Risk Assessment

Author: Joe H., Inflow Engineer

Pop quiz time: which animal is more dangerous to people, a shark or a cow? I’m willing to be most people would say that sharks are obviously more dangerous than cows, after all, one is an apex predator with some impressive jaws, and one is a potential hamburger. If you were one of these people, I’m sorry to say that you’re wrong. If you’re asking why I would say that, then you’re ready to dig into the subject of risk assessment.

Risk assessment is a form of analysis that determines the impact of things going wrong in a given situation. It’s a discipline that is used in a variety of industries, from healthcare to project management to systems engineering, but the basics are the same regardless of the application. First, you make a list of potential negative outcomes, how likely each one is to occur, and how serious the consequences are for each outcome. For each outcome you will multiply the likelihood of occurrence by the potential impact to get a risk value. You can add all these risks together to get an overall risk value for whatever it is you’re analyzing.

The wonderful thing about this approach to risk assessment is that it allows you to compare high impact, low likelihood risks with low impact, high likelihood risks, and every combination in between on one scale. This can be presented in different ways depending on what you’re analyzing. For example, if you’re looking at investment risks, your risk assessment will be a dollar value, whereas a risk assessment for a medical procedure might be presented in terms of deaths per million. As an engineer, I tend to use a matrix to provide a quick overview of each risk, in addition to doing an actual calculation of the total risk. Since engineers often make design choices based between multiple options, being able to quickly look at the risks of each choice is extremely useful. The other reason that I prefer a matrix approach is that it’s generic enough to be applicable to many situations, and it works extremely well in situations where you’re faced with several options and need to choose between them based on the risk of each choice. It’s not always appropriate, but it lends itself well to many situations and can be understood at a glance.

Now that we’ve covered the basic concepts behind risk assessment, let’s take another look at our cow versus shark example. The risk we’re looking at here is “being killed” so the impact of the risk from a cow are the same as the impact of the risk from a shark. Now we need the likelihood of being killed by each animal. This step of defining the impacts and likelihoods is actually the most challenging part of risk assessment and can require research or industry knowledge to get correct. In this case, I am not an expert in animal attacks, so we’re going to do some research.

According to a CDC report on cattle-related deaths in Iowa, Kansas, Missouri, and Nebraska from 2003 to 2007, twenty-one people were killed by cows. Since the population of those four states is approximately 14 million, we can estimate that the odds of being killed by a cow are around 1 in 700 thousand. In comparison, from 2005 (the earliest year I could find good statistics) to 2009, a total of twenty people were killed by sharks globally, or 1 in 350 million. Since the impact of each of these events is the same, we can do a direct comparison of the two rates and determine that you are approximately 500 times more likely to be killed by a cow than by a shark. We could do a similar calculation for the likelihood of being injured in an attack instead of being killed. I’ll leave it to you as an exercise if you care to do so, but again sharks are significantly less likely to attack people than cows. 

I choose this example because it highlights the power of good risk assessment, which is the ability to remove biases from your analysis. No matter how scary someone thinks a shark is, it’s very hard to argue that being killed by a shark is more likely than being killed by a cow. Risk assessment forces you to explicitly address the questions “how bad could it be?” and “what are the odds?” and therefore allows you to catch mistakes that you might not have even known you were making. I’ve put together a basic risk assessment toolkit which you can download here. I encourage you to experiment with it using some real world examples to get a better sense of how this type of approach can be applied to your daily work processes. In our next post, we’re going to examine the concept of “acceptable risk” and look at ways to use risk assessment to guide your decision making processes, so be sure to check back for the second post on this topic.

-Joe H., Inflow Engineer

[1] http://www.cdc.gov/mmwr/preview/mmwrhtml/mm5829a2.htm

[2] http://www.flmnh.ufl.edu/fish/sharks/statistics/statsw.htm


At Inflow we solve complex terror and criminal issues for the United States Government and their partners, by providing high quality and innovative solutions at the right price through the cultivation of a corporate culture dedicated to being #1 in employee and customer engagement. We Make it Matter, by putting people first! If you are interested in working for Inflow or partnering with us on future projects, contact us here