An Analysis of the de minimis Strategy for Risk Management

A de minimis risk management strategy sets a threshold so that risks below the specified level are defined as trivial and exempted from further consideration. The intended purpose is to help avoid inappropriate and wasteful concern with insignificant low-level risks. In most instances a de minimis strategy is likely to have beneficial or innocuous effects, but under certain circumstances large differences may develop between nominal and actual de minimis levels. The potential for such discrepancies illustrates why de minimis (and all other risk management) strategies should be evaluated on the basis of the portfolio of risks that would accumulate from applying such strategies over time, rather than on the apparent reasonableness of any single instance of application.     

Intelligent Adversary Risk Analysis: A Bioterrorism Risk Management Model

The tragic events of 9/11 and the concerns about the potential for a terrorist or hostile state attack with weapons of mass destruction have led to an increased emphasis on risk analysis for homeland security. Uncertain hazards (natural and engineering) have been successfully analyzed using probabilistic risk analysis (PRA). Unlike uncertain hazards, terrorists and hostile states are intelligent adversaries who can observe our vulnerabilities and dynamically adapt their plans and actions to achieve their objectives. This article compares uncertain hazard risk analysis with intelligent adversary risk analysis, describes the intelligent adversary risk analysis challenges, and presents a probabilistic defender–attacker–defender model to evaluate the baseline risk and the potential risk reduction provided by defender investments. The model includes defender decisions prior to an attack; attacker decisions during the attack; defender actions after an attack; and the uncertainties of attack implementation, detection, and consequences. The risk management model is demonstrated with an illustrative bioterrorism problem with notional data.     

Multiattribute Risk Analysis in Nuclear Emergency Management

Radiation protection authorities have seen a potential for applying multiattribute risk analysis in nuclear emergency management and planning to deal with conflicting objectives, different parties involved, and uncertainties. This type of approach is expected to help in the following areas: to ensure that all relevant attributes are considered in decision making; to enhance communication between the concerned parties, including the public; and to provide a method for explicitly including risk analysis in the process. A multiattribute utility theory analysis was used to select a strategy for protecting the population after a simulated nuclear accident. The value-focused approach and the use of a neutral facilitator were identified as being useful.     

Perspective: Risk Apportionment and Disease Intervention Strategies

The ultimate public health objective is the ability to predict and prevent disease, and not necessarily to identify an exhaustive list of potential disease risk factors. For any important public health outcome with multiple and potentially interrelated risk factors, an improved understanding of the contribution of individual and combinations of modifiable risk factors to the disease burden is essential for formulating an appropriate public health strategy. Partitioning techniques that divide the combined impact of multiple risk factors into exposure-specific components while taking into account the potential interrelations among those components, have been described in the epidemiological literature. In this article, we review and compare the available methods and options for such apportionment and apply them in a more general public health context as a method of selecting and prioritizing coronary heart disease (CHD) prevention strategies.     

Incorporating Risk Assessment and Benefit-Cost Analysis in Environmental Management1

Using data from interviews with a key set of individuals at the U.S. Environmental Protection Agency, this study examines intraagency views about the incorporation of risk assessment and benefit-cost analysis in environment management.     

项目风险分析与管理

本文在分析比较传统风险分析方法的基础上,提出了一个更为有效的风险分析方法,即“交叉分析-蒙特卡罗模拟”综合模型。并利用此模型对H集团的某技改投资项目进行了案例分析。在此基础上,提出了建立项目风险防范预警系统的风险管理模式。     

Nano Risk Analysis: Advancing the Science for Nanomaterials Risk Management

Scientists, activists, industry, and governments have raised concerns about health and environmental risks of nanoscale materials. The Society for Risk Analysis convened experts in September 2008 in Washington, DC to deliberate on issues relating to the unique attributes of nanoscale materials that raise novel concerns about health risks. This article reports on the overall themes and findings of the workshop, uncovering the underlying issues for each of these topics that become recurring themes. The attributes of nanoscale particles and other nanomaterials that present novel issues for risk analysis are evaluated in a risk analysis framework, identifying challenges and opportunities for risk analysts and others seeking to assess and manage the risks from emerging nanoscale materials and nanotechnologies. Workshop deliberations and recommendations for advancing the risk analysis and management of nanotechnologies are presented.     

Expert Judgment in Risk Analysis and Management: Process, Context, and Pitfalls

The regulation and management of hazardous industrial activities increasingly rely on formal expert judgment processes to provide wisdom in areas of science and technology where traditional "good science" is, in practice, unable to supply unambiguous "facts." Expert judgment has always played a significant, if often unrecognized, role in analysis; however, recent trends are to make it formal, explicit, and documented so it can be identified and reviewed by others. We propose four categories of expert judgment and present three case studies which illustrate some of the pitfalls commonly encountered in its use. We conclude that there will be an expanding policy role for formal expert judgment and that the openness, transparency, and documentation that it requires have implications for enhanced public involvement in scientific and technical affairs.     

Issues in Ecological Risk Assessment: The CRAM Perspective

In 1989, a Committee on Risk Assessment Methodology (CRAM) was convened by the National Research Council (NRC) to identify and investigate important scientific issues in risk assessment. One of the first issues considered by the committee was the development of a conceptual framework for ecological risk assessment, defined as "the characterization of the adverse ecological effects of environmental exposures to hazards imposed by human activities." Adverse ecological effects include all biological and nonbiological environmental changes that society perceives as undesirable. The committee's opinion was that a general framework is needed to define the relationship of ecological risk assessment to environmental management and to facilitate the development of uniform technical guidelines. The framework for human health risk assessment proposed by the NRC in 1983 was adopted as a starting point for discussion. CRAM concluded that, although ecological risk assessment and human health risk assessment differ substantially in terms of scientific disciplines and technical problems, the underlying decision process is the same for both. Therefore, CRAM recommended that the 1983 risk assessment framework be modified to accommodate both human health and ecological risk assessment. CRAM defined an integrated health/ ecological risk assessment framework consisting of the four components: Hazard Identification, Exposure Assessment, Exposure-Response Assessment, and Risk Characterization. CRAM further provided recommendations on the scope of issues to be addressed in ecological risk assessment, critical research needs, and mechanisms for providing more detailed guidance on the scientific content of ecological risk assessments.     

Foundational Issues in Risk Assessment and Risk Management

This is a perspective article on foundational issues in risk assessment and management. The aim is to discuss the needs, obstacles, and challenges for the establishment of a renewed, strong scientific foundation for risk assessment and risk management suited for the current and future technological challenges. The focus is on (i) reviewing and discussing the present situation and (ii) identifying how to best proceed in the future, to develop the risk discipline in the directions needed. The article provides some reflections on the interpretation and understanding of the concept of “foundations of risk assessment and risk management” and the challenges therein. One main recommendation is that different arenas and moments for discussion are needed to specifically address foundational issues in a way that embraces the many disciplinary communities involved (from social scientists to engineers, from behavioral scientists to statisticians, from health physicists to lawyers, etc.). One such opportunity is sought in the constitution of a novel specialty group of the Society of Risk Analysis.     

Understanding Risk Management

Discussions of technological risks and their management by corporations and society are ubiquitous and often acrimonious. Equally ubiquitous are several important misconceptions of key risk questions. This paper (i) argues that serious epistemological confusion pervades much of the scientific basis for risk assessment, especially confusion among objective, subjective, and perceived risk, and between facts and ethical values; and (ii) asserts that this confusion combines with psychological aspects of risk perception to produce a confused risk debate, a societal management of risks often based on diffuse or contradictory objectives, and consequently mismanagement of resource allocation to risk reduction.     

Cyber Risk Management for Critical Infrastructure: A Risk Analysis Model and Three Case Studies

Managing cyber security in an organization involves allocating the protection budget across a spectrum of possible options. This requires assessing the benefits and the costs of these options. The risk analyses presented here are statistical when relevant data are available, and system‐based for high‐consequence events that have not happened yet. This article presents, first, a general probabilistic risk analysis framework for cyber security in an organization to be specified. It then describes three examples of forward‐looking analyses motivated by recent cyber attacks. The first one is the statistical analysis of an actual database, extended at the upper end of the loss distribution by a Bayesian analysis of possible, high‐consequence attack scenarios that may happen in the future. The second is a systems analysis of cyber risks for a smart, connected electric grid, showing that there is an optimal level of connectivity. The third is an analysis of sequential decisions to upgrade the software of an existing cyber security system or to adopt a new one to stay ahead of adversaries trying to find their way in. The results are distributions of losses to cyber attacks, with and without some considered countermeasures in support of risk management decisions based both on past data and anticipated incidents.     

Decision Analysis and Risk Management Decision Making: Issues and Methods

This paper provides an overview of decision analysis and its use in risk management decision making. The paper discusses the distinctive characteristics of decision analysis and compares these characteristics with those of its principal alternative—cost–benefit analysis. The paper also discusses each of the steps in a decision analysis and the strengths and limitations of the method.     

Decision Making Under Uncertainty—An Example for Seismic Risk Management

Decision-making techniques are used to select the "best" alternatives under multiple and often conflicting criteria. Multicriteria decision making (MCDM) necessitates to incorporate uncertainties in the decision-making process. The major thrust of this article is to extend the framework proposed by Yager^{( 1 )} for multiple decisionmakers and fuzzy utilities (payoffs). In addition, the concept of expert credibility factor is introduced. The proposed approach is demonstrated for an example of seismic risk management using a heuristic hierarchical structure. A step-by-step formulation of the proposed approach is illustrated using a hypothetical example and a three-story reinforced concrete building.     

The SAM Framework: Modeling the Effects of Management Factors on Human Behavior in Risk Analysis

Complex engineered systems, such as nuclear reactors and chemical plants, have the potential for catastrophic failure with disastrous consequences. In recent years, human and management factors have been recognized as frequent root causes of major failures in such systems. However, classical probabilistic risk analysis (PRA) techniques do not account for the underlying causes of these errors because they focus on the physical system and do not explicitly address the link between components' performance and organizational factors. This paper describes a general approach for addressing the human and management causes of system failure, called the SAM (System-Action-Management) framework. Beginning with a quantitative risk model of the physical system, SAM expands the scope of analysis to incorporate first the decisions and actions of individuals that affect the physical system. SAM then links management factors (incentives, training, policies and procedures, selection criteria, etc.) to those decisions and actions. The focus of this paper is on four quantitative models of action that describe this last relationship. These models address the formation of intentions for action and their execution as a function of the organizational environment. Intention formation is described by three alternative models: a rational model, a bounded rationality model, and a rule-based model. The execution of intentions is then modeled separately. These four models are designed to assess the probabilities of individual actions from the perspective of management, thus reflecting the uncertainties inherent to human behavior. The SAM framework is illustrated for a hypothetical case of hazardous materials transportation. This framework can be used as a tool to increase the safety and reliability of complex technical systems by modifying the organization, rather than, or in addition to, re-designing the physical system.     

Determinants of Probability Neglect and Risk Attitudes for Disaster Risk: An Online Experimental Study of Flood Insurance Demand among Homeowners

Little is known about why individuals place either a high or a very low value on mitigating risks of disaster‐type events, like floods. This study uses panel data methods to explore the psychological factors affecting probability neglect of flood risk relevant to the zero end‐point of the probability weighting function in Prospect Theory, and willingness‐to‐pay for flood insurance. In particular, we focus on explanatory variables of anticipatory and anticipated emotions, as well as the threshold of concern. Moreover, results obtained under real and hypothetical incentives are compared in an experiment with high experimental outcomes. Based on our findings, we suggest several policy recommendations to overcome individual decision processes, which may hinder flood protection efforts.     

Risk Preferences,Probability Weighting,and Strategy Tradeoffs in Wildfire Management

Wildfires present a complex applied risk management environment, but relatively little attention has been paid to behavioral and cognitive responses to risk among public agency wildfire managers. This study investigates responses to risk, including probability weighting and risk aversion, in a wildfire management context using a survey‐based experiment administered to federal wildfire managers. Respondents were presented with a multiattribute lottery‐choice experiment where each lottery is defined by three outcome attributes: expenditures for fire suppression, damage to private property, and exposure of firefighters to the risk of aviation‐related fatalities. Respondents choose one of two strategies, each of which includes “good” (low cost/low damage) and “bad” (high cost/high damage) outcomes that occur with varying probabilities. The choice task also incorporates an information framing experiment to test whether information about fatality risk to firefighters alters managers' responses to risk. Results suggest that managers exhibit risk aversion and nonlinear probability weighting, which can result in choices that do not minimize expected expenditures, property damage, or firefighter exposure. Information framing tends to result in choices that reduce the risk of aviation fatalities, but exacerbates nonlinear probability weighting.     

Culture, Cosmopolitanism, and Risk Management

Most cultural approaches to risk management deal with the connections between the forms of social relations within groups and the risk concerns of those groups. According to these theories, a certain limited set of different relational forms (usually three, four, or five) lead to specific, different and conflicting, risk concerns. In contrast to these theories, cosmopolitanism is an approach to culture that focuses, not on forms of sociality, but on changes among forms—expansions and contractions in the inclusivity of forms and movement by persons from one form of sociality to another. Relative to other cultural theories, cosmopolitanism thus is much more concerned with the solution of risk management problems than with their origins. Cosmopolitanism can be thought of as a cultural continuum, with cosmopolitanism at one end and pluralism at the other. Cosmopolitan persons are more open to cultural change—and thus the solution of risk management problems. In this article, we outline our new theory of cosmopolitanism, describe a method for measuring it and present an experimental study that tests some implications of the theory. Results from the study support the theory by showing that, compared to pluralistic respondents, cosmopolitan respondents are more inclusive in their risk management judgments—that is, they express equal concern for a local and a national issue, whereas the pluralistic respondents express greater concern in the local case. We discuss the risk management implications of a cosmopolitan approach to culture.