Islam & Ryan: Hazard mitigation in emergency management ch. 5 – 6
Lecture Notes – Hazard Identification by Dr. Melvin Richards

The risk assessment results should be presented in a briefing to the decision makers. This process can provide the main observations of weaknesses and suggestions for improving the safety of the facility. This allows the management team the opportunity to ask questions on the process, observations, and recommendations made. This may result in more research done in certain areas to provide more data for them to make the decisions. This briefing should include presentation of a report of the assessment.
This report should summarize the assessment performed at the facility. The results of the assessment and any proposed mitigation efforts are presented in the report. This report will contain sensitive information that should be protected and the dissemination of parts of the report limited in its distribution. The final report should consist of the following sections:
• Executive summary
• Introduction
• Threat analysis
• Consequence analysis
• System effectiveness assessment
• Risk estimation
• Risk reduction strategies and proposed packages
• Impact analysis
• Supporting documentation

The complexity and depth of the screening model depends on the security/hazard concerns, the number of facilities to be screened, and the variations among the facilities. Before the screening/assessment can begin, a standard must be established for addressing the consequence level. The development of the table of consequences will be developed later in the analysis and will be much more in depth than in the screening. The screening process can be used in the consequence development also. The standard for consequences should be developed with the approval of the facility management team. The list of criteria for measuring or describing consequence level should be specified as well as definitions for qualitative levels of high, medium, and low for each criterion. Common criteria used for comparing consequence level include deaths, economic loss, loss of production, and/or downtime of the facility. The qualitative levels should be applied consistently in all identified consequences.

First, facilities must be reviewed. For each facility, a consistent set of consequence categories must be estimated for each concern or undesired event, if it should occur at the facility. An undesired event is those incidents that management feels will have a negative impact upon the organization and is the reason for the risk analysis. Examples of the undesired events are theft of products, terrorist attack, fire, death or injury of personnel, or severe weather. The consequence impact will be judged as high, medium, or low and those judgments must be evaluated consistently across all risks. The maximum impact for each undesired event should be recorded. Then each facility can be summarized with a tabulation of the number of high, medium, or low levels estimated for each event. The list of facilities then can be separated into groupings of the facilities ranks with like levels of impact. The grouping should be ranked according to the number of highs, mediums, and lows.

The facility management team can use this screening analysis to prioritize future risk assessments if there is not enough funding and/or time to complete an assessment for every facility in the organization. Do assessments or the highest consequences of risks first.