Site

RW - Navigation

RW - Recent

Last 10 entries [comments]:

Forums

Last 10 posts [threads/views]:

Wiki

Last 10 pages updated:

There are 472 wiki pages in total.



RSS logoRSS Feed
 

Definitions - What Exactly is a Risk Part 2?

by Nic Plum on Monday 05 August, 2013 - 21:46 GMT

Posted in Architecture FrameworkTRAK

Tags: definitionhazardontologyriskstandardthreat

In part 1 we established that a lot of the current definitions of risk don’t actually define what a risk is - they simply define a formula for calculating it or prioritising it which doesn’t help us get at what a risk is and therefore whether it is a distinct entity.

The OED has a definition:

(Exposure to) the possibility of loss, injury, or other adverse or unwelcome circumstance; a chance or situation involving such a possibility

Dissecting this with the old semantic scalpel we have parts:

  • possibility or chance
  • adverse circumstance
  • a situation

Possibility or Chance

A risk always has a probability of occurring. This therefore means that the metamodel entity has ‘probability of occurrence’ as an attribute. It also means that there are qualifying values in order for it to be a risk - the probability of occurrence cannot be zero since there is then no possibility and it cannot be 100% either because it is then a certainty not a risk.

Adverse Circumstance

A risk is associated with a harmful outcome (the positive flip side is an opportunity). We can represent this using a relationship between risk (if the vehicle for risk is an event) and hazard (threat).

A Situation

This starts to sound like an event through which the unlucky recipient is exposed to the risk. Is this a risk or is it really a description of a risky-event? 

Much the same thing happens to hazard where at least one definitions defines a hazardous event not a hazard. In IEC 61508:2010 part 4 Hazard is defined as:

potential source of harm [Guide 51 ISO/IEC:1990]

but then add

NOTE – The term includes danger to persons arising within a short time scale (for example, fire and explosion) and also those that have a long-term effect on a person’s health (for example, release of a toxic substance).

which isn’t correct because the release of a toxic substance is not a hazard but a hazardous event. The toxic substance represents the hazard. This is important because we’d represent hazard and hazardous event differently with a relationship between a Hazard and Event and the combination becomes the ‘hazardous event’.

Is something similar happening with risk in common parlance or definitions?

If a Risk is a distinct entity we have:

  • Hazard (syn. Threat) poses Risk
  • Risk is a Event (where 100 > probability of occurrence > 0)

and we can have

  • Hazard (syn. Threat) to Resource (i.e System, Physical, Software, Organisation, Job or Role) 

to introduce the required ‘harm’ or ‘adverse circumstance’.

The limits on probability of occurrence have to be applied because if it is 100% it isn’t a possibility it’s a certainty and therefore no longer a risk.  Similarly it cannot be zero because it can never happen and is therefore not a risk.

We could of course just represent a Risk using Event where the value of an attribute ‘probability of occurrence’ takes a value between these limits when representing a risk and is otherwise null or 100% if representing a ‘straight’ Event.

Of course even if it is a type of event there are advantages in making it a distinct entity since as an element in a tool it makes it easy to find, to navigate to or from and to distinguish it from a straight event. This utility might justify it being distinct.

So, is a risk a type of event?

Comments

Logged-in site members can receive notifications of comments made on this article.

Comment on this article

Related Articles

Linked directly:

Sharing tags:

1.2.004 adl admin advice applescript application architecture architecture description architecture description language architecture framework artefact artisan studio award berlow blog boundary browser bug c3 capability capability configuration colaboration collaboration committee compare compliance concept concert conference configuration control conformance consistency content contrast css cv01 def stan defence definition demonstration denmark department for transport develop discovery dndaf document dod dodaf drawing enterprise enterprise architect ertms event evolve exchange exploit forum fun geneology gfdl gnu group handbook hazard head-model history humour ibm rhapsody iec ieee ieee1471 iet ietf implement implementation incose innovation institute integrated ea interoperability introduction ipad iso iso42010 isse keynote knowledge language linkedin lockheed martin london london underground m3 mac management mdg meaning meeting metamodel mil std modaf model modelling style naf nato natural language needline news nist no magic magicdraw noun omg omnigraffle ontology open source opensource operational organisation oxfordshire perspective plan platform playlist portability presentation procurement profile project public publication publish purpose rail relationship release repository research resource rfc4677 risk role rssb rule safety sea search security sentence service singapore site softeam modelio software solution song sos sourceforge sparx systems sparx systems enterprise architect specification spreadsheet stakeholder concern standard steering group stencil stereotype store strategy structure support sysml system system authority system of systems systems engineering team template test threat tool
 

All articles/posts © of the respective authors

Site design and architecture © 2010 - 2011 Eclectica Systems Ltd.