Risk assessment as part of risk management

What is risk assessment and what is the difference to risk management?

Risk is often expressed through the impact of an event in combination with the probability of occurrence [2]. The determination and evaluation of potential impacts is thereby a sensitive issue. Impact is a model output parameter and can be measured with technical (e.g. kW) or economical (e.g. €) performance indicators. From there on, two schools of thoughts can be separated: One sees risk as the negative deviation of a defined result [6]. The other emphasizes the ’double-edged-sword character‘ of risk including a downside-risk (threat) and a upside-risk (opportunity) [8]. The international ISO 31000 norm defines risk as an ’effect of uncertainty on objectives‘ [4] and takes into account this ’double-edged-sword character‘ of risk.

Risk management is an iterative process mainly organized in three phases: The first phase, the risk assessment, comprises the definition of the context, the identification as well as the analysis and evaluation of a risk [2] [8]. This phase is followed by a second dedicated to the treatment of a risk and a third focusing on its monitoring (see Fig. 1).

Based on the above discussed definition of risk, risk management can briefly be defined as: ’coordinate activities to direct and control an organization with regard to risk‘ [4]. Other references put more emphasis on the process of risk management, whereby organisations use the methodological background of risk management to address risk factors within their business to achieve sustainable success [3].

Fig. 1: Risk assessment as part of a closed loop risk management approach [Own representation based on: [7] [4] [8]].


Sören Reith, EnBW Energie Baden-Württemberg, Karlsruhe


Falko Bethmann, Frédéric Guinot, Geo-Energie Suisse AG

Why is risk assessment important to minimize the impact of risk factors on soft stimulation?

Risk assessment for geothermal projects using soft stimulation allows analysing and evaluating risk within a defined context. The collection and analysis of data depicting the overall risk situation as well as single risk factors of soft stimulation measures (e.g. legislation, accidents, public acceptance etc.) has two advantages for risk management: First, data, training and knowledge gained during a risk assessment allows involved persons to take decisions and act proactively in case of a crisis. Second, the knowledge about risk and the related uncertainty with a special focus on soft stimulation enables decision makers to support the process of decision making [7]. The research field ’decision analysis‘ (also available in the DESTRESS report series on good practice) integrates uncertainty caused by different risk factors into the decision-making process and can serve as a valuable tool for decision makers.

How to conduct a risk assessment?

It is beneficial to already include a focused and structured risk assessment to the project development phase. It allows project developers to replace vague scenario calculations by statistical supported statements on the economics of a project. Identifying and evaluating risks helps in addition to provide profound information to authorities and the public. Further, the risk inventory developed can serve as basis for additional risk management activities during the operation of a geothermal project. It helps to be prepared in case of a crisis, to mitigate risks and thereby to improve the overall safety level.

The data needed for conducting a risk assessment including different types of risk factors, their frequency of occurrence and their impact, can either be gathered based on historical data records or through expert knowledge. While geothermal energy usage in high enthalpy areas has a long tradition, low enthalpy areas are only recently exploited. This limits the availability of published, historical data records in low enthalpy areas. Therefore, mainly expert knowledge is used for risk assessments in the field of low enthalpy geothermal energy. To establish a so-called ’educated guess‘, group interviews are the methodology mostly used. Especially in case of unavailability of data or for the identification and evaluation of rare events, this technique provides good results [1].

Fig. 2 shows the risk assessment process as it was improved and applied in the DESTRESS project (see DESTRESS Deliverable 2.1). In a first step the defined investigation area (e.g. the whole geothermal project) is structured to support the identification of risk factors. Subsequently a prioritization step is performed, to limit the extent of the study. Therefore, each risk factor is described by the probability of occurrence and the costs for a worst case and a plan case scenario. Based on the conditional-value-at-risk approach and the risk map methodology (see DESTRESS deliverable 2.1), an arbitrary (e.g. 10) number of risk factors is chosen for further evaluation. The chosen risk factors are evaluated more detailed by defining scenarios, discrete probabilities and specific costs. Furthermore, mitigation measures are implemented and evaluated. The risk assessment is finalized by a Monte-Carlo-Simulation to evaluate the distribution of key performance indicators. The probability of occurrence and the impact of the identified risk factors are thereby used as a source of uncertainty. The gathered data can be used as a base for risk management or decision analysis.

New image with text

Fig. 2: Risk assessment process for geothermal projects.

References and further literature

[1]: /Bos, Wilschut 2013/

Bos, C. F. M.; Wilschut, F.: Assessing the uncertainty in the performance predictions of natural subsurface systems that are used for CO2 storage. ULTimateCO2 - Deliverable D6.1. Utrecht, 2013

[2]: /Häring 2015/

Häring, I.: Risk analysis and management: Engineering resilience. 1st edition. Springer Science+Business Media. Singapore, 2015.

[3]: /IRM 2002/

Institute of risk management: A risk management standard. London, 2002.

[4]: /ISO 31000:2009/

International organization for standardization. ISO 31000:2009, Risk management principles and guidelines.

[5]: /Nguyen, Romeike 2012/

Nguyen, T.; Romeike, F.: Versicherungsbetriebslehre – Grundlage für Studium und Praxis. 1st Edition. Gabler Verlag. Wiesbaden, 2012.

[6]: /Stier 2017/

Stier, C.: Risikomanagement und wertorientierte Unternehmensführung – Effizienz und Monopoleffekte. Springer Fachmedien GmbH. Wiesbaden, 2017.

[7]: /Yilmaz, Flouris 2012/

Yilmaz, A. K.; Flouris, T.: Corporate risk management for international business. 1st edition. Springer Nature Pte Ltd. Singapore, 2017.

[8]: /Zhao et al. 2015/

Zhao, X.; Hwand, B.-G.; Low, S. P.: Enterprise risk management in international construction operations. 1st edition. Springer Science+Business Media. Singapore, 2015.