Technological risks are being challenged on moral and emotional bases… Risk decision makers struggle with these dynamic, interactive, and expanding debates.
For highly controversial issues (i.e., climate change, fracking, and genetically modified organisms), rather than a central organization establishing its context and evaluating its risk – individuals and organizations are self-identifying with these issues, opting into increasingly unmediated debate, and actively rejecting organizations’ and even regulators’ risk evaluations. Such stakeholder activism challenges organizations’ ability to effectively establish their context and identify and evaluate their risks. Proactively identifying stakeholders and their underlying concerns allows organizations to proactively manage those risks.
Risk Evaluation is the process of comparing an analyzed risk against risk criteria so as to determine if the risk and its magnitude (i.e., high, medium, low) are acceptable or tolerable or if additional controls are needed to reduce the risk further.
Risk criteria may be based on:
organizational objectives (safety, environmental, economic),
external context (cultural, social, political, legal, regulatory, financial, technological, economic, natural and competitive environment)and relationships with and perceptions/values of external stakeholders, and/or
internal context (policies, objectives, governance, structure, culture, roles, accountabilities, contractual relationships).