ABSTRACT
Risk management is decision making that evolves as uncertainty is reduced. It is at the confluence of science and values. Risk management is intentional about its process, addresses uncertainty in decision making, and focuses on outcomes. There are many risk management models in use, most include risk estimation, risk evaluation, risk control, and risk monitoring. Risk estimation requires managers to identify risk, establish risk management objectives, request the information required for decision making, initiating an independent risk assessment process, and considering the results of that process. Risk evaluation requires risk managers to establish acceptable and tolerable levels of risk and to make decisions to act or not based on those determinations. Risk control requires risk managers to see that risk management options are formulated, evaluated, and compared, leading to the selection of the best risk management option in consideration of the available evidence and the remaining uncertainty. Risk management decisions are conditional on the information available at the time of the decision. Consequently, it is necessary to monitor the effects of those decisions to assure the desired outcomes are obtained. If they are not, the iterative risk management process is reinitiated. Risk managers are responsible for seeing that risk communication is an appropriate part of the decision-making process. Risk management is both a normative and a policy making process.
