OPSS risk lexicon
Organisational definitions of terms concerned with risk and risk-related matters.
The complete Risk Lexicon with all the underpinning references for its definitions is available to download below but its main text also follows for convenience:
1. Introduction
This Risk Lexicon has been developed by the OPSS risk group with the aim of facilitating clear dialogue and communication within OPSS on the topic of risk and risk-related matters. Because multiple definitions of ‘risk’ and associated terms such as ‘hazard’ and ‘harm’ exist, it is important that as an organisation OPSS is clear what is meant when such terms are used in discussion, in OPSS documents, etc. Similarly, a risk lexicon helps provide clarity to stakeholders when in dialogue with OPSS on risk-related matters, and when reading relevant OPSS publications.
The definitions used within the lexicon were initially developed via a process of consensus using the Delphi method (expert panel within OPSS) and with reference to published research. This was followed by a second round of consensus via the Delphi method, this time using an expert panel of external academics. Finally, feedback on the draft lexicon was sought from a range of OPSS staff.
2. Contents
The terms featured within the lexicon have been categorised as either core or supplementary. Core terms are those central to the topic of risk, and on which the meaning must be clear to avoid confusion and misunderstandings. Supplementary terms are relevant to the topic of risk but are likely to be significant only in certain contexts.
Under the core and supplementary headings, the terms are presented in what is felt to be a logical order.
3. Core terms
Hazard
Definition: “A potential source of harm.”
Note: This is a wide definition that includes products, substances, processes, premises, infrastructure and activities. The level of a hazard will be determined by the nature of the harm it can cause (in terms of its severity) and the anticipated extent of that harm (for example in terms of the number of people that could be affected). The EU Rapex guidelines give the following definition: “Hazard is the intrinsic property of the product that may cause an injury to the consumer who uses the product.”
Harm
Definition: “Adverse impact on individuals, the environment, infrastructure, property, animals, or businesses, and which can include human injury and ill health, damage (including disruptions) to property, damage to the environment, or economic loss.”
Note: This is a wide definition that includes physical, mental, social and economic adverse impacts. It can also extend to the failure to deliver a benefit or preventing a benefit from being realised.
Severity of harm
Definition: “The harm (physical, psychological, environmental, etc) that a hazard can potentially cause can have different degrees of severity. The severity of the harm thus reflects the effect the hazard has on the subject under the conditions described in the particular scenario.”
Note: The guidelines for the management of the European Union Rapid Information System ‘RAPEX’ established under Article 12 of Directive 2001/95/EC (the General Product Safety Directive) distinguishes four severity categories, depending on such factors as the reversibility of an injury, i.e. whether recovery from an injury is possible and to what extent. This categorisation is for guidance only, and a risk assessor should change the category if necessary, and report it in the risk assessment; this should be done to reflect a range from a negative effect not likely to require medical attention (i.e. can be treated with first aid) to acute, long-term adverse health impact or death.
Risk
Definition: “A function of the level of a hazard and the likelihood (or probability) that the hazard will cause harm.”
Note: In some regulatory contexts, the likelihood of compliance / non-compliance is used as a proxy for the likelihood of a hazard causing harm.
Risk is an event that can have negative impact (harm). Conversely an event that can have a positive impact (benefit) is an opportunity, so any situation in which the consequences can be identified beforehand, or assessed post event, in terms of positive and negative impact will, by definition, be classified as either risks or opportunities.
Probability of harm
Definition: “The likelihood (probability estimate) of the identified hazard causing harm; this refers to a harm scenario that may indeed materialise during the expected duration of a hazard.”
Note: The probability of harm can be expressed as a point estimate (typically ranging from 0 to 1); in descriptive terms such as high, medium or low; or both, by attaching descriptions to different point estimates, for example >0.5 (or >50%) = very high probability.
Risk assessment
Definition: “The process by which the level of risk associated with a particular hazard is identified and categorised.”
Note: The categorisation process normally allows comparisons to be made between different hazards.
Risk evaluation
Definition: “The process by which the outcome of a risk assessment is combined with policy considerations to characterise the risk and inform decisions on risk management.”
Note: Relevant policy considerations can include how the risk is perceived by the public, political concerns and societal concerns, and wider organisational objectives. Other considerations might include the nature of the risk, in particular whether it is created by a high level of hazard or a high likelihood of harm, and its characteristics (for example controllability, familiarity).
Risk management
Definition: “The elimination, control or mitigation of risk.”
Risk analysis
Definition: “The constituents of a process by which situations of risk are considered and involves identifying: (1) the hazardous event whose occurrence would cause the risk, (2) the consequence(s), known as harm, associated with that event, (3) the population at risk, (4) the risk per unit of exposure, (5) the level of exposure of members of the population.”
Note: Risk analysis can be taken to refer to the formal constituent procedures required when considering situations of risk, and these include: risk assessment, risk evaluation, risk management and risk communication.
Risk-based regulation
Definition: “Where consideration of risk is embedded in regulatory decision making at all levels, and priorities are established according to the outcomes of risk assessment.”
4. Supplementary terms
Risk communication
Definition: “The interactive exchange of information and opinions throughout the risk analysis process concerning the existence, nature, form, severity or acceptability of risk, risk-related factors and risk perceptions among risk assessors, risk managers, consumers, industry, the academic community and other interested parties, including the explanation of risk assessment findings and the basis of risk management decisions.”
Note: There is a need to acknowledge that the communication of risk is integral to the entire risk analysis process, and it is often adapted to suit the recipient (for example risk assessor, risk manager, policy maker, media, citizens, industry). Risk communication includes content conveyed numerically (for example probabilities, frequencies) and/or categories or ranks (for example low, moderate, high) that represents risk to audiences that are engaged with and dependent upon risk analysis.
Risk appetite
Definition: “The amount of risk an entity (individual, organisation, regulator) is willing to accept in pursuit of value (for example financial, personal, societal, political) to that entity.”
Risk perception
Definition: “Attributions of, and/or a recognition of the presence of, risk.”
Note: This can be informed by the probability of an occurrence together with psychological factors that include risk origin, severity, controllability, familiarity.”
Risk preference
Definition: “A tendency reflected in a context(s) where choices are made (that are more or less risky according to a utility function) and where those choices can be classed along a continuum from risk avoiding to risk seeking.”
Risk exposure
Definition: “The vulnerabilities faced by an individual (or population) as an estimated likelihood of a single hazard or a combination of hazards occurring as a direct (or indirect) consequence of activities and their frequency.”
Risk quantification
Definition: “A means of articulating the size of a risk.”
Note: Articulating the size of a risk can be in the form of an estimate, such as the likelihood of a hazard (this can be quantified [for example 0.001 to 0.01]) causing harm. Where risk cannot be quantified, such that there are cases for which there is limited or no data from which to determine a likelihood estimate, then expert judgment is required to determine a likelihood estimate. Under these conditions, it is appropriate to assert a qualification of the estimate, which involves a rationale for the estimate along with an estimate of uncertainty of the likelihood estimate.
Risk tolerability
Definition: “The acceptability of a perceived risk based upon the current values of society.”
Note: The degree to which a risk is tolerable will usually be influenced by the associated benefits derived and the degree to which it is seen as being effectively controlled and managed.
Threat
Definition: “Any situation or circumstances that has the potential to create or increase risk.”
Uncertainty
Definition: “A function of the lack of information and differences in certainty between individuals that reflect differences in personal experience and beliefs.”
Note: Uncertainty includes the state of belief with respect to the knowledge of a given event, whereby that knowledge can be limited in reliability, is imprecise, can conflict with other information that could have a bearing on the event, or incomplete.
Uncertainty analysis
Definition: “The recognition and assessment of uncertainties in all the activities concerning the scientific process that is implemented when conducting a risk assessment.”
Note: Uncertainty analysis can be formal (explicit quantification of uncertainties) or informal (explicit qualitative ascription of uncertainties) concerning assertions, claims, conclusions made from a risk assessment that has been conducted, for which causal analysis is a critical factor for ensuring that the analysis is robust, coherent, and accurate. Agencies such as the European Food Standards Authority outline possible procedures that can be carried out to support uncertainty analyses, which include (1) identifying uncertainties; (2) describing uncertainties; (3) assessing individual sources of uncertainty; (4) assessing the overall impact of all identified uncertainties on the assessment output, taking account of dependencies; (5) assessing the relative contribution of individual uncertainties to overall uncertainty; (6) documenting and reporting the uncertainty analysis.
Precautionary principle
Definition: “The principle under which protective action(s) is taken for the purpose of avoiding harm from an identified hazard, in circumstances where there is limited or no reliable evidence on the extent of the risk posed by that hazard, on the basis that taking no action could allow significant harm to occur.”
Risk mitigation
Definition: “Actions taken that can potentially limit (but not usually eliminate) the harm that occurs when a risk is realised.”
Causal analysis of risk
Definition: “The characterisation of risk in the context of causality.”
Note: The characterisation process can be formal (involving quantification of the likelihood of events based on the causal structure of the context of interest) or informal (any representation of identified causes and effects within the context of interest). These characterisations involve identifying: trigger event (initiating event), risk event (the estimation of a negative event occurring), opportunity event (the estimation of a positive event occurring), controls (events that are likely to prevent the trigger event(s) from causing the risk event), mitigating event (events that can potentially prevent the negative consequence of the negative event occurring), impediment event (events that can potentially prevent the positive consequence of the positive event occurring).
Product
Definition: “An item offered in a competitive market that is represented as serving a consumer need.”
Note: The GPSR 2005 definition states: ““product” means a product which is intended for consumers or likely, under reasonably foreseeable conditions, to be used by consumers even if not intended for them and which is supplied or made available, whether for consideration or not, in the course of a commercial activity…”.
Product liability
Definition: Refers to the liability of manufacturers, processors, distributors, and sellers of products for personal harm, injury, or damage (including negligence, strict liability, and breach of warranty).
Note: ‘Liability’ here can include the responsibility of one party for harm or damage caused to another party, which may be a cause for compensation, financially or otherwise, by the former to the latter. The details for product liability also extend to products that include artificial intelligence, or else smart functionalities; (EU commission paper liability SWD (2018) 137 final).
Utilities
Definition: “The associated costs and opportunities associated with the outcomes identified, in situations for which a risk analysis is applied.”