Chapter 8&9 - Risk management
The cautionary principle
- Definition: If the consequences of an activity could be serious and subject to uncertainties, then cautionary measures should be taken, or the activity should not be carried out. - The cautionary principle gives weight to the uncertainties. It has a role in notifying people and society in relation to protection against potential hazards and threats with serious consequences.
Risk acceptance, risk acceptance criteria (RAC), ALARP
- Risk assessments are commonly used together with some risk acceptance criteria, or tolerability limits. - The idea is to ensure some maximum risk level for values, such as life and health, that need to be protected. Risk reduction can be accomplished by many different means, depending on the type of activity considered. In safety context, it is common to refer to the as low as reasonably practicable (ALARP) principle. According to the ALARP principle, an identified measure should be implemented unless it can be documented that there is an unreasonable disparity between costs/disadvantages and benefits. - ALARP o The risk should be reduced to a level that is as low as reasonably practicable. o A measure that can improve safety must, as a general rule, be implemented. § Exception: costs are largely disproportionate in relation to the benefits gained. Risk assessments are commonly used together with some risk acceptance criteria or tolerability limits. Examples of risk acceptance criteria is: - individual risk - F-N curve - environmental based on resitution - Investment risk value-at-risk
The precautionary principle
- The precautionary principle is a special case of the cautionary principle: when faced with scientific uncertainties. - A basic risk and scientific principle that applies when we are faced with the possible serious consequences of an activity, and there is fundamental scientific uncertainty associated with what these consequences will be. - Measures must be taken to reduce the risk, meaning possibly not carrying out the activity.
Cost benefit analysis
Cost-benefit analysis computes the expected net present value of a project or measure. Following this approach, all benefits and costs of the project are transformed to a common scale, typically money. If this value is positive, the project is recommended. - E[NPV] = Expected net present value: o E[NPV] = - E[COSTS] + VSL * E [NUMBER OF LIVES SAVED] o E[NPV] > 0 -> implement measure o E[NPV] < 0 -> measure is not justified. - VSL = Value of a statistical life. Which means the maximum amount of money you are willing to pay to reduce the expected number of fatalities by 1. Cost-benefit analysis and cost-effectiveness analysis, pros and cons: - Pros: simple calculations, easy to compare options. - Cons: use of expected values - has limitations with respect to reflecting risks and uncertainties.
Cost-effective analysis
Cost-effective analysis evaluates the effectiveness of a measure (for example, a safety improvement measure or an investment in a business context). We can try and calculate the effectiveness of a measure (typically risk reducing measures), by looking into the ICAF: E(Z)/E(B) = (Expected cost of measures)/(Expected number of live saved) = ICAF (Implied cost of averting a fatality) Pros and cons of ICAF: - Pros: an easy approach to compare options, and seeing the effectiveness of certain measures. - Cons: the risks and uncertainties are not really captured - we just look into the expected value!
Risk management: Basic theory
Definition: Risk management refers to all activities used to address risk, such as avoiding, reducing, sharing and accepting risk. - Risk management: all activities used to address risk: o Avoiding risk o Reducing risk o Sharing risk o Accepting risk - Risk management is to a large extent about finding the proper balance between development and protection. o Protection: cautionary principle/precautionary principle and robustness/resilience. § Avoiding losses, accidents and disasters o Development: taking/accepting some risk in pursuit of values. § Exploring opportunities, taking or accepting some risk in pursuit of values. o Too much protection hampers development, whilst too much development can cause accidents, damage and loss.
Main strategies of handling risk
In practice, the three major strategies, 1) risk-informed, using risk assessments; 2) cautionary/precautionary; and 3) discursive strategies for handling risk, are combined; the appropriate strategy is a mixture of these three main strategies. - Which strategy to give weight to depends on the context - the type of risk problem(s) we are dealing with. - In practice, the appropriate strategy would typically be a combination of these three. - Risk assessments and other types of analyses can be used to support decision making.
Multi-attribute analysis
Multi attribute analysis in an approach were the goal is not to transform all various concerns into one dimension (typically monetary values), but to provide judgments on each attribute separately, using a combination of quantitative and qualitative assessments. Pros and cons of this method: - Pros: not forces to transform the different attributes into one scale - easier to reflect risks and uncertainties that cannot be properly captured using expected values. - Cons: more demanding to compare options - requires decision-makers to make conscious judgments on how to weight the different attributes. Example: Case - Covid 19 pandemic in Norway
Resilience analysis and management
Robustness/resilience = the ability to withstand and recover from disturbances and situations that are somewhat different from the normal state. Vulnerability and resilience management: - Focusing on vulnerability and resilience management, the aim is to eliminate these vulnerabilities or reduce the consequences if they occur. - Resilience management: the benefit of resilience management is that we can improve resilience without knowing exactly what type of threats that can occur. The level of vulnerability and resilience for a system or organization is linked to the ability to sustain or restore its basic functionality following a stressor. It is commonly stated that a resilient system has the ability to: 1) Respond to regular and irregular threats in a robust yet flexible (adaptive) manner. 2) Monitor what is going on, including its own performance. 3) Anticipate risk events and opportunities. 4) Learn from experience.
