ISO/IEC 31010:2009: risk management – Risk assessment techniques

This international standard is a supporting standard for ISO 31000 and provides guidance on selection and application of systematic techniques for risk assessment. Risk assessment carried out in accordance with this standard contributes to other risk management activities. The purpose of risk assessment is to provide evidence-based information and analysis to make informed decisions on how to treat particular risks and how to select between options.

The application of a range of risk assessment techniques are introduced. These have specific references to other international standards where the concept and application of techniques are described in greater detail.

Some of the principal benefits of a performing risk assessment include:
- Providing objective information for decision makers,
- Understanding of the risk and its potential impact upon objectives,
- Identifying, analysing and evaluating risks and determining the need for their treatment,
- Quantification or ranking of risks,
- Contributing to the understanding of risks, in order to assist in selection of treatment options,
- Identification of the important contributors to risks and weak links in systems and organisations,
- Comparison of risks in alternative systems, technologies or approaches,
- Identification and communication of risks and uncertainties,
- Assisting with establishing priorities for health and safety,
- Rationalising a basis for preventive maintenance and inspection,
- Post-incident investigation and prevention,
- Selecting different forms of risk treatment,
- Meeting regulatory requirements,
- Providing information that will help evaluate the tolerability of the risk when compared with pre-defined criteria.