hei Flashcards
A risk assessment team concludes that the knowledge-based probability of a
specific event A is equal to 0.05 given the knowledge K. Provide an interpretation
of this statement. Give also an interpretation of an imprecise probability of
maximum 0.05.
Interpretation of P(A|K): The team has the same uncertainty and degree of belief
for the event A to occur as randomly drawing a red ball out of an urn that comprise
100 balls and where 5 are red.
Imprecise probability P(A|K) ≤ 0.05: The team has the same uncertainty and
degree of belief for the event A to occur as randomly drawing a red ball out of an
urn that comprise 100 balls and where 5 or less are red. The assessor is not willing
to be more precise. Alternatively the team expresses that the probability is less
than or equal to 0.05, where 0.05 is interpreted as above. The team is not willing
to be more precise.
Does a frequentist probability for the following event B exist? Why/why not?
B: Risk science will be a distinct subject in school in Norway before 2050.
Define a frequentist probability p for an event C.
No, it does not exist as a population of similar type of situations to the one
considered cannot be meaningfully defined.
p= the fraction of time the event C occurs if we could repeat the situation
considered over and over again infinitely under the same conditions
A risk assessment is conducted with the aim of describing the risk related to
severe events which could lead to a high number of fatalities. The following risk
description is used:
P(an event occurring with at least 10 fatalities) = 0.05
Is this a good risk characterization? Why/why not?
The event ‘an event occurring with at least 10 fatalities’ is a severe event with a
high number of fatalities so this is fine, but may be also other numbers should be
covered, for example more than 100 fatalities etc. In addition, the characterization
should include the knowledge that the probability is based on and in particular a
judgment of the strength of this knowledge.
How does Taleb define a Black swan? How is a Black swan defined by Aven
in his books? Explain the three different types of black swans referred to in the
curriculum.
See book.
The following barrier block diagram represents a technical system with six
components:Draw the corresponding fault tree diagram, linking the top event ‘system failure’
to failures of the components 1-6. Assume independence and unreliability qi =
0.1 for each of the components. Calculate the unreliability of the system exactly
and approximately using the minimal cut set approach.
In what sense does the independence assumption represent risk in this case?
Exact:
P(System failure) = (1-p1p2) x (1- (1-q3q4)(1-q5q6)) = (1-0.92) * (1-(1-0.12)2) = 3.781 * 10-3
Approximately:
P(System failure) ≈ q1q3q4 + q1q5q6 + q2q3q4 + q2q5q6 = 4 * 10-3
The assumption can be wrong, and thus the calculated probabilities misleading.
A risk analyst argues that the main objective of the risk assessment is to
accurately estimate the risk. Do you agree? Why/why not?
A risk assessment could have this purpose in some cases (when frequentist based
probabilities can be meaningfully defined and there exist considerable relevant
data) but more generally the purpose of a risk assessment is
to help understand the risk and express risk:
identify risk sources, threats, hazards and opportunities; understanding how these can
materialize/occur, trigger events/event sequences, and what their consequences can be; representing
and expressing uncertainties and risk; and determining the significance of the risk using relevant
criteria.
This again provide decision support, on choices of measures and arrangements,
the need for such measures and arrangements, etc.
Explain the ALARP principle. Discuss to which extent the principle supports
Protection or Development.
The ALARP principle says that risk should be reduced to a level that is As Low As
Reasonably Practicable (ALARP). A risk reducing measure should be implemented unless
it can be demonstrated that the costs are grossly disproportionate relative to the gains
obtained (the burden of proof is reversed).
Thus if there is a safety measure that can improve safety, it shall be implemented as a rule,
unless you can demonstrate that the cost are in gross disproportion to the benefits gained.
This means that Protection is highlighted. On the other hand, if cost benefit analysis is
used to verify ALARP which is often seen in practice, Development is supported as this
analysis is based on expected values.
Argue how a cost-effectiveness analysis based on ICAF calculations can
contribute to identifying suitable safety measures. Discuss the
limitations/weaknesses of this method.
The ICAF for a safety measure calculates the expected cost per expected number
of saved lives. A high ICAF means that the measure is not justified, it costs too
much compared to the benefits gained, whereas if the ICAF is low, the costs are
not so high and the measure can be justified. The SVL (Statistical value of a life)
provides a reference point for what is too high.
The problem is that the approach is based on expected values which do not capture
all relevant aspects of benefit and costs. The potential for extreme outcomes are
not reflected, nor the strength of the knowledge supporting the judgments made.
Society for Risk Analysis (SRA) has developed a new Glossary. Is the
development of this Glossary to be seen as a contribution to Applied risk science
or Generic risk science? Explain.
The development of the Glossary is a contribution on Generic risk science B, but
with the intention to serve applied risk science A.
Consider the case where a person is thinking about jumping onto a stone (bolt)
located between two rocks, with a direct drop below of several hundred meters
(think of the Kjeragbolt in Lysefjorden if you like).
Trine has high competence in risk science. Her friend Tone asks her: ‘You as an
expert on risk science Trine, is it a good idea to jump on this bolt?’ How should
Trine respond to this question on the basis of the curriculum of this course?
She should say that the risk science does not provide answers what is the best
decision but it provides support for how to think and generate a basis for making
the decision. It helps us for example characterizing the risk and understanding
the balance that has to be made between different concerns (development and
protection).
What is ‘risk science’, and in particular ‘applied risk science’ and ‘generic risk science’?
Climate change research provides knowledge about risk as a result of climate change. Would
you classify this research as contributing to applied or generic risk science? Explain.
Risk science is the most warranted statements (justified beliefs) produced by the risk field or
discipline
Applied risk science: Risk science based applied risk analysis, which is about
supporting risk knowledge generation in relation to specific activities., and supporting the
tackling of specific risk problems (A)
Generic risk science: Risk science based on generic risk analysis, which is about generic
concepts, principles, approaches and methods on how to understand, assess, characterize,
communicate, manage and govern risk (B)
See also book Section 3.1.
Climate change risk: It is Applied risk science as it supports risk knowledge generation in
relation to specific activities.
Define ‘knowledge’ in a risk science context. Give an example to motivate and explain the
definition, which points to the need for deviating from an understanding of knowledge often
referred to in the literature. What is ‘risk research’?
Justified beliefs. See p. 24, arguing that knowledge cannot be ‘justified true beliefs’.
Risk research can be understood as knowledge generation in relation to risk, for concrete
activities and for how to analyse (in a wide sense) risk.
A risk analyst presents the result of a risk assessment for a process plant, and shows some
probability numbers for loss of life categories, including an imprecise probability of one or
more fatalities for a period of one year equal to [0, 0.005]. The assessor states that the numbers
represent the analyst’s degree of belief for these events to occur - where the assessor is not
willing to assign a precise number. Provide an interpretation of the above imprecise probability
statement [0, 0.005]. Is the probability uncertain? Explain why/why not.
Interpretation: The analyst has the same uncertainty and degree of belief for the event (at least
one fatality in that period) to occur as randomly drawing a red ball out of an urn that comprises
1000 balls and where maximum 5 are red. The assessor is not willing to be more precise.
It is not uncertain, it is the analyst’s judgment of uncertainty, but the knowledge supporting it
could be more or less strong.
In its most general form, risk can be described by (A’,C’,Q,K) and vulnerability by
(C’,Q,K|A’). Explain what these terms express.
Give an example illustrating how vulnerability can be described, which also includes the SoK
aspects.
A’: specified event, for example leakage
C’: specified consequences, for example number of fatalities.
Q: measure or description of the uncertainties about A’ and C’. Typically Q is probability P and
strength of knowledge judgments (SoK)
Vulnerability: (C’,Q,K|A’), as above but given the occurrence of an event, for example a gas
leakage in a process plant.
Probability of a fatality given the occurrence of a fire, with a SoK judgment expressing how
strong the background knowledge for this probability is considered.
How is a Black swan defined? Explain the three different types of black swans introduced.
Give an example for each type.
See book pp 77-81.
Explain the concept of validity of a risk assessment.
See Section 5.1.1
What is the difference between risk perception and professional judgments about risk?
See Section 6.1.1
The risk descriptions and characterization provide ‘pure’ judgements of the consequences of
the activities studied and associated uncertainties as in (A’,C’, Q,K), without adding feelings
and value judgements related to how people like or dislike the consequences and uncertainties.
Risk perception, on the other hand, is a personal judgement or appraisal of risk, also including
such aspects. We know from the literature on risk perception and behavioural decision-making
that aspects like affect, familiarity, control, catastrophic potential, etc., are important for how
people understand and deal with risk
Discuss to what extent successful risk communication depends on high quality risk analysis.
See Section 6.2.1
A risk scientist argues that it is important to stress that the decision-making should not be
purely ‘risk-assessment-based’. What is this scientist thinking about? Explain the concept of
managerial review and judgment.
The key is that the risk results should not prescribe what to do, as the risk assessments have
limitations in capturing all aspects of risks and uncertainties, and there are also different values
(we may all agree on the risks, but disagree on what to do as we have different values, what is
important, how much weight to give to uncertainties, how to balance protection and
development). The decision making should be risk informed.
Managerial review and judgement: process of summarising, interpreting and deliberating
over the results of risk assessments and other assessments, as well as of other relevant issues
(not covered by the assessments), in order to make a decision
The managerial review and judgment is the process between risk assessment and the
decision-making.
Discuss to what extent resilience analysis and management are a part of risk analysis and
management.
See Section 7.4
A risk analyst presents the result of a risk assessment for a process plant, and
shows some probability numbers for loss of life categories, including a probability
of one or more fatalities for a period of one year equal to 0.001 = 1 x 10-3. The
analyst states that the numbers represent the analyst’s degree of belief for these
events to occur. Provide an interpretation of the probability 0.001 in line with
this. What do we call this type of probability? Is it uncertain? Explain why/why
not.
Interpretation: The analyst has the same uncertainty and degree of belief for the
event (at least one fatality in that period) to occur as randomly drawing a red ball
out of an urn that comprises 1000 balls and where 1 is red.
It is referred to as a knowledge-based, or subjective or judgmental probability.
It is not uncertain, it is the analyst’s judgment of uncertainty, but the knowledge
supporting it could be more or less strong.
A person listening to the above risk analyst is not familiar with this type of
probability and thinks the number is a frequentist probability estimate. Suppose
that this was the case. Would the number then be subject to uncertainty?
Why/why not? Provide an interpretation of the underlying frequentist probability
being estimated.
Yes, as the number is an estimate of an underlying frequentist probability p which
has a true value: the fraction of time the event (at least one fatality) would occur
if we could repeat the situation considered (producing similar process plant years)
over and over again infinitely under the same conditions
In its most general form, risk can be described by (A’,C’,Q,K). Explain what
these elements express. A risk analyst establishes a 90% prediction interval for
the number of gas leakages in a process plant, with related strength of knowledge
judgments. Explain how to interpret this interval, and how it relates to
(A’,C’,Q,K). How can vulnerability be expressed using the (A’,C’,Q,K)
terminology?
A’: specified event, for example leakage
C’: specified consequences, for example number of fatalities.
Q: measure or description of the uncertainties about A’ and C’. Typically Q is
probability P and strength of knowledge judgments (SoK)
A 90 % prediction interval [a,b] is such that P(a ≤ number of leakages ≤ b |K) =
0.90. Hence we can interpret the interval as a way of expressing Q in relation to
A’ types of events (or C’ if C’ has a component referring to the number of
leakages).
Vulnerability description: (C’,Q,K|A’)
- How is a Black swan defined by Aven in the curriculum? What is an unknown
known in a risk assessment context? And unknown unknown? What are the
‘problems’ raised by restricting the Black swan metaphor to unknown unknowns?
See book.
Problems: a) unknown unknowns are so rare events, so not so relevant comparted
to other types of surprises (unknown knowns …) b) not in line with the origin of
the metaphor
The following barrier block diagram represents a technical system with six
components:
Minimal cut sets: {1,5}, {2,5}, {1,3,4}, {2,3,4},
Exact:
Unreliability of parallel system 3-4: 0.2 x 0.2 = 0.04
Reliability of series system 3-4 and 5 : 0.96 x 0.80 = 0.768
Reliability of series system 1-2 : 0.8 x 0.8 = 0.64
Unreliability of parallel of these two systems: 0.36 x 0.232 = 0.08352
Approximation method:
Unreliability ≈ q1q5 + q2q5 + q1q3 q4 + q2q3 q4 = 2 x 0.2 x 0.2 + 2 x 0.2 x 0.2 x 0.2 = 8 * 10-2 + 1.6 x
10-2 = 0.096
The general purpose of a risk assessment can be formulated in this way (SRA
2017):
Risk assessment is the systematic process to identify risk sources, threats, hazards and opportunities;
understanding how these can materialize/occur, trigger events/event sequences, and what their
consequences can be; representing and expressing uncertainties and risk; and determining the
significance of the risk using relevant criteria.
FMEA is an example of a risk assessment method. Explain its basic ideas. Outline
a typical FMEA sheet. Explain to what degree this approach is providing a
comprehensive overview of the risk related to the system studied.
List the main stages of a risk assessment process, from planning to risk treatment,
as presented in the curriculum (explanations of the various stages should not be
given).
See book
The approach identifies failures in a system by failure of individual units of the
system, looks at its effects and also discusses likelihood in relation to these failure
and effects. This provides some insights about risk, but many aspects are not
covered, for example that severe losses and consequences can be the result of
simultaneous occurrences of events. The approach can be seen as an input to a
more comprehensive risk assessment. SoK knowledge judgements for the
likelihoods should also be included but are not commonly included.
See book
A risk scientist argues that it is important to stress that the decision-making
should be ‘risk-informed’ and not ‘risk-based’. Present the argumentation
provided for this statement. Explain the concept of managerial review and
judgment.
The key is that the risk assessment results should not prescribe what to do, as risk assessments
have limitations in capturing all aspects of risks and uncertainties, and there are also different
values (we may all agree on the risks, but disagree on what to do as we have different values,
what is important, how much weight to give to uncertainties, how to balance protection and
development)
Managerial review and judgement: process of summarising, interpreting and deliberating
over the results of risk assessments and other assessments, as well as of other relevant issues
(not covered by the assessments), in order to make a decision
The managerial review and judgment is the process between risk assessment and the
decision-making.
What is a cost-benefit analysis (CBA). Explain its basic ideas. What is the
meaning of the concept of ‘value of a statistical life’? What is the rational used in
the curriculum to argue that we need to see beyond CBAs when making decisions
in relation to risk?
See book.
Value of a statistical life: the maximum you are willing to pay to reduce the
expected number of fatalities by 1.
The key point is that the CBAs are based on expected values which do not reflect
well risk and uncertainties. SoK judgments are also commonly lacking.
Define ‘knowledge’ according to the curriculum. What is knowledge in
relation to generic risk science?
Knowledge: justified beliefs
Generic risk science: knowledge relates to the development of generic concepts,
principles, approaches and/or methods on how to understand, assess, characterise,
communicate, manage and govern risk
Think about the current climate change risk discussion.
Does the risk science tell us how we should deal with this risk? Explain.
How can risk science be useful in this regard?
No, the risk science does not provide answers what are the best decisions, it does
not take a stand on what we should do. The weight we give to uncertainties and
risks are not scientific, but ethical, political …
It can still be useful as it provides support for how to think and generate a basis
for making the decision. It helps us for example characterizing the climate change
risk
A risk assessment team concludes that the knowledge-based probability of a
specific event A is equal to 0.95 given the knowledge K. Provide an interpretation
of this statement. Give also an interpretation of an imprecise probability of
minimum 0.95.
Interpretation of P(A|K): The team has the same uncertainty and degree of belief
for the event A to occur as randomly drawing a red ball out of an urn that comprise
100 balls and where 95 are red.
Imprecise probability P(A|K) ≥ 0.95: The team has the same uncertainty and
degree of belief for the event A to occur as randomly drawing a red ball out of an
urn that comprise 100 balls and where 95 or more are red. The assessor is not
willing to be more precise. Alternatively the team expresses that the probability
is at least 0.95, where 0.95 is interpreted as above. The team is not willing to be
more precise.
Let C be the outcome from the throw of a die and let p = Pf(C=1). Explain what
p expresses. The die is of a special type, and p is not necessarily 1/6. Let us assume
that p is either 1/6 or 1/3. Explain how you can express your uncertainty about p
using knowledge-based probabilities. Assign concrete numbers to illustrate how
it is done.
p= the fraction of time the event ‘C=1’ occurs if we could repeat the situation
considered over and over again (i.e. throw the die over and over again) infinitely
under the same conditions
We could assign P(p=1/6) and P(p=1/3) (where the sum is 1), for example 0.5
for each. These probabilities are conditional on my knowledge K.
A risk assessment is conducted with the aim of describing the risk related to
the number of fatalities related to a process plant in a specific period of time. The
following risk description is used:
P(an event occurring with at least 1 fatality) = 0.10
Is this a good risk characterization? Why/why not?
The event ‘an event occurring with at least 1 fatalities’ is a severe event so the
probability is of interest, but also other numbers should be covered, for example
more than 10 fatalities, more than 100 fatalities etc. In addition, the
characterization should include the knowledge that the probability is based on
and in particular a judgment of the strength of this knowledge.
How is a Black swan defined by Aven in the curriculum? Why is this metaphor
considered important?
See book
Because it gives focus on the potential for surprises relative to risk numbers and
assessment results – the surprise aspect and the unforeseen is a risk issue but often
not given enough attention in risk assessment and management. Events could have
been overlooked in the assessments, or ignored because of low judged
probabilities – the metaphor stimulates further reflections in such situations: is
there a potential for surprise. Can we improve our methods to better meet potential
surprises.
The following barrier block diagram represents a technical system with six
components:List the minimal cut and path sets of the diagram. Is {1,2,3,4} a minimal cut set?
Why/why not? Assume independence and unreliability qi = 0.1 for each of the
components. Assume that component 1 is not functioning. Calculate
(approximately) the unreliability of the system using the minimal cut set
approach.
Minimal cut sets, 134, 156, 234, 256,
Minimal path sets: 12, 35, 36, 45, 46
P(System failure) ≈ q3q4 + q5q6 = 2 * 10-2 = 0.02
In case of large uncertainties, risk assessments are not able to produce accurate
risk estimations or predictions. Can risk assessment still be useful? How?
Yes to help understand and describe risk
to identify risk sources, threats, hazards and opportunities; understanding how these can
materialize/occur, trigger events/event sequences, and what their consequences can be; representing
and expressing uncertainties and risk; and determining the significance of the risk using relevant
criteria.
This can be done when the uncertainties are small or large. So they can be useful
and provide decision support, on choices of measures and arrangements, the need
for such measures and arrangements, etc.
Why is it problematic to use standard cost benefit analysis (CBA) to verify
ALARP?
The ALARP principle says that risk should be reduced to a level that is As Low As
Reasonably Practicable (ALARP). A risk reducing measure should be implemented unless
it can be demonstrated that the costs are grossly disproportionate relative to the gains
obtained (the burden of proof is reversed). Thus if there is a safety measure that can improve
safety, it shall be implemented as a rule, unless you can demonstrate that the cost are in
gross disproportion to the benefits gained. This means that Protection is highlighted.
However, if standard CBA is used to verify ALARP which is often seen in practice,
development is supported as this analysis is based on expected values: risk and uncertainties
are not given much weight and the idea of the principle is not followed up.
Define the concept of VSL (Value of a Statistical Life). Say VSL =30. Explain
how this value is used in CBAs.
VSL: how much one is wiling to pay for reducing the expected number of lost
lives with 1.
In a CBA we compute the expected value related to loss of lives, so if we for
example expect 0.2 lost lives, a value contribution of 0.2 x 30 = 6 is computed,
which is plugged into the ENPV formula.
A researcher has developed a new approach for how to visualize risk. Is this an
example of Applied risk science or Generic risk science? Explain.
The example is an example of Generic risk science, B, as it is a generic
contribution which is relevant for all types of applications.
Consider the case where a person is thinking about jumping onto a stone (bolt)
located between two rocks, with a direct drop below of several hundred meters
(think of the Kjeragbolt in Lysefjorden if you like).
Does the risk science tell you what you should do in this case? Explain. If you
decide not to jump, how would you explain that using risk science concepts and
terminology?
No, the risk science does not provide answers what is the best decision but it
provides support for how to think and generate a basis for making the decision. It
helps us for example characterizing the risk and understanding the balance that
has to be made between different concerns (development and protection).
If you decide not to jump you can say that you gave considerable weight to the
cautionary principle. You weigh pros and cons but did not find the benefits large
enough compared to the risks involved.
What is ‘risk science’? Are all risk assessments contributing to new risk science
knowledge? Why/why not?
Risk science is the most warranted statements (justified beliefs) produced by the risk field or
discipline, it is about concepts, principles, approaches and methods on how to understand,
assess, characterise, communicate, manage and govern risk
Risk science is the most updated and justified knowledge on risk fundamentals (concepts), risk
assessment, risk perception and communication and risk management and governance. Risk science is
also about the process – the practice – that gives us this knowledge.
No, as not all lead to new knowledge on concepts, principles, approaches or methods on how
to understand, assess, characterise, communicate, manage or govern risk. Not all risk
assessment are published in risk science journals, they do not have scientific contributions in
relation to risk science.
Define ‘knowledge’ according to the curriculum. Use the judgment that the
probability is 1/6 for a symmetric die, to argue that knowledge cannot be
meaningfully defined as ‘justified true beliefs’.
Knowledge: justified beliefs
See youtube
https://www.youtube.com/watch?v=z4E-y7CQ5-
0&list=PL1Oi4O0iZ7iagjE80latDc4lUXXboK6EX&index=16&t=0s
We have some ‘knowledge’ by seeing that the die is symmetric and from that we
can claim that the probability p for getting 6 is 1/6, but we cannot be sure, so if
we require justified true beliefs, we do not have knowledge in this case and that
does not sound meaningful.
The same if we perform many trials, we do not get knowledge according to
justified true beliefs which shows that the idea is not working in this context.
A risk analyst presents the result of a risk assessment for a process plant, and
shows some probability numbers for loss of life categories, including a probability
of one or more fatalities for a period of one year equal to 0.001 = 1 x 10-3. The
analyst states that the numbers represent the analyst’s degree of belief for these
events to occur. Provide an interpretation of the probability 0.001 in line with
this. What do we call this type of probability? Is it uncertain? Explain why/why
not.
Interpretation: The analyst has the same uncertainty and degree of belief for the
event (at least one fatality in that period) to occur as randomly drawing a red ball
out of an urn that comprises 1000 balls and where 1 is red.
It is referred to as a knowledge-based, or subjective or judgmental probability.
It is not uncertain, it is the analyst’s judgment of uncertainty, but the knowledge
supporting it could be more or less strong.
Suppose 0.001 is the estimate of a frequentist probability p. Let D be the
difference between 0.001 and this frequentist probability p. Is D subject to
uncertainty? Why/why not? Provide an interpretation of p.
D= 0.001-p, it is subject to uncertainty as p is in general unknown:
p: the fraction of time the event considered would occur if we could repeat the
situation considered over and over again infinitely under the same conditions
In its most general form, risk can be described by (A’,C’,Q,K), Explain what these terms
express. Using a similar notation, how would you express vulnerability? Is the conditional
probability of a fatality given a fire, a measure of vulnerability? Why/why not?
A’: specified event, for example leakage
C’: specified consequences, for example number of fatalities.
Q: measure or description of the uncertainties about A’ and C’. Typically Q is probability P and
strength of knowledge judgments (SoK)
Vulnerability: (C’,Q,K|A’), as above but given the occurrence of an event.
Yes A’ is the fire, and Q is probability related to fatality (C’). K should be added, as well as
SoK judgments.
How is a Black swan defined by Taleb and Aven? Explain the three different types of black
swans introduced by Aven. What type is Sept 11 ? Why?
See book Section 3.4 (type b) or c)).
Explain the concept of reliability of a risk assessment.
See Problem 4.15 and its solution in the book
A risk analyst plans to use a standard cost benefit analysis (CBA) to verify
ALARP. Explain the ALARP principle. Do you think this is a good idea?
Why?/why not?
The ALARP principle says that risk should be reduced to a level that is As Low As
Reasonably Practicable (ALARP). A risk reducing measure should be implemented unless
it can be demonstrated that the costs are grossly disproportionate relative to the gains
obtained (the burden of proof is reversed). Thus if there is a safety measure that can improve
safety, it shall be implemented as a rule, unless you can demonstrate that the cost are in
gross disproportion to the benefits gained. This means that Protection is highlighted.
It is not a good idea. If standard CBA is used to verify ALARP which is often seen in
practice, development is supported as this analysis is based on expected values: risk and
uncertainties are not given much weight and the idea of the principle is not followed up.
Explain and motivate the concept of managerial review and judgment.
Managerial review and judgement: process of summarising, interpreting and deliberating
over the results of risk assessments and other assessments, as well as of other relevant issues
(not covered by the assessments), in order to make a decision
The managerial review and judgment is the process between risk assessment and the
decision-making.
The key is that the risk results should not prescribe what to do, as the risk assessments have
limitations in capturing all aspects of risks and uncertainties, and there are also different values
(we may all agree on the risks, but disagree on what to do as we have different values, what is
important, how much weight to give to uncertainties, how to balance protection and
development). There is a gap between the risk assessment results and the decision.
Explain the concept of resilience. Explain what the “call for a shift from risk to resilience”
is about .
In recent years, calls have been made for a shift from risk to resilience, for example by the
former UN Secretary-General Ban Ki-moon (UNISDR 2015). The basic idea is that we need
to be prepared when threatening events occur, whether they are anticipated or unforeseen. Is
the call based on a belief that the risk field and science should be replaced by resilience analysis
and management, or is it more about priorities: more weight should be placed on improving
resilience?
It is the latter, and resilience is a key aspect of modern risk science so there is no conflict.
In a specific industry, a total number of 4 fatalities were registered last year. You talk to a
risk analyst about the related risks. This analyst states
a) Risk is thus equal to 4.
A colleague of this analyst disagrees and states that
b) 4 is a risk estimate
Do you consider these two statements to be in line with risk science as defined by the course
curriculum? Why?/why not? Answer a) and b) separately.
a)
No, as risk is not historical data, risk relates to the future, 4 can provide input to describe
risk but there is a fundamental leap between what is observed in the past and what will
happen in the future. Risk is a combination of future unknown consequences C, and
associated uncertainties, and clearly 4 is different from (C,U).
.
b)
No, we do not estimate the risk (C,U), but we describe it by (C’,Q,K). 4 can be seen as
an estimate of C, but C is not the same as risk. If risk were defined by the expected
number of fatalities (using frequentist probabilities), we could have spoken about 4
being an estimate of risk, but that is not as defined in the curriculum.
The same analyst also states that
c) If the uncertainties are large probabilities cannot be determined, and
again the colleague of this analyst disagrees and states that
d) frequentist probabilities can be defined when the uncertainties are large.
Do you consider these statements to be in line with risk science as defined by the course
curriculum? Why?/why not? Answer c) and d) separately.
c) No, subjective (knowledge-based) probabilities can always be determined/assigned
(although the supporting knowledge is weak).
d) A frequentist probability is a model concept and needs to be justified, for unique
situations it cannot be meaningfully defined, as the concept needs repetition of the
situation considered over and over again infinitely.
- In a risk assessment related to a pandemic, the following 90% prediction interval for the
number of fatalities next month is established based on extensive modelling: [100,200]. Explain
what this interval expresses.
The same analyst as above states that if we obtain more knowledge, the length of the interval
will decrease. Do you agree? Why?/why not?
The colleague of this analyst has no opinion about that issue, but states that the interval
[100,200] could be based on many assumptions, and these assumptions should be presented
together with the interval – also an analysis of the assumptions should be conducted.
Do you consider this statement to be in line with risk science as defined by the course
curriculum? Why?/why not?
N= number of fatalities next month
Interpretation of 90% prediction interval [100,200]:
P(100 ≤ N ≤ 200)|K) = 0.90, where P is a knowledge-based probability and K is the background
knowledge that the probability is based on.
Thus the judgment is that with 90% probability the number of fatalities will be between 100
and 200 given this knowledge K.
90% probability: Same uncertainty as randomly drawing a red ball out of an urn having 100
balls where 90 are red.
Not necessarily, the new knowledge may for example reveal that an assumption is wrong and
lead to a wider interval.
Yes, this is in line with risk science, the assumptions are important elements of K and should
be presented (as the rest of the K in (C’,Q,K)). The sensitivity and importance of the
assumptions should be addressed by seeing how the results are affected by changes in the
assumptions. One could discuss how reasonable/justified they are, and also an assumption-
deviation-risk analysis could be performed, i.e. analysing what deviations from the assumptions
could occur and what consequences such deviation would have for the risk description. This
could be performed by considering 1) the magnitude of a potential assumption deviation, 2)
how likely the deviation is, 3) the consequences given a deviation, and 4) the strength of
knowledge supporting the likelihood judgements.
Why does risk science focus on potential surprises and black swans? The above analyst
argues that black swans are unknown unknowns. What would be the implications for risk
analysis and management if that was the case?
Because it may turn out that events occur that the analysts did not foresee or think about in their
analysis. The risk assessments reflect the analysts’ knowledge, but this knowledge could have
holes or be wrong. The focus on potential surprises and black swans aims at meeting this
challenge, for example by identifying areas where the analysts lack knowledge but there is
available knowledge elsewhere (unknown knowns), or by critically examining assumptions
made in the risk assessments.
Only a small category of surprises and unforeseen events would then be addressed.
What is the difference between risk perception and professional judgments about risk?
Suppose a professional risk judgment is based on risk equal to expected value. A lay person
perceives the risk completely different than the professional – does this mean that the person is
strongly influenced by perceptional factors like fear and dread?
The figure below shows the difference, risk perception may also include how the person like
or dislike aspects of the risk, as well as aspects of affect (emotions) and trust, also acceptability
– which are not the case of a professional judgment (C’,Q,K)
No, this person’s perception may represent a conscious judgment of risk and the uncertainties
(C,U), using (C’,Q,K) type of consideration and therefore be completely different than the
professional who refers to risk as expected value, E[C’], which har strong limitations in
reflecting all aspects of risk (the specter of consequences and uncertainties).
What is the main purpose of risk communication? A risk communication campaign is
launched which is based on risk characterizations with rankings based on a traditional risk
matrix. Discuss to what extent the risk communication can be considered successful.
The main purpose is to improve the understanding of risk, and in this way support relevant
decision making. It cannot be considered successful from a risk science perspective as risk is
poorly described and could lead to poor risk understanding (the problems with traditional risk
matrices are many, including that the specter of consequences may not be revealed and that the
strength of knowledge supporting the probabilities are not reflected). The campaign may still
be successful according to the social or political goal of the campaign (for example get people
not to smoke).
Discuss to what extent the application of the precautionary principle was justified in relation
to the COVID-19 early this year.
Is there a conflict between the precautionary principle and science? Why?/why not?
The precautionary principles states that if faced with a situation where the consequences could
be serious, and is subject to scientific uncertainties, the precautionary measures should be taken
or the activity should not be carried out.
Hence it can be argued that the conditions are there, for applying the principle and implement
measures to reduce the risk (as we have seen in all countries, ranging from total lockdowns to
less dramatic interventions).
No, the principle applies when traditional science is not able to provide clear guidance (because
of the uncertainties). A key precautionary measure is research to gain more knowledge.
Define the value of a statistical life (VSL). Explain how this concept is used in cost-benefit
analysis. (CBA)
Explain the link between ICAF and VSL.
VSL: The maximum one is willing to pay to reduce the expected number of saved lives by 1.
In CBA we calculate expected values, and the contributions from reducing the expected number
of saved lives by EN, is thus VSL ⸱ EN.
ICAF is the Implied Cost of Averting a Fatality, and is derived by computing the expected cost
of the measure considered per expected lives saved. For example, a measure may have an ICAF
= 100 million NOK. Then if VSL = 30 million NOK, it is clear that the measure cannot be
justified as 30 is the maximum one is willing to pay to reduce the expected number of lives by
1. Hence if ICAF > VSL, not implement measure, if ICAF ≤ VSL, implement measure.
Explain the idea of the ALARP principle. Is this principle favoring protection more than
development? Why?/why not? What if CBA is used to verify ALARP?
The principle says that the risk should be reduced to a level as low as reasonably practicable. A
measure that can be improve safety should be implemented unless it can be demonstrated that
the costs are in gross disproportion to the benefits gained. As such it can be said to favor
protection and safety as the rule is to implement measures that support this. Only in the
‘extreme’ case that you are able to demonstrate that the costs are ‘extreme’ you are ‘allowed’
to not implement the measure.
If CBA is used, with its weight on expected values, risk and uncertainties are not really focused,
and consequently nor protection/safety. More weight is on development. The principle says that the risk should be reduced to a level as low as reasonably practicable. A
measure that can be improve safety should be implemented unless it can be demonstrated that
the costs are in gross disproportion to the benefits gained. As such it can be said to favor
protection and safety as the rule is to implement measures that support this. Only in the
‘extreme’ case that you are able to demonstrate that the costs are ‘extreme’ you are ‘allowed’
to not implement the measure.
If CBA is used, with its weight on expected values, risk and uncertainties are not really focused,
and consequently nor protection/safety. More weight is on development.
A risk scientist works on the issue of understanding what ‘scientific uncertainties’ mean
in relation to the precautionary principle. Is the scientist then primarily working on generic risk
science or applied risk science? Explain. Another scientist discusses the use of the
precautionary principle in the legal context of the European Union. Is this scientist working on
generic risk science or applied risk science? Explain. Define risk science.
Scientific uncertainties: Generic risk science (applicable across different application areas)
EU case: Applied risk science as related to this specific application
See appendix B
A person states that the probably that the future global temperature will increase with more than 1
degree Celsius the coming 50 years is 0.90. Provide an explanation/interpretation of this probability
statement. What do we call this type of probability?
Is there uncertainty about this probability relative to an underlying ‘true’ probability? Explain.
Solution
It is a knowledge-based (subjective, judgmental) probability; it expresses that the person has the
same uncertainty or degree of belief for this event (the future global temperature will increase with
more than 1 degree Celsius the coming 50 years) to occur as randomly drawing a red ball out of an
urn comprising 100 balls where 90 are red.
No, as there is no underlying true probability to compare with. However, the person may experience
imprecision problems and the supporting knowledge could be more or less strong and even wrong.
The impression can lead to an imprecise probability, say at least 0.90.
Problem 3
Suppose now in this problem that the probabilities in the table above express a risk analyst’s degrees
of belief. Define and interpret risk for this example as in the book, using two types of definitions. Is
the (A,C,U) definition relevant here? Why/why not?
Is a risk characterization given by this table a good risk characterization? Why/why not? Include
aspects that you think should be added.
What are the two main problems with traditional risk matrices (based on probability and expected
values given the event) for describing risk?
Solution
Risk: potential for the project to give a negative outcome
Risk: the combination of consequences and associated uncertainties
The (A,C,U) definition is not relevant as there is no natural A event to refer to
It (the table) lacks considerations of the strength of knowledge supporting the probabilities, as well
as considerations of the potential for other values than the 3 considered in the table. The K should be
added.
Risk matrix problems: does not reflect the spectre of consequences and lacks considerations of the
strength of knowledge. See book p. 47.
Problem 4
Use the boulder example from the curriculum to explain that traditionally defined security risk -
addressing threats, vulnerabilities and consequences - is covered by the (A,C,U) risk perspective.
Explain what vulnerability means in this example.
Solution
Threat: For example, boulder being pushed so that it dislodges from the ledge, event A
Vulnerabilities: (C,U|A) potential for fatalities or injuries given the boulder is pushed and dislodged
from the ledge – combination of fatalities/injuries and associated uncertainties, given event A
Consequences: C, number of fatalities/injuries
Need to add uncertainties to the event A.
In compact form; (A,U) and (C,U|A) = “threat risk’ plus vulnerabilities (the consequence part is
covered by the vulnerability) which is in line with the (A,C,U) risk perspective (see p. 16)
You are considering two projects, I and II. The projects are characterized by frequentist probability
distributions of the consequences (i.e. benefits, profit) C as follows: Explain/interpret the following quantities for project II:
Pf(C=100) and Ef[C].
Should you choose project II as it has the highest expected value? Explain?
Is the cautionary principle relevant in this case? Why/why not?
The precautionary principle? Why/why not
Solution
Pf(C=100): the fraction of times the consequences is equal to 100 if we could consider an infinite
(very large) number of similar projects of type II
Ef[C]: the average value if we could consider an infinite (very large) number of similar projects of type
II
If you have a large number of such projects, project II is most attractive as it gives the best average
value. In general it is not possible to say as it depends on the decision maker’s preferences. Project II
may for example be rejected because of rather high probability of a loss of 100.
The cautionary principle could be relevant, but not the precautionary principle as there are no
scientific uncertainties. The person may dislike the relatively large uncertainties associated with a
considerable loss (0.05 probability for a loss of 100) and reject project II, assuming the person does
not have many projects.
Explain how scenario 1 can happen. Compute the probability that this scenario occurs given a fire.
Suppose the expected rate of fires is 2 per year. What is then the probability of a fire occurring
which leads to scenario 2?
Suppose for scenario 1, an expected number of fatalities of 5 is specified. And suppose no fatalities
for the other scenarios. Compute an expected number of fatalities for this event tree.
What is the PLL associated with this tree?
Compute a FAR value associated with this tree? Suppose the number of exposed hours in a year is 1
million.
Can you use this event tree model to present an F-N curve? Explain.
Solution
A fire starts, the fire spreads quickly, the sprinkler fails, people cannot evacuate leading to multiple
fatalities
P(scenario 1|fire) = 0.1 x 0.3 x 0.5 = 0.015 = 1.5%
P(fire scenario 2) = 0.015 x 2 = 0.03 (a good approximation)
(scenarios 1 and 2 have the same probability)
Expected number of fatalities= 5 x 0.03 = 0.15
PLL = 0.15
FAR = (0.15/106)108 = 15
FN curve : Not possible without specifying probabilities for different numbers of fatalities for scenario
1
i) A person states that risk evaluation as part of risk assessment covers judgments and
decisions about risk acceptance. Is the person right, according to the curriculum?
Explain.
ii) The same person argues that management review and judgment (MRJ) is not needed
when the uncertainties (in (C,U)) are judged very small. Is the person right, according to
the curriculum? Explain.
i) It is not accurate. The risk evaluation is conducted by the risk assessors, it covers judgments about
the significance of the risks and rankings wrt risks, and may cover judgments about risk acceptance,
for example saying that it is common to accept risk for activities with this risk level, but it does not
conclude on the risk being acceptable or not as that is a management and decision maker’s task. The
risk evaluation discusses the risk analysis results relative to criteria defined or reference levels. The
decision maker may see beyond these criteria and reference levels.
ii) It is not correct.
The MRJ is formally defined as the process of summarizing, interpreting and deliberating over the
results of risk and other assessments, as well as other relevant issues (not covered by the
assessments) in order to make a decision. The MRJ is based on the recognition that all assessments
have limitations: there are aspects not fully captured by the assessments – with small uncertainties
this point may be not very critical but it will always be an aspect as the uncertainties are judged small
but there could be surprises relative to these judgments and that the MRJ needs to take into
account.
Furthermore the decision-maker needs to take into account all aspects of importance for the
decision, not only those addressed by the risk assessments, and this aspect of the MRJ is not affected
by the uncertainties being judged small.
a) In risk perception research it is referred to lay people overestimating and overreacting when
faced with risk having certain characteristics. Discuss to what extent we can talk about risk
overestimation and overreacting in cases of large scientific uncertainties.
b) A common criterion for good public risk communication is that it is open and transparent.
Provide an example where this criterion obviously cannot be met. In a specific country, the
authorities have implemented measures to reduce people’s accessibility to information that
is in conflict with the guidelines and perspective of the authorities concerning a risk issue.
How do you think the authorities argue to justify their approach? What are the problems of
adopting such an approach?
Solution
a) These concepts are problematic in cases of large scientific uncertainties as there is not a
known risk to compare with when talking about overestimation - overestimation over what?
And for the overreaction, there is a problem that there is not a right decision. The risk can be
amplified because of certain factors (See book Section 6.1.2 and 6.1.3), but it is unfortunate
to refer to overestimation and overreaction for the reasons mentioned.
b) Security.
Arguments by the authorities: provide the proper guidance, based on the best science,
believed to give the best advices for people – avoid chaos and panic
Problems: Science is not one voice, there could be valuable insights provided by others than
the authorities, openness is not highlighted, fundamental trust to authorities is lost as
inclusiveness of different perspectives is not acknowledged, lack of acknowledgment of the
limitations of scientific knowledge and a need for a continuous ‘battle’ between different
schools and camps for what the most warranted statements or justified beliefs are within the
field of study
See book Section 7.2.3
Explain the precautionary principle, and in particular the concept of reversed burden of proof, as
defined in the curriculum. Use the following example to illustrate the concepts: You have a new
product that you would like to produce and sell. It is potentially hazardous.
Why do you think some people consider the principle a threat to value creation?
Solution
Definition: a principle expressing that if the consequences of an activity could be serious and subject
to scientific uncertainties, then precautionary measures should be taken, or the activity should not
be carried out
Book p. 218
Reversed burden of proof: there is initially a red light – your product is unacceptable (not safe) -
which is only switched to green – the product is acceptable (safe) - when there is convincing evidence
of harmlessness. The burden of proof is reversed.
According to statistical principles – the standard approach - the null hypothesis is that the product is
acceptable, and strong evidence must be provided to show harmfulness that would warrant
restricting the product.
The traditional perspective stresses the costs (interpreted in a wide sense) of erroneously taken
protective measures, whereas the precautionary perspective stresses the costs of an erroneous lack
of protective measures.
Clearly if the PP is applied too strictly there will be less new products and innovation: as products
would not be introduced before you have done tests etc which could take very long time and be very
resource demanding to obtain the formal ‘green status’ of a very safe product.
How could uncertainty be reflected in a cost-effectiveness analysis? Hint: consider the cost-benefit
ratio C/B.
How would you explain that some political parties are more positive than others towards the use of
cost-benefit analysis to support societal decision-making?
Solution
Refer to the setup of Section 9.2, a cost-effectiveness index, E[C]/E[B], is computed, where C denotes
the cost of the measure and B the benefits of the measure, for example, expressed through the
number of saved lives. A probability distribution for C/B could be derived, including a strength of
knowledge judgment (this is problem 9.10).
Because CBAs are to large extent based on expected values and give rather little weight on risks and
uncertainties – and thus give weight to development and growth more than protection, which is
more in line with the policies of some parties than others
Tom is an expert in communicating health risk to the public. Discuss to what extent he then also
needs to be an expert on risk science.
Is the curriculum presenting generic or applied risk science? Explain.
Solution
Risk science is the most updated and justified knowledge on risk fundamentals (concepts), risk
assessment, risk perception, risk communication and risk management and governance. So yes he
needs to have the best knowledge on risk communication but also other areas in particular
fundamentals – he cannot communicate health risk in a good way without being updated on for
example the best concepts and principles to understand and communicate risk in general. In addition
he needs specific knowledge in relation to health.
Most generic:
Generic, fundamental concepts, principles, approaches, methods and models for risk analysis (risk
understanding, risk assessment, risk perception and communication, risk management and
governance
But many illustrating examples of use of this generic knowledge are provided, these examples can be
seen as applied risk science
A person states that the probably that the future global temperature will increase with more than 1
degree Celsius in the coming 50 years is at least 0.90. Provide an explanation/interpretation of this
probability statement. What do we call this type of probability?
Is there uncertainty about this probability relative to an underlying ‘true’ probability? Explain.
Solution
It is an imprecise knowledge-based (subjective, judgmental) probability; it expresses that the person
has the same uncertainty or degree of belief for this event (the future global temperature will
increase with more than 1 degree Celsius in the coming 50 years) to occur as randomly drawing a red
ball out of an urn comprising 100 balls where at least 90 are red.
No, as there is no underlying true probability to compare with. However, the supporting knowledge
could be more or less strong and even wrong.
You are considering two projects, I and II. The projects are characterized by known frequentist
probability distributions of the consequences (i.e. benefits, profit) C as follows:
Solution
Pf(C=0): the fraction of times the consequences is equal to 0 if we could consider an infinite (very
large) number of similar projects of type II
Ef[C]: the average value if we could consider an infinite (very large) number of similar projects of type
II
If you have a large number of such projects, project II is most attractive as it gives the best average
value. In general it is not possible to say as it depends on the decision maker’s preferences. Project II
may for example be rejected because of rather high probability of a loss of 100.
VaR = 0 ( 0 is the value so that P(C ≤ VaR) = 0.90 (or at least 0.90) – for project I the level is not 90%
but 99%
Suppose now in this problem that the probabilities in the table above (problem 2) express a risk
analyst’s degrees of belief.
Consider a risk characterization (C’,Q,K). Explain what this characterization means in relation to the
table. How would you extend the characterization given by the table to make it in line with the
recommendations of the curriculum.
Suppose the probabilities in the table are conditional on an assumption V. In case this assumption is
not correct, there is another similar table characterizing the risk. Suppose there is considerable
uncertainty about the correctness of V. A risk analyst suggests dealing with this issue by assigning a
probability of V being correct and presenting risk by a new updated probability distribution (C’,P).
What is your response to this suggestion? Does it solve the issue of reflecting the risk related to the
assumption?
Solution
So the probabilities P are knowledge-based probabilities.
C’: the consequences specified in the table (-100, 0, 100)
Q: P
(C’,Q,K): would like to add Strength of knowledge judgments (SoK) to P, and the knowledge that the
assessment Q and C’ are based.
Could also consider other C’ values.
No, need to include SoK: P in the tables and P(V) could to varying be based on strong knowledge and
that needs to be reflected.
Use the boulder example from the curriculum to explain what vulnerability means. Use both symbols
and daily language.
Discuss in general to what extent a system that is considered not vulnerable (i.e. is robust) could
have undesirable consequences for some possible events A.
Solution
A: boulder dislodges from the ledge
Vulnerability: (C,U|A) potential for fatalities or injuries given the boulder is dislodged from the ledge
– combination of fatalities/injuries C and associated uncertainties U, given event A
Two main points:
i) not vulnerable (robust) means that the conditional ‘risk’ (description), (C’,Q,K|A’), is
judged small for a given A’ - and hence not likely undesirable consequences occur - but
there is some probability so undesirable consequences may occur, also surprises may
occur relative to the knowledge of the analysts leading to undesirable consequences.
ii) for some As, we cannot require i) but the total risk contribution (A’,Q,K) should be judged
small - for such As it could be rather likely to have undesirable consequences.
Suppose for scenario 1, an expected number of fatalities of 10 is specified. And suppose no fatalities
for the other scenarios. Suppose the expected rate of fires is 2 per year.
Compute the PLL value for this tree and a FAR value assuming the number of exposed hours in a year
is 1 million.
What changes are needed to compute P(N ≥ n), for n=1,2, … and N being the number of fatalities.
Discuss to what extent PLL and FAR in this example can be good individual risk metrics.
Solution
P(scenario 1|fire) = 0.1 x 0.3 x 0.5 = 0.015 = 1.5%
P(fire scenario 1) = 0.015 x 2 = 0.03 (a good approximation)
Expected number of fatalities= 10 x 0.03 = 0.30
PLL = 0.30
FAR = (0.30/106)108 = 30
Need to specify probabilities for different numbers of fatalities for scenario 1, we need P(N=n|fire
scenario 1) or P(N ≥ n|fire scenario 1)
PLL is not a good metric as such as it just presents the expected number of fatalities per year. If we
divide it on the number of people exposed which produces the average individual risk (AIR) and the
people have about the same level of risk, this is suitable as an individual risk metric.
FAR is suitable if the persons exposed have about the same risk level.
Problem 6
i) A person states that the main purpose of a risk assessment is to improve the
understanding of risk and in this way reduce risk. Is the person right, according to the
curriculum? Explain.
ii) Discuss to what extent the purpose of risk assessment is to accurately determine risk.
Solution
i) It is not accurate.
A main purpose is to improve the understanding of risk and this could lead to reduced risk, but not
necessarily: risk assessment can also be used as a basis for a selection of an alternative with higher
risk.
ii) This is not a general formulation of the goal of a risk assessment according to the curriculum. We
may seek to accurately determine (estimate, predict) C’ but a main goal of the assessment is also to
characterize the uncertainties related to the judgments about C’.
The idea is more relevant when the thinking (perspective) is that there exists an underlying true risk
that one seeks to estimate (for example if risk was defined by (C’,Pf)). However, if that was the case,
risk assessment would fail in case of large uncertainties as accurate estimates cannot be made. Also
it can be a problem to define that underlying true risk.
a)
A person perceives the risk related to an event as high noting that the event is of a new type,
the knowledge is weak, there is delays in effect and there is a potential for severe
consequences. An expert claims that this person overrates the risk. Is the expert right?
Explain.
.
b)
A person argues that trust in relation to public safety is not really what we aim at, rather it
should be ‘critical trust’. Discuss this view.
Solution
a) The expert could be right as risk perception theory concludes that people amplify risk in such
cases. However, it may be problematic to conclude that the risk is overrated. Overrated
indicates there is a reference level to compare with but that may not be the case, in
particular in cases of large scientific uncertainties.
b) The book argues for a critical trust, not a blind, acceptance trust. A point being made is that
authorities are faced with dilemmas and to avoid panic etc. they may not be fully open about
certain issues, there could also be overall goals and policies that make them not be fully
open. Thus people need to be somewhat critical not accepting everything and have
questions, without being going to the extreme of rejecting everything (distrust).
Problem 8
Nina is risk manager in a company and considers removing some risks from the action table because
they are judged very small. Discuss to what extent this is a good policy.
Solution
See problem 8.13 and p. 359 in book. It is possible to give good answers to problem 8 without talking
about de minimis risk as in Problem 8.13 in the book.
One can argue that no risk should be fully ignored, always have them on the list acknowledging that
surprises can occur, the knowledge/assumptions can be wrong, and think resilience and robustness.
At the same time as discussed on page 359, there are resource limitations and therefore some risks
need to be given priority to and others not – then the text on p. 359 is relevant.
Problem 9
A person states that ICAF is the ratio between the cost and the number of saved lives. Is the person
right? Explain.
Another person states that it would a good idea to define VSL by saying that VSL/M is the maximum
one is willing to pay to reduce the expected number of fatalities by 1/M, where M is a large number,
for example 1000. What is your comment to this suggestion?
Solution
We normally define ICAF by the ratio of expected cost and expected number of saved lives for a
measure.
It may be a good idea as the normal definition refers to a reduction in the expected number of
fatalities by 1 which could be outside the range of interest. By the factor M, a more reasonable range
is considered and it may be easier to specify VSL. Often VSL is specified as a general rule and one
does not need to make specifications for each project or measure.
Problem 10
Risk science is the most updated and justified knowledge on risk fundamentals (concepts), risk
assessment, risk perception, risk communication and risk management and governance.
Is this knowledge static in time? Explain. Can it be contested? Is science one voice? Discuss
Solution
No as for any science, it develops over time, it is the most updated and justified at a specific point in
time. Yes what is the best is always discussed/contested, typically there are different schools,
advocating for their perspectives and beliefs. This also means that science is not one voice. It is
highly problematic when trying to reduce science to one view as developments require discussions
and beliefs are questioned etc.
A) Explain how risk is defined in curriculum.
A) We consider a future activity [interpreted in a wide sense to also cover, for example, natural
phenomena], for example the operation of a system, and define risk in relation to the
consequences (effects, implications) of this activity with respect to something that humans
value. The consequences are often seen in relation to some reference values (planned
values, objectives, etc.), and the focus is often on negative, undesirable consequences. There
is always at least one outcome that is considered as negative or undesirable. Risk is the
consequences C of the activity and associated uncertainties U.
B) Give also a general risk description and present briefly the key components.
A) A general risk description is the triplet (C’,Q,K), where C’ is some specified consequences, Q a
measure of uncertainty associated with C’ (typically probability), and K the background
knowledge that supports C’ and Q (which includes a judgment of the strength of this
knowledge)
C) What are the main benefits of such a set-up, i.e. distinguishing between how we define
risk and how we describe risk?
B) This allows for different descriptions of risk to be used depending on the situation at hand. It
also stimulate discussion and reflections what is a good description of risk
Besides being able to label past events, how does the Black swan metaphor as defined by Aven
improve risk analysis?
Besides being able to label past events, the Black swan metaphor as defined by Aven improve risk
analysis by putting more focus on the knowledge supporting the risk description. It suggests that
surprises relative to one’s beliefs may occur which in terms means that the knowledge supporting
the risk description should be highlighted/investigated. A key point is that the knowledge could be
wrong, and surprises occur. The focus on the metaphor helps us addressing that type of issue and
risk
A risk analyst has introduced a Bernoulli probability model with parameter p, the probability
that a new type of law will be passed. The analyst has further specified a 90% credibility
interval for p, to inform the management of a company that will be affected by the law.
A) Do you agree with this approach? Why/why not?
.
.
B) Generally, in what sense does an approach like this (Bernoulli probability model with
parameter p) address both variation and uncertainty? Illustrate with an example.
A) The approach should not be used in this case. It assumes that there exists a true frequentist
probability of the law being passed. However, this is a unique situation where a frequentist
probability cannot be meaningfully defined or estimated.
B) We can think an experiment where a pin is thrown and either will land with the tip down or
up. In such a case, the parameter p reflects the variation in the outcomes if the experiment
was repeated a huge number of times. The credibility interval reflects my uncertainty about
the value of p.
A risk analyst states that probabilities only should be introduced in risk assessments if there
is enough data available to estimate them precisely.
A) Given what you have learned in this course, what would your response be?
.
.
The analyst further states that avoiding the worst outcome should always be the sole focus
in risk assessments when probabilities cannot be estimated precisely.
B) Present an argument against this statement.
A) The statement assumes that the only type of probabilities that can be used in risk
assessments are frequentist probabilities. However, subjective probabilities, expressing the
analyst’s degree of belief, can also be used. Supplemented with strength of knowledge
considerations, such probabilities can convey insights about risk even when data is scarce.
B) Two arguments discussed in class:
- A worst case is hard to define. In practical situations, one could almost always think of a way
the outcome can be worse.
- Outcomes with very, very low (subjective) probability can be given too much weight in the
decision-making.
A) Based on the distribution, give a 90% credibility interval and provide an interpretation of
this interval.
.
.
B) Give an example of when you as a risk analyst would assign an imprecise
probability [𝑃(𝐴),𝑃(𝐴)] and provide an interpretation this probability statement.
A) A 90% credibility interval is [0.5, 0.6] (or [0.3, 0.5]). The assessor has the same degree of
belief that λ is in the interval as drawing a red ball out of an urn where 9 out of 10 balls are
red.
.
.B) As input to my risk assessment, I may have two experts expressing P(A)=0.2 and P(A)=0.3.
Then I could express my uncertainty about the occurrence of A with the imprecise probability
[0.2, 0.3]. The statement means that I compare my uncertainty about the occurrence of A
with drawing a red ball out of an urn with 10 balls where 2 or 3 balls are red.
A) Give an example of how a coarse risk analysis method could be used in conjunction with
event tree analysis. You can for example use the context of a tunnel risk assessment to
illustrate.
.
B) You are carrying out a road tunnel risk assessment. The client who has ordered the
assessment tells you that they plan to use PLL=0.2 as the criterion to decide upon acceptable
risk for the tunnel. Do you support this approach? Why/why not?
A) Coarse risk analysis is first carried out to obtain a crude risk picture with modest effort. We
can think of a situation where the coarse analysis identifies an event that could have
catastrophic consequences if it were to occur, for example a severe car fire during a traffic
jam in the tunnel. To study the consequences more in detail, and to assign probabilities to
the different outcomes of the event, an event tree analysis is carried out..
.
B) PLL is the expected number of fatalities (typically for a year) and has limitations in the way
risk is reflected. Hence, it should not be used as a sole criterion for accepting the risk. There
could be large deviations from the expected value, an aspect better captured by a f-N
diagram. The strength of knowledge supporting the PLL number is neither taken into account
with the approach. The assessment results should also be considered in light of the ALARP
principle.
One day you get a call from a person claiming she is working in a facility dealing with
different kinds of genetically modified species. She is concerned. Very concerned.
Particularly about how they manage the risk involved. She has seen you on television and
knows you are a reputable expert within the risk field and decided to call you up and ask for
advice on how they should go about manage their risk. Her first question is:
A) What are the main strategies for risk management?
.
.
She says she is particularly concerned about spilling such species into the environment and
the long-term effects it might have. She even mentions deep uncertainty. She continues to
ask:
B) What strategies would you recommend us to focus on and why?
A) The main strategies for risk management are:
1) Risk assessment informed strategies
2) Robustness, resilience-based strategies and cautionary/precautionary based strategies
3) Dialogue based strategies
.
.
B) Here she could use Risk informed strategies, identifying potential events, assessing the
uncertainty involved, producing strength of knowledge judgements as well as making
considerations about black swans in order to provide the decision maker with insights about
the risk involved. Moreover, due to the uncertainty involved, she could also make use of
cautionary/precautionary based strategies letting caution be the ruling principle, for example
by not continue with the activities they do, or by implementing measures even if they are
inefficient seen from a purely economic standpoint. They could also make use of principles
for resilience and robustness improving the capability to cope with surprises.
Assume that the reliability of each detector is pn=0.9 and that the reliability of the deluge
system is pDS= 0.99. Further, assume that the components fail independently.
A) Calculate the reliability of the system exactly for both strategies.
.
.
B) List the minimal cut sets and calculate the reliability approximately.
A) Strategy A
- Reliability: (1-qD1qD2)(1-qD3qD4)pDS = 0.970299 ≈ 0.97
Strategy B
- Reliability: (1- (1-pD1pD3)(1-pD2pD4))pDS= 0.954261 ≈ 0.95
.
.
B) Minimal cut sets Strategy A
- (D1,D2) (D3,D4) (DS)
Approximation: 1-(qD1qD2 + qD3qD4 + qDS) = 0.97
Minimal cut sets strategy B
- (D1,D2) (D1,D4) (D3,D2) (D3, D4) (DS)
- Approximation: 1-(qD1qD2 + qD1qD4 + qD3qD2 + qD3qD4 + qDS) = 0.95
Suppose you are the chief risk officer in a multinational mining company. Some of your risk
analysts say there is a considerable risk related to the working environment in one of the
mines. Besides heat, humidity and darkness, the workers are exposed to a fine grained type
of dust, which may cause cancer. To meet this risk, one option is to install a vent system
which removes the fine grained dust. This is expected to cost of 40 mill dollars and is
expected to save 10 lives during the lifetime of the mine.
.
A) How would you decide upon whether to install the vent system using
ICAF? Make assumptions as necessary
.
B) What are the advantages and disadvantages of using this approach?
A) ICAF = 40/10 = 4mill dollar. Suppose the company defines the value of a statistical life to be
VSL=5 mill dollars. Then ICAF<VSL and the measure should be implemented. .
.
B) Advantages: Easy to calculate and easy to compare measures
Disadvantages: The background knowledge is not highlighted.
The method does not see beyond expected values
What is the difference between applied risk analysis and generic risk analysis?
.
.
Give an example of generic risk analysis?
Applied risk analysis supports risk knowledge generation and communication in relation to specific
activities and supports the tackling of specific risk problems or issues.
Generic risk analysis covers generic concepts, principles, approaches and methods on how to
understand, assess, characterize, communicate, manage and govern risk.
.
.
One example is the research done at the university of Stavanger, where they do research related to
inter alia generic concepts, principles, approaches and methods on how to understand, assess,
characterize, communicate, manage and govern risk.
A) Suppose we define risk = “the probability of an unfortunate event occurring”. Present an
argument against this definition of risk.
.
B) Suppose we define risk = “Value at Risk”. Present two arguments against this definition of
risk
A) 1) The definition does not highlight the knowledge supporting the probability. Another
argument is that it does not reflect the consequences of the event
.
B) 1) Value at risk does not say anything about the “shape” of the distribution beyond the
quantile value. 2) Nor does it reflect the knowledge which this number is based on.
A) Explain the concept of resilience.
A) Resilience is a system’s ability to sustain and restore its functionality given some disruption,
threat, hazard and/or opportunity
B) Give an example how risk considerations can contribute to resilience.
A) One example is hazard/threat identification. This helps identifying what disruptions, threats,
hazards and/or opportunities that may occur.
C) If a system is judged antifragile, would you say that there is still risk for bad outcomes?
Why/why not?
C) Yes, there is still risk as there is still a potential for bad outcomes, negative consequences
and associated uncertainties.
A risk analyst has introduced a Bernoulli probability model and estimated the parameter p, the
failure probability of a safety barrier given an initiating event A, to be p= 0.015.
A) Provide an interpretation of p
.
B) Is it correct to say that p is a measure of the analyst’s uncertainty? Why/why not?.
.
The analyst further states that she has confidence in the estimate as she has generated the quite
narrow 90% confidence interval [0.013, 0.017].
C) How should her statement be interpreted?
A) The parameter p is interpreted as the fraction of times the safety barrier fails given event A,
if the situation was repeated over and over again, towards infinity.
.
B) No, p* is the analyst’s best estimate of p, and as such, is not a measure of the analyst’s
uncertainty.
.
C) If the “experiment” of generating the interval was repeated over and over again, towards
infinity, p would be in the interval 90% of the times. When the interval generated is narrow, the
analyst feels confident that p* is quite close to p.
Task 4A risk analysis group is asked to do a fire safety risk assessment of a new large mall. The mall
has a novel design and uses new types of surface materials with unknown fire properties. The
group has to decide which risk analysis method to use in order to provide an estimate of how
much the assessment will cost the client. They use a risk-based approach and reason that large
mall fires with fatalities are very rare, and hence, the expected consequences are moderate.
Based on this reasoning they choose standard risk analysis.
A) Do you agree with their choice? Why/Why not?
.
.
B) Give a simple example (one or two sentences) of what each of the following risk analysis
methods could be used for in the above mall risk assessment.
SWIFT
FMEA
Fault tree analysis
Bayesian networks
Event tree analysis
A) No, they have to also consider uncertainty factors that can lead to large deviations from the
expected value. In this case, this should lead to the conclusion that a model-based risk analysis
should be chosen. There are uncertainty factors such as novel design and new materials present
that could lead to large deviation from the expected value.
.
.
B) SWIFT - Identify initiating fire events to be analysed further. For example, what if there is
a fire outbreak in the kitchen of the large café mid-day?
FMEA – Identify and rank failure modes for the fire alarm system
Fault tree analysis - Assess the probability of failure in a safety barrier, e.g. a sprinkler system.
Bayesian networks - Assess likely causes of a severe fire event to find suitable preventive
measures.
Event tree analysis - Assess possible outcomes, with associated probabilities, given an initiating
fire.
An investment expert assesses the value of a particular investment one year from today. He
states that he is 90% certain that the value will be in the interval [1000000$, 1300000$].
.
A) Provide an interpretation of the statement.
.
B) What type of interval has the expert specified?
.
C) Would it be sound for a decision-maker to require any additional characterization of the
uncertainties involved? Why/why not?
A) The expert states that his belief that the investment is in the interval one year from now is
the same as drawing a favourable ball out of an urn with ten balls where nine are favourable. .
.
B) Prediction interval .
.
C) Yes, the strength of knowledge is not reflected by the interval. The following should for
example be considered by the decision-maker:
Is there relevant data available to support the judgement?
Would other experts agree?
Do the prediction models used tend to provide accurate results?
Is there uncertainty associated with the assumptions made?
Below is a fault tree diagram with the top event that the reserve parachute of a skydiver fails.
Assume that the basic events are independent and the following probabilities:
q1 = 0.2
q2 = 0.05
q3 = 0.1
q4 = 0.005
A) Calculate the probability of the top event approximately by using the minimal cut set
approach.
.
B) Calculate the probability of the top event exactly.¨.
.
.
C) Say you got updated knowledge that failure of the auto activation device in some cases
causes the rip chord to break. Would you conclude that the top event probability should be
lower, the same, or higher than your initial estimate? Why/why not?
A) P(top event) ≈ q1q2+q1q3+q4 = 0.20.05 + 0.20.1 + 0.005 = 0.035
.
.
B) P(top event) = 1 – p4[1 – q1(1 – p2p3)] = 1 – 0.995[1 - 0.2(1 – 0.95*0.9)] = 0.033855
.
.
C) Higher. The new knowledge indicates that Event 1 has a higher probability than 0.2 if
Event 3 or 4 occur.
You are involved in carrying out a tunnel safety risk assessment. A member of the team suggests
to characterize the risk with a PLL value, supplied with SoK judgements. Since you have taken
RIS500, you immediately recognize that this approach does not sufficiently highlight the
possibility of large-scale accidents in the tunnel.
A) What alternative risk characterization/risk picture would you suggest in order to better
highlight the possibility of large-scale accidents?
.
.
B) Give an example of a situation where an expected value, supplied with strength of knowledge
judgements, could be an informative way of characterizing risk.
A) An approach that shows the consequences and probabilities in two separate dimensions
should be chosen, supplied with SoK judgments. For example, a f-N curve or a probability
distribution over the number of fatalities.
.
.
B) In situations where it is considered extremely unlikely that the outcome will deviate much
from the expected value, typically when we consider large populations. For example, we can be confident that the number of traffic deaths in Norway in 2021 will be quite close the previous
5-year average.
A) What is the cautionary principle?
A) The cautionary principle is a principle that says that if the consequences of an activity could
be serious and subject to uncertainties, then cautionary measures should be taken, or the activity
should not be carried out.
B) Discuss to which extent the principle supports protection or development
B) Following the principle means that when facing uncertainty caution should be the ruling
principle. Accordingly, we can implement risk reducing measures even if they are seen as
inefficient seen from a purely economic standpoint (or in the more extreme cases, not starting
the activity considered at all). Hence, we go beyond the expected benefits of the risk reducing
measures, meaning that protection is highlighted rather than development.
A) What is the purpose of management review and judgement?
A) The risk analysis can have limitations and weaknesses. It might for example be scoped so
that it does not address political risk or be based on many assumptions that are more or less
strong. There might also be other types of analysis, say economic analysis, as well as other
perspectives that are not taken into consideration in the assessment. The decision maker needs
to take all of this into consideration when making a decision. Moreover, the decision maker
might also have different knowledge than the analyst and can also ask critical questions, and
potentially find potential black swans.
) What does it mean that the risk assessment informs the decision? (as opposed to the
decision being risk based)
B) As indicated in A) the decision basis is made up of more than just a risk description, hence
we say that the risk assessment informs, or supports, the decision. It does not ‘automatically’
prescribe what the decision should be.
A) What is applied risk analysis? Also give an example
A) Applied risk analysis supports risk knowledge generation and communication in relation to specific
activities and supports the tackling of specific risk problems or issues.
Examples are for example the risk analysis of climbing mount Everest or risk analysis of attacks
on SCADA systems.
B) Explain how generic risk analysis provides insights to applied risk analysis.
B) Generic risk analysis covers generic concepts, principles, approaches, and methods on how
to understand, assess, characterize, communicate, manage and govern risk. This knowledge can
be used for solving real risk problems and issues.
C) Explain the role of experts in Risk analysis? Give also an example.
C) In risk analysis we distinguish between two types of experts. Experts providing knowledge
about the activity under consideration and experts in risk analysis. They both contribute to the
applied part and the generic part of risk analysis.
As an example, we can consider the applied case of doing a risk assessment related to the spread
of a virus. One kind of expert could be a physician providing insights into how the virus
develops and infects other people. Another kind of expert could be a risk analysis expert
providing insights into what strategies we can use in order to manage the risk.
