Often characterized by reference to the potential event and consequences or combination of these
Often expressed in terms of a combination of the consequences of an event (including in changes in circumstances) and the associated likelihood of the occurrence
Hazard, harm and risk
|Enabling state that leads to the possibility of harm||Injury or damage||Probability of harm from a situation triggered by the hazard.|
A hazard is defined in ISO 12100 as “The potential source of harm.” This definition is carried through other ISOs and regulatory guidances. The hazard is what could go wrong, our “What If…”, it is when we start engaging the outcome identification loop to query uncertainty about the future.
Harm are those injuries or damages I should care about.
Every risk assessment is really asking “What could go wrong,” and then answering two questions:
- If it did go wrong how bad is it – the Harm
- And how likely is it to go wrong – Probability.
Risk is then the combination of those things as a magnitude or priority.
Risk assessment tools break down into two major camps. Those that start with the hazards, asking how something can fail; and those that start with the harms, asking what bad things do we want to avoid.