I feel much more confident now that we have a meaningful set of risk registers that genuinely reflects the assets we're maintaining and developing.

characterisation of risk and uncertainty

Some of the most important problems we encounter with assessments of risk and uncertainty are

inconsistent issues

In our experience, a frequent result of exercises to identify key risks and uncertainties is a long list of issues defined at many different levels.  For example, a workshop with the vehicle fleet management unit of a major organisation to identify safety issues with their flett identified the issues

The latter is clearly a small sub-set of the former.  If both are included in a list then there is overlap. If the latter is included but the former not, then there may be a significant risk of gaps being left in the long list of ways that mechanical failure of a vehicle might cause an accident.

poor definition

"Risk" can be and is used in different ways by different people.  To some "a risk" is an event or issue giving rise to the possibility of loss.  To others, "risk" is the yardstick by which to measure the magnitude of the likelihood and/or consequences of loss.  So the first thing to be clear about is which of these you mean.

There is then a whole raft of pitfalls to do with defining yardsticks by which to measure risk.  These are discussed on our Measuring RIsk page, the bottom line of which is that you must be explicit about the risk of what, to whom, and the units in which you're measuring it, in order to provide any useful information.

Avoiding the Pitfalls

The first general point is that when discussing risk and uncertainty it's particularly important to be absolutely clear what you mean.

When generating a list of issues/events giving rise to risk or uncertainty, we like to do two things that help make sure the set of events is consistent and meaningful.

First, we arrange the issues within a simple hierarchy so that we can see their relationship to each other.  Very often this activity quickly reveals gaps or overlaps, helps choose the appropriate level at which to pitch the exercise, and helps sharpen up definitions of what's in or out of each event or issue.

Second, we like to combine any sort of brainstorming or 'bottom up' systematic working through an activity with a parallel 'top down' cross-check on "How in principle could (events at whatever level) come about?"

Our aim is to help generate a hierarchy of events which, at any level, are both uniquely defined and can clearly be seen to cover all possibilities.  This valuable property of the items in a register of risks or uncertianties is sometimes referred to as MECE (Mutually Exclusive and Conceptually Exhaustive) for short.