Archive for the ‘Geek Terminology’ Category

What is Harm, Hazard and Risk?

Harm – Physical injury and/or damage to the health of people or damage to property or the environment.


Hazard – A possible source of harm


Risk – It is the combination of the probability of occurrence of harm and the severity of that harm. Risk has following three primary components:

  • A hazard
  • Probability of the hazard occurring (likelihood)
  • Potential impact of that hazard (severity).





What is Risk Control?

Risk Control is the decision making process to accept the existing risk or to reduce the risk to an acceptable level. It is to be decided if the associated risk is negligible, acceptable or unacceptable.

For unacceptable risks, the mitigation strategy should define the correction, corrective action or preventive action that may be required to reduce the risk to an acceptable level.


Risk Reduction/Mitigation

Risks considered high (or unacceptable) must be mitigated or reduced to an acceptable level, as minimum as possible.

Risk reduction focuses on reducing the probability of occurrence of harm or increasing the detection of harm.

Risk mitigation may not remove the probability of harm entirely; however it limits any negative consequences of a particular event.

The risk reduction/mitigation activities can be classed as follows:

  • Correction: Action taken to repair, rework, or make an adjustment to the disposition of an existing nonconformity.
  • Corrective Action: Action taken to eliminate the causes of an existing non-conformity, defect or other undesirable situation in order to prevent recurrence
  • Preventive Action: Action taken to eliminate the cause of a potential non-conformity, defect, or other undesirable situation in order to prevent occurrence

A cost/benefit analysis may be needed before a decision can be reached on which actions will be taken for risk reduction.


Risk Acceptance

Risk acceptance is a decision to accept the level of risk, i.e., no additional risk control activities are necessary. Risk acceptance requires participation and approval of responsible system owners.

What is Risk Assessment?

Risk Assessment is the identification of potential problems or hazards, and the analysis and evaluation of the risks associated with them. Three fundamental questions are often asked:

  1. What might go wrong?
  2. What is the likelihood or probability that it will go wrong?
  3. What are the consequences or severity?


Risk Assessment is further classified in three sections:

Risk Identification

Risk identification is used to determine the extent of a potential threat and the risk associated with that threat. It requires gathering relevant data for the subsequent risk analysis process. Examples of data collection methods include – Team meeting/team workshop, Interviews, Questionnaires, User requirements specification, Functional specification and Brainstorming.


Risk Analysis

Risk Analysis is a quantitative or qualitative process that involves evaluating each risk’s probability of occurrence, severity of impact and detect-ability. This process can either deliver a qualitative, semi-quantitative or a quantitative result. The form of the result is normally dependent on the information available.


Risk Evaluation

Risk Evaluation compares the results of the risk’s probability of occurrence, the severity of impact and the risk detect-ability against each other, and leads to the generation of an overall estimate of the relative value for the risk in question. This result is the output of the Risk Assessment Process.

One way of depicting the relative value of a risk is through a Risk Classification Matrix. In the matrix shown below, the probability of occurrence of a hazard is evaluated against the severity of the impact. Other classification matrices and techniques can also be used to arrive at the overall relative value of the risk.




What is Risk Management?

Risk Management is an iterative process to meet compliance requirements. It is based on international standards and regulatory guidance, which provide systematic approach to implement risk management within a project.

Broadly, risk management process can be classified and sub-classified as follows:

  1. Risk Assessment
    1. Risk Identification
    2. Risk Analysis
    3. Risk Evaluation


  1. Risk Control
    1. Risk Reduction/Mitigation
    2. Risk Acceptance


  1. Risk Review

What is an Incident?

Any event that is not part of the standard operation of a service and that may cause an interruption to or a reduction in the quality of the service.

In testing process it includes differences between what should have happened, and what actually happened. For example, results not as predicted, test script incorrect.