Glossary of risk-related technical terms

This Glossary of risk-related technical terms aims at solving a pain-point common to mining and oil and gas, natural resources in general, and also in other industries. Indeed, the acute pain-point was recently and eloquently described at a conference in London.

Twenty years ago (1997) Franco Oboni participated in a IUGS workshop in Honolulu aimed at a first attempt to define a Glossary of risk-related technical terms specific to Slopes and Landslides.  In short, the IUGS, Working Group on Landslides, Committee on Risk Assessment,  produced a glossary in Quantitative Risk Assessment for Slopes and Landslides: The State of the Art ( IUGS Proceedings, Honolulu, Balkema, 1997). Actually that Glossary of risk-related technical terms has kept evolving to be applicable to other fields of business and industries.

Glossary of risk-related technical terms evolution

Thus in 2007 in the book entitled Improving Sustainability through Reasonable Risk and Crisis Management, in Appendix 1, Riskope, presented a first significant evolution. As a matter of fact that evolution had been used extensively in proposals and reports to eliminate any misunderstanding with Riskope’s existing and prospective clients. Additionally years of practice had already shown the robustness of the Glossary of risk-related technical terms. Further it was noted that the Glossary of risk-related technical terms was very similar to the one proposed by the Third Working Draft of Risk Management Terminology (ISO/TM WG on Risk Management Terminology, Doc. N. 33, Jan 2000).

Glossary of risk-related technical terms compliant with most international codes

Another ten years of research and practice have led to the version of the Glossary of risk-related technical terms we are pleased to deliver below. As a result the Glossary is compatible with most recent international codes such as, for example:

You can freely download your copy of the Glossary of risk-related technical terms here. In the event that you do and you use it, please remember to reference it as follows:

Glossary of risk-related technical terms, by C. Oboni, F. Oboni, Oboni Riskope Associates Inc., LINK , 2017. Should you have any suggestions, comments, edits, please use the contact button to let us know.



An accident is an event that is without apparent causes or is unexpected. That is to say generally an unfortunate event, possibly causing physical harm or damage brought about unintentionally.


Bayesian probabilities

The personalist (subjectivist) or Bayesian view considers the probability of occurrence of an event as the degree of belief that the event will occur, given the level of knowledge presently available. As a result estimates are considered “first or a priori” estimates. That being the case, they need to be perfected with updates whenever further information becomes available. In addition see probabilities (concept and numerical).

Business as usual

Considering Business as Usual, the variability of any parameter considered and specified in the design is “business as usual” does not represent a hazard. For example, the variation of the oil price of ±10% in a project could be considered as “business as usual” if so specified, whereas +30% would be a hazard. Due to these considerations, hazards and their consequences are always subject to uncertainties.

Business Continuity Planning (BCP)

Business Continuity Planning identifies an organization’s exposure to internal and external threats, synthesizes hard and soft assets. Specifically BCP aims to provide effective prevention and recovery for the organization, while maintaining competitive advantage and value system integrity. As a result BCP is a roadmap for continuing operations under adverse conditions such as a extreme storms or a cyber attacks. In the US, governmental entities refer to the process as Continuity of Operations Planning (COOP). Business continuity planning is often used to refer to those activities associated with preparing documentation to assist in the continuing availability of property, people and information and processes.

Business Impact Analysis (BIA)

BIA is a systematic process to determine and evaluate the potential effects of an interruption to critical business operations as a result of a disaster, accident or emergency.

Business Interruption (BI)

BI can be valuated in duration (eg. weeks) or monetary terms (M$). In particular, when evaluating BI in monetary terms consider buffers and stocks, logistics. In fact those “details” may have significant impact on the variability of the BI cost per unit of time.



A catastrophe is a great and usually sudden disruption of the human ecology or operation which exceeds the capacity of the community or operation to function normally, because disaster preparedness and mitigative measures are insufficient.

Common Cause Failure (CCF)

CCF are item or process failures resulting from a single shared (common root) cause and coupling factor(s). In addition mechanisms leading to failure may lead to domino effects and interdependencies. Specifically see for details.

Consequence function

A holistic consequence function integrating all dimensions considered in a risk assessment, such as, for example: health and safety, environmental, economic and financial direct and indirect effects.


When evaluating a project/operation contingencies should include “business as usual” variations and risks.

Convergent risk assessment

A risk assessment that looks at a silos-free system where physical, informational, operational silos converge in a single platform. Thus convergent risk assessments have to be holistic by definition. An holistic risk assessment is not necessarily convergent as it can be performed within a siloed system (e.g. a certain type of process within a company, certain operations, etc.).

Corporate Social Responsibility (CSR)

Corporate Social Responsibility is a business approach that contributes to sustainable development by delivering economic, social and environmental benefits for all stakeholders. CSR is a very broad concept that addresses many and various topics such as human rights, corporate governance, health and safety, environmental effects, working conditions and contribution to economic development. Hence CSR and Risk assessment should share many, if not all, dimensions related to performance criteria and consequences. Thus they should always be considered as synergistic and aiming toward a common goal of long term sustainability and enhanced resilience. Adapted from–(CSR)

Cost of consequences

Cost of consequences is a measure of the impact of a hazard on potential receptors. In particular it is obtained through a consequence function integrating various components. Namely direct costs, replacement costs, indirect costs (loss of business etc.), social costs, political costs, as well as public reaction costs etc.

Credibility threshold

A probability of 10-5 -10-6 per year is commonly considered as the threshold value of human credibility. Thus using values below that threshold requires solid evidence.


A crisis is decisive moment, particularly in times of danger or difficulty. Crises can be dormant or active. In addition active crises can be slow or fast, even explosive. Finally, some crises are due to fatigue.

Crisis Management (CM)

CM is a set of techniques that manage the public relations and media relations implications of crisis situations. In particular CM is used when situations have the potential to damage or destroy the image and/or function of an organization. In addition Crisis management is an organizational discipline involving logistics experts, security managers and technical communications experts.

Crisis Management Plan

A CM Plan is the compass in the middle of the fog, i.e. in a crisis. As a matter of fact a CM Plan encompasses several components.


 Decision Trees, Event Trees

Decision trees and Event trees are decision support tools using a graph or model of decisions and their possible consequences. In addition they may include resource costs, and utility. Thus a decision tree can be used to prioritize strategies. However, a common use of event trees is for calculating conditional probabilities.


A disaster is any nefarious event that will significantly affect societal or business’ operations. Accordingly “Traditional” disasters include fires, floods, hurricanes and earthquakes. Instead “Non-traditional” disasters may include terrorist strikes, toxic waste dispersions, computer system crashes and labor strikes.

 Disaster Recovery & Business Resumption Planning (DRP & BRP)

A DRP consist of two parts: “Disaster recovery”, that is the process of restoring the ability to operate; and “Business resumption”, in other words the process of re-opening each of the facility components.
Specifically see for example for details.

 Element (or node)

Elements or nodes are the physical or logical constituents of the system. For this reason they are the vertices of the system map/graph with the vectors joining them representing the flow of resources (raw material, fluids, gases, finances, information, people, etc.)


An emergency is an unforeseen combination of circumstances or the resulting state that calls for immediate action. For instance an urgent need for assistance or relief as in: “the governor declared a state of emergency after the flood”.

Enterprise Risk Management (ERM)

ERM encompasses methods and processes used by organizations to manage upside or downside risks. Thus ERM provides a framework for risk management (See Risk Management). In any case RM typically involves identifying particular events or circumstances relevant to the organization’s objectives (risks and opportunities), assessing them in terms of likelihood and cost of consequences, determining a response strategy, and monitoring progress. Thus, by identifying and proactively addressing risks and opportunities, business enterprises protect and create value for all their stakeholders.


 Failure criteria

Specifically see Performance Criteria

 Force Majeure Clauses

A term used in contracts to define events which are considered an Act of God. An event at or below human credibility (less than 1/100,000 to 1/1,000,000).


Frequency or relative frequency is a proportion measuring how often or how frequently something occurs in a sequence of observations.
The frequency interpretation of probability, in which probabilities are understood as mathematically convenient approximations of long-run relative frequencies, can also be used. In the frequentist view of probabilities, the probability of an event is in fact defined as the frequency with which it occurs in a long sequence of similar trials. For example, in the toss of a coin, the frequentist approach says that the probability of a head is 0.5, i.e. that the long run frequency converges towards 0.5 when the number of tosses increases. In the case of a coin toss, few would question this definition, but if the analysis focuses on, for example, estimation of the occurrence of a unique event (a terrorist attack against a facility), the long-run aspect of this approach is clearly non-applicable. See also probabilities (concept and numerical).



A hazard is a condition with the potential to cause undesirable consequences. Thus an hazard can be an event-scenario, a person or a group of persons, a behaviour, etc. with a certain likelihood of occurrence and potential consequences on the system. In addition, hazards do not need to be events (quake, typhoon, etc.). as described in the examples below:

  • a potentially unstable rock of a given magnitude (for example, volume of sliding mass).
  • a family of terrorist groups
  • a certain type of corrupting agents
  • arrogance leading to excessive audacity in design etc.

Hazard Identification


A phase of a Risk Assessment during which Hazards are Identified as well as related potential consequences. Hazard identification answers the question, “What can go wrong?”

 Hazard Management (HM)

HM is the set of techniques used to define hazards and to rate them in terms of likelihood or magnitude. In particular HM then decide mitigations based on those factors. As a result, Hazard Management is not equivalent to Risk Management which prioritizes risks and uses tolerance criteria to define mitigative actions. In fact see, for example for details.

 Holistic risk assessment

Holistic Risk Assessments are 360-degrees risk assessments. That is to say Risk assessments (See risk assessment) including all hazards to the system under assessment (eg. cyber, terrorism, natural, etc.).



An event or occurrence that attracts general attention or that is otherwise noteworthy in some way. Hence not to be confused with an accident.

 Interdependencies and domino effects

Interdependencies and dominos effects are chain-reactions of effects and mishaps. Thus chain reactions that occur when a small change causes a change nearby, which then causes another change, and so on in sequence. That is to say Interdependencies typically refer to a linked sequence of events where the time between successive events is relatively small.  In any case, the term can be used literally (an observed series of actual collisions) or metaphorically (causal linkages within systems such as global finance or politics).

 Intolerable risks

Intolerable risks are those lying above the tolerance threshold. As a matter of fact the tolerance threshold splits the risk space in two main regions each assessment portfolio encompasses respectively tolerable and the intolerable risks. See Quantitative Risk Tolerance (or tolerability) Curves (QRTC); tolerable risks.



Mitigations are measures and activities implemented with the goal of reducing the hazard. In other words mitigations will reduce the probability of occurrence of a given hazard. However, they often do not act on the magnitude and the consequences.


 Near miss

A near miss is incident that didn’t evolve into an accident. In fact, in many cases the definition may be afflicted by some uncertainties.

 Normalization of deviance

The behavioural process by which people within an organization become so accustomed to a deviant anomalous behaviour or event that they consider it as normal, despite the fact that it exceeds the initial design criteria, rules of safety or industry standards.


Performance criteria

The performance criteria is the set of criteria for which the system is designed/created. As a result the performance criteria is generally multidimensional. For instance production, maintenance, energy use, health and safety, environmental and social impacts, share value, financials, etc. can all be valid dimensions. If the performance criteria is not met then the system is failed and risks are generated. Accordingly, the nemesis of the performance is the failure. When performing a risk assessment it is paramount to understand the metric (“viewing angle” e.g. corporate, investor, regulators, public) of the performance criteria. Additionally a unified “multi-dimensional” metric is oftentimes used.

 Probabilities (concept)

The concept of probabilities is defined by a  set of mathematical rules. In particular they are used to evaluate the stochastic (uncertain, possible) character of an occurrence by evaluating the number of chances of the occurrence of the phenomenon over a total number of possible occurrences.

Probabilities (numerical)

 Numerical probabilities are a measure of the likelihood of an event, expressed with numerical values ranging from 0 to 1. As a matter of fact  0 represents impossibility and 1 certainty. Probabilities are often interpreted as a subjective degree of belief (opinion, subjective interpretation) (See subjective probabilities). Thus many assessment methods rely on subjective probabilities. That is to say these probabilities are determined by employing the expert opinion of an individual or a consensus of highly qualified professionals.


A doubtful or difficult matter requiring a solution; that is a sudden deviation from an expected performance or the existence of a permanent deviation from an expected performance. See normalization of deviance.

Public Relations (PR)

 PR is management function that helps to define organizational objectives and philosophies, and facilitates organizational change. In other words, public relations practitioners communicate with all relevant internal and external public in an effort to create consistency between organizational goals and societal expectations. For instance and more specifically, PR can be used in risk communication and crisis management as it can be seen in Risk communication, Crisis Management).


 Quantitative Risk Tolerance (or tolerabi-lity) Curves (QRTC)

 QRTC are thresholds (curves) dividing the probability-consequence graph into two regions. That is to say dividing the graph in a tolerable and intolerable risk region. In fact, interested readers can refer to:

  • Improving Sustainability through Reasonable Risk and Crisis Management, by Franco & César Oboni, ISBN 978-0-9784462-0-8, 2007,
  • C. Oboni, F. Oboni, Aspects of Risk Tolerability, Manageable vs. Unmanageable Risks in Relation to Governance and Effective Leadership, Geohazards 6 (2014), Kingston (ON), Canada, June 15 – 18, 2014.,
  • Oboni, F., Oboni, C., Is it true that PIGs fly when evaluating risks of tailings management systems? Short Course and paper, Tailings and Mine Waste ’12, Keystone Colorado


Resilience is the capacity of a system, community or society potentially exposed to hazards to adapt in order to reach and maintain an acceptable level of functioning and structure. Thus designing a system to resist or change are ways of increasing resilience.

Risk Assessment

Risk Assessment is the process leading to estimating and evaluating risks. As a matter of fact Hazard identification, Risk Estimation, Risk Evaluation are its main components. As probabilities and consequences can be qualitative or numerical, accordingly Risk assessments can be qualitative or quantitative.

 Risk (Downside)

 Risk (downside) is the product (multiplication) of the probability of occurrence of a hazard by the cost of the undesirable consequences resulting from the occurrence of the hazard. However, in some cases, the product is not expressed, and probability of occurrence p and cost of consequences C may be plotted as points on a p-C graph.

 Risk Estimation

 Risk estimation may be based on historical data, logical models (fault and event trees), or mathematical models. In the event that an historical database is available one can assign probabilities subjectively or objectively. As a result, Risk estimation helps to define the likelihood of the hazard, what will happen, and what areas will be affected.

Risk Evaluation

Risk evaluation is the process of determining acceptable risk. Accordingly, before risk control can take place the process should define upper and lower risk limits (or thresholds).  Ultimately societal level of accepted risk have generally strong influence on these thresholds.

Risk Communication

The US National Research Council defines risk communication as “an interactive process of exchange of information and opinion among individuals, groups, and institutions”. So, Risk Communication is part of the RM/CM process and, in a way, a risk mitigation at the non-technical level. Thus Stakeholder analysis has to be performed to prepare a risk communication campaign.

Risk Control

The process of deciding on measures to control risks and monitoring the results of implementation. Thus Risk control utilizes findings from the related assessments. Hence Risk control can answer the question, what can we do to reduce the risk? See for example for details.

Risk Management (RM)

RM is the complete process of risk assessment and risk control, thus the result of a rational approach to risk analysis and evaluation, and the periodic monitoring of its effectiveness using the results of Risk Assessments (RA) as one input.

Root Cause Analysis (RCA)

RCA encompasses methods aimed at identifying the root causes of problems or events. As a result RCA users believe in solving  problems by attempting to correct or eliminate root causes, as opposed to addressing the symptoms. As a matter of fact, by directing corrective measures at root causes, they hope to minimize the likelihood of problem recurrence. Thus many consider RCA to be an iterative process, and frequently view it as a tool of continuous improvement. See for example for details.

Social licence to operate (SLO)

The social licence to operate refers to the level of acceptance or approval by local communities and stakeholders of mining companies and their operations. As further information can be obtained at ( we will not delve into any further detail.


Statistics are the set of mathematical interpretative techniques to be applied to phenomena that cannot be studied deterministically, due to the number and complexity of their parameters (see for example for details). For instance, an example of such a phenomenon is the duration of a flu-related sick leave. Besides, there are dozens of driving parameters, including physical and mental fitness of the sick person, the environment and so on. Accordingly, there is certainly no deterministic magic formula to determine the duration of the required leave. As a result, it is for example possible to say only that a flu-related sick leave lasts from three to ten days, with an average of five and a standard deviation of one.

 Strategic Risks

 Risks that can be mitigated in a sustainable and economic way below tolerance (See Quantitative Risk Tolerance (or tolerability) Curves (QRTC).) by reducing their hazard probability are tactical risks. Instead, risks which require system’s alterations (mitigations to reduce consequences and get the risk under tolerance) are strategic risks.
In fact tactical risks are under management responsibility;
Instead, Strategic risks, might require upper management to shift their objectives.
With this in mind and as an example, buttressing a dam to reduce its breach probability is a tactical mitigation whereas replacing a process using toxic gases with a non-toxic based one is a strategic mitigation.

 Subjective Probabilities

 Many assessment methods rely on subjective probabilities.  That is to say that by using expert opinion of an individual or reaching consensus of highly qualified professionals it is possible to determine these probabilities.

 Success criteria

 See Performance Criteria


 The system is the object of a risk assessment. In fact the system includes all pertinent inter-dependencies (physical, geographical, logical, informational necessary to its operation or a clear delimitation of selected boundaries assumptions. Accordingly, the boundaries of the system define what is in the system, respectively what is outside of the system. In fact the above helps define threats-to and threats from system’s elements. Finally, the definition of the project “context” in compliance with ISO 31000, including all the assumptions on the project environment, chronology etc. helps defining the system.


 Tactical risks

 See the definition of strategic risks


An analysis used to link identified external or internal hazards, for instance:

  • to particular targets (elements of the system) OR
  • from elements to targets lying outside of the system (population, environment, third parties, etc.).

As a result each couple is qualified in terms of possible nefarious outcomes (consequences)

Tolerable risks

See the definition of intolerable risks.


Always follow these wise word: “It is better to be roughly right than precisely wrong.”― John Maynard Keynes. Indeed assessing a deterministic (single value) estimate of a probability and consequences, leads to misconception and oftentimes to mistakes, even when using available “historic /statistical values” or even mathematical models. As a result, the minimum we should do is to define a range between a minimum and a maximum. That is unless there are solid data to support a more sophisticated definition (stochastic distribution based on scientific approaches). As a result, it is possible that the level of uncertainties warrants the use of wide ranges for the probabilities and the consequences. Accordingly, neglecting uncertainties is a common fault in common practice risk assessments.


Willingess To Pay (WTP)

WTP is the amount of money a society is in fact agreeable to pay to save a life. Specifically, interested readers can refer to:

  • Marin, A., Costs and Benefits of Risk Reduction. Appendix in Risk: Analysis, Perception and Management, Report of a Royal Society Study Group, London, 1992;
  • Mooney, G.M., The Valuation of Human Life, Macmillan, 1977;
  • Jones-Lee, M.W. The Economics of Safety and Physical Risk, Blackwell, Oxford, 1989;
  • Lee, E.M., Jones, D.K.C., Landslide Risk Assessment, Thomas Telford, 2004;
  • Pearce, D.W. et Al. The Social Costs of Climate Change: Greenhouse damage and the benefits of control. In Climate Change 1995:
  • conomic and Social Dimensions of Climate Change. Contribution of Working Group III to the Second Assessment Report of the IPCC, Cambridge University Press, 1995



Riskope Blog

  • I just read Gartner’s Top 10 Factors for Integrated Risk Management Success (here). We have discussed Gartner’s reports (here) and…
  • Read More

More Info

  • Get in Touch
  • Learn more about our services by contacting us today
  • t +1 604-341-4485
  • +39 347-700-7420

Vancouver Digital Creative Agency Ballistic Arts Media Studios.