A Preliminary Risk Analysis is Your Ally in Risk Management

A Preliminary Risk Analysis is Your Ally in Risk Management

Written by Risk Management Team on April 29, 2020

A preliminary risk analysis (PRA), also referred to as a preliminary hazard analysis (PHA), is a high-level exercise conducted at the initiation of a new system or project. This method of assessment was originally developed in the 1960s after the Department of Defense requested safety studies to be performed at all stages of product development. Today, this Cold War-era procedure is used in a range of industries from engineering to healthcare.

PRAs don’t typically take very long to do and in a specific situation, they are one of the first risk assessments that should be carried out before any actual activity – and risk – occurs. When a preliminary risk analysis is conducted with personnel with the proper expertise, it can be a relatively simple way to identify possible consequences and the likelihood of occurrence. At the end of the analysis, your team should also be able to provide recommendations for mitigating the identified risks.

It’s important to note that after the completion of a preliminary risk analysis, your risk management responsibilities aren’t over. Instead, you should treat PRAs as a vital first step to understanding the risks associated with a given circumstance and a resource for future risk management activities.

Preliminary Risk Analysis: a Prelude to Risk Management

A preliminary risk analysis, while being a relatively quick and painless process, should still consider all factors that can affect a situation, whether technical, operational, administrative, physical and personnel variables that may exist. With these variables, you can then brainstorm possible threats. Since this is carried out prior to an activity being performed, any risks are speculative, though based on experience and inductive reasoning.

Before a project begins or a system is implemented, assessing risk can be challenging. Often, it’s difficult to know where to begin. A PRA is an important first step in these situations, because it defines the potential for major risks very early on before big decisions are made. It also aids in future decision-making and risk analysis procedures.

This method of analysis is not foolproof. For one, it uses company-defined data parameters. You are the one choosing the variables that may be vulnerable to risks and the risks themselves. If you overlook an area or fail to include a potential threat, your analysis will be incomplete.

Secondly, a preliminary risk analysis is not a comprehensive look at your risk landscape and should be followed up with subsequent assessments such as Hazard and Operability (HAZOP) or Failure Mode and Effects Analysis (FMEA) studies. In fact, PRAs will help you prioritize risks or hazards that you should focus on in other risk management activities. Regardless of challenges that may arise, and the following analyses and strategies you need to carry out to manage these challenges, a preliminary risk analysis will point your efforts in the right direction.

Your PRA in Practice

Every PRA is different depending on the situation you are analyzing. In each case, you need to identify the variables of a system or project and the potential threats that may affect each variable. Then you can create threat-vulnerability pairs and determine probabilities for each one.


Your vulnerabilities are your system or project elements; your dependent variables. These should be pretty easy to list out if you are familiar with your subject matter. They will, of course, vary depending on the nature of your analysis. For instance, on a vehicle your vulnerabilities could be: batteries, belts and hoses, brake system, emission system, exhaust system, engine cooling, filters and fluids, fuel system, steering and suspension, transmission and more.


Your threats are your risks. They may also be called hazards depending on your industry. These are events that could harm the success of your system or project should they come to pass. To determine threats, brainstorming techniques are used during which all elements are discussed. Having experienced people involved in these brainstorming sessions is very beneficial, since they will have some idea of what can be expected once activities commence. Checklists can also be a valuable asset at this time to ensure no components are overlooked.

Threats may vary from situation to situation. As an example, your threats could be: the potential for safety issues, introduction of new technology or new applications of existing technology, a history of significant problems or the potential for issues to arise from regulations.

Vulnerability-Threat Probabilities

Vulnerability-threat pairs match specific threats to vulnerabilities and assess the likelihood of each pair negatively impacting your activities. Each variable will be ranked on a predetermined risk scale such as low (1), medium (2) or high (3). If your braking system has had a history of significant problems, for example, this vulnerability-threat pair would receive a 3.

Experienced personnel should be responsible for determining these probabilities relying on their subjective evaluation of the situation and area expertise. With this preliminary analysis of each risk sequence, you can begin to take actions such as creating clear guidelines, introducing countermeasures and allocating time, resources and responsibilities to appropriately respond to risks.

Still, these probabilities are only preliminary. They will only provide an idea of what your total risk landscape looks like. While you can still take action based on these results, this does not negate the need for more extensive assessments, and you should always keep in mind how the results of a preliminary risk assessment can help you streamline your subsequent risk management tasks.

ComplianceBridge Risk: Another Asset in Risk Management

From risk identification to choosing the appropriate risk mitigation strategy, ComplianceBridge Risk provides you with the tools you need to gain valuable insights about your risk. Quickly build assessments utilizing a variety of question types including multiple choice, yes/no, fill-in-the-blank or risk ratings. You can weigh questions for more accuracy and create conditional follow-up questions. By assigning different parts of your assessments to specific individuals, departments or groups, you can best leverage your subject matter experts and obtain data that has the highest level of dependability.

With our manager dashboard, you can review responses in real-time, including which questions have not been answered yet, allowing for faster and more efficient analysis. You can also review all responses individually for more in-depth reporting. ComplianceBridge Risk allows you to export data for further analysis or presentation, as well, and provides you with a detailed overview of the entire risk management process. From creation of assessments, managing responses and analysis of results, our system has the ability to handle assessments both big and small.

ComplianceBridge Risk gives you a fast and reliable method for managing all risk analyses. Learn how our automated system will help prepare you for risk before it’s too late. Request a demo today!

Watch a 2 Minute Demo of ComplianceBridge

Find out more about ComplianceBridge’s Policy & Procedure Software, as well as its Risk Management Software by watching a two-minute demo.

Watch Demo Now