Content uploaded by Mobayode O. Akinsolu
Author content
All content in this area was uploaded by Mobayode O. Akinsolu on Nov 14, 2016
Content may be subject to copyright.
Business, Enterprise and Practice 12th Research Seminar Series Workshop
School of Engineering, Design and Technology
University of Bradford
-48-
The Role of Risk Assessment in Engineering Practice
Mobayode Olusola Akinsolu
School of Engineering, Design and Technology
University of Bradford
Abstract-This paper examines the central role of risk
assessment as a vital routine in Engineering Practice. Risk
assessment is the determination of the measure and value of
risk related to an existing situation and a known threat.
Engineering Practice involves the application of the
principles of physical and social sciences to the design,
development and implementation of projects, programmes
and policies, which have important implications in the
cultural and ethical traditions of various host communities.
These projects, programmes and policies can be faced with
the constraints of scope, cost, time and quality. There is,
therefore, the need for a thorough iterative conduct of risk
assessment at the design, planning, monitoring and
execution stages of engineering projects, programmes and
policies.
All through history and in recent times, many lives have
been lost, properties destroyed and insolvencies have been
created in numerous engineering organisations owing to
failed projects, programmes and policies that led to
avoidable disasters. If only risk assessment had been
routinely utilised in the design, development and
implementation of these projects, programmes and policies,
likely loss or injury to people and properties would have
been identified, analysed, qualified, quantified and mitigated
if not totally eliminated.
Keywords: Engineering, Risk, Risk Assessment
I. INTRODUCTION
Owing to complexity in structure and nature,
engineering practice has been described to be fickle,
unpredictable, volatile and fraught with risks [1]. Many
professional bodies such as International Organisation for
Standardisation (ISO), Committee of Sponsoring
Organisations of the Treadway Commission (COSO) and
Project Management Institute (PMI) have identified risk
assessment to be a specialised process embedded in the
framework of good management practice [2], [3], [4].
Risk assessment is not only considered as a managerial
procedure, but it is also viewed as a crucial independent
discipline in engineering. While this proves to be true, the
Royal Academy of Engineering generated a clearer
synopsis of risk assessment being a process and a
discipline in the second in a series of reports on managing
engineering risks produced by working groups of
professionals [5].
Of course, recent times have experienced increased
attention and focus on risk assessment. It has become
increasingly clear that the need for a holistic framework
to effectively identify, assess, and efficiently manage risk
is a crux in the practice of engineering. Though risk
assessment has always been associated with mathematical
models and analytical tools, a qualitative approach was
underscored by PMI. PMI studied and showcased the
quantitative, semi-quantitative and qualitative attributes
of risks. This progressive study portrayed the wholeness
and objectivity of risk assessment in the implementation
of engineering policies, programmes and projects. [4]
It is good to note that risk assessment is not limited to
the theory and practice of engineering. It has a foothold in
medical, hospital, food, chemical and bio-medical
industries. However, it is often carried out in a more
complex way in the disciplines of Risk Engineering,
Safety Engineering and Reliability Engineering where
threats to life, environment and machine functioning are
ascertained and dealt with. One major task risk
assessment performs in engineering practice is the
measurement and assignment of values to the two
variables that revolve round engineering risks –
probability of occurrence and potential consequence or
impact. [6]
This paper examines the concept of risk in engineering
and its definition in the first two sections. An overview of
risk assessment process, tools and techniques and the
organisational perspectives for the conduct of risk
assessment are depicted in the subsequent sections. On
the whole, the benefits, opportunities and challenges
associated with an effective and efficient conduct of risk
assessment in engineering practice are highlighted and
discussed.
II. THE CONCEPT OF RISK IN ENGINEERING
In engineering practice, risk is the tendency that a
chosen line of action and or the choice of inaction will
lead to a deviation from a desired outcome or result. In
other words, risk in engineering practice arises as a result
of uncertainties in the environment, security, cost, quality
and timeframe of engineering policies, programmes and
projects. Therefore it can be said that an essential element
of risk in engineering practice is uncertainty – the fact
that engineers can’t tell exactly the failures that may
likely occur, when, where and how the failures will occur
[7]. Evidently, these uncertainties prove the probabilistic
nature of engineering risks. The concept of risk in
engineering practice further combines the chance for
failures with the consequences caused by the failures.
Therefore, the assessment of risk in engineering practice
involves both probabilities and consequences. This
relationship can be represented mathematically in
equation (1) below.
R = ƒ (Pm, Cm) (1)
Where R is the risk linked with event ‘m’, Pm is the
probability of event ‘m’ occurring and Cm is the
consequence of event ‘m’ occurring. The above
mathematical representation depicts that risk is a direct
function of the probability of an event occurring and the
consequence associated with the occurrence of such event
[7].
12th Research Seminar Series Workshop Business, Enterprise and Practice
School of Engineering, Design and Technology
University of Bradford
-49-
At the risk of repetition, the development and
implementation of engineering policies, programmes and
projects is subject to constraints. These constraints have
associated levels of uncertainties which depict risks from
a theoretical point of view. Thus, the scope of risk
assessment represents a range within which these risks
are controlled and kept at a greater confidence level
acceptable in good engineering practice. Fig. 1 shows the
quintuple constraints and their associated level of
uncertainties that present risks in engineering practice.
Where K and K+1 phase lines depict the
implementation progress, they also represent the balanced
state of policies, programmes and projects development.
Resulting from a thorough conduct of risk assessment, the
status quo of implementation at a subsequent phase is
presented as risk lines, and the sections between each two
risk lines show the state an engineering task can achieve
in the face of risks. As exemplified in fig. 1 the shaded
area is called risk status area. [8]
III. DEFINITION OF RISK ASSESSMENT
Risks constitute a part of all efforts in engineering
practice. This is why a thorough understanding of risks,
its cause and impacts is pertinent for success in
engineering practice. Risk assessment is not an add-on to
mainstream operating activities in the development and
implementation of engineering tasks. Rather, it is an
iterative process that must be continuously employed and
embedded in ongoing functions and operations in
engineering practice [5]. Fig. 2 shows an iterative
structure following a sequential order in the conduct of
risk assessment. It will be observed that it is the review
stage captured in the decision (diamond) block that
triggers the iteration in this approach to risk assessment.
Though there are no simple rules for determining which
algorithm should be used in a given situation, Fig. 2
provides an approach to a well structured conduct of risk
assessment [9].
The discipline of risk assessment primarily focuses
upon the qualification and quantification of the risks
related to a spectrum of negative consequences in general
practice. However, risk engineering as a subject addresses
the broader topic that includes the positive as well as
negative consequences [7]. As slightly addressed in the
introduction, risk assessment used to be a measure of only
the quantitative value of risks, but critics expressed
concerns that this approach to risk assessment tends to be
overly quantitative and reductive. They argued that risk
assessments ignored qualitative differences among risks
by dropping out important non-quantifiable information
[6]. However, risk assessment currently involves a
holistic study of risks in which assumptions and
uncertainties are clearly defined, identified, considered
and presented in their qualitative, semi-quantitative and
quantitative measures [4].
IV. OVERVIEW OF RISK ASSESSMENT PROCESS, TOOLS
AND TECHNIQUES
In a view to highlight the definitive role of risk
assessment in engineering practice, a tabulated summary
of the process stages, tools and techniques that can be
employed for the effective and efficient conduct of risk
assessment in any engineering context is given in table 1.
The process stages have been defined to be iterative as
indicated in fig. 2. Table 1 is a guide developed for a
standard conduct of risk assessment by the Office of
Government Commerce (OGC), United Kingdom [9].
Obviously, there are no simple rules for determining
which tool and technique should be used in a given
situation while carrying out risk assessment. Nonetheless,
the tools and techniques associated with the process
stages of risk assessment must be utilised appropriately
and religiously. While there are many more tools and
techniques available for the good conduct of risk
assessment not listed in the summary given in table 1, the
table in itself provides a workable framework in
evaluating approaches to assessing risks in the
development and implementation of policies,
Fig. 1 Quintuple Constraints and Associated Risks [8]
Fig. 2 Process Stages involved in the Conduct of Risk Assessment
Risk Description
Risk Identification
Risk Estimation
Risk Evaluation
Risk Response Plan
Implementation and Closure
Review
Business, Enterprise and Practice 12th Research Seminar Series Workshop
School of Engineering, Design and Technology
University of Bradford
-50-
programmes and projects in engineering practice. Owing
to the scope of this paper, table 1 will not be discussed.
However, a full description of the risk assessment
process, tools and techniques is given in the available
guide developed by OGC for Risk Management. [9], [10]
V. RISK ASSESSMENT AND ORGANISATIONAL
PERSPECTIVES
As stated earlier, engineering practice is characterised
with a very strong matrix of functions and operations.
These functions and operations are clearly stated,
sometimes described in organisational charts. Though
organisational charts present a well structured view of an
organisation, the complexity of functionalities which
varies within the organisation leaves a labyrinth.
However, four clear perspectives with associated degrees
of risks are always present at various levels within every
engineering organisation. These perspectives provide the
basis for estimating and evaluating the consequence and
likelihood of risks within the organisation. These
perspectives are discussed as follows:
A. Policy Perspective
This is an organisational perspective that is concerned
with ensuring overall business success, vitality and
viability. It acts by creating a platform for the assessment
of risks across all the tiers of the organisation and plays a
key role in the execution, development and
implementation of remediation. The policy perspective
also establishes a chain of communication between all
other organisational perspectives. Typical areas of risks
within the policy perspective are competition, acquisition,
legislation or regulation and reputation. All engineering
organisations are faced with uncertainties arising from
more or less competition, acquisitions of skill
development, emergence of new technologies and
mergers, changes to legislations or regulations having
financial impact and disasters (fire, flood, acts of
terrorism and subsidence) that affects reputation. [9], [11]
B. Programme Perspective
Programme perspective is contextual with the
alignment of groups of related projects to the
organisation’s business strategy. It outlines the
management of these projects in a coordinated way to
obtain optimal benefits and maximum control.
Programme perspective sets the course for the assessment
of risks within the organisational programmes, projects
and operational activities that constitute the various
programmes. In other words, the programme perspective
tells on the project perspective, operational perspective
and vice versa. [1], [9]
C. Project Perspective
As the name implies, project perspective sets the scene
for the assessment of risks within concerns associated
with delivering defined outputs to an appropriate level of
quality within agreed scope, time and cost constraints. In
other words, it is the nucleus for identification and
estimation of the risk factors associated with the delivery
of a project. It puts into consideration such things as
stakeholders, dependencies, timelines, cost, and other key
considerations. Typical areas of risk within the project
perspective are requirements, deliverables, skills,
resources and quality. [4], [9]
D. Operational Perspective
Project managers and coordinators have always argued
that operational perspective within the organisation
should be streamlined to the project perspective. While
this may be good and functional in certain contexts, it
will be illogical since projects are temporary endeavours
limited by resources and time. Depictions of the various
lines of authority in every enterprise proves operational
perspective to be a core in the conduct of all business
activities, that is, operational perspective is wider than
project perspective. It is premised on the daily
maintenance improvement and correction of appropriate
levels of business services to customers and the general
public. Operational perspective sets the scene for the
assessment of risks within particular operational and
functional areas in the organisation. [1], [9], [12]
Effective and efficient risk assessment ought to begin
and end with specific business objectives anchored in
Process Stage Tools and Techniques
Identification –
Context
Stakeholder analysis
PESTLE analysis
SWOT analysis
Horizon scanning
Defining the probability impact matrix
Identification –
Risks
Historical information
Prompt list
Cause and effect diagrams
Grouping techniques, including
brainstorming, nominal group technique
and Delphi technique
Questionnaires
Individual interviews
Assumptions analysis
Constraints analysis
Risk Descriptions
Estimation
Probability assessment
Impact assessment
Proximity assessment
Expected value assessment
Evaluation
Summary risk profiles
Summary expected value assessment
Probabilistic risk models
Probability trees
Sensitivity analysis
Response Plan
Risk Response Planning
Cost-benefit analysis
Decision trees
Review Management meetings
Internal and External auditing
Implementation and
Closure
Update summary risk profiles
Risk Exposure trends
Update probabilistic models
TAB LE 1
RISK ASSESSMENT PROCESS STAGES AND THE CORRESPONDING
TOOLS AND TECHNIQUES [10]
12th Research Seminar Series Workshop Business, Enterprise and Practice
School of Engineering, Design and Technology
University of Bradford
-51-
beneficial perspectives defined by management. Based on
the clear interrelationships that exist between the different
organisational perspectives and their associated risks, a
thorough understanding and assessment of the risks
associated with the perspectives of every engineering
organisation is imperative for progress and success. Fig. 3
is a modified diagrammatic representation of
interrelationships between organisational perspectives
developed by the Office of Government Commerce
(OGC), United Kingdom for the assessment of risk. [9]
VI. BENEFITS AND OPPORTUNITIES
Using Fig. 4 Yunna Wu, Yong Huang and Kai Xiong
established that increased investment in risk assessment
will result to a clear decrease in the measure of
uncertainties and risks generated by constraints inherent
in the development and implementation of engineering
policies, programmes and projects. They also suggested
that since the proper conduct of risk assessment
juxtaposes historical information and real-time
information in every engineering organisation, a good
risk assessment will always reflect the organisation’s
status quo objectively creating a basis for improvement.
In other words, the more time, attention and cost an
organisation channels towards the proper conduct of risk
assessment, the more likely the organisation will thrive in
the face of uncertainties and risks. [8]
In Fig. 4, the shaded portion signifies risk losses at
matching investment level. RCO depicts the least
investment cost. L-k and L+k denote the scope of risk
threats and losses (L+k are losses with benefit possibility).
[8]
PricewaterhouseCoopers (PwC) and OGC both
identified risk assessment as the only applicable and
practical tool that can be used to measure an
organisation’s ability to achieve its objectives. They also
suggested that risk assessment forms the cornerstone of
effective and efficient management programmes by
providing a clear guidance to the organisation in making
informed decisions. Suffice it to say that risk assessment
ensures the alignment and achievement of organisational
objectives by facilitating continual improvement and
reducing negative surprises within the various
perspectives of the organisation. [1], [9]
VII. CHALLENGES AND CONCLUSION
The proper conduct of risk assessment in engineering
practice is capital intensive and many organisations are
not willing to invest in it. Nitin Nayak and Rama
Akkiraju of IBM agreed jointly that lack of expertise,
bureaucracy and data access restrictions are also some of
the many challenges in the conduct of risk assessment in
organisations. They inferred based on their personal
experiences and observations that the limitation of risks
and risk assessment to functional silos such as
production, supply and finance within organisations poses
to a challenge. [13]
No doubt, the benefits and opportunities of risk
assessment in the development and implementation of
engineering policies, programmes and projects outweigh
the challenges. Though risk assessment roles have been
well identified in engineering practice through workable
integrated frameworks, much authority and attention still
needs to be delegated and devoted to the conduct of risk
assessment across all organisational perspectives.
Cogently, a more holistic and definitive role still needs to
be given to risk assessment in the executive and
functional helms of every goal driven engineering
organisation.
REFERENCES
[1] PricewaterhouseCoopers (PwC) LLP, (2008, December) A
Practical Guide to Risk Assessment*. [Online]. Available:
http://www.pwc.com/en_us/us/issues/enterprise-risk-
management/assets/risk_assessment_guide.pdf [Accessed:
02February, 2013].
Fig. 4 Plot of Risk Assessment Investment against Risk Threats and
Losses [8]
Policy Perspective -
Risks
Programme
Perspective -Risks
Operational
Perspective -Risks
Project Perspective -
Risks
Fig. 3 Interrelationships between different Organisational
Perspectives [9]
Business, Enterprise and Practice 12th Research Seminar Series Workshop
School of Engineering, Design and Technology
University of Bradford
-52-
[2] Louis Kunimatsu, (2011, October) Risk Management Basics – ISO
31000 Standard. [Online]. Available:
http://www.secureworldexpo.com/2011/detroit/Louis_Kunimatsu.p
df [Accessed: 03 February, 2013].
[3] The Committee of Sponsoring Organizations of the Treadway
Commission, (2004, September) Enterprise Risk Management —
Integrated Framework [Online]. Available:
http://www.coso.org/documents/coso_erm_executivesummary.pdf
[Accessed: 03 February, 2013].
[4] Project Management Institute, “A Guide to the Project
Management Body of Knowledge” 4th Ed. Pennsylvania, Project
Management Institute, Inc., 2008.
[5] The Royal Academy of Engineering, (2003) Common
Methodologies for Risk Assessment & Management [Online].
Available:
http://www.raeng.org.uk/news/publications/list/reports/Common_M
ethodologies_for_Risk_Assessment.pdf [Accessed: February,
2013].
[6] Wikimedia Foundation Inc. (2013, February, 22) Risk assessment.
[Online]. Available: http://en.wikipedia.org/wiki/Risk_assessment
[Accessed 03 Feb, 2013].
[7] J. X. Wang and M. L. Roush, What Every Engineer Should Know
About Risk Engineering and Management, W. H. Middendorf, New
York: Marcel Dekker, Inc. 2000.
[8] T. Wu, Y. Huang and K. Xiong, “Research on Risk Management
Gains of Construction Project Based on the Goal Orientation
Perspective.” Presented at IEEE International Conference on
Quality and Reliability (ICQR), 2011. [Online]. pp. Available:
IEEEXplore, DOI: 10.1109/ICQR.2011.6031746 [Accessed:02
March, 2013]
[9] Office of Government Commerce (OGC), Management of Risk:
Guidance for Practitioners, 3rd Ed. London, TSO (The Stationery
Office), 2010.
[10] E. H. Conrow, Effective Risk Management: Some Keys to Success,
2nd Ed. Virginnia, American Institute of Aeronautics and
Astronautics, Inc. 2003.
[11] SANS Institute (2006) Risk Assessment Policy. [Online]. Available:
http://www.sans.org/security-
resources/policies/Risk_Assessment_Policy.pdf [Accessed 09
February, 2013]
[12] K. Heldman, Project Management Professional Exam Study Guide,
5th Ed. Canada, Wiley Publishing, Inc., 2009.
[13] N. Nayak and R. Akirraju, “Knowledge Driven Enterprise Risk
Management.” Presented at Service Research and Innovation
Institute Global Conference, 2012. [Online] pp.564-573. Available:
IEEEXplore, DOI: 10.1109/SRII.2012.69 [Accessed: 02 March,
2013]