Inherently Confusing
Defining inherent and residual risk
When reporting a risk assessment there is often a desire to differentiate between the impact that control measures have on the risk level compared to doing nothing. The ‘before
controls’ and ‘after controls’ risk is frequently referred to as ‘inherent risk’ and ‘residual risk’ respectively, but defining these terms is not always as straightforward as it first appears.
INTRODUCTION
Undertaking and communicating an effective risk assessment requires a common understanding of the terminology involved. For starters, ‘risk’ is typically expressed as the combination of ‘likelihood’ and ‘consequence’. If we credit control measures to reduce the likelihood of an event, or mitigation measures to reduce its consequences (or both), then we reduce our initial risk. To gauge the effectiveness of control and mitigation measures, it is useful to be able to assess the risk before and after their consideration – which is what is meant by ‘inherent risk’ and ‘residual risk’ respectively.
DICTIONARY DEFINITIONS
For a concept that is much used, particularly when using a Risk Assessment Matrix (RAM) to assist in risk assessment, it is perhaps surprising that these terms are so poorly defined in risk management standards. For example, ISO 31000, ISO 31010, ISO 17776, IEC 61508 and IEC 61882 don’t even mention the concept of inherent or residual risk, much less define the two terms.
Moreover, there is some confusion across the risk/safety industry. In some cases, the term ‘inherent risk’ includes existing controls and mitigation measures; and residual risk is the effect of implementing improvements, which is clearly useful to know. This also makes sense from a semantic viewpoint, where according to the Oxford Dictionary, ‘inherent’ refers to ‘a basic or permanent part of something’ and ‘residual’ means ‘remaining at the end of a process’. Interestingly, in the nuclear industry, the terms ‘unprotected’ or ‘unmitigated’ are widely used in the context of frequency or consequences (or both, i.e. for risk) to convey an absence of safety measures.
Rather than getting bogged down, though, perhaps the lesson here is a simple one: To define terms explicitly as a necessary precursor to risk assessment. In that spirit (for the rest of this article at least), we define:
- Inherent risk as that which exists in the absence of controls and mitigating measures
- Residual risk as the risk that remains after controls and mitigating measures are accounted for
- Improved risk as the risk that remains after the implementation of additional or revised controls and mitigating measures
However, equally correct terms, appropriately defined, could be unmitigated, inherent and residual risk, for instance.
POWERFUL PEDANTRY
As some readers may already have divined, there is a good reason behind this otherwise apparent pedantry: the three types of risk help with decision making. More specifically, inherent risk is a useful litmus test for deciding whether credit for safety-related control or mitigation measures is warranted at all and can be used to screen out hazards from further assessment, allowing more time to be spent on those that really matter.
Once controls and mitigation measures are applied to those hazards that remain, their residual risk allows them to be ranked and prioritised for further consideration by ALARP assessment – i.e. answering the question, what improvement is reasonably practicable, given the level of overall risk? And in judging the merit of available options, one factor will be the risk benefit, which is described by the improved risk (or rather the reduction in risk characterised by the difference between the improved risk and the residual risk of the hazard in question).
Inherent risk relates to the chances of a person falling from scaffolding and suffering injury or death as a result; residual risk credits the guardrails and the fall arrest harness, both of which only come into play as the accident unfolds and serve to reduce both the frequency and consequences of the initial fall. Including the guardrail as part of the ‘inherent risk’ evaluation may be warranted if there is industry data on falls from scaffolding with guardrails (given this is standard practice) and the only decision concerns how best to further protect against a fall (e.g. fall arrest harness, safety net or soft landing system), noting that this may ultimately be decided on practical grounds.
PITFALLS AND PUDDLES
This all seems straightforward in principle, but in practice it is easy to lose sight of the underlying reasons for the three types of risk.
A common pitfall when assessing inherent risk is to remove those systems or structures that are normally functioning. For example, if we were looking at the risk associated with the storage of hydrocarbons, it would be perverse to assume that the primary containment was absent (giving a large puddle on the floor).
Evidently, failure of this passive (though fallible) engineering still needs to be considered in the inherent risk estimation. What is also interesting about this example is that it is easy to miss the implicit claim on primary containment, which should be explicitly recognised and managed (e.g. through appropriate design and maintenance requirements). If not, it may fail more frequently than estimated or in a more severe failure mode than allowed for. Another common issue surrounds the use of historic failure data in estimating the frequency of occurrence, such as crane-related dropped load. If, as often happens when using a RAM, the frequency of the hazardous event itself is assessed – e.g. using frequency bands with descriptions such as, “has occurred in industry” – then it can be unclear whether this relates to inherent or residual risk. If the existing controls are industry-standard, then it is likely that the assessed risk represents residual risk. Assessing inherent risk using a RAM with qualitative bands relating to historical occurrences is therefore very difficult, and great care must be taken to avoid undue pessimism or optimism. In this case, it would be better to gather frequency data on the ‘initiating event’ – i.e. the cause or causes of the hazard, before credit for controls are taken (e.g. wire rope failure, hoist brake failure, etc.).
In such circumstances, especially if the associated risk is significant, a fully quantitative risk assessment method may be more appropriate than a RAM.
CONCLUSION
There is, quite understandably, some confusion over the terms inherent risk and residual risk, stemming from a lack of definition in risk management standards, from their meaning in the English language and from their inconsistent use.
Whatever terms are used, what’s important is the utility of the different measures of risk in supporting decision making, with regard to gauging the extent of assessment necessary and the benefit of improvements. Keeping this in mind, and some of the pitfalls, the key take-away is to define explicitly what is meant by each term so that all involved have a common.
This article first appeared in RISKworld Issue 44
