A risk assessment is a method you use to rank the risk of safety issues. You will commonly perform risk assessments on reported safety issues and other identified hazards. Assessments are integral to helping you establish whether or not a given issue is within an Acceptable Level of Safety.
Risk assessments use a risk matrix to create composite number/letter grades based on:
You will define specific criteria for each level of severity and likelihood on your risk matrix. This process is fairly straightforward, but where it gets messy during actual risk assessments is when an issue fulfills criteria for multiple levels of severity.
How are you to know which assessment level is the right one? We will answer this question over the course of this article.
Severity on the risk matrix represents the severity of the most likely consequence of a particular hazard occurrence. In other words, if a hazard occurs and is not mitigated, what is the severity of the most likely problem that will occur? As ICAO says of severity, “the severity…of a hazard’s projected consequence.”
For example, in the event of a hazard “Runway incursion,” the most likely problem that will occur is probably either an Accident or Near Miss. If you determine that an Accident is a most likely probable concern, the severity would be “Catastrophic”. If you determine that Near Miss is the most probable concern, then “Serious” would likely be your severity.
So, when you are defining criteria for severity in your risk matrix, keep in mind that you are defining criteria for most likely safety incidents following a hazard occurrence.
Likelihood on a risk matrix represents the likelihood of the most likely consequence occurring in the event of a hazard occurrence. To put it another way, if a hazard occurs, what are the chances the most likely safety mishap will occur?
To use the example from earlier, in the event of a hazard “Runway incursion,” the most likely problem that will occur is probably an Accident. The likelihood of this occurrence would be fairly low, as many control measures mitigate this problem.
So, when you are defining likelihood in your risk matrix, you should create criteria that define the likelihood of the risk occurrence (not the likelihood of hazard occurrence).
Before you assign severity to an issue, there are a couple of things you need to do first:
Where things become messy is when a negative outcome matches criteria for multiple levels of severity. Consider the example where an issue has:
Which severity should you assign? These situations are where you have to use some good sense and/or consult your regulatory agency to see their preference. Usually, the routes you would take are:
If multiple people had died instead, these details may automatically qualify the severity as Level 5. So much depends on specific details. You need to use oversight guidance and good judgment. What is especially important is that you document your final reasoning for how you used your criteria to assign a severity.
Once again, assigning likelihood to an issue requires a similar process to assigning severity:
Once again, there are no hard lines between “uncommon” and “rare” likelihoods. Ideally, you will have more specific definitions that help to distinguish each level of likelihood in your criteria. Because this is not an exact science, it is extremely important you document why you chose the likelihood that you did based on your analysis of the prevalence of the issue in your company and the industry.
Last updated October 2024.