Developing Composite Measuresin Global Risk Assessment

MARCH 2010www.et21symposium.org

PROGRAM ON GLOBAL SECURITY

et21.rutgers.edu

Yasemin Gaziarifoglu

isa 2nd year Ph.D. studentin the Criminal Justice program at RutgersUniversity. Prior toundertaking her graduatestudy at Rutgers, Ms.Gaziarifoglu received her M.A. degree in ForensicScience at IstanbulUniversity Institute of Forensic Sciences withher thesis titled “Fear of Crime and PerceivedRisk of Crime”. Sheholds her B.A. degree inSociology andPsychology from MiddleEast TechnicalUniversity, Turkey.Currently she is workingas a research assistant for Rutgers Institute onCorruption Studies andRutgers Center on PublicSecurity and teaching anundergraduate levelcourse on Crime andCrime Analysis. Her research interests includesystemic and localanalysis of corruption,activity spaces of offenders, victimizationand risk assessmentmethodologies.

SYMPOSIUM BRIEF

The Evolution of Risk Assessment and Decision Making

In conventional methodology, risk assessment is defined as a “methodology to deter-mine the nature and extent of risk by analyzing potential hazards and evaluating exist-ing conditions of vulnerability that together could potentially harm exposed people, property, services, livelihoods and the environment on which they depend” (UN/ISDR, 2009:26).Using the idea of “risk conflation”, we can see a transition towards a more ho-listic risk assessment and decision-making approach where identification and prioriti-zation of risks is based on the assumption that “risks are rapidly transmitted acrossgeographical and systemic boundaries” (World Economic Forum, 2006:6). (See Fig-ure 1)

Figure

Evolution

Risk

Assessment

and

Primary

Decision

Making

190 University Ave, Suite 219 Newark, New Jersey 07102Tel (973) 353-5416 Fax (973) 353-5074

ET21 PROGRAM ON GLOBAL SECURITY

March 2010

Identification of the Risk

In any risk management practice before any counter-measure is implemented, a risk analysisshould be implemented. All risk assessment and decision-making processes, whether from anindividualistic or holistic approach, starts with the identification of the threat or hazard focusingon the source of the problem or the “problem” itself. This identification is established throughdata collection from various resources, therefore the nature of risk identification can be qualita-tive and/or quantitative.

Prioritization of the Risk

The main aim of risk prioritization is to prioritize the risks identified for risk mitigation as re-sources for risk mitigation are limited. Similar to the risk identification phase, prioritization of risks can be qualitative and/or quantitative in nature. However unlike to the risk identification phase, today’s risk prioritization procedures has started to show a drastic evolution towards aholistic approach in response to the increasing the connectivity between risks and increasinghomogeneity of risk across the globe. Accordingly, from this point on we’ll discuss real-lifeapplications of risk prioritization to highlight this methodological transition.

Individual measures

In this very first stage, risk prioritization is established through a process in which the probabil-ity of the risk event and the consequence of the relevant risk’s occurrence are used to create arisk factor. Accordingly this risk prioritization application may be seen as an elimination proc-ess in which relative importance and impact of each risk is calculated

to exclude the irrelevant risks from a pool of risks

. In this simple stage of risk prioritization the interactions betweenrisks are not taken into consideration.An example for this type may be a simple supply chain risk assessment and evaluation process in which the risk in the extended supply chain is tried to be identified through prioriti-zation among different types of risks such as; supply risks, operational risks, demand risks, se-curity risks, macro risks etc. In this example - assuming a supply chain is vulnerable to manyrisks - the risks to which supply chain is most vulnerable are tried to be identified (Manuj andMentzer, 2008:133-155).

Composite Measures

This stage constitutes a big leap in risk assessment and risk prioritization as we start to movealong categories of composite measures, the existence of a relationship between risks and thestrength of the relationships are gradually more and more elaborated. This characteristic is piv-otal in 21

century’s risk assessment as the systemic nature of risk requires an ongoing and it-erative risk assessment procedure.

Developing Composite Measures

ET21 PROGRAM ON GLOBAL SECURITY

March 2010

Cumulative calculation of risks

The basic difference of this category from our first individual measures category is

its accep-tance of the relationships between different risks

. Therefore in this category basically every newcondition is assigned the same risk factor and by adding up the ratings of different risk indica-tors, the final risk is calculated. The classification of the risk ranges is often subjective whererisk analysts and experts identify the thresholds for certain risk categories (such as low risk,moderate risk and high risk).An example for this type is the Failed States Index (Foreign Policy) in which countriesare ranked on their global security levels (such as critical, in danger, borderline, stable, andmost stable) according to the total scores of 12 indicators indicated in the index (each indicator is assigned a value between 0-10, accordingly the total score is the sum of the 12 indicators andis on a scale of 0-120). Although this index is highly influential as with its structure it attractsattention to the additive effect of risks (rather than the individual effect of each risk); the indexdoesn’t reflect the direction and strength of relationships between different indicators. Addition-ally with regards to the scoring system: a score of 60 (or any other score) in this scale neither indicates the weight of indicators nor an existence of a relationship between indicators.

Identification of the relationship between risks

As indicated in the previous section, one of the biggest problems in relation to initial compositemeasures of risks is their deficiency to detect relationships between different risk indicators.Taking this point into consideration some organizations have proposed new risk assessmentmodels in which the relationships of risks are elaboration. The World Economic Forum’s Risk Correlation Matrix provides an index in which the interconnectedness of different risks is as-sessed in terms of correlations. Their correlation matrix shows the strength of the macro corre-lations perceived by the experts of the relevant global risk report. Although this example repre-sents a further step in risk assessment with regards to the emphasis on the interconnectedness of risks through a correlation analysis in which

existence of a relationship, and the strength of re-lationships are taken into consideration

, still we cannot understand the dynamics of the rela-tionship between risks and causal relationships. As these maps only show the positive relation-ships between risks, the negative relationships which might be important for mitigation effortsare also omitted from the analysis (World Economic Forum, 2008: 25).

The nature of relationship between risks

Although the correlation analysis of risks through matrixes revolutionizes the way risk assess-ment is performed, the methodology still lacks some essential components for identifying the

dynamics of relationships

between risks. The Global Risk Network’s Risk InterconnectionMaps (World Economic Forum, 2010:35-37) and United Nation’s Global Impact and Vulner-ability Alert System (GIVAS) Initiative (United Nations, 2009) are the most recent examplesfor a more sophisticated risk assessment approach which point out to the complexity and inter-connectedness of the risks in the 21

century. The main aim of GIVAS as indicated on the UNwebsite is

“a representative but manageable set of global indicators that can provide powerful signals of changing vulnerabilities on the ground across regions”

. In a similar vein, GlobalRisk Network tries to establish the same aim through trying to identify the changing dynamics