The definition of risk introduced in the ISO 31000 standard of 2009 (2018) is uncertain goal achievement; thus, both negative and positive outcomes can be considered. It also implies that risk is not limited to life and health, but may cover all goals of a company. Risk management thus becomes a question of achieving and optimizing multiple goals. Since safety is but one of several considerations, safety may lose out to other more easily measured objectives of a company, such as economics and compliance with regulatory requirements. Risk analyses have a long history of quantification, a tradition that for various reasons has waned and should be revived if safety goals are to be treated together with other goals of a company. The extended scope affects not only company owners and employees but also neighbors, the local community, and the society at large. The stochastic nature of risk and the considerable time lap between decisions and the multiattributed consequences implies that managing risk is exposed to cognitive biases of many sorts. Risk management should be based on a quantitative approach to risk analysis as a protection against the many cognitive biases likely to be present, and managers should be trained to recognize the most common cognitive biases and decision pitfalls.
Part of the book: Perspectives on Risk, Assessment and Management Paradigms