Certain death: Not risky. Uncertain death: risky.

If you know for sure that things will go wrong, there really is no risk. If you don’t know for sure that things will go wrong, then there is a risk. That’s the basic assumption in a paper I just read, titled Identification of safety and security critical systems and activities and written by Terje Aven in 2009. It may sound like a bold statement, but technically speaking, it is a true statement. It is only when the consequences of actions and events are uncertain that these actions and events are truly risky. Agree?

Terje Aven

I have said it time and again, and followers of this blog will know that I am a qualitative, not a quantitative researcher, and I have always looked at risk and vulnerability from a qualitative perspective, which is why I like Kaplan’s definition of risk better than any other. That is why I have never paid much attention to Terje Aven, a professor from the University of Stavanger, Norway, who I first met some 15 years ago and who I have always regarded as a quantitative researcher. He is a frequent author and co-author of articles in the Reliability Engineering and System Safety, a journal I only look into now and then, and there’s hardly an issue without Aven in it. His most recent contribution, Identification of safety and security critical systems and activities, has made me question my discarding of the quantitative risk and vulnerability perspective.

Risk – traditionally defined

Traditonally, risk is defined as a function of probability and consequences, where the the probability of and event occurring is linked to the expected consequences if the event occurs (as predicted). This way of thinking only considers a certain set of events; it does not consider the full spectre of possible outcomes. This means that the actual consequences may be very different from the calculated expected consequences.



Hence by focusing on the expected consequences given a failure mode, a strong element of arbitrariness in the classification scheme is introduced. This arbitrariness is due to the variation in possible outcomes integrated into the expected value, as well as the difficulty of assigning probabilities producing accurate predictions.

Another approach might be to replace expected consequence with expected loss:

Expected loss = E[C], given by p E [C|A], where C are the consequences of an event A with a probability of p.

This makes comparing different events easier, since one only needs to compare one number. The lesser the expected loss, the better? Not necessarily, since the preferences of the decision-maker are not accounted for. That is why a expected disutility approach should be used:

Expected disutility = Eu(C), where u is a utility function reflecting the preferences of the decision maker.

This too is troublesome, since there still is some arbitrariness as to defining the disutility function, which will have to be the same for all events/consequences, something that may not hold true for the decision-maker. Thus, in order to find which systems that are critical, neither expected loss nor expected disutility may be good approaches.

Risk – alternatively defined

Aven sees risk as composed of:

  • Initiating events or triggers (A)
  • Consequences of these events (C)
  • The values (attributes) at stake
  • Uncertainties and likelihoods about occurence of the events and the consequences

Conversely, he sees vulnerability as composed of:

  • Consequences of the initiating events
  • The values (attributes) at stake
  • Uncertainties and likelihoods about occurence of the consequences, given the initiating events

See the differences? Risk looks primarily at the triggering event, vulnerability looks primarily at the resulting consequences.

High uncertainty = high risk

In order to account for uncertainties, Aven suggests the following method

Identify a list of systems for evaluation.

Identify possible initiating events A.

Define categories of consequences C (severity classification).

Rank thesystems according to vulnerability using E[C|A], i.e. the expected consequences given the occurrence of A.
Assign probabilities for the events A, calculate the unconditional expected consequences, EC,
by EC = P(A) x E[C|A], and rank the systems according to EC.

Assess uncertainties in underlying phenomena and processes that could result in surprises relative to EC, and adjust the ranking based on this assessment.

Steps 4 and 5 are based on a traditional risk description. It is only when the uncertainties are added that “true” risk is revealed, e.g. an event with a presumed low risk based on EC, may be reclassified as high risk if the uncertainties regarding the underlying assumptions are high. Uncertainties may be related to e.g. new technology, future events, customer demand or political stability.

Conclusion

I think Aven is on the right track here. As he puts it himself,

…the idea that safety and security critical systems can be identified by considering […] the expected consequences given given system failures and malfunctions […] cannot be justified…

It is necessary to use a risk-informed approach, he claims, where calculated probabilities and expected values are enriched with the uncertainties of the underlying phenomena and processes.

Surprises may occur and by just addressing probabilities and and expected values, such surprises may be overlooked.

Surprises will of course occur, as Nassim Taleb notes in his book on Black Swan Events, and also described by Bazerman and Watkins in their book on Predictable Surprises: The Disasters You Should Have Seen Coming. However, taking possible surprises into account already from the beginning will allow for a much broader, richer and more comprehensive approach to risk management.

Reference

AVEN, T. (2009). Identification of safety and security critical systems and activities Reliability Engineering & System Safety, 94 (2), 404-411 DOI: 10.1016/j.ress.2008.04.001

Author link

Related

Posted in ARTICLES and PAPERS
Tags: , , , ,

ARTICLES and PAPERS
SCRM Research Gaps
Supply Chain Risk Management is a area that has seen a significant growth in recent years. However, [...]
When your supplier goes bust...
...what do you do? Is so-called supplier default something you have even thought about? And what if [...]
BOOKS and BOOK CHAPTERS
Book Review: How Nature Works
How Nature works is a fascinating book. I first heard of the late Per Bak and his sandpile theories [...]
Understanding risks in Virtual Enterprise Networks
Today's unstable and highly competitive business environment has created a shift in how enterprises [...]
REPORTS and WHITEPAPERS
Future Value Chain Trends 2020
The twelve future trends that will shape value chains and supply chain management during this decade[...]
ISO 28002 – Supply Chain Resilience
Have you heard of ISO 28002?  No? You should take note of this standard, because the ISO 28000 serie[...]