triplet
[Kaplan and Garrick 1981]:
What can go wrong? What is the likelihood that it would go wrong? And,
what are the consequences? Answers to these questions help risk analysts
identify, measure, quantify, and evaluate risks and their consequences
Risk management builds on the risk assessment process by
seeking answers to a second set of three questions
What can be done and what options are available? What are the associated
tradeoffs in terms of all costs, benefits, and risks? And what are the
impacts of current management decisions on future options? To be
effective and meaningful, risk management must be an integral part of
the overall management of a system. This is particularly important in
the management of technological systems, where the failure of the system
can be caused by the failure of the hardware, the software, the
organization, or the human element.
Vulnerability, Threat, and Risk
Definitions of risk are often misleading, particularly when risk is
defined as the "multiplication" of threat and vulnerability. The
following definitions [Haimes 2004, 2006] provide better insight into a
better representation of vulnerability, threat, and risk, which makes
use of the building blocks of mathematical models, state variables.
- Vulnerability is the manifestation of the inherent states
of the system (e.g., physical, technical, organizational, cultural)
that can be exploited to adversely affect (cause harm or damage to)
- Intent is the desire or motivation to attack a target and
cause adverse effects.
- Capability is the ability and capacity to attack a target
and cause adverse effects.
- Threat is the intent and capability to
adversely affect (cause harm or damage to) the system by adversely
changing its states.
- Risk is the result of a threat with adverse effects
to a vulnerable system.
Thus, it is clear that modeling risk as the probability and severity
of adverse effects requires knowledge of the vulnerabilities (intents
and capabilities) and threats to the infrastructure system.
Vulnerability is multifaceted and can be represented only through
If we accept the premise that a system’s vulnerability is a
manifestation of the inherent states of that system, and that each state
is dynamic and changes in response to the inputs and other building
blocks, then two conclusions must ensue [Haimes 2006]:
- The vulnerability of a system is multidimensional, a vector of
state variables describing many facets of the system.
Furthermore, each one of these state variables is not static in its
operations and functionality—its levels of functionality change and
- There are two major considerations for the efficacy of risk
management. One is the ability to control the states of the system.
The second is to reduce the effectiveness of the threat by other
actions that may or may not necessarily change the vulnerability of
the system (i.e., do not necessarily change its state variables).
Modeling Complex Technological and Societal Systems of
Systems Lecture Series:
Fall 2012 through Spring 2014