Courtesy: Risk Assessment service
Public health
In the context of public health, risk assessment is the process of characterizing the nature and likelihood of a harmful effect to individuals or populations from certain human activities. Health risk assessment can be mostly qualitative or can include statistical estimates of probabilities for specific populations. In most countries, the use of specific chemicals or the operations of specific facilities (e.g. power plants, manufacturing plants) is not allowed unless it can be shown that they do not increase the risk of death or illness above a specific threshold. For example, the American Food and Drug Administration (FDA) regulates food safety through risk assessment, while the EFSA does the same in EU.
An occupational risk assessment is an evaluation of how much potential danger a hazard can have to a person in a workplace environment. The assessment takes into account possible scenarios in addition to the probability of their occurrence and the results. The five types of hazards to be aware of are safety (those that can cause injury), chemicals, biological, physical, and ergonomic (those that can cause musculoskeletal disorders). To appropriately access hazards there are two parts that must occur. Firstly, there must be an “exposure assessment” which measures the likelihood of worker contact and the level of contact. Secondly, a “risk characterization” must be made which measures the probability and severity of the possible health risks.
Project management
In project management, risk assessment is an integral part of the risk management plan, studying the probability, the impact, and the effect of every known risk on the project, as well as the corrective action to take should an incident be implied by a risk occur. Of special consideration in this area are the relevant codes of practice that are enforced in the specific jurisdiction. Understanding the regime of regulations that risk management must abide by is integral to formulating safe and compliant risk assessment practices.
Information technology risk assessment can be performed by a qualitative or quantitative approach, following different methodologies. One important difference in risk assessments in information security is modifying the threat model to account for the fact that any adversarial system connected to the Internet has access to threaten any other connected system. Risk assessments may therefore need to be modified to account for the threats from all adversaries, instead of just those with reasonable access as is done in other fields.
NIST Definition: The process of identifying risks to organizational operations (including mission, functions, image, reputation), organizational assets, individuals, other organizations, and the Nation, resulting from the operation of an information system. Part of risk management incorporates threat and vulnerability analyses and considers mitigations provided by security controls planned or in place.
Megaprojects (sometimes also called “major programs”) are extremely large-scale investment projects, typically costing more than US$1 billion per project. They include bridges, tunnels, highways, railways, airports, seaports, power plants, dams, wastewater projects, coastal flood protection, oil and natural gas extraction projects, public buildings, information technology systems, aerospace projects, and defence systems. Megaprojects have been shown to be particularly risky in terms of finance, safety, and social and environmental impacts.