The [R]Evolving Relationship Between Risk Assessment and Risk Management

In Science and Decisions: Advancing Risk Assessment, the National Research Council recommends improvements in the U.S. Environmental Protection Agency's approach to risk assessment. The recommendations aim to increase the utility of these assessments, embedding them within a new risk‐based decision‐making framework. The framework involves first identifying the problem and possible options for addressing it, conducting related analyses, then reviewing the results and making the risk management decision. Experience with longstanding requirements for regulatory impact analysis provides insights into the implementation of this framework. First, neither the Science and Decisions framework nor the framework for regulatory impact analysis should be viewed as a static or linear process, where each step is completed before moving on to the next. Risk management options are best evaluated through an iterative and integrative procedure. The extent to which a hazard has been previously studied will strongly influence analysts’ ability to identify options prior to conducting formal analyses, and these options will be altered and refined as the analysis progresses. Second, experience with regulatory impact analysis suggests that legal and political constraints may limit the range of options assessed, contrary to both existing guidance for regulatory impact analysis and the Science and Decisions recommendations. Analysts will need to work creatively to broaden the range of options considered. Finally, the usefulness of regulatory impact analysis has been significantly hampered by the inability to quantify many health impacts of concern, suggesting that the scientific improvements offered within Science and Decisions will fill an crucial research gap.     

Multicriteria Decision Analysis: A Comprehensive Decision Approach for Management of Contaminated Sediments

Contaminated sediments and other sites present a difficult challenge for environmental decisionmakers. They are typically slow to recover or attenuate naturally, may involve multiple regulatory agencies and stakeholder groups, and engender multiple toxicological and ecotoxicological risks. While environmental decision-making strategies over the last several decades have evolved into increasingly more sophisticated, information-intensive, and complex approaches, there remains considerable dissatisfaction among business, industry, and the public with existing management strategies. Consequently, contaminated sediments and materials are the subject of intense technology development, such as beneficial reuse or in situ treatment. However, current decision analysis approaches, such as comparative risk assessment, benefit-cost analysis, and life cycle assessment, do not offer a comprehensive approach for incorporating the varied types of information and multiple stakeholder and public views that must typically be brought to bear when new technologies are under consideration. Alternatively, multicriteria decision analysis (MCDA) offers a scientifically sound decision framework for management of contaminated materials or sites where stakeholder participation is of crucial concern and criteria such as economics, environmental impacts, safety, and risk cannot be easily condensed into simple monetary expressions. This article brings together a multidisciplinary review of existing decision-making approaches at regulatory agencies in the United States and Europe and synthesizes state-of-the-art research in MCDA methods applicable to the assessment of contaminated sediment management technologies. Additionally, it tests an MCDA approach for coupling expert judgment and stakeholder values in a hypothetical contaminated sediments management case study wherein MCDA is used as a tool for testing stakeholder responses to and improving expert assessment of innovative contaminated sediments technologies.     

Aligning Chemical Assessment Tools Across the Hazard-Risk Continuum

With the growing number and diversity of hazard and risk assessment algorithms, models, databases, and frameworks for chemicals and their applications, risk assessors and managers are challenged to select the appropriate tool for a given need or decision. Some decisions require relatively simple tools to evaluate chemical hazards (e.g., toxicity), such as labeling for safe occupational handling and transport of chemicals. Others require assessment tools that provide relative comparisons among chemical properties, such as selecting the optimum chemical for a particular use among a group of candidates. Still other needs warrant full risk characterization, coupling both hazard and exposure considerations. Examples of these include new chemical evaluations for commercialization, evaluations of existing chemicals for novel uses, and assessments of the adequacy of risk management provisions. Even well-validated tools can be inappropriately applied, with consequences as severe as misguided chemical management, compromised credibility of the tool and its developers and users, and squandered resources. This article describes seven discrete categories of tools based on their information content, function, and the type of outputs produced. It proposes a systematic framework to assist users in selecting hazard and risk assessment tools for given applications. This analysis illustrates the importance of careful selection of assessment tools to achieve responsible chemical assessment communication and sound risk management.     

Reducing Bushfire Risk by Planning and Design: A Professional Focus

While links between planning and resilience are increasingly touted as fundamental to managing urban settlements, there are limited practical examples. This paper provides an example via regulatory processes, in parallel with the exercise of professional discretion. Using analysis of diverse urban planning proposals in bushfire prone areas of Victoria Australia, a systematic and site-specific approach for bushfire risk assessment is set out. A three-step process is proposed as a basis for delivery of design solutions to manage bushfire risks. The paper concludes by arguing that professional judgement is a fundamental part of bushfire risk reduction within a regulatory framework.     

The Essential Elements of a Risk Governance Framework for Current and Future Nanotechnologies

Societies worldwide are investing considerable resources into the safe development and use of nanomaterials. Although each of these protective efforts is crucial for governing the risks of nanomaterials, they are insufficient in isolation. What is missing is a more integrative governance approach that goes beyond legislation. Development of this approach must be evidence based and involve key stakeholders to ensure acceptance by end users. The challenge is to develop a framework that coordinates the variety of actors involved in nanotechnology and civil society to facilitate consideration of the complex issues that occur in this rapidly evolving research and development area. Here, we propose three sets of essential elements required to generate an effective risk governance framework for nanomaterials. (1) Advanced tools to facilitate risk‐based decision making, including an assessment of the needs of users regarding risk assessment, mitigation, and transfer. (2) An integrated model of predicted human behavior and decision making concerning nanomaterial risks. (3) Legal and other (nano‐specific and general) regulatory requirements to ensure compliance and to stimulate proactive approaches to safety. The implementation of such an approach should facilitate and motivate good practice for the various stakeholders to allow the safe and sustainable future development of nanotechnology.     

Workforce/Population,Economy, Infrastructure,Geography, Hierarchy,and Time (WEIGHT): Reflections on the Plural Dimensions of Disaster Resilience

The concept of resilience and its relevance to disaster risk management has increasingly gained attention in recent years. It is common for risk and resilience studies to model system recovery by analyzing a single or aggregated measure of performance, such as economic output or system functionality. However, the history of past disasters and recent risk literature suggest that a single-dimension view of relevant systems is not only insufficient, but can compromise the ability to manage risk for these systems. In this article, we explore how multiple dimensions influence the ability for complex systems to function and effectively recover after a disaster. In particular, we compile evidence from the many competing resilience perspectives to identify the most critical resilience dimensions across several academic disciplines, applications, and disaster events. The findings demonstrate the need for a conceptual framework that decomposes resilience into six primary dimensions: workforce/population, economy, infrastructure, geography, hierarchy, and time (WEIGHT). These dimensions are not typically addressed holistically in the literature; often they are either modeled independently or in piecemeal combinations. The current research is the first to provide a comprehensive discussion of each resilience dimension and discuss how these dimensions can be integrated into a cohesive framework, suggesting that no single dimension is sufficient for a holistic analysis of a disaster risk management. Through this article, we also aim to spark discussions among researchers and policymakers to develop a multicriteria decision framework for evaluating the efficacy of resilience strategies. Furthermore, the WEIGHT dimensions may also be used to motivate the generation of new approaches for data analytics of resilience-related knowledge bases.     

Communicating supply chain risks and mitigation strategies: a comprehensive framework

Concerning the increasing emphasis on risk management in this uncertain global environment, there is an urgent demand for practical decision support tools that support supply chain risk communication and management. This research proposes an integrated framework that takes explicit account of multiple types of risk in aiding decision-making, and compares and ranks alternative risk mitigation strategies individually and collectively in indicator basis using fuzzy set theory and multiple criteria decision analysis methods. Through an illustrative case, the research demonstrates that the proposed framework provides a holistic view of supply chain risks and enables firms to foresee, spot and respond to the exposed risks in an effective and efficient manner.     

A Tiered Approach for Risk‐Benefit Assessment of Foods

Risk‐benefit analyses are introduced as a new paradigm for old problems. However, in many cases it is not always necessary to perform a full comprehensive and expensive quantitative risk‐benefit assessment to solve the problem, nor is it always possible, given the lack of required date. The choice to continue from a more qualitative to a full quantitative risk‐benefit assessment can be made using a tiered approach. In this article, this tiered approach for risk‐benefit assessment will be addressed using a decision tree. The tiered approach described uses the same four steps as the risk assessment paradigm: hazard and benefit identification, hazard and benefit characterization, exposure assessment, and risk‐benefit characterization, albeit in a different order. For the purpose of this approach, the exposure assessment has been moved upward and the dose‐response modeling (part of hazard and benefit characterization) is moved to a later stage. The decision tree includes several stop moments, depending on the situation where the gathered information is sufficient to answer the initial risk‐benefit question. The approach has been tested for two food ingredients. The decision tree presented in this article is useful to assist on a case‐by‐case basis a risk‐benefit assessor and policymaker in making informed choices when to stop or continue with a risk‐benefit assessment.     

Design and Assessment Methodology for System Resilience Metrics

By providing objective measures, resilience metrics (RMs) help planners, designers, and decisionmakers to have a grasp of the resilience status of a system. Conceptual frameworks establish a sound basis for RM development. However, a significant challenge that has yet to be addressed is the assessment of the validity of RMs, whether they reflect all abilities of a resilient system, and whether or not they overrate/underrate these abilities. This article covers this gap by introducing a methodology that can show the validity of an RM against its conceptual framework. This methodology combines experimental design methods and statistical analysis techniques that provide an insight into the RM's quality. We also propose a new metric that can be used for general systems. The analysis of the proposed metric using the presented methodology shows that this metric is a better indicator of the system's abilities compared to the existing metrics.     

A Resilience-Based Approach to Risk Assessments—Building Resilient Organizations under Arctic Conditions

Reliability and higher levels of safety are thought to be achieved by using systematic approaches to managing risks. The assessment of risks has produced a range of different approaches to assessing these uncertainties, presenting models for how risks affect individuals or organizations. Contemporary risk assessment tools based on this approach have proven difficult for practitioners to use as tools for tactical and operational decision making. This article presents an alternative to these assessments by utilizing a resilience perspective, arguing that complex systems are inclined to variety and uncertainty regarding the results they produce and are therefore prone to systemic failures. A continuous improvement approach is a source of reliability when managing complex systems and is necessary to manage varieties and uncertainties. For an organization to understand how risk events occur, it is necessary to define what is believed to be the equilibrium of the system in time and space. By applying a resilience engineering (RE) perspective to risk assessment, it is possible to manage this complexity by assessing the ability to respond, monitor, learn, and anticipate risks, and in so doing to move away from the flawed frequency and consequences approach. Using a research station network in the Arctic as an example illustrates how an RE approach qualifies assessments by bridging risk assessments with value-creation processes. The article concludes by arguing that a resilience-based risk assessment can improve on current practice, including for organizations located outside the Arctic region.     

A dynamic perspective on the resilience of firms: A systematic literature review and a framework for future research

This study aims to answer the following research question: how is the resilience of firms defined in the business and management field? In doing so, we answer recent calls for research about a more thorough conceptualisation of the resilience of firms and its definition. We conducted a systematic literature review of 66 selected papers published between 2000 and 2017. By means of inductive content analysis, we analyse the definitions of ‘resilience’ and elaborate a novel conceptual framework that introduces a dynamic perspective on the resilience of firms. The proposed framework overcomes existing definitional fragmentation and raises awareness of the temporal dimension in the conceptualisation of the resilience of firms. We contribute to extant business and management literature on the resilience of firms by proposing a model that articulates two main paths for explaining organisational resilience, i.e. absorptive resilience and adaptive resilience paths. We also identify a set of key capabilities needed to be successfully resilient at the different stages of the two paths.     

A Risk Analysis Model in Concurrent Engineering Product Development

Concurrent engineering has been widely accepted as a viable strategy for companies to reduce time to market and achieve overall cost savings. This article analyzes various risks and challenges in product development under the concurrent engineering environment. A three‐dimensional early warning approach for product development risk management is proposed by integrating graphical evaluation and review technique (GERT) and failure modes and effects analysis (FMEA). Simulation models are created to solve our proposed concurrent engineering product development risk management model. Solutions lead to identification of key risk controlling points. This article demonstrates the value of our approach to risk analysis as a means to monitor various risks typical in the manufacturing sector. This article has three main contributions. First, we establish a conceptual framework to classify various risks in concurrent engineering (CE) product development (PD). Second, we propose use of existing quantitative approaches for PD risk analysis purposes: GERT, FMEA, and product database management (PDM). Based on quantitative tools, we create our approach for risk management of CE PD and discuss solutions of the models. Third, we demonstrate the value of applying our approach using data from a typical Chinese motor company.     

What Can Decision Analysis Do for Invasive Species Management?

Decisions about management of invasive species are difficult for all the reasons typically addressed by multiattribute decision analysis: uncertain outcomes, multiple and conflicting objectives, and many interested parties with differing views on both facts and values. This article illustrates how the tools of multiattribute analysis can improve management of invasive species, with an emphasis on making explicit the social values and preferences that must inform invasive species management. Risk assessment protocols developed previously for invasive species management typically suffer from two interacting flaws: (1) separating risk assessment from risk management, thus disrupting essential connections between the social values at stake in invasive species decisions and the scientific knowledge necessary to predict the likely impacts of management actions, and (2) relying on expert judgment about risk framed in qualitative and value-laden terms, inadvertently mixing the expert's judgment about what is likely to happen with personal preferences. Using the values structuring and probability-modeling elements of formal decision analysis can remedy these difficulties and make invasive species management responsive to both good science and public values. The management of feral pigs in Hawaiian ecosystems illustrates the need for such an integrated approach.     

Risk Analysis for Critical Asset Protection

This article proposes a quantitative risk assessment and management framework that supports strategic asset-level resource allocation decision making for critical infrastructure and key resource protection. The proposed framework consists of five phases: scenario identification, consequence and criticality assessment, security vulnerability assessment, threat likelihood assessment, and benefit-cost analysis. Key innovations in this methodology include its initial focus on fundamental asset characteristics to generate an exhaustive set of plausible threat scenarios based on a target susceptibility matrix (which we refer to as asset-driven analysis) and an approach to threat likelihood assessment that captures adversary tendencies to shift their preferences in response to security investments based on the expected utilities of alternative attack profiles assessed from the adversary perspective. A notional example is provided to demonstrate an application of the proposed framework. Extensions of this model to support strategic portfolio-level analysis and tactical risk analysis are suggested.     

A Framework and Case Study for Exposure Assessment in the Voluntary Children''s Chemical Evaluation Program

A conceptual framework is presented for conducting exposure assessments under the U.S. EPA's Voluntary Children's Chemical Evaluation Program (VCCEP). The VCCEP is a voluntary program whereby companies that manufacture chemicals of potential concern are asked to conduct hazard, exposure, and risk assessments for the chemicals. The VCCEP is unique in its risk-based, tiered approach, and because it focuses on children and requires a comprehensive consideration of all reasonably foreseeable exposure pathways for a particular chemical. The consideration of all potential exposure pathways for some commonly used chemicals presents a daunting challenge for the exposure assessor. This article presents a framework for managing this complicated process, and illustrates the application of the framework with a hypothetical case study. The framework provides guidance for interpreting multiple sources of exposure information and developing a plausible list of exposure pathways for a chemical. Furthermore, the framework provides a means to process all the available information to eliminate pathways of negligible concern from consideration. Finally, the framework provides guidance for utilizing the tiered approach of VCCEP to efficiently conduct an assessment by first using simple, screening-level approaches and then, if necessary, using more complex, refined exposure assessment methods. The case study provides an illustration of the major concepts.     

Systems Resilience for Multihazard Environments: Definition,Metrics, and Valuation for Decision Making

The United Nations Office for Disaster Risk Reduction reported that the 2011 natural disasters, including the earthquake and tsunami that struck Japan, resulted in $366 billion in direct damages and 29,782 fatalities worldwide. Storms and floods accounted for up to 70% of the 302 natural disasters worldwide in 2011, with earthquakes producing the greatest number of fatalities. Average annual losses in the United States amount to about $55 billion. Enhancing community and system resilience could lead to massive savings through risk reduction and expeditious recovery. The rational management of such reduction and recovery is facilitated by an appropriate definition of resilience and associated metrics. In this article, a resilience definition is provided that meets a set of requirements with clear relationships to the metrics of the relevant abstract notions of reliability and risk. Those metrics also meet logically consistent requirements drawn from measure theory, and provide a sound basis for the development of effective decision‐making tools for multihazard environments. Improving the resiliency of a system to meet target levels requires the examination of system enhancement alternatives in economic terms, within a decision‐making framework. Relevant decision analysis methods would typically require the examination of resilience based on its valuation by society at large. The article provides methods for valuation and benefit‐cost analysis based on concepts from risk analysis and management.     

Integrating Operational and Organizational Aspects in Interdependent Infrastructure Network Recovery

Managing risk in infrastructure systems implies dealing with interdependent physical networks and their relationships with the natural and societal contexts. Computational tools are often used to support operational decisions aimed at improving resilience, whereas economics‐related tools tend to be used to address broader societal and policy issues in infrastructure management. We propose an optimization‐based framework for infrastructure resilience analysis that incorporates organizational and socioeconomic aspects into operational problems, allowing to understand relationships between decisions at the policy level (e.g., regulation) and the technical level (e.g., optimal infrastructure restoration). We focus on three issues that arise when integrating such levels. First, optimal restoration strategies driven by financial and operational factors evolve differently compared to those driven by socioeconomic and humanitarian factors. Second, regulatory aspects have a significant impact on recovery dynamics (e.g., effective recovery is most challenging in societies with weak institutions and regulation, where individual interests may compromise societal well‐being). And third, the decision space (i.e., available actions) in postdisaster phases is strongly determined by predisaster decisions (e.g., resource allocation). The proposed optimization framework addresses these issues by using: (1) parametric analyses to test the influence of operational and socioeconomic factors on optimization outcomes, (2) regulatory constraints to model and assess the cost and benefit (for a variety of actors) of enforcing specific policy‐related conditions for the recovery process, and (3) sensitivity analyses to capture the effect of predisaster decisions on recovery. We illustrate our methodology with an example regarding the recovery of interdependent water, power, and gas networks in Shelby County, TN (USA), with exposure to natural hazards.     

Understanding Community Resilience from a PRA Perspective Using Binary Decision Diagrams

Probabilistic risk assessment (PRA) is a useful tool to assess complex interconnected systems. This article leverages the capabilities of PRA tools developed for industrial and nuclear risk analysis in community resilience evaluations by modeling the food security of a community in terms of its built environment as an integrated system. To this end, we model the performance of Gilroy, CA, a moderate‐size town, with regard to disruptions in its food supply caused by a severe earthquake. The food retailers of Gilroy, along with the electrical power network, water network elements, and bridges are considered as components of a system. Fault and event trees are constructed to model the requirements for continuous food supply to community residents and are analyzed efficiently using binary decision diagrams (BDDs). The study also identifies shortcomings in approximate classical system analysis methods in assessing community resilience. Importance factors are utilized to rank the importance of various factors to the overall risk of food insecurity. Finally, the study considers the impact of various sources of uncertainties in the hazard modeling and performance of infrastructure on food security measures. The methodology can be applicable for any existing critical infrastructure system and has potential extensions to other hazards.     

Integrating Uncertainty and Interindividual Variability in Environmental Risk Assessment

An integrated, quantitative approach to incorporating both uncertainty and interindividual variability into risk prediction models is described. Individual risk R is treated as a variable distributed in both an uncertainty dimension and a variability dimension, whereas population risk I (the number of additional cases caused by R) is purely uncertain. I is shown to follow a compound Poisson-binomial distribution, which in low-level risk contexts can often be approximated well by a corresponding compound Poisson distribution. The proposed analytic framework is illustrated with an application to cancer risk assessment for a California population exposed to 1,2-dibromo-3-chloropropane from ground water.     

Multicriteria Decision Framework for Cybersecurity Risk Assessment and Management

Risk assessors and managers face many difficult challenges related to novel cyber systems. Among these challenges are the constantly changing nature of cyber systems caused by technical advances, their distribution across the physical, information, and sociocognitive domains, and the complex network structures often including thousands of nodes. Here, we review probabilistic and risk-based decision-making techniques applied to cyber systems and conclude that existing approaches typically do not address all components of the risk assessment triplet (threat, vulnerability, consequence) and lack the ability to integrate across multiple domains of cyber systems to provide guidance for enhancing cybersecurity. We present a decision-analysis-based approach that quantifies threat, vulnerability, and consequences through a set of criteria designed to assess the overall utility of cybersecurity management alternatives. The proposed framework bridges the gap between risk assessment and risk management, allowing an analyst to ensure a structured and transparent process of selecting risk management alternatives. The use of this technique is illustrated for a hypothetical, but realistic, case study exemplifying the process of evaluating and ranking five cybersecurity enhancement strategies. The approach presented does not necessarily eliminate biases and subjectivity necessary for selecting countermeasures, but provides justifiable methods for selecting risk management actions consistent with stakeholder and decisionmaker values and technical data.