Appendix D

Terminology

This appendix summarises some risk analysis and management terminology used in the book. Reference is made to Aven (2011e), which discusses key terms based on the ISO standard on risk terminology (ISO 2009a,b).

  1. 1. Aleatory uncertainty

    Variation of quantities in a population

  2. 2. Consequence

    Outcome of an event

    When referring to the consequences of an activity, a broader definition is adopted, covering all types of events and outcomes associated with the activity.

  3. 3. Event

    Occurrence of a particular set of circumstances

  4. 4. Frequentist probability

    A frequentist probability b04-math-0001 equals the fraction of times the event b04-math-0002 occurs when the situation considered can be repeated over and over again under similar conditions

    A frequentist probability is a model concept, a parameter of a probability model.

  5. 5. Interested party

    Person or group having an interest in the performance of an organisation

    Examples are customers, owners, employees, suppliers, bankers, unions, partners or society.

    A group may be an organisation, part of an organisation or more than one organisation.

  6. 6. Probability (subjective probability, knowledge-based probability or a judgmental probability)

    A subjective measure of uncertainty of an event The probability is interpreted with reference to an uncertainty standard, for example, an urn: if the assessor assigns a probability of an event A equal to say 0.1, it means that the assessor compares his/her uncertainty (degree of belief) about the occurrence of the event b04-math-0003 with drawing at random a specific ball from an urn that contains 10 balls.

  7. 7. Risk

    The two-dimensional combination of consequences (of the activity considered) and the associated uncertainties (what will be the consequences of the activity?)

  8. 8. Risk acceptance

    A decision to accept the risk

  9. 9. Risk acceptance criterion

    A reference by which risk is assessed to be acceptable or unacceptable

  10. 10. Risk analysis

    Systematic use of information and knowledge to identify sources, identify their causes and consequences and describe risk

    Risk analysis provides a basis for risk evaluation, risk treatment and risk acceptance. Information can include historical data, theoretical analysis, informed opinions and concerns of stakeholders.

  11. 11. Risk assessment

    Overall process of risk analysis and risk evaluation

  12. 12. Risk criteria

    Terms of reference against which the significance of the risk is assessed

  13. 13. Risk evaluation

    Process of comparing risk against given risk criteria to determine the significance of the risk

    Risk evaluation may be used to assist the decision-making process.

  14. 14. Risk management

    Coordinated activities to direct and control an organisation with regard to risk

    Risk management typically includes risk assessment, risk treatment, risk acceptance and risk communication.

  15. 15. Risk treatment

    Process to modify risk

  16. 16. Source (risk source)

    Element which alone or in combination has the intrinsic potential to give rise to a consequence

    The “consequence” focused is typically an undesirable outcome. A source in a safety context could be a hazard and in a security context a threat.

  17. 17. Source identification

    Process to find, list and characterise sources

    In the safety literature, source identification is called hazard identification.

  18. 18. Stakeholder

    Person or organisation that can be affected by, or perceive themselves to be affected by a decision or activity

    A decision-maker can be stakeholder. The term “stakeholder” includes but has a broader meaning than “interested party”.

  19. 19. Uncertainty about something

    Not knowing this something, where “something” refers to the true value of a quantity or the true future consequences of an activity

  20. 20. Uncertainty description

    A measure of the uncertainty and associated background knowledge

  21. 21. Vulnerability

    The two-dimensional combination of the consequences (of the activity considered) and associated uncertainties (what will be the consequences of the activity?) given an initiating event (or a risk source).

D.1 Risk management: Relationships between key terms

  • Risk assessment
    1. — Risk analysis
      • Source identification
      • Cause analysis
      • Consequence analysis
      • Risk description
    2. — Risk evaluation
  • Risk treatment
    1. — Risk avoidance
    2. — Risk optimisation
    3. — Risk transfer
    4. — Risk retention
  • Risk acceptance
  • Risk communication