Risk analysis

from Wikipedia, the free encyclopedia

The risk analysis ( English risk analysis ) is within the scope of the risk management , the analysis by risk identification determined risks of different situations and danger situations.


The risk analysis is part of the risk management , which consists of the risk assessment , risk management and risk communication , whereby the risk assessment is subdivided into the sub-areas of risk identification , risk analysis and risk assessment .

The aim of the risk assessment is to identify and quantify (evaluate) risks in order to create transparency about the type and scope of existing risks, e.g. B. to avoid or reduce risks through preventive measures. Furthermore, their results are used for risk communication, e.g. B. to promote risk perception . The risk can also be expressed by a risk measure.

It should be noted that the process of risk analysis is decisively shaped by the individual risk perception. Whether risks are recognized at all also depends on the fact that different risk carriers perceive an existing risk differently or not at all. If the risk is perceived incorrectly as a selective perception , only certain risks are perceived, while other existing risks are ignored. Inadequate risk perception has a negative effect on the subsequent phases of risk management.

Aspects of risk analysis also be included in the work analysis , financial statement analysis , financial analysis , market analysis and vulnerability assessment .

Process flow

The risk analysis is carried out in three steps:

  • Identification of the dangers ( risk identification ) that can damage or destroy the system.
  • Analysis of the causes of the identified hazard events (deductive cause analysis / fault tree analysis ) and determination of their frequencies.
  • Analysis of the damage effects of the identified hazard events that can originate from the system (inductive analysis / event tree analysis ) and determination of their probabilities.

For risk analysis are different scientific analysis techniques are used, such as job analysis , elemental analysis , financial analysis , qualitative analysis , quantitative analysis , portfolio analysis , vulnerability analysis or scenario analysis .

The quantitative risk results from the multiplication of the amount of damage by the probability of occurrence or the risk rate, depending on whether it is a time-limited risk or a risk, summed up over the various hazards ( risk quantification ).

The hazard identification should as far as possible be based on quantitative (historical, statistical) data. Qualitative methods such as B. Expert opinions, checklists should be used. The aim of the analysis is to find and record all likely dangers.

In the risk analysis, the uncertainties associated with the analysis must also be taken into account (data and model uncertainties) and the sources of uncertainty must be identified as far as possible (see also decision under uncertainty ).

application areas

Risk analysis in civil protection

In 2009, the German federal government enshrined risk analysis in the Civil Protection and Disaster Relief Act (ZSKG). In accordance with Section 18 of the ZSKG of April 2, 2009, the federal government, in cooperation with the federal states, conducts a nationwide, cross-departmental risk analysis in civil protection and informs the German Bundestag of the results of the risk analysis annually from 2010 onwards.

The risk analysis is a central component of risk management in civil protection. It provides reliable information about dangers, risks and existing skills in dealing with risks on the basis of which decisions can be made appropriately. The method is based on the international risk management standard ISO 31000 and 31010.

Since 2012, the following hazards have been subjected to a risk analysis and the results have been published in the relevant Bundestag reports:

The results of the analyzes are the probability of occurrence and damage effects of the events examined, as well as findings and recommendations for action that are important in terms of holistic risk and crisis management.

Risk analysis in companies

Risk analyzes in companies are important:

In business administration, risk analysis is the identification and quantification of risks by estimating the likelihood of occurrence and the possible, mostly uncertain effects (e.g. on costs ). It is the basis for the determination of the imputed risk costs (see risk costs ) and necessary for the determination of expected budget values ​​(e.g. when evaluating a company by risk management).

It can be broken down into sub-steps:

  • Risk identification: what risks is my company confronted with,
  • Risk quantification: how many risks are there and what level of risk they have.

As far as possible, a risk analysis is based on statistical data analysis : The new contracts (so-called production) concluded in the various years (so-called production years) are divided into segments. The contracts that are experiencing financial difficulties are identified within each segment and per year of production . The segments in which, for many production years, the respective share of contracts with financial difficulties is higher than the percentage in the production years are considered risky. Attention should be drawn to the fact that, on the one hand, the number of contracts must be of a sufficiently large volume and, on the other hand, that the result of the analysis must always be checked for substantive validity in order to provide an objectively justified statement. In particular, the question to be answered is whether the identified relationships will remain stable in the future.

Risk analysis in other areas

Today, risk analyzes are carried out in all industrial areas with a risk potential, such as nuclear technology , aviation , railways , shipping , chemicals , petrochemicals and dams or other technical systems , using the methods of probabilistic safety analysis (PSA).

See also


  • Claudio Cottin / Sebastian Döhler, Risk Analysis , 2013
  • Werner Gleißner, Risk Analysis, Risk Quantification and Risk Aggregation, in: WiSt, 9/2017, pp. 4–11
  • David Vose, Risk Analysis: A Quantitative Guide , 2008

Web links

Individual evidence

  1. Robert Schmitt / Tilo Pfeifer, Quality Management: Strategies - Methods - Techniques , 2015, p. 363
  2. Nikolaus Raupp, The decision-making behavior of Japanese venture capital managers under the influence of risk perception in conjunction with other factors , 2012, p. 27
  3. Frank Romeike (Ed.), Success Factor Risk Management , 2004, p. 165
  4. Marvin Rausand: Risk Assessment: Theory, Methods, and Applications , 2013 - 664 pages.
  5. Risk Assessment and Mapping Guidelines for Disaster Management , EU COMMISSION STAFF WORKING PAPER, Brussels, December 21, 2010 SEC (2010) 1626, final.
  6. ^ Federal and state risk analyzes , Federal Office for Civil Protection and Disaster Aid (BBK).
  7. Law on civil protection and disaster relief of the federal government , Federal Ministry of Justice and for consumer protection .
  8. a b Report on risk analysis in civil protection 2012 . In: 17th German Bundestag, printed matter 17/12051, January 3, 2013 - Risk analysis of extreme melt floods and pandemic .
  9. Report on risk analysis in civil protection 2013 . In: 18th German Bundestag, printed matter 18/208, December 16, 2013 - risk analysis winter storm .
  10. Report on the risk analysis in civil protection 2014 . In: 18th German Bundestag, printed matter 18/3682, 23 December 2014 - Storm surge risk analysis .
  11. Report on the risk analysis in civil protection 2015 . In: 18th German Bundestag, printed matter 18/7209, January 4, 2016 - Risk analysis of the release of radioactive substances from a nuclear power plant .
  12. Report on risk analysis in civil protection 2016 . In: 18th German Bundestag, printed matter 18/10850, December 28, 2016 - Risk analysis of the release of chemical substances .
  13. Report on the risk analysis in civil protection 2018 , in: 19th German Bundestag, printed matter 19/9521, April 12, 2019 - Risk analysis drought .
  14. see § 289 Paragraph 1 HGB : Risk Report , § 315 Paragraph 1 HGB: Group Management Report
  15. Lars Krause / David Borens, The strategic risk management of ISO 31000 , in: Risk, Fraud & Compliance (ZRFC) 4/5 2009, part 1: p. 180 ff.