Foundational Issues in Risk Assessment and Risk Management

In spite of the maturity reached by many of the methods used in risk assessment and risk management, broad consensus has not been established on fundamental concepts and principles. The risk fields still suffer from a lack of clarity on many key scientific pillars. The purpose of this article is to point to this situation and through some illustrating examples discuss the challenges that the fields here face. Moreover, the purpose of the article is to reflect on how to improve the present situation and enhance the risk fields. We argue that the establishment of some common scientific pillars as well as a strong and continuous research focus on foundational issues are critical success factors. The article specifically addresses the role of the peer‐reviewed journals and the international standards in the fields. We hope that the article can contribute to a revitalization of the discussion of foundational issues in risk assessment and risk management.     

On How to Deal with Deep Uncertainties in a Risk Assessment and Management Context

Recently, several authors have presented interesting contributions on how to meet deep or severe uncertainties in a risk analysis setting. In this article, we provide some reflections on some of the foundational pillars that this work is based on, including the meaning of concepts such as deep uncertainty, known probabilities, and correct models, the aim being to contribute to a strengthening of the scientific platform of the work, as well as providing new insights on how to best implement management policies meeting these uncertainties. We also provide perspectives on the boundaries and limitations of analytical approaches for supporting decision making in cases of deep uncertainties. A main conclusion of the article is that deep uncertainties call for managerial review and judgment that sees beyond the analytical frameworks studied in risk assessment and risk management contexts, including those now often suggested to be used, such as robust optimization techniques. This managerial review and judgment should be seen as a basic element of the risk management.     

From Ideal to Real Risk: Philosophy of Causation Meets Risk Analysis

A question has been raised in recent years as to whether the risk field, including analysis, assessment, and management, ought to be considered a discipline on its own. As suggested by Terje Aven, unification of the risk field would require a common understanding of basic concepts, such as risk and probability; hence, more discussion is needed of what he calls “foundational issues.” In this article, we show that causation is a foundational issue of risk, and that a proper understanding of it is crucial. We propose that some old ideas about the nature of causation must be abandoned in order to overcome certain persisting challenges facing risk experts over the last decade. In particular, we discuss the challenge of including causally relevant knowledge from the local context when studying risk. Although it is uncontroversial that the receptor plays an important role for risk evaluations, we show how the implementation of receptor‐based frameworks is hindered by methodological shortcomings that can be traced back to Humean orthodoxies about causation. We argue that the first step toward the development of frameworks better suited to make realistic risk predictions is to reconceptualize causation, by examining a philosophical alternative to the Humean understanding. In this article, we show how our preferred account, causal dispositionalism, offers a different perspective in how risk is evaluated and understood.     

Foundational Issues in Risk Assessment and Risk Management

This is a perspective article on foundational issues in risk assessment and management. The aim is to discuss the needs, obstacles, and challenges for the establishment of a renewed, strong scientific foundation for risk assessment and risk management suited for the current and future technological challenges. The focus is on (i) reviewing and discussing the present situation and (ii) identifying how to best proceed in the future, to develop the risk discipline in the directions needed. The article provides some reflections on the interpretation and understanding of the concept of “foundations of risk assessment and risk management” and the challenges therein. One main recommendation is that different arenas and moments for discussion are needed to specifically address foundational issues in a way that embraces the many disciplinary communities involved (from social scientists to engineers, from behavioral scientists to statisticians, from health physicists to lawyers, etc.). One such opportunity is sought in the constitution of a novel specialty group of the Society of Risk Analysis.     

How to Perform an Ethical Risk Analysis (eRA)

Ethical analysis is often needed in the preparation of policy decisions on risk. A three‐step method is proposed for performing an ethical risk analysis (eRA). In the first step, the people concerned are identified and categorized in terms of the distinct but compatible roles of being risk‐exposed, a beneficiary, or a decisionmaker. In the second step, a more detailed classification of roles and role combinations is performed, and ethically problematic role combinations are identified. In the third step, further ethical deliberation takes place, with an emphasis on individual risk‐benefit weighing, distributional analysis, rights analysis, and power analysis. Ethical issues pertaining to subsidiary risk roles, such as those of experts and journalists, are also treated in this phase. An eRA should supplement, not replace, a traditional risk analysis that puts emphasis on the probabilities and severities of undesirable events but does not cover ethical issues such as agency, interpersonal relationships, and justice.     

Representation,Propagation, and Decision Issues in Risk Analysis Under Incomplete Probabilistic Information

This article tries to clarify the potential role to be played by uncertainty theories such as imprecise probabilities, random sets, and possibility theory in the risk analysis process. Instead of opposing an objective bounding analysis, where only statistically founded probability distributions are taken into account, to the full‐fledged probabilistic approach, exploiting expert subjective judgment, we advocate the idea that both analyses are useful and should be articulated with one another. Moreover, the idea that risk analysis under incomplete information is purely objective is misconceived. The use of uncertainty theories cannot be reduced to a choice between probability distributions and intervals. Indeed, they offer representation tools that are more expressive than each of the latter approaches and can capture expert judgments while being faithful to their limited precision. Consequences of this thesis are examined for uncertainty elicitation, propagation, and at the decision‐making step.     

On the Need for Restricting the Probabilistic Analysis in Risk Assessments to Variability

It is common perspective in risk analysis that there are two kinds of uncertainties: i) variability as resulting from heterogeneity and stochasticity (aleatory uncertainty) and ii) partial ignorance or epistemic uncertainties resulting from systematic measurement error and lack of knowledge. Probability theory is recognized as the proper tool for treating the aleatory uncertainties, but there are different views on what is the best approach for describing partial ignorance and epistemic uncertainties. Subjective probabilities are often used for representing this type of ignorance and uncertainties, but several alternative approaches have been suggested, including interval analysis, probability bound analysis, and bounds based on evidence theory. It is argued that probability theory generates too precise results when the background knowledge of the probabilities is poor. In this article, we look more closely into this issue. We argue that this critique of probability theory is based on a conception of risk assessment being a tool to objectively report on the true risk and variabilities. If risk assessment is seen instead as a method for describing the analysts’ (and possibly other stakeholders’) uncertainties about unknown quantities, the alternative approaches (such as the interval analysis) often fail in providing the necessary decision support.     

The Risk Management of Third Parties During Construction in Multifunctional Urban Locations

Buildings above roads, railways, and existing buildings themselves are examples of multifunctional urban locations. The construction stage of those buildings is in general extremely complicated. Safety is one of the critical issues during the construction stage. Because the traffic on the infrastructure must continue during the construction of the building above the infrastructure, falling objects due to construction activities form a major hazard for third parties, i.e., people present on the infrastructure or beneath it, such as car drivers and passengers. This article outlines a systematic approach to conduct quantitative risk assessment (QRA) and risk management of falling elements for third parties during the construction stage of the building above the infrastructure in multifunctional urban locations. In order to set up a QRA model, quantifiable aspects influencing the risk for third parties were determined. Subsequently, the conditional probabilities of these aspects were estimated by historical data or engineering judgment. This was followed by integrating those conditional probabilities, now used as input parameters for the QRA, into a Bayesian network representing the relation and the conditional dependence between the quantified aspects. The outcome of the Bayesian network—the calculation of both the human and financial risk in quantitative terms—is compared with the risk acceptance criteria as far as possible. Furthermore, the effect of some safety measures were analyzed and optimized in relation with decision making. Finally, the possibility of integration of safety measures in the functional and structural building design above the infrastructure are explored.     

Probability and Possibility‐Based Representations of Uncertainty in Fault Tree Analysis

Expert knowledge is an important source of input to risk analysis. In practice, experts might be reluctant to characterize their knowledge and the related (epistemic) uncertainty using precise probabilities. The theory of possibility allows for imprecision in probability assignments. The associated possibilistic representation of epistemic uncertainty can be combined with, and transformed into, a probabilistic representation; in this article, we show this with reference to a simple fault tree analysis. We apply an integrated (hybrid) probabilistic‐possibilistic computational framework for the joint propagation of the epistemic uncertainty on the values of the (limiting relative frequency) probabilities of the basic events of the fault tree, and we use possibility‐probability (probability‐possibility) transformations for propagating the epistemic uncertainty within purely probabilistic and possibilistic settings. The results of the different approaches (hybrid, probabilistic, and possibilistic) are compared with respect to the representation of uncertainty about the top event (limiting relative frequency) probability. Both the rationale underpinning the approaches and the computational efforts they require are critically examined. We conclude that the approaches relevant in a given setting depend on the purpose of the risk analysis, and that further research is required to make the possibilistic approaches operational in a risk analysis context.     

Finding and fixing systems weaknesses: probabilistic methods and applications of engineering risk analysis.

Methods of engineering risk analysis are based on a functional analysis of systems and on the probabilities (generally Bayesian) of the events and random variables that affect their performances. These methods allow identification of a system's failure modes, computation of its probability of failure or performance deterioration per time unit or operation, and of the contribution of each component to the probabilities and consequences of failures. The model has been extended to include the human decisions and actions that affect components' performances, and the management factors that affect behaviors and can thus be root causes of system failures. By computing the risk with and without proposed measures, one can then set priorities among different risk management options under resource constraints. In this article, I present briefly the engineering risk analysis method, then several illustrations of risk computations that can be used to identify a system's weaknesses and the most cost-effective way to fix them. The first example concerns the heat shield of the space shuttle orbiter and shows the relative risk contribution of the tiles in different areas of the orbiter's surface. The second application is to patient risk in anesthesia and demonstrates how the engineering risk analysis method can be used in the medical domain to rank the benefits of risk mitigation measures, in that case, mostly organizational. The third application is a model of seismic risk analysis and mitigation, with application to the San Francisco Bay area for the assessment of the costs and benefits of different seismic provisions of building codes. In all three cases, some aspects of the results were not intuitively obvious. The probabilistic risk analysis (PRA) method allowed identifying system weaknesses and the most cost-effective way to fix them.     

Foundational Challenges for Advancing the Field and Discipline of Risk Analysis

Risk analysis as a field and discipline is about concepts, principles, approaches, methods, and models for understanding, assessing, communicating, managing, and governing risk. The foundation of this field and discipline has been subject to continuous discussion since its origin some 40 years ago with the establishment of the Society for Risk Analysis and the Risk Analysis journal. This article provides a perspective on critical foundational challenges that this field and discipline faces today, for risk analysis to develop and have societal impact. Topics discussed include fundamental questions important for defining the risk field, discipline, and science; the multidisciplinary and interdisciplinary features of risk analysis; the interactions and dependencies with other sciences; terminology and fundamental principles; and current developments and trends, such as the use of artificial intelligence.     

How Probabilistic Risk Assessment Can Mislead Terrorism Risk Analysts

Traditional probabilistic risk assessment (PRA), of the type originally developed for engineered systems, is still proposed for terrorism risk analysis. We show that such PRA applications are unjustified in general. The capacity of terrorists to seek and use information and to actively research different attack options before deciding what to do raises unique features of terrorism risk assessment that are not adequately addressed by conventional PRA for natural and engineered systems—in part because decisions based on such PRA estimates do not adequately hedge against the different probabilities that attackers may eventually act upon. These probabilities may differ from the defender's (even if the defender's experts are thoroughly trained, well calibrated, unbiased probability assessors) because they may be conditioned on different information. We illustrate the fundamental differences between PRA and terrorism risk analysis, and suggest use of robust decision analysis for risk management when attackers may know more about some attack options than we do.     

The Role of Decision Analysis in Risk Analysis: A Retrospective

In commemorating the 40th anniversary of Risk Analysis, this article takes a retrospective look at some of the ways in which decision analysis (as a “sibling field”) has contributed to the development both of the journal, and of risk analysis as a field. I begin with some early foundational papers from the first decade of the journal's history. I then review a number of papers that have applied decision analysis to risk problems over the years, including applications of related methods such as influence diagrams, multicriteria decision analysis, and risk matrices. The article then reviews some recent trends, from roughly the last five years, and concludes with observations about the parallel evolution of risk analysis and decision analysis over the decades—especially with regard to the importance of representing multiple stakeholder perspectives, and the importance of behavioral realism in decision models. Overall, the extensive literature surveyed here supports the view that the incorporation of decision-analytic perspectives has improved the practice of risk analysis.     

Ex Ante and Ex Post Values for Changes in Risks

In this paper, I take risk to mean a composite of the probability of an adverse event and the severity of the consequences of the event. I explore two issues in the economic valuation of changes in individual risks brought about by public policies. These are: (1) the relationship between the values of risk prevention (i.e., the lowering of the probabilities of adverse events) and risk reduction (i.e., the reduction of the severity of the consequences of adverse events); and (2) the relationship between ex ante and ex post measures of the value of changes in risk.     

Risk Analysis in Developing Countries1

In summary, risk analysis is not yet well practiced in developing countries, although there are numerous, diverse environmental and other risk-related issues and concerns that need attention. A few initiatives have been taken, but, so far, they have created only relatively small impact in a few areas. Many risk issues may not be addressed, partly as a result of lack of resources and inadequate knowledge by policy makers. Risk analysis is an essential tool for the planning and implementation of development projects. To enhance its use, however, risk analysis approaches and methods must be adapted to developing countries, and this requires research. Unfortunately, funds for research, in general, are hard to find. There are other problems in the implementation of risk analysis. Trained professionals on risk analysis are few. Existing institutions that are tasked with resolving environmental and other risk issues are overburdened. Risk-related data are sorely lacking. Resources are very limited for addressing numerous natural and technological hazards. In most developing countries, political and economic stability is still threatened by both internal and external forces, hence, that is what receives priority attention. Activities like risk analysis, which generally lead to long-term results and benefits, do not get enough interest. In addition, there is still little public awareness of risks even among those who have passed the stage of survival; thus, there is little public concern about them. We cannot afford this lack of concern for long. In the Philippines, the government was the first to recognize after our peaceful revolution in 1986 that “the environmental issues can add fuel to the insurgency; they can also hamper efforts towards national recovery”.⁽⁴⁾ To this point, I have added that risk management (including risk assessment and risk communication), like attainment of peace and freedom, is a social imperative because risk issues affect our health, safety, and both our physical and economic well-being.⁽⁷⁾ Many of such issues in developing countries have not only local, but also global origin and impacts. They thus deserve the interest of each of us.     

Probability Elicitation Under Severe Time Pressure: A Rank‐Based Method

Probability elicitation protocols are used to assess and incorporate subjective probabilities in risk and decision analysis. While most of these protocols use methods that have focused on the precision of the elicited probabilities, the speed of the elicitation process has often been neglected. However, speed is also important, particularly when experts need to examine a large number of events on a recurrent basis. Furthermore, most existing elicitation methods are numerical in nature, but there are various reasons why an expert would refuse to give such precise ratio‐scale estimates, even if highly numerate. This may occur, for instance, when there is lack of sufficient hard evidence, when assessing very uncertain events (such as emergent threats), or when dealing with politicized topics (such as terrorism or disease outbreaks). In this article, we adopt an ordinal ranking approach from multicriteria decision analysis to provide a fast and nonnumerical probability elicitation process. Probabilities are subsequently approximated from the ranking by an algorithm based on the principle of maximum entropy, a rule compatible with the ordinal information provided by the expert. The method can elicit probabilities for a wide range of different event types, including new ways of eliciting probabilities for stochastically independent events and low‐probability events. We use a Monte Carlo simulation to test the accuracy of the approximated probabilities and try the method in practice, applying it to a real‐world risk analysis recently conducted for DEFRA (the U.K. Department for the Environment, Farming and Rural Affairs): the prioritization of animal health threats.     

The Role of Quantitative Risk Assessments for Characterizing Risk and Uncertainty and Delineating Appropriate Risk Management Options, with Special Emphasis on Terrorism Risk

The purpose of this article is to discuss the role of quantitative risk assessments for characterizing risk and uncertainty and delineating appropriate risk management options. Our main concern is situations (risk problems) with large potential consequences, large uncertainties, and/or ambiguities (related to the relevance, meaning, and implications of the decision basis; or related to the values to be protected and the priorities to be made), in particular terrorism risk. We look into the scientific basis of the quantitative risk assessments and the boundaries of the assessments in such a context. Based on a risk perspective that defines risk as uncertainty about and severity of the consequences (or outcomes) of an activity with respect to something that humans value we advocate a broad risk assessment approach characterizing uncertainties beyond probabilities and expected values. Key features of this approach are qualitative uncertainty assessment and scenario building instruments.     

The Impact of Joint Responses of Devices in an Airport Security System

In this article, we consider a model for an airport security system in which the declaration of a threat is based on the joint responses of inspection devices. This is in contrast to the typical system in which each check station independently declares a passenger as having a threat or not having a threat. In our framework the declaration of threat/no-threat is based upon the passenger scores at the check stations he/she goes through. To do this we use concepts from classification theory in the field of multivariate statistics analysis and focus on the main objective of minimizing the expected cost of misclassification. The corresponding correct classification and misclassification probabilities can be obtained by using a simulation-based method. After computing the overall false alarm and false clear probabilities, we compare our joint response system with two other independently operated systems. A model that groups passengers in a manner that minimizes the false alarm probability while maintaining the false clear probability within specifications set by a security authority is considered. We also analyze the staffing needs at each check station for such an inspection scheme. An illustrative example is provided along with sensitivity analysis on key model parameters. A discussion is provided on some implementation issues, on the various assumptions made in the analysis, and on potential drawbacks of the approach.     

Review and Evaluation of the J100-10 Risk and Resilience Management Standard for Water and Wastewater Systems

Risk analysis standards are often employed to protect critical infrastructures, which are vital to a nation's security, economy, and safety of its citizens. We present an analysis framework for evaluating such standards and apply it to the J100-10 risk analysis standard for water and wastewater systems. In doing so, we identify gaps between practices recommended in the standard and the state of the art. While individual processes found within infrastructure risk analysis standards have been evaluated in the past, we present a foundational review and focus specifically on water systems. By highlighting both the conceptual shortcomings and practical limitations, we aim to prioritize the shortcomings needed to be addressed. Key findings from this study include (1) risk definitions fail to address notions of uncertainty, (2) the sole use of “worst reasonable case” assumptions can lead to mischaracterizations of risk, (3) analysis of risk and resilience at the threat-asset resolution ignores dependencies within the system, and (4) stakeholder values need to be assessed when balancing the tradeoffs between risk reduction and resilience enhancement.