Risk Assessment – Evaluation of Hazards and Consequences in Safety Contexts

What is Risk Assessment?

Risk assessment is a systematic process to identify, analyze, and evaluate hazards that could cause harm to people, property, or the environment. It is fundamental to safety-critical industries such as aviation, healthcare, construction, and energy, guiding operational decisions, maintenance, and design by prioritizing safety interventions.

The process combines qualitative and quantitative methods, following global standards like ICAO, ISO 31000, and national regulations. At its core, risk assessment involves hazard identification, estimation of the likelihood of occurrence, and assessment of potential consequences. This enables organizations to implement targeted control measures, reducing the probability or impact of dangerous events.

As defined by ICAO Doc 9859, risk is the “assessment, expressed in terms of predicted probability and severity, of the consequence(s) of a hazard taking as reference the worst foreseeable situation.” The risk formula—Risk = Likelihood × Severity—is central to risk assessment frameworks, providing the structure for risk matrices and evaluation tools.

Risk assessment is a continuous, cyclical activity, regularly reviewed and updated to reflect operational changes, new hazards, regulatory requirements, and lessons from incidents or near-misses. This ensures that safety management systems remain dynamic, responsive, and compliant with industry best practices.

Where is Risk Assessment Used?

Risk assessment is embedded in all safety-critical industries, with rigorous applications in aviation, chemical processing, healthcare, construction, and energy. In aviation, it permeates flight operations, maintenance schedules, airport design, and emergency response protocols. Regulatory bodies like ICAO and the FAA mandate risk assessments as part of Safety Management Systems (SMS).

Beyond aviation, risk assessment is essential in occupational safety and health (OSH), environmental protection, and enterprise risk management. For example, the European Union’s Framework Directive 89/391/EEC requires employers to perform risk assessments for workplace safety, while construction projects use them to address hazards like working at height or with heavy machinery.

Risk assessment outputs—risk registers, control strategies, and monitoring plans—form the backbone of both proactive and reactive safety management, tailored to sector-specific hazards, operational complexities, and compliance requirements.

Risk Assessment Process

The risk assessment process is a structured sequence of steps, recommended by ICAO and ISO 31000, to systematically identify, analyze, and mitigate risks:

1. Context Establishment: Define scope, objectives, and criteria. Understand the operational environment, regulations, and stakeholder expectations.
2. Hazard Identification: Systematically identify hazards using methods such as brainstorming, incident analysis, checklists, and expert judgment.
3. Risk Analysis: Assess the likelihood and severity of consequences if a hazard materializes, using data, models, or expert input.
4. Risk Evaluation: Compare risks against acceptance criteria, often using a risk matrix to prioritize interventions.
5. Risk Control and Treatment: Implement controls to eliminate or mitigate risks, guided by the hierarchy of controls.
6. Documentation: Record findings, decisions, and actions for accountability and auditing.
7. Review and Monitoring: Continuously monitor control effectiveness and reassess risks with operational or regulatory changes.

In aviation, these steps apply to operational risk assessments (e.g., flight operations), safety cases for new technologies, and design safety evaluations.

Hazard Identification

Hazard identification is the systematic process of recognizing potential sources of harm to people, property, or the environment. In aviation, hazards may be operational (runway incursions), environmental (severe weather), technical (system failures), or human-related (fatigue).

Techniques include:

• Workplace inspections and observations
• Incident and near-miss report reviews
• Consultation with frontline staff
• Review of manufacturer’s safety data sheets (SDS)
• Hazard mapping and checklists

ICAO Doc 9859 emphasizes a proactive safety culture that encourages hazard reporting and systematic identification, forming the foundation for predictive safety management.

Risk Evaluation (Hazard Consequence Analysis)

Risk evaluation (hazard consequence analysis) assesses the significance of hazards by analyzing their likelihood and potential severity. This step prioritizes risk mitigation.

Risk Matrix

A risk matrix cross-references likelihood and severity to assign a risk level (Low to Extreme), guiding the urgency and type of response.

5×5 Risk Matrix Example:

Quantitative vs. Qualitative:

• Quantitative: Assigns numerical probabilities and consequence values using data and models.
• Qualitative: Uses descriptive ratings when data is limited.

In aviation, risk evaluation informs safety cases for new procedures, technology integrations, or operational changes.

Severity (Consequence)

Severity (or consequence) is the extent of harm or loss if a hazard occurs, graded from negligible to catastrophic across human, operational, and environmental impacts.

Severity definitions should be tailored to the organization and reviewed as technology and operations evolve.

Likelihood (Probability)

Likelihood (or probability) is the estimated frequency or chance of a hazardous event, classified into discrete levels informed by data, judgment, or modeling.

For rare or emerging hazards, conservative assumptions ensure safety margins.

Control Measures

Control measures are strategies or interventions to eliminate hazards or reduce risks. The “hierarchy of controls” ranks effectiveness:

Selection is based on feasibility, effectiveness, and operational impact. Elimination and engineering controls are prioritized.

Documentation

Documentation records hazard identification, risk evaluation, selected controls, and review outcomes. This ensures traceability, accountability, and compliance.

A risk assessment record should include:

• Description of the operation/process
• List of identified hazards
• Risk evaluation (likelihood, severity, rating)
• Control measures and rationale
• Responsibilities and timelines
• Evidence of consultation
• Review dates and outcomes

Regulations (ICAO Annex 19, ISO 45001) require records for audits and investigations. Digital tools streamline and secure documentation.

Review and Monitoring

Review and monitoring are ongoing to ensure risk assessments remain valid and controls are effective.

Triggers for review:

• New equipment, processes, or technologies
• Regulatory changes
• Incidents or near-misses
• Scheduled periodic reviews

Monitoring methods:

• Safety audits and inspections
• Incident and near-miss data analysis
• Safety performance indicators
• Feedback from staff and safety committees

Continuous monitoring underpins the “Plan-Do-Check-Act” (PDCA) cycle for continuous improvement.

Examples and Use Cases

Example 1: Manual Handling in Aviation Ground Operations

• Hazard: Baggage handlers lifting heavy luggage.
• Risk: Likelihood - Frequent; Severity - Major (musculoskeletal injury).
• Control Measures: Powered lifting devices, handling training, staff rotation.
• Documentation: Recorded in safety management system with responsibilities and review schedule.

Example 2: Fuel Handling at Airports

• Hazard: Exposure to flammable liquids/vapors during refueling.
• Risk: Likelihood - Occasional; Severity - Catastrophic.
• Control Measures: Less volatile fuels, vapor recovery systems, flame-retardant PPE, restricted access.
• Documentation: Integrated into fuel handling procedures; reviewed after incidents.

Example 3: Maintenance Work at Height

• Hazard: Servicing tail sections on elevated platforms.
• Risk: Likelihood - Unlikely (with controls); Severity - Catastrophic (fall).
• Control Measures: Guardrails, fall arrest systems, height training, pre-use inspections, harnesses.
• Documentation: Risk assessment and inspection logs maintained and updated after changes/incidents.

Common Risk Assessment Tools and Techniques

Many organizations use software-based tools to automate risk scoring, scenario analysis, and team collaboration.

Legal and Standards Compliance

Key Regulations and Standards

• ICAO Annex 19: Mandates Safety Management Systems (SMS) and risk management for aviation service providers.
• ISO 31000: Principles and guidelines for risk management, applicable across industries.
• ISO 45001: Occupational health and safety management, including hazard identification and risk assessment.
• FAA Advisory Circulars: U.S. guidance for airport and operational risk assessments.
• OSHA (U.S.): Requires hazard identification and risk assessment in workplaces.
• EASA (Europe): Enforces risk assessment for European aviation operators.

Organizations must maintain comprehensive risk assessment records for audits, investigations, and compliance. Non-compliance can result in regulatory action or penalties.

Use Cases and Applications

Risk assessment supports routine workplace safety, operational planning, maintenance, design changes, emergency preparedness, and compliance. Airlines assess aircraft ground handling, maintenance, and cabin operations regularly, updating controls as conditions and regulations evolve.

Conclusion

Risk assessment is foundational to safety management, integrating hazard identification, risk analysis, evaluation, control, documentation, and review. When implemented systematically, it reduces harm, ensures compliance, and fosters a proactive safety culture across all industries.

If you are looking to enhance your organization’s risk assessment process, ensure compliance, or implement digital tools for efficiency, contact us or schedule a demo today.