Risk Management

Risk in the context of civil engineering is defined as comprising two distinct components: the probability of an event occurring and the magnitude of the consequences resulting from that event. This definition highlights that risk is not merely about the likelihood of adverse events, but also about the potential impact of those events. Managing risk effectively involves awareness of these factors and making informed design and regulatory decisions to mitigate potential issues. 

------------------------------
William McAnally Ph.D., P.E., BC.CE, BC.NE, F.ASCE
ENGINEER
Columbus MS
------------------------------

An alternative starting point is defining the end in mind. This avoids getting mired down in words and possible abstractions. I like how Kaplan and Garrick, in their 1981 paper On The Quantitative Definition of Risk (See  https://www.nrc.gov/docs/ML1216/ML12167A133.pdf) get one to think about risk practically. Kaplan and Garrick break risk analysis down into answering these three questions: 1. What can go wrong? 2. How likely is it to go wrong? 3. If it does go wrong, what are the consequences? Kaplan and Garrick call this a triplet<S, P, X> where S is a scenario identification or description; P, is the probability of that scenario; and X, is the consequence or evaluation measure of that scenario, i.e., the measure of damage. 

------------------------------
Mitch Winkler P.E.(inactive), M.ASCE
Houston, TX
------------------------------

Super insights, Mitch. Thanks.

------------------------------
William McAnally Ph.D., P.E., BC.CE, BC.NE, F.ASCE
ENGINEER
Columbus MS
------------------------------

Original Message:
Sent: 04-07-2025 01:10 PM
From: Mitchell Winkler
Subject: Risk Defined

An alternative starting point is defining the end in mind. This avoids getting mired down in words and possible abstractions. I like how Kaplan and Garrick, in their 1981 paper On The Quantitative Definition of Risk (See  https://www.nrc.gov/docs/ML1216/ML12167A133.pdf) get one to think about risk practically. Kaplan and Garrick break risk analysis down into answering these three questions: 1. What can go wrong? 2. How likely is it to go wrong? 3. If it does go wrong, what are the consequences? Kaplan and Garrick call this a triplet<S, P, X> where S is a scenario identification or description; P, is the probability of that scenario; and X, is the consequence or evaluation measure of that scenario, i.e., the measure of damage. 

------------------------------
Mitch Winkler P.E.(inactive), M.ASCE
Houston, TX
------------------------------

I'm learning that my risk definition considering two factors – probability of event occurrence and consequences of event – is too narrow.

For example, EPA defines environmental risk as having three components – 1. How much of a stressor is present, 2. How much contact (exposure) an ecological receptor has, and 3. How it affects the health of receptor.

Further, Brooks et al.^* really opened my eyes when they defined risk for permafrost damage to highways as consisting of the product of seven parameters regarding danger – two (temporal and spatial) for credibility and two for exposure, and one each for probability, severity, and cost.

These examples suggest that we should refer to engineering risk as a Risk Tensor, R_n, where n≥2 is the tensor rank.

Your thoughts?

* Conceptual Design of Quantitative Risk Algorithms for a Geohazard and Geo-asset Management System for Roadway Networks in Permafrost Regions, Heather Brooks, Lukas Arenson, Khatereh Roghangar, Jan Stirling, and Frank Hung, 2004, in Quantative Risk Algorithms, 9th International Conference on Control and Robotics Engineering.

------------------------------
William McAnally Ph.D., P.E., BC.CE, BC.NE, F.ASCE
ENGINEER
Columbus MS
------------------------------

Here are a couple more definitions.

Haimes* defines it much as we started, Risk is often defined as a measure of the probability and severity of adverse effects.

IS9000** starts off tersely but adds clarifying notes:

Risk: effect of uncertainty on objectives

Note 1 to entry: An effect is a deviation from the expected. It can be positive, negative or both, and can address, create or result in opportunities and threats.

Note 2 to entry: Objectives can have different aspects and categories, and can be applied at different levels.

Note 3 to entry: Risk is usually expressed in terms of risk sources, potential events, their consequences and their likelihood.

Anyone want to champion one of these definitions or offer an alternative?

Bill Mc

*Yacov Y. Haimes, 2004, Risk Modeling, Assessment, and Management, Wiley-Interscience, Hobokken, NJ. 837 pp.

**ISO 31073:2022 Risk Management – Vocabulary, International Standards Organization, Geneva, Switzerland. https://www.iso.org/obp/ui/en/#iso:std:iso:31073:ed-1:v1:en

------------------------------
William McAnally Ph.D., P.E., BC.CE, BC.NE, F.ASCE
ENGINEER
Columbus MS
------------------------------

Hello William,
Thank you for sharing this clear and important definition of risk in civil engineering.

Sometimes even rare events require serious attention if the consequences can be catastrophic. In civil engineering, this is especially important because proper risk management affects the safety of people and the durability of structures. Therefore, it is important not only to assess how often something might go wrong but also how severely it will impact the project and those around it.

------------------------------
Darya Stanskova Aff.M.ASCE
Cost Estimator, Construction Engineer, Power Engineer, Project Manager
Clearwater FL
------------------------------