Professional Documents
Culture Documents
net/publication/307882724
CITATIONS READS
23 591
3 authors:
Dengsheng Wu
Chinese Academy of Sciences
94 PUBLICATIONS 1,367 CITATIONS
SEE PROFILE
Some of the authors of this publication are also working on these related projects:
All content following this page was uploaded by Bao Chunbing on 17 December 2017.
Extant research has focused upon assessing individual risks with the aid of risk
matrices. Although risk aggregation is an important issue in risk management,
aggregation of risks measured by risk matrices remains unresolved despite the
wide usage of risk matrices. This paper proposes a framework to resolve the
problem. We start from modifying the two notions of non-aggregatability of risk
matrices, namely, qualitative description of inputs and non-comparability of dif-
ferent types of consequences. Then, we explicate the strong connection between
risk matrices and fuzzy sets and propose that the transformation from risk matri-
ces to fuzzy sets clear some confusions encountered in the aggregation process.
A framework which covers membership analysis, composing different risk and
defuzzification of the aggregated membership function, is proposed to aggregate
different risks. In the framework, we pay maximum attention to accurate estima-
tion of memberships of different risks. Besides, technical problems of composi-
tion and defuzzification are solved in detail. At last, an illustrative example is
presented to show the feasibility of our method where we report the ranking of
the aggregated risks of different scenarios.
Keywords: risk matrices; risk aggregation; qualitative risk analysis; fuzzy set
1. Introduction
A risk matrix is a qualitative risk assessment tool that rates the risk according to two
most adopted criteria, namely, consequence and likelihood or other similar
expressions like severity and probability and so on (Ale, Burnap, and Slater 2015;
Anthony Tony Cox 2008; Duijm 2015). To estimate the severity of a risk by
employing risk matrix, decision-makers need to estimate the consequence and likeli-
hood of the risk occurring only subjectively and the risk matrix outputs the risk rat-
ing, denoted by a particular color, like red, yellow, green, and so on. Due to its
simplicity and low reliance on data, the risk matrix has been widely used in many
fields such as agricultural pollution management (Hewett et al. 2004), a safety
management system (Cook 2008), and so on.
Some technical drawbacks, such as inconsistency (Anthony Tony Cox 2008),
range compression (Anthony Tony Cox 2008; Levine 2012), and spurious resolution
(Anthony Tony Cox 2008), highlight the inability of risk matrices to handle
uncertainties because of input data bias (Budescu, Broomell, and Por 2009;
Department of Defense 2012; Smith, Siefert, and Drain 2009), risk preference
(Bedford 2013; Wall 2011), and ranking cells (grids) (Anthony Tony Cox 2008;
Duijm 2015). Although there are some standards for estimating likelihood and con-
sequence when using a risk matrix (IEC 2009), we acknowledge that risk matrices
essentially rely on subjective perceptions. Confusing though this characteristic is,
risk matrices work effectively in vague environments where data are not sufficient
for quantitative tools. We consider subjectivity as an essential characteristic of risk
matrices since it is a qualitative risk management tool.
Despite the technical drawbacks, risk matrices are used widely. However, all
applications measure or rank different individual risks, instead of aggregating them.
In practice, an investment or a task usually contains several risks and decision-
makers need to consider the overall risk rather than individual risks (Acharya,
Almeida, and Campello 2013; Bernard, Jiang, and Wang 2014; Kouvelis et al.
2012). However, to the best of our knowledge, extant literature on aggregation of
risk matrices is sparse. Some issues that hinder aggregation of risk matrices are:
(1) a risk matrix is essentially a qualitative tool and thus ratings of risks are often
described only qualitatively, which makes it difficult to compare aggregated risks of
different scenarios (a scenario means a case where each risk considered has a partic-
ular rating). For example, it is difficult to say how many low risks are equivalent to
a medium one. Also, (2) consequences of different types of risks are usually differ-
ent and cannot be compared, such as the consequences of economic loss, casualties,
and so on (Duijm 2015). As a result, ISO (IEC 2009) states that ‘risks cannot be
aggregated.’ So, the purpose of this paper is to explore how to aggregate individual
risks. Since a particular risk is measured by a predesigned risk matrix, the concept
of ‘aggregating risk matrices’ is substituted for ‘aggregating individual risks mea-
sured by risk matrices’ for simplicity (Duijm 2015; IEC 2009).
We start our work from overcoming some obstacles of aggregating risk matrices.
The first issue emanates from recognizing that risk matrices are totally qualitative.
However, even in a qualitative risk matrix, decision-makers do not classify conse-
quence or likelihood into a particular rating arbitrarily. They do so based on the cog-
nitive criterion that relies on experience or knowledge. The quantitative risk matrix
is a tool that lists the criterion, namely, axes of consequence and likelihood are
quantitatively divided into several intervals and each interval corresponds to a rating.
In fact, many researchers have suggested the use of quantitative risk matrix for
semi-quantitative or quantitative analysis (Anthony Tony Cox 2008; Duijm 2015;
Levine 2012; Ni, Chen, and Chen 2010; Ruan, Yin, and Frangopol 2015). As a
result, quantitative risk matrices are adopted in this paper to deal with the first issue.
Based on the quantitative descriptions of inputs, we normalize the consequences so
that different dimensionalities can be compared in terms of relative magnitudes.
Markowski et al. indicated that a risk matrix can be seen as a collection of some
fuzzy sets (Duijm 2015; Markowski and Mannan 2008). We consider the transfor-
mation from risk matrices to fuzzy sets as a crucial step for aggregating risk matri-
ces. Specifically, a normative framework is proposed, which consists of membership
analysis, composition, and defuzzification. Of all the techniques, we mainly examine
how to obtain a membership function of a certain risk rating in a risk matrix, which
is the basis for other steps. We refute the common assumption that membership
functions are trapezoidal or triangular (Ferdous et al. 2011; Rezaei, Monjezi, and
Varjani 2011; Zadeh 1975), since the final results are biased. Furthermore, we intro-
duce a method to get the exact membership of each risk rating, which is applicable
Journal of Risk Research 3
for all forms of risk matrices. Afterward, aggregation is performed with the aid of
Monte Carlo simulation, after which each situation with different risks is assigned a
particular fuzzy set. Defuzzification then transforms the fuzzy numbers into some
crisp values representing the magnitude of risk aggregation under different scenarios.
The final ranking of crisp risk values reflects the relative severity of a scenario
where different risks are aggregated.
G Y R
Likelihood
Medium
G Y Y
Low
G G G
Since risk matrices are employed under uncertain environments, verbal qualita-
tive descriptions are assigned to different ratings of inputs. In Figure 1, consequence
and likelihood are qualitatively described as ‘Low,’ ‘Medium,’ and ‘High.’ How-
ever, if ratings of inputs are described so, mathematical operations of risk matrices
may become very difficult. For example, if three 3 × 3 risk matrices are aggregated,
‘Green (L+L) + Green (L+L) + Green (L+L),’ where the output of consequence
‘Low’ and likelihood ‘Low,’ denoted by ‘L+L’ and so on, is the lowest risk
aggregation situation. Then which of the two scenarios, one with three risk
ratings ‘Green + Yellow + Red’ and the other scenario with three risk ratings
‘Yellow + Yellow + Yellow,’ should have a higher priority? Obviously, it is impossi-
ble to solve this problem under such settings. And this is why ISO (IEC 2009)
claims non-aggregatability of risks assessed by risk matrices.
Semi-quantitative descriptions of inputs slightly modify the drawbacks of
qualitative ratings. By assigning each linguistic description a number, the magnitude
of each cell is quantified according to the corresponding scores (Figure 2). However,
such ordinal scales do have problems, despite being simple and conducive to
some quantitative comparisons between cells (Hubbard and Evans 2010). The
predominant problem is that difference between the ordinals cannot reflect the true
distance between the corresponding input ratings. For example, Mil-Std 882d gives
objective descriptions for consequence: damage costing $2K–$10K is ‘negligible’;
$10K–$200K is ‘marginal’; $200K–1M is ‘critical’; and damage costing more than
$1 M is ‘catastrophic’ (Department of Defense 2012). Obviously, ordinals ‘1–4’
assigned to the four ratings are not proportionate to thresholds ‘2K, 10K, 200K, and
1M’ and as a result, aggregation of different risks based on scores achieved by mul-
tiplying these ordinals will either overestimate or underestimate the overall risk.
Different from semi-quantitative descriptions that assign each rating a discrete
ordinal, quantitative descriptions of inputs assign each rating an interval which is a
numerical range (Figure 3). Quantitative descriptions have standards according to
which a particular consequence or likelihood should belong to a certain rating and
therefore reduce the impact of subjective judgment, which makes mathematical
operations on risk matrices possible. As a result, Cox designed rating schemes of
risk matrices based on such a setting (Anthony Tony Cox 2008); quantitative
High
3 6 9
3
Likelihood
Medium
2 4 6
2
Low
1 2 3
1
1
High
G Y R
2/3
Likelihood
Medium
G Y Y
1/3
Low
G G G
0
0 1/3 2/3 1
Low Medium High
Consequence
descriptions of inputs have been adopted in many other works also (Levine 2012;
Markowski and Mannan 2008; Ruan, Yin, and Frangopol 2015).
Remark 1: Non-additivity of qualitatively described risks supports non-aggregata-
bility of risks measured by risk matrices. Although we consider a risk matrix as a
qualitative tool essentially, we think previously assigned quantitative ratings
described by a numerical interval to consequence and likelihood deal with the prob-
lem well. To see how to obtain a quantitative risk matrix, one may refer to Ruan
et al. (Ruan, Yin, and Frangopol 2015). In this paper, we assume that quantitative
risk matrices used to assess different risks are formulated in advance.
risk, decision-makers can only judge values of consequence and likelihood within
certain intervals instead of assigning them precise values.
Besides, fuzzy sets can translate several unstructured linguistic terms into a struc-
tured one with fuzzy ‘if-then’ rule (Mamdani and Assilian 1975; Rezaei, Monjezi,
and Varjani 2011):
If X1 is A1i ; . . .; and Xn is Ani ; then Y is Bi for i ¼ 1; 2; . . . ; K;
where {Xj} are input variables; Aji is the linguistic term of variable Xj in rule i; Y is
output variable; Bi is linguistic term of variable Y in rule i and K is the number of
rules.
Fuzzy ‘if-then’ rules play an important part in the application of fuzzy logic.
Similarly, mapping two inputs to a risk rating in risk matrices is based on such an
‘if-then’ rule. For example, in Figure 3, there are in all nine rules, one of which is if
the consequence is ‘medium’ and the likelihood is ‘medium,’ then risk rating is ‘yel-
low.’ Usually, when a risk matrix is given, the ‘if-then’ rules are determined. More
specifically, in a risk matrix, the set of all possible risks (risks here refer to infinite
points in a risk matrix) is a space of objectives. A fuzzy set consists of all points
located in a risk rating cell (e.g. red cell in Figure 3), which means decision-makers
think these quantitative risks belong to this risk rating.
However, a point locating in a cell does not necessarily mean that other points
with the same quantitative risk belong to the same cell. This is because risk in a
quantitative risk matrix is measured by the product of consequence and likelihood
(Anthony Tony Cox 2008) and points on an ISO-risk contour passing through differ-
ent cells are quantitatively equivalent.
To visually explain where the uncertainty of a risk value belonging to a risk
rating comes from, we take the 3 × 3 risk matrix (this risk matrix is designed accord-
ing to Cox’s three axioms (Anthony Tony Cox 2008)) as shown in Figure 5. Four
ISO-risk contours passing through the highest and lowest points of each risk rating
are drawn on the risk matrix. The dashed area in Figure 5 represents shared parts of
two adjacent ratings, which means in such a region, a quantitative risk may belong
to two ratings. We call the points in the dashed area abnormal risk points and those
in the remaining part of the cell the normal risk points. Therefore, there are five dif-
ferent area ratings, namely, decisively rated green (I), ambiguously rated green and
yellow (II), decisively rated yellow (III), ambiguously rated yellow and red (IV), and
decisively rated red (V). Table 1 reports the area proportion (AP) of each cell.
Each cell with ith rating of consequence and jth rating of likelihood in Table 1 is
denoted by Cij. We see from Figure 4 that in most of the cells, only a part of it
belongs to a determined rating and the remaining belongs to ambiguous rating or
ratings. The ambiguous ratings correspond to the cross section of two fuzzy sets in
Figure 4 and this explains where the uncertainty of a risk belonging to a risk rating
comes from.
Based on the above analysis, we claim that risk matrix can be treated as a partic-
ular form of a collection of fuzzy sets. By such transformation, we may make use of
some mature techniques of fuzzy sets to aggregate risk matrices. We consider the
transformation from risk matrix to fuzzy set an essential step for aggregation of risk.
risks of each rating. Then, according to these ISO-risk contours of thresholds, the
degree of membership of each rating is analyzed. For a rating A, the degree of mem-
bership for different risks varies. For example, in Figure 5, the degree of member-
ship of risks from 1/9 to 1/3 in rating Y increases from 0 to 1; the degree of
membership of risks from 1/3 to 4/9 in Y is 1; the degree of membership of risks
from 4/9 to 2/3 in Y decreases from 1 to 0.
Based on the above analysis, the following definition is proposed:
Definition 1. Risks are located in two kinds of intervals: overlapping and non-over-
lapping. The former interval consists of a series of continuous risks whose degrees
of membership are less than 1 and the latter 1.
At the end of this section, we argue whether we should consider cells with the
same rating as a whole or as individual cells. Design of a risk matrix classifies sev-
eral cells into the same rating because there is no significant difference between the
cells. Of course, no two cells can be the same since in theory, they have different
consequences and likelihoods. However, if we consider every cell as a characteristic
individual and consider aggregating all possible scenarios, on the one hand, we vio-
late the original intention of using a risk matrix where several different cells are
approximatly classified in the same rating and on the other hand, such operation will
cause oversized resolution of a risk matrix and thus calculation will be cumbersome.
As a result, we only consider the rating of a risk, for example, Y in Figure 5, and do
not consider the input combination of this rating, i.e. we do not care whether Y is
the output of consequence ‘Medium’ and likelihood ‘High’ or consequence ‘High’
and likelihood ‘Medium.’
where Lrisk, A denotes the length of the contour with quantitative value risk located
in the region whose risk rating is A and Lrisk denotes the total length of this contour.
In detail, length of a curve can be calculated according to the following integral
formula:
Z x2 Z x2 Z x2 pffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffi Z x2 pffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffi
dx
L¼ dl ¼ ¼ 1 þ tan hdx ¼ 2 1 þ f 02 ðxÞdx
x1 cos h
x1 sffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffi x1 x1
Z x2
risk 2
¼ 1 þ 4 dx; (2)
x1 x
where x is the input variable corresponding to the consequence in a risk matrix and
f (x) is the output corresponding to the likelihood, namely, f ðxÞ ¼ risk x ; θ is the slant
angle of the curve in an infinite small triangle during the integration process.
The length in Formula (2) cannot be evaluated by the Fundamental Theorem of
Calculus because there are no elementary antiderivatives of the integrand. To obtain
the result, an approximation algorithm, the trapezoidal rule, is employed. The length
of a curve can be approximately calculated as follows (Yeh and Kwan 1978):
Z b
ba
f ðxÞdx ðf ðx0 Þ þ 2f ðx1 Þ þ þ 2f ðxn1 Þ þ f ðxn ÞÞ; (3)
a 2n
where n is the number of subintervals of [a, b] and xi ¼ a þ i ban ði ¼ 0; 2; nÞ.
According to the above method, for an abnormal quantitative risk, if segments
consisting of points having the same risk are piecewise, i.e. cells with the same rat-
ing through which the contour passes are not adjacent, membership of a risk in the
rating can be calculated by the ratio of the length of these segments to the length of
the overall contour. Besides, in a risk matrix, a particular risk may belong to several
(more than 2) risk ratings, which depends on the design scheme of the risk matrix.
Now, we return to the question whether the degree of membership increases or
decreases linearly? The following proposition provides the answer.
Proposition 2. The membership function of risks in the overlapping part of two
ratings is not linear if a risk is assessed by the default measure, namely, risk =
frequency × consequence.
If the degree of membership of risks located in an interval increases or decreases
linearly, then degrees of membership of starting, middle, and ending points of the
interval will be on the same line. However, according to our method, it is easy to
check that these three degrees are not on the same line and this proves the truth of
our statement.
We claim that membership functions of a risk in a rating are different in different
risk matrices, which comprises the following proposition.
Proposition 3. The membership function of a risk in a rating is determined by the
design of the risk matrix, namely, how different ratings are assigned to different cells
in the risk matrix.
A risk matrix is essentially a qualitative risk assessment tool and decision-makers
have their own perceptions of the rating of a risk. Their designs of the risk matrices
determine their perceptions of the degree to which a risk belongs to a rating. In this
paper, we do not impose any assumption on the design of the risk matrices for the
sake of universality of our method.
One may question why we should adopt the method we have introduced to
achieve the degree of membership instead of accepting the assumption that the
membership function is trapezoidal. We claim that there are two main reasons, as
follows:
To explain the reason (1), we first give two kinds of membership functions of a
risk in risk rating Y (Figure 9). The blue outline is drawn according to our method
and the red outline is a trapezoid as the assumption described before. One may see
that when the membership function increases from 0 to 1, it is convex and when the
membership function decreases from 1 to 0, it is concave. Due to the complexity of
Formula (1), without strict mathematical proof, with the aid of computer, we report
the second derivative of the membership function with respect to risk in the two
overlapping parts in Figure 10.
Figure 10 shows that in the increasing part of membership, the second-order
derivative is greater than 0 and smaller than 0 in the decreasing part, which supports
our conjecture. We argue that the conjecture is not dispensable. First of all, it
describes the shape of the membership function and refutes the assumption that the
membership function of risks in overlapping intervals is linear. Moreover, it gives
the following important property.
Property of the membership of risks in different ratings in a 3 × 3 risk matrix
as shown in Figure 3: The membership functions of risks in different ratings G, Y,
and R are asymmetric.
Notice that when the fuzzy set is used, we should employ defuzzification to
obtain the crisp value of a fuzzy set that represents its magnitude. If the centroid
method (a common defuzzification method) is used, results of a trapezoidal member-
ship function and the asymmetric membership function must be different. Compared
with the centroid of the trapezoidal membership function, the exact centroid of the
membership function shifts to the right, which affects the accuracy of further opera-
tions. That is why we should first obtain the precise function of the membership.
We illustrate the second reason with Figure 11. A fictitious 3 × 3 risk matrix on
the left of the figure is constructed. It is an arbitrary risk matrix and we do not
assume the accuracy of its design. With our method, we present the outline of the
membership functions on the right of Figure 11.
0.9
0.8
0.7
0.6
Membership
0.5
0.4
0.3
0.2
0.1
0
0.1 0.2 0.3 0.4 0.5 0.6 0.7 0.8
Risk
30
10
-10
-20
-30
-40
-50
0.1 0.2 0.3 0.4 0.5 0.6 0.7 0.8
Risk
1
1
0.9
High
G Y R
0.8
0.7
2/3
Membership
Likelihood
0.6
Medium
G Y R 0.5
0.4
1/3
0.3
Low
G G R 0.2
0.1
0
0 0
1/3 2/3 1 0 0.1 0.2 0.3 0.4 0.5 0.6 0.7 0.8 0.9 1
Low Medium High
Consequence Risk
Figure 11. A fictitious 3 × 3 risk matrix and the corresponding membership functions
achieved by our method.
Figure 11 shows that the highest degree of membership of a risk with ratings G
and Y is not 1, and the lowest of a risk with rating R is not 0. In this case, without
calculation of the degree of membership, even if we use the simple assumption, we
cannot determine at which point the membership function starts to increase or
decrease. Besides, it still suffers the deficiency stated in the first reason. The above
two reasons suggest the use of our method to output an accurate membership
function.
16 C. Bao et al.
where ‘*’ stands for ‘+,’ ‘−,’ ‘×,’ and ‘÷,’ respectively.
In this paper, for simplicity, relations between all fuzzy sets (namely, all possible
risks) are not considered. In other words, all risks are assumed to be independent of
each other. Therefore, by repeatedly using the rule in Equation (4), results of opera-
tions of two or more fuzzy sets can be achieved by the following rule:
lA1 þA2 þþAi þþAn ðzÞ ¼ max minflA1 ðx1 Þ; lA2 ðx2 Þ; ; lAi ðxi Þ; ; lAn ðxn Þg;
z¼x1 þx2 þxi þþxn
(5)
where lAi ðxi Þ denotes the degree of xi in set Ai (or rating Ai).
Next, we state in detail how rule (5) is applied to obtain the membership func-
tion of a set of n different risks (ratings of these risks are A1, A2, ···, An) with the
help of Monte Carlo simulation.
Step a1. For each rating of the evaluated risks, its corresponding possible risk
values are located in an interval. First, generate a risk value randomly belonging to
the interval, and n risk values are generated in all. Second, calculate the correspond-
ing n memberships of all the n risk values. Both values are recorded in a two-
dimensional array (the two dimensions are risk and risk membership).
Step a2. Total risk of the n risk values is measured by the sum of all risk values,
denoted by Rs, where s presents the sth round. And membership of Rs is the mini-
mum of all memberships of single risks, denoted by μ(Rs).
Step a3. Repeat Steps a1-a2 N times and we now have R1, R2, … , RN, and
μ(R1), μ(R2), … , μ(RN). Check if there are duplicate values of Rp(p = 1, 2, … , N).
If Rp is duplicate (in this case, there are several memberships of Rp), membership of
Rp should be the maximum of all memberships of Rp. After the screening, there are
in total N′ overall risk values and memberships. If the number of simulations is large
enough, we will obtain membership of each possible overall risk in theory.
easily obtain the defuzzification result based on the points on the line of the
membership function.
However, in simulation, there are few duplicate values because of the limited
number of simulations, i.e. we usually cannot get the true membership of a risk
value (the membership of a risk value we obtain is smaller than the true one). For
example, memberships of the simulated risk values may have a distribution as fol-
lows. In Figure 12, for a risk, the membership we obtain is usually smaller than
membership on the boundary of the graph. As a result, we need to obtain the points
on the boundary with an algorithm and the defuzzification result, according to these
points, has a small error.
An intuitive idea is, if we choose m points of risk axis with the same step from
the lowest risk to the highest one and obtain the corresponding memberships of
these points, that is to say, we choose the sample points evenly, the defuzzification
result according to the following formula will be comparatively accurate (Ross
2004).
R P
lðrÞrdr lðrÞr
R¼ R P (7)
lðrÞdr lðrÞ
The problem for a chosen risk is that its membership may not be output in the
simulation. We take the following approximate method to solve it:
Step b1. Sort the two-dimensional array in ascending order according to risk;
Step b2. Divide N membership samples into m groups: elements of membership
dimension in the array from 1 to N/m are in group 1; elements from N/m + 1 to 2 N/m
are in group 2 and so on;
Step b3. Select the maximal element in each group and totally m elements are
chosen;
Step b4. Select m risk values:rmin ; rmin þ rmaxmrmin ; ; rmax where rmin and rmax
present the minimum and maximum risks, respectively.
0.9
0.8
0.7
0.6
0.5
0.4
0.3
0.2
0.1
0
0 0.1 0.2 0.3 0.4 0.5 0.6 0.7 0.8 0.9 1
5. An illustrative example
In this section, we apply our method to the case where three different risks, namely,
R1, R2, R3, are to be aggregated.
For simplicity, we set the following case. The three risks are measured by three
3 × 3 risk matrices. The consequences of the three risk matrices are dimensionally
different and defined as follows (Table 2).
As stated before, any infinite intervals are not considered in the aggregation since
they have the highest priority by default. Notice that the measure of risk may be dis-
crete and in such cases, the discrete index should be translated into a continuous
one. For example, casualty (R2) is measured by the expenses incurred for treatment
of injured people although it is usually measured by the number of injured people
which is a discrete index. Besides, we assume all ratings of likelihood have three
intervals: [0, 1/3], (1/3, 2/3], and (2/3,1] which correspond to ‘Low,’ ‘Medium,’ and
‘High,’ respectively. We emphasize that such settings do not mean that numbers
of ratings of consequence and likelihood are necessarily the same and ratings of
inputs should be evenly divided. Our method is applicable for any definitions of
1 1
0.9 0.9
0.8 0.8
0.7 0.7
0.6 0.6
0.5 0.5
y
0.4 0.4
0.3 0.3
0.2 0.2
0.1 0.1
0 0
0 0.2 0.4 0.6 0.8 1 1.2 1.4 1.6 1.8 2 0 0.2 0.4 0.6 0.8 1 1.2 1.4 1.6 1.8 2
x x
Figure 13. Checking accuracy of the method to find the centroid of a trapezoid.
Journal of Risk Research 19
consequence and likelihood. After normalization, design of the three risk matrices is
as shown in Figure 3: each risk matrix classifies risk into three ratings, namely,
‘Green,’ ‘Yellow,’ and ‘Red.’
The membership functions of the three risk ratings are obtained according to
Formulas (1)–(3), setting n = 5000 (in Formula (3)). Figure 14 presents the profile
of the membership functions.
In Figure 14, the different colored lines denote profiles of risk ratings, ‘Green,’
‘Yellow,’ and ‘Red,’ For a given risk value, we can ascertain the degree to which it
belongs to a certain risk rating. In every rating, there is an interval, where all risk
points have membership of 1, e.g. [1/3, 4/9] in rating ‘yellow,’ which means that the
yellow region in the 3 × 3 risk matrix has some exclusive quantitative points that
will not appear in other different rated regions.
Besides, in the 3 × 3 risk matrix, the membership functions resemble the trape-
zoidal where membership increases or decreases almost linearly. The difference is
that a membership function of rating ‘Yellow’ is not symmetric. In the increasing
0.9
0.8
0.7
0.6
Membership
0.5
0.4
0.3
0.2
0.1
0
0 0.1 0.2 0.3 0.4 0.5 0.6 0.7 0.8 0.9 1
Risk
part, it shows concavity and in the decreasing part convexity. This leads to right
shifting of the centroid compared with a symmetric function. Cases where no quanti-
tative risk has the membership of 1 are common. Under such circumstances, analysis
of membership with our method is necessary for we cannot draw a line from 0 to 1
or 1 to 0 anymore. Both drawbacks suggest using a more correct method to measure
membership, like ours.
Next, memberships of different scenarios, for example, (riskgreen, riskgreen,
riskgreen), (riskgreen, riskgreen, riskyellow), (riskgreen, riskgreen, riskred) and so on, are
achieved according to the composition method shown in Formula (5) and in all there
are 27 (3 × 3 × 3) scenarios. Defuzzification of the 27 memberships is performed in
detail as stated in Section 4.2. In our example, the risk matrices are the same and as
a result, crisp values of some scenarios are the same (for example, crisp values of
scenarios with riskgreen, riskyellow, and riskred are the same). Merge the scenarios with
same risk values and totally we obtain 10 different scenarios. Table 3 reports the
results.
First, note that Table 3 includes some results consistent with common sense. For
example, the scenario of three ‘red’ risks has a higher priority than the one of three
‘yellow’ risks; and for scenarios with two identical risks, the scenario where the
remaining risk is ‘red’ has the highest ranking, ‘yellow’ comes second and ‘green’
last. Moreover, Table 3 suggests something interesting that cannot be judged
intuitively. For example, scenario (riskgreen, riskyellow, riskred) ranks higher than
(riskyellow, riskyellow, riskyellow); generally, we claim that ‘riskred + riskgreen’ > ‘riskyellow
+ riskyellow’ when the third risk rating of each set is the same.
Next, we divide the 10 scenarios into 3 ratings, in line with thresholds 1 and 2,
which means scenarios whose crisp risks smaller than 1 are of rating ‘1,’ those
between 1 and 2 are of rating ‘2’ and those greater than 2 are of rating ‘3.’ Of
course, it is just one possible criterion based on which risk ratings are divided and
some other criteria are applicable (the choice of the criterion is out of the scope of
discussion in this paper). Division of the 10 scenarios is presented in Figure 15.
At last, if we have to judge the severity of risk of a set of three risks measured
by the risk matrices as stated before, we only need to provide judgments on conse-
quence and likelihood of each risk. Then, we obtain risk ratings of each risk accord-
ing to the predesigned risk matrices and we easily achieve the relative severity of
the risk of this scenario.
Risk portfolio
Risk level 3 Risk level 2 Risk level 1
0.42 0.68 0.95 1.04 1.21 1.29 1.57 1.66 1.92 2.26
Aggregated risk
Disclosure statement
No potential conflict of interest was reported by the authors.
Funding
This work was supported by the National Natural Science Foundation of China [grant num-
ber 71425002], [grant number 71571179], [grant number 71433001], [grant number
71201156]; the Key Research Program of Institute of Policy and Management Chinese Acad-
emy of Sciences; the Youth Innovation Promotion Association of the Chinese Academy of
Sciences [grant number 2013112].
ORCID
Chunbing Bao http://orcid.org/0000-0003-0569-3910
Jianping Li http://orcid.org/0000-0003-4976-4119
Dengsheng Wu http://orcid.org/0000-0002-6162-1287
References
Acharya, V. V., H. Almeida, and M. Campello. 2013. “Aggregate Risk and the Choice
between Cash and Lines of Credit.” The Journal of Finance 68 (5): 2059–2116.
Ale, B., P. Burnap, and D. Slater. 2015. “On the Origin of PCDS – (Probability Consequence
Diagrams).” Safety Science 72: 229–239.
Anthony Tony Cox, L. 2008. “What’s Wrong with Risk Matrices?” Risk Analysis 28 (2):
497–512.
Bedford, T. 2013. “Decision Making for Group Risk Reduction Dealing with Epistemic.”
Risk Analysis 33 (10): 1884–1898.
Bernard, C., X. Jiang, and R. Wang. 2014. “Risk Aggregation with Dependence Uncertainty.”
Insurance: Mathematics and Economics 54: 93–108.
Budescu, D. V., S. Broomell, and H.-H. Por. 2009. “Improving Communication of Uncer-
tainty in the Reports of the Intergovernmental Panel on Climate Change.” Psychological
Science 20 (3): 299–308.
Cook, R. 2008. “Simplifying the Creation and Use of the Risk Matrix.” In Improvements in
System Safety, 239–264. London: Springer.
Čokorilo, O., M. De Luca, and G. Dell’Acqua. 2014. “Aircraft Safety Analysis Using Clus-
tering Algorithms.” Journal of Risk Research 17 (10): 1325–1340.
Dell’Acqua, G., F. Russo, and S. A. Biancardo. 2013. “Risk-type Density Diagrams by Crash
Type on Two-lane Rural Roads.” Journal of Risk Research 16 (10): 1297–1314.
Department of Defense 2012. “Department of Defense Standard Practice System Safety
(MIL-STD-882E).” http://www.system-safety.org/Documents/MIL-STD-882E.pdf
Duijm, N. J. 2015. “Recommendations on the Use and Design of Risk Matrices.” Safety
Science 76: 21–31.
Ferdous, R., F. Khan, R. Sadiq, P. Amyotte, and B. Veitch. 2011. “Fault and Event Tree
Analyses for Process Systems Risk Analysis: Uncertainty Handling Formulations.” Risk
Analysis 31 (1): 86–107.
Hewett, C., P. Quinn, P. Whitehead, A. Heathwaite, and N. J. Flynn. 2004. “Towards a
Nutrient Export Risk Matrix Approach to Managing Agricultural Pollution at Source.”
Hydrology and Earth System Sciences Discussions 8 (4): 834–845.
Hubbard, D., and D. Evans. 2010. “Problems with Scoring Methods and Ordinal Scales in
Risk Assessment.” IBM Journal of Research & Development 54 (3): 246–255.
IEC 2009. Risk Management–Risk Assessment Techniques. ISO 31010: 2009-11.
John, A., D. Paraskevadakis, A. Bury, Z. Yang, R. Riahi, and J. Wang. 2014. “An Integrated
Fuzzy Risk Assessment for Seaport Operations.” Safety Science 68: 180–194.
Kouvelis, P., L. Dong, O. Boyabatli, and R. Li. 2012. “Integrated Risk Management: A
Conceptual Framework with Research Overview and Applications in Practice.” The
Handbook of Integrated Risk Management in Global Supply Chains 1–12.
Journal of Risk Research 23