# Introduction
For any client interested in evaluating their risks, the goal of the engagement is to use the results of the assessment to inform decision-making. A typical client engagement can be summarized by the “roadmap to resilience” depicted in the figure below. Here, the first step of the roadmap is to evaluate the baseline risks, i.e., perform a risk assessment. Based on the results of this assessment, if the baseline risks are deemed to be intolerable by the client, the next step is to develop mitigation strategies and forecast the residual risks after implementation. Then the mitigations can be evaluated for prioritization, for example using cost-benefit analysis to identify the most cost-effective mitigation strategies. Lastly, the mitigations are implemented based on the prioritizations. It should be noted that the term “mitigation” is used here to refer to any risk reduction strategy. It could mean retrofit of an existing asset, or divestment from a property, or selection of a particular site for future development from a suite of options. Within this roadmap, risk assessments serve two functions:
- to evaluate baseline risks, and
- to evaluate forecasted residual risks after mitigation.
Figure 1. Depiction of a typical Risk and Resilience client engagement.
In this framework, a risk assessment’s value stems from the actionable information provided to a client. That is, a risk assessment is valuable only if the client’s future actions depend, at least in part, on the results of the assessment. To maximize the value to the client in this respect, the client must therefore have a high level of confidence in not only the results of the assessment, but also, and perhaps more importantly, the implications. It should be noted that it is not always cost-effective to recommend to a client the most detailed risk assessment that will provide the highest level of confidence. To take a common example, sometimes a hazard can be deemed to have negligible risk with minimal effort (e.g., avalanche risk is negligible in locations far from mountains). In this case, the client will already have a high level of confidence in the implications (e.g., no need to mitigate against avalanches) without a detailed risk assessment.
To capture the different levels of detail that a client may require for a risk assessment, the standardized methodologies described in this document are sorted into a “risk assessment classification taxonomy,” summarized in the table below. There are four distinct classes of risk assessments: Class 1, Class 2, Class 3, and Class 4. A Class 1 risk assessment is the least detailed and its results have lower confidence, but it is the quickest and cheapest to complete. In contrast, a Class 4 risk assessment is the most detailed, and the results have the highest level of confidence, but these assessments take more effort to complete.
Table 1. Summary of four different classes of risk assessments.
| Class 1 | Class 2 | Class 3 | Class 4 | |
|---|---|---|---|---|
| Methodology description | Generic semi-quantitative | Site specific semi-quantitative | Quantitative probabilistic | Advanced quantitative probabilistic |
| Confidence level | Low | Medium | High | Very High |
| Typical metrics | Low, Medium, High, etc. | Building-level loss estimates | Component-level loss distributions | |
| Level of effort | Low | Medium | High | Very High |
The remainder of this document provides more detail about each of these classes of risk assessments, for the purposes of standardizing these types of assessments across projects for different clients. The next section provides more detail about the Risk Assessment Classification Taxonomy, including some key features that keep the different risk classes consistent with each other. Later on, the user can find additional details about how to perform Class 1 and Class 2 risk assessments. These two sections include details about methodology, recommended uses, and a case study from a past project. Finally, the last section provides recommended uses for Class 3 and Class 4 risk assessments. Future versions of this document will include more detail about methodology and case studies for Class 3 and Class 4 risk assessments.
It is understood that some features of these risk assessments cannot be standardized because they are inherently client-specific (e.g., how high-risk does something need to be before it is classified as “High” by the Class 1 risk assessment?) and hazard-specific. This document provides standardization where appropriate, but also leaves room for customization on a project-by-project basis where necessary. Where customization may be required, this document provides some guidance. The reader is referred to the hazard-specific Standard Operating Procedures (SOPs) for more detail regarding risk assessments for specific hazards (i.e., seismic, flood, etc.)