practical skills and applied knowledge in Security, defense, and risk management

 

Risk analysis or risk assessment? 

Solving contradictory language and practices


Risk analysis and assessment are important because if we identify the various things that contribute to the risk then we could control each of these things and raise our security.

Over the last fifteen years, increased awareness of risks and increased attention to security have discredited prior norms of analysis and assessment and suggested a requirement for more attentive risk analysis and
assessment.

Given the increased salience of security and risk, we might expect rapid maturation of their analysis and assessment, but authorities are either surprisingly vague about analysis and assessment, use the terms interchangeably, use terms that are clearly incompatible with the practices, or discourage formal methods of assessment in favor of more intuitive assessment. For instance, the Humanitarian Practice Network defines risk assessment and risk analysis interchangeably, and the Australian/New Zealand standard (since 2009 also the standard issued by the International Organization for Standards) uses "risk analysis" illiterately to mean risk assessment, while using "risk identification" to mean risk analysis.

​Literally, analyzing the risk involves identifying, defining, and bounding the risk and disaggregating the risk from its source to its potential returns. A proper analysis allows us to assess the likelihood of each part of the chain; if we had not assessed the risks, we could hardly imagine either controlling all the actual risks or efficiently choosing the most urgent risks to control. 


​Risk analysis defines the risks ahead of risk assessment (appreciating, estimating, and calculating the risk), which in turn is a practical step towards choosing which negative risks should be controlled and which positive risks should be pursued and how to communicate our risk management. 


Poor analysis and assessment of risk lea
ds to mis-management of risks by, for instance, justifying the allocation of resources to controls on mis-identified sources of risk or on minor risks.Better analysis of risk would not prevent political perversities, but would counter poor analysis. Consider current counter-terrorism strategy, which involves terminating the causes of terrorism. Tracing the causes means careful analysis of the risk through its precursors to its sources. If the analysis is poor, government would end up terminating something that is not actually a source or cause of terrorism.