Workforce/Population,Economy, Infrastructure,Geography, Hierarchy,and Time (WEIGHT): Reflections on the Plural Dimensions of Disaster Resilience

The concept of resilience and its relevance to disaster risk management has increasingly gained attention in recent years. It is common for risk and resilience studies to model system recovery by analyzing a single or aggregated measure of performance, such as economic output or system functionality. However, the history of past disasters and recent risk literature suggest that a single-dimension view of relevant systems is not only insufficient, but can compromise the ability to manage risk for these systems. In this article, we explore how multiple dimensions influence the ability for complex systems to function and effectively recover after a disaster. In particular, we compile evidence from the many competing resilience perspectives to identify the most critical resilience dimensions across several academic disciplines, applications, and disaster events. The findings demonstrate the need for a conceptual framework that decomposes resilience into six primary dimensions: workforce/population, economy, infrastructure, geography, hierarchy, and time (WEIGHT). These dimensions are not typically addressed holistically in the literature; often they are either modeled independently or in piecemeal combinations. The current research is the first to provide a comprehensive discussion of each resilience dimension and discuss how these dimensions can be integrated into a cohesive framework, suggesting that no single dimension is sufficient for a holistic analysis of a disaster risk management. Through this article, we also aim to spark discussions among researchers and policymakers to develop a multicriteria decision framework for evaluating the efficacy of resilience strategies. Furthermore, the WEIGHT dimensions may also be used to motivate the generation of new approaches for data analytics of resilience-related knowledge bases.     

Systems‐Based Guiding Principles for Risk Modeling,Planning, Assessment,Management, and Communication

This article is grounded on the premise that the complex process of risk assessment, management, and communication, when applied to systems of systems, should be guided by universal systems‐based principles. It is written from the perspective of systems engineering with the hope and expectation that the principles introduced here will be supplemented and complemented by principles from the perspectives of other disciplines. Indeed, there is no claim that the following 10 guiding principles constitute a complete set; rather, the intent is to initiate a discussion on this important subject that will incrementally lead us to a more complete set of guiding principles. The 10 principles are as follows: First Principle: Holism is the common denominator that bridges risk analysis and systems engineering. Second Principle: The process of risk modeling, assessment, management, and communication must be systemic and integrated. Third Principle: Models and state variables are central to quantitative risk analysis. Fourth Principle: Multiple models are required to represent the essence of the multiple perspectives of complex systems of systems. Fifth Principle: Meta‐modeling and subsystems integration must be derived from the intrinsic states of the system of systems. Sixth Principle: Multiple conflicting and competing objectives are inherent in risk management. Seventh Principle: Risk analysis must account for epistemic and aleatory uncertainties. Eighth Principle: Risk analysis must account for risks of low probability with extreme consequences. Ninth Principle: The time frame is central to quantitative risk analysis. Tenth Principle: Risk analysis must be holistic, adaptive, incremental, and sustainable, and it must be supported with appropriate data collection, metrics with which to measure efficacious progress, and criteria on the basis of which to act. The relevance and efficacy of each guiding principle is demonstrated by applying it to the U.S. Federal Aviation Administration complex Next Generation (NextGen) system of systems.     

On the Complex Definition of Risk: A Systems-Based Approach

The premise of this article is that risk to a system, as well as its vulnerability and resilience, can be understood, defined, and quantified most effectively through a systems-based philosophical and methodological approach, and by recognizing the central role of the system states in this process. A universally agreed-upon definition of risk has been difficult to develop; one reason is that the concept is multidimensional and nuanced. It requires an understanding that risk to a system is inherently and fundamentally a function of the initiating event, the states of the system and of its environment, and the time frame. In defining risk, this article posits that: (a) the performance capabilities of a system are a function of its state vector; (b) a system's vulnerability and resilience vectors are each a function of the input (e.g., initiating event), its time of occurrence, and the states of the system; (c) the consequences are a function of the specificity and time of the event, the vector of the states, the vulnerability, and the resilience of the system; (d) the states of a system are time-dependent and commonly fraught with variability uncertainties and knowledge uncertainties; and (e) risk is a measure of the probability and severity of consequences. The above implies that modeling must evaluate consequences for each risk scenario as functions of the threat (initiating event), the vulnerability and resilience of the system, and the time of the event. This fundamentally complex modeling and analysis process cannot be performed correctly and effectively without relying on the states of the system being studied.     

Human Agency in Disaster Planning: A Systems Approach

Current approaches to risk management place insufficient emphasis on the system knowledge available to the assessor, particularly in respect of the dynamic behavior of the system under threat, the role of human agents (HAs), and the knowledge available to those agents. In this article, we address the second of these issues. We are concerned with a class of systems containing HAs playing a variety of roles as significant system elements—as decisionmakers, cognitive agents, or implementers—that is, human activity systems. Within this family of HAS, we focus on safety and mission‐critical systems, referring to this subclass as critical human activity systems (CHASs). Identification of the role and contribution of these human elements to a system is a nontrivial problem whether in an engineering context, or, as is the case here, in a wider social and public context. Frequently, they are treated as standing apart from the system in design or policy terms. Regardless of the process of policy definition followed, analysis of the risk and threats to such a CHAS requires a holistic approach, since the effect of undesirable, uninformed, or erroneous actions on the part of the human elements is both potentially significant to the system output and inextricably bound together with the nonhuman elements of the system. We present a procedure for identifying the potential threats and risks emerging from the roles and activity of those HAs, using the 2014 flooding in southwestern England and the Thames Valley as a contemporary example.     

Toward General Principles for Resilience Engineering

Maintaining the performance of infrastructure-dependent systems in the face of surprises and unknowable risks is a grand challenge. Addressing this issue requires a better understanding of enabling conditions or principles that promote system resilience in a universal way. In this study, a set of such principles is interpreted as a group of interrelated conditions or organizational qualities that, taken together, engender system resilience. The field of resilience engineering identifies basic system or organizational qualities (e.g., abilities for learning) that are associated with enhanced general resilience and has packaged them into a set of principles that should be fostered. However, supporting conditions that give rise to such first-order system qualities remain elusive in the field. An integrative understanding of how such conditions co-occur and fit together to bring about resilience, therefore, has been less clear. This article contributes to addressing this gap by identifying a potentially more comprehensive set of principles for building general resilience in infrastructure-dependent systems. In approaching this aim, we organize scattered notions from across the literature. To reflect the partly self-organizing nature of infrastructure-dependent systems, we compare and synthesize two lines of research on resilience: resilience engineering and social-ecological system resilience. Although some of the principles discussed within the two fields overlap, there are some nuanced differences. By comparing and synthesizing the knowledge developed in them, we recommend an updated set of resilience-enhancing principles for infrastructure-dependent systems. In addition to proposing an expanded list of principles, we illustrate how these principles can co-occur and their interdependencies.     

Toward Disaster‐Resilient Cities: Characterizing Resilience of Infrastructure Systems with Expert Judgments

Resilient infrastructure systems are essential for cities to withstand and rapidly recover from natural and human‐induced disasters, yet electric power, transportation, and other infrastructures are highly vulnerable and interdependent. New approaches for characterizing the resilience of sets of infrastructure systems are urgently needed, at community and regional scales. This article develops a practical approach for analysts to characterize a community's infrastructure vulnerability and resilience in disasters. It addresses key challenges of incomplete incentives, partial information, and few opportunities for learning. The approach is demonstrated for Metro Vancouver, Canada, in the context of earthquake and flood risk. The methodological approach is practical and focuses on potential disruptions to infrastructure services. In spirit, it resembles probability elicitation with multiple experts; however, it elicits disruption and recovery over time, rather than uncertainties regarding system function at a given point in time. It develops information on regional infrastructure risk and engages infrastructure organizations in the process. Information sharing, iteration, and learning among the participants provide the basis for more informed estimates of infrastructure system robustness and recovery that incorporate the potential for interdependent failures after an extreme event. Results demonstrate the vital importance of cross‐sectoral communication to develop shared understanding of regional infrastructure disruption in disasters. For Vancouver, specific results indicate that in a hypothetical M7.3 earthquake, virtually all infrastructures would suffer severe disruption of service in the immediate aftermath, with many experiencing moderate disruption two weeks afterward. Electric power, land transportation, and telecommunications are identified as core infrastructure sectors.     

Spatial Risk Analysis of Power Systems Resilience During Extreme Events

The increased frequency of extreme events in recent years highlights the emerging need for the development of methods that could contribute to the mitigation of the impact of such events on critical infrastructures, as well as boost their resilience against them. This article proposes an online spatial risk analysis capable of providing an indication of the evolving risk of power systems regions subject to extreme events. A Severity Risk Index (SRI) with the support of real‐time monitoring assesses the impact of the extreme events on the power system resilience, with application to the effect of windstorms on transmission networks. The index considers the spatial and temporal evolution of the extreme event, system operating conditions, and the degraded system performance during the event. SRI is based on probabilistic risk by condensing the probability and impact of possible failure scenarios while the event is spatially moving across a power system. Due to the large number of possible failures during an extreme event, a scenario generation and reduction algorithm is applied in order to reduce the computation time. SRI provides the operator with a probabilistic assessment that could lead to effective resilience‐based decisions for risk mitigation. The IEEE 24‐bus Reliability Test System has been used to demonstrate the effectiveness of the proposed online risk analysis, which was embedded in a sequential Monte Carlo simulation for capturing the spatiotemporal effects of extreme events and evaluating the effectiveness of the proposed method.     

Integrating risk and performance management in quality management systems for the development of complex bespoke systems (CBSs)

Abstract

Risk and performance management are at the core of complex bespoke systems (CBSs). CBSs are developed to customer–specified requirements in terms of structure, functionality and conformance. This article examines how risk and performance management are integrated as essential systems in the successful development of projects across multi-organizational functions in complex bespoke system (CBS) organizations. The article argues for the development of a quality management system that consists of two sub-processes: quality control and quality development. Using three case studies from engineering companies, we provide evidence and insights of the way change control, quality development and quality performance are developed in innovating business solutions.     

On the Complex Quantification of Risk: Systems‐Based Perspective on Terrorism

This article highlights the complexity of the quantification of the multidimensional risk function, develops five systems‐based premises on quantifying the risk of terrorism to a threatened system, and advocates the quantification of vulnerability and resilience through the states of the system. The five premises are: (i) There exists interdependence between a specific threat to a system by terrorist networks and the states of the targeted system, as represented through the system's vulnerability, resilience, and criticality‐impact. (ii) A specific threat, its probability, its timing, the states of the targeted system, and the probability of consequences can be interdependent. (iii) The two questions in the risk assessment process: “What is the likelihood?” and “What are the consequences?” can be interdependent. (iv) Risk management policy options can reduce both the likelihood of a threat to a targeted system and the associated likelihood of consequences by changing the states (including both vulnerability and resilience) of the system. (v) The quantification of risk to a vulnerable system from a specific threat must be built on a systemic and repeatable modeling process, by recognizing that the states of the system constitute an essential step to construct quantitative metrics of the consequences based on intelligence gathering, expert evidence, and other qualitative information. The fact that the states of all systems are functions of time (among other variables) makes the time frame pivotal in each component of the process of risk assessment, management, and communication. Thus, risk to a system, caused by an initiating event (e.g., a threat) is a multidimensional function of the specific threat, its probability and time frame, the states of the system (representing vulnerability and resilience), and the probabilistic multidimensional consequences.     

Inherent Costs and Interdependent Impacts of Infrastructure Network Resilience

Recent studies in system resilience have proposed metrics to understand the ability of systems to recover from a disruptive event, often offering a qualitative treatment of resilience. This work provides a quantitative treatment of resilience and focuses specifically on measuring resilience in infrastructure networks. Inherent cost metrics are introduced: loss of service cost and total network restoration cost. Further, “costs” of network resilience are often shared across multiple infrastructures and industries that rely upon those networks, particularly when such networks become inoperable in the face of disruptive events. As such, this work integrates the quantitative resilience approach with a model describing the regional, multi‐industry impacts of a disruptive event to measure the interdependent impacts of network resilience. The approaches discussed in this article are deployed in a case study of an inland waterway transportation network, the Mississippi River Navigation System.     

Decision‐Making Analytics Using Plural Resilience Parameters for Adaptive Management of Complex Systems

It is critical for complex systems to effectively recover, adapt, and reorganize after system disruptions. Common approaches for evaluating system resilience typically study single measures of performance at one time, such as with a single resilience curve. However, multiple measures of performance are needed for complex systems that involve many components, functions, and noncommensurate valuations of performance. Hence, this article presents a framework for: (1) modeling resilience for complex systems with competing measures of performance, and (2) modeling decision making for investing in these systems using multiple stakeholder perspectives and multicriteria decision analysis. This resilience framework, which is described and demonstrated in this article via a real‐world case study, will be of interest to managers of complex systems, such as supply chains and large‐scale infrastructure networks.     

Evaluating and improving risk formulas for allocating limited budgets to expensive risk-reduction opportunities

Simple risk formulas, such as risk = probability × impact, or risk = exposure × probability × consequence, or risk = threat × vulnerability × consequence, are built into many commercial risk management software products deployed in public and private organizations. These formulas, which we call risk indices, together with risk matrices, “heat maps,” and other displays based on them, are widely used in applications such as enterprise risk management (ERM), terrorism risk analysis, and occupational safety. But, how well do they serve to guide allocation of limited risk management resources? This article evaluates and compares different risk indices under simplifying conditions favorable to their use (statistically independent, uniformly distributed values of their components; and noninteracting risk‐reduction opportunities). Compared to an optimal (nonindex) approach, simple indices produce inferior resource allocations that for a given cost may reduce risk by as little as 60% of what the optimal decisions would provide, at least in our simple simulations. This article suggests a better risk reduction per unit cost index that achieves 98–100% of the maximum possible risk reduction on these problems for all budget levels except the smallest, which allow very few risks to be addressed. Substantial gains in risk reduction achieved for resources spent can be obtained on our test problems by using this improved index instead of simpler ones that focus only on relative sizes of risk (or of components of risk) in informing risk management priorities and allocating limited risk management resources. This work suggests the need for risk management tools to explicitly consider costs in prioritization activities, particularly in situations where budget restrictions make careful allocation of resources essential for achieving close‐to‐maximum risk‐reduction benefits.     

On Some Recent Definitions and Analysis Frameworks for Risk,Vulnerability, and Resilience

Recently, considerable attention has been paid to a systems‐based approach to risk, vulnerability, and resilience analysis. It is argued that risk, vulnerability, and resilience are inherently and fundamentally functions of the states of the system and its environment. Vulnerability is defined as the manifestation of the inherent states of the system that can be subjected to a natural hazard or be exploited to adversely affect that system, whereas resilience is defined as the ability of the system to withstand a major disruption within acceptable degradation parameters and to recover within an acceptable time, and composite costs, and risks. Risk, on the other hand, is probability based, defined by the probability and severity of adverse effects (i.e., the consequences). In this article, we look more closely into this approach. It is observed that the key concepts are inconsistent in the sense that the uncertainty (probability) dimension is included for the risk definition but not for vulnerability and resilience. In the article, we question the rationale for this inconsistency. The suggested approach is compared with an alternative framework that provides a logically defined structure for risk, vulnerability, and resilience, where all three concepts are incorporating the uncertainty (probability) dimension.     

Assessing Engineering Resilience for Systems with Multiple Performance Measures

Recently, efforts to model and assess a system's resilience to disruptions due to environmental and adversarial threats have increased substantially. Researchers have investigated resilience in many disciplines, including sociology, psychology, computer networks, and engineering systems, to name a few. When assessing engineering system resilience, the resilience assessment typically considers a single performance measure, a disruption, a loss of performance, the time required to recover, or a combination of these elements. We define and use a resilient engineered system definition that separates system resilience into platform and mission resilience. Most complex systems have multiple performance measures; this research proposes using multiple objective decision analysis to assess system resilience for systems with multiple performance measures using two distinct methods. The first method quantifies platform resilience and includes resilience and other “ilities” directly in the value hierarchy, while the second method quantifies mission resilience and uses the “ilities” in the calculation of the expected mission performance for every performance measure in the value hierarchy. We illustrate the mission resilience method using a transportation systems‐of‐systems network with varying levels of resilience due to the level of connectivity and autonomy of the vehicles and platform resilience by using a notional military example. Our analysis found that it is necessary to quantify performance in context with specific mission(s) and scenario(s) under specific threat(s) and then use modeling and simulation to help determine the resilience of a system for a given set of conditions. The example demonstrates how incorporating system mission resilience can improve performance for some performance measures while negatively affecting others.     

Systems Resilience for Multihazard Environments: Definition,Metrics, and Valuation for Decision Making

The United Nations Office for Disaster Risk Reduction reported that the 2011 natural disasters, including the earthquake and tsunami that struck Japan, resulted in $366 billion in direct damages and 29,782 fatalities worldwide. Storms and floods accounted for up to 70% of the 302 natural disasters worldwide in 2011, with earthquakes producing the greatest number of fatalities. Average annual losses in the United States amount to about $55 billion. Enhancing community and system resilience could lead to massive savings through risk reduction and expeditious recovery. The rational management of such reduction and recovery is facilitated by an appropriate definition of resilience and associated metrics. In this article, a resilience definition is provided that meets a set of requirements with clear relationships to the metrics of the relevant abstract notions of reliability and risk. Those metrics also meet logically consistent requirements drawn from measure theory, and provide a sound basis for the development of effective decision‐making tools for multihazard environments. Improving the resiliency of a system to meet target levels requires the examination of system enhancement alternatives in economic terms, within a decision‐making framework. Relevant decision analysis methods would typically require the examination of resilience based on its valuation by society at large. The article provides methods for valuation and benefit‐cost analysis based on concepts from risk analysis and management.     

Tiered Approach to Resilience Assessment

Regulatory agencies have long adopted a three‐tier framework for risk assessment. We build on this structure to propose a tiered approach for resilience assessment that can be integrated into the existing regulatory processes. Comprehensive approaches to assessing resilience at appropriate and operational scales, reconciling analytical complexity as needed with stakeholder needs and resources available, and ultimately creating actionable recommendations to enhance resilience are still lacking. Our proposed framework consists of tiers by which analysts can select resilience assessment and decision support tools to inform associated management actions relative to the scope and urgency of the risk and the capacity of resource managers to improve system resilience. The resilience management framework proposed is not intended to supplant either risk management or the many existing efforts of resilience quantification method development, but instead provide a guide to selecting tools that are appropriate for the given analytic need. The goal of this tiered approach is to intentionally parallel the tiered approach used in regulatory contexts so that resilience assessment might be more easily and quickly integrated into existing structures and with existing policies.     

Improving Risk Management: From Lame Excuses to Principled Practice

The three classic pillars of risk analysis are risk assessment (how big is the risk and how sure can we be?), risk management (what shall we do about it?), and risk communication (what shall we say about it, to whom, when, and how?). We propose two complements as important parts of these three bases: risk attribution (who or what addressable conditions actually caused an accident or loss?) and learning from experience about risk reduction (what works, and how well?). Failures in complex systems usually evoke blame, often with insufficient attention to root causes of failure, including some aspects of the situation, design decisions, or social norms and culture. Focusing on blame, however, can inhibit effective learning, instead eliciting excuses to deflect attention and perceived culpability. Productive understanding of what went wrong, and how to do better, thus requires moving past recrimination and excuses. This article identifies common blame‐shifting “lame excuses” for poor risk management. These generally contribute little to effective improvements and may leave real risks and preventable causes unaddressed. We propose principles from risk and decision sciences and organizational design to improve results. These start with organizational leadership. More specifically, they include: deliberate testing and learning—especially from near‐misses and accident precursors; careful causal analysis of accidents; risk quantification; candid expression of uncertainties about costs and benefits of risk‐reduction options; optimization of tradeoffs between gathering additional information and immediate action; promotion of safety culture; and mindful allocation of people, responsibilities, and resources to reduce risks. We propose that these principles provide sound foundations for improving successful risk management.     

System of Systems Engineering and Risk Management of Extreme Events: Concepts and Case Study

The domain of risk analysis is expanded to consider strategic interactions among multiple participants in the management of extreme risk in a system of systems. These risks are fraught with complexity, ambiguity, and uncertainty, which pose challenges in how participants perceive, understand, and manage risk of extreme events. In the case of extreme events affecting a system of systems, cause‐and‐effect relationships among initiating events and losses may be difficult to ascertain due to interactions of multiple systems and participants (complexity). Moreover, selection of threats, hazards, and consequences on which to focus may be unclear or contentious to participants within multiple interacting systems (ambiguity). Finally, all types of risk, by definition, involve potential losses due to uncertain events (uncertainty). Therefore, risk analysis of extreme events affecting a system of systems should address complex, ambiguous, and uncertain aspects of extreme risk. To accomplish this, a system of systems engineering methodology for risk analysis is proposed as a general approach to address extreme risk in a system of systems. Our contribution is an integrative and adaptive systems methodology to analyze risk such that strategic interactions among multiple participants are considered. A practical application of the system of systems engineering methodology is demonstrated in part by a case study of a maritime infrastructure system of systems interface, namely, the Straits of Malacca and Singapore.     

A Hybrid Methodology for Modeling Risk of Adverse Events in Complex Health‐Care Settings

In spite of increased attention to quality and efforts to provide safe medical care, adverse events (AEs) are still frequent in clinical practice. Reports from various sources indicate that a substantial number of hospitalized patients suffer treatment‐caused injuries while in the hospital. While risk cannot be entirely eliminated from health‐care activities, an important goal is to develop effective and durable mitigation strategies to render the system “safer.” In order to do this, though, we must develop models that comprehensively and realistically characterize the risk. In the health‐care domain, this can be extremely challenging due to the wide variability in the way that health‐care processes and interventions are executed and also due to the dynamic nature of risk in this particular domain. In this study, we have developed a generic methodology for evaluating dynamic changes in AE risk in acute care hospitals as a function of organizational and nonorganizational factors, using a combination of modeling formalisms. First, a system dynamics (SD) framework is used to demonstrate how organizational‐level and policy‐level contributions to risk evolve over time, and how policies and decisions may affect the general system‐level contribution to AE risk. It also captures the feedback of organizational factors and decisions over time and the nonlinearities in these feedback effects. SD is a popular approach to understanding the behavior of complex social and economic systems. It is a simulation‐based, differential equation modeling tool that is widely used in situations where the formal model is complex and an analytical solution is very difficult to obtain. Second, a Bayesian belief network (BBN) framework is used to represent patient‐level factors and also physician‐level decisions and factors in the management of an individual patient, which contribute to the risk of hospital‐acquired AE. BBNs are networks of probabilities that can capture probabilistic relations between variables and contain historical information about their relationship, and are powerful tools for modeling causes and effects in many domains. The model is intended to support hospital decisions with regard to staffing, length of stay, and investments in safety, which evolve dynamically over time. The methodology has been applied in modeling the two types of common AEs: pressure ulcers and vascular‐catheter‐associated infection, and the models have been validated with eight years of clinical data and use of expert opinion.     

Dynamic Supply Risk Management with Signal‐Based Forecast,Multi‐Sourcing,and Discretionary Selling

We examine the critical role of advance supply signals—such as suppliers’ financial health and production viability—in dynamic supply risk management. The firm operates an inventory system with multiple demand classes and multiple suppliers. The sales are discretionary and the suppliers are susceptible to both systematic and operational risks. We develop a hierarchical Markov model that captures the essential features of advance supply signals, and integrate it with procurement and selling decisions. We characterize the optimal procurement and selling policy, and the strategic relationship between signal‐based forecast, multi‐sourcing, and discretionary selling. We show that higher demand heterogeneity may reduce the value of discretionary selling, and that the mean value‐based forecast may outperform the stationary distribution‐based forecast. This work advances our understanding on when and how to use advance supply signals in dynamic risk management. Future supply risk erodes profitability but enhances the marginal value of current inventory. A signal of future supply shortage raises both base stock and demand rationing levels, thereby boosting the current production and tightening the current sales. Signal‐based dynamic forecast effectively guides the firm's procurement and selling decisions. Its value critically depends on supply volatility and scarcity. Ignoring advance supply signals can result in misleading recommendations and severe losses. Signal‐based dynamic supply forecast should be used when: (a) supply uncertainty is substantial, (b) supply‐demand ratio is moderate, (c) forecast precision is high, and (d) supplier heterogeneity is high.