Risk Analysis Risk Analysis: Assessing Uncertainties beyond Expected Values and Probabilities  2008 John Wiley & Sons, Ltd ISBN: 978-0-470-51736-9 T Aven Risk Analysis Assessing Uncertainties beyond Expected Values and Probabilities Terje Aven University of Stavanger, Norway Copyright  2008 John Wiley & Sons Ltd, The Atrium, Southern Gate, Chichester, West Sussex PO19 8SQ, England Telephone (+44) 1243 779777 Email (for orders and customer service enquiries): cs-books@wiley.co.uk Visit our Home Page on www.wileyeurope.com or www.wiley.com All Rights Reserved No part of this publication may be reproduced, stored in a retrieval system or transmitted in any form or by any means, electronic, mechanical, photocopying, recording, scanning or otherwise, except under the terms of the Copyright, Designs and Patents Act 1988 or under the terms of a licence issued by the Copyright Licensing Agency Ltd, 90 Tottenham Court Road, London W1T 4LP, UK, without the permission in writing of the Publisher Requests to the Publisher should be addressed to the Permissions Department, John Wiley & Sons Ltd, The Atrium, Southern Gate, Chichester, West Sussex PO19 8SQ, England, or emailed to permreq@wiley.co.uk, or faxed to (+44) 1243 770620 This publication is designed to provide accurate and authoritative information in regard to the subject matter covered It is sold on the understanding that the Publisher is not engaged in rendering professional services If professional advice or other expert assistance is required, the services of a competent professional should be sought Other Wiley Editorial Offices John Wiley & Sons Inc., 111 River Street, Hoboken, NJ 07030, USA Jossey-Bass, 989 Market Street, San Francisco, CA 94103-1741, USA Wiley-VCH Verlag GmbH, Boschstr 12, D-69469 Weinheim, Germany John Wiley & Sons Australia Ltd, 42 McDougall Street, Milton, Queensland 4064, Australia John Wiley & Sons (Asia) Pte Ltd, Clementi Loop #02-01, Jin Xing Distripark, Singapore 129809 John Wiley & Sons Canada Ltd, 6045 Freemont Blvd, Mississauga, ONT, L5R 4J3 Wiley also publishes its books in a variety of electronic formats Some content that appears in print may not be available in electronic books British Library Cataloguing in Publication Data A catalogue record for this book is available from the British Library ISBN 978-0-470-51736-9 Typeset in 10/12pt Times by Laserwords Private Limited, Chennai, India Printed and bound in Great Britain by TJ International, Padstow, Cornwall Contents Preface Part I ix Theory and methods 1 What is a risk analysis? 1.1 Why risk analysis? 1.2 Risk management 1.2.1 Decision-making under uncertainty 1.3 Examples: decision situations 1.3.1 Risk analysis for a tunnel 1.3.2 Risk analysis for an offshore installation 1.3.3 Risk analysis related to a cash depot 13 13 14 14 What is risk? 2.1 Vulnerability 2.2 How to describe risk quantitatively 2.2.1 Description of risk in a financial context 2.2.2 Description of risk in a safety context 17 21 22 24 25 The risk analysis process: planning 3.1 Problem definition 3.2 Selection of analysis method 3.2.1 Checklist-based approach 3.2.2 Risk-based approach 29 29 34 35 36 The risk analysis process: risk assessment 4.1 Identification of initiating events 4.2 Cause analysis 4.3 Consequence analysis 4.4 Probabilities and uncertainties 4.5 Risk picture: Risk presentation 4.5.1 Sensitivity and robustness analyses 4.5.2 Risk evaluation 39 39 40 41 43 44 48 49 vi CONTENTS The risk analysis process: risk treatment 5.1 Comparisons of alternatives 5.1.1 How to assess measures? 5.2 Management review and judgement 51 51 53 55 Risk 6.1 6.2 6.3 57 57 62 64 69 70 71 72 74 76 78 80 80 83 6.4 6.5 6.6 6.7 6.8 6.9 Part II analysis methods Coarse risk analysis Job safety analysis Failure modes and effects analysis 6.3.1 Strengths and weaknesses of Hazard and operability studies SWIFT Fault tree analysis 6.6.1 Qualitative analysis 6.6.2 Quantitative analysis Event tree analysis 6.7.1 Barrier block diagrams Bayesian networks Monte Carlo simulation an FMEA Examples of applications Safety measures for a road tunnel 7.1 Planning 7.1.1 Problem definition 7.1.2 Selection of analysis method 7.2 Risk assessment 7.2.1 Identification of initiating events 7.2.2 Cause analysis 7.2.3 Consequence analysis 7.2.4 Risk picture 7.3 Risk treatment 7.3.1 Comparison of alternatives 7.3.2 Management review and decision 85 87 87 87 88 88 88 90 90 94 95 95 95 Risk analysis process for an offshore installation 8.1 Planning 8.1.1 Problem definition 8.1.2 Selection of analysis method 8.2 Risk analysis 8.2.1 Hazard identification 8.2.2 Cause analysis 8.2.3 Consequence analysis 97 97 97 98 98 98 98 100 CONTENTS 8.3 8.4 vii Risk picture and comparison of alternatives 103 Management review and judgement 104 Production assurance 9.1 Planning 9.2 Risk analysis 9.2.1 Identification of failures 9.2.2 Cause analysis 9.2.3 Consequence analysis 9.3 Risk picture and comparison of alternatives 9.4 Management review and judgement Decision 105 105 105 105 106 106 108 109 10 Risk analysis process for a cash depot 10.1 Planning 10.1.1 Problem definition 10.1.2 Selection of analysis method 10.2 Risk analysis 10.2.1 Identification of hazards and threats 10.2.2 Cause analysis 10.2.3 Consequence analysis 10.3 Risk picture 10.4 Risk-reducing measures 10.4.1 Relocation of the NOKAS facility 10.4.2 Erection of a wall 10.5 Management review and judgment Decision 10.6 Discussion 111 111 111 112 113 113 113 116 118 120 120 121 121 122 11 Risk analysis process for municipalities 11.1 Planning 11.1.1 Problem definition 11.1.2 Selection of analysis method 11.2 Risk assessment 11.2.1 Hazard and threat identification 11.2.2 Cause and consequence analysis Risk 11.3 Risk treatment picture 123 123 123 124 124 124 125 128 131 131 131 132 132 132 135 137 138 12 Risk analysis process for the entire enterprise 12.1 Planning 12.1.1 Problem definition 12.1.2 Selection of analysis method 12.2 Risk analysis 12.2.1 Price risk 12.2.2 Operational risk 12.2.3 Health, Environment and Safety (HES) 12.2.4 Reputation risk viii CONTENTS 12.3 12.4 Overall risk picture 140 Risk treatment 141 13 Discussion 13.1 Risk analysis as a decision support tool 13.2 Risk is more than the calculated probabilities and expected values 13.3 Risk analysis has both strengths and weaknesses 13.3.1 Precision of a risk analysis: uncertainty and sensitivity analysis 13.3.2 Terminology 13.3.3 Risk acceptance criteria (tolerability limits) 13.4 Reflection on approaches, methods and results 13.5 Limitations of the causal chain approach 13.6 Risk perspectives 13.7 Scientific basis 13.8 The implications of the limitations of risk assessment 13.9 Critical systems and activities 13.10 Conclusions 145 147 149 152 152 154 157 159 161 166 A Probability calculus and statistics A.1 The meaning of a probability A.2 Probability calculus A.3 Probability distributions: expected value A.3.1 Binomial distribution A.4 Statistics (Bayesian statistics) 167 167 168 170 171 172 143 143 144 145 B Introduction to reliability analysis 173 B.1 Reliability of systems composed of components 173 B.2 Production system 175 B.3 Safety system 175 C Approach for selecting risk analysis C.1 Expected consequences C.2 Uncertainty factors C.3 Frame conditions C.4 Selection of a specific method methods 177 177 179 179 180 D Terminology 183 D.1 Risk management: relationships between key terms 186 Bibliography 187 Index 193 Preface This book is about risk analysis – basic ideas, principles and methods Both theory and practice are covered A number of books exist presenting the many risk analysis methods and tools, such as fault tree analysis, event tree analysis and Bayesian networks In this book we go one step back and discuss the role of the analyses in risk management How such analyses should be planned, executed and used, such that they meet the professional standards for risk analyses and at the same time are useful in a practical decision-making context In the book we review the common risk analysis methods, but the emphasis is placed on the context and applications By using examples from different areas, we highlight the various elements that are part of the planning, execution and use of the risk analysis method What are the main challenges we face? What type of methods should we choose? How can we avoid scientific mistakes? The examples used are taken from, among others, the transport sector, the petroleum industry and ICT (Information and Communication Technology) For each example we define a decision-making problem, and show how the analyses can be used to provide adequate decision support The book covers both safety (accidental events) and security (intentional acts) The book is based on the recommended approach to risk analysis described and discussed in Aven (2003, 2007a, 2008) The basic idea is that risk analysis should produce a broad risk picture, highlighting uncertainties beyond expected values and probabilities The aim of the risk analysis is to predict unknown physical quantities, such as the explosion pressure, the number of fatalities, costs and so on, and assess uncertainties A probability is not a perfect tool for expressing the uncertainties We have to acknowledge that the assigned probabilities are subjective probabilities conditional on a specific background knowledge The assigned probabilities could produce poor predictions The main component of risk is uncertainty, not probability Surprises relative to the assigned probabilities may occur and by just addressing probabilities such surprises may be overlooked It has been a goal to provide a simplified presentation of the material, without diminishing the requirement for precision and accuracy In the book, technicalities are reduced to a minimum, instead ideas and principles are highlighted Reading the book requires no special background, but for certain parts it would be beneficial to have a knowledge of basic probability theory and statistics It has, however, been a goal to reduce the dependency on extensive prior knowledge of probability theory and statistics The key statistical concepts are introduced and discussed thoroughly in the book Appendix A summarises some basic probability theory and x PREFACE statistical analysis This makes the book more self-contained, and it gives the book the required sharpness with respect to relevant concepts and tools We have also included a brief appendix covering basic reliability analysis, so that the reader can obtain the necessary background for calculating the reliability of a safety system This book is primarily about planning, execution and use of risk analyses, and it provides clear recommendations and guidance in this context However, it is not a recipe-book, telling you which risk analysis methods should be used in different situations What is covered is the general thinking process related to the planning, execution and use of risk analyses Examples are provided to illustrate this process The book is based on and relates to the research literature in the field of risk, risk analysis and risk management Some of the premises for the approach taken in the book as well as some areas of scientific dispute are looked into in a special “Discussion” chapter (Chapter 13) The issues addressed include the risk concept, the use of risk acceptance criteria and the definition of safety critical systems The target audience for the book is primarily professionals within the risk analysis and risk management fields, but others, in particular managers and decisionmakers, can also benefit from the book All those working with risk-related problems need to understand the fundamental principles of risk analysis This book is based on a Norwegian book on risk analysis (Aven et al 2008), with co-authors Willy Røed and Hermann S Wiencke The present version is, however, more advanced and includes topics that are not included in Aven et al (2008) The terminology used in the book is summarised in Appendix D It is to a large extent in line with the ISO standard on risk management terminology, ISO (2002) Our approach means a humble attitude to risk and the possession of the truth, and hopefully it will be more attractive also to social scientists and others, who have strongly criticised the prevalent thinking of risk analysis and evaluation in the engineering environment Our way of thinking, to a large extent, integrates technical and economic risk analyses and the social scientist perspectives on risk As a main component of risk is uncertainty about the world, risk perception has a role to play to guide decision-makers Professional risk analysts not have the exclusive right to describe risk Acknowledgements A number of individuals have provided helpful comments and suggestions to this book In particular, I would like to acknowledge my co-authors of Aven et al (2008), Willy Røed and Hermann S Wiencke Chapters and 11 are mainly due to Willy and Hermann; thanks to both I am also grateful to Eirik B Abrahamsen and Roger Flage for the great deal of time and effort they spent reading and preparing comments For financial support, thanks to the University of Stavanger, and the Research Council of Norway I also acknowledge the editing and production staff at John Wiley & Sons for their careful work Stavanger Terje Aven APPROACH FOR SELECTING RISK ANALYSIS METHODS 179 Figure C.1 Risk matrix for water supply example Expected consequences given the occurrence of a failure C.2 Uncertainty factors A scheme for assessing factors that can produce significant deviation between the expected value and the actual consequence is shown in Table C.2 The questions refer to the complexity of the technology, organisation, available information and time frames for the assessment Other factors can also be relevant, such as manageability and design vulnerabilities Risk matrix in Figure C.2 summarises the results from Table C.2 for the example The same principle used for risk matrix (see Section C.1) is used in the transfer of the information from the Table C.2 to the matrix Figure C.2 In the example, the score for uncertainty is “low”; in other words, we not envisage any surprises with respect to the expected value analysis carried out above We have a good understanding of the system and the problems involved Hence the recommendation is now a simplified risk analysis C.3 Frame conditions Prior to making a final decision on whether a simplified, standard or model-based risk analyis method is to be used, the framework conditions such as time, budget and available information must be analysed Table C.3 shows a scheme that can be used for analysing the framework conditions, using again the water supply example In the light of these analyses, it was concluded that a standard risk analysis method should be used 180 APPROACH FOR SELECTING RISK ANALYSIS METHODS Table C.2 Factors that can produce significant deviation between the expected value and the actual consequences – an example from water supply operations Failure of the ICT system (either with respect to availability, confidentiality or integrity) Score Low Medium High Low Medium High High Medium Low Short Medium Long Important factors (that could cause large deviations between expected values and the actual consequences) outcomes Complexity of technology (unproven, interface with other systems and geographical distribution) Complexity of organisation (complex user organistion, many interface, ICT competences, safety culture, etc.) Availability of information (project phases: design, construction and operation) Time frame to evaluate lifetime of a systems Figure C.2 Risk matrix for water supply example C.4 Selection of a specific method Both the checklist-based procedure presented in Section 3.2.1 and the risk-based one presented in Section 3.2.2 and expanded on in this appendix have the goal Limited time Can use experiences from similar systems (checklists) Schedule for the risk and vulnerability analysis Experiences with similar systems (national or international) Rules and regulations (requirements) Limited budget and competences on risk analysis Action list Available resources for the risk and vulnerability analysis (budget and personnel) Frame conditions Aim of the analysis Simplified risk analysis Has some experience Compentence in risk analysis is required, and good understanding of the system Moderate time requirement Overall risk picture, and prioritised action list Standard risk analysis Requires experience with model-based risk analysis, and good understanding of the system Require time for collecting data and establish models New system Need to establish models to understand the system – events and consequences Overall risk picture, quantitative results and prioritised action list Model-based risk analysis Analysis required and competences needed Argument/comments No requirement for specific methods Similar systems are used by a number of other water supply companies To be completed this year Understand the threats/hazards exposing the system and the vulnerability of the system Prioritising of measures Good internal competence on the system Limited recourses for external assistance if necessary Table C.3 Frame conditions (example from a water supply operation) APPROACH FOR SELECTING RISK ANALYSIS METHODS 181 182 APPROACH FOR SELECTING RISK ANALYSIS METHODS of indicating which category of method should be used: the simplified, standard or model-based method The next step is to select a specific risk analysis method within this category There will be different methods uses for different application areas In Ford et al (2008) an approach is presented for comparing methods, where the following aspects are highlighted: methodology (theoretical basis and approach) analysis subject (branches, individual subjects and complicated systems) experience and competency requirements necessary resources (time, money, etc.) This approach is based on a classification of various risk analysis methods with the aid of a checklist In the next round, the completed checklist can be used in selecting risk analysis methods for specific problems The procedure focuses on ICT system, but it can also be used within other areas D Terminology This appendix summarises some risk analysis and risk management terminologies used in the book Unless stated otherwise, the terminology is in line with the standard developed by the ISO TMB Working Group on risk management terminology (ISO 2002) ISO is the International Organization for Standardization The relationships between the terms and definitions for risk management are shown following the definitions Risk management is part of the broader management processes of organisations Aleatory uncertainty: variation of quantities in a population This definition is not given in the ISO standard Consequence: outcome of an event There may be one or more consequences from an event Consequences may range from positive to negative Consequences may be expressed qualitatively or quantitatively Epistemic uncertainty: lack of knowledge In our framework, uncertainty is the same as epistemic uncertainty In a classical approach to risk analysis, epistemic uncertainty means uncertainty about the (true) value of a parameter of a probability model This definition is not given in the ISO standard Event: occurrence of a particular set of circumstances Initiating event: event with a potential for consequences Interested party: person or group having an interest in the performance of an organisation Risk Analysis: Assessing Uncertainties beyond Expected Values and Probabilities  2008 John Wiley & Sons, Ltd ISBN: 978-0-470-51736-9 T Aven 184 TERMINOLOGY Examples are customers, owners, employees, suppliers, bankers, unions, partners or society A group may be an organisation, part of an organisation, or more than one organisation Observable quantity: quantity expressing a state of the “world,” i.e a quantity of the physical reality or nature, which is unknown at the time of the analysis but will, if the system being analysed is actually implemented, take some value in the future and possibly become known This definition is not given in the ISO standard Probability: a measure of uncertainty of an event, as seen through the eyes of the assessor This definition can be seen as a special case of the definition given by the ISO standard: “extent to which an event is likely to occur.” Risk: combination of the consequences (of an activity) and associated uncertainties (what will the outcome) Probabilities are used to express the uncertainties When risk is quantified in a risk analysis, this definition is in line with the ISO standard definition: “combination of the probability of an event and its consequence.” 10 Risk acceptance: a decision to accept a risk Risk acceptance depends on risk criteria 11 Risk acceptance criterion: a reference by which risk is assessed to be acceptable or unacceptable This definition is not included in the ISO standard It is an example of a risk criterion 12 Risk analysis: systematic use of information to identify initiating events, causes and consequences of these initiating events, and express risk Risk analysis provides a basis for risk evaluation, risk treatment and risk acceptance Information can include historical data, theoretical analysis, informed opinions and concerns of stakeholders 13 Risk assessment: Overall process of risk analysis and risk evaluation 14 Risk avoidance: decision not to become involved in, or action to withdraw from a risk situation The decision may be taken based on the result of risk evaluation 15 Risk communication: exchange or sharing of information about risk between the decision-maker and other stakeholders The information may relate to the existence, nature, form, probability, severity, acceptability, treatment or other aspects of risk TERMINOLOGY 185 16 Risk criteria: terms of reference by which the significance of risk is assessed Risk criteria may include associated costs and benefits, legal and statutory requirements, socio-economic and environmental aspects, concerns of stakeholders, priorities and other inputs to the assessment 17 Risk evaluation: process of comparing risk against given risk criteria to determine the significance of the risk Risk evaluation is used to assist the decision-making process 18 Risk management: coordinated activities to direct and control an organisation with regard to risk Risk management typically includes risk assessment, risk treatment, risk acceptance and risk communication 19 Risk optimisation: maximise the positive consequences and their respective probabilities (uncertainties) In a safety context risk optimisation is focused on reducing the risk 20 Risk quantification: process used to assign values to risk In the ISO standard on risk management terminology, the term risk estimation is used, with the definition “process used to assign values to the probability and consequence of a risk.” 21 Risk reduction: actions taken to reduce risk This definition extends the ISO standard definition: “actions taken to lessen the probability, negative consequences, or both, associated with a risk.” 22 Risk retention: acceptance of the burden of loss or benefit of gain from a risk Risk retention includes the acceptance of risks that have not been identified Risk retention does not include treatments involving insurance, or transfer by other means 23 Risk transfer: share with another party the benefit of gain or burden of loss for a risk Risk transfer may be effected through insurance or other agreements Risk transfer may create new risks or modify existing risk Legal or statutory requirements may limit, prohibit or mandate the transfer of certain risk 24 Risk treatment: process of selection and implementation of measures to modify risk The term risk treatment is sometimes used for the measures themselves Risk treatment measures may include avoiding, optimising, transferring or retaining risk 186 TERMINOLOGY 25 Stakeholder: any individual, group or organisation that may affect, be affected by or perceive itself to be affected by the risk The decision-maker is also a stakeholder The term stakeholder includes, but has a broader meaning than “interested party.” 26 Uncertainty: lack of knowledge, about observable quantities in particular This definition is not given in the ISO standard 27 Vulnerability: combination of the consequences and associated uncertainties given an initiating event This definition is not given in the ISO standard D.1 Risk management: relationships between key terms • Risk assessment – Risk analysis ◦ Identification of initiating events ◦ Cause analysis ◦ Consequence analysis ◦ Risk description – Risk evaluation • Risk treatment — — — — Risk Risk Risk Risk avoidance optimisation transfer retention • Risk acceptance • Risk communication Bibliography Anton, P.S., Anderson, R., Mesic, R and Scheiern, M (2003) The vulnerability assessment & mitigation methodology, Rand Report ISBN 0-8330-3434-0 Apostolakis, G.E and Lemon, D.M (2005) A screening methodology for the identification and ranking of infrastructure vulnerabilities due to terrorism Risk Anal., 24(2), 361–376 AS/NZS 4360 (2004) Australian/New Zealand Standard: Risk management Aven, T (1992) Reliability and Risk Analysis Elsevier, London Aven, T (2003) Foundations of Risk Analysis John Wiley & Sons Ltd., New York, NY Aven, T (2004) Risk analysis and science Int J Reliab., Qual Saf Eng., 11, 1–15 Aven, T (2006) On the precautionary principle, in the context of different perspectives on risk Risk Manage.: Int J., 8, 192–205 Aven, T (2007a) A unified framework for risk and vulnerability analysis and management covering both safety and security Reliab Eng Syst Safe., 92, 745–754 Aven, T (2007b) On the ethical justification for the use of risk acceptance criteria Risk Anal., 27, 303–312 Aven, T (2007c) Identification of safety and security critical systems and activities Submitted for publication Aven, T (2007d) Risk is more than probabilities and expected values Submitted for publication Aven, T (2008) A semi-quantitative approach to risk analysis, as an alternative to QRAs Reliab Eng Syst Safe., 93, 768–775 Aven, T and Abrahamsen, E.B (2007) On the use of cost-benefit analysis in ALARP processes Int J Perform., 3, 345–353 Aven, T., Hauge, S Sklet, S and Vinnem, J.E (2006) Methodology for incorporating human and organizational factors in risk analyses for offshore installations Int J Mater Struct Reliab., 4, 1–14 Aven, T and Jensen, U (1999) Stochastic Models in Reliability, Springer-Verlag, New York, NY Aven, T and Knudsen, B (2007) Reliability and validity of risk analysis Submitted for publication Aven, T and Kristensen, V (2005) Perspectives on risk - Review and discussion of the basis for establishing a unified and holistic approach Reliab Eng Syst Safe., 90, 1–14 Aven, T., Nilsen, E and Nilsen, T (2004) Economic risk - review and presentation of a unifying approach Risk Anal., 24, 989–1006 Risk Analysis: Assessing Uncertainties beyond Expected Values and Probabilities  2008 John Wiley & Sons, Ltd ISBN: 978-0-470-51736-9 T Aven 188 BIBLIOGRAPHY Aven, T and Renn, O (2008a) On risk defined as an event where the outcome is uncertain Submitted for publication Aven, T and Renn, O (2008b) Determining the right level of investments in societal safety and security - the role of quantitative risk assessments Submitted for publication Aven, T., Røed, W and Wiencke, H.S (2008) Risk Analysis The University Press, Oslo (In Norwegian) Aven, T and Vinnem, J.E (2005) On the use of risk acceptance criteria in the offshore oil and gas industry Reliab Eng Syst Safe., 90, 15–24 Aven, T and Vinnem, J.E (2007) Risk Management, with Applications from the Offshore Oil and Gas Industry Springer Verlag, New York, NY Aven, T., Vinnem, J.E and Wiencke, H.S (2007) A decision framework for risk management Reliab Eng Syst Safe., 92, 433–448 Bedford, T and Cooke, R (2001) Probabilistic Risk Analysis Foundations and Methods Cambridge University Publishing Ltd., Cambridge, UK Cabinet Office (2002) Risk: improving government’s capability to handle risk and uncertainty Strategy Unit Report Campbell, S (2005) Determining overall risk J Risk Res., 8, 569–581 Clemen, R.T (1996) Making Hard Decisions 2nd ed Duxbury Press, New York, NY Dondossola, G., Lamquet, O and Masera, M (2004) Emerging standards and methodological issues for the security analysis of power system information infrastructures In Proceedings of the Securing Critical Infrastructures, Grenoble, October 2004 Douglas, E.J (1983) Managerial Economics: Theory, Practice and Problems, 2nd ed Prentice Hall, Englewood Cliffs, NJ Duijm, N.J and Goossens, L (2006) Quantifying the influence of safety management on the reliability of safety barriers J Hazard Mater., 130(3), 284–292 Falla, M (1997) Advances in Safety Critical Systems Results and Achievements from the TI/EPSRC R&D Programme in Safety Critical Systems Compiled M Falla (ed.): June 1997 http://www.comp.lancs.ac.uk/computing/resources/scs/ Fischhoff, B., Lichtenstein, S., Slovic, P., et al (1981) Acceptable Risk Cambridge University Press, Cambridge, UK Ford, E., Aven, T., Wiencke, W and Røed, W (2007) An approach for evaluating methods for risk and vulnerability assessments Proceedings of ESREL 2007 Stavanger, June 25-27 Garrick, B.J et al (2004) Confronting the risks of terrorism: making the right decisions Reliab Eng Syst Safe., 86, 129–176 Gheorghe, A.V., Masera, M Weijnen, M and Vries, L.D (2006) Critical Infrastructures at Risk Springer Verlag, Dordrecht Graham, J.D and Weiner, J.B (eds.) (1995) Risk versus Risk: Tradeoffs I Protecting Health and the Environment, Harvard University Press, Cambridge, UK Guikema, S.D (2007) Modeling Intelligent Actors in Reliability Analysis: An Overview of the State of the Art, in: V.M Bier and N Azaiez (eds.) Combining Reliability and Game Theory, Springer Series on Reliability Engineering In press Guikema, S.D and Aven, T (2008) Assessing Risk from intelligent attacks: a perspective on approaches Submitted for publication Haimes, Y.Y (2004) Risk Modelling, Assessment, and Management 2nd ed John Wiley & Sons Ltd., New York, NY BIBLIOGRAPHY 189 Henley, E.J and Kumamoto, H (1981) Reliability Engineering and Risk Assessment Prentice-Hall, New York, NY Hjorteland, A., Aven, T and Østebø, R (2007) On how to treat uncertainty in regularity analyses, in different project phases Reliab Eng Syst Safe., 92, 1315–1320 Hollnagel, E (2004) Barriers and Accident Prevention, Ashgate Publishers, Aldershot HSE (2001) Reducing Risk, Protecting People HES Books, ISBN 71 762 151 HSE (2003) Guidance on ALARP for Offshore Division Inspectors Making an ALARP Demonstration 1/10-03 HSE (2006) Offshore Installations (Safety Case) Regulations HSE Books, London IEC 61 511 (2003) Functional Safety: Safety Instrumented System for the Process Industry Sector, part 1-3, December 2003 ISO (2002) Risk management Vocabulary ISO/IEC Guide 73 ISO (2005a) ISO/CD 20 815, Petroleum, Petrochemical and Natural Gas Industries - Production Assurance and Reliability Management Committee draft ISO (2005b) Risk Management General Guidelines for Principles and Implementation of RM ISO/TMB/WG Draft 22/6-05 Jenelius, E., Petersen, T and Mattson, L.-G (2006) Importance and exposure in road network vulnerability analysis Transport Res Part A, 40, 537–560 Jones-Lee, M W (1989) The Economics of Safety and Physical Risk Basil Blackwell, Oxford, UK Kahneman, D and Tversky, A (1979) Prospect theory: an analysis of decision under risk Econometrica, XLVII, 263–291 Kaplan, S and Garrick, B.J (1981) On the quantitative definition of risk Risk Anal., 1, 11–27 Kaplan, S (1991) Risk Assessment and Risk Management - Basic Concepts and Terminology, in: Risk Management: Expanding Horizons in Nuclear Power and Other Industries, Hemisphere Publishing Corporation, Boston, MA, 11–28 Knight, F H (1921) Risk, Uncertainty and Profit BoardBooks, Washington, DC Reprinted 2002 Kristensen, V., Aven, T and Ford, D (2006) A new perspective on Renn & Klinke’s approach to risk evaluation and risk management Reliab Eng Syst Safe., 91, 421–432 Leva, M.C et al (2006) SAFEDOR: A Practical Approach to Model the Action of an Officer of the Watch in Collision Scenarios ESREL 2006 Leveson, N (2004) A new accident model for engineering safer systems Safety Sci., 42, 237–270 Leveson, N (2007) Modeling and analyzing risk in complex socio-technical systems NeTWork Workshop, Berlin, 27-29 September 2007 Levy, H and Sarnat, M (1990) Capital Investment and Financial Decisions 4th ed Prentice Hall, New York, NY Lowrance, W (1976) Of Acceptable Risk - Science and the Determination of Safety William Kaufmann Inc., Los Altos, CA Lindley, D.V (1985) Making Decisions John Wiley & Sons Ltd., London Lăofstedt, R.E (2003) The precautionary principle: risk, regulation and politics Trans IchemE, 81, 36–43 Modarres, M (1993) What Every Engineer should Know about Risk Marcel Dekker, New York, NY 190 BIBLIOGRAPHY Norwegian Public Roads Administration (2007) Guidelines for Risk Analysis in Road Traffic Considerations Document in preparation Papazoglou, I.A., Bellamy, L.J., Hale, A.R., et al (2003) I-Risk: development of an integrated technical and Management risk methodology for chemical installations J Loss Prevent Proc Ind., 16, 575–591 Pat´e-Cornell, E.M and Murphy, D.M (1996) Human and management factors in probabilistic risk analysis: the SAM approach and observations from recent applications Reliab Eng Syst Safe., 53, 115–126 PSA (2001) Regulations Petroleum Safety Authority Norway Rausand, M and Høyland, A (2004) System Reliability Theory 2nd ed John Wiley & Sons Ltd., New York, NY Rasmussen, J (1997) Risk management in a dynamic society: a modelling problem Safety Sci., 27(2/3), 183–213 Renn, O and Klinke, A (2002) A new approach to risk evaluation and management: riskbased precaution-based and discourse-based strategies Risk Anal., 22, 1071–1094 Renn, O (1992) Concepts of Risk: A Classification, in: S Krimsky and D Golding (eds.) Social Theories of Risk Praeger, Westport), pp 53–79 Renn, O (2005) Risk Governance: Towards an Integrative Approach White Paper No 1, written by Ortwin Renn with an Annex by Peter Graham International Risk Governance Council, Geneva Renn, O (2008) Risk Governance Earthscan, London RESS (2007) Reliab Eng Syst Safe., 92(6), Special issue on critical infrastructures Rosa, E.A (1998) Metatheoretical foundations for post-normal risk J Risk Res., 1, 15–44 Rosa, E.A (2003) The Logical Structure of the Social Amplification of Risk Framework (SARF); Metatheoretical Foundations and Policy Implications, in: N Pidgeon, R.E Kasperson and P Slovic (eds.) The Social Amplification of Risk Cambridge University Press, Cambridge, UK, pp 47–79 Sandin, P (1999) Dimensions of the precautionary principle Hum Ecol Risk Assess., 5, 889–907 Sandøy, M., Aven, T and Ford, D (2005) On integrating risk perspectives in project management Risk Manag.: Int J., 7, 7–21 Singpurwalla, N (2006) Reliability and Risk A Bayesian Perspective John Wiley & Sons Ltd., New York, NY Taleb, N.N (2007) The Black Swan: The Impact of the Highly Improbable Penguin, London van der Borst, M and Schoonakker, H (2001) An overview of PSA importance measures Reliab Eng Syst Safe 72, 241–245 Vatn, J (2005) Assessment of the societal safety for the NOKAS cash depot (in Norwegian) SINTEF report 2005-04-12 Vatn, J (2007) Societal Security - A case study related to a cash depot Proceedings ESREL, 25–27 June 2007, Stavanger, Norway Vinnem, J.E., Aven, T., Husebø, T., et al (2006a) Major hazard risk indicators for monitoring of trends in the Norwegian offshore petroleum sector Reliab Eng Syst Safe., 91, 778–791 Vinnem, J.E., Kristiansen, V and Witsø, E (2006b) Use of ALARP evaluations and risk acceptance criteria for risk informed decision-making in the Norwegian offshore petroleum industry Proceedings ESREL, 18–22, September 2006, Estoril, Portugal Vose, D (2000) Risk Analysis, A Practical Guide John Wiley & Sons Ltd., New York, NY BIBLIOGRAPHY 191 Watson, S.R and Buede, D.M (1987) Decision Synthesis Cambridge University Press, New York, NY Wiencke, HS, Aven, T and Hagen, J (2006) A framework for selection of methodology for risk and vulnerability assessments of infrastructures depending on ICT ESREL 2006, pp 2297–2304 Wiencke, H.S., Tunes, T and Kjestveit, K (2007) Risk and vulnerability analysis for the Stavanger region (in Norwegian) Report IRIS-2007/068 Willis, H.H (2007) Guiding resource allocations based on terrorism risk Risk Anal., 27(3), 597–606 Index AIR, Average Individual Risk, 25 ALARP, 32, 53 aleatory uncertainty, 183 background knowledge, 21, 47, 98, 115, 167 backward approach, 35 barrier block diagram, 80, 99 barriers, 3, 79, 118 Bayes’ formula, 169, 172 Bayesian approach, 156, 159 Bayesian network, 80, 88, 98 Binomial distribution, 171 bow-tie, cash flow, 31 causal chain approach, 152 cause analysis, 40, 90, 98, 113 cause and effect analysis, 78 cautionary principle, 11, 104, 112 classical approach to risk, 156 coarse risk analysis, 57, 88 common-cause failures, 76 conditional probability, 81, 169 confidence interval, 157 consequence analysis, 41, 90, 116 consequences, 19, 87, 97, 112, 183 correlation coefficient, 134 cost-benefit analysis, 31, 52, 104 cost-effectiveness analysis, 30, 104 criticality, 161 decision-making, 8, 122 discount rate, 31 dose–response, 17 epistemic uncertainty, 157, 183 event tree anlysis, 78, 116 expected disutility, 164 expected net present value, 31 expected values, 22, 93, 101, 121, 155, 170 FAR, Fatal Accident Rate, 25, 80 fault tree analysis, 72 financial risk, flow network, 106 FMEA, 64 F–N curve, 26 frequency, 27, 124, 170 gross disproportion, 32 hazard, 20, 88, 124, 128 HAZOP, 70 HES, Health, Environment and Safety, 137 ICAF, 30 importance analysis, 161 improvement potential, 161 independence, 169 individual risk, 25, 119 infrastructure, 127, 164 initiating events, 3, 39, 88, 89, 90, 112, 183 insurance, interested party, 183 ISO, 183 job safety analysis, 62 Law of large numbers, 164 Risk Analysis: Assessing Uncertainties beyond Expected Values and Probabilities  2008 John Wiley & Sons, Ltd ISBN: 978-0-470-51736-9 T Aven 194 INDEX manageability, 33 management review and judgement, 10, 55, 104, 121, 122 minimal cut sets, 75 model, 79 model-based risk analysis, 4, 88, 112 Monte Carlo simulation, 83 net present value, 31 Normal distribution, 133 objectives, 29, 88 observable quantity, 114, 184 operational risk, 7, 135 opportunity, 20 outcomes, 17, 124 PLL, Potential Loss of Life, 25 Poisson distribution, 171 posterior probability distribution, 172 precautionary principle, 11 prediction interval, 21, 115 prior probability distribution, 172 probability, 95, 100, 113, 124, 167, 184 probability of frequency approach, 157 production assurance, 105 reliability analysis, 173 reliability block diagram, 72 reliability requirement, 149 reputation risk, 138 resilience, 13 risk, 19, 184 risk absorbing system, 13 risk acceptance, 184 risk acceptance criteria, 32, 149, 184 risk agent, 13 risk analysis, 3, 87, 184 risk assessment, 8, 88, 89, 90, 91, 92, 93, 94, 114, 124, 128, 184 risk risk risk risk avoidance, 184 communication, 184 criteria, 185 description, 22, 88, 98, 112 risk evaluation, 8, 49, 185 risk management, 6, 104, 185 risk matrix, 24, 128, 147 risk quantification, 22, 185 risk reduction, 185 risk retention, 185 risk transfer, 8, 185 risk treatment, 8, 95, 96, 128, 185 robustness, 13 safety function, 25 science, 157 semi-quantitative approach, 160 sensitivity analysis, 48, 104, 112, 146 simplified risk analysis, social science, vi stakeholders, 123, 186 standard risk analysis, 4, 124 statistical life, 30, 104 strategic risk, SWIFT, 71 systematic risk, 31 terrorism example, 155 threat, 20, 113, 124, 128 tolerability limit, 149 Uncertainty, 19, 33, 88, 102, 103, 112, 128, 146, 183, 186 unsystematic risk, 31 value of a statistical life, 30, 104 Value-at-Risk (VaR), 24 variance, 171 vulnerability, 21, 88, 186 willingness to pay, 32 .. .Risk Analysis Risk Analysis: Assessing Uncertainties beyond Expected Values and Probabilities  2008 John Wiley & Sons, Ltd ISBN: 978-0-470-51736-9 T Aven Risk Analysis Assessing Uncertainties. .. Uncertainties beyond Expected Values and Probabilities  2008 John Wiley & Sons, Ltd ISBN: 978-0-470-51736-9 T Aven What is a risk analysis? The objective of a risk analysis is to describe risk, i.e... the calculated probabilities and expected values 13.3 Risk analysis has both strengths and weaknesses 13.3.1 Precision of a risk analysis: uncertainty and sensitivity analysis