Risk assessment is the determination of quantitative or qualitative value of risk related to a concrete situation and a recognized threat. Quantitative risk assessment requires calculations of two components of risk: the magnitude of the potential loss, and the probability that the loss will occur. Acceptable risk is a risk that is understood and tolerated usually because the cost or difficulty of implementing an effective countermeasure for the associated vulnerability exceeds the expectation of loss.
In all types of engineering of complex systems sophisticated risk assessments are often made within Safety engineering and Reliability engineering when it concerns threats to life, environment or machine functioning. The nuclear, aerospace, oil, rail and military industries have a long history of dealing with risk assessment. Also, medical, hospital, social service and food industries control risks and perform risk assessments on a continual basis. Methods for assessment of risk may differ between industries and whether it pertains to general financial decisions or environmental, ecological, or public health risk assessment.
Historically, businesses have viewed risk as a necessary evil that should be minimized or mitigated whenever possible. In recent years, increased regulatory requirements have forced businesses to expand significant resources to address risk, and shareholders in turn have begun to scrutinize whether businesses had the right controls in place. The increased demand for transparency around risk has not always been met or met in a timely manner, however—as evidenced by the financial market crisis, where the poor quality of underlying assets significantly impacted the value of investments. In the current global economic environment, identifying, managing, and exploiting risk across an organization has become increasingly important to the success and longevity of any business.
Risk assessment provides a mechanism for identifying which risks represent opportunities and which represent potential pitfalls. Done right, a risk assessment gives organizations a clear view of variables to which they may be exposed, whether internal or external, retrospective or forward-looking. A good assessment is anchored in the organization’s defined risk appetite and tolerance, and provides a basis for determining risk responses. A robust risk assessment process, applied consistently throughout the organization, empowers management to better identify, evaluate, and exploit the right risks for their business, all while maintaining the appropriate controls to ensure effective and efficient operations and regulatory compliance.
Organizations that vigorously interpret the results of their risk assessment process set a foundation for establishing an effective enterprise risk management (ERM) program and are better positioned to capitalize on opportunities as they arise. In the long run, this capability will help steer a business towards measurable, lasting success in today's ever-changing business environment.