Risk Analysis; How To And Why

Written by Evita Vecozola

September 20, 2021

I remember when I studied about this at the university and I overheard a conversation between some of my classmates, talking how they didn’t see the point of learning about risk analysis. They assumed it was not something people would use within a company since they hadn’t heard of it before. You know how young students can be… Said the newest employee of Cobraid, who is still in her studies.

I didn’t agree with them then and I still don’t after working within companies for a while now.

Risk analysis has a wide variety of uses and can help businesses remove potential risk and become more successful. Learning the proper way to conduct these analyses can help your business identify trends in its processes and be more efficient and proactive. Being able to identify and potentially prevent risks from becoming threats can help save the company from the uncertain!

In this article, I am going discuss what a risk analysis is, address why businesses perform them and give a list of risk analysis methods. Grab a coffee, you are in for a ride!

What is risk analysis?

Risk assessment enables corporations, governments, and investors to assess the probability that an adverse event might negatively impact a business, economy, project, or investment.  Assessing risk is essential for determining how worthwhile a specific project or investment is and the best process(es) to mitigate those risks. Risk analysis provides different approaches that can be used to assess the risk and reward tradeoff of a potential investment opportunity.

In other words- do this to always stay prepared. Risk analysis = less money and time wasted.



Cobraid-Risk Analysis

1: Qualitative Risk Assessment

The qualitative risk assessment is the most common form of risk assessment. You will often see this type of risk assessment in workplaces. It is based on the personal judgement and expertise of the assessor. They will often use their own experience as well as consult with others carrying out the activity.

Any health and safety risk assessment will start with a simple qualitative assessment. In a qualitative risk assessment, the assessor will categorize risk into levels, usually high, medium, or low.

For example, the assessor  may look at the risk of somebody being injured, and set the risk of it happening to ether high, medium, or low. Just like any other type of risk assessment, any high risks will need to be addressed as a priority. Low-level risks can be looked at later or might not need further action to be taken.

For data to be suitable for quantitative risk analysis, it must have been studied for a long period of time or to have been observed in multiple situations. For example, in the past five projects, equipment type A has broken down after 7 hours of use. With this information, it can be assumed that if a project requires workers to use equipment type A for 8 hours, then it has a 100% chance of breaking down.

Let me put this in a formula: Risk = Severity x Likelihood

Just because a qualitative risk assessment doesn’t need to involve numbers, the risk is still calculated by the severity of harm x likelihood of harm. Qualitative risk assessment involves making a formal judgement on the consequence (severity) and probability (likelihood).

2: Dynamic Risk Analysis

A dynamic risk assessment is a process of assessing risk in an on-the-spot situation. This type of risk assessment is often used to cope with unknown risks and handling uncertainty. It might be used by the emergency services, or care workers for example, who need to deal with developing and changing situations. These types of environments need to be continually assessed. If there are significant changes, is the original risk assessment still valid? Should you try to deal with the situation? Is it safe to continue? And so on.

It is not always possible to prepare for every risk or hazard. A written risk assessment should assess the level of ‘unknown’ risks. Where a certain element of dynamic risk analysis is required, workers need to have the skills and awareness to recognize and deal with danger.

For example, if a lone worker feels uneasy about a situation, there should be a process in place to get help. Or action that can be taken, like emergency procedures, if things go wrong. Rather than relying on the assessor’s judgement, a dynamic risk assessment relies on the worker’s judgement. They take on the role of the risk assessor at that moment.

Where there are dynamic elements to a risk assessment, workers need to have the confidence and judgement to know when it is not safe to proceed. Extra training will help to develop these skills, particularly with lone workers who might not have anyone close by to ask for advice.

3: Quantitative Risk Assessment-QRA

A Quantitative Risk Assessment (QRA) is a formal and systematic risk analysis approach to quantifying the risks associated with the operation of an engineering process. A QRA is an essential tool to support the understanding of exposure of risk to employees, primarily focusing on the environment, company assets and its reputation. A QRA also helps to make cost effective decisions and manages the risks for the entire asset lifecycle.

Quantitative Risk Assessment – QRA



 Objectives for a QRA study

Some of the aspects of this analysis type might be oriented more towards the office managers; hence it is more focused on physical hazards and safety of the workers. If you are a project leader, with no direct responsibility over workspace hazards, this analysis might not be the most necessary within your project analysis process. Yet it doesn’t hurt to consider these risks when presenting the project to your team.

4: Generic Risk Analysis

Generic risk assessments assess the hazards and risks involved in work tasks and activities. They can be used in different locations and by different companies for activities that are the same/similar, so they’re often used as risk-assessment templates. This allows you to reduce duplication in your risk-management processes.  The template of generic risk assessment might look something like this

However, when using a generic risk assessment, it’s important to note that every workplace and activity will be slightly different, and any differences can affect the accuracy and relevancy of these risk assessments. To ensure generic assessments are relevant and that they’re going to be effective at illumining risks, you need to review them and adjust or update them accordingly.

Examples of generic risks might be such as: bankruptcy of suppliers or clients, brand fatigue, client attrition, overpassing the set deadlines, loss in funds, and so on. 

5: Site-Specific Risk Analysis

When hazards are potentially present on a site or are known through previous mapping efforts, the community should require a site-specific risk assessment. This type of assessment requires a qualified professional with specialized knowledge of the particular hazard. The appropriate professional (e.g., geotechnical specialist, civil engineer, wildfire mitigation specialist, certified forester, and certified floodplain manager) will consider existing state and/or local hazard maps. They also might look into prior evidence of hazard history; on-site features (topography, soils, forests, water channels) to determine risk level of the proposed development.

When applicable, communities may have a specific assessment form that is used to rate the risk. This information will typically be compiled into a site-specific risk mitigation plan. For that you will need specific mitigation actions to be performed prior to the approval of the application, or the development permit. This may include recommendations or requirements to adjust the land use, alter construction and building design to minimize the degree of risk. This information will be provided to the developer, contractors, and/or property owner. It may be included in the planner’s staff report for the planning commission or governing body. If you wonder how such analysis might look you can download a template here.

Ultimately, the purpose of a site-specific risk analysis is to identify hazards, determine a path for hazard mitigation, increase public safety, and reduce the threat of future property damage or loss of life. Doesn’t that sound jolly?

Remember, whatever risk-assessment process you adopt, it is always advisable to engage with your workforce when completing risk assessment. They may know of the workable solutions needed to complete tasks safely.


Quick HOW-TO

Are you here just for a quick -how to-? No judgment, I got you. Here’s a super short summary of how to do risk analysis.

Cobraid- Risk analysis

In conclusion

Doing risk analysis is crucial to your company and there’s no one way of doing it. Different aspects call for different type of risk assessment. Today I have told you a lot about them and why you should implement them in your company, but please believe me-there is so much more to be said on this subject. There are different approaches to the risks and solution finding methods but let’s leave that for later. Perhaps I should write a good thick book on this subject. What do you think?

You May Also Like…

Pitfalls of DORA Metrics

Pitfalls of DORA Metrics

Let's delve further into DORA Metrics! In our previous discussion, I introduced you to the fundamentals, but there's...

What Are DORA Metrics?

What Are DORA Metrics?

Companies requires to react faster to changing customer needs but on the other hand, deliver stable services to their...