1、ANSI/ASSE/ISO Guide 73 (Z690.1-2011)ANSI/ASSE/ISO Guide 73 (Z690.1-2011)ANSI/ASSE/ISO Guide 73 (Z690.1-2011)Vocabulary for Risk ManagementNational Adoption of:ISO Guide 73:2009 AMERICAN SOCIETY OFSAFETY ENGINEERSAMERICAN NATIONAL STANDARDASSEThe information and materials contained in this publicatio
2、n have been developed from sources believed to be reliable. However, the American Society of Safety Engineers (ASSE) as secretariat of the ANSI accredited Z690 Committee or individual committee members accept no legal responsibility for the correctness or completeness of this material or its applica
3、tion to specific factual situations. By publication of this standard, ASSE or the Z690 Committee does not ensure that adherence to these recommendations will protect the safety or health of any persons, or preserve property. ANSI ANSI/ASSE/ISO Guide 73 (Z690.1-2011) National Adoption of: ISO Guide 7
4、3:2009 American National Standard Vocabulary for Risk Management Secretariat American Society of Safety Engineers 1800 East Oakton Street Des Plaines, Illinois 60018-2187 Approved: January 11, 2011 American National Standards Institute, Inc. Approval of an American National Standard requires verific
5、ation by ANSI that the requirements for due process, consensus, and other criteria for approval have been met by the standards developer. Consensus is established when, in the judgment of the ANSI Board of Standards Review, substantial agreement has been reached by directly and materially affected i
6、nterests. Substantial agreement means much more than a simple majority, but not necessarily unanimity. Consensus requires that all views and objections be considered, and that a concerted effort be made toward their resolution. The use of American National Standards is completely voluntary; their ex
7、istence does not in any respect preclude anyone, whether he/she has approved the standards or not, from manufacturing, marketing, purchasing, or using products, processes, or procedures not conforming to the standards. The American National Standards Institute does not develop standards and will in
8、no circumstance give an interpretation of any American National Standard. Moreover, no person shall have the right or authority to issue an interpretation of an American National Standard in the name of the American National Standards Institute. Requests for interpretation should be addressed to the
9、 secretariat or sponsor whose name appears on the title page of this standard. Caution Notice: This American National Standard may be revised or withdrawn at any time. The procedures of the American National Standards Institute requires that action be taken periodically to reaffirm, revise, or withd
10、raw this standard. Purchasers of American National Standards may receive current information on all standards by calling or writing the American National Standards Institute. Published February 2011 by: American Society of Safety Engineers 1800 East Oakton Street Des Plaines, Illinois 60018-2187 (84
11、7) 699-2929 www.asse.org Copyright 2009 by the International Organization for Standardization All Rights Reserved. Copyright 2011 by the American Society of Safety Engineers All Rights Reserved. No part of this publication may be reproduced in any form, in an electronic retrieval system or otherwise
12、, without the prior written permission of the publisher. Printed in the United States of America American National Standard Foreword (This Foreword is not a part of American National Standard Z690.1-2011.) This standard was developed by an American National Standards Committee, national in scope, fu
13、nctioning under the Essential Requirements Document of the American National Standards Institute with the American Society of Safety Engineers (ASSE) as Secretariat. This standard provides vocabulary for risk management principles and guidelines It is intended that the procedures and performance req
14、uirements detailed herein will be adopted by every employer whose operations fall within the scope and purpose of the standard. Neither the standards committee, nor the secretariat, feel that this standard is perfect or in its ultimate form. It is recognized that new developments are to be expected,
15、 and that revisions of the standard will be necessary as the art progresses and further experience is gained. It is felt, however, that uniform requirements are very much needed and that the standard in its present form provides for the minimum vocabulary guidance necessary in developing and impleme
16、nting risk management programs. This standard is adopted from ISO Guide 73:2009, an international standard also titled “Risk Management Vocabulary”. This document was approved as an international standard on November 15, 2009. In addition to ISO Guide 73:2009 there are also two other documents addre
17、ssing risk management and risk assessment being adopted as American National Standards: ISO Guide 31000:2009, Risk Management Principles and Guidelines IEC/ISO 31010:2009, Risk Management Risk Assessment Techniques During May 2010 the United States TAG (Technical Advisory Group) to ANSI for risk man
18、agement reached consensus that these three documents should be adopted as American National Standards. Due to the ongoing significant interest being focused on risk management at the international level, additional consensus was reached that there should also be a committee looking at risk managemen
19、t standards for the United States. Such a committee would function under accreditation of ASSE as a standards developing organization (SDO). ASSE applied for additional accreditation as a Standards Developing Organization, which was approved by ANSI during August of 2010. ASSE notified the public du
20、ring August 2010 of its intention to adopt all three documents as American National Standards. This original announcement was made without the submission of any negative comments. Public review of the subject documents was then conducted during November 2010. There were no negative comments submitte
21、d to ASSE as the secretariat. All committee votes for adoption were positive without any submitted negative comments. At the time this standard was approved, the Technical Advisory Group/Committee had the following members: Dorothy Gjerdrum, ARM-P, Chair Carol Fox, Vice Chair Timothy R. Fisher, CSP,
22、 CHMM, ARM, CPEA, Administrator Jennie Dalesandro, Administrative Technical Support Organization Represented Name of Representative AH terms relating to risk management; terms relating to the risk management process; terms relating to communication and consultation; terms relating to the context; te
23、rm relating to risk assessment; terms relating to risk identification; terms relating to risk analysis; terms relating to risk evaluation; terms relating to risk treatment; terms relating to monitoring and measurement. Contents SECTION PAGE Scope 8 1. Terms Relating to Risk . 8 2. Terms Relating to
24、Risk Management . 8 3. Terms Relating to Communication and Consultation . 9 3.1 Risk Management Process 9 3.2 Terms Relating to Communication and Consultation . 9 3.3 Terms Relating to the Context 9 3.4 Terms Relating to Risk Assessment . 10 3.5 Terms Relating to Risk Identification . 10 3.6 Terms R
25、elating to Risk Analysis 11 3.7 Terms Relating to Risk Evaluation 12 3.8 Terms Relating to Risk Treatment . 12 Bibliography . 15 Alphabetical Index . 16 AMERICAN NATIONAL STANDARD Z690.1-2011 8 AMERICAN NATIONAL STANDARD Z690.1 VOCABULARY FOR RISK MANAGEMENT SCOPE This standard provides the definiti
26、ons of generic terms related to risk management. It aims to encourage a mutual and consistent understanding of, and a coherent approach to, the description of activities relating to the management of risk, and the use of uniform risk management terminology in processes and frameworks dealing with th
27、e management of risk. This standard is intended to be used by: those engaged in managing risks, those who are involved in activities of ISO and IEC, and developers of national or sector-specific standards, guides, procedures and codes of practice relating to the management of risk. For principles an
28、d guidelines on risk management, reference is made to ANSI/ASSE Z690.2 (ISO 31000). 1. TERMS RELATING TO RISK 1.1 Risk. Effect of uncertainty on objectives. NOTE 1: An effect is a deviation from the expected positive and/or negative. NOTE 2: Objectives can have different aspects (such as financial,
29、health and safety, and environmental goals) and can apply at different levels (such as strategic, organization-wide, project, product and process). NOTE 3: Risk is often characterized by reference to potential events (3.5.1.3) and consequences (3.6.1.3), or a combination of these. NOTE 4: Risk is of
30、ten expressed in terms of a combination of the consequences of an event (including changes in circumstances) and the associated likelihood (3.6.1.1) of occurrence. NOTE 5: Uncertainty is the state, even partial, of deficiency of information related to, understanding or knowledge of, an event, its co
31、nsequence, or likelihood. 2. TERMS RELATING TO RISK MANAGEMENT 2.1 Risk Management. Coordinated activities to direct and control an organization with regard to risk (1.1). 2.1.1 Risk Management Framework. Set of components that provide the foundations and organizational arrangements for designing, i
32、mplementing, monitoring (3.8.2.1), reviewing and continually improving risk management (2.1) throughout the organization. NOTE 1: The foundations include the policy, objectives, mandate and commitment to manage risk (1.1). NOTE 2: The organizational arrangements include plans, relationships, account
33、abilities, resources, processes and activities. NOTE 3: The risk management framework is embedded within the organizations overall strategic and operational policies and practices. AMERICAN NATIONAL STANDARD Z690.1-2011 9 2.1.2 Risk Management Policy. statement of the overall intentions and directio
34、n of an organization related to risk management (2.1). 2.1.3 Risk Management Plan. Scheme within the risk management framework (2.1.1) specifying the approach, the management components and resources to be applied to the management of risk (1.1). NOTE 1: Management components typically include proce
35、dures, practices, assignment of responsibilities, sequence and timing of activities. NOTE 2: The risk management plan can be applied to a particular product, process and project, and part or whole of the organization. 3. TERMS RELATING TO COMMUNICATION AND CONSULTATION 3.1 Risk Management Process. s
36、ystematic application of management policies, procedures and practices to the activities of communicating, consulting, establishing the context, and identifying, analyzing, evaluating, treating, monitoring (3.8.2.1) and reviewing risk (1.1). 3.2 Terms Relating to Communication and Consultation. 3.2.
37、1 Communication and Consulta-tion. Continual and iterative processes that an organization conducts to provide, share or obtain information, and to engage in dialogue with stakeholders (3.2.1.1) regarding the management of risk (1.1). NOTE 1: The information can relate to the existence, nature, form,
38、 likelihood (3.6.1.1), significance, evaluation, acceptability and treatment of the management of risk. NOTE 2: Consultation is a two-way process of informed communication between an organization and its stakeholders on an issue prior to making a decision or determining a direction on that issue. Co
39、nsultation is: a process which impacts on a decision through influence rather than power; and an input to decision making, not joint decision making. 3.2.1.1 Stakeholder. Person or organization that can affect, be affected by, or perceive themselves to be affected by a decision or activity. NOTE: A
40、decision maker can be a stakeholder. 3.2.1.2 Risk Perception. Stakeholders (3.2.1.1) view on a risk (1.1). NOTE: Risk perception reflects the stakeholders needs, issues, knowledge, belief and values. 3.3 Terms Relating to the Context. 3.3.1 Establishing the Context. Defining the external and interna
41、l parameters to be taken into account when managing risk, and setting the scope and risk criteria (3.3.1.3) for the risk management policy (2.1.2). 3.3.1.1 External Context. External environment in which the organization seeks to achieve its objectives. NOTE: External context can include: the cultur
42、al, social, political, legal, regulatory, financial, technological, economic, natural and competitive environment, whether international, national, regional or local; AMERICAN NATIONAL STANDARD Z690.1-2011 10 key drivers and trends having impact on the objectives of the organization; and relationshi
43、ps with, and perceptions and values of external stakeholders (3.2.1.1). 3.3.1.2 Internal Context. Internal environment in which the organization seeks to achieve its objectives. NOTE Internal context can include: governance, organizational structure, roles and accountabilities; policies, objectives,
44、 and the strategies that are in place to achieve them; the capabilities, understood in terms of resources and knowledge (e.g. capital, time, people, processes, systems and technologies); information systems, information flows and decision-making processes (both formal and informal); relationships wi
45、th, and perceptions and values of internal stakeholders; the organizations culture; standards, guidelines and models adopted by the organization; and form and extent of contractual relationships. 3.3.1.3 Risk Criteria. Terms of reference against which the significance of a risk (1.1) is evaluated. N
46、OTE 1: Risk criteria are based on organizational objectives, and external (3.3.1.1) and internal context (3.3.1.2). NOTE 2: Risk criteria can be derived from standards, laws, policies and other requirements. 3.4 Terms Relating to Risk Assessment. 3.4.1 Risk Assessment. Overall process of risk identi
47、fication (3.5.1), risk analysis (3.6.1) and risk evaluation (3.7.1). 3.5 Terms Relating to Risk Identification. 3.5.1 Risk Identification. process of finding, recognizing and describing risks (1.1). NOTE 1: Risk identification involves the identification of risk sources (3.5.1.2), events (3.5.1.3),
48、their causes and their potential consequences (3.6.1.3). NOTE 2: Risk identification can involve historical data, theoretical analysis, informed and expert opinions, and stakeholders (3.2.1.1) needs. 3.5.1.1 Risk Description. Structured statement of risk usually containing four elements: sources, ev
49、ents (3.5.1.3), causes and consequences (3.6.1.3). 3.5.1.2 Risk Source. Element which alone or in combination has the intrinsic potential to give rise to risk (1.1). NOTE: A risk source can be tangible or intangible. 3.5.1.3 Event. Occurrence or change of a particular set of circumstances. NOTE 1: An event can be one or more occurrences, and can have several causes. AMERICAN NATIONAL STANDARD Z690.1-2011 11 NOTE 2: An event can consist of something not happening. NOTE 3: An event can sometimes be referred to as an “incide
