hei Flashcards

Question

The following barrier block diagram represents a technical system with six components:

Answer 1

Minimal cut sets: {1,5}, {2,5}, {1,3,4}, {2,3,4}, Exact: Unreliability of parallel system 3-4: 0.2 x 0.2 = 0.04 Reliability of series system 3-4 and 5 : 0.96 x 0.80 = 0.768 Reliability of series system 1-2 : 0.8 x 0.8 = 0.64 Unreliability of parallel of these two systems: 0.36 x 0.232 = 0.08352 Approximation method: Unreliability ≈ q1q5 + q2q5 + q1q3 q4 + q2q3 q4 = 2 x 0.2 x 0.2 + 2 x 0.2 x 0.2 x 0.2 = 8 * 10-2 + 1.6 x 10-2 = 0.096

Answer 2

See book The approach identifies failures in a system by failure of individual units of the system, looks at its effects and also discusses likelihood in relation to these failure and effects. This provides some insights about risk, but many aspects are not covered, for example that severe losses and consequences can be the result of simultaneous occurrences of events. The approach can be seen as an input to a more comprehensive risk assessment. SoK knowledge judgements for the likelihoods should also be included but are not commonly included. See book

Answer 3

The key is that the risk assessment results should not prescribe what to do, as risk assessments have limitations in capturing all aspects of risks and uncertainties, and there are also different values (we may all agree on the risks, but disagree on what to do as we have different values, what is important, how much weight to give to uncertainties, how to balance protection and development) Managerial review and judgement: process of summarising, interpreting and deliberating over the results of risk assessments and other assessments, as well as of other relevant issues (not covered by the assessments), in order to make a decision The managerial review and judgment is the process between risk assessment and the decision-making.

Answer 4

See book. Value of a statistical life: the maximum you are willing to pay to reduce the expected number of fatalities by 1. The key point is that the CBAs are based on expected values which do not reflect well risk and uncertainties. SoK judgments are also commonly lacking.

Answer 5

Knowledge: justified beliefs Generic risk science: knowledge relates to the development of generic concepts, principles, approaches and/or methods on how to understand, assess, characterise, communicate, manage and govern risk

Answer 6

No, the risk science does not provide answers what are the best decisions, it does not take a stand on what we should do. The weight we give to uncertainties and risks are not scientific, but ethical, political ... It can still be useful as it provides support for how to think and generate a basis for making the decision. It helps us for example characterizing the climate change risk

Answer 7

Interpretation of P(A|K): The team has the same uncertainty and degree of belief for the event A to occur as randomly drawing a red ball out of an urn that comprise 100 balls and where 95 are red. Imprecise probability P(A|K) ≥ 0.95: The team has the same uncertainty and degree of belief for the event A to occur as randomly drawing a red ball out of an urn that comprise 100 balls and where 95 or more are red. The assessor is not willing to be more precise. Alternatively the team expresses that the probability is at least 0.95, where 0.95 is interpreted as above. The team is not willing to be more precise.

Answer 8

p= the fraction of time the event ‘C=1’ occurs if we could repeat the situation considered over and over again (i.e. throw the die over and over again) infinitely under the same conditions We could assign P(p=1/6) and P(p=1/3) (where the sum is 1), for example 0.5 for each. These probabilities are conditional on my knowledge K.

Answer 9

The event ‘an event occurring with at least 1 fatalities’ is a severe event so the probability is of interest, but also other numbers should be covered, for example more than 10 fatalities, more than 100 fatalities etc. In addition, the characterization should include the knowledge that the probability is based on and in particular a judgment of the strength of this knowledge.

Answer 10

See book Because it gives focus on the potential for surprises relative to risk numbers and assessment results – the surprise aspect and the unforeseen is a risk issue but often not given enough attention in risk assessment and management. Events could have been overlooked in the assessments, or ignored because of low judged probabilities – the metaphor stimulates further reflections in such situations: is there a potential for surprise. Can we improve our methods to better meet potential surprises.

Answer 11

Minimal cut sets, 134, 156, 234, 256, Minimal path sets: 12, 35, 36, 45, 46 P(System failure) ≈ q3q4 + q5q6 = 2 * 10-2 = 0.02

Answer 12

Yes to help understand and describe risk to identify risk sources, threats, hazards and opportunities; understanding how these can materialize/occur, trigger events/event sequences, and what their consequences can be; representing and expressing uncertainties and risk; and determining the significance of the risk using relevant criteria. This can be done when the uncertainties are small or large. So they can be useful and provide decision support, on choices of measures and arrangements, the need for such measures and arrangements, etc.

Answer 13

The ALARP principle says that risk should be reduced to a level that is As Low As Reasonably Practicable (ALARP). A risk reducing measure should be implemented unless it can be demonstrated that the costs are grossly disproportionate relative to the gains obtained (the burden of proof is reversed). Thus if there is a safety measure that can improve safety, it shall be implemented as a rule, unless you can demonstrate that the cost are in gross disproportion to the benefits gained. This means that Protection is highlighted. However, if standard CBA is used to verify ALARP which is often seen in practice, development is supported as this analysis is based on expected values: risk and uncertainties are not given much weight and the idea of the principle is not followed up.

Answer 14

VSL: how much one is wiling to pay for reducing the expected number of lost lives with 1. In a CBA we compute the expected value related to loss of lives, so if we for example expect 0.2 lost lives, a value contribution of 0.2 x 30 = 6 is computed, which is plugged into the ENPV formula.

Answer 15

The example is an example of Generic risk science, B, as it is a generic contribution which is relevant for all types of applications.

Answer 16

No, the risk science does not provide answers what is the best decision but it provides support for how to think and generate a basis for making the decision. It helps us for example characterizing the risk and understanding the balance that has to be made between different concerns (development and protection). If you decide not to jump you can say that you gave considerable weight to the cautionary principle. You weigh pros and cons but did not find the benefits large enough compared to the risks involved.

Answer 17

Risk science is the most warranted statements (justified beliefs) produced by the risk field or discipline, it is about concepts, principles, approaches and methods on how to understand, assess, characterise, communicate, manage and govern risk Risk science is the most updated and justified knowledge on risk fundamentals (concepts), risk assessment, risk perception and communication and risk management and governance. Risk science is also about the process – the practice – that gives us this knowledge. No, as not all lead to new knowledge on concepts, principles, approaches or methods on how to understand, assess, characterise, communicate, manage or govern risk. Not all risk assessment are published in risk science journals, they do not have scientific contributions in relation to risk science.

Answer 18

Knowledge: justified beliefs See youtube https://www.youtube.com/watch?v=z4E-y7CQ5- 0&list=PL1Oi4O0iZ7iagjE80latDc4lUXXboK6EX&index=16&t=0s We have some ‘knowledge’ by seeing that the die is symmetric and from that we can claim that the probability p for getting 6 is 1/6, but we cannot be sure, so if we require justified true beliefs, we do not have knowledge in this case and that does not sound meaningful. The same if we perform many trials, we do not get knowledge according to justified true beliefs which shows that the idea is not working in this context.

Answer 19

Interpretation: The analyst has the same uncertainty and degree of belief for the event (at least one fatality in that period) to occur as randomly drawing a red ball out of an urn that comprises 1000 balls and where 1 is red. It is referred to as a knowledge-based, or subjective or judgmental probability. It is not uncertain, it is the analyst’s judgment of uncertainty, but the knowledge supporting it could be more or less strong.

Answer 20

D= 0.001-p, it is subject to uncertainty as p is in general unknown: p: the fraction of time the event considered would occur if we could repeat the situation considered over and over again infinitely under the same conditions

Answer 21

A’: specified event, for example leakage C’: specified consequences, for example number of fatalities. Q: measure or description of the uncertainties about A’ and C’. Typically Q is probability P and strength of knowledge judgments (SoK) Vulnerability: (C’,Q,K|A’), as above but given the occurrence of an event. Yes A’ is the fire, and Q is probability related to fatality (C’). K should be added, as well as SoK judgments.

Answer 22

See book Section 3.4 (type b) or c)).

Answer 23

See Problem 4.15 and its solution in the book

Answer 24

The ALARP principle says that risk should be reduced to a level that is As Low As Reasonably Practicable (ALARP). A risk reducing measure should be implemented unless it can be demonstrated that the costs are grossly disproportionate relative to the gains obtained (the burden of proof is reversed). Thus if there is a safety measure that can improve safety, it shall be implemented as a rule, unless you can demonstrate that the cost are in gross disproportion to the benefits gained. This means that Protection is highlighted. It is not a good idea. If standard CBA is used to verify ALARP which is often seen in practice, development is supported as this analysis is based on expected values: risk and uncertainties are not given much weight and the idea of the principle is not followed up.

Answer 25

Managerial review and judgement: process of summarising, interpreting and deliberating over the results of risk assessments and other assessments, as well as of other relevant issues (not covered by the assessments), in order to make a decision The managerial review and judgment is the process between risk assessment and the decision-making. The key is that the risk results should not prescribe what to do, as the risk assessments have limitations in capturing all aspects of risks and uncertainties, and there are also different values (we may all agree on the risks, but disagree on what to do as we have different values, what is important, how much weight to give to uncertainties, how to balance protection and development). There is a gap between the risk assessment results and the decision.

Answer 26

In recent years, calls have been made for a shift from risk to resilience, for example by the former UN Secretary-General Ban Ki-moon (UNISDR 2015). The basic idea is that we need to be prepared when threatening events occur, whether they are anticipated or unforeseen. Is the call based on a belief that the risk field and science should be replaced by resilience analysis and management, or is it more about priorities: more weight should be placed on improving resilience? It is the latter, and resilience is a key aspect of modern risk science so there is no conflict.

Answer 27

a) No, as risk is not historical data, risk relates to the future, 4 can provide input to describe risk but there is a fundamental leap between what is observed in the past and what will happen in the future. Risk is a combination of future unknown consequences C, and associated uncertainties, and clearly 4 is different from (C,U). . b) No, we do not estimate the risk (C,U), but we describe it by (C’,Q,K). 4 can be seen as an estimate of C, but C is not the same as risk. If risk were defined by the expected number of fatalities (using frequentist probabilities), we could have spoken about 4 being an estimate of risk, but that is not as defined in the curriculum.

Answer 28

c) No, subjective (knowledge-based) probabilities can always be determined/assigned (although the supporting knowledge is weak). d) A frequentist probability is a model concept and needs to be justified, for unique situations it cannot be meaningfully defined, as the concept needs repetition of the situation considered over and over again infinitely.

Answer 29

N= number of fatalities next month Interpretation of 90% prediction interval [100,200]: P(100 ≤ N ≤ 200)|K) = 0.90, where P is a knowledge-based probability and K is the background knowledge that the probability is based on. Thus the judgment is that with 90% probability the number of fatalities will be between 100 and 200 given this knowledge K. 90% probability: Same uncertainty as randomly drawing a red ball out of an urn having 100 balls where 90 are red. Not necessarily, the new knowledge may for example reveal that an assumption is wrong and lead to a wider interval. Yes, this is in line with risk science, the assumptions are important elements of K and should be presented (as the rest of the K in (C’,Q,K)). The sensitivity and importance of the assumptions should be addressed by seeing how the results are affected by changes in the assumptions. One could discuss how reasonable/justified they are, and also an assumption- deviation-risk analysis could be performed, i.e. analysing what deviations from the assumptions could occur and what consequences such deviation would have for the risk description. This could be performed by considering 1) the magnitude of a potential assumption deviation, 2) how likely the deviation is, 3) the consequences given a deviation, and 4) the strength of knowledge supporting the likelihood judgements.

Answer 30

Because it may turn out that events occur that the analysts did not foresee or think about in their analysis. The risk assessments reflect the analysts’ knowledge, but this knowledge could have holes or be wrong. The focus on potential surprises and black swans aims at meeting this challenge, for example by identifying areas where the analysts lack knowledge but there is available knowledge elsewhere (unknown knowns), or by critically examining assumptions made in the risk assessments. Only a small category of surprises and unforeseen events would then be addressed.

Answer 31

The figure below shows the difference, risk perception may also include how the person like or dislike aspects of the risk, as well as aspects of affect (emotions) and trust, also acceptability – which are not the case of a professional judgment (C’,Q,K) No, this person’s perception may represent a conscious judgment of risk and the uncertainties (C,U), using (C’,Q,K) type of consideration and therefore be completely different than the professional who refers to risk as expected value, E[C’], which har strong limitations in reflecting all aspects of risk (the specter of consequences and uncertainties).

Answer 32

The main purpose is to improve the understanding of risk, and in this way support relevant decision making. It cannot be considered successful from a risk science perspective as risk is poorly described and could lead to poor risk understanding (the problems with traditional risk matrices are many, including that the specter of consequences may not be revealed and that the strength of knowledge supporting the probabilities are not reflected). The campaign may still be successful according to the social or political goal of the campaign (for example get people not to smoke).

Answer 33

The precautionary principles states that if faced with a situation where the consequences could be serious, and is subject to scientific uncertainties, the precautionary measures should be taken or the activity should not be carried out. Hence it can be argued that the conditions are there, for applying the principle and implement measures to reduce the risk (as we have seen in all countries, ranging from total lockdowns to less dramatic interventions). No, the principle applies when traditional science is not able to provide clear guidance (because of the uncertainties). A key precautionary measure is research to gain more knowledge.

Answer 34

VSL: The maximum one is willing to pay to reduce the expected number of saved lives by 1. In CBA we calculate expected values, and the contributions from reducing the expected number of saved lives by EN, is thus VSL ⸱ EN. ICAF is the Implied Cost of Averting a Fatality, and is derived by computing the expected cost of the measure considered per expected lives saved. For example, a measure may have an ICAF = 100 million NOK. Then if VSL = 30 million NOK, it is clear that the measure cannot be justified as 30 is the maximum one is willing to pay to reduce the expected number of lives by 1. Hence if ICAF > VSL, not implement measure, if ICAF ≤ VSL, implement measure.

Answer 35

The principle says that the risk should be reduced to a level as low as reasonably practicable. A measure that can be improve safety should be implemented unless it can be demonstrated that the costs are in gross disproportion to the benefits gained. As such it can be said to favor protection and safety as the rule is to implement measures that support this. Only in the ‘extreme’ case that you are able to demonstrate that the costs are ‘extreme’ you are ‘allowed’ to not implement the measure. If CBA is used, with its weight on expected values, risk and uncertainties are not really focused, and consequently nor protection/safety. More weight is on development. The principle says that the risk should be reduced to a level as low as reasonably practicable. A measure that can be improve safety should be implemented unless it can be demonstrated that the costs are in gross disproportion to the benefits gained. As such it can be said to favor protection and safety as the rule is to implement measures that support this. Only in the ‘extreme’ case that you are able to demonstrate that the costs are ‘extreme’ you are ‘allowed’ to not implement the measure. If CBA is used, with its weight on expected values, risk and uncertainties are not really focused, and consequently nor protection/safety. More weight is on development.

Answer 36

Scientific uncertainties: Generic risk science (applicable across different application areas) EU case: Applied risk science as related to this specific application See appendix B

Answer 37

Solution It is a knowledge-based (subjective, judgmental) probability; it expresses that the person has the same uncertainty or degree of belief for this event (the future global temperature will increase with more than 1 degree Celsius the coming 50 years) to occur as randomly drawing a red ball out of an urn comprising 100 balls where 90 are red. No, as there is no underlying true probability to compare with. However, the person may experience imprecision problems and the supporting knowledge could be more or less strong and even wrong. The impression can lead to an imprecise probability, say at least 0.90.

Answer 38

Solution Risk: potential for the project to give a negative outcome Risk: the combination of consequences and associated uncertainties The (A,C,U) definition is not relevant as there is no natural A event to refer to It (the table) lacks considerations of the strength of knowledge supporting the probabilities, as well as considerations of the potential for other values than the 3 considered in the table. The K should be added. Risk matrix problems: does not reflect the spectre of consequences and lacks considerations of the strength of knowledge. See book p. 47.

Answer 39

Solution Threat: For example, boulder being pushed so that it dislodges from the ledge, event A Vulnerabilities: (C,U|A) potential for fatalities or injuries given the boulder is pushed and dislodged from the ledge – combination of fatalities/injuries and associated uncertainties, given event A Consequences: C, number of fatalities/injuries Need to add uncertainties to the event A. In compact form; (A,U) and (C,U|A) = “threat risk’ plus vulnerabilities (the consequence part is covered by the vulnerability) which is in line with the (A,C,U) risk perspective (see p. 16)

Answer 40

Solution Pf(C=100): the fraction of times the consequences is equal to 100 if we could consider an infinite (very large) number of similar projects of type II Ef[C]: the average value if we could consider an infinite (very large) number of similar projects of type II If you have a large number of such projects, project II is most attractive as it gives the best average value. In general it is not possible to say as it depends on the decision maker’s preferences. Project II may for example be rejected because of rather high probability of a loss of 100. The cautionary principle could be relevant, but not the precautionary principle as there are no scientific uncertainties. The person may dislike the relatively large uncertainties associated with a considerable loss (0.05 probability for a loss of 100) and reject project II, assuming the person does not have many projects.

Answer 41

Solution A fire starts, the fire spreads quickly, the sprinkler fails, people cannot evacuate leading to multiple fatalities P(scenario 1|fire) = 0.1 x 0.3 x 0.5 = 0.015 = 1.5% P(fire scenario 2) = 0.015 x 2 = 0.03 (a good approximation) (scenarios 1 and 2 have the same probability) Expected number of fatalities= 5 x 0.03 = 0.15 PLL = 0.15 FAR = (0.15/106)108 = 15 FN curve : Not possible without specifying probabilities for different numbers of fatalities for scenario 1

Answer 42

i) It is not accurate. The risk evaluation is conducted by the risk assessors, it covers judgments about the significance of the risks and rankings wrt risks, and may cover judgments about risk acceptance, for example saying that it is common to accept risk for activities with this risk level, but it does not conclude on the risk being acceptable or not as that is a management and decision maker’s task. The risk evaluation discusses the risk analysis results relative to criteria defined or reference levels. The decision maker may see beyond these criteria and reference levels. ii) It is not correct. The MRJ is formally defined as the process of summarizing, interpreting and deliberating over the results of risk and other assessments, as well as other relevant issues (not covered by the assessments) in order to make a decision. The MRJ is based on the recognition that all assessments have limitations: there are aspects not fully captured by the assessments – with small uncertainties this point may be not very critical but it will always be an aspect as the uncertainties are judged small but there could be surprises relative to these judgments and that the MRJ needs to take into account. Furthermore the decision-maker needs to take into account all aspects of importance for the decision, not only those addressed by the risk assessments, and this aspect of the MRJ is not affected by the uncertainties being judged small.

Answer 43

Solution a) These concepts are problematic in cases of large scientific uncertainties as there is not a known risk to compare with when talking about overestimation - overestimation over what? And for the overreaction, there is a problem that there is not a right decision. The risk can be amplified because of certain factors (See book Section 6.1.2 and 6.1.3), but it is unfortunate to refer to overestimation and overreaction for the reasons mentioned. b) Security. Arguments by the authorities: provide the proper guidance, based on the best science, believed to give the best advices for people – avoid chaos and panic Problems: Science is not one voice, there could be valuable insights provided by others than the authorities, openness is not highlighted, fundamental trust to authorities is lost as inclusiveness of different perspectives is not acknowledged, lack of acknowledgment of the limitations of scientific knowledge and a need for a continuous ‘battle’ between different schools and camps for what the most warranted statements or justified beliefs are within the field of study See book Section 7.2.3

Answer 44

Solution Definition: a principle expressing that if the consequences of an activity could be serious and subject to scientific uncertainties, then precautionary measures should be taken, or the activity should not be carried out Book p. 218 Reversed burden of proof: there is initially a red light – your product is unacceptable (not safe) - which is only switched to green – the product is acceptable (safe) - when there is convincing evidence of harmlessness. The burden of proof is reversed. According to statistical principles – the standard approach - the null hypothesis is that the product is acceptable, and strong evidence must be provided to show harmfulness that would warrant restricting the product. The traditional perspective stresses the costs (interpreted in a wide sense) of erroneously taken protective measures, whereas the precautionary perspective stresses the costs of an erroneous lack of protective measures. Clearly if the PP is applied too strictly there will be less new products and innovation: as products would not be introduced before you have done tests etc which could take very long time and be very resource demanding to obtain the formal ‘green status’ of a very safe product.

Answer 45

Solution Refer to the setup of Section 9.2, a cost-effectiveness index, E[C]/E[B], is computed, where C denotes the cost of the measure and B the benefits of the measure, for example, expressed through the number of saved lives. A probability distribution for C/B could be derived, including a strength of knowledge judgment (this is problem 9.10). Because CBAs are to large extent based on expected values and give rather little weight on risks and uncertainties – and thus give weight to development and growth more than protection, which is more in line with the policies of some parties than others

Answer 46

Solution Risk science is the most updated and justified knowledge on risk fundamentals (concepts), risk assessment, risk perception, risk communication and risk management and governance. So yes he needs to have the best knowledge on risk communication but also other areas in particular fundamentals – he cannot communicate health risk in a good way without being updated on for example the best concepts and principles to understand and communicate risk in general. In addition he needs specific knowledge in relation to health. Most generic: Generic, fundamental concepts, principles, approaches, methods and models for risk analysis (risk understanding, risk assessment, risk perception and communication, risk management and governance But many illustrating examples of use of this generic knowledge are provided, these examples can be seen as applied risk science

Answer 47

Solution It is an imprecise knowledge-based (subjective, judgmental) probability; it expresses that the person has the same uncertainty or degree of belief for this event (the future global temperature will increase with more than 1 degree Celsius in the coming 50 years) to occur as randomly drawing a red ball out of an urn comprising 100 balls where at least 90 are red. No, as there is no underlying true probability to compare with. However, the supporting knowledge could be more or less strong and even wrong.

Answer 48

Solution Pf(C=0): the fraction of times the consequences is equal to 0 if we could consider an infinite (very large) number of similar projects of type II Ef[C]: the average value if we could consider an infinite (very large) number of similar projects of type II If you have a large number of such projects, project II is most attractive as it gives the best average value. In general it is not possible to say as it depends on the decision maker’s preferences. Project II may for example be rejected because of rather high probability of a loss of 100. VaR = 0 ( 0 is the value so that P(C ≤ VaR) = 0.90 (or at least 0.90) – for project I the level is not 90% but 99%

Answer 49

Solution So the probabilities P are knowledge-based probabilities. C’: the consequences specified in the table (-100, 0, 100) Q: P (C’,Q,K): would like to add Strength of knowledge judgments (SoK) to P, and the knowledge that the assessment Q and C’ are based. Could also consider other C’ values. No, need to include SoK: P in the tables and P(V) could to varying be based on strong knowledge and that needs to be reflected.

Answer 50

Solution A: boulder dislodges from the ledge Vulnerability: (C,U|A) potential for fatalities or injuries given the boulder is dislodged from the ledge – combination of fatalities/injuries C and associated uncertainties U, given event A Two main points: i) not vulnerable (robust) means that the conditional ‘risk’ (description), (C’,Q,K|A’), is judged small for a given A’ - and hence not likely undesirable consequences occur - but there is some probability so undesirable consequences may occur, also surprises may occur relative to the knowledge of the analysts leading to undesirable consequences. ii) for some As, we cannot require i) but the total risk contribution (A’,Q,K) should be judged small - for such As it could be rather likely to have undesirable consequences.

Answer 51

Solution P(scenario 1|fire) = 0.1 x 0.3 x 0.5 = 0.015 = 1.5% P(fire scenario 1) = 0.015 x 2 = 0.03 (a good approximation) Expected number of fatalities= 10 x 0.03 = 0.30 PLL = 0.30 FAR = (0.30/106)108 = 30 Need to specify probabilities for different numbers of fatalities for scenario 1, we need P(N=n|fire scenario 1) or P(N ≥ n|fire scenario 1) PLL is not a good metric as such as it just presents the expected number of fatalities per year. If we divide it on the number of people exposed which produces the average individual risk (AIR) and the people have about the same level of risk, this is suitable as an individual risk metric. FAR is suitable if the persons exposed have about the same risk level.

Answer 52

Solution i) It is not accurate. A main purpose is to improve the understanding of risk and this could lead to reduced risk, but not necessarily: risk assessment can also be used as a basis for a selection of an alternative with higher risk. ii) This is not a general formulation of the goal of a risk assessment according to the curriculum. We may seek to accurately determine (estimate, predict) C’ but a main goal of the assessment is also to characterize the uncertainties related to the judgments about C’. The idea is more relevant when the thinking (perspective) is that there exists an underlying true risk that one seeks to estimate (for example if risk was defined by (C’,Pf)). However, if that was the case, risk assessment would fail in case of large uncertainties as accurate estimates cannot be made. Also it can be a problem to define that underlying true risk.

Answer 53

Solution a) The expert could be right as risk perception theory concludes that people amplify risk in such cases. However, it may be problematic to conclude that the risk is overrated. Overrated indicates there is a reference level to compare with but that may not be the case, in particular in cases of large scientific uncertainties. b) The book argues for a critical trust, not a blind, acceptance trust. A point being made is that authorities are faced with dilemmas and to avoid panic etc. they may not be fully open about certain issues, there could also be overall goals and policies that make them not be fully open. Thus people need to be somewhat critical not accepting everything and have questions, without being going to the extreme of rejecting everything (distrust).

Answer 54

Solution See problem 8.13 and p. 359 in book. It is possible to give good answers to problem 8 without talking about de minimis risk as in Problem 8.13 in the book. One can argue that no risk should be fully ignored, always have them on the list acknowledging that surprises can occur, the knowledge/assumptions can be wrong, and think resilience and robustness. At the same time as discussed on page 359, there are resource limitations and therefore some risks need to be given priority to and others not – then the text on p. 359 is relevant.

Answer 55

Solution We normally define ICAF by the ratio of expected cost and expected number of saved lives for a measure. It may be a good idea as the normal definition refers to a reduction in the expected number of fatalities by 1 which could be outside the range of interest. By the factor M, a more reasonable range is considered and it may be easier to specify VSL. Often VSL is specified as a general rule and one does not need to make specifications for each project or measure.

Answer 56

Solution No as for any science, it develops over time, it is the most updated and justified at a specific point in time. Yes what is the best is always discussed/contested, typically there are different schools, advocating for their perspectives and beliefs. This also means that science is not one voice. It is highly problematic when trying to reduce science to one view as developments require discussions and beliefs are questioned etc.

Answer 57

A) We consider a future activity [interpreted in a wide sense to also cover, for example, natural phenomena], for example the operation of a system, and define risk in relation to the consequences (effects, implications) of this activity with respect to something that humans value. The consequences are often seen in relation to some reference values (planned values, objectives, etc.), and the focus is often on negative, undesirable consequences. There is always at least one outcome that is considered as negative or undesirable. Risk is the consequences C of the activity and associated uncertainties U.

Answer 58

A) A general risk description is the triplet (C’,Q,K), where C’ is some specified consequences, Q a measure of uncertainty associated with C’ (typically probability), and K the background knowledge that supports C’ and Q (which includes a judgment of the strength of this knowledge)

Answer 59

B) This allows for different descriptions of risk to be used depending on the situation at hand. It also stimulate discussion and reflections what is a good description of risk

Answer 60

Besides being able to label past events, the Black swan metaphor as defined by Aven improve risk analysis by putting more focus on the knowledge supporting the risk description. It suggests that surprises relative to one’s beliefs may occur which in terms means that the knowledge supporting the risk description should be highlighted/investigated. A key point is that the knowledge could be wrong, and surprises occur. The focus on the metaphor helps us addressing that type of issue and risk

Answer 61

A) The approach should not be used in this case. It assumes that there exists a true frequentist probability of the law being passed. However, this is a unique situation where a frequentist probability cannot be meaningfully defined or estimated. B) We can think an experiment where a pin is thrown and either will land with the tip down or up. In such a case, the parameter p reflects the variation in the outcomes if the experiment was repeated a huge number of times. The credibility interval reflects my uncertainty about the value of p.

Answer 62

A) The statement assumes that the only type of probabilities that can be used in risk assessments are frequentist probabilities. However, subjective probabilities, expressing the analyst’s degree of belief, can also be used. Supplemented with strength of knowledge considerations, such probabilities can convey insights about risk even when data is scarce. B) Two arguments discussed in class: - A worst case is hard to define. In practical situations, one could almost always think of a way the outcome can be worse. - Outcomes with very, very low (subjective) probability can be given too much weight in the decision-making.

Answer 63

A) A 90% credibility interval is [0.5, 0.6] (or [0.3, 0.5]). The assessor has the same degree of belief that λ is in the interval as drawing a red ball out of an urn where 9 out of 10 balls are red. . .B) As input to my risk assessment, I may have two experts expressing P(A)=0.2 and P(A)=0.3. Then I could express my uncertainty about the occurrence of A with the imprecise probability [0.2, 0.3]. The statement means that I compare my uncertainty about the occurrence of A with drawing a red ball out of an urn with 10 balls where 2 or 3 balls are red.

Answer 64

A) Coarse risk analysis is first carried out to obtain a crude risk picture with modest effort. We can think of a situation where the coarse analysis identifies an event that could have catastrophic consequences if it were to occur, for example a severe car fire during a traffic jam in the tunnel. To study the consequences more in detail, and to assign probabilities to the different outcomes of the event, an event tree analysis is carried out.. . B) PLL is the expected number of fatalities (typically for a year) and has limitations in the way risk is reflected. Hence, it should not be used as a sole criterion for accepting the risk. There could be large deviations from the expected value, an aspect better captured by a f-N diagram. The strength of knowledge supporting the PLL number is neither taken into account with the approach. The assessment results should also be considered in light of the ALARP principle.

Answer 65

A) The main strategies for risk management are: 1) Risk assessment informed strategies 2) Robustness, resilience-based strategies and cautionary/precautionary based strategies 3) Dialogue based strategies . . B) Here she could use Risk informed strategies, identifying potential events, assessing the uncertainty involved, producing strength of knowledge judgements as well as making considerations about black swans in order to provide the decision maker with insights about the risk involved. Moreover, due to the uncertainty involved, she could also make use of cautionary/precautionary based strategies letting caution be the ruling principle, for example by not continue with the activities they do, or by implementing measures even if they are inefficient seen from a purely economic standpoint. They could also make use of principles for resilience and robustness improving the capability to cope with surprises.

Answer 66

A) Strategy A - Reliability: (1-qD1qD2)*(1-qD3qD4)*pDS = 0.970299 ≈ 0.97 Strategy B - Reliability: (1- (1-pD1*pD3)*(1-pD2*pD4))*pDS= 0.954261 ≈ 0.95 . . B) Minimal cut sets Strategy A - (D1,D2) (D3,D4) (DS) Approximation: 1-(qD1qD2 + qD3qD4 + qDS) = 0.97 Minimal cut sets strategy B - (D1,D2) (D1,D4) (D3,D2) (D3, D4) (DS) - Approximation: 1-(qD1qD2 + qD1qD4 + qD3qD2 + qD3qD4 + qDS) = 0.95

Answer 67

A) ICAF = 40/10 = 4mill dollar. Suppose the company defines the value of a statistical life to be VSL=5 mill dollars. Then ICAF

Answer 68

Applied risk analysis supports risk knowledge generation and communication in relation to specific activities and supports the tackling of specific risk problems or issues. Generic risk analysis covers generic concepts, principles, approaches and methods on how to understand, assess, characterize, communicate, manage and govern risk. . . One example is the research done at the university of Stavanger, where they do research related to inter alia generic concepts, principles, approaches and methods on how to understand, assess, characterize, communicate, manage and govern risk.

Answer 69

A) 1) The definition does not highlight the knowledge supporting the probability. Another argument is that it does not reflect the consequences of the event . B) 1) Value at risk does not say anything about the “shape” of the distribution beyond the quantile value. 2) Nor does it reflect the knowledge which this number is based on.

Answer 70

A) Resilience is a system’s ability to sustain and restore its functionality given some disruption, threat, hazard and/or opportunity

Answer 71

A) One example is hazard/threat identification. This helps identifying what disruptions, threats, hazards and/or opportunities that may occur.

Answer 72

C) Yes, there is still risk as there is still a potential for bad outcomes, negative consequences and associated uncertainties.

Answer 73

A) The parameter p is interpreted as the fraction of times the safety barrier fails given event A, if the situation was repeated over and over again, towards infinity. . B) No, p* is the analyst’s best estimate of p, and as such, is not a measure of the analyst’s uncertainty. . C) If the “experiment” of generating the interval was repeated over and over again, towards infinity, p would be in the interval 90% of the times. When the interval generated is narrow, the analyst feels confident that p* is quite close to p.

Answer 74

A) No, they have to also consider uncertainty factors that can lead to large deviations from the expected value. In this case, this should lead to the conclusion that a model-based risk analysis should be chosen. There are uncertainty factors such as novel design and new materials present that could lead to large deviation from the expected value. . . B) SWIFT - Identify initiating fire events to be analysed further. For example, what if there is a fire outbreak in the kitchen of the large café mid-day? FMEA – Identify and rank failure modes for the fire alarm system Fault tree analysis - Assess the probability of failure in a safety barrier, e.g. a sprinkler system. Bayesian networks - Assess likely causes of a severe fire event to find suitable preventive measures. Event tree analysis - Assess possible outcomes, with associated probabilities, given an initiating fire.

Answer 75

A) The expert states that his belief that the investment is in the interval one year from now is the same as drawing a favourable ball out of an urn with ten balls where nine are favourable. . . B) Prediction interval . . C) Yes, the strength of knowledge is not reflected by the interval. The following should for example be considered by the decision-maker:  Is there relevant data available to support the judgement?  Would other experts agree?  Do the prediction models used tend to provide accurate results?  Is there uncertainty associated with the assumptions made?

Answer 76

A) P(top event) ≈ q1q2+q1q3+q4 = 0.2*0.05 + 0.2*0.1 + 0.005 = 0.035 . . B) P(top event) = 1 – p4[1 – q1(1 – p2p3)] = 1 – 0.995[1 - 0.2(1 – 0.95*0.9)] = 0.033855 . . C) Higher. The new knowledge indicates that Event 1 has a higher probability than 0.2 if Event 3 or 4 occur.

Answer 77

A) An approach that shows the consequences and probabilities in two separate dimensions should be chosen, supplied with SoK judgments. For example, a f-N curve or a probability distribution over the number of fatalities. . . B) In situations where it is considered extremely unlikely that the outcome will deviate much from the expected value, typically when we consider large populations. For example, we can be confident that the number of traffic deaths in Norway in 2021 will be quite close the previous 5-year average.

Answer 78

A) The cautionary principle is a principle that says that if the consequences of an activity could be serious and subject to uncertainties, then cautionary measures should be taken, or the activity should not be carried out.

Answer 79

B) Following the principle means that when facing uncertainty caution should be the ruling principle. Accordingly, we can implement risk reducing measures even if they are seen as inefficient seen from a purely economic standpoint (or in the more extreme cases, not starting the activity considered at all). Hence, we go beyond the expected benefits of the risk reducing measures, meaning that protection is highlighted rather than development.

Answer 80

A) The risk analysis can have limitations and weaknesses. It might for example be scoped so that it does not address political risk or be based on many assumptions that are more or less strong. There might also be other types of analysis, say economic analysis, as well as other perspectives that are not taken into consideration in the assessment. The decision maker needs to take all of this into consideration when making a decision. Moreover, the decision maker might also have different knowledge than the analyst and can also ask critical questions, and potentially find potential black swans.

Answer 81

B) As indicated in A) the decision basis is made up of more than just a risk description, hence we say that the risk assessment informs, or supports, the decision. It does not ‘automatically’ prescribe what the decision should be.

Answer 82

A) Applied risk analysis supports risk knowledge generation and communication in relation to specific activities and supports the tackling of specific risk problems or issues. Examples are for example the risk analysis of climbing mount Everest or risk analysis of attacks on SCADA systems.

Answer 83

B) Generic risk analysis covers generic concepts, principles, approaches, and methods on how to understand, assess, characterize, communicate, manage and govern risk. This knowledge can be used for solving real risk problems and issues.

Answer 84

C) In risk analysis we distinguish between two types of experts. Experts providing knowledge about the activity under consideration and experts in risk analysis. They both contribute to the applied part and the generic part of risk analysis. As an example, we can consider the applied case of doing a risk assessment related to the spread of a virus. One kind of expert could be a physician providing insights into how the virus develops and infects other people. Another kind of expert could be a risk analysis expert providing insights into what strategies we can use in order to manage the risk.