hei Flashcards

1
Q

A risk assessment team concludes that the knowledge-based probability of a
specific event A is equal to 0.05 given the knowledge K. Provide an interpretation
of this statement. Give also an interpretation of an imprecise probability of
maximum 0.05.

A

Interpretation of P(A|K): The team has the same uncertainty and degree of belief
for the event A to occur as randomly drawing a red ball out of an urn that comprise
100 balls and where 5 are red.
Imprecise probability P(A|K) ≤ 0.05: The team has the same uncertainty and
degree of belief for the event A to occur as randomly drawing a red ball out of an
urn that comprise 100 balls and where 5 or less are red. The assessor is not willing
to be more precise. Alternatively the team expresses that the probability is less
than or equal to 0.05, where 0.05 is interpreted as above. The team is not willing
to be more precise.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Does a frequentist probability for the following event B exist? Why/why not?
B: Risk science will be a distinct subject in school in Norway before 2050.
Define a frequentist probability p for an event C.

A

No, it does not exist as a population of similar type of situations to the one
considered cannot be meaningfully defined.
p= the fraction of time the event C occurs if we could repeat the situation
considered over and over again infinitely under the same conditions

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

A risk assessment is conducted with the aim of describing the risk related to
severe events which could lead to a high number of fatalities. The following risk
description is used:
P(an event occurring with at least 10 fatalities) = 0.05
Is this a good risk characterization? Why/why not?

A

The event ‘an event occurring with at least 10 fatalities’ is a severe event with a
high number of fatalities so this is fine, but may be also other numbers should be
covered, for example more than 100 fatalities etc. In addition, the characterization
should include the knowledge that the probability is based on and in particular a
judgment of the strength of this knowledge.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

How does Taleb define a Black swan? How is a Black swan defined by Aven
in his books? Explain the three different types of black swans referred to in the
curriculum.

A

See book.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

The following barrier block diagram represents a technical system with six
components:Draw the corresponding fault tree diagram, linking the top event ‘system failure’
to failures of the components 1-6. Assume independence and unreliability qi =
0.1 for each of the components. Calculate the unreliability of the system exactly
and approximately using the minimal cut set approach.
In what sense does the independence assumption represent risk in this case?

A

Exact:
P(System failure) = (1-p1p2) x (1- (1-q3q4)(1-q5q6)) = (1-0.92) * (1-(1-0.12)2) = 3.781 * 10-3
Approximately:
P(System failure) ≈ q1q3q4 + q1q5q6 + q2q3q4 + q2q5q6 = 4 * 10-3
The assumption can be wrong, and thus the calculated probabilities misleading.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

A risk analyst argues that the main objective of the risk assessment is to
accurately estimate the risk. Do you agree? Why/why not?

A

A risk assessment could have this purpose in some cases (when frequentist based
probabilities can be meaningfully defined and there exist considerable relevant
data) but more generally the purpose of a risk assessment is
to help understand the risk and express risk:
identify risk sources, threats, hazards and opportunities; understanding how these can
materialize/occur, trigger events/event sequences, and what their consequences can be; representing
and expressing uncertainties and risk; and determining the significance of the risk using relevant
criteria.
This again provide decision support, on choices of measures and arrangements,
the need for such measures and arrangements, etc.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Explain the ALARP principle. Discuss to which extent the principle supports
Protection or Development.

A

The ALARP principle says that risk should be reduced to a level that is As Low As
Reasonably Practicable (ALARP). A risk reducing measure should be implemented unless
it can be demonstrated that the costs are grossly disproportionate relative to the gains
obtained (the burden of proof is reversed).
Thus if there is a safety measure that can improve safety, it shall be implemented as a rule,
unless you can demonstrate that the cost are in gross disproportion to the benefits gained.
This means that Protection is highlighted. On the other hand, if cost benefit analysis is
used to verify ALARP which is often seen in practice, Development is supported as this
analysis is based on expected values.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Argue how a cost-effectiveness analysis based on ICAF calculations can
contribute to identifying suitable safety measures. Discuss the
limitations/weaknesses of this method.

A

The ICAF for a safety measure calculates the expected cost per expected number
of saved lives. A high ICAF means that the measure is not justified, it costs too
much compared to the benefits gained, whereas if the ICAF is low, the costs are
not so high and the measure can be justified. The SVL (Statistical value of a life)
provides a reference point for what is too high.
The problem is that the approach is based on expected values which do not capture
all relevant aspects of benefit and costs. The potential for extreme outcomes are
not reflected, nor the strength of the knowledge supporting the judgments made.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Society for Risk Analysis (SRA) has developed a new Glossary. Is the
development of this Glossary to be seen as a contribution to Applied risk science
or Generic risk science? Explain.

A

The development of the Glossary is a contribution on Generic risk science B, but
with the intention to serve applied risk science A.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Consider the case where a person is thinking about jumping onto a stone (bolt)
located between two rocks, with a direct drop below of several hundred meters
(think of the Kjeragbolt in Lysefjorden if you like).
Trine has high competence in risk science. Her friend Tone asks her: ‘You as an
expert on risk science Trine, is it a good idea to jump on this bolt?’ How should
Trine respond to this question on the basis of the curriculum of this course?

A

She should say that the risk science does not provide answers what is the best
decision but it provides support for how to think and generate a basis for making
the decision. It helps us for example characterizing the risk and understanding
the balance that has to be made between different concerns (development and
protection).

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What is ‘risk science’, and in particular ‘applied risk science’ and ‘generic risk science’?
Climate change research provides knowledge about risk as a result of climate change. Would
you classify this research as contributing to applied or generic risk science? Explain.

A

Risk science is the most warranted statements (justified beliefs) produced by the risk field or
discipline
Applied risk science: Risk science based applied risk analysis, which is about
supporting risk knowledge generation in relation to specific activities., and supporting the
tackling of specific risk problems (A)
Generic risk science: Risk science based on generic risk analysis, which is about generic
concepts, principles, approaches and methods on how to understand, assess, characterize,
communicate, manage and govern risk (B)
See also book Section 3.1.
Climate change risk: It is Applied risk science as it supports risk knowledge generation in
relation to specific activities.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Define ‘knowledge’ in a risk science context. Give an example to motivate and explain the
definition, which points to the need for deviating from an understanding of knowledge often
referred to in the literature. What is ‘risk research’?

A

Justified beliefs. See p. 24, arguing that knowledge cannot be ‘justified true beliefs’.
Risk research can be understood as knowledge generation in relation to risk, for concrete
activities and for how to analyse (in a wide sense) risk.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

A risk analyst presents the result of a risk assessment for a process plant, and shows some
probability numbers for loss of life categories, including an imprecise probability of one or
more fatalities for a period of one year equal to [0, 0.005]. The assessor states that the numbers
represent the analyst’s degree of belief for these events to occur - where the assessor is not
willing to assign a precise number. Provide an interpretation of the above imprecise probability
statement [0, 0.005]. Is the probability uncertain? Explain why/why not.

A

Interpretation: The analyst has the same uncertainty and degree of belief for the event (at least
one fatality in that period) to occur as randomly drawing a red ball out of an urn that comprises
1000 balls and where maximum 5 are red. The assessor is not willing to be more precise.
It is not uncertain, it is the analyst’s judgment of uncertainty, but the knowledge supporting it
could be more or less strong.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

In its most general form, risk can be described by (A’,C’,Q,K) and vulnerability by
(C’,Q,K|A’). Explain what these terms express.
Give an example illustrating how vulnerability can be described, which also includes the SoK
aspects.

A

A’: specified event, for example leakage
C’: specified consequences, for example number of fatalities.
Q: measure or description of the uncertainties about A’ and C’. Typically Q is probability P and
strength of knowledge judgments (SoK)
Vulnerability: (C’,Q,K|A’), as above but given the occurrence of an event, for example a gas
leakage in a process plant.
Probability of a fatality given the occurrence of a fire, with a SoK judgment expressing how
strong the background knowledge for this probability is considered.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

How is a Black swan defined? Explain the three different types of black swans introduced.
Give an example for each type.

A

See book pp 77-81.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Explain the concept of validity of a risk assessment.

A

See Section 5.1.1

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

What is the difference between risk perception and professional judgments about risk?

A

See Section 6.1.1
The risk descriptions and characterization provide ‘pure’ judgements of the consequences of
the activities studied and associated uncertainties as in (A’,C’, Q,K), without adding feelings
and value judgements related to how people like or dislike the consequences and uncertainties.
Risk perception, on the other hand, is a personal judgement or appraisal of risk, also including
such aspects. We know from the literature on risk perception and behavioural decision-making
that aspects like affect, familiarity, control, catastrophic potential, etc., are important for how
people understand and deal with risk

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

Discuss to what extent successful risk communication depends on high quality risk analysis.

A

See Section 6.2.1

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

A risk scientist argues that it is important to stress that the decision-making should not be
purely ‘risk-assessment-based’. What is this scientist thinking about? Explain the concept of
managerial review and judgment.

A

The key is that the risk results should not prescribe what to do, as the risk assessments have
limitations in capturing all aspects of risks and uncertainties, and there are also different values
(we may all agree on the risks, but disagree on what to do as we have different values, what is
important, how much weight to give to uncertainties, how to balance protection and
development). The decision making should be risk informed.
Managerial review and judgement: process of summarising, interpreting and deliberating
over the results of risk assessments and other assessments, as well as of other relevant issues
(not covered by the assessments), in order to make a decision
The managerial review and judgment is the process between risk assessment and the
decision-making.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

Discuss to what extent resilience analysis and management are a part of risk analysis and
management.

A

See Section 7.4

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

A risk analyst presents the result of a risk assessment for a process plant, and
shows some probability numbers for loss of life categories, including a probability
of one or more fatalities for a period of one year equal to 0.001 = 1 x 10-3. The
analyst states that the numbers represent the analyst’s degree of belief for these
events to occur. Provide an interpretation of the probability 0.001 in line with
this. What do we call this type of probability? Is it uncertain? Explain why/why
not.

A

Interpretation: The analyst has the same uncertainty and degree of belief for the
event (at least one fatality in that period) to occur as randomly drawing a red ball
out of an urn that comprises 1000 balls and where 1 is red.
It is referred to as a knowledge-based, or subjective or judgmental probability.
It is not uncertain, it is the analyst’s judgment of uncertainty, but the knowledge
supporting it could be more or less strong.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

A person listening to the above risk analyst is not familiar with this type of
probability and thinks the number is a frequentist probability estimate. Suppose
that this was the case. Would the number then be subject to uncertainty?
Why/why not? Provide an interpretation of the underlying frequentist probability
being estimated.

A

Yes, as the number is an estimate of an underlying frequentist probability p which
has a true value: the fraction of time the event (at least one fatality) would occur
if we could repeat the situation considered (producing similar process plant years)
over and over again infinitely under the same conditions

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

In its most general form, risk can be described by (A’,C’,Q,K). Explain what
these elements express. A risk analyst establishes a 90% prediction interval for
the number of gas leakages in a process plant, with related strength of knowledge
judgments. Explain how to interpret this interval, and how it relates to
(A’,C’,Q,K). How can vulnerability be expressed using the (A’,C’,Q,K)
terminology?

A

A’: specified event, for example leakage
C’: specified consequences, for example number of fatalities.
Q: measure or description of the uncertainties about A’ and C’. Typically Q is
probability P and strength of knowledge judgments (SoK)
A 90 % prediction interval [a,b] is such that P(a ≤ number of leakages ≤ b |K) =
0.90. Hence we can interpret the interval as a way of expressing Q in relation to
A’ types of events (or C’ if C’ has a component referring to the number of
leakages).
Vulnerability description: (C’,Q,K|A’)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q
  1. How is a Black swan defined by Aven in the curriculum? What is an unknown
    known in a risk assessment context? And unknown unknown? What are the
    ‘problems’ raised by restricting the Black swan metaphor to unknown unknowns?
A

See book.
Problems: a) unknown unknowns are so rare events, so not so relevant comparted
to other types of surprises (unknown knowns …) b) not in line with the origin of
the metaphor

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
The following barrier block diagram represents a technical system with six components:
Minimal cut sets: {1,5}, {2,5}, {1,3,4}, {2,3,4}, Exact: Unreliability of parallel system 3-4: 0.2 x 0.2 = 0.04 Reliability of series system 3-4 and 5 : 0.96 x 0.80 = 0.768 Reliability of series system 1-2 : 0.8 x 0.8 = 0.64 Unreliability of parallel of these two systems: 0.36 x 0.232 = 0.08352 Approximation method: Unreliability ≈ q1q5 + q2q5 + q1q3 q4 + q2q3 q4 = 2 x 0.2 x 0.2 + 2 x 0.2 x 0.2 x 0.2 = 8 * 10-2 + 1.6 x 10-2 = 0.096
26
The general purpose of a risk assessment can be formulated in this way (SRA 2017): Risk assessment is the systematic process to identify risk sources, threats, hazards and opportunities; understanding how these can materialize/occur, trigger events/event sequences, and what their consequences can be; representing and expressing uncertainties and risk; and determining the significance of the risk using relevant criteria. FMEA is an example of a risk assessment method. Explain its basic ideas. Outline a typical FMEA sheet. Explain to what degree this approach is providing a comprehensive overview of the risk related to the system studied. List the main stages of a risk assessment process, from planning to risk treatment, as presented in the curriculum (explanations of the various stages should not be given).
See book The approach identifies failures in a system by failure of individual units of the system, looks at its effects and also discusses likelihood in relation to these failure and effects. This provides some insights about risk, but many aspects are not covered, for example that severe losses and consequences can be the result of simultaneous occurrences of events. The approach can be seen as an input to a more comprehensive risk assessment. SoK knowledge judgements for the likelihoods should also be included but are not commonly included. See book
27
A risk scientist argues that it is important to stress that the decision-making should be ‘risk-informed’ and not ‘risk-based’. Present the argumentation provided for this statement. Explain the concept of managerial review and judgment.
The key is that the risk assessment results should not prescribe what to do, as risk assessments have limitations in capturing all aspects of risks and uncertainties, and there are also different values (we may all agree on the risks, but disagree on what to do as we have different values, what is important, how much weight to give to uncertainties, how to balance protection and development) Managerial review and judgement: process of summarising, interpreting and deliberating over the results of risk assessments and other assessments, as well as of other relevant issues (not covered by the assessments), in order to make a decision The managerial review and judgment is the process between risk assessment and the decision-making.
28
What is a cost-benefit analysis (CBA). Explain its basic ideas. What is the meaning of the concept of ‘value of a statistical life’? What is the rational used in the curriculum to argue that we need to see beyond CBAs when making decisions in relation to risk?
See book. Value of a statistical life: the maximum you are willing to pay to reduce the expected number of fatalities by 1. The key point is that the CBAs are based on expected values which do not reflect well risk and uncertainties. SoK judgments are also commonly lacking.
29
Define ‘knowledge’ according to the curriculum. What is knowledge in relation to generic risk science?
Knowledge: justified beliefs Generic risk science: knowledge relates to the development of generic concepts, principles, approaches and/or methods on how to understand, assess, characterise, communicate, manage and govern risk
30
Think about the current climate change risk discussion. Does the risk science tell us how we should deal with this risk? Explain. How can risk science be useful in this regard?
No, the risk science does not provide answers what are the best decisions, it does not take a stand on what we should do. The weight we give to uncertainties and risks are not scientific, but ethical, political ... It can still be useful as it provides support for how to think and generate a basis for making the decision. It helps us for example characterizing the climate change risk
31
A risk assessment team concludes that the knowledge-based probability of a specific event A is equal to 0.95 given the knowledge K. Provide an interpretation of this statement. Give also an interpretation of an imprecise probability of minimum 0.95.
Interpretation of P(A|K): The team has the same uncertainty and degree of belief for the event A to occur as randomly drawing a red ball out of an urn that comprise 100 balls and where 95 are red. Imprecise probability P(A|K) ≥ 0.95: The team has the same uncertainty and degree of belief for the event A to occur as randomly drawing a red ball out of an urn that comprise 100 balls and where 95 or more are red. The assessor is not willing to be more precise. Alternatively the team expresses that the probability is at least 0.95, where 0.95 is interpreted as above. The team is not willing to be more precise.
32
Let C be the outcome from the throw of a die and let p = Pf(C=1). Explain what p expresses. The die is of a special type, and p is not necessarily 1/6. Let us assume that p is either 1/6 or 1/3. Explain how you can express your uncertainty about p using knowledge-based probabilities. Assign concrete numbers to illustrate how it is done.
p= the fraction of time the event ‘C=1’ occurs if we could repeat the situation considered over and over again (i.e. throw the die over and over again) infinitely under the same conditions We could assign P(p=1/6) and P(p=1/3) (where the sum is 1), for example 0.5 for each. These probabilities are conditional on my knowledge K.
33
A risk assessment is conducted with the aim of describing the risk related to the number of fatalities related to a process plant in a specific period of time. The following risk description is used: P(an event occurring with at least 1 fatality) = 0.10 Is this a good risk characterization? Why/why not?
The event ‘an event occurring with at least 1 fatalities’ is a severe event so the probability is of interest, but also other numbers should be covered, for example more than 10 fatalities, more than 100 fatalities etc. In addition, the characterization should include the knowledge that the probability is based on and in particular a judgment of the strength of this knowledge.
34
How is a Black swan defined by Aven in the curriculum? Why is this metaphor considered important?
See book Because it gives focus on the potential for surprises relative to risk numbers and assessment results – the surprise aspect and the unforeseen is a risk issue but often not given enough attention in risk assessment and management. Events could have been overlooked in the assessments, or ignored because of low judged probabilities – the metaphor stimulates further reflections in such situations: is there a potential for surprise. Can we improve our methods to better meet potential surprises.
35
The following barrier block diagram represents a technical system with six components:List the minimal cut and path sets of the diagram. Is {1,2,3,4} a minimal cut set? Why/why not? Assume independence and unreliability qi = 0.1 for each of the components. Assume that component 1 is not functioning. Calculate (approximately) the unreliability of the system using the minimal cut set approach.
Minimal cut sets, 134, 156, 234, 256, Minimal path sets: 12, 35, 36, 45, 46 P(System failure) ≈ q3q4 + q5q6 = 2 * 10-2 = 0.02
36
In case of large uncertainties, risk assessments are not able to produce accurate risk estimations or predictions. Can risk assessment still be useful? How?
Yes to help understand and describe risk to identify risk sources, threats, hazards and opportunities; understanding how these can materialize/occur, trigger events/event sequences, and what their consequences can be; representing and expressing uncertainties and risk; and determining the significance of the risk using relevant criteria. This can be done when the uncertainties are small or large. So they can be useful and provide decision support, on choices of measures and arrangements, the need for such measures and arrangements, etc.
37
Why is it problematic to use standard cost benefit analysis (CBA) to verify ALARP?
The ALARP principle says that risk should be reduced to a level that is As Low As Reasonably Practicable (ALARP). A risk reducing measure should be implemented unless it can be demonstrated that the costs are grossly disproportionate relative to the gains obtained (the burden of proof is reversed). Thus if there is a safety measure that can improve safety, it shall be implemented as a rule, unless you can demonstrate that the cost are in gross disproportion to the benefits gained. This means that Protection is highlighted. However, if standard CBA is used to verify ALARP which is often seen in practice, development is supported as this analysis is based on expected values: risk and uncertainties are not given much weight and the idea of the principle is not followed up.
38
Define the concept of VSL (Value of a Statistical Life). Say VSL =30. Explain how this value is used in CBAs.
VSL: how much one is wiling to pay for reducing the expected number of lost lives with 1. In a CBA we compute the expected value related to loss of lives, so if we for example expect 0.2 lost lives, a value contribution of 0.2 x 30 = 6 is computed, which is plugged into the ENPV formula.
39
A researcher has developed a new approach for how to visualize risk. Is this an example of Applied risk science or Generic risk science? Explain.
The example is an example of Generic risk science, B, as it is a generic contribution which is relevant for all types of applications.
40
Consider the case where a person is thinking about jumping onto a stone (bolt) located between two rocks, with a direct drop below of several hundred meters (think of the Kjeragbolt in Lysefjorden if you like). Does the risk science tell you what you should do in this case? Explain. If you decide not to jump, how would you explain that using risk science concepts and terminology?
No, the risk science does not provide answers what is the best decision but it provides support for how to think and generate a basis for making the decision. It helps us for example characterizing the risk and understanding the balance that has to be made between different concerns (development and protection). If you decide not to jump you can say that you gave considerable weight to the cautionary principle. You weigh pros and cons but did not find the benefits large enough compared to the risks involved.
41
What is ‘risk science’? Are all risk assessments contributing to new risk science knowledge? Why/why not?
Risk science is the most warranted statements (justified beliefs) produced by the risk field or discipline, it is about concepts, principles, approaches and methods on how to understand, assess, characterise, communicate, manage and govern risk Risk science is the most updated and justified knowledge on risk fundamentals (concepts), risk assessment, risk perception and communication and risk management and governance. Risk science is also about the process – the practice – that gives us this knowledge. No, as not all lead to new knowledge on concepts, principles, approaches or methods on how to understand, assess, characterise, communicate, manage or govern risk. Not all risk assessment are published in risk science journals, they do not have scientific contributions in relation to risk science.
42
Define ‘knowledge’ according to the curriculum. Use the judgment that the probability is 1/6 for a symmetric die, to argue that knowledge cannot be meaningfully defined as ‘justified true beliefs’.
Knowledge: justified beliefs See youtube https://www.youtube.com/watch?v=z4E-y7CQ5- 0&list=PL1Oi4O0iZ7iagjE80latDc4lUXXboK6EX&index=16&t=0s We have some ‘knowledge’ by seeing that the die is symmetric and from that we can claim that the probability p for getting 6 is 1/6, but we cannot be sure, so if we require justified true beliefs, we do not have knowledge in this case and that does not sound meaningful. The same if we perform many trials, we do not get knowledge according to justified true beliefs which shows that the idea is not working in this context.
43
A risk analyst presents the result of a risk assessment for a process plant, and shows some probability numbers for loss of life categories, including a probability of one or more fatalities for a period of one year equal to 0.001 = 1 x 10-3. The analyst states that the numbers represent the analyst’s degree of belief for these events to occur. Provide an interpretation of the probability 0.001 in line with this. What do we call this type of probability? Is it uncertain? Explain why/why not.
Interpretation: The analyst has the same uncertainty and degree of belief for the event (at least one fatality in that period) to occur as randomly drawing a red ball out of an urn that comprises 1000 balls and where 1 is red. It is referred to as a knowledge-based, or subjective or judgmental probability. It is not uncertain, it is the analyst’s judgment of uncertainty, but the knowledge supporting it could be more or less strong.
44
Suppose 0.001 is the estimate of a frequentist probability p. Let D be the difference between 0.001 and this frequentist probability p. Is D subject to uncertainty? Why/why not? Provide an interpretation of p.
D= 0.001-p, it is subject to uncertainty as p is in general unknown: p: the fraction of time the event considered would occur if we could repeat the situation considered over and over again infinitely under the same conditions
45
In its most general form, risk can be described by (A’,C’,Q,K), Explain what these terms express. Using a similar notation, how would you express vulnerability? Is the conditional probability of a fatality given a fire, a measure of vulnerability? Why/why not?
A’: specified event, for example leakage C’: specified consequences, for example number of fatalities. Q: measure or description of the uncertainties about A’ and C’. Typically Q is probability P and strength of knowledge judgments (SoK) Vulnerability: (C’,Q,K|A’), as above but given the occurrence of an event. Yes A’ is the fire, and Q is probability related to fatality (C’). K should be added, as well as SoK judgments.
46
How is a Black swan defined by Taleb and Aven? Explain the three different types of black swans introduced by Aven. What type is Sept 11 ? Why?
See book Section 3.4 (type b) or c)).
47
Explain the concept of reliability of a risk assessment.
See Problem 4.15 and its solution in the book
48
A risk analyst plans to use a standard cost benefit analysis (CBA) to verify ALARP. Explain the ALARP principle. Do you think this is a good idea? Why?/why not?
The ALARP principle says that risk should be reduced to a level that is As Low As Reasonably Practicable (ALARP). A risk reducing measure should be implemented unless it can be demonstrated that the costs are grossly disproportionate relative to the gains obtained (the burden of proof is reversed). Thus if there is a safety measure that can improve safety, it shall be implemented as a rule, unless you can demonstrate that the cost are in gross disproportion to the benefits gained. This means that Protection is highlighted. It is not a good idea. If standard CBA is used to verify ALARP which is often seen in practice, development is supported as this analysis is based on expected values: risk and uncertainties are not given much weight and the idea of the principle is not followed up.
49
Explain and motivate the concept of managerial review and judgment.
Managerial review and judgement: process of summarising, interpreting and deliberating over the results of risk assessments and other assessments, as well as of other relevant issues (not covered by the assessments), in order to make a decision The managerial review and judgment is the process between risk assessment and the decision-making. The key is that the risk results should not prescribe what to do, as the risk assessments have limitations in capturing all aspects of risks and uncertainties, and there are also different values (we may all agree on the risks, but disagree on what to do as we have different values, what is important, how much weight to give to uncertainties, how to balance protection and development). There is a gap between the risk assessment results and the decision.
50
Explain the concept of resilience. Explain what the “call for a shift from risk to resilience” is about .
In recent years, calls have been made for a shift from risk to resilience, for example by the former UN Secretary-General Ban Ki-moon (UNISDR 2015). The basic idea is that we need to be prepared when threatening events occur, whether they are anticipated or unforeseen. Is the call based on a belief that the risk field and science should be replaced by resilience analysis and management, or is it more about priorities: more weight should be placed on improving resilience? It is the latter, and resilience is a key aspect of modern risk science so there is no conflict.
51
In a specific industry, a total number of 4 fatalities were registered last year. You talk to a risk analyst about the related risks. This analyst states a) Risk is thus equal to 4. A colleague of this analyst disagrees and states that b) 4 is a risk estimate Do you consider these two statements to be in line with risk science as defined by the course curriculum? Why?/why not? Answer a) and b) separately.
a) No, as risk is not historical data, risk relates to the future, 4 can provide input to describe risk but there is a fundamental leap between what is observed in the past and what will happen in the future. Risk is a combination of future unknown consequences C, and associated uncertainties, and clearly 4 is different from (C,U). . b) No, we do not estimate the risk (C,U), but we describe it by (C’,Q,K). 4 can be seen as an estimate of C, but C is not the same as risk. If risk were defined by the expected number of fatalities (using frequentist probabilities), we could have spoken about 4 being an estimate of risk, but that is not as defined in the curriculum.
52
The same analyst also states that c) If the uncertainties are large probabilities cannot be determined, and again the colleague of this analyst disagrees and states that d) frequentist probabilities can be defined when the uncertainties are large. Do you consider these statements to be in line with risk science as defined by the course curriculum? Why?/why not? Answer c) and d) separately.
c) No, subjective (knowledge-based) probabilities can always be determined/assigned (although the supporting knowledge is weak). d) A frequentist probability is a model concept and needs to be justified, for unique situations it cannot be meaningfully defined, as the concept needs repetition of the situation considered over and over again infinitely.
53
3. In a risk assessment related to a pandemic, the following 90% prediction interval for the number of fatalities next month is established based on extensive modelling: [100,200]. Explain what this interval expresses. The same analyst as above states that if we obtain more knowledge, the length of the interval will decrease. Do you agree? Why?/why not? The colleague of this analyst has no opinion about that issue, but states that the interval [100,200] could be based on many assumptions, and these assumptions should be presented together with the interval – also an analysis of the assumptions should be conducted. Do you consider this statement to be in line with risk science as defined by the course curriculum? Why?/why not?
N= number of fatalities next month Interpretation of 90% prediction interval [100,200]: P(100 ≤ N ≤ 200)|K) = 0.90, where P is a knowledge-based probability and K is the background knowledge that the probability is based on. Thus the judgment is that with 90% probability the number of fatalities will be between 100 and 200 given this knowledge K. 90% probability: Same uncertainty as randomly drawing a red ball out of an urn having 100 balls where 90 are red. Not necessarily, the new knowledge may for example reveal that an assumption is wrong and lead to a wider interval. Yes, this is in line with risk science, the assumptions are important elements of K and should be presented (as the rest of the K in (C’,Q,K)). The sensitivity and importance of the assumptions should be addressed by seeing how the results are affected by changes in the assumptions. One could discuss how reasonable/justified they are, and also an assumption- deviation-risk analysis could be performed, i.e. analysing what deviations from the assumptions could occur and what consequences such deviation would have for the risk description. This could be performed by considering 1) the magnitude of a potential assumption deviation, 2) how likely the deviation is, 3) the consequences given a deviation, and 4) the strength of knowledge supporting the likelihood judgements.
54
Why does risk science focus on potential surprises and black swans? The above analyst argues that black swans are unknown unknowns. What would be the implications for risk analysis and management if that was the case?
Because it may turn out that events occur that the analysts did not foresee or think about in their analysis. The risk assessments reflect the analysts’ knowledge, but this knowledge could have holes or be wrong. The focus on potential surprises and black swans aims at meeting this challenge, for example by identifying areas where the analysts lack knowledge but there is available knowledge elsewhere (unknown knowns), or by critically examining assumptions made in the risk assessments. Only a small category of surprises and unforeseen events would then be addressed.
55
What is the difference between risk perception and professional judgments about risk? Suppose a professional risk judgment is based on risk equal to expected value. A lay person perceives the risk completely different than the professional – does this mean that the person is strongly influenced by perceptional factors like fear and dread?
The figure below shows the difference, risk perception may also include how the person like or dislike aspects of the risk, as well as aspects of affect (emotions) and trust, also acceptability – which are not the case of a professional judgment (C’,Q,K) No, this person’s perception may represent a conscious judgment of risk and the uncertainties (C,U), using (C’,Q,K) type of consideration and therefore be completely different than the professional who refers to risk as expected value, E[C’], which har strong limitations in reflecting all aspects of risk (the specter of consequences and uncertainties).
56
What is the main purpose of risk communication? A risk communication campaign is launched which is based on risk characterizations with rankings based on a traditional risk matrix. Discuss to what extent the risk communication can be considered successful.
The main purpose is to improve the understanding of risk, and in this way support relevant decision making. It cannot be considered successful from a risk science perspective as risk is poorly described and could lead to poor risk understanding (the problems with traditional risk matrices are many, including that the specter of consequences may not be revealed and that the strength of knowledge supporting the probabilities are not reflected). The campaign may still be successful according to the social or political goal of the campaign (for example get people not to smoke).
57
Discuss to what extent the application of the precautionary principle was justified in relation to the COVID-19 early this year. Is there a conflict between the precautionary principle and science? Why?/why not?
The precautionary principles states that if faced with a situation where the consequences could be serious, and is subject to scientific uncertainties, the precautionary measures should be taken or the activity should not be carried out. Hence it can be argued that the conditions are there, for applying the principle and implement measures to reduce the risk (as we have seen in all countries, ranging from total lockdowns to less dramatic interventions). No, the principle applies when traditional science is not able to provide clear guidance (because of the uncertainties). A key precautionary measure is research to gain more knowledge.
58
Define the value of a statistical life (VSL). Explain how this concept is used in cost-benefit analysis. (CBA) Explain the link between ICAF and VSL.
VSL: The maximum one is willing to pay to reduce the expected number of saved lives by 1. In CBA we calculate expected values, and the contributions from reducing the expected number of saved lives by EN, is thus VSL ⸱ EN. ICAF is the Implied Cost of Averting a Fatality, and is derived by computing the expected cost of the measure considered per expected lives saved. For example, a measure may have an ICAF = 100 million NOK. Then if VSL = 30 million NOK, it is clear that the measure cannot be justified as 30 is the maximum one is willing to pay to reduce the expected number of lives by 1. Hence if ICAF > VSL, not implement measure, if ICAF ≤ VSL, implement measure.
59
Explain the idea of the ALARP principle. Is this principle favoring protection more than development? Why?/why not? What if CBA is used to verify ALARP?
The principle says that the risk should be reduced to a level as low as reasonably practicable. A measure that can be improve safety should be implemented unless it can be demonstrated that the costs are in gross disproportion to the benefits gained. As such it can be said to favor protection and safety as the rule is to implement measures that support this. Only in the ‘extreme’ case that you are able to demonstrate that the costs are ‘extreme’ you are ‘allowed’ to not implement the measure. If CBA is used, with its weight on expected values, risk and uncertainties are not really focused, and consequently nor protection/safety. More weight is on development. The principle says that the risk should be reduced to a level as low as reasonably practicable. A measure that can be improve safety should be implemented unless it can be demonstrated that the costs are in gross disproportion to the benefits gained. As such it can be said to favor protection and safety as the rule is to implement measures that support this. Only in the ‘extreme’ case that you are able to demonstrate that the costs are ‘extreme’ you are ‘allowed’ to not implement the measure. If CBA is used, with its weight on expected values, risk and uncertainties are not really focused, and consequently nor protection/safety. More weight is on development.
60
A risk scientist works on the issue of understanding what ‘scientific uncertainties’ mean in relation to the precautionary principle. Is the scientist then primarily working on generic risk science or applied risk science? Explain. Another scientist discusses the use of the precautionary principle in the legal context of the European Union. Is this scientist working on generic risk science or applied risk science? Explain. Define risk science.
Scientific uncertainties: Generic risk science (applicable across different application areas) EU case: Applied risk science as related to this specific application See appendix B
61
A person states that the probably that the future global temperature will increase with more than 1 degree Celsius the coming 50 years is 0.90. Provide an explanation/interpretation of this probability statement. What do we call this type of probability? Is there uncertainty about this probability relative to an underlying ‘true’ probability? Explain.
Solution It is a knowledge-based (subjective, judgmental) probability; it expresses that the person has the same uncertainty or degree of belief for this event (the future global temperature will increase with more than 1 degree Celsius the coming 50 years) to occur as randomly drawing a red ball out of an urn comprising 100 balls where 90 are red. No, as there is no underlying true probability to compare with. However, the person may experience imprecision problems and the supporting knowledge could be more or less strong and even wrong. The impression can lead to an imprecise probability, say at least 0.90.
62
Problem 3 Suppose now in this problem that the probabilities in the table above express a risk analyst’s degrees of belief. Define and interpret risk for this example as in the book, using two types of definitions. Is the (A,C,U) definition relevant here? Why/why not? Is a risk characterization given by this table a good risk characterization? Why/why not? Include aspects that you think should be added. What are the two main problems with traditional risk matrices (based on probability and expected values given the event) for describing risk?
Solution Risk: potential for the project to give a negative outcome Risk: the combination of consequences and associated uncertainties The (A,C,U) definition is not relevant as there is no natural A event to refer to It (the table) lacks considerations of the strength of knowledge supporting the probabilities, as well as considerations of the potential for other values than the 3 considered in the table. The K should be added. Risk matrix problems: does not reflect the spectre of consequences and lacks considerations of the strength of knowledge. See book p. 47.
63
Problem 4 Use the boulder example from the curriculum to explain that traditionally defined security risk - addressing threats, vulnerabilities and consequences - is covered by the (A,C,U) risk perspective. Explain what vulnerability means in this example.
Solution Threat: For example, boulder being pushed so that it dislodges from the ledge, event A Vulnerabilities: (C,U|A) potential for fatalities or injuries given the boulder is pushed and dislodged from the ledge – combination of fatalities/injuries and associated uncertainties, given event A Consequences: C, number of fatalities/injuries Need to add uncertainties to the event A. In compact form; (A,U) and (C,U|A) = “threat risk’ plus vulnerabilities (the consequence part is covered by the vulnerability) which is in line with the (A,C,U) risk perspective (see p. 16)
64
You are considering two projects, I and II. The projects are characterized by frequentist probability distributions of the consequences (i.e. benefits, profit) C as follows: Explain/interpret the following quantities for project II: Pf(C=100) and Ef[C]. Should you choose project II as it has the highest expected value? Explain? Is the cautionary principle relevant in this case? Why/why not? The precautionary principle? Why/why not
Solution Pf(C=100): the fraction of times the consequences is equal to 100 if we could consider an infinite (very large) number of similar projects of type II Ef[C]: the average value if we could consider an infinite (very large) number of similar projects of type II If you have a large number of such projects, project II is most attractive as it gives the best average value. In general it is not possible to say as it depends on the decision maker’s preferences. Project II may for example be rejected because of rather high probability of a loss of 100. The cautionary principle could be relevant, but not the precautionary principle as there are no scientific uncertainties. The person may dislike the relatively large uncertainties associated with a considerable loss (0.05 probability for a loss of 100) and reject project II, assuming the person does not have many projects.
65
Explain how scenario 1 can happen. Compute the probability that this scenario occurs given a fire. Suppose the expected rate of fires is 2 per year. What is then the probability of a fire occurring which leads to scenario 2? Suppose for scenario 1, an expected number of fatalities of 5 is specified. And suppose no fatalities for the other scenarios. Compute an expected number of fatalities for this event tree. What is the PLL associated with this tree? Compute a FAR value associated with this tree? Suppose the number of exposed hours in a year is 1 million. Can you use this event tree model to present an F-N curve? Explain.
Solution A fire starts, the fire spreads quickly, the sprinkler fails, people cannot evacuate leading to multiple fatalities P(scenario 1|fire) = 0.1 x 0.3 x 0.5 = 0.015 = 1.5% P(fire scenario 2) = 0.015 x 2 = 0.03 (a good approximation) (scenarios 1 and 2 have the same probability) Expected number of fatalities= 5 x 0.03 = 0.15 PLL = 0.15 FAR = (0.15/106)108 = 15 FN curve : Not possible without specifying probabilities for different numbers of fatalities for scenario 1
66
i) A person states that risk evaluation as part of risk assessment covers judgments and decisions about risk acceptance. Is the person right, according to the curriculum? Explain. ii) The same person argues that management review and judgment (MRJ) is not needed when the uncertainties (in (C,U)) are judged very small. Is the person right, according to the curriculum? Explain.
i) It is not accurate. The risk evaluation is conducted by the risk assessors, it covers judgments about the significance of the risks and rankings wrt risks, and may cover judgments about risk acceptance, for example saying that it is common to accept risk for activities with this risk level, but it does not conclude on the risk being acceptable or not as that is a management and decision maker’s task. The risk evaluation discusses the risk analysis results relative to criteria defined or reference levels. The decision maker may see beyond these criteria and reference levels. ii) It is not correct. The MRJ is formally defined as the process of summarizing, interpreting and deliberating over the results of risk and other assessments, as well as other relevant issues (not covered by the assessments) in order to make a decision. The MRJ is based on the recognition that all assessments have limitations: there are aspects not fully captured by the assessments – with small uncertainties this point may be not very critical but it will always be an aspect as the uncertainties are judged small but there could be surprises relative to these judgments and that the MRJ needs to take into account. Furthermore the decision-maker needs to take into account all aspects of importance for the decision, not only those addressed by the risk assessments, and this aspect of the MRJ is not affected by the uncertainties being judged small.
67
a) In risk perception research it is referred to lay people overestimating and overreacting when faced with risk having certain characteristics. Discuss to what extent we can talk about risk overestimation and overreacting in cases of large scientific uncertainties. b) A common criterion for good public risk communication is that it is open and transparent. Provide an example where this criterion obviously cannot be met. In a specific country, the authorities have implemented measures to reduce people’s accessibility to information that is in conflict with the guidelines and perspective of the authorities concerning a risk issue. How do you think the authorities argue to justify their approach? What are the problems of adopting such an approach?
Solution a) These concepts are problematic in cases of large scientific uncertainties as there is not a known risk to compare with when talking about overestimation - overestimation over what? And for the overreaction, there is a problem that there is not a right decision. The risk can be amplified because of certain factors (See book Section 6.1.2 and 6.1.3), but it is unfortunate to refer to overestimation and overreaction for the reasons mentioned. b) Security. Arguments by the authorities: provide the proper guidance, based on the best science, believed to give the best advices for people – avoid chaos and panic Problems: Science is not one voice, there could be valuable insights provided by others than the authorities, openness is not highlighted, fundamental trust to authorities is lost as inclusiveness of different perspectives is not acknowledged, lack of acknowledgment of the limitations of scientific knowledge and a need for a continuous ‘battle’ between different schools and camps for what the most warranted statements or justified beliefs are within the field of study See book Section 7.2.3
68
Explain the precautionary principle, and in particular the concept of reversed burden of proof, as defined in the curriculum. Use the following example to illustrate the concepts: You have a new product that you would like to produce and sell. It is potentially hazardous. Why do you think some people consider the principle a threat to value creation?
Solution Definition: a principle expressing that if the consequences of an activity could be serious and subject to scientific uncertainties, then precautionary measures should be taken, or the activity should not be carried out Book p. 218 Reversed burden of proof: there is initially a red light – your product is unacceptable (not safe) - which is only switched to green – the product is acceptable (safe) - when there is convincing evidence of harmlessness. The burden of proof is reversed. According to statistical principles – the standard approach - the null hypothesis is that the product is acceptable, and strong evidence must be provided to show harmfulness that would warrant restricting the product. The traditional perspective stresses the costs (interpreted in a wide sense) of erroneously taken protective measures, whereas the precautionary perspective stresses the costs of an erroneous lack of protective measures. Clearly if the PP is applied too strictly there will be less new products and innovation: as products would not be introduced before you have done tests etc which could take very long time and be very resource demanding to obtain the formal ‘green status’ of a very safe product.
69
How could uncertainty be reflected in a cost-effectiveness analysis? Hint: consider the cost-benefit ratio C/B. How would you explain that some political parties are more positive than others towards the use of cost-benefit analysis to support societal decision-making?
Solution Refer to the setup of Section 9.2, a cost-effectiveness index, E[C]/E[B], is computed, where C denotes the cost of the measure and B the benefits of the measure, for example, expressed through the number of saved lives. A probability distribution for C/B could be derived, including a strength of knowledge judgment (this is problem 9.10). Because CBAs are to large extent based on expected values and give rather little weight on risks and uncertainties – and thus give weight to development and growth more than protection, which is more in line with the policies of some parties than others
70
Tom is an expert in communicating health risk to the public. Discuss to what extent he then also needs to be an expert on risk science. Is the curriculum presenting generic or applied risk science? Explain.
Solution Risk science is the most updated and justified knowledge on risk fundamentals (concepts), risk assessment, risk perception, risk communication and risk management and governance. So yes he needs to have the best knowledge on risk communication but also other areas in particular fundamentals – he cannot communicate health risk in a good way without being updated on for example the best concepts and principles to understand and communicate risk in general. In addition he needs specific knowledge in relation to health. Most generic: Generic, fundamental concepts, principles, approaches, methods and models for risk analysis (risk understanding, risk assessment, risk perception and communication, risk management and governance But many illustrating examples of use of this generic knowledge are provided, these examples can be seen as applied risk science
71
A person states that the probably that the future global temperature will increase with more than 1 degree Celsius in the coming 50 years is at least 0.90. Provide an explanation/interpretation of this probability statement. What do we call this type of probability? Is there uncertainty about this probability relative to an underlying ‘true’ probability? Explain.
Solution It is an imprecise knowledge-based (subjective, judgmental) probability; it expresses that the person has the same uncertainty or degree of belief for this event (the future global temperature will increase with more than 1 degree Celsius in the coming 50 years) to occur as randomly drawing a red ball out of an urn comprising 100 balls where at least 90 are red. No, as there is no underlying true probability to compare with. However, the supporting knowledge could be more or less strong and even wrong.
72
You are considering two projects, I and II. The projects are characterized by known frequentist probability distributions of the consequences (i.e. benefits, profit) C as follows:
Solution Pf(C=0): the fraction of times the consequences is equal to 0 if we could consider an infinite (very large) number of similar projects of type II Ef[C]: the average value if we could consider an infinite (very large) number of similar projects of type II If you have a large number of such projects, project II is most attractive as it gives the best average value. In general it is not possible to say as it depends on the decision maker’s preferences. Project II may for example be rejected because of rather high probability of a loss of 100. VaR = 0 ( 0 is the value so that P(C ≤ VaR) = 0.90 (or at least 0.90) – for project I the level is not 90% but 99%
73
Suppose now in this problem that the probabilities in the table above (problem 2) express a risk analyst’s degrees of belief. Consider a risk characterization (C’,Q,K). Explain what this characterization means in relation to the table. How would you extend the characterization given by the table to make it in line with the recommendations of the curriculum. Suppose the probabilities in the table are conditional on an assumption V. In case this assumption is not correct, there is another similar table characterizing the risk. Suppose there is considerable uncertainty about the correctness of V. A risk analyst suggests dealing with this issue by assigning a probability of V being correct and presenting risk by a new updated probability distribution (C’,P). What is your response to this suggestion? Does it solve the issue of reflecting the risk related to the assumption?
Solution So the probabilities P are knowledge-based probabilities. C’: the consequences specified in the table (-100, 0, 100) Q: P (C’,Q,K): would like to add Strength of knowledge judgments (SoK) to P, and the knowledge that the assessment Q and C’ are based. Could also consider other C’ values. No, need to include SoK: P in the tables and P(V) could to varying be based on strong knowledge and that needs to be reflected.
74
Use the boulder example from the curriculum to explain what vulnerability means. Use both symbols and daily language. Discuss in general to what extent a system that is considered not vulnerable (i.e. is robust) could have undesirable consequences for some possible events A.
Solution A: boulder dislodges from the ledge Vulnerability: (C,U|A) potential for fatalities or injuries given the boulder is dislodged from the ledge – combination of fatalities/injuries C and associated uncertainties U, given event A Two main points: i) not vulnerable (robust) means that the conditional ‘risk’ (description), (C’,Q,K|A’), is judged small for a given A’ - and hence not likely undesirable consequences occur - but there is some probability so undesirable consequences may occur, also surprises may occur relative to the knowledge of the analysts leading to undesirable consequences. ii) for some As, we cannot require i) but the total risk contribution (A’,Q,K) should be judged small - for such As it could be rather likely to have undesirable consequences.
75
Suppose for scenario 1, an expected number of fatalities of 10 is specified. And suppose no fatalities for the other scenarios. Suppose the expected rate of fires is 2 per year. Compute the PLL value for this tree and a FAR value assuming the number of exposed hours in a year is 1 million. What changes are needed to compute P(N ≥ n), for n=1,2, ... and N being the number of fatalities. Discuss to what extent PLL and FAR in this example can be good individual risk metrics.
Solution P(scenario 1|fire) = 0.1 x 0.3 x 0.5 = 0.015 = 1.5% P(fire scenario 1) = 0.015 x 2 = 0.03 (a good approximation) Expected number of fatalities= 10 x 0.03 = 0.30 PLL = 0.30 FAR = (0.30/106)108 = 30 Need to specify probabilities for different numbers of fatalities for scenario 1, we need P(N=n|fire scenario 1) or P(N ≥ n|fire scenario 1) PLL is not a good metric as such as it just presents the expected number of fatalities per year. If we divide it on the number of people exposed which produces the average individual risk (AIR) and the people have about the same level of risk, this is suitable as an individual risk metric. FAR is suitable if the persons exposed have about the same risk level.
76
Problem 6 i) A person states that the main purpose of a risk assessment is to improve the understanding of risk and in this way reduce risk. Is the person right, according to the curriculum? Explain. ii) Discuss to what extent the purpose of risk assessment is to accurately determine risk.
Solution i) It is not accurate. A main purpose is to improve the understanding of risk and this could lead to reduced risk, but not necessarily: risk assessment can also be used as a basis for a selection of an alternative with higher risk. ii) This is not a general formulation of the goal of a risk assessment according to the curriculum. We may seek to accurately determine (estimate, predict) C’ but a main goal of the assessment is also to characterize the uncertainties related to the judgments about C’. The idea is more relevant when the thinking (perspective) is that there exists an underlying true risk that one seeks to estimate (for example if risk was defined by (C’,Pf)). However, if that was the case, risk assessment would fail in case of large uncertainties as accurate estimates cannot be made. Also it can be a problem to define that underlying true risk.
77
a) A person perceives the risk related to an event as high noting that the event is of a new type, the knowledge is weak, there is delays in effect and there is a potential for severe consequences. An expert claims that this person overrates the risk. Is the expert right? Explain. . b) A person argues that trust in relation to public safety is not really what we aim at, rather it should be ‘critical trust’. Discuss this view.
Solution a) The expert could be right as risk perception theory concludes that people amplify risk in such cases. However, it may be problematic to conclude that the risk is overrated. Overrated indicates there is a reference level to compare with but that may not be the case, in particular in cases of large scientific uncertainties. b) The book argues for a critical trust, not a blind, acceptance trust. A point being made is that authorities are faced with dilemmas and to avoid panic etc. they may not be fully open about certain issues, there could also be overall goals and policies that make them not be fully open. Thus people need to be somewhat critical not accepting everything and have questions, without being going to the extreme of rejecting everything (distrust).
78
Problem 8 Nina is risk manager in a company and considers removing some risks from the action table because they are judged very small. Discuss to what extent this is a good policy.
Solution See problem 8.13 and p. 359 in book. It is possible to give good answers to problem 8 without talking about de minimis risk as in Problem 8.13 in the book. One can argue that no risk should be fully ignored, always have them on the list acknowledging that surprises can occur, the knowledge/assumptions can be wrong, and think resilience and robustness. At the same time as discussed on page 359, there are resource limitations and therefore some risks need to be given priority to and others not – then the text on p. 359 is relevant.
79
Problem 9 A person states that ICAF is the ratio between the cost and the number of saved lives. Is the person right? Explain. Another person states that it would a good idea to define VSL by saying that VSL/M is the maximum one is willing to pay to reduce the expected number of fatalities by 1/M, where M is a large number, for example 1000. What is your comment to this suggestion?
Solution We normally define ICAF by the ratio of expected cost and expected number of saved lives for a measure. It may be a good idea as the normal definition refers to a reduction in the expected number of fatalities by 1 which could be outside the range of interest. By the factor M, a more reasonable range is considered and it may be easier to specify VSL. Often VSL is specified as a general rule and one does not need to make specifications for each project or measure.
80
Problem 10 Risk science is the most updated and justified knowledge on risk fundamentals (concepts), risk assessment, risk perception, risk communication and risk management and governance. Is this knowledge static in time? Explain. Can it be contested? Is science one voice? Discuss
Solution No as for any science, it develops over time, it is the most updated and justified at a specific point in time. Yes what is the best is always discussed/contested, typically there are different schools, advocating for their perspectives and beliefs. This also means that science is not one voice. It is highly problematic when trying to reduce science to one view as developments require discussions and beliefs are questioned etc.
81
A) Explain how risk is defined in curriculum.
A) We consider a future activity [interpreted in a wide sense to also cover, for example, natural phenomena], for example the operation of a system, and define risk in relation to the consequences (effects, implications) of this activity with respect to something that humans value. The consequences are often seen in relation to some reference values (planned values, objectives, etc.), and the focus is often on negative, undesirable consequences. There is always at least one outcome that is considered as negative or undesirable. Risk is the consequences C of the activity and associated uncertainties U.
82
B) Give also a general risk description and present briefly the key components.
A) A general risk description is the triplet (C’,Q,K), where C’ is some specified consequences, Q a measure of uncertainty associated with C’ (typically probability), and K the background knowledge that supports C’ and Q (which includes a judgment of the strength of this knowledge)
83
C) What are the main benefits of such a set-up, i.e. distinguishing between how we define risk and how we describe risk?
B) This allows for different descriptions of risk to be used depending on the situation at hand. It also stimulate discussion and reflections what is a good description of risk
84
Besides being able to label past events, how does the Black swan metaphor as defined by Aven improve risk analysis?
Besides being able to label past events, the Black swan metaphor as defined by Aven improve risk analysis by putting more focus on the knowledge supporting the risk description. It suggests that surprises relative to one’s beliefs may occur which in terms means that the knowledge supporting the risk description should be highlighted/investigated. A key point is that the knowledge could be wrong, and surprises occur. The focus on the metaphor helps us addressing that type of issue and risk
85
A risk analyst has introduced a Bernoulli probability model with parameter p, the probability that a new type of law will be passed. The analyst has further specified a 90% credibility interval for p, to inform the management of a company that will be affected by the law. A) Do you agree with this approach? Why/why not? . . B) Generally, in what sense does an approach like this (Bernoulli probability model with parameter p) address both variation and uncertainty? Illustrate with an example.
A) The approach should not be used in this case. It assumes that there exists a true frequentist probability of the law being passed. However, this is a unique situation where a frequentist probability cannot be meaningfully defined or estimated. B) We can think an experiment where a pin is thrown and either will land with the tip down or up. In such a case, the parameter p reflects the variation in the outcomes if the experiment was repeated a huge number of times. The credibility interval reflects my uncertainty about the value of p.
86
A risk analyst states that probabilities only should be introduced in risk assessments if there is enough data available to estimate them precisely. A) Given what you have learned in this course, what would your response be? . . The analyst further states that avoiding the worst outcome should always be the sole focus in risk assessments when probabilities cannot be estimated precisely. B) Present an argument against this statement.
A) The statement assumes that the only type of probabilities that can be used in risk assessments are frequentist probabilities. However, subjective probabilities, expressing the analyst’s degree of belief, can also be used. Supplemented with strength of knowledge considerations, such probabilities can convey insights about risk even when data is scarce. B) Two arguments discussed in class: - A worst case is hard to define. In practical situations, one could almost always think of a way the outcome can be worse. - Outcomes with very, very low (subjective) probability can be given too much weight in the decision-making.
87
A) Based on the distribution, give a 90% credibility interval and provide an interpretation of this interval. . . B) Give an example of when you as a risk analyst would assign an imprecise probability [𝑃(𝐴),𝑃(𝐴)] and provide an interpretation this probability statement.
A) A 90% credibility interval is [0.5, 0.6] (or [0.3, 0.5]). The assessor has the same degree of belief that λ is in the interval as drawing a red ball out of an urn where 9 out of 10 balls are red. . .B) As input to my risk assessment, I may have two experts expressing P(A)=0.2 and P(A)=0.3. Then I could express my uncertainty about the occurrence of A with the imprecise probability [0.2, 0.3]. The statement means that I compare my uncertainty about the occurrence of A with drawing a red ball out of an urn with 10 balls where 2 or 3 balls are red.
88
A) Give an example of how a coarse risk analysis method could be used in conjunction with event tree analysis. You can for example use the context of a tunnel risk assessment to illustrate. . B) You are carrying out a road tunnel risk assessment. The client who has ordered the assessment tells you that they plan to use PLL=0.2 as the criterion to decide upon acceptable risk for the tunnel. Do you support this approach? Why/why not?
A) Coarse risk analysis is first carried out to obtain a crude risk picture with modest effort. We can think of a situation where the coarse analysis identifies an event that could have catastrophic consequences if it were to occur, for example a severe car fire during a traffic jam in the tunnel. To study the consequences more in detail, and to assign probabilities to the different outcomes of the event, an event tree analysis is carried out.. . B) PLL is the expected number of fatalities (typically for a year) and has limitations in the way risk is reflected. Hence, it should not be used as a sole criterion for accepting the risk. There could be large deviations from the expected value, an aspect better captured by a f-N diagram. The strength of knowledge supporting the PLL number is neither taken into account with the approach. The assessment results should also be considered in light of the ALARP principle.
89
One day you get a call from a person claiming she is working in a facility dealing with different kinds of genetically modified species. She is concerned. Very concerned. Particularly about how they manage the risk involved. She has seen you on television and knows you are a reputable expert within the risk field and decided to call you up and ask for advice on how they should go about manage their risk. Her first question is: A) What are the main strategies for risk management? . . She says she is particularly concerned about spilling such species into the environment and the long-term effects it might have. She even mentions deep uncertainty. She continues to ask: B) What strategies would you recommend us to focus on and why?
A) The main strategies for risk management are: 1) Risk assessment informed strategies 2) Robustness, resilience-based strategies and cautionary/precautionary based strategies 3) Dialogue based strategies . . B) Here she could use Risk informed strategies, identifying potential events, assessing the uncertainty involved, producing strength of knowledge judgements as well as making considerations about black swans in order to provide the decision maker with insights about the risk involved. Moreover, due to the uncertainty involved, she could also make use of cautionary/precautionary based strategies letting caution be the ruling principle, for example by not continue with the activities they do, or by implementing measures even if they are inefficient seen from a purely economic standpoint. They could also make use of principles for resilience and robustness improving the capability to cope with surprises.
90
Assume that the reliability of each detector is pn=0.9 and that the reliability of the deluge system is pDS= 0.99. Further, assume that the components fail independently. A) Calculate the reliability of the system exactly for both strategies. . . B) List the minimal cut sets and calculate the reliability approximately.
A) Strategy A - Reliability: (1-qD1qD2)*(1-qD3qD4)*pDS = 0.970299 ≈ 0.97 Strategy B - Reliability: (1- (1-pD1*pD3)*(1-pD2*pD4))*pDS= 0.954261 ≈ 0.95 . . B) Minimal cut sets Strategy A - (D1,D2) (D3,D4) (DS) Approximation: 1-(qD1qD2 + qD3qD4 + qDS) = 0.97 Minimal cut sets strategy B - (D1,D2) (D1,D4) (D3,D2) (D3, D4) (DS) - Approximation: 1-(qD1qD2 + qD1qD4 + qD3qD2 + qD3qD4 + qDS) = 0.95
91
Suppose you are the chief risk officer in a multinational mining company. Some of your risk analysts say there is a considerable risk related to the working environment in one of the mines. Besides heat, humidity and darkness, the workers are exposed to a fine grained type of dust, which may cause cancer. To meet this risk, one option is to install a vent system which removes the fine grained dust. This is expected to cost of 40 mill dollars and is expected to save 10 lives during the lifetime of the mine. . A) How would you decide upon whether to install the vent system using ICAF? Make assumptions as necessary . B) What are the advantages and disadvantages of using this approach?
A) ICAF = 40/10 = 4mill dollar. Suppose the company defines the value of a statistical life to be VSL=5 mill dollars. Then ICAF
92
What is the difference between applied risk analysis and generic risk analysis? . . Give an example of generic risk analysis?
Applied risk analysis supports risk knowledge generation and communication in relation to specific activities and supports the tackling of specific risk problems or issues. Generic risk analysis covers generic concepts, principles, approaches and methods on how to understand, assess, characterize, communicate, manage and govern risk. . . One example is the research done at the university of Stavanger, where they do research related to inter alia generic concepts, principles, approaches and methods on how to understand, assess, characterize, communicate, manage and govern risk.
93
A) Suppose we define risk = “the probability of an unfortunate event occurring”. Present an argument against this definition of risk. . B) Suppose we define risk = “Value at Risk”. Present two arguments against this definition of risk
A) 1) The definition does not highlight the knowledge supporting the probability. Another argument is that it does not reflect the consequences of the event . B) 1) Value at risk does not say anything about the “shape” of the distribution beyond the quantile value. 2) Nor does it reflect the knowledge which this number is based on.
94
A) Explain the concept of resilience.
A) Resilience is a system’s ability to sustain and restore its functionality given some disruption, threat, hazard and/or opportunity
95
B) Give an example how risk considerations can contribute to resilience.
A) One example is hazard/threat identification. This helps identifying what disruptions, threats, hazards and/or opportunities that may occur.
96
C) If a system is judged antifragile, would you say that there is still risk for bad outcomes? Why/why not?
C) Yes, there is still risk as there is still a potential for bad outcomes, negative consequences and associated uncertainties.
97
A risk analyst has introduced a Bernoulli probability model and estimated the parameter p, the failure probability of a safety barrier given an initiating event A, to be p*= 0.015. A) Provide an interpretation of p . B) Is it correct to say that p* is a measure of the analyst’s uncertainty? Why/why not?. . The analyst further states that she has confidence in the estimate as she has generated the quite narrow 90% confidence interval [0.013, 0.017]. C) How should her statement be interpreted?
A) The parameter p is interpreted as the fraction of times the safety barrier fails given event A, if the situation was repeated over and over again, towards infinity. . B) No, p* is the analyst’s best estimate of p, and as such, is not a measure of the analyst’s uncertainty. . C) If the “experiment” of generating the interval was repeated over and over again, towards infinity, p would be in the interval 90% of the times. When the interval generated is narrow, the analyst feels confident that p* is quite close to p.
98
Task 4A risk analysis group is asked to do a fire safety risk assessment of a new large mall. The mall has a novel design and uses new types of surface materials with unknown fire properties. The group has to decide which risk analysis method to use in order to provide an estimate of how much the assessment will cost the client. They use a risk-based approach and reason that large mall fires with fatalities are very rare, and hence, the expected consequences are moderate. Based on this reasoning they choose standard risk analysis. A) Do you agree with their choice? Why/Why not? . . B) Give a simple example (one or two sentences) of what each of the following risk analysis methods could be used for in the above mall risk assessment.  SWIFT  FMEA  Fault tree analysis  Bayesian networks  Event tree analysis
A) No, they have to also consider uncertainty factors that can lead to large deviations from the expected value. In this case, this should lead to the conclusion that a model-based risk analysis should be chosen. There are uncertainty factors such as novel design and new materials present that could lead to large deviation from the expected value. . . B) SWIFT - Identify initiating fire events to be analysed further. For example, what if there is a fire outbreak in the kitchen of the large café mid-day? FMEA – Identify and rank failure modes for the fire alarm system Fault tree analysis - Assess the probability of failure in a safety barrier, e.g. a sprinkler system. Bayesian networks - Assess likely causes of a severe fire event to find suitable preventive measures. Event tree analysis - Assess possible outcomes, with associated probabilities, given an initiating fire.
99
An investment expert assesses the value of a particular investment one year from today. He states that he is 90% certain that the value will be in the interval [1000000$, 1300000$]. . A) Provide an interpretation of the statement. . B) What type of interval has the expert specified? . C) Would it be sound for a decision-maker to require any additional characterization of the uncertainties involved? Why/why not?
A) The expert states that his belief that the investment is in the interval one year from now is the same as drawing a favourable ball out of an urn with ten balls where nine are favourable. . . B) Prediction interval . . C) Yes, the strength of knowledge is not reflected by the interval. The following should for example be considered by the decision-maker:  Is there relevant data available to support the judgement?  Would other experts agree?  Do the prediction models used tend to provide accurate results?  Is there uncertainty associated with the assumptions made?
100
Below is a fault tree diagram with the top event that the reserve parachute of a skydiver fails. Assume that the basic events are independent and the following probabilities: q1 = 0.2 q2 = 0.05 q3 = 0.1 q4 = 0.005 A) Calculate the probability of the top event approximately by using the minimal cut set approach. . B) Calculate the probability of the top event exactly.¨. . . C) Say you got updated knowledge that failure of the auto activation device in some cases causes the rip chord to break. Would you conclude that the top event probability should be lower, the same, or higher than your initial estimate? Why/why not?
A) P(top event) ≈ q1q2+q1q3+q4 = 0.2*0.05 + 0.2*0.1 + 0.005 = 0.035 . . B) P(top event) = 1 – p4[1 – q1(1 – p2p3)] = 1 – 0.995[1 - 0.2(1 – 0.95*0.9)] = 0.033855 . . C) Higher. The new knowledge indicates that Event 1 has a higher probability than 0.2 if Event 3 or 4 occur.
101
You are involved in carrying out a tunnel safety risk assessment. A member of the team suggests to characterize the risk with a PLL value, supplied with SoK judgements. Since you have taken RIS500, you immediately recognize that this approach does not sufficiently highlight the possibility of large-scale accidents in the tunnel. A) What alternative risk characterization/risk picture would you suggest in order to better highlight the possibility of large-scale accidents? . . B) Give an example of a situation where an expected value, supplied with strength of knowledge judgements, could be an informative way of characterizing risk.
A) An approach that shows the consequences and probabilities in two separate dimensions should be chosen, supplied with SoK judgments. For example, a f-N curve or a probability distribution over the number of fatalities. . . B) In situations where it is considered extremely unlikely that the outcome will deviate much from the expected value, typically when we consider large populations. For example, we can be confident that the number of traffic deaths in Norway in 2021 will be quite close the previous 5-year average.
102
A) What is the cautionary principle?
A) The cautionary principle is a principle that says that if the consequences of an activity could be serious and subject to uncertainties, then cautionary measures should be taken, or the activity should not be carried out.
103
B) Discuss to which extent the principle supports protection or development
B) Following the principle means that when facing uncertainty caution should be the ruling principle. Accordingly, we can implement risk reducing measures even if they are seen as inefficient seen from a purely economic standpoint (or in the more extreme cases, not starting the activity considered at all). Hence, we go beyond the expected benefits of the risk reducing measures, meaning that protection is highlighted rather than development.
104
A) What is the purpose of management review and judgement?
A) The risk analysis can have limitations and weaknesses. It might for example be scoped so that it does not address political risk or be based on many assumptions that are more or less strong. There might also be other types of analysis, say economic analysis, as well as other perspectives that are not taken into consideration in the assessment. The decision maker needs to take all of this into consideration when making a decision. Moreover, the decision maker might also have different knowledge than the analyst and can also ask critical questions, and potentially find potential black swans.
105
) What does it mean that the risk assessment informs the decision? (as opposed to the decision being risk based)
B) As indicated in A) the decision basis is made up of more than just a risk description, hence we say that the risk assessment informs, or supports, the decision. It does not ‘automatically’ prescribe what the decision should be.
106
A) What is applied risk analysis? Also give an example
A) Applied risk analysis supports risk knowledge generation and communication in relation to specific activities and supports the tackling of specific risk problems or issues. Examples are for example the risk analysis of climbing mount Everest or risk analysis of attacks on SCADA systems.
107
B) Explain how generic risk analysis provides insights to applied risk analysis.
B) Generic risk analysis covers generic concepts, principles, approaches, and methods on how to understand, assess, characterize, communicate, manage and govern risk. This knowledge can be used for solving real risk problems and issues.
108
C) Explain the role of experts in Risk analysis? Give also an example.
C) In risk analysis we distinguish between two types of experts. Experts providing knowledge about the activity under consideration and experts in risk analysis. They both contribute to the applied part and the generic part of risk analysis. As an example, we can consider the applied case of doing a risk assessment related to the spread of a virus. One kind of expert could be a physician providing insights into how the virus develops and infects other people. Another kind of expert could be a risk analysis expert providing insights into what strategies we can use in order to manage the risk.