The major recommendations that have emerged from nearly 25 years of study of risk assessment have much in common. The seminal NRC study on risk assessment, cited several times by OMB, yielded the 1983 report Risk Assessment in the Federal Government: Managing the Process (the Red Book).
The recommendations set forth in the 1983 Red Book appear to have been widely accepted in the regulatory and public health communities; indeed, all the cited studies on risk assessment that have followed the 1983 report appear to have adopted the principles first presented in it. Those later reports have done much to clarify and solidify thinking about risk assessment and related activities, but all seem to adopt or accept the following:
The process of risk assessment is carried out within a framework within which diverse sets of scientific information are organized and evaluated for specific uses. The first step, generally called hazard identification, involves assembling and evaluating information on the harmful properties of the substance or activity under review. The second step, called dose-response assessment, describes the relationship between exposure to the substance or activity and the nature and extent of resulting harm. The third step, usually termed human exposure assessment, describes the nature and extent of human exposure to the substance or activity. The fourth step, called risk characterization, integrates the information assembled in the first three steps to assess the likelihood that the hazardous properties of the substance or activity will be expressed in humans. Risk characterization generally has both qualitative and quantitative components, and it also includes a description of the uncertainties in the assessment (NRC 1983). The results of risk characterization have many uses that lie outside the bounds of risk assessment.
The same conceptual framework for risk assessment and the four-step analytic process were adopted and promoted in NRC’s Science and Judgment in Risk Assessment (1994), in Understanding Risk: Informing Decisions in a Democratic Society (1996), and in all the other reports cited in footnote 5 in the OMB bulletin.
The Red Book clarified the distinction between risk assessment and risk management, and the same distinction is maintained in the other cited studies. The first recommendation of the Red Book is the following: