Professional Documents
Culture Documents
Annex A
(informative)
Categorization of techniques
Table A.1 explains the characteristics of techniques that can be used for selecting which
technique or techniques to use.
Table A.2 lists a range of techniques classified according to these characteristics. The
techniques described represent structured ways of looking at the problem in hand that have
been found useful in particular contexts. The list is not intended to be comprehensive but covers
a range of commonly used techniques from a variety of sectors. For simplicity the techniques
are listed in alphabetical order without any priority.
Each technique is described in more detail in Annex B, as referenced in column 1 of Table A.2.
Table A.2 – Techniques and indicative characteristics
Sub- Technique Description Application Scope Time Decision Starting Specialist Qual/quant/ Effort to
clause horizon level info/data expertise semi-quant apply
needs
B.8.2 ALARP/SFAIRP Criteria for deciding significance of risk and evaluate. 1 any 1/2 high high qual/quant high
means of evaluating tolerability of risk. risk
B.5.2 Bayesian analysis A means of making inference about model analyse any any any medium high quant medium
parameters using Bayes' theorem which likelihood
has the capability of incorporating
empirical data into prior judgements about
probabilities.
B.5.3 Bayesian A graphical model of variables and their identify risk any any any medium high quant medium/
networks/ cause-effect relationships expressed using high
Influence probabilities. A basic Bayesian network has estimate
diagrams variables representing uncertainties. An risk
extended version, known as an influence decide
diagram, includes variables representing between
uncertainties, consequences and actions. options
– 32 –
B.4.2 Bow tie analysis A diagrammatic way of describing the Analyse risk 2/3 short/ any low low/ qual/semi- low
pathways from sources of risk to outcomes, medium moderate quant
and of reviewing controls. analyse
controls
describe
risk
B.1.2 Brainstorming Technique used in workshops to encourage elicit views any any any none low/ qual low
imaginative thinking. moderate
B.5.4 Business impact The BIA process analyses the analyse 1 short/ 2 medium low quant/qual medium
– 33 –
B.9.2 Cost/benefit Uses money as a scale for estimating compare any short/ any medium moderate/ quant medium/
analysis positive and negative, tangible and options medium /high high high
intangible, consequences of different
options.
B.6.2 Cross impact Evaluates changes in the probability of the analyse any short/ any low to high moderate/ quant medium/
analysis occurrence of a given set of events likelihood medium high high
consequent on the actual occurrence of and cause
one of them.
B.9.3 Decision tree Uses a tree-like representation or model of compare any any 2 low/ medium moderate quant medium
analysis decisions and their possible options
consequences. Outcomes are usually
expressed in monetary terms or in terms of
utility.
An alternative representation of a decision
tree is an influence diagram (see B.5.3).
B.1.3 Delphi technique Collects judgements through a set of elicit views any any any none moderate qual medium
sequential questionnaires. People
participate individually but receive
feedback on the responses of others after
each set of questions.
Sub- Technique Description Application Scope Time Decision Starting Specialist Qual/quant/ Effort to
clause horizon level info/data expertise semi-quant apply
needs
B.5.6 Event tree Models the possible outcomes from a given analyse 2/3 any any low/medium moderate qual/quant medium
analysis (ETA) initiating event and the status of controls conseq. and
thus analysing the frequency or probability controls
of the various possible outcomes.
B.5.7 Fault tree analysis Analyses causes of a focus event using analyse 2/3 medium 2/3 high for depends on qual/quant medium/
(FTA) Boolean logic to describe combinations of likelihood quant complexity high
faults. Variations include a success tree analysis
where the top event is desired and a cause analyse
tree used to investigate past events. causes
B.2.3 Failure modes and Considers the ways in which each identify risks 2/3 any 2/3 depends on moderate qual/semi- low /high
effects (and component of a system might fail and the application quant/quant
criticality) analysis failure causes and effects. FMEA can be
followed by a criticality analysis which
FME(C)A defines the significance of each failure
mode (FMECA).
B.8.3 Frequency / Special case of quantitative evaluate 1 any any high high quant high
number (F/N) consequence/likelihood graph applied to risk
– 34 –
diagrams consideration of tolerability of risk to
human life.
B.9.4 Game theory The study of strategic decision making to decide 1 medium 1/2 high high quant medium/
model the impact of the decisions of between high
different players involved in the game. options
Example application area can be risk
based pricing.
B.4.3 Hazard analysis Analyses the risk reduction that can be analyse 2/3 short/ 2/3 medium moderate qual medium
and critical control achieved by various layers of protection. controls medium
points (HACCP) monitor
– 35 –
analysis (MCA) trade-offs explicit. Provides an alternative between
to cost/benefit analysis that does not need options
a monetary value to be allocated to all
inputs.
B.1.4 Nominal group Technique for eliciting views from a group elicit views any any any none low qual medium
technique of people where initial participation is as
individuals with no interaction, then group
discussion of ideas follows.
B.8.4 Pareto charts The Pareto principle (the 80–20 rule) set priorities any any any medium moderate semi- low
states that, for many events, roughly 80 % quant/quant
of the effects come from 20 % of the
causes.
B.5.11 (PIA/DPIA) privacy Analyses how incidents and events could analyse any any 1/2 medium moderate/ qual medium
impact analysis / affect a person's privacy (PI) and identifies sources of high
data protection and quantifies the capabilities that would risk
impact analysis be needed to manage it.
conseq
analysis
B.8.5 Reliability centred A risk based assessment used to identify evaluate 2/3 medium 2/3 medium high for qual/semi- medium/
maintenance the appropriate maintenance tasks for a risk facilitator, quant/quant high
(RCM) system and its components. moderate to
decide use
controls
Sub- Technique Description Application Scope Time Decision Starting Specialist Qual/quant/ Effort to
clause horizon level info/data expertise semi-quant apply
needs
B.8.6 Risk indices Rates the significance of risks based on compare any any any medium low to use, semi-quant low
ratings applied to factors which are risks moderate to
believed to influence the magnitude of the develop
risk.
B.10.2 Risk registers A means of recording information about recording any any any low/medium low/ qual medium
risks and tracking actions. and moderate
reporting
risks
monitor and
review
B.10.4 S-curves A means of displaying the relationship display risk any any 2/3 medium/ moderate/ quant/semi- medium
between consequences and their likelihood high high quant
plotted as a cumulative distribution function evaluate
(S-curve). risk
B.2.5 Scenario analysis Identifies possible future scenarios through identify risk, any medium or any low/medium moderate qual low/medium
imagination, extrapolation from the present conseq. long
– 36 –
or modelling. Risk is then considered for analysis
each of these scenarios.
B.1.6 Surveys Paper- or computer-based questionnaires elicit views any medium/ 2/3 low moderate qual high
to elicit views. long
B.2.6 Structured what if A simpler form of HAZOP with prompts of identify risk 1/2 medium/ 1/2 medium low/ qual low/medium
technique (SWIFT) "what if" to identify deviations from the long moderate
expected.
B.7.1 Toxicological risk A series of steps taken to obtain a measure measure of 3 medium/ 2/3 high high quant high
assessment for the risk to humans or ecological risk long
Table A.3 lists the extent to which each technique is applicable to the different stages of risk
assessment; namely risk identification, risk analysis, and risk evaluation. Some of the
techniques are also used in other steps of the process. This is illustrated in Figure A.1.
Figure A.1 – Application of techniques in the ISO 31000 risk management process [3]
NOTE Figure A.1 is intended to provide an overview and is not an exhaustive list of all techniques that can be used
at each step.
– 38 – IEC 31010:2019 IEC 2019
Structured or semi-structured
SA NA NA NA NA B.1.5
interviews
Structured "What if?" (SWIFT) SA SA A A A B.2.6
Surveys SA NA NA NA NA B.1.6
Toxicological risk assessment SA SA SA SA SA B.7.1
Value at risk (VaR) NA A A SA SA B.7.2