How can you undertake a Risk Analysis?

A risk analysis assesses the hazards that may affect an ITS deployment. Those hazards with the most severe risks should be provided with a mitigation strategy, and each strategy should be assigned to an Owner who is responsible for its implementation.

Risk Analysis is divided into five steps:

  • Identify the hazard  (what might go wrong), be it a financial, technical, organisational, institutional or a requirement hazard;
  • Identify the consequence(s) of each hazard, there may be more than one, and assign a probability  that they will occur, e.g. Low, Medium, High [1];
  • Assign an impact  to each consequence, e.g. Low, Medium, High [1];
  • Categorise the risk  (probability vs. impact) of each consequence, e.g. using a risk graph (see below)

Example Risk Graph N 1024x817 - How can you undertake a Risk Analysis?Example Risk Graph [1]

  • Decide which categories of risk need a mitigation strategy, e.g. all red and orange, and identify the actions that need to be taken to reduce the risk to an acceptable level [1].

The result should be a list of Hazards, with their Mitigation Strategies and Owners

[1] The examples given above are only examples. The number of possible Probabilities and Impacts, as well as the content of the Risk Graph must be approved by a suitable authority. In the case of Safety and Security hazards they may have legal consequences.

Further Reading

See The RAID Study

© 2022 FRAME Forum  ||  AustriaTech

Log in with your credentials

Forgot your details?