80-90% of losses are caused by human (individual and organizational) failures. Yet systems approaches focus on technology and processes.
In some industries, risk is managed by a ‘trial and error’ approach. Regulation cannot be relied on exclusively to address this, as the situated and negotiated character of regulatory compliance means that different groups have different perspectives on what the particular risks are and what is required to mitigate them. This is a call for action for engineers and their organizations to be better equipped to better identify hazards; prioritize and manage risks; and protect people, the environment, assets and production.
Risk Management is the systematic and iterative process of communicating, consulting, establishing the context, and identifying, analyzing, evaluating, treating, monitoring, and reviewing risk.
For simpler operations, such as a simple one-person task, the risk management process may involve the use of a one-page checklist. For complex, multi-disciplinary processes (e.g. railway operations on track with rock falls, avalanches, and washouts) risk management may involve using software to perform a systematic, comprehensive safety and mitigation assessment.