The purpose of this study is to shed light on the foundations of risk assessment. By exploring the polysemantics of basic concepts and their influence on the process and results of risk assessment, the thesis endeavors to clarify the words of risk assessment and promote reflection among practitioners and scholars. The findings are derived from integration and critique of pioneering and state of the art literature.
Risk is a characteristic of the future concerning the uncertain consequences of decisions and contingencies. Understanding risk urges contemplation on fundamental issues of ontology (is risk a real-world property?) and epistemology (what can we know about risk?). The many-faceted concept has been differently interpreted across time, cultures and disciplines. Numerous definitions coexist in dissonance and concordance, caricaturing risk singly or as a combination of events, consequences, probability or uncertainty. The quantitative definition of Kaplan and Garrick (1981) embeds all elements, defining risk as the answer to three questions: 1) What can happen? 2) How likely is it? 3) If it does happen, what are the consequences? In comparison with contending definitions, this triplet definition gains in comprehensibility and relevancy to risk assessment. The defining questions are, however, very capacious and render significant interpretative freedom. Focal to this study is the first question, whose associated terminology is particularly vague and on which focused discussions remain most disturbingly few.
An alternative means for grasping the concept of risk is to examine its related counterconcepts. Uncertainty not only makes a central component of risk, it also has a complementary meaning as lack of confidence in the results of risk analysis. Safety is often conceived as freedom from unacceptable risk or the antonym of risk. The conceptually sensitive coupling between risk and safety reveals that the rightness of this claim depends on whether uncertainty is considered part of the second question of Kaplan and Garrick (1981). Security is the equivalent of safety in situations of intentional harm. The moral and analytical complexities of security outdo those of safety since the first question becomes how someone can make something happen. Vulnerability is the lacking ability of a system to resist the impact of an unwanted event and to restore to its original function. The relation between risk and vulnerability is not commutative. A counterconcept to vulnerability is resilience, meaning a system’s ability to bounce back to a reference state after a disturbance. Complementing the negatively connoted concept of risk with resilience offers a positive perspective for mastering the dynamics of future uncertainties.
Risk analysis is the process of answering the triplet definition of risk, whereas risk assessment refers to the wider process of risk analysis and risk evaluation. Neither the analytical process nor its results should be considered in isolation from the purpose of risk assessment, which is to inform decision making about risk. Decisions shall be risk-informed, not risk-based, meaning that risk assessment is never the sole input to decisions. The plurality of stakeholders and the prevalence of uncertainties represent two major challenges to risk-informed decision making. Framing analysis by deliberation and informing deliberation by analysis presupposes that decision makers understand the words and results of risk assessment.
Hazard is a source of potential harm. Whereas risk pivots on the future realizationof this potential, hazard exists presently and solely at the source. Closely relatedis the concept of threat, which is conceptually reserved to sources of intentionaldamage. There is a plethora of terms marking the intersection between preventionand mitigation in the realization of a hazardous potential. Hazardous event is promoted as the least ambiguous denotation, defined as an event confined to the firstsignificant release of a hazards that will result in harmful exposure if not controlled.Triggering event and safety issues are promising concepts for bridging hazards andhazardous events. Triggering events are the most immediate causes of hazardousevents, while safety issues are one or more hazards in combination with local triggeringevents. Both concepts reflect the calculability and controllability of risk andshould thus be used with caution.
Accident scenario is promoted as the answer to the question of what can go wrong. It is a uniquely defined path in an event tree, confined by an initiating event and a corresponding end state. Unfortunately, both the concept itself and the terms that confine are circularly defined. Initiating event is a vague descriptor that in principle can be placed anywhere in the bowtie-diagram. End states are pragmatically conditioned on the purpose of analysis; implicitly through the selection of consequences and explicitly in the relevancy of pivotal events. A principal advice is that any accident scenario shall be terminated in the absence of discrete ramifications.Contrasting the scenario approach to risk assessment with the conventional approach in Norway shows that accident scenario is not imperative to the triplet definition of risk. A revised definition of accident scenario is suggested in initiative to further discussion: An accident scenario is a sequence of events from the hazardous event to a uniquely determined end state of relevance.
The study has demonstrated the importance of striving for a clear and consistent terminology. Researchers, practitioners and regulators use the words of risk assessment differently and inconsistently. Not only does this preclude communication internally and across analysis teams, it also leads to erroneous applications of methods and inexpedient use of results. This urges terminological vigilance of every practitioner, as well as further academic and standardization efforts towards aunifying nomenclature. A key challenge is to reconcile the analyst’s need for pragmatic procedures with the decision maker’s call for consistent and communicable results. Ultimately, this is a matter of finding the optimal fit between analysis and deliberation in risk-informed decision making.