Not all risk is risk

How to define, understand and describe riskI had planned to post this yesterday, when I was taken by surprise by the most severe supply chain and transportation disruption ever to hit Norway and much of Northern Europe: Volcanic ash from Iceland grounds all Norwegian air traffic, and it’s not over yet. Today appears to become another day with no air traffic in my neck of the woods and the social impact is widely felt, to say the least. And today’s post is by no means unrelated to air traffic. My latest favorite author, Terje Aven from the University in Stavanger, Norway, takes risk research to new heights in his most recent article from 2010. In How to define, understand and describe risk he contends that the uncertainty surrounding risk assessments is perhaps more important than the risk value itself.

A perfect title

In the beginning I thought the title to be a bit dull. Nonetheless, the title contains the essence of the article, and after reading it, it has indeed made it clear to me what risk is, how to understand it, and what is necessary to fully describe what goes into a risk assessment.

Please note that this paper is an academic discourse on the definition of risk. For definitions and descriptions of risk terms according to ISO standard 31000  please see my post on Risk Management Vocabulary.



Risk assessments are imperfect

The starting point for the paper is that the common risk perspectives that describe risk using probabilities combined with events and consequences are too narrow, because probabilities are imperfect tools for expressing uncertainties, since the assigned probabilities are conditioned on a number of assumptions and suppositions that leave out possible surpises and unknowns, effectively creating Black Swans.

Eight common risk definitions

The article provides a list of eight risk definitions, discusses these and then suggests an alternative definition that does capture uncertainty in perhaps a better fashion than the more traditional definitions. For the sake of simplicity I will omit the discussions, and highlight the essence of the article.

First, here are some common definitions of risk:

  1. Risk is a measure of the probability and severity of adverse effects.
  2. Risk is the combination of probability of an event and its consequences.
  3. Risk is equal to the triplet (si, pi, ci), where si is the ith scenario, pi is the probability of that scenario, and ci is the consequence of the ith scenario, i=1,2,y, N.

The common thread for these definitions is that they relate to initiating events or actions, consequences and probabilities or uncertainties, formalised as

Risk = (A, C, U).

The question is, does this really capture risk?

Is (A, C, P) an adequate description of risk? Are probabilities able to express the uncertainties, about the events and consequences? A probability is a way of expressing to what extent an event or consequence is likely to occur, but what does this mean?

Probability is the keyword to understanding Aven’s article. Probability can be either

  • a relative frequency or hypothetical occurence of an event or action if a situation in which it may or may not occur is repeated infintely, or
  • a subjective measure of uncertainty, based on prior knowlegde and conditional circumstances

The former produces best estimates of “true” risk. However, it is impossible to know the accuracy of the estimates, and thus it is impossibe to assess the correct risk. The latter assigns probability based on uncertainty, without referring to and thus eliminating probability.

A probability is always conditional on a background knowledge, and given this background knowledge there is no uncertainties related to the assigned probability, as it is an expression of uncertainty.

Consequently, many other descriptions of risk have incorporated uncertainty into their definition:

  1. Risk refers to uncertainty of outcome, of actions and events.
  2. Risk is a situation or event where something of human value (including humans themselves) is at stake and where the outcome is uncertain.
  3. Risk is an uncertain consequence of an event or an activity with respect to something that humans value.
  4. Risk is equal to the two-dimensional combination of events/consequences and associated uncertainties.
  5. Risk is uncertainty about and severity of the consequences (or outcomes) of an activity with respect to something that humans value.

Note the lack of probability in these definitions.

Two risk perspectives

In summary, two perspectives can be discerned:

Risk=(A, C, Pf), where Pf is a relative frequency-interpreted probability (or a related parameter such as the expected number of occurrences of the event A per unit of time, where the expectation is with respect to a relative frequency-interpreted probability).

Risk=(A, C, U), where U is the uncertainty about A and C (will A occur and what will the consequences C be?), including uncertainty about underlying factors influencing A and C.

According to Aven, these two schools of thought, probability versus uncertainty, is what pervades much of today’s risk research.

An alternative definition of risk

Are there irreconcilable differences between these two schools of thought? Perhaps not, because Aven suggests the following definition:

Risk description = (A, C, U, P, K)

where P is a subjective probability expressing U based on the background knowledge K. This description covers probability distributions of A and C, as well as predictions of A and C, for example a predictor C* given by the expected value of C, unconditionally or conditional on the occurrence of A, i.e. C*=EC or C*=E[C|A]. A sensitivity analysis constitutes an integral part of the risk description.

Not only does this synthesize both perspectives, objective risk is replaced by a description of risk.

Conclusion

This is indeed one of the better papers that I have read on risk. Those of you who follow my blog will know that I am a qualitative researcher with little or no inclination towards the quantitative. That is why you will never find a purely quantitative paper on my blog. The reason why I liked this paper is that it so elegantly combines the qualitative with the quantitative, by upholding the quantitative, but stating that it must be qualitatively judged. In my opinion, Aven’s alternative and comprehensive definition of risk truly captures all aspects of risk.




Reference

Aven, T. (2010). On how to define, understand and describe risk Reliability Engineering & System Safety, 95 (6), 623-631 DOI: 10.1016/j.ress.2010.01.011

Author link

Related

Posted in ARTICLES and PAPERS
Tags: , , , ,

ARTICLES and PAPERS
Acts of God or Acts of Man?
Do we ever learn? How come we humans knowingly and willingly put ourselves and our critical infrastr[...]
Structural embeddedness and the extended supply chain
The other day, while reviewing a chapter for inclusion (or not) in the upcoming book Managing Risk i[...]
BOOKS and BOOK CHAPTERS
Book Review: Security Risk Management - Body of Knowledge
A Wiley book rarely lets you down, and this one doesn't either. With a refreshing Australian touch, [...]
Book review: Supply Chain Risk Management
Edited by Robert B. Handfield, the book Supply Chain Risk Management: Minimizing Disruptions in Glob[...]
REPORTS and WHITEPAPERS
Critical Infrastructure and Resilience
What happens when a business is disabled for a length of time? What are the impacts on its profitabi[...]
Global Resilience Index
The 2015 FM Global Resilience Index provides an annual ranking of 130 countries and territories acco[...]