ment that might not constitute a complete risk assessment as defined by the National Research Council [NRC 1983]. This definition includes documents that evaluate baseline risk as well as risk mitigation activities” (OMB 2006a, p. 8).
It is important to note that the bulletin’s definition of risk assessment is closely tied to which documents need to comply with the standards of the bulletin. That is, the applicability of the bulletin is intrinsically related to the definition of risk assessment because anything defined as a risk assessment will need to comply with the standards as indicated in Section II of the bulletin (“Applicability”), which states that “to the extent appropriate, all agency risk assessments available to the public shall comply with the standards of this Bulletin” (OMB 2006a, p. 23).
A recurring theme in comments received by OMB on the bulletin from organizations, associations, and individuals concerned the definition of risk assessment. Of the 78 public comments submitted to OMB (OMB 2006b), 50 (64%) discussed the definition of risk assessment. Most of those comments mentioned that the proposed definition is too broad and may create confusion and other problems. Several agencies responding to the committee’s questions also pointed to potential confusion and the need for further clarification.1
The definition of risk assessment in the bulletin is extremely broad. Specifically, OMB defines risk assessment as a document. That characterization conflicts with standard risk assessment definitions. Risk assessment is a process from which documents can result. To define risk assessment as a document is problematic. It can capture many “documents” that are not risk assessment. More important, OMB defines risk assessment in such a way that its individual components, such as hazard assessment and exposure assessment, are inappropriately classified as “risk assessment.” Expanding the definition of risk assessment in such a way has a number of disadvantages:
Hazard and exposure assessments are components of a risk assessment but do not in themselves constitute a risk assessment. A hazard assessment—which describes and assesses the nature of a hazard—and an exposure assessment—which estimates the expected intensity, frequency, and duration of an exposure—clearly are different from a risk
See Appendix E, pp. CPSC-2 to -3, DOE-8, HHS-A, HHS-7 to -12, DOL-4 to -5, DOT-6, and NASA-7.