Risk Analysis,Decision Analysis,Causal Analysis,and Economics: A Personal Perspective from More Than 40 years Experience

I entered the field of risk analysis forty years ago from a background in physics followed by doctoral training and experience in decision analysis. I came into the Society for Risk Analysis (SRA) after participating as a committee member in the 1983 National Academies report, Risk Assessment in the Federal Government: Managing the Process. The insights and recommendations from this report, and successor reports from 1996 and 2008, merit revisiting on this 40th anniversary. Risk analysis includes risk assessment, a process of summarizing applicable science to inform decisions; and risk management, a process of making informed choices, usually involving multiple stakeholders. Inherent in both is the need to deal with complexity, uncertainty, and differing perspectives and goals. The lessons I have learned include the need for a conceptual separation of risk management from risk assessment, the benefit of an iterative dialogue between these activities, and the wisdom of articulating and assessing what we know, what we want, and what we can do as we seek to understand and manage risks affecting ourselves and those we advise.     

Workforce/Population,Economy, Infrastructure,Geography, Hierarchy,and Time (WEIGHT): Reflections on the Plural Dimensions of Disaster Resilience

The concept of resilience and its relevance to disaster risk management has increasingly gained attention in recent years. It is common for risk and resilience studies to model system recovery by analyzing a single or aggregated measure of performance, such as economic output or system functionality. However, the history of past disasters and recent risk literature suggest that a single-dimension view of relevant systems is not only insufficient, but can compromise the ability to manage risk for these systems. In this article, we explore how multiple dimensions influence the ability for complex systems to function and effectively recover after a disaster. In particular, we compile evidence from the many competing resilience perspectives to identify the most critical resilience dimensions across several academic disciplines, applications, and disaster events. The findings demonstrate the need for a conceptual framework that decomposes resilience into six primary dimensions: workforce/population, economy, infrastructure, geography, hierarchy, and time (WEIGHT). These dimensions are not typically addressed holistically in the literature; often they are either modeled independently or in piecemeal combinations. The current research is the first to provide a comprehensive discussion of each resilience dimension and discuss how these dimensions can be integrated into a cohesive framework, suggesting that no single dimension is sufficient for a holistic analysis of a disaster risk management. Through this article, we also aim to spark discussions among researchers and policymakers to develop a multicriteria decision framework for evaluating the efficacy of resilience strategies. Furthermore, the WEIGHT dimensions may also be used to motivate the generation of new approaches for data analytics of resilience-related knowledge bases.     

Integrating Risk and Resilience Approaches to Catastrophe Management in Engineering Systems

Recent natural and man‐made catastrophes, such as the Fukushima nuclear power plant, flooding caused by Hurricane Katrina, the Deepwater Horizon oil spill, the Haiti earthquake, and the mortgage derivatives crisis, have renewed interest in the concept of resilience, especially as it relates to complex systems vulnerable to multiple or cascading failures. Although the meaning of resilience is contested in different contexts, in general resilience is understood to mean the capacity to adapt to changing conditions without catastrophic loss of form or function. In the context of engineering systems, this has sometimes been interpreted as the probability that system conditions might exceed an irrevocable tipping point. However, we argue that this approach improperly conflates resilience and risk perspectives by expressing resilience exclusively in risk terms. In contrast, we describe resilience as an emergent property of what an engineering system does, rather than a static property the system has. Therefore, resilience cannot be measured at the systems scale solely from examination of component parts. Instead, resilience is better understood as the outcome of a recursive process that includes: sensing, anticipation, learning, and adaptation. In this approach, resilience analysis can be understood as differentiable from, but complementary to, risk analysis, with important implications for the adaptive management of complex, coupled engineering systems. Management of the 2011 flooding in the Mississippi River Basin is discussed as an example of the successes and challenges of resilience‐based management of complex natural systems that have been extensively altered by engineered structures.     

Efficient or Fair? Operationalizing Ethical Principles in Flood Risk Management: A Case Study on the Dutch-German Rhine

Flood risk management decisions in many countries are based on decision-support frameworks which rely on cost-benefit analyses. Such frameworks are seldom informative about the geographical distribution of risk, raising questions on the fairness of the proposed policies. In the present work, we propose a new decision criterion that accounts for the distribution of risk reduction and apply it to support flood risk management decisions on a transboundary stretch of the Rhine River. Three types of interventions are considered: embankment heightening, making Room for the River, and changing the discharge distribution of the river branches. The analysis involves solving a flood risk management problem according to four alternative formulations, based on different ethical principles. Formulations based on cost optimization lead to very poor performances in some areas for the sake of reducing the overall aggregated costs. Formulations that also include equity criteria have different results depending on how these are defined. When risk reduction is distributed equally, very poor economic performance is achieved. When risk is distributed equally, results are in line with formulations based on cost optimization, while a fairer risk distribution is achieved. Risk reduction measures also differ, with the cost optimization approach strongly favoring the leverage of changing the discharge distribution and the alternative formulations spending more on embankment heightening and Room for the River, to rebalance inequalities in risk levels. The proposed method advances risk-based decision-making by allowing to consider risk distribution aspects and their impacts on the choice of risk reduction measures.     

Strategic Preparedness for Recovery from Catastrophic Risks to Communities and Infrastructure Systems of Systems

Natural and human‐induced disasters affect organizations in myriad ways because of the inherent interconnectedness and interdependencies among human, cyber, and physical infrastructures, but more importantly, because organizations depend on the effectiveness of people and on the leadership they provide to the organizations they serve and represent. These human–organizational–cyber–physical infrastructure entities are termed systems of systems. Given the multiple perspectives that characterize them, they cannot be modeled effectively with a single model. The focus of this article is: (i) the centrality of the states of a system in modeling; (ii) the efficacious role of shared states in modeling systems of systems, in identification, and in the meta‐modeling of systems of systems; and (iii) the contributions of the above to strategic preparedness, response to, and recovery from catastrophic risk to such systems. Strategic preparedness connotes a decision‐making process and its associated actions. These must be: implemented in advance of a natural or human‐induced disaster, aimed at reducing consequences (e.g., recovery time, community suffering, and cost), and/or controlling their likelihood to a level considered acceptable (through the decisionmakers’ implicit and explicit acceptance of various risks and tradeoffs). The inoperability input‐output model (IIM), which is grounded on Leontief's input/output model, has enabled the modeling of interdependent subsystems. Two separate modeling structures are introduced. These are: phantom system models (PSM), where shared states constitute the essence of modeling coupled systems; and the IIM, where interdependencies among sectors of the economy are manifested by the Leontief matrix of technological coefficients. This article demonstrates the potential contributions of these two models to each other, and thus to more informative modeling of systems of systems schema. The contributions of shared states to this modeling and to systems identification are presented with case studies.     

Improving Risk Management: From Lame Excuses to Principled Practice

The three classic pillars of risk analysis are risk assessment (how big is the risk and how sure can we be?), risk management (what shall we do about it?), and risk communication (what shall we say about it, to whom, when, and how?). We propose two complements as important parts of these three bases: risk attribution (who or what addressable conditions actually caused an accident or loss?) and learning from experience about risk reduction (what works, and how well?). Failures in complex systems usually evoke blame, often with insufficient attention to root causes of failure, including some aspects of the situation, design decisions, or social norms and culture. Focusing on blame, however, can inhibit effective learning, instead eliciting excuses to deflect attention and perceived culpability. Productive understanding of what went wrong, and how to do better, thus requires moving past recrimination and excuses. This article identifies common blame‐shifting “lame excuses” for poor risk management. These generally contribute little to effective improvements and may leave real risks and preventable causes unaddressed. We propose principles from risk and decision sciences and organizational design to improve results. These start with organizational leadership. More specifically, they include: deliberate testing and learning—especially from near‐misses and accident precursors; careful causal analysis of accidents; risk quantification; candid expression of uncertainties about costs and benefits of risk‐reduction options; optimization of tradeoffs between gathering additional information and immediate action; promotion of safety culture; and mindful allocation of people, responsibilities, and resources to reduce risks. We propose that these principles provide sound foundations for improving successful risk management.     

Learning to Manage the Multirisk World

Risk assessment, perception, and management tend to focus on one risk at a time. But we live in a multirisk world. This essay in honor of the 40th anniversary of the Society for Risk Analysis (SRA) and the journal Risk Analysis suggests that we can—and have already begun to—strengthen risk analysis and policy outcomes by moving from a focus on the single to the multiple—multiple stressors, multiple impacts, and multiple decisions. This evolution can improve our abilities to assess actual risks, to confront and weigh risk-risk trade-offs and innovate risk-superior moves, and to build learning into adaptive regulation that adjusts over time. Recognizing the multirisk reality can help us understand complex systems, foresee unintended consequences, design better policy solutions, and learn to improve.     

Foundational Challenges for Advancing the Field and Discipline of Risk Analysis

Risk analysis as a field and discipline is about concepts, principles, approaches, methods, and models for understanding, assessing, communicating, managing, and governing risk. The foundation of this field and discipline has been subject to continuous discussion since its origin some 40 years ago with the establishment of the Society for Risk Analysis and the Risk Analysis journal. This article provides a perspective on critical foundational challenges that this field and discipline faces today, for risk analysis to develop and have societal impact. Topics discussed include fundamental questions important for defining the risk field, discipline, and science; the multidisciplinary and interdisciplinary features of risk analysis; the interactions and dependencies with other sciences; terminology and fundamental principles; and current developments and trends, such as the use of artificial intelligence.     

Integrating risk and performance management in quality management systems for the development of complex bespoke systems (CBSs)

Abstract

Risk and performance management are at the core of complex bespoke systems (CBSs). CBSs are developed to customer–specified requirements in terms of structure, functionality and conformance. This article examines how risk and performance management are integrated as essential systems in the successful development of projects across multi-organizational functions in complex bespoke system (CBS) organizations. The article argues for the development of a quality management system that consists of two sub-processes: quality control and quality development. Using three case studies from engineering companies, we provide evidence and insights of the way change control, quality development and quality performance are developed in innovating business solutions.     

The [R]Evolving Relationship Between Risk Assessment and Risk Management

In Science and Decisions: Advancing Risk Assessment, the National Research Council recommends improvements in the U.S. Environmental Protection Agency's approach to risk assessment. The recommendations aim to increase the utility of these assessments, embedding them within a new risk‐based decision‐making framework. The framework involves first identifying the problem and possible options for addressing it, conducting related analyses, then reviewing the results and making the risk management decision. Experience with longstanding requirements for regulatory impact analysis provides insights into the implementation of this framework. First, neither the Science and Decisions framework nor the framework for regulatory impact analysis should be viewed as a static or linear process, where each step is completed before moving on to the next. Risk management options are best evaluated through an iterative and integrative procedure. The extent to which a hazard has been previously studied will strongly influence analysts’ ability to identify options prior to conducting formal analyses, and these options will be altered and refined as the analysis progresses. Second, experience with regulatory impact analysis suggests that legal and political constraints may limit the range of options assessed, contrary to both existing guidance for regulatory impact analysis and the Science and Decisions recommendations. Analysts will need to work creatively to broaden the range of options considered. Finally, the usefulness of regulatory impact analysis has been significantly hampered by the inability to quantify many health impacts of concern, suggesting that the scientific improvements offered within Science and Decisions will fill an crucial research gap.     

Some Limitations of Qualitative Risk Rating Systems

Qualitative systems for rating animal antimicrobial risks using ordered categorical labels such as “high,”“medium,” and “low” can potentially simplify risk assessment input requirements used to inform risk management decisions. But do they improve decisions? This article compares the results of qualitative and quantitative risk assessment systems and establishes some theoretical limitations on the extent to which they are compatible. In general, qualitative risk rating systems satisfying conditions found in real‐world rating systems and guidance documents and proposed as reasonable make two types of errors: (1) Reversed rankings, i.e., assigning higher qualitative risk ratings to situations that have lower quantitative risks; and (2) Uninformative ratings, e.g., frequently assigning the most severe qualitative risk label (such as “high”) to situations with arbitrarily small quantitative risks and assigning the same ratings to risks that differ by many orders of magnitude. Therefore, despite their appealing consensus‐building properties, flexibility, and appearance of thoughtful process in input requirements, qualitative rating systems as currently proposed often do not provide sufficient information to discriminate accurately between quantitatively small and quantitatively large risks. The value of information (VOI) that they provide for improving risk management decisions can be zero if most risks are small but a few are large, since qualitative ratings may then be unable to confidently distinguish the large risks from the small. These limitations suggest that it is important to continue to develop and apply practical quantitative risk assessment methods, since qualitative ones are often unreliable.     

Risk Management Solutions for Climate Change–Induced Disasters

In honor of the 40th anniversary of Risk Analysis, this article suggests ways of linking risk assessment and risk perception in developing risk management strategies that have a good chance of being implemented, focusing on the problem of reducing losses from natural hazards in the face of climate change. Following a checklist for developing an implementable risk management strategy, Section 2 highlights the impact that exponential growth of CO₂ emissions is likely to have on future disaster losses as assessed by climate and social scientists. Section 3 then discusses how people perceive the risks of low-probability adverse events and the cognitive biases that lead them to underprepare for future losses. Based on this empirical evidence, Section 4 proposes a risk management strategy for reducing future losses using the principles of choice architecture to communicate the likelihood and consequences of disasters, coupled with economic incentives and well-enforced regulations.     

Dynamic Risk Management Systems: Hybrid Architecture and Offshore Platform Illustration

This paper describes and illustrates the architecture of computer-based Dynamic Risk Management Systems (DRMS) designed to assist real-time risk management decisions for complex physical systems, for example, engineered systems such as offshore platforms or medical systems such as patient treatment in Intensive Care Units. A key characteristic of the DRMSs that we describe is that they are hybrid, combining the powers of Probabilistic Risk Analysis methods and heuristic Artificial Intelligence techniques. A control module determines whether the situation corresponds to a specific rule or regulation, and is clear enough or urgent enough for an expert system to make an immediate recommendation without further analysis of the risks involved. Alternatively, if time permits and if the uncertainties justify it, a risk and decision analysis module formulates and evaluates options, including that of gathering further information. This feature is particularly critical since, most of the time, the physical system is only partially observable, i.e., the signals observed may not permit unambiguous characterization of its state. The DRMS structure is also dynamic in that, for a given time window (e.g., 1 day or 1 hour), it anticipates the physical system's state (and, when appropriate, performs a risk analysis) accounting for its evolution, its mode of operations, the predicted external loads and problems, and the possible changes in the set of available options. Therefore, we specifically address the issue of dynamic information gathering for decision-making purposes. The concepts are illustrated focusing on the risk and decision analysis modules for a particular case of real-time risk management on board offshore oil platforms, namely of two types of gas compressor leaks, one progressive and one catastrophic. We describe briefly the DRMS proof-of-concept produced at Stanford, and the prototype (ARMS) that is being constructed by Bureau Veritas (Paris) based on these concepts.     

On the Complex Definition of Risk: A Systems-Based Approach

The premise of this article is that risk to a system, as well as its vulnerability and resilience, can be understood, defined, and quantified most effectively through a systems-based philosophical and methodological approach, and by recognizing the central role of the system states in this process. A universally agreed-upon definition of risk has been difficult to develop; one reason is that the concept is multidimensional and nuanced. It requires an understanding that risk to a system is inherently and fundamentally a function of the initiating event, the states of the system and of its environment, and the time frame. In defining risk, this article posits that: (a) the performance capabilities of a system are a function of its state vector; (b) a system's vulnerability and resilience vectors are each a function of the input (e.g., initiating event), its time of occurrence, and the states of the system; (c) the consequences are a function of the specificity and time of the event, the vector of the states, the vulnerability, and the resilience of the system; (d) the states of a system are time-dependent and commonly fraught with variability uncertainties and knowledge uncertainties; and (e) risk is a measure of the probability and severity of consequences. The above implies that modeling must evaluate consequences for each risk scenario as functions of the threat (initiating event), the vulnerability and resilience of the system, and the time of the event. This fundamentally complex modeling and analysis process cannot be performed correctly and effectively without relying on the states of the system being studied.     

On the Complex Quantification of Risk: Systems‐Based Perspective on Terrorism

This article highlights the complexity of the quantification of the multidimensional risk function, develops five systems‐based premises on quantifying the risk of terrorism to a threatened system, and advocates the quantification of vulnerability and resilience through the states of the system. The five premises are: (i) There exists interdependence between a specific threat to a system by terrorist networks and the states of the targeted system, as represented through the system's vulnerability, resilience, and criticality‐impact. (ii) A specific threat, its probability, its timing, the states of the targeted system, and the probability of consequences can be interdependent. (iii) The two questions in the risk assessment process: “What is the likelihood?” and “What are the consequences?” can be interdependent. (iv) Risk management policy options can reduce both the likelihood of a threat to a targeted system and the associated likelihood of consequences by changing the states (including both vulnerability and resilience) of the system. (v) The quantification of risk to a vulnerable system from a specific threat must be built on a systemic and repeatable modeling process, by recognizing that the states of the system constitute an essential step to construct quantitative metrics of the consequences based on intelligence gathering, expert evidence, and other qualitative information. The fact that the states of all systems are functions of time (among other variables) makes the time frame pivotal in each component of the process of risk assessment, management, and communication. Thus, risk to a system, caused by an initiating event (e.g., a threat) is a multidimensional function of the specific threat, its probability and time frame, the states of the system (representing vulnerability and resilience), and the probabilistic multidimensional consequences.     

Elusive Critical Elements of Transformative Risk Assessment Practice and Interpretation: Is Alternatives Analysis the Next Step?

This article argues that “game‐changing” approaches to risk analysis must focus on “democratizing” risk analysis in the same way that information technologies have democratized access to, and production of, knowledge. This argument is motivated by the author's reading of Goble and Bier's analysis, “Risk Assessment Can Be a Game‐Changing Information Technology—But Too Often It Isn't” (Risk Analysis, 2013; 33: 1942–1951), in which living risk assessments are shown to be “game changing” in probabilistic risk analysis. In this author's opinion, Goble and Bier's article focuses on living risk assessment's potential for transforming risk analysis from the perspective of risk professionals—yet, the game‐changing nature of information technologies has typically achieved a much broader reach. Specifically, information technologies change who has access to, and who can produce, information. From this perspective, the author argues that risk assessment is not a game‐changing technology in the same way as the printing press or the Internet because transformative information technologies reduce the cost of production of, and access to, privileged knowledge bases. The author argues that risk analysis does not reduce these costs. The author applies Goble and Bier's metaphor to the chemical risk analysis context, and in doing so proposes key features that transformative risk analysis technology should possess. The author also discusses the challenges and opportunities facing risk analysis in this context. These key features include: clarity in information structure and problem representation, economical information dissemination, increased transparency to nonspecialists, democratized manufacture and transmission of knowledge, and democratic ownership, control, and interpretation of knowledge. The chemical safety decision‐making context illustrates the impact of changing the way information is produced and accessed in the risk context. Ultimately, the author concludes that although new chemical safety regulations do transform access to risk information, they do not transform the costs of producing this information—rather, they change the bearer of these costs. The need for further risk assessment transformation continues to motivate new practical and theoretical developments in risk analysis and management.     

Private and Public Sector Models for Strategies in Universities*

Increasing formalization of disciplined management of UK universities over the last 30 years has been accompanied by moves to articulate universities' strategies, by attempts to connect organizations' plans and management of activity to those strategies and by a desire to measure how well outcomes are fitted to universities' goals. In this complex change in the orientation of universities' management, lessons have been drawn from the contemporary development of the analysis of strategy and strategic process in commercial and, latterly, in public sector settings. It is argued that there have been very significant errors and weaknesses in the importation of such models of strategy, especially in the stress on strategic planning rather than strategic process and in the insensitivity of universities' planning to the underlying strategy process of the typical university. Most universities, it is argued, mistake planning – and even budgeting – for strategy itself, having failed to make proper sense of their own organizations' processes of generating strategies and putting them into practice. They have typically missed the crucial context of strategy and change. It is argued that there are crucial lessons to be learned from recent advances in theorizing about strategy in the private or commercial sector, particularly in relation to the development of modelling complex and path‐dependent systems; and it is argued strongly that universities' strategic process can fruitfully be analysed through the perspectives of real options analysis. This can also accommodate the richness of universities' traditions of strategy formation and implementation within ‘loose‐coupled’ organizations.     

Theme-Based Book Review: Shifting Views of Public Sector Corruption

This theme-based book review considers three recent titles related to public sector corruption: Populism and corruption: The other side of the coin, edited by Jonathan Mendilow and Eric Phelippeau; Critical perspectives on public systems management in India, by Amar KJR Nayak and Ram Kumar Kakani; and Handbook on corruption, ethics and integrity in public administration, edited by Adam Graycar.

     

Risk Analysis: Celebrating the Accomplishments and Embracing Ongoing Challenges

As part of the celebration of the 40th anniversary of the Society for Risk Analysis and Risk Analysis: An International Journal, this essay reviews the 10 most important accomplishments of risk analysis from 1980 to 2010, outlines major accomplishments in three major categories from 2011 to 2019, discusses how editors circulate authors’ accomplishments, and proposes 10 major risk-related challenges for 2020–2030. Authors conclude that the next decade will severely test the field of risk analysis.     

Resilience Analytics with Application to Power Grid of a Developing Region

Infrastructure development of volatile regions is a significant investment by international government and nongovernment organizations, with attendant requirements for risk management. Global development banks may be tasked to manage these investments and provide a channel between donors and borrowers. Moreover, various stakeholders from the private sector, local and international agencies, and the military can be engaged in conception, planning, and implementation of constituent projects. Emergent and future conditions of military conflict, politics, economics, technology, environment, behaviors, institutions, and society that stress infrastructure development are prevalent, and funding mechanisms are vulnerable to fraud, waste, and abuse. This article will apply resilience analytics with scenario‐based preferences to identify the stressors that most influence a prioritization of initiatives in the electric power sector of Afghanistan. The resilience in this article is conceived in terms of the degree of disruption of priorities when stressors influence the preferences of stakeholders, and ultimately a prioritization of initiatives. The ancillary results include an understanding of which initiatives contribute most and least across strategic criteria and which criteria have the most impact for the analysis. The article concludes with recommendations for risk monitoring and risk management of the portfolio of stressors through the life cycle and horizon of grid capacity expansion.