“Rocket Science”

Risk assessment is not “rocket science.” It is a reasoned and disciplined approach to better understanding risk and more easily seeing how one proposed solution compares with another. The process is often described as comparing “benefit to risk.”

The steps are relatively simple. First, clearly state the issue and the risks – the potential to cause harm. Next, describe ways in which those risks can be reduced. Lastly, decide if the benefits you get from reducing risks are enough to warrant doing the work.

The path

  1. Determine if a formal risk assessment is necessary – part of a regular review of community issues, performed by the police and fire departments plus the government administration.
  2. Make a list of all the safety concerns – the risk factors.
  3. Rate the risk factors to clarify those that can cause the most harm.
  4. Rate the likelihood of each risk occurring.

Focus on those things that can contribute to the greatest harm. In this example, I have chosen vehicle speed and length of crosswalk.

The idea of assessment

Generally speaking, the assessment of risk is comprised of two things: the degree of harm that may be caused, or the consequence, and the likelihood of a risk factor to happen. Risk factors being the pieces that risk is made of. There is one more component of the assessment and that is the perceived  benefit you may realize from taking a risk.

A conundrum

Two terms that get thrown around a lot are subjective, and objective: “You’re not being objective!” “Let’s look at this objectively.” “That’s just your subjective point of view.”

Both subjectivity and objectivity will serve a purpose in making assessments. I use objective to refer to data, factual information that can be expressed in numbers, like vehicles per hour, vehicle speed, or length of walkway. Subjective is how data is interpreted: 40 MPH is too fast for this road; 40 foot cross walk is excessively long.

Even when I have specific data, like vehicle speed, I will need to set limits: why not 47 instead of 50; 36 MPH instead of 40, 38 feet instead of 40? It’s unavoidable: limits can make sense, but setting them can be intuitive.

This is one reason why charts and graphs are useful. They make it easier to get a picture of the issue, make comparisons, and grasp the relative meaning of what might be a complex situation. It makes comparisons easier to see.


The goal of performing risk assessment is to reduce the likelihood of causing harm, or if you prefer, to increase the benefit to be realized.

Now I think I know what you might be thinking: “Waaaait just a minute here. I didn’t sign up for an art class in obsessive thinking!” And for that, I can sympathize. Shown here is a complete list of every possible combination of risk factors. In practice, a list may look much simpler.

Here is a simpler version of the same list. All the risk factors are still shown, but only those deemed most significant are rated.

History of events

There are often several biases cemented in place, ready to be exercised when needed to nip action in the bud: financial cost will be too great, we’ll get too many complaints, they already tried that in another community. But the one that I bet gets thrown out first is this: “Why are we looking at this issue, nothing has ever happened!”

Past history is tough to argue against. Yet the problem with relying on facts of the past this: it is not based on the factors, the specific risks associated with a specific event or situation. The facts of past do not address the physical characteristics that make up the situation at hand.

It would be like saying the reason a bridge is not falling down is because it never has. We know, the reason it’s still standing has to do with the physical condition of the structure: the condition of the components determine its stability. The fact that it has not fallen down does not mean it will or it will not – it’s unrelated.

Past events may indicate that attention should be paid to an issue. Anyone can see that if accidents often occur at a particular intersection, maybe we should be paying some attention to why that is happening, the risk factors.

Before two 737 MAX planes hit the ground, everyone knew it was one of the safest commercial aircraft ever built. Excellent safety record. After the crashes, well what do you know – when everyone took a careful look, many safety issues surfaced (risk factors). No longer considered a very safe aircraft to fly or be on.

Boeing executives chose to believe that the planes safety record was more relevant than the risk factors – of the need for air speed sensor redundancy and pilot retraining. Boeing’s beliefs were not a result of assessing risk factors but were based on magic thinking: the aircraft would continue to be safe to fly because it had always been.

That is what they WANTED to believe, or some of them. Others in the company were not so sure, but their voices were drowned out. One problem in bringing out the critical safety issues that downed the aircraft was the top administration’s deaf ear. The other was in not relying on a standardized assessment process and documentation.

There are two different kinds of past events and reactions.

  1. Nothing bad has ever happened – so why take any action?
  2. Something bad has happened – so I must consider corrective action.

Neither of these represent the actual risk or a risk factors. The fact that a particular situation has never harmed anyone is, by itself, no guarantee that things can not happen. And just because something bad has happened is, by itself, no guarantee it will ever happen again. The past is an event, not a condition. To use the past as a risk factor is a mistake.

It is critically important to distinguish between physical circumstances that put people at risk – risk factors – and how often those circumstances produce harmful effects. Like the stock market, past performance is no indicator of future results.

Management basics

  1. Define the assessment process in a way that permits clear comparisons between different circumstances or events – create forms.
  2. Ask the questions: What is the situation that is of concern? What are the risk factors? What are the consequences or the degree of harm? What is the likelihood of harm occurring?
  3. Document the process so decisions are made clearly and understood by everyone.
  4. Evaluate the results: Show how the level of risk relates to any proposed fix.
  5. Explain the decision to take corrective action or to not.

The alternative to a standardized approach is haphazard analysis that can be prone to bias and individual personalities. Risk assessment is fact-based, and management is a structured approach that includes subjective observation.

Different name, same game

About ten years ago, Dr. Atul Gawande, a Harvard-trained surgeon, wrote about the use of checklists in The New Yorker magazine. “The Checklist Manifesto: How to Get Things Right.” He wrote about the process of using checklists, and whether – in hospitals or prior to aircraft takeoffs – it helps to assure that information is not ignored.

Call it checklist, or risk management, following a formal procedure that defines what the issue is, and how aspects of it can affect us, helps to assure better outcomes.

Good science is asking the questions:

  1. What are the factors that have impact?
  2. How likely will these factors impact someone?
  3. What are the effects?

And, ultimately, what are the consequences of making change?

The benefits of performing standardized assessments

  1. Assures that risk assessment documentation is available for comparison of issues, and monitoring.
  2. Standardizing assessment criteria permits clear and concise comparisons of different events.
  3. Clarifying risk factors inherent in each event means not having to rely on: “It hasn’t happened here, so it won’t” or, “If we fix it here, everyone will want that fix.” rationalizations.
  4. From a legal culpability point of view, utilizing a methodology that clarifies risks, demonstrates accountability.

Risk assessment addresses the unique characteristics of a particular set of circumstances, and that process can be shown and explained. No one is ever satisfied hearing – “You can’t have this fix because then everyone will want it.” – in response to a suggestion in addressing a concern.

Standardized assessments means that no one in a position of responsibility will have to rely on excuses.


Risk can be assessed for many different kinds of situations. As individuals, we perform these assessments every day. What distinguishes personal assessments from professional and community assessments is the mandated structured approach.

The list can go on to include any situation in which someone can be harmed, either physically, emotionally, financially, etc. Not all risk is the same, and not everyone feels the same about every potential risk, and so the need for a process that attempts to level the playing field and remove some of the built-in personal biases.

Community risk manager

Who does the work of overseeing risk management in a community? Today, in St. Louis, it is the Public Safety Department.

It “is the largest municipal government department in the City of St. Louis overseeing the Fire Department, the Metropolitan Police Department, six major divisions, two bureaus, a correctional institution and the city jail.”

Sounds good, but St. Louis is a relatively large city. How can oversight work in a smaller community – towns and villages?

Risk of harm can occur in many different environments, and may occur in ways least expected. One of the jobs falling to risk management is attempting to ferret out harm before it happens, and who better to take on this job than those who deal with harm, and potential harm, every day of the week?

Police and fire departments, and government managers, is a core group that makes sense, and they need to be involved in determining the necessary policy and procedures to follow.

You don’t need to hire a high-priced expert to do this kind of management. But when experts are necessary, they should be able to explain the steps they took in determining the conclusions they made. And, being better versed in risk assessment, local administrators can better understand what exactly is being pitched to them.

Risk assessment is the right thing to do, and being able to understand the issues is the best thing to do.

About this project.