Risk Assessment in the Wild

Abstract

This paper introduces an empirical research method for systems engineering based on the examination of work products. To illustrate the method we describe an investigation of safety risk assessment as it is actually recorded, rather than the standards, forms and procedures used to guide risk assessment. A body of risk assessments was collected via a combination of public search, freedom of information request, and private request. The risk assessments are from multiple domains, for multiple purposes, and follow diverse formats -- the one thing that they have in common is that they are genuine work products.

Due to the necessarily arbitrary selection process, the collection cannot resolve quantitative hypotheses about the distribution of phenomena. However, it provides an opportunity to explore assumptions and suspicions about the real-world conduct of risk assessment that cannot be examined by looking at academic literature or guidance documents.

The paper makes contributions in three areas:

• Our early findings about the characteristics of the risk assessment collection

• Our experiences with the exercise itself, and the lessons learnt which may be helpful in future similar research

• Observations on the relationship between theoretical and applied system safety, and the methods that may be applied to answer important questions in each sphere.