ISO 31010 2019 风险管理-风险评估技术(英文原版).pdf

-2-IEC31010:2019IEC2019 CONTENTS FOREWORD.6 INTRODUCTION....8 1Scope....9 2Normative references..9 3Terms and definitions 4Core concepts.10 4.1Uncertainty.10 4.2Risk11 5Uses of risk assessment techniques11 6Implementing risk assessment.12 6.1Pian the assessment.12 6.1.1Define purpose and scope of the assessment. 6.1.2Understand the context.13 6.1.3Engage with stakeholders.13 6.1.4Define objectives.13 6.1.5Consider human,organizational and social factors13 6.1.6Review criteria for decisions14 6.2Manage information and develop models..16 6.2.1General16 6.2.2Collecting information.16 6.2.3Analysing data.16 6.2.4Developing and applying models17 6.3Apply risk assessment techniques.18 6.3.1Overview18 6.3.2Identifying risk.19 6.3.3Determining sources,causes and drivers ofrisk 6.3.4Investigating the effectiveness of existing controls.... 6.3.5Understanding consequences,and likelihood...20 6.3.6Analysing interactions and dependencies..... 6.3.7Understanding measures of risk..22 6.4Review the analysis...25 6.4.1Verifying and validating resuls..25 6.4.2Uncertainty and sensitivity analysis25 6.4.3Monitoring and review....26 6.5Apply results to support decisions.26 6.5.1Overview26 6.5.2Decisions about the significance of risk.27 6.5.3Decisions that involve selecting between options..27 6.6Record and report risk assessment process and outes.28 7Selecting risk assessment techniques.28 7.1General.28 7.2Selecting techniques..29 Annex A (informative) Categorization of techniques.....31 A.1 Introduction to categorization of techniques .....31 A.2 Application of categorization of techniques.31 A.3 Use of techniques during the ISO 31000 process....37
IEC31010:2019IEC2019 Annex B (informative) Description of techniques...40 B.1 Techniques for eliciting views from stakeholders and experts.40 B.1.1 General40 B.1.2 Brainstorming..40 B.1.3 Delphi technique.42 B.1.4 Nominal group technique...43 B.1.5 Structured or semi-structured interviews.....44 B.1.6 Surveys...45 B.2 Techniquesforidentifying risk.. B.2.1 General.. B.2.2 Checklists,classifications and taxonomies... B.2.3 Failure modes and effects analysis（FMEA) and failure modes,effects and criticality analysis(FMECA)..49 B.2.4 Hazard and operability (HAZOP) studies.......50 B.2.5 Scenario analysis52 B.2.6 Structured what if technique (SwIFT)54 B.3 Techniques for determining sources.causes and drivers of risk.....55 B.3.1 General.55 B.3.2 Cindynic approach...56 B.3.3 Ishikawa analysis (fishbone) method B.4 Techniques for analysing controls.60 B.4.1 General.....60 B.4.2 Bow tie analysis..60 B.4.3 Hazard analysis and critical control points (HACCP)....62 B.4.4 Layers of protection analysis (LOPA)...4 B.5 Techniques for understanding consequences and likelihood66 B.5.1 General....6 B.5.2 Bayesian analysis..66 B.5.3 Bayesian networks and influence diagrams..68 B.5.4 Business impact analysis (BIA)....0 B.5.5 Cause-consequence analysis (CCA). B.5.6 Event tree analysis (ETA)..74 B.5.7 Fault tree analysis (FTA).. B.5.8 Human reliability analysis (HRA).78 B.5.9 Markov analysis.79 B.5.10 Monte Carlo simulation..81 B.5.11 Privacy impact analysis (PIA)/ data protection impact analysis (DPIA).83 B.6 Techniques for analysing dependencies and interactions..85 B.6.1 Causal mapping.85 B.6.2 Cross impact analysis.87 B.7 Techniques that provide ameasure of risk B.7.1 Toxicological risk assessment..89 B.7.2 Value at risk (VaR).91 B.7.3 Conditional value at risk(CVaR)or expected shortfall (ES). B.8 Techniques for evaluating the significance of risk94 B.8.1 General....4 B.8.2
practicable (SFAIRP)..94
IEC31010:2019IEC2019 B.8.3 Frequency-number (F-N) diagrams...96 B.8.4 Pareto charts...98 B.8.5 Reliability centred maintenance (RCM)100 B.8.6 Risk indices.102 B.9 Techniques for selecting between options.103 B.9.1 General.103 B.9.2 Cost/benefit analysis (CBA).104 B.9.3 Decision tree analysis..106 B.9.4 Game theory...107 B.9.5 Multi-criteria analysis (MCA).109 B.10 Techniques forrecording and reporting.111 B.10.1 General..111 B.10.2 Risk registers.112 B.10.3 Consequence/ikelihoodmatrix(risk matrix or heat map)113 B.10.4 S-curves.117 Bibliography......119 Figure A.1 - Application of techniques in the ISO 31000 risk management process [3].. Figure B.1 - Example Ishikawa (fishbone) diagram... Figure B.2-Example of Bowtie..61 problem:modelling native fish populations in Victoria,Australia.......69 Figure B.4-Example of cause-consequence diagram.....7. Figure B.5 - Example of event tree analysis75 Figure B.6-Example of fault tree... Figure B.7-Example of Markov diagram......80 Figure B.8- Example of dose response curve68 Figure B.9-Distribution of value....1 Figure B.10-Detail of loss region VaR values91 Figure B.11 VaR and CVaR for possible loss porfolio. Figure B.12 - ALARP diagram. Figure B.13 - Sample F-N diagram.. Figure B.14 -Example of a Pareto chart..98 Figure B.15 - Part example of table defining consequence scales114 Figure B.16-Part example of a likelihood scale..114 Figure B.17 - Example of conseq...