Risk Management

The need for a systematic approach to risk assessment has long been recognized by owners and operators of transport infrastructure. However, until the 1980s, risk analyses concentrated mainly on traffic safety and the optimization of the safety of critical infrastructure objects, especially bridges and tunnels. Over time, the risk analysis was extended to individual investment projects in order to meet planned timelines, including implementation costs. Since the 1990s, risks have been systematically investigated and treated accordingly, not only in relation to individual projects or objects, but also in the context of the entire organization. Consequently, it is legitimate to speak of risk management.

Risk management according to ISO 31000

In view of the growing importance of risk management, the International Organization for Standardization (ISO) published ISO 31000 Risk Management [1] in 2009. It is the most widespread document of its kind in the world and was adopted by a total of 57 national standards committees by 2015.

Risk is defined in the ISO 31000 standard as “the effect of uncertainty on objectives” and risk management is defined as “the coordinated activity of directing and managing an organization in relation to risks”. The risk management process is shown schematically in the picture below.

Risk management process according to ISO 31000
Risk management process according to ISO 31000

The identification of external and internal stakeholders and their goals is part of the analysis of the “context” of the respective organization, so that management can concentrate on the uncertainties relevant from the perspective of the stakeholders.

The risks identified are documented and then analyzed to determine their probability and impact. In the evaluation sub-process, the priorities for risk management are then defined. All identified risks should then be assigned to appropriate measures. They range from risk avoidance (abandonment of certain activities), risk minimization, risk outsourcing (e.g. insurance) to risk tolerance.

The ISO 31000 standard can be adapted to each organization in its specific environment. It provides a very general approach that is not industry or sector specific, while being applicable to any type of risk.

Risk Management and Asset Management

Asset management and risk management are very closely linked. Both emerged at the end of the 20th / beginning of the 21st century as new knowledge disciplines.

Optimizing risks is one of the fundamental tasks that asset management demands of owners and operators of technical infrastructures. Both the international standard ISO 55000 Asset Management and all manuals and other documents based on it underline the importance and necessity of risk management in infrastructure management. The ISO 55000-compliant implementation of an asset management system is therefore impossible without the integration of risk management procedures.

  1. ISO 31000, Risk management – Principles and guidelines