EU RAPEX Guidelines
Guidelines for the management of the Community Rapid Information System ‘RAPEX’
View PDF here

EuroSafe Risk Assessment Flowchart (2008)
Risk assessment is a process. This flowchart shows all different steps in risk assessment and the relation between these steps.


Basic Principles of Risk Assessment (2008)

If you Google the definition of “Risk Assessment” you will find different but similar phrases (search for “define: risk assessment).
Such as:

  • The process used to determine risk management priorities by evaluating and comparing the level of risk against predetermined standards, target risk levels or other criteria or;
  • A risk assessment is the identification of danger and estimation of the probability of an occurrence or;
  • A process which estimates the likelihood that exposed people may have health effects or;
  • The process of identifying hazards and assessing the risks of harm and loss threatened by that hazard. Risk Assessment also usually includes the evaluation of the consequences of a materialised risk and implements risk reduction control measures (etc.)

Risk assessment is however everything but a phrase, at least it can not be explained by a definition. Therefore these basic principles will introduce the elements which should be incorporated in any risk assessment in the field of (consumer) product safety.

1. The assessment should have clear objective(s) reflecting the informational needs of decision makers and determined in an iterative dialogue between the assessor(s) and the decision maker(s).

Risk assessment is always linked to decision making. In particular, it can help prioritise actions, provide objective and defensible means to distinguish between alternative courses of action, and enable a choice to be made. Ultimately the risk assessment process can help in deciding whether risk can be tolerated or whether further treatment and controls are justified. It is important to establish clearly why a particular risk assessment is initiated: what decision depends on the outcome?

The risk assessor and decision maker (also referred to as risk manager) may be the same person or be in the same organisation, but other situations are also common.

Some applications of risk assessment are proactive in nature, i.e. they are aimed at future or potential risks; in other cases, a reactive assessment is aimed at concrete products that have been involved in incident, found to fail a standard, or otherwise suspected of being unsafe.

2. The scope and content should be based on the objectives of the assessment and best professional judgement, considering the benefits and costs of acquiring additional information before undertaking the assessment.

The scope of the assessment includes at least:

a. the product (type) that is the subject of the assessment;
b. the hazard(s) of concern;
c. the affected entities (population(s), subpopulation(s), individuals, or other) that are the subject of the assessment;
d. the exposure/event scenarios relevant to the objectives of the assessment.

For example, it is necessary to clarify whether the risk manager needs estimates of population or individual risk, or both.

3. The type of risk assessment shall be responsive to the nature of the potential hazard, the available data, and the decision needs.

For example, if the objective is to decide whether a particular incident requires a product recall, the risk assessment will focus on that incident and not on the complete risk profile of the product. On the other hand, the risk profile should be determined as completely as possible in the design stage.

Different risk assessment methods or tools are available for these different types of risk assessment. Selecting the type of risk assessment also means selecting the right methods and tools.

4. The level of effort put into the risk assessment shall be commensurate with the importance of the decisions to be made.

This principle is linked with principles 2 and 3 and emphasises that risk assessments may vary considerably in scale. The time frame available for decision making may also influence the scale of the risk assessment.

5. The assessment shall be objective, systematic, structured and –as far as practically possible – evidence based.

This implies: neither minimising nor exaggerating the nature and magnitude of risks; giving weight to both positive and negative studies in light of each study’s technical quality.

This also means that the processes used for risk assessment should be methodical and use recognised methods to ensure that the results are repeatable and reliable.

An evidence based assessment also implies that efforts are necessary to ensure the availability of suitable data. Data are necessary at the start to picking up any signals that may call for a risk assessment, and later in the risk assessment itself. Therefore, an organisation that wants to perform risk assessments needs to prepare itself by establishing a system for collecting relevant data of good quality or to know where such information already exists

6. The risk shall be characterised qualitatively and, whenever possible, quantitatively.

7. Risk Assessment should explicitly describe its own uncertainty and the causes of the uncertainty.

This may include: providing a range of plausible risk estimates with a quantitative characterisation of risk; for critical assumptions, whenever possible, include a quantitative evaluation of reasonable alternative assumptions and their implications for the key findings of the assessment; documenting and disclosing the nature and quantitative implications of model uncertainty, and the relative plausibility of different models based on scientific judgment; where feasible, performing a sensitivity analysis; and providing a quantitative distribution of the uncertainty.

The primary purpose of risk assessment should always be to deal with those aspects of decision making that are uncertain. If the outcomes of actions or decisions are completely certain in terms of what will occur, when and its extent and nature, then there is less need to assess the risks but just manage them and monitor the results. Decision makers need help understanding where uncertainty lies and how it is best treated and managed.

As far as possible, discussion should be provided around the nature, difficulty, feasibility, cost and time associated with undertaking research to resolve the key scientific limitations and uncertainties.

8. Risk Assessment should be multidisciplinary and therefore transparent and understood by all involved and / or interested parties through their inclusion and involvement in the process.

This implies the need to consider at the start of the risk assessmentwho should be involved in the process. Risk assessment is usually not a one man show. Different parties are involved, for example the executive party (the team which actually perform the risk assessment), the manager or organisation taking decisions based on the risk assessment and parties influenced by these decisions. Good communication between these parties is vital for the risk assessment process.

Furthermore, risk assessment exists of different assignments for which different kinds of expertise are necessary. Therefore risk assessment needs a multidisciplinary involvement and view on the process.

9. Appropriate procedures for peer review and public participation should be used in the process of preparing the risk assessment.

These procedures will contribute to scientific objectivity, transparency and acceptance of the conclusions.

Peer review may include: issuing a draft risk assessment report; considering comments received on this draft; issuing a "response-to-comment" document that summarises the significant comments received and the risk assessor’s responses to those comments; and providing a rationale for why the risk assessor has not adopted the position suggested by commenters.

Involvement also ensures that their views are properly represented and taken into account. It is particularly important that any risk criteria that is used adequately reflects the perceptions and views of the relevant interested parties because risk evaluation must determine what level of risk is tolerable to them and where and when further treatment is required. Of course, during risk identification the involvement of a representative group with a large and diverse experience base always ensures the most comprehensive of analyses. Finally, those held accountable for the monitoring of control measures benefit greatly from involvement in the risk assessment that lead to those controls.

10. Risk Assessment should be dynamic, iterative and responsive to change.

Risks change with time. New risks emerge and others decline. As events occur and control activities take place, knowledge also changes and increases. It is therefore important that risk assessment is not a ‘one pass’ process and that there is a ‘monitor and review’ element to ensure that risk assessment and controls reflect the current situation.

The involvement of interested parties and, in particular, decision makers in the risk assessment process, is essential to ensure it remains relevant and up to date.

As relevant and scientifically plausible information becomes available, the risk assessor shall, considering the resources available, consider: revising the risk assessment to incorporate such information; and updating or replacing the assumptions to reflect new data or scientific understandings.