Managing Risk at the Tucson Sector of the U.S. Border Patrol

This article describes a risk analysis used to inform resource allocation at the Tucson Sector of the U.S. Border Patrol, the busiest sector for alien and drug trafficking along the Southwest land border with Mexico. The model and methodology that underlie this analysis are generally applicable to many resource allocation decisions regarding the management of frequently occurring hazards, decisions regularly made by officials at all levels of the homeland security enterprise. The analysis was executed by agents without previous risk expertise working under a short time frame, and the findings from the analysis were used to inform several resource allocation decisions.     

What is wrong with the Mission Dependency Index for US federal infrastructure decisions?

The Mission Dependency Index (MDI) is a risk metric used by US military services and federal agencies for guiding operations, management, and funding decisions for facilities. Despite its broad adoption for guiding the expenditure of billions in federal funds, several studies on MDI suggest it may have flaws that limit its efficacy. We present a detailed technical analysis of MDI to show how its flaws impact infrastructure decisions. We present the MDI used by the US Navy and develop a critique of current methods. We identify six problems with MDI that stem from its interpretation, use, and mathematical formulation, and we provide examples demonstrating how these flaws can bias decisions. We provide recommendations to overcome flaws for infrastructure risk decision making but ultimately recommend the US government develop a new metric less susceptible to bias.     

Risk Analysis for Environmental Health Triage

The Homeland Security Act mandates the development of a national, risk-based system to support planning for, response to, and recovery from emergency situations involving large-scale toxic exposures. To prepare for and manage consequences effectively, planners and responders need not only to identify zones of potentially elevated individual risk but also to predict expected casualties. Emergency response support systems now define "consequences" by mapping areas in which toxic chemical concentrations do or may exceed Acute Exposure Guideline Levels (AEGLs) or similar guidelines. However, because AEGLs do not estimate expected risks, current unqualified claims that such maps support consequence management are misleading. Intentionally protective, AEGLs incorporate various safety/uncertainty factors depending on the scope and quality of chemical-specific toxicity data. Some of these factors are irrelevant, and others need to be modified, whenever resource constraints or exposure-scenario complexities require responders to make critical trade-off (triage) decisions in order to minimize expected casualties. AEGL-exceedance zones cannot consistently be aggregated, compared, or used to calculate expected casualties and so may seriously misguide emergency response triage decisions. Methods and tools well established and readily available to support environmental health protection are not yet developed for chemically-related environmental health triage. Effective triage decisions involving chemical risks require a new assessment approach that focuses on best estimates of likely casualties, rather than on upper plausible bounds of individual risk. If risk-based consequence management is to become a reality, federal agencies tasked with supporting emergency response must actively coordinate to foster new methods that can support effective environmental health triage.     

Terrorism,Homeland Security and the National Emergency Management Network

On September 11, 2001, officials and agencies that are part of the national emergency management system orchestrated the responses to the collapse of the World Trade Center towers and the fires at the Pentagon. The efforts of local, state, and federal emergency agencies were augmented by nonprofit organizations, private firms, and organized and unorganized volunteers. The system reacted much as it would have for a major earthquake or similar disaster. In the rush to create federal and state offices to deal with the threat of terrorism and, ultimately, to create a Department of Homeland Security, the very foundation of the nation's capacity to deal with large scale disasters has been largely ignored. Although the human and material resources that the emergency management network provides may again be critical in a terrorist-spawned catastrophe, the new Homeland Security system may not be capable of utilizing those resources effectively. The values of transparency, cooperation, and collaboration that have come to characterize emergency management over the past decade seem to be supplanted in the new command-and-control-oriented Homeland Security system. If that occurs, when the resources of the national emergency management system are needed most, the capacity to utilize the system may be severely damaged and cultural interoperability will be a serious problem.     

Using Probabilistic Terrorism Risk Modeling for Regulatory Benefit-Cost Analysis: Application to the Western Hemisphere Travel Initiative in the Land Environment

This article presents a framework for using probabilistic terrorism risk modeling in regulatory analysis. We demonstrate the framework with an example application involving a regulation under consideration, the Western Hemisphere Travel Initiative for the Land Environment, (WHTI‐L). First, we estimate annualized loss from terrorist attacks with the Risk Management Solutions (RMS) Probabilistic Terrorism Model. We then estimate the critical risk reduction, which is the risk‐reducing effectiveness of WHTI‐L needed for its benefit, in terms of reduced terrorism loss in the United States, to exceed its cost. Our analysis indicates that the critical risk reduction depends strongly not only on uncertainties in the terrorism risk level, but also on uncertainty in the cost of regulation and how casualties are monetized. For a terrorism risk level based on the RMS standard risk estimate, the baseline regulatory cost estimate for WHTI‐L, and a range of casualty cost estimates based on the willingness‐to‐pay approach, our estimate for the expected annualized loss from terrorism ranges from $2.7 billion to $5.2 billion. For this range in annualized loss, the critical risk reduction for WHTI‐L ranges from 7% to 13%. Basing results on a lower risk level that results in halving the annualized terrorism loss would double the critical risk reduction (14–26%), and basing the results on a higher risk level that results in a doubling of the annualized terrorism loss would cut the critical risk reduction in half (3.5–6.6%). Ideally, decisions about terrorism security regulations and policies would be informed by true benefit‐cost analyses in which the estimated benefits are compared to costs. Such analyses for terrorism security efforts face substantial impediments stemming from the great uncertainty in the terrorist threat and the very low recurrence interval for large attacks. Several approaches can be used to estimate how a terrorism security program or regulation reduces the distribution of risks it is intended to manage. But, continued research to develop additional tools and data is necessary to support application of these approaches. These include refinement of models and simulations, engagement of subject matter experts, implementation of program evaluation, and estimating the costs of casualties from terrorism events.     

Evaluating and improving risk formulas for allocating limited budgets to expensive risk-reduction opportunities

Simple risk formulas, such as risk = probability × impact, or risk = exposure × probability × consequence, or risk = threat × vulnerability × consequence, are built into many commercial risk management software products deployed in public and private organizations. These formulas, which we call risk indices, together with risk matrices, “heat maps,” and other displays based on them, are widely used in applications such as enterprise risk management (ERM), terrorism risk analysis, and occupational safety. But, how well do they serve to guide allocation of limited risk management resources? This article evaluates and compares different risk indices under simplifying conditions favorable to their use (statistically independent, uniformly distributed values of their components; and noninteracting risk‐reduction opportunities). Compared to an optimal (nonindex) approach, simple indices produce inferior resource allocations that for a given cost may reduce risk by as little as 60% of what the optimal decisions would provide, at least in our simple simulations. This article suggests a better risk reduction per unit cost index that achieves 98–100% of the maximum possible risk reduction on these problems for all budget levels except the smallest, which allow very few risks to be addressed. Substantial gains in risk reduction achieved for resources spent can be obtained on our test problems by using this improved index instead of simpler ones that focus only on relative sizes of risk (or of components of risk) in informing risk management priorities and allocating limited risk management resources. This work suggests the need for risk management tools to explicitly consider costs in prioritization activities, particularly in situations where budget restrictions make careful allocation of resources essential for achieving close‐to‐maximum risk‐reduction benefits.     

Risk Preferences in Strategic Wildfire Decision Making: A Choice Experiment with U.S. Wildfire Managers

Federal policy has embraced risa management as an appropriate paradigm for wildfire management. Economic theory suggests that over repeated wildfire events, potential economic costs and risas of ecological damage are optimally balanced when management decisions are free from biases, risa aversion, and risa seeking. Of primary concern in this article is how managers respond to wildfire risa, including the potential effect of wildfires (on ecological values, structures, and safety) and the likelihood of different fire outcomes. We use responses to a choice experiment questionnaire of U.S. federal wildfire managers to measure attitudes toward several components of wildfire risa and to test whether observed risa attitudes are consistent with the efficient allocation of wildfire suppression resources. Our results indicate that fire managers’ decisions are consistent with nonexpected utility theories of decisions under risa. Managers may overallocate firefighting resources when the likelihood or potential magnitude of damage from fires is low, and sensitivity to changes in the probability of fire outcomes depends on whether probabilities are close to one or zero and the magnitude of the potential harm.     

A Risk-sharing Approach to Transfer Pricing and Incentive Compensation Problems under Exchange Rate Uncertainty*

This study examines the transfer pricing and incentive compensation problems in a multinational enterprise facing currency risk. It is shown that, in the presence of diverse risk preferences among managers, the Hirshleifer (1956) transfer pricing rule results in inefficient resource allocation decisions by division managers. Following the approach developed by Kanodia (1979), two transfer pricing and compensation systems are proposed. The proposed systems enable central management to achieve efficient resource allocation and partial or global risk sharing. It is also argued that the proposed plans can be implemented in conjunction with existing transfer pricing systems that primarily serve tax and tariff concerns.     

Probabilistic Risk Analysis and Terrorism Risk

Since the terrorist attacks of September 11, 2001, and the subsequent establishment of the U.S. Department of Homeland Security (DHS), considerable efforts have been made to estimate the risks of terrorism and the cost effectiveness of security policies to reduce these risks. DHS, industry, and the academic risk analysis communities have all invested heavily in the development of tools and approaches that can assist decisionmakers in effectively allocating limited resources across the vast array of potential investments that could mitigate risks from terrorism and other threats to the homeland. Decisionmakers demand models, analyses, and decision support that are useful for this task and based on the state of the art. Since terrorism risk analysis is new, no single method is likely to meet this challenge. In this article we explore a number of existing and potential approaches for terrorism risk analysis, focusing particularly on recent discussions regarding the applicability of probabilistic and decision analytic approaches to bioterrorism risks and the Bioterrorism Risk Assessment methodology used by the DHS and criticized by the National Academies and others.     

Assurance of security in maritime supply chains: Conceptual issues of vulnerability and crisis management

Security assurance across maritime trading systems is a critical factor for international business managers and in the evolution of international trade generally. A number of initiatives are underway focusing on security issues in ports and ships (International Ship & Port Security Code), customs inspections in international ports (Container Security Initiative) and whole-of-supply chain outcomes (Customs & Trade Partnership against Terrorism). The main purpose of the above initiatives is to reduce the likelihood of maritime-vectored terrorism; however inappropriate implementation of these programs could affect competitiveness.This paper suggests that the complexity of interaction between ports, maritime operations and supply chains create vulnerabilities that require analysis that extends beyond the structured requirements of these initiatives and creates significant management challenges. Also the paper highlights the need for enhanced crisis management capabilities within ports as part of a standard management repertoire and suggests a new classification scheme for mapping vulnerability within ports and across supply networks. The paper concludes that there is a need to examine the goodness-of-fit of these security initiatives against business efficiency and competitiveness, and to consider the training needs for crisis management capabilities that will allow private and public sector groups involved in global trade to effectively mitigate the threat of maritime terrorism and loss of competitiveness.     

Risk‐Cost‐Benefit Analysis for Transportation Corridors with Interval Uncertainties of Heterogeneous Data

Access management, which systematically limits opportunities for egress and ingress of vehicles to highway lanes, is critical to protect trillions of dollars of current investment in transportation. This article addresses allocating resources for access management with incomplete and partially relevant data on crash rates, travel speeds, and other factors. While access management can be effective to avoid crashes, reduce travel times, and increase route capacities, the literature suggests a need for performance metrics to guide investments in resource allocation across large corridor networks and several time horizons. In this article, we describe a quantitative decision model to support an access management program via risk‐cost‐benefit analysis under data uncertainties from diverse sources of data and expertise. The approach quantifies potential benefits, including safety improvement and travel time savings, and costs of access management through functional relationships of input parameters including crash rates, corridor access point densities, and traffic volumes. Parameter uncertainties, which vary across locales and experts, are addressed via numerical interval analyses. This approach is demonstrated at several geographic scales across 7,000 kilometers of highways in a geographic region and several subregions. The demonstration prioritizes route segments that would benefit from risk management, including (i) additional data or elicitation, (ii) right‐of‐way purchases, (iii) restriction or closing of access points, (iv) new alignments, (v) developer proffers, and (vi) etc. The approach ought to be of wide interest to analysts, planners, policymakers, and stakeholders who rely on heterogeneous data and expertise for risk management.     

How Probabilistic Risk Assessment Can Mislead Terrorism Risk Analysts

Traditional probabilistic risk assessment (PRA), of the type originally developed for engineered systems, is still proposed for terrorism risk analysis. We show that such PRA applications are unjustified in general. The capacity of terrorists to seek and use information and to actively research different attack options before deciding what to do raises unique features of terrorism risk assessment that are not adequately addressed by conventional PRA for natural and engineered systems—in part because decisions based on such PRA estimates do not adequately hedge against the different probabilities that attackers may eventually act upon. These probabilities may differ from the defender's (even if the defender's experts are thoroughly trained, well calibrated, unbiased probability assessors) because they may be conditioned on different information. We illustrate the fundamental differences between PRA and terrorism risk analysis, and suggest use of robust decision analysis for risk management when attackers may know more about some attack options than we do.     

Adversarial risk analysis for counterterrorism modeling

Recent large-scale terrorist attacks have raised interest in models for resource allocation against terrorist threats. The unifying theme in this area is the need to develop methods for the analysis of allocation decisions when risks stem from the intentional actions of intelligent adversaries. Most approaches to these problems have a game-theoretic flavor although there are also several interesting decision-analytic-based proposals. One of them is the recently introduced framework for adversarial risk analysis, which deals with decision-making problems that involve intelligent opponents and uncertain outcomes. We explore how adversarial risk analysis addresses some standard counterterrorism models: simultaneous defend-attack models, sequential defend-attack-defend models, and sequential defend-attack models with private information. For each model, we first assess critically what would be a typical game-theoretic approach and then provide the corresponding solution proposed by the adversarial risk analysis framework, emphasizing how to coherently assess a predictive probability model of the adversary's actions, in a context in which we aim at supporting decisions of a defender versus an attacker. This illustrates the application of adversarial risk analysis to basic counterterrorism models that may be used as basic building blocks for more complex risk analysis of counterterrorism problems.     

A Look at State‐Level Risk Assessment in the United States: Making Decisions in the Absence of Federal Risk Values

State environmental agencies in the United States are charged with making risk management decisions that protect public health and the environment while managing limited technical, financial, and human resources. Meanwhile, the federal risk assessment community that provides risk assessment guidance to state agencies is challenged by the rapid growth of the global chemical inventory. When chemical toxicity profiles are unavailable on the U.S. Environmental Protection Agency's Integrated Risk Information System or other federal resources, each state agency must act independently to identify and select appropriate chemical risk values for application in human health risk assessment. This practice can lead to broad interstate variation in the toxicity values selected for any one chemical. Within this context, this article describes the decision‐making process and resources used by the federal government and individual U.S. states. The risk management of trichloroethylene (TCE) in the United States is presented as a case study to demonstrate the need for a collaborative approach among U.S. states toward identification and selection of chemical risk values while awaiting federal risk values to be set. The regulatory experience with TCE is contrasted with collaborative risk science models, such as the European Union's efforts in risk assessment harmonization. Finally, we introduce State Environmental Agency Risk Collaboration for Harmonization, a free online interactive tool designed to help to create a collaborative network among state agencies to provide a vehicle for efficiently sharing information and resources, and for the advancement of harmonization in risk values used among U.S. states when federal guidance is unavailable.     

The Distribution of Risks: Vehicle Occupant Fatalities and Time of the Week

Automobile accident risks vary significantly across populations, places, and times. This study describes the time-varying pattern of societal risk. The relative risks of occupant fatality per person-mile of travel are estimated here for each hour of the week, using 1983 data. The results exhibit a strong time-of-day effect and have a highly skewed frequency distribution, implying wide variations in risk-taking behavior. Indeed, the 168 hourly estimates ranged from a low of 0.32 times the average around Sunday noon to a high of 43 times the average at 3:00 a.m. on Sunday, i.e., by a factor of 134 from bottom to top. Quantile-quantile plots or "Lorenz curves," introduced to display the unequal distribution of risks, show that approximately 34% of the vehicle occupant fatalities occur in hours representing only 5% of the travel. These findings have serious implications for risk analysis. First, when attempting to reconcile objective and subjective risk estimates, risk communicators should carefully control for when and to whom the risk in question is applicable. Second, comparisons of hazards on the basis of average risk are necessarily misleading for risks distributed so unevenly. Third, resource allocation decisions can benefit by knowing how incidence, exposure, and risk vary across time, place, and other relevant variables. Finally, certain cost-benefit analyses that use average values to estimate risk exposure can be misleading.     

Service Completion Estimates for Cross‐trained Workforce Schedules under Uncertain Attendance and Demand

Although cross‐trained workers offer numerous operational advantages for extended‐hour service businesses, they must first be scheduled for duty. The outcome from those decisions, usually made a week or more in advance, varies with realized service demand, worker attendance, and the way available cross‐trained workers are deployed once the demands for service are known. By ignoring the joint variability of attendance and demand, we show that existing workforce scheduling models tend to overstate expected schedule performance and systematically undervalue the benefits of cross‐training. We propose a two‐stage stochastic program for profit‐oriented cross‐trained workforce scheduling and allocation decisions that is driven by service completion estimates obtained from the convolution of the employee attendance and service demand distributions. Those estimates, reflecting optimal worker allocation decisions over all plausible realizations of attendance and demand, provide the gradient information used to guide workforce scheduling decisions. Comparing the performance of workforce scheduling decisions for hundreds of different hypothetical service environments, we find that solutions based on convolution estimates are more profitable, favor proportionately more cross‐trained workers and fewer specialists, and tend to recommend significantly larger (smaller) staffing levels for services under high (low) contribution margins than workforce schedules developed with independent expectations of attendance and demand.     

What's Wrong with Risk Matrices?

Risk matrices—tables mapping "frequency" and "severity" ratings to corresponding risk priority levels—are popular in applications as diverse as terrorism risk analysis, highway construction project management, office building risk analysis, climate change risk management, and enterprise risk management (ERM). National and international standards (e.g., Military Standard 882C and AS/NZS 4360:1999) have stimulated adoption of risk matrices by many organizations and risk consultants. However, little research rigorously validates their performance in actually improving risk management decisions. This article examines some mathematical properties of risk matrices and shows that they have the following limitations. (a) Poor Resolution . Typical risk matrices can correctly and unambiguously compare only a small fraction (e.g., less than 10%) of randomly selected pairs of hazards. They can assign identical ratings to quantitatively very different risks ("range compression"). (b) Errors . Risk matrices can mistakenly assign higher qualitative ratings to quantitatively smaller risks. For risks with negatively correlated frequencies and severities, they can be "worse than useless," leading to worse-than-random decisions. (c) Suboptimal Resource Allocation . Effective allocation of resources to risk-reducing countermeasures cannot be based on the categories provided by risk matrices. (d) Ambiguous Inputs and Outputs . Categorizations of severity cannot be made objectively for uncertain consequences. Inputs to risk matrices (e.g., frequency and severity categorizations) and resulting outputs (i.e., risk ratings) require subjective interpretation, and different users may obtain opposite ratings of the same quantitative risks. These limitations suggest that risk matrices should be used with caution, and only with careful explanations of embedded judgments.     

Understanding Risk Management

Discussions of technological risks and their management by corporations and society are ubiquitous and often acrimonious. Equally ubiquitous are several important misconceptions of key risk questions. This paper (i) argues that serious epistemological confusion pervades much of the scientific basis for risk assessment, especially confusion among objective, subjective, and perceived risk, and between facts and ethical values; and (ii) asserts that this confusion combines with psychological aspects of risk perception to produce a confused risk debate, a societal management of risks often based on diffuse or contradictory objectives, and consequently mismanagement of resource allocation to risk reduction.     

Trust as a Determinant of Opposition to a High-Level Radioactive Waste Repository: Analysis of a Structural Model

Residents in the State of Nevada hold strong opinions about the federal government's proposal to site the nation's first high-level radioactive waste repository at Yucca Mountain. The model developed in this study is designed to examine the relationship between public perceptions of risk, trust in risk management, and potential economic impacts of the current repository program using a confirmatory multivariate method known as covariance structure analysis. The data used to test the model was collected in a 1989 statewide survey of Nevada residents. The results indicate that, for a statewide sample, perceptions of potential economic benefits do not have a significant role in predicting support or opposition to the repository program. On the other hand, risk perceptions and the level of trust in repository management are closely related to each other and to positions on Yucca Mountain. Trust directly influences risk perceptions which, in turn, have a direct effect on the attitude toward the repository, and an indirect effect through perceived stigma effects.     

Chemical and Radiation Environmental Risk Management: Differences, Commonalities, and Challenges

Driven by differing statutory mandates and programmatic separation of regulatory responsibilities between federal, state, and tribal agencies, distinct chemical and radiation risk management strategies have evolved. In the field this separation poses real challenges since many of the major environmental risk management decisions we face today require the evaluation of both types of risks. Over the last decade, federal, state, and tribal agencies have continued to discuss their different approaches and explore areas where their activities could be harmonized. The current framework for managing public exposures to chemical carcinogens has been referred to as a "bottom up approach." Risk between 10(-4) and 10(-6) is established as an upper bound goal. In contrast, a "top down" approach that sets an upper bound dose limit and couples with site specific As Low As Reasonably Achievable Principle (ALARA), is in place to manage individual exposure to radiation. While radiation risk are typically managed on a cumulative basis, exposure to chemicals is generally managed on a chemical-by-chemical, medium-by-medium basis. There are also differences in the nature and size of sites where chemical and radiation contamination is found. Such differences result in divergent management concerns. In spite of these differences, there are several common and practical concerns among radiation and chemical risk managers. They include 1) the issue of cost for site redevelopment and long-term stewardship, 2) public acceptance and involvement, and 3) the need for flexible risk management framework to address the first two issues. This article attempts to synthesize key differences, opportunities for harmonization, and challenges ahead.