Iec Iso 31010.pdf
IEC 31010:2019 - A Guide to Risk Assessment Techniques
Risk assessment is a key process in risk management, which aims to identify, analyze and evaluate the risks associated with a situation, activity or decision. Risk assessment techniques are methods or tools that can be used to support the risk assessment process, by providing information, data, analysis or recommendations. There are many different risk assessment techniques available, each with its own strengths, limitations and applicability. Choosing the most suitable technique for a given context can be challenging, as it depends on various factors such as the nature and complexity of the risk, the availability and quality of information, the objectives and criteria of the decision makers, and the resources and time constraints.
To help risk practitioners and decision makers select and apply appropriate risk assessment techniques, the International Electrotechnical Commission (IEC) and the International Organization for Standardization (ISO) have jointly published the second edition of IEC 31010:2019 - Risk management Risk assessment techniques. This standard provides guidance on the selection and application of techniques for assessing risk in a wide range of situations. It also provides summaries of a range of techniques, with references to other documents where the techniques are described in more detail.
What's new in IEC 31010:2019?
The second edition of IEC 31010:2019 cancels and replaces the first edition published in 2009. It constitutes a technical revision that includes the following significant changes:
More detail is given on the process of planning, implementing, verifying and validating the use of the techniques.
The number and range of application of the techniques has been increased.
The concepts covered in ISO 31000:2018 - Risk management Guidelines are no longer repeated in this standard.
The standard is aligned with ISO 31000:2018, which provides principles and guidelines for effective risk management. It also complements other standards related to risk management, such as ISO 31004:2013 - Risk management Guidance for the implementation of ISO 31000 and ISO/IEC 31030:2021 - Risk management Guidance for managing emerging risks to enhance resilience.
What are some examples of risk assessment techniques?
IEC 31010:2019 covers a variety of risk assessment techniques, which can be classified into three broad categories:
Identification techniques: These techniques aim to identify sources of risk, areas of impacts, events, scenarios, causes and consequences. They can be used at any stage of the risk assessment process, but are particularly useful at the beginning. Some examples of identification techniques are brainstorming, checklists, interviews, surveys, hazard analysis and scenario analysis.
Analysis techniques: These techniques aim to estimate or evaluate the level of risk or its components (likelihood and consequences). They can be used to compare risks or to prioritize them for further action. Some examples of analysis techniques are qualitative methods (such as risk matrices, scales or ranking), semi-quantitative methods (such as scoring or rating) and quantitative methods (such as probability distributions, statistical analysis or simulation).
Evaluation techniques: These techniques aim to support decision making by comparing the level of risk with risk criteria or by assessing the effectiveness of risk treatment options. They can be used to determine whether risks are acceptable or tolerable, or whether they need to be reduced or eliminated. Some examples of evaluation techniques are cost-benefit analysis, multi-criteria decision analysis, decision trees and sensitivity analysis.
The standard also provides guidance on how to combine or integrate different techniques to achieve a more comprehensive or robust risk assessment. For example, a scenario analysis can be combined with a simulation technique to estimate the likelihood and consequences of different scenarios. A multi-criteria decision analysis can be combined with a cost-benefit analysis to evaluate the trade-offs between different risk treatment options.
How to use IEC 31010:2019?
IEC 31010:2019 is intended to be used by anyone involved in risk assessment or risk management, such as risk practitioners, decision makers, consultants, auditors or regulators. It can be applied to any type of risk, regardless of its nature, source or impact. It can also be applied to any type of organization, activity, system or process, regardless of its size, complexity or sector.
The standard provides a general framework for selecting and applying risk assessment techniques, which consists of the following steps:
Establish the context: This step involves defining the scope, objectives and criteria of the risk assessment, as well as the roles and responsibilities of the participants. It also involves identifying and engaging the relevant stakeholders, and collecting and reviewing the available information.
Select the technique(s): This step involves choosing one or more techniques that are suitable for the context, based on various factors such as the purpose, scope and complexity of the risk assessment, the availability and quality of data and information, the resources and time available, and the preferences and expectations of the stakeholders.
Apply the technique(s): This step involves implementing the chosen technique(s) according to their specific procedures and requirements. It also involves documenting and communicating the results and outcomes of the risk assessment, as well as any assumptions, limitations or uncertainties.
Verify and validate the technique(s): This step involves checking and confirming that the chosen technique(s) have been applied correctly and consistently, and that they have produced valid and reliable results. It also involves reviewing and updating the risk assessment as necessary, based on new information, feedback or changes in the context.
The standard also provides a summary table that describes 31 risk assessment techniques, along with their purpose, inputs, outputs, advantages, disadvantages and references. The table can be used as a quick reference guide or a checklist to compare and select different techniques. However, it is not intended to be exhaustive or prescriptive, as there may be other techniques that are not included in the standard or that are more suitable for a specific context.
Where to get IEC 31010:2019?
IEC 31010:2019 is available for purchase from the IEC webstore or from ISO's member bodies. The standard is published in English and French languages. A PDF version of the standard can be downloaded for personal use after payment. A paper version of the standard can be ordered and delivered by mail.
IEC 31010:2019 is also available for free online viewing from some national standards bodies or organizations that have adopted or endorsed it. For example, you can access IEC 31010:2019 from Standards New Zealand or from SAI Global. However, you may need to register or log in to view the full text of the standard.
IEC 31010:2019 is a useful guide for anyone who wants to learn more about risk assessment techniques or to apply them in practice. It provides a comprehensive overview of various techniques that can be used to identify, analyze and evaluate risks in different situations. It also provides guidance on how to select and apply the most suitable technique for a given context, as well as how to verify and validate its results. By following IEC 31010:2019, you can enhance your risk assessment process and improve your risk management outcomes.