A Formalised Approach to the Management of Risk: A Conceptual Framework and Ontology

Background

The consideration of risk is a day-to-day phenomenon used by individuals and Small to Medium Enterprises (SMEs) as well as large national, multinational and global organisations. Although in many instances risks may be 'mitigated' this does not mean that all complex issues have been well understood.

Risk management proposes to be a solution to understanding and removing the worry associated with issues which may arise in the future. As a discipline it has existed since the 1960s, emerging from an historic need and desire to insure. From the 1980s clear reference can be made to a process for risk management which has remained relatively unchanged.

There are many tools available to assist in the modelling of complex systems. Modelling allows simplification of the system to allow the complexity to be understood or at least to aid the recognition that there is a complex issue. These tools vary from high level business strategy identification to Failure Modes and Effects Analysis (FMEA) examining the detail associated with failures of components in a system.

Many industries recognise the need for risk management. The UK railway industry for example has a defined and documented regime for addressing risk. This regime is documented and controlled through the use of standards such as EN 50126 (1999). It introduces risk as a safety concept which can be seen to run throughout a project lifecycle. However many industries have not recognised either the importance of formalising risk management and the surrounding issues or that the technology they are working with has associated risk. This lack of recognition may have legal, personal and technological impact.

Context and Scope

Observations made whilst working with aerospace, rail, defence and government organisations have shown a number of issues with the implementation of current risk management best practice. In some cases these issues arise due to a lack of willingness to carry out thorough risk management or to react when risks are revealed. However in many cases these managerial issues are compounded by fundamental issues of complexity and lack of pragmatism associated with the risk management process. Inhibiting the resolutions of many of these issues is the lack of understanding and agreement on terminology used to describe and discuss risk. As a result, the word ‘risk’ means something different almost every time it is used.

The aim of the paper is to propose a conceptual framework and an ontology enabling a fundamental simplification of the risk management and an improved understanding of the associated terminology. The outcome of this work is a formalised but pragmatic approach to risk management, which emphasises the understanding of people and their environment as part of risk management.

The paper introduces generic risk management frameworks, standards and terminology, providing a critical analysis of the risk terminology and definitions. Next, a conceptual framework and an associated ontology is proposed, followed by a conclusion.