The risk analysis is part of the risk management , which consists of the risk assessment , risk management and risk communication , whereby the risk assessment is subdivided into the sub-areas of risk identification , risk analysis and risk assessment .
The aim of the risk assessment is to identify and quantify (evaluate) risks in order to create transparency about the type and scope of existing risks, e.g. B. to avoid or reduce risks through preventive measures. Furthermore, their results are used for risk communication, e.g. B. to promote risk perception . The risk can also be expressed by a risk measure.
It should be noted that the process of risk analysis is decisively shaped by the individual risk perception. Whether risks are recognized at all also depends on the fact that different risk carriers perceive an existing risk differently or not at all. If the risk is perceived incorrectly as a selective perception , only certain risks are perceived, while other existing risks are ignored. Inadequate risk perception has a negative effect on the subsequent phases of risk management.
The risk analysis is carried out in three steps:
- Identification of the dangers ( risk identification ) that can damage or destroy the system.
- Analysis of the causes of the identified hazard events (deductive cause analysis / fault tree analysis ) and determination of their frequencies.
- Analysis of the damage effects of the identified hazard events that can originate from the system (inductive analysis / event tree analysis ) and determination of their probabilities.
For risk analysis are different scientific analysis techniques are used, such as job analysis , elemental analysis , financial analysis , qualitative analysis , quantitative analysis , portfolio analysis , vulnerability analysis or scenario analysis .
The quantitative risk results from the multiplication of the amount of damage by the probability of occurrence or the risk rate, depending on whether it is a time-limited risk or a risk, summed up over the various hazards ( risk quantification ).
The hazard identification should as far as possible be based on quantitative (historical, statistical) data. Qualitative methods such as B. Expert opinions, checklists should be used. The aim of the analysis is to find and record all likely dangers.
In the risk analysis, the uncertainties associated with the analysis must also be taken into account (data and model uncertainties) and the sources of uncertainty must be identified as far as possible (see also decision under uncertainty ).
Risk analysis in civil protection
In 2009, the German federal government enshrined risk analysis in the Civil Protection and Disaster Relief Act (ZSKG). In accordance with Section 18 of the ZSKG of April 2, 2009, the federal government, in cooperation with the federal states, conducts a nationwide, cross-departmental risk analysis in civil protection and informs the German Bundestag of the results of the risk analysis annually from 2010 onwards.
The risk analysis is a central component of risk management in civil protection. It provides reliable information about dangers, risks and existing skills in dealing with risks on the basis of which decisions can be made appropriately. The method is based on the international risk management standard ISO 31000 and 31010.
Since 2012, the following hazards have been subjected to a risk analysis and the results have been published in the relevant Bundestag reports:
- Extreme melt flood from the low mountain ranges (2012),
- Pandemic caused by virus Modi-SARS (2012),
- Winter storm (2013),
- Storm surge (2014),
- Release of radioactive substances from a nuclear power plant (2015),
- Release of chemical substances (2016),
- Drought (2018).
The results of the analyzes are the probability of occurrence and damage effects of the events examined, as well as findings and recommendations for action that are important in terms of holistic risk and crisis management.
Risk analysis in companies
Risk analyzes in companies are important:
- as a legal requirement the financial statements of a company to a positional or Risk Report supplement (see. Law on Control and Transparency in Business );
- as a task in project planning ("project risk analysis") or investment calculation ;
- when assessing the risk situation of companies (e.g. as a basis for company valuation or strategy evaluation );
- in credit institutions to determine high-risk customer segments, to control the credit risk or credit decisions or to determine the capital adequacy requirements according to Basel III ( creditworthiness check of all borrowers , counterparties and counterparties );
- in the identification of risks from new technologies or social developments;
- in the identification and assessment of product risks, in particular when launching new products or taking out product liability insurance ;
- for the detection of work processes in administrations and companies at risk through fraudulent acts ( breach of trust , embezzlement , fraud , disclosure of official or trade secrets , corruption , etc.) and for the review and further development of the existing internal control systems.
In business administration, risk analysis is the identification and quantification of risks by estimating the likelihood of occurrence and the possible, mostly uncertain effects (e.g. on costs ). It is the basis for the determination of the imputed risk costs (see risk costs ) and necessary for the determination of expected budget values (e.g. when evaluating a company by risk management).
It can be broken down into sub-steps:
- Risk identification: what risks is my company confronted with,
- Risk quantification: how many risks are there and what level of risk they have.
As far as possible, a risk analysis is based on statistical data analysis : The new contracts (so-called production) concluded in the various years (so-called production years) are divided into segments. The contracts that are experiencing financial difficulties are identified within each segment and per year of production . The segments in which, for many production years, the respective share of contracts with financial difficulties is higher than the percentage in the production years are considered risky. Attention should be drawn to the fact that, on the one hand, the number of contracts must be of a sufficiently large volume and, on the other hand, that the result of the analysis must always be checked for substantive validity in order to provide an objectively justified statement. In particular, the question to be answered is whether the identified relationships will remain stable in the future.
Risk analysis in other areas
Today, risk analyzes are carried out in all industrial areas with a risk potential, such as nuclear technology , aviation , railways , shipping , chemicals , petrochemicals and dams or other technical systems , using the methods of probabilistic safety analysis (PSA).
- At major events , the masonry scheme is used to calculate the strength of the emergency services of the medical guard service, taking into account the different risk tendencies .
- For fire brigades , a fire protection requirement plan is prescribed in some federal states in order to use this instrument to ensure risk and hazard analysis to achieve the protection goals within the assistance period .
- In occupational safety , the risk analysis is called risk assessment .
- In toxicology and ecotoxicology .
- Environmental risk analysis as part of environmental risk management .
- For settlements in the mountains and in large buildings, the possible natural hazards ( landslides , avalanches , mudslides , subsidence , subsidence, etc.) must be assessed. In addition to geotechnical methods, geoseismics is also often used.
- When designing machines and systems, the danger emanating from the machine / system is determined and countermeasures are determined (see also safety system ).
- In the medical industry and in the development of medical products, a risk management process must be continuously managed and documented in accordance with the requirements of EN ISO 14971 and the regulations of the Medical Devices Act.
- In the field of electrical engineering , the European standard EN 62305-2 (see lightning protection ) requires a risk analysis (regarding the risk of lightning strikes and overvoltage) when installing electrical systems.
- Risk analyzes can be used to evaluate level crossings in order to determine the required level of safety requirements so that adequate security e.g. B. is provided by a warning system .
- Risk management processes are set up for risks relating to information, IT systems and IT services.
- The concept of hazard analysis and critical control points (HACCP) is used for food safety .
- RAMS (Reliability, Availability, Maintainability, Safety)
- Risk analysis and risk management for customs controls of the German customs administration
- Claudio Cottin / Sebastian Döhler, Risk Analysis , 2013
- Werner Gleißner, Risk Analysis, Risk Quantification and Risk Aggregation, in: WiSt, 9/2017, pp. 4–11
- David Vose, Risk Analysis: A Quantitative Guide , 2008
- Society for Risk Analysis (English)
- Robert Schmitt / Tilo Pfeifer, Quality Management: Strategies - Methods - Techniques , 2015, p. 363
- Nikolaus Raupp, The decision-making behavior of Japanese venture capital managers under the influence of risk perception in conjunction with other factors , 2012, p. 27
- Frank Romeike (Ed.), Success Factor Risk Management , 2004, p. 165
- Marvin Rausand: Risk Assessment: Theory, Methods, and Applications , 2013 - 664 pages.
- Risk Assessment and Mapping Guidelines for Disaster Management , EU COMMISSION STAFF WORKING PAPER, Brussels, December 21, 2010 SEC (2010) 1626, final.
- Federal and state risk analyzes , Federal Office for Civil Protection and Disaster Aid (BBK).
- Law on civil protection and disaster relief of the federal government , Federal Ministry of Justice and for consumer protection .
- Report on risk analysis in civil protection 2012 . In: 17th German Bundestag, printed matter 17/12051, January 3, 2013 - Risk analysis of extreme melt floods and pandemic .
- Report on risk analysis in civil protection 2013 . In: 18th German Bundestag, printed matter 18/208, December 16, 2013 - risk analysis winter storm .
- Report on the risk analysis in civil protection 2014 . In: 18th German Bundestag, printed matter 18/3682, 23 December 2014 - Storm surge risk analysis .
- Report on the risk analysis in civil protection 2015 . In: 18th German Bundestag, printed matter 18/7209, January 4, 2016 - Risk analysis of the release of radioactive substances from a nuclear power plant .
- Report on risk analysis in civil protection 2016 . In: 18th German Bundestag, printed matter 18/10850, December 28, 2016 - Risk analysis of the release of chemical substances .
- Report on the risk analysis in civil protection 2018 , in: 19th German Bundestag, printed matter 19/9521, April 12, 2019 - Risk analysis drought .
- see HGB : Risk Report , Paragraph 1 HGB: Group Management Report Paragraph 1
- Lars Krause / David Borens, The strategic risk management of ISO 31000 , in: Risk, Fraud & Compliance (ZRFC) 4/5 2009, part 1: p. 180 ff.