560 likes | 934 Views
Institute for Water Resources 2010. Integrated Risk Management. Risk. 2. Risk is a measure of the probability and consequence of uncertain future events Risk includes Exposure to losses (hazards) Risk Potential for gain (opportunities) Reward. Risks of Interest.
E N D
Institute for Water Resources 2010 Integrated Risk Management
Risk 2 • Risk is a measure of the probability and consequence of uncertain future events • Risk includes • Exposure to losses (hazards) • Risk • Potential for gain (opportunities) • Reward
Risks of Interest • Existing-risk to life and safety, property damage, et al • Risk reduction-what can we avoid, prevent, mitigate • Residual risk-what remains after mitigation, flood hazard that remains • Transformed risk-slow rise in floodwaters to catastrophic overtopping • Transferred risk-induced flooding
Potential Rewards • Completing a project or activity at or under cost • Completing a project or activity early on schedule • Project performs at or exceeds expectations • New methods save resources
US Army RM GuidanceComposite Risk Management • Field Manual 5-19 establishes CRM as the Army’s primary decision-making process for identifying hazards and controlling risks across the full spectrum of Army missions, functions, operations, and activities. THIS DOES NOT MEET NEEDS OF CIVIL WORKS
Risk Management • Essentially, making decisions under uncertainty • Planning, analyzing, organizing, implementing and monitoring efforts to control the effects of uncertainty on the Corps’ Civil Works Program
Working Definition • Risk management is the process of problem finding and initiating action to identify, evaluate, select, implement, monitor and modify actions taken to alter levels of risk, as compared to taking no action, while taking uncertainty into account. 7
Characteristics of Integrated Risk Management • Universal Applicability-horizontal & vertical • Analytically-based and judgment-driven • Simple and Flexible • Systematic and Scalable • Iterative • Transparent and Open • Documented
Lake siltation Allocating O&M resources in District Managing construction projects Annual budget/programs management Recon Studies Allocating inspection resources IPET Post-disaster work Complex FRM or other investigations Landscape scale studies e.g. CERP Climate change When To Do Risk Analysis Consequence of Being Wrong Feasibility studies Project design Emergency Management activities Special programs, e.g., noxious weeds Dam safety program Flood risk management Corporate budget Personnel assignments Routine purchases Data collection Some permit applications Routine coordination activities Administrative activities Budget updates Congressionals Grave Extensive Risk Analysis W/ Adaptive Management Routine Risk Analysis Much Little Uncertainty No Risk Analysis Required Modest Level of Risk Analysis Minor
Adapted from ISO 31000- Risk Management—Principles and Guidelines Establish Decision Context Identify Risks Risk Assessment Analyze Risks Consult, Communicate and Collaborate Monitor, Evaluate, Modify Evaluate Risks Risk Mitigation
Establish Decision Context • Something triggers RM activity • Decision problem is defined • Goals, objectives, and strategies of RM identified and articulated • Decision criteria explicitly considered so appropriate information is gathered • Stakeholder and public involvement begins Establish Decision Context
Adapted from ISO 31000- Risk Management—Principles and Guidelines Establish Decision Context Identify Risks Risk Assessment Analyze Risks Consult, Communicate and Collaborate Monitor, Evaluate, Modify Evaluate Risks Risk Mitigation
Identify Risks Description Outputs A narrative description of the risks or significant uncertainties of concern to this risk management activity. A decision whether or not to pursue a risk assessment. • Identify the risks relevant to the decision context. This means identifying but not yet quantifying the consequences (positive or negative) and likelihoods and how they will be expressed. It includes asking and answering “what can go wrong” and “how can it happen” about the problem setting.
Risk Identification Tasks • Start of risk assessment when one is done • Identify • Presenting/existing risks • Risk reductions • Residual risks • Risk transformations • Risk transfers • Ask and answer (scenarios) • What can go wrong? • How can it happen? • Methods depend on nature of activity, process, or asset • Stakeholder and public involvement Identify Risks
Adapted from ISO 31000- Risk Management—Principles and Guidelines Establish Decision Context Identify Risks Risk Assessment Analyze Risks Consult, Communicate and Collaborate Monitor, Evaluate, Modify Evaluate Risks Risk Mitigation
Analyze Risks • Remainder of risk assessment • Each individually identified risk is analyzed • Gather information • Identify and assess significant sources of uncertainty • Identify options for achieving RM objectives and solving the problems • Evaluate and compare risk management options while accounting for uncertainty Analyze Risks
Qualitative Risk Assessment • Operational Risk Management (Risk Matrix) • Develop a Generic Process • Qualitative Assessment Models • Multi-Criteria Decision Analysis • Increase or Decrease Risk • Risk Narratives • Evidence Mapping • Screening • Ratings • Rankings • Enhanced Criteria Ranking
Quantitative Risk Assessment • Safety Assessment • Scenario Planning • Scenario Analysis • Deterministic Scenario Analysis • Probabilistic Scenario Analysis • Sensitivity Analysis • Uncertainty Analysis • Modeling • Vulnerability Assessment
Adapted from ISO 31000- Risk Management—Principles and Guidelines Establish Decision Context Identify Risks Risk Assessment Analyze Risks Consult, Communicate and Collaborate Monitor, Evaluate, Modify Evaluate Risks Risk Mitigation
Evaluate Risks Description Outputs An effective summary or display of the uncertainties most relevant to the risk manager’s decision Display of the varying contributions of the risk management options to the risk management objectives and other social values considered in the decision process • Risk management alternatives are evaluated and compared to identify the best solution. This evaluation includes consideration of the risk and other values important to the decision. The evaluation will consider the cost to reduce increments of risk; who bears the risk; what risks are managed, reduced, borne, transferred, and so on.
Evaluate Risks • Is the risk acceptable? • With stakeholder and public input reduce unacceptable risks to a tolerable level • Tolerance is based on trade-off among residual risk, cost of risk reduction and other factors Evaluate Risks
Adapted from ISO 31000- Risk Management—Principles and Guidelines Establish Decision Context Identify Risks Risk Assessment Analyze Risks Consult, Communicate and Collaborate Monitor, Evaluate, Modify Evaluate Risks Risk Mitigation
Risk Mitigation • Reduce unacceptable risks to TLR • Combinations of options may be needed • RM plan should identify mitigation measures, responsibilities, schedules, expected outcomes, and measurements associated with mitigation strategy • It’s critically important to identify desired outcomes of RM strategy prior to implementation Risk Mitigation
Risk Management Strategies General Strategies More Specific Build confidence and trustworthiness Involve affected people Deliberation Accountability Continuous research Reduce uncertainties Clarify facts Transfer Transformation Development of substitutes Containment Increasing resilience–surprises do less harm Precautionary principle Constant monitoring Adaptive management • Accept • Manage • Avoidance • Reduce probability of event (prevent) • Reduce consequence of event (mitigate) • Insurance • Retain the risk 25
Adapted from ISO 31000- Risk Management—Principles and Guidelines Establish Decision Context Identify Risks Risk Assessment Analyze Risks Consult, Communicate and Collaborate Monitor, Evaluate, Modify Evaluate Risks Risk Mitigation
Communicate, Consult and Collaborate Description Outputs Preparing and executing a public involvement plan including provisions for risk communication. • Active communication is an essential part of risk analysis. Communicate and consult with internal and external stakeholders as appropriate at each stage of the process. If there are shared risk management decisions, they should be identified, the decision participants recorded and a formal agreement documenting the shared responsibility for the decision prepared and signed by all responsible participants.
Communicate, Consult and Collaborate • Keep all stakeholders informed about • Process • Findings of risk assessment steps • Nature of risk and its associated benefits • Deliberations that lead to risk management decision • Their role in implementing the solution • Continual communication among participants to minimize misunderstandings and surprises at the end of the process Communicate and Consult
Who Owns the Risk • Many risks are shared ownership • Corps • Non-federal partners • Stakeholders • The public • All must know and accept their responsibilities • Ownership can change over life-cycle
Adapted from ISO 31000- Risk Management—Principles and Guidelines Establish Decision Context Identify Risks Risk Assessment Analyze Risks Consult, Communicate and Collaborate Monitor, Evaluate, Modify Evaluate Risks Risk Mitigation
Monitor, Evaluate, Modify Description Outputs A plan for monitoring, reviewing and modifying the implemented solution Implementation of that plan • There are several purposes of post implementation monitoring. One is to assure that there is progress toward achieving the outcomes of the implemented risk management strategy. If there is an adaptive management process there will be data collection targeted to testing hypotheses required to reduce analytical uncertainties identified in the initial planning process. This task also scans the overall setting for the activity to identify hazards or changes in socioeconomic preference or conditions that may not have been recognized during the initial risk analysis process, or that may have changed in their significance. In all cases, the risk mitigation strategy may be modified in accordance with what is learned.
Monitor, Evaluate, Modify • Implication of uncertainty is that RM is evolutionary decision making • Assure decision is having desired outcome • Monitoring-gather information that measures progress toward desired outcome(s) • Information is evaluated to determine if adequate progress is being made toward outcomes • If outcomes are not satisfactory changes are needed • A mechanism for change, e.g. adaptive management plan, is part of best practice Monitor, Evaluate, Modify
Adapted from ISO 31000- Risk Management—Principles and Guidelines Establish Decision Context Identify Risks Risk Assessment Analyze Risks Consult, Communicate and Collaborate Monitor, Evaluate, Modify Evaluate Risks Risk Informed Decision Risk Mitigation
Risk-Informed Decision Making • Confluence of risk management and risk assessment • Assessors convey significance of uncertainty • Managers take it explicitly into account in decision making • Develops and uses risk information to aid decisions made under uncertainty • Decision metrics and rules developed by decision makers • Use risk assessment approach to develop science-based values of risk metrics
The Job • Success in risk management is defined by practical and useful solutions for dealing with uncertainty • It is the risk assessors’ job to address the uncertainty and variability in inputs • It is the risk managers’ job to address the uncertainty and variability in the decision criteria • And to manage risks that are not acceptable
Metrics Are Needed • Decision criteria will reflect • Risk metrics become more critical • Existing risk, risk reductions, residual risk, transformed risk, transferred risk • Other risk management objectives • These are the usual impacts of interest to decision makers • Costs, benefits, compliance with laws, budget impacts, capability, and so on
What Kinds of Decisions • Is the status quo acceptable? Can we accept this risk? • If not, can we render it acceptable, can we avoid it? • If not, what level of risk is tolerable? • What is the best way to achieve a tolerable level of risk?
Two Important Ideas • Acceptable Risk-A risk whose probability of occurrence is small, whose consequences are so slight, or whose benefits (perceived or real) are so great, that individuals or groups in society are willing to take or be subjected to the risk (or that the event might occur). • Tolerable Risk-A tolerable risk is a non-negligible risk that has not yet been reduced to an acceptable level, but the risk is tolerated due to the inability to reduce it further, the cost of doing so or the magnitude of the benefits associated with the risky activity.
General Risk Management Strategies • Accept • Manage • Avoidance • Reduce probability of event (prevent) • Reduce consequence of event (mitigate) • Insurance • Retain
Principles for Choosing Management Option • Policy • Zero Risk • Weight-of-evidence • Precautionary Principle • ALARA Principle • ALOP Principle • Reasonable Relationship • Safety Standards
Safety Standards • Safety standards • Thresholds • Balancing standards • Risk-Benefit Trade-Off: Greater benefit => Greater acceptable risk • Comparative Risk Analysis: Rank risks for seriousness of threat posed • Benefit-Cost Analysis: Economic efficiency
When Opportunities are Uncertain • Consider net NED benefits as a decision criterion before risk informed decision making—an easy choice • Decision making will become multi-dimensional—values and uncertainty. • Can we handle that?
Methods in Use • Qualitative Risk Assessment • Probabilistic Risk Assessment • Multi-Criteria Decision Analysis
Probabilistic Risk Assessment P(Negative return) Which is the best plan now?
MCDA • Well-suited to multi-dimensional decision making
Possible Rules for Making Decisions Under Uncertainty • Maximax—appeals to gamblers (blue) • Choose plan with best upside payoff • Maximin—appeals to cautious (purple) • Choose plan with best downside payoff • Laplace—risk neutral (red) • Choose plan based on expected value payoff • Hurwicz—neither neutral nor extreme • Choose plan based on assigned weights • Regret-make wrong decision and regret it • Identify the maximum regret associated w/ each choice • Choose plan that minimizes this regret
Regret If we choose red our regret will at most be $6.1 million
Just Give Me The Number Is Gone • Uncertainty assures we do not know the number • If one even exists • Analysis must honestly address the things that are not known and convey this information and its significance to decision makers • Decision making will become more probabilistic