Plane Thermoelastic Waves in Infinite Half-Space Caused
Operational Research in Engineering Sciences: Theory and Applications
Vol. 2, Issue 3, 2019, pp. 55-64
ISSN: 2620-1607
eISSN: 2620-1747
DOI: https://doi.org/10.31181/oresta1903055k
* Corresponding author.
inz.84kula@gmail.com (N. Kovačević), aleksandra.stoiljkovic@yahoo.com (A. Stoiljkovic),
mitar.kovac21@gmail.com (M. Kovač)
APPLICATION OF THE MATRIX APPROACH IN RISK
ASSESSMENT1
Nenad Kovačevića*, Aleksandra Stojiljkovićb, Mitar Kovačc
a University of Defence, Military Academy, Belgrade, Serbia
b University of Novi Sad, Faculty of Economics, Subotica, Serbia
c “Educons” University, Faculty for Project and Innovation Management, Belgrade,
Serbia
Received: 16 October 2019
Accepted: 24 November 2019
First online: 11 December 2019
Professional paper
Abstract. The risk assessment process is based on risk management. Risk assessment
is, in principle, an entirely empirical decision-making process, based on risk assessors’
knowledge and experience, necessary to identify (a) hazard(s) as the cause for risk by
using specific and well-known and recognized methods so far. Currently, there are a
large number of methods recognized for risk assessment, which are mostly formed by
various organizations and associations of engineers, usually in insurance
companies. The paper presents the most pragmatic matrix (qualitative) risk
assessment methods, such as: a 3x3 matrix (OHSAS), a 4x4 matrix (AS/NZS 4360) and
a 5x5 matrix (MIL-STD-882B). The paper is significant in that the matrix approach in
risk assessment is the basis for the development of risk assessment methods, regardless
of the method of the group which they belong to.
Key words: decision-making, risk assessment, matrix approach
1. Introduction
One of the main characteristics of the modern era is the permanence of change in
all spheres of life and work. A science ratio and the frequency of change are in a
causal relationship, given the fact that science (especially the field of technical-
technological sciences) is usually the cause of changes, as well as the sphere of the
1 This paper is an extended and amended version of the paper entitled “Risk
Assessment in Engineering Protection-Matrix Approach”, published at the
conference entitled “Security and Crisis Management –Theory and Practice, 2019”.
Kovačević et al./Oper. Res. Eng. Sci. Theor. Appl. 2 (3) (2019) 55-64
56
human action, which is permeated by the repercussions reflections of the
same. However, as part of planning (the initial process functions of management),
decision-making is also present in the other functions (organization, coordination
and control). Risk management and decision-making are inextricably linked to each
other, because there is no decision without a certain level of risk. Consequently, risk
management is the state of the process or a set of environmental conditions which
can be treated adequately and comprehensively in order to make timely, accurate
and correct decisions.
Risk assessment is the basis of risk management. It is, however, important to
point out the fact that, although purely empirical, risk assessment is simultaneously
also a subjective process (which depends on the knowledge of the stages of the work
process by the risk assessor); if, however, certain algorithms, tools and principles are
followed and applied, that subjectivity may yet be reduced to the lowest possible
level.
In this paper, a group of risk assessment methods (one approach), namely the
matrix risk ones, are presented. The characteristic features of this group of risk
assessment matrix method in general are that they (a) are developed the first, (b) are
the starting point for the other groups of methods, and (c) in practice, have proven to
be most susceptible to all participants of the risk assessment process.
2. Decision-Making in Terms of Risk
The very issue of decision-making as a process of coming to a decision is highly
interdisciplinary and can be studied from different aspects. Business environments
and organizations constantly change, so the future consequences of decisions are
impossible to fully predict. In a turbulent, dynamic, uncertain and changing
environment, the decision-making process becomes increasingly complex and
demanding, and to make informed decisions requires a certain extensive
preparation. In this regard, in an effort to comprehensively examine this problem,
scientists are faced with the fact that there is poor knowledge of classical
economic/financial theory included in a number of other scientific disciplines (Kolev
et al. 2015).
Decision-making theory is a result of the joint efforts of experts in the fields of
economics, psychology, philosophy, mathematics and statistics (Damjanovic &
Jankovic, 2014). The theory of creating a set of knowledges and appropriate
analytical techniques with different degrees of formality is designed to help the
decision-maker to choose alternatives based on implications (Miskovic, 2016). It is
necessary to make a distinction between the normative and descriptive (behavioral)
decision theory.
Normative decision theory deals with the way in which decisions need to be
made. The best decision is always sought, it being implied that the ideal decision-
maker (DM) is fully informed and rational (Miskovic, 2016). Normative theory deals
with the concept of the rationality and logic of decision-making as they should
actually be (Milicevic et al. 2007). In the normative approach, the decision-making
problem is well defined – -the principles of normative theory showing how a
perfectly rational individual should make decisions. This approach assumes certain
rules that people, if abiding by them, may rely on in a situation when they have to
make the best decision (Damjanovic & Jankovic, 2014).
Application of the matrix approach in risk assessment
57
Descriptive theory describes how decisions are actually made and discusses the
practical application of normative theory. The primary objective of descriptive
theory is to help understand and explain how individuals consider available
information and, based on such information, come to a certain decision or make a
certain choice. Descriptive decision-making theory is concerned with what is singled
out in normative theory as a deviation from criteria for rational behavior. The focus
of interest consists of both the characteristics and the limitations of the DM’s
cognitive system, on the one hand, and other psychological causes for the mistakes
that he makes when making a decision. Descriptive theories are focused on finding
tools, methods and software to help make better decisions (Miskovic, 2016).
In theory and practice, one can find different approaches to decision-making. The
access to decision-making that is increasingly gaining in importance is decision-
making based on risk assessment. The term ‘risks’ can be associated with the
uncertainty of those future events that may affect the outcome of the reporting
process (Crnjac & Masle, 2013). In general, there are three different conditions in
which decisions are made, and which are based on the degree of the predictability of
the outcome of a future decision. In terms of security, decision-making implies that
the choice of one among the alternatives based on the outcome of having chosen the
alternative the most appropriate for the organization should also depend on the
known outcome (result) of each alternative. However, there are situations when it is
impossible for the DM to know with certainty what will happen in the future; on their
own part, alternative outcomes depend on the circumstances often unknown to us. In
such cases, we speak about decision-making under uncertainty and risk conditions
(detectable uncertainty). In conditions of uncertainty, it is possible to determine
future events, i.e. different outcomes of each alternative are possible to predict, but
probability distributions are unknown, whereas in conditions of risk, each
alternative has one of several possible consequences, and the likelihood of the
occurrence of each such consequence is known (Damjanovic & Jankovic, 2014).
Given the variability of both organizations, as well as the environment in which
they exist, future implications of decisions cannot be fully predicted. Most decisions
made in organizations contain a certain amount of risk. The condition of risk(s) is
actually a wide range and, inside it, the degrees of risk may be associated with
decisions, in the sense that the lower the quality of information on the outcome of the
alternative, the closer the situation is to complete uncertainty, for which reason the
risk of selecting that particular alternative is higher (Certo & Certo, 2008).
Management seeks to know the size and nature of the risks associated with the
adoption of economic decisions in a particular situation. In most cases, risk analysis
is based on economic analysis and estimates of probability (Kolev et al. 2015).
3. Risk Assessment Procedure
In order to understand risk assessment and its applicability, it is necessary to
make a clear distinction between the concepts of governance and risk
assessment. The importance of the above-mentioned is also reflected in the fact that
this issue is regulated by a set of internationally recognized documents, such as the
ISO 31000:2015 (Risk Management) standard. As a potential, principled, yet non-
binding framework for risk management, the mentioned standard uses the PDCA
Kovačević et al./Oper. Res. Eng. Sci. Theor. Appl. 2 (3) (2019) 55-64
58
(the acronym for: Plan, Do, Check, Act) cycle, the elements of which are shown in
Table 1; it is possible to notice that the first step, as well as the basis for risk
management, is the identification and valorization of risks.
According to ISO 31000:2015, risk management is a more general concept in
relation to estimation (assessment) i.e. risk management is based on estimation, also
including the following: (1) the context establishment and (2) risk actions, i.e. risk
treatment. Risk assessment itself (evaluation)consists of:
✓ risk identification,
✓ risk analysis, and
✓ risk evaluation.
Table 1. The PDCA cycle according to ISO 31000:2015
PDCA CYCLE FRAMEWORK ELEMENTS
Plan
Context determination
Risk assessment
Risk Treatment Plan
Residual risk acceptance
Do Plan implementation
Check Continuous monitoring and inspection (surveillance)
Act Risk management maintenance and improvement
Source: www.risk assessment matrix.com
Risk identification is carried out in order to form: (1) a list of risk sources, (2) a
list of risk causes, (3) a list of the events that may affect the achievement of the
objectives defined in the context of risk management, and (4) the development of a
scenario of the events. Accordingly, the standard SRPS A.L2.003 – Risk Assessment to
Protect Persons, Property and Operations provides for the following types of risk: (a)
risks within general business; (b) risks to occupational safety and health and safety
and health in the work environment; (c) the risk of natural disasters or other
disasters; (d) legal risks; (e) risks from the illegal operation of risks; (f) the risk of
fire, and (g) risks of non-compliance with standards. Through risk identification, the
following techniques are commonly used: (1) survey, (2) interviewing, (3) the
control list (checklist), (4) the tracking- and experience-based judgments (5)
scenario analysis and (6) the analysis of engineering system techniques.
Risk analysis is an input element to: (a) risk evaluation and (b) a decision on
whether it should be treated with risks. The risk analysis procedure includes the
following activities: (1) a description of the identified risks; (2) grouping related risk
sources and risks; (3) the analysis of the influence of individual causes of risk; (4) the
evaluation of the likelihood and the result of implementation risk; (5) the evaluation
and quantification of risk valorization; (6) the identification of the factors that
influence the effects and the likelihood; (7) a list of priority risks; (8) proposing a
method/option for risk treatment and (9) defining measures for risk monitoring.
Accordingly, risk assessment is the most important part of risk evaluation
(estimation being additional) because a valued risk is the product of risk analysis;
Application of the matrix approach in risk assessment
59
consequently, all methods are based on the risk analysis developed for the purpose of
valorizing risk. The methods used in risk assessment can be divided into three major
groups: (1) qualitative, (2) semi-quantitative (or a combination of the qualitative
and quantitative) and (3) quantitative.
Qualitative and semi-quantitative risk analysis techniques and methods include:
(a) polling; (b) the SWOT analysis; (v) causal diagrams; (c) the methods of expert
marks; (d) the Delphi method; (e) a preliminary analysis of a danger; (f) the fault
tree/fault/failure method, (g) the event tree method and (h) the result of the
probability matrix. The quantitative risk analysis techniques and methods are as
follows: (a) probability theory; (b) mathematical statistics; (c) operational
research; (d) sensitivity analysis; (e) scenario methods; (f) the error log method; (g)
the event tree method; (h) the Monte Carlo method, and (i) the modeling and
simulation method. In this paper, considers the probability and consequence matrix
or the matrix methods for risk ranking/assessment are considered as actually the
basis for all the aforementioned qualitative risk assessment methods (Kovacevic et
al. 2019).
Risk evaluation involves a comparison of the level of the risk detected in the risk
analysis process, the risk criteria defined in the risk management context
determination process, the determination of risk significance and dealing with
risk. If the estimated risk meets the established criteria, that is considered as
acceptable and does not require additional any control options. Otherwise, it is
necessary to establish a list of priority risks and the ways to deal with these
risks. Value at risk is regulated by specific standards and ISO-IEC 31010, which
provides specific instructions on risk assessment techniques.
In order to answer the question how risk assessment should be performed and
what the steps or procedures for risk assessment performance are, the following
must first be defined:
✓ the risk assessment performance methodology, and
✓ the risk assessment performance procedure.
The risk assessment performance methodology defines the algorithm of and the
tools for the implementation of and a concrete way to implement the risk assessment
process, whereas the risk assessment process implementation procedure defines
standardized series of steps necessary in order to ensure the process implementation
in accordance with the recommendations of the relevant laws, regulations and best
practice (Nikolic & Gavanski, 2010).
Figure 1. The steps of the risk assessment methodology
Kovačević et al./Oper. Res. Eng. Sci. Theor. Appl. 2 (3) (2019) 55-64
60
In the modern literature, the method published in risk assessment guidelines
and manuals by the European Agency for Safety and Health at Work is usually used
as the baseline risk assessment methodology. Based on the experience of the author
of the Risk Assessment paper, Figure 1 is a schematic presentation of the steps of the
risk assessment methodology.
4. Risk Assessment Qualitative Methods
Risk assessment qualitative methods are primarily based on the risk assessment
team participants’ (risk assessors’) personal experiences and judgments and/or the
use of available qualitative data. This approach does not require information about
prior threats, hazards, causes and effects, but it does cause the end result of the risk
assessment to be a descriptive statement of the qualitative risk size (e.g. high risk,
moderate risk, etc.).
Qualitative criteria use the words such as: “rarely”, “amazing”, “possible”,
“probable” or “almost certain” in order to describe the probability of unwanted
events, as well as the words like “fatal”, “serious”, “small”, or “negligible” in order to
describe the size of a damage-consequence. Risk assessment qualitative methods
most commonly use the subjective criteria that are measured by qualitative
scales. Consequently, risk assessment is subjective in nature, and therefore is subject
to an error. In practice, qualitative scales with three to seven qualitative descriptions
are optimally used, which requires a pronounced professional approach to potential
threats and/or hazards analysis. The methods with fewer than three qualitative
descriptions of risk factors are very simple, whereas if methods have more than
seven such descriptions, that may lead to significant difficulties which are subjective
in character associated with the inability of the risk assessment team participants to
relatively precisely identify the qualitative description of risk factors/ constituents.
The best-known representatives of this group of risk assessment methods are the
matrix risk or the matrix risk rating. These methods are actually the essential
methods also belonging in the group of both semi-quantitative and quantitative
methods. Risk assessors are often used in a risk matrix operation for the purpose of
establishing a logical connection between the result and the probability of the risk
assessment of identified hazards/harmfulness. Also, they are used as defined by the
uniform method for the determination of the degree or level of individual estimated
risks.
A risk matrix is formed through the following three steps: ranks of ordinates are
applied to the probability (Step 1), and abscissas are applied to the result of the
ranks/severity (Step 2). A combination of the above ranking levels results in the
ranking of risks (Step 3), as is shown in Figure 2. In order to reach these data
(probability and consequences), it is necessary to collect information, which is the
first step in all risk assessment methods. Practical experience has shown that
“checklists” are an ideal tool for collecting information useful for the identification of
dangers/hazards in the workplace and the working environment. To obtain a
comprehensive picture of all potential risks and hazards, and consequently a better
risk assessment, it is necessary to examine all the participants (administrative and
executive bodies and end-users/workers) in the work process.
Application of the matrix approach in risk assessment
61
Figure 2. Forming a risk matrix (www.risk assessment matrix.com)
n practice, the following three types of the matrix risk rating are used most
frequently: (1) a 3x3 risk matrix (OHSAS), (2) a 5x5 risk matrix (MIL-STD-882B), and
(3) a 4x4 risk matrix (AS/NZS 4360 2004). In its Guidance on Risk Assessment, the
European Agency for Safety and Health at Work recommends a 3x3 matrix, which was
first defined in the standard OHSAS 18001 and which is shown in Figure 3. The matrix
has three levels for the qualitative description of probability (bit-amazing, medium-
probably; high-very likely), as well as consequences (minor, major and serious). Risk is
also ascribed three levels, marked as a qualitative description of: low, moderate, and
high. In the contemporary literature, this method is often called the “Singaporean
method/model”, which is but a variation of the above-mentioned methods (Kovacevic et
al. 2017).
Result of a dangerous event
Minor (1) Moderate (2) Serious (3)
Probability
of a
dangerous
event
Rare (1) Low risk (1) Low risk (2)
Moderate
risk (4)
Possible (2) Low risk (2)
Moderate
risk (4)
High risk (6)
Almost
certain (3)
Moderate risk
(3)
High risk (6) High risk (9)
Figure 3. Risk matrix 3x3
The 4x4 risk matrix (AS/NZS 4360) was formed according to the standards of
Australia and New Zealand and belongs to the standard ISO 31000, which relates to
the risk management field. First, it appeared in 1995, and the last variation of this
type of the risk ranking matrix appeared in 2009. The matrix is shown in Figure 4.
The categorization of the probability of the 4x4 risk matrix according to the
recommendations of the standard A/NZS 4360 is as follows: (1) highly unlikely (- -)
may occur, but it will probably never be the case; (2) unlikely (-) may occur very
rarely, and (3) is likely to (+) may occur at times; (4) very likely (++) may occur at any
moment, i.e. its occurrence is almost certain. The categorization of the results of a
dangerous event for the 4x4 risk matrix according to the recommendations of the
Kovačević et al./Oper. Res. Eng. Sci. Theor. Appl. 2 (3) (2019) 55-64
62
standard AS /NZS 4360 is as follows: (1) small, (I) only the most basic first-aid
measures; (2) moderate, (II) a medical treatment is needed; a few days of a sick-
leave; (3) serious, (III) a serious injury, or a long-term disease; (4) disastrous, (IV)
death and permanent damage and a permanent disability to work. Risk is
categorized into six levels, the “S” level being a top priority, and an unacceptably
high-risk category according to the priorities of “P1” to “P5”. The priorities define the
order and importance of the action to be undertaken in order to reduce risk.
The result of a dangerous event
Small
(I)
Moderate
(II)
Serious
(III)
Disastrous
(IV)
T
h
e
p
r
o
b
a
b
il
it
y
o
f
a
d
a
n
g
e
r
o
u
s
e
v
e
n
t
Very
likely
(+ +)
P2
P1
S
S
Likely
(+)
P3 P2 P1 S
Unlikely
(–)
P4
P3
P2
P1
Highly
unlikely
(– –)
P5
P4
P3
P2
Figure 4. The 4x4 risk matrix (www.risk assessment matrix.com)
The 5x5 risk matrix (MIL-STD-882B) was formed by estimating risk in the armed
forces of the United States, and the mentioned matrix is implemented in the
American military standard (American Military Standard or the abbreviation MIL-
STD), which recommends three types of the risk assessment matrix of this type,
namely: (1) 4x6 (MIL-STD-882C), (2) 5x5 (MIL-STD-882B) and (3) 4x5 (MIL-STD-
882D). The 5x5 risk matrix (MIL-STD-882C) comprises five levels (1 – Negligible, 2 –
Minor, 3 – Moderate, 4 – Significant and 5 – Severe), or a qualitative description of
the effects of the event/impact which relates to professional illnesses, injuries, a loss
of equipment and the hours of operation and the environmental impact. The
interpretation of the 5x5 risk matrix for the purpose of assessing the risk of MIL-
STD-882B is shown in Figure 5.
Figure 5. The 5x5 risk matrix (www.risk assessment matrix.com)
Application of the matrix approach in risk assessment
63
The quantity of the description and definition of the probability/likelihood of an
adverse event is represented by the five levels (1 – Very Unlikely, 2 – Unlikely, 3 –
Possible, 4 – Likely and 5 – Very Likely). When using this risk matrix, five
quantitative descriptions of the risk level are identified (Low, Low Medium, Medium,
Medium High and High). Risk is considered to be unacceptable, if it is estimated to be
Very High and High, and acceptable, if it belongs to the field of secondary (Medium,
Low Medium) or Low risk.
5. Conclusion
Decision-making is a process very similar to the problem-solving process in that
decision-making also actually determines what needs to be done, ultimately aimed at
taking an action. Accordingly, a decision is a specific commitment to an action, but
does not end with a choice of some action, because the selection of an action is based
on the consequences the DM expects from the action. Here, it is possible to notice the
two risk constituents: a likelihood and a consequence. In order to make good
decisions, it is necessary to go through the risk management and risk assessment
processes appearing in the decision-making process.
In the modern literature, there are a multitude of risk assessment methods;
therefore, the problem of the selection of an adequate method against the process for
which risk is assessed, or valorized, appears. In this paper, a group of the methods
considered to be basic for other methods, and simultaneously the simplest for
understanding the significance and essence of risk assessment in one of decision-
making segments, are presented.
Based on the foregoing, it is possible to conclude that the preference favoring the
use of the risk matrix in the risk assessment process reflects in the fact that there is
no possibility of accepting risks present in the unsafe work domain; consequently, it
produces a possibility of making a large number of administrative and engineering
decisions intended to reducing risk to an acceptable level. However, practical
experience has shown that, when using the risk matrix, risk assessors are faced with
a certain kind of limitations, including:
a possibility of only applying the risk matrix to an identified threat or harm, or of
the risk matrix not being the tool for hazard identification or identification,
a high degree of subjectivity in risk assessment, and
a possibility of only a comparative analysis of the risk level (Kovacevic &
Stoiljkovic, 2019).
References
Certo, S. C. & Certo, S. T. (2008). Moderni menadžment. Zagrebačka škola ekonomije i
menadžmenta, Zagreb
Crnjac, D. & Masle, D. (2013). The Possibility of Using Monte Carlo Method in the
Case of Decision-Making under Conditions of Risk Concerning an Agricultural
Economics Issue. Ekonomski vjesnik, 26/1, 309-313.
Damnjanović, K. & Janković, I. (2014). Normativna i deskriptivna teorija donošenja
odluka u uslovima rizika. Theoria, pp. 25-50.
Kovačević et al./Oper. Res. Eng. Sci. Theor. Appl. 2 (3) (2019) 55-64
64
Kolev, D., Njegovanović, A. & Ćosić, P. K. (2015). Neuro-ekonomija kao savremena
metoda istraživanja donošenja ekonomskih odluka. Časopis za ekonomiju i tržišne
komunikacije, 10/2, 278-296.
Kovačević, N., Babić, B. & Dimitrijević N. (2017). Jedan pristup proceni rizika pri
održavanju motornih vozila u Vojsci Srbije. Rizik i bezbednosni inženjering, Savić, B.
(Ed.), pp. 30-39., Kopaonik, januar 2017, VTŠSS, Novi Sad
Kovačević, N., Đorđević, N. & Kovač, M. (2019). Primena menadžmenta rizikom u
realizaciji nastavno-obrazovnog procesa u Vojnoj akademiji. Vojno delo, 71/6, 166-
199.
Kovačević, N. & Stoiljković, A. (2019). Risk assessment in engineering protection-
matrix approach. Security and crisis management-theory and practice, Komazec, N.
(Ed.), pp. 41-49., October 2019, Rabek, Belgrade
Milićević, A., Pavličić, D. & Kostić, A. (2007). Odlučivanje u uslovima rizika i teorija
izgleda. Psihologija, 40/1, 147-164
Mišković, V. (2016). Sistemi za podršku odlučivanju. Univerzitet Singidunum,
Beograd
Nikolić, B. & Gavanski, D. (2010). Mašine, oruđa za rad, uređaji radno mesto i
okolina. VTŠSS, Novi Sad
http://www.risk assessment matrix.com Accessed 18 June 2019.
© 2019 by the authors. Submitted for possible open access publication under the
terms and conditions of the Creative Commons Attribution (CC BY)
license (http://creativecommons.org/licenses/by/4.0/).