Introduction to risk management

Jouni Tuomisto, Mikko Pohjola

THL
Contents
• Conventional perspectives to risk management
• Open risk management (ORM)
• RM in the swine flu case
– Beginning of the pandemic
– Preparedness in Finland and elsewhere
Conventional perspectives to risk management
Mikko Pohjola, THL
Risk management (of what?)
• Google ”risk management”, what do you find?
– Finance, project, legal, credit, accident, disaster,
terrorism, …
• What we want to find, is environment and health risk
management
– Also several perspectives to this!
• Somewhat related to E&H RM are:
– Workplace health and safety RM
– Engineering safety RM (e.g. nuclear safety)
– World Bank’s social RM (SRM)
Definitions of RM
• Wikipedia:
– Risk management is the identification, assessment,
and prioritization of risks (defined in ISO 31000 as
the effect of uncertainty on objectives, whether
positive or negative) followed by coordinated and
economical application of resources to minimize,
monitor, and control the probability and/or impact of
unfortunate events, or to maximize the realization of
opportunities.
Definitions of RM
• BusinessDictionary.com:
– Policies, procedures, and practices involved in
identification, analysis, assessment, control, and
avoidance of unacceptable risks. A firm may use risk
assumption, risk avoidance, risk retention, risk
transfer, or anu other strategy (or combination of
strategies) in proper management of future events.
RM strategies
• Wikipedia (RM):
– Avoidance
• eliminate, withdraw from or not become involved
– Reduction
• optimize - mitigate
– Sharing
• transfer - outsource or insure
– Retention
• accept and budget
• Wikipedia (SRM):
– Prevention
– Mitigation
– Coping
RM strategies
• STTV (National Product Control Agency for Welfare and
Health):
– Non-acceptance / substitution
– Design of packaging (child resistant fastening)
– Classification & labeling
– Limit of the product volume
– Modification of a physical state
– Limiting the marketing or use
– Instructions, information, warnings
– Technical measure (closed system, exhaust ventilation, …)
– Training
– Medical surveillances
– Personal protective equipment (gloves, filters, covers,…)
Presentation by J. Räisänen, STTV. 8.11.2006. Introduction to environmental risk
assessment. Kuopio.
Conventional frameworks for E&H RM
• Several perspectives exist, e.g.:
– EHRM framework
– NRC
• Red book RA, Understanding risk, Science and
decisions
– IRGC risk governance framework
– REACH
– YVA - regulatory EIA in Finland
– Water resources management (integrated modelling)
– Ecological RA/RM
– Risk analysis
EHRM framework

The Presidential /
Congressional
comission on Risk
Assessment and
Risk Management:
Final Report Volume
1, 1997.
EHRM framework
• Risk management is the process of identifying,
evaluating, selecting, and implementing actions
to reduce risk to human health and to
ecosystems.
• The goal of risk management is scientifically
sound, cost-effective, integrated actions that
reduce or prevent risks while taking into
account social, cultural, ethical, political, and
legal considerations.
EHRM framework
• Risk is defined as the probability that a substance or
situation will produce harm under specified
conditions. Risk is a combination of two factors:
– The probability that an adverse event will occur (such
as a specific disease or type of injury).
– The consequences of the adverse event.
• Risk encompasses impacts on public health and on
the environment, and arises from exposure and
hazard. Risk does not exist if exposure to a harmful
substance or situation does not or will not occur.
Hazard is determined by whether a particular
substance or situation has the potential to cause
harmful effects.
NRC: Red book
Risk assessment Risk management

Observations Hazard Regulatory options

identification

Extrapolation Dose-response
assessment

Risk Evaluation of
characterization options

Measurements Exposure
and population assessment
characteristics Decisions and
actions

NRC 1983. Risk Assessment in the Federal Government: Managing the Progress.
The National Research Council. National Academy Press, Washington D.C.
NRC: Red book
• Regulatory actions are based on two distinct
elements, risk assessment and risk management.
• Risk assessment is the use of the factual base to
define the health effects of exposure of individuals
or populations to hazardous materials and
situations.
• Risk management is the process of weighing policy
alternatives and selecting the most appropriate
regulatory action, integrating the results of risk
assessment with engineering data and with social,
economic, and political concerns to reach a
decision.
NRC: Red book
• …the risk of cancer and other adverse health effects
associated with exposure of humans to toxic
substances.
• Many decisions of federal agencies in regulating
chronic health hazards… …improvements in
scientific and technologic capability to detect
potentially hazardous chemicals, in changes in
public expectations and concerns about health
protection, and in the fact that the costs and benefits
of regulatory policies fall unequally on different
groups...
NRC: Understanding Risk (Orange
book)
• Role and importance of deliberation
• Risk characterization as the link between assessment and
management

Learning and feedback

Public
officials
Problem Process Selecting Information Synthesis Decision
Natural and formulation design options & gathering Implementation
social scientists outcomes Evaluation

Interested and
affected parties Analysis and deliberation

NRC 1996. Understanding Risk: Informing Decisions in a Democratic

Society. The National Research Council. National Academy Press,
Washington D.C.
NRC: Science and decisions (Silver
book)

NRC 2009. Science and

Decisions: Advancing
Risk Assessment. The
National Research
Council. National
Academy Press,
Washington D.C.
NRC: Science and decisions (Silver
book)
• How we deal with risk depends largely on how well we
understand it. The process of risk assessment has been used
to help us understand and address a wide variety of
hazards…
• U.S. Environmental Protection Agency (EPA), other federal
and state agencies, industry, the academic community, and
others in evaluating public-health and environmental
concerns.
• From protecting air and water to ensuring the safety of food,
drugs, and consumer products such as toys, risk assessment
is an important public-policy tool for informing regulatory and
technologic decisions, setting priorities among research
needs, and developing approaches for considering the costs
and benefits of regulatory policies.
IRGC – Risk governance
Management sphere: Assessment sphere:
Decision & implementation of Generation of knowledge
actions Pre assessment
▪ Problem framing
▪ Early warning
▪ Screening
▪ Determination of
scientific conventions
Risk management Risk appraisal
Implementation Risk assessment
▪ Option realization ▪ Hazard identification &
▪ Monitoring & control estimation
▪ Feedback from risk ▪ Exposure &
management practice Communicatio vulnerability assessment
Decision making n ▪ Risk estimation
▪ Option identification & Concern
generation assessment IRGC 2005. Risk
▪ Option assessment
▪ Option evaluation &
▪ Risk perceptions governance –
▪ Social concerns
selection ▪ Socio-economic towards an
impacts integrative approach.
Tolerability & acceptability judgement
International Risk
Risk evaluation Risk characterization Governance Council.
▪ Judging tolerability & ▪ Risk profile Geneva.
acceptability ▪ Judgment of the
▪ Need for risk seriousness of risk
reduction measures ▪ Conclusions & risk
reduction options
IRGC
• Risk is an uncertain (generally adverse) consequence of an
event or activity with respect to something that humans value.
Risks are often accompanied by opportunities.
• Systemic risks are embedded in the larger context of
societal, financial and economic consequences and are at the
intersection between natural events, economic, social and
technological developments and policy-driven actions. Such
risks are not confined to national borders; they cannot be
managed through the actions of a single sector; they require a
robust governance approach if they are to be adequately
managed. The governance of systemic risks requires
cohesion between countries and the inclusion within the
process of governments, industry, academia and civil society.
IRGC
• Governance refers to the actions, processes, traditions and institutions by
which authority is exercised and decisions are taken and implemented.
• Risk governance deals with the identification, assessment, management and
communication of risks in a broad context. It includes the totality of actors, rules,
conventions, processes and mechanisms and is concerned with how relevant
risk information is collected, analysed and communicated, and how
management decisions are taken. It applies the principles of good governance
that include transparency, effectiveness and efficiency, accountability, strategic
focus, sustainability, equity and fairness, respect for the rule of law and the need
for the chosen solution to be politically and legally feasible as well as ethically
and publicly acceptable.
• Risk accompanies change. It is a permanent and important part of life and the
willingness and capacity to take and accept risk is crucial for achieving
economic development and introducing new technologies. Many risks, and in
particular those arising from emerging technologies, are accompanied by
potential benefits and opportunities.
• The challenge of better risk governance lies here: to enable societies to
benefit from change while minimising the negative consequences of the
associated risks.
IRGC
IRGC
REACH – EU Chemical safety
Information: available vs. required/needed
▪ Substance intrinsic properties
▪ Manufacture, use, tonnage, exposure, risk management

Hazard assessment Exposure assessment

▪ Hazard identification ▪ Exposure scenarios building
▪ Classification & labeling ▪ Exposure estimation
▪ Derivation of threshold levels

Iteratio
▪ PBT/vPvB assessment

n
no yes
Dangerous or Risk characterisation
PBT/vPvB

yes no
Chemical safety report Risk controlled

ECHA 2008. Guidance on Information Requirements and Chemical Safety

Assessment. Guidance for the Implementation of REACH.
YVA - regulatory EIA in Finland
Phase 1 Phase 2
Evaluation Statements of
program the ministry of
employment

Participation
and economy
about the
report

Opinions and Opinions and

statements statements
about the about the
program
report
Pohjola et al. State

Participation
of the art in benefit-
Statements of risk analysis:
the ministry of Environmental
employment health. Manuscript.
and economy Evaluation
about the report
Assessment
evaluation
YVA

Jantunen & Hokkanen

2010. YVA-
lainsäädännön
toimivuusarviointi –
Ympäristövaikutusten
arviointimenettelyn
toimivuus ja
kehittämistarpeet.
Ympäristöministeriö.
Helsinki.
Water resource management
(integrated modeling approach)
Liu et al. 2008.
Linking science
with
environmental
decision
making:
Experiences
from an
integrated
modelling
approach to
supporting
sustainable
water
resources
management.
Environmental
Modelling and
Software,
23:846-858.
Ecological RA/RM

Ecological risk
assessment. Book. ???
Risk analysis
 Risk analysis
Lessons from the KTL Centre of excellence in environmental health risk analysis

Risk assessment Risk management

Hazard Options
identification generation

Exposure Dose- Options Policy effect

assessment response evaluation evaluation
assessment

Policy selection &

Risk implementation
characterization
 Does risk analysis pay off?
Risk assessment MillionRisk
euromanagement
cycle
Hazard Options
identification generation

Exposure Dose-response Options Policy effect

assessment assessment evaluation evaluation

Risk Policy selection

characterization & implementation

Billion euro cycle

Risk communication
Some RM related concepts
• Risk communication (RC)
– WHO: Risk communication is an interactive process
of exchange of information and opinion on risk among
risk assessors, risk managers, and other interested
parties.
• Risk perception (RP)
– Wikipedia: the subjective judgment that people make
about the characteristics and severity of risks.
• Risk assessment (RA)
• Risk characterisation
• Risk analysis
Discussion points
• Similarities and differences between perspectives?
• Clear? Solid? Unambiguous?
– In comparison e.g. to the theory of DA
• Sufficient?
Different roles in decision-making
• Authority (has the decision-making power)
• Policy-maker (develops policies to be decided)
• NGO
• Industry and other commercially interested parties
• Other stakeholders
• Citizens
• Anyone
Questions to ask about RM
• Risk
– what risk(s)?
– how about benefits (costs)?
– whose risks / whose benefits?
• Management:
– who manages?
– manages what?
– manages how?
– on what basis?
Interim conclusions
• RM: from needs to knowledge, knowledge to action
– a societal knowledge/learning process

• Confused? Don’t worry, we’ll get back to these

issues on the later part of the course…
Open risk management
Jouni Tuomisto, THL
• Is there a theory for RM?
– Context: you must understand this to be able to
operate
– Find a decision or decisions that are reasonable and
relevant
– Essential parts: context, research question,
decision(s), objectives
– RA-RM process
Theory of open risk management
• Incremental improvements
• Everyone involved
• The idea of justice as one basis
• Decision analysis as one basis after we know what
the decision is
• Open assessment/trialogue as one basis as the
method to reach shared understanding.
Concepts in the theory
• Problem(s) identified (something wrong with the
world)
• Decisions (as responses to problems)
• Partners/actors:
– Decision maker of a particular decision (may be
several decisions)
– Those influenced in any way
– Everyone else
Definitions of risk and related issues
• Hazard, endanger, exposure to mischange or peril. (Oxford English
Dictionary)
• The chance of hazard or commercial loss. (Oxford English Dictionary)
• As in Risk-Money, an allowance paid to a cashier to cover accidental
deficits. (Oxford English Dictionary)
• Risk = Probability ⊗ Severity (Wilson and Crouch)
• Risk = S{Probability ⊗ Severity ⊗ Weight} (Wilson and Crouch)
– ⇤1 However, sometimes risks are not truly multiplicative. (Tversky et
al., 1990)
• Risk: a characteristic of a situation or action wherein two or more
outcomes are possible, the particular outcome that will occur is
unknown, and at least one of the possibilities is undesired. (Covello and
Merkhofer, 1993)
• … and there is a need to improve the expectation of the outcome.
(Tuomisto, 2006)
Societal role of RA
• Risk assessment is collection, synthesis and
interpretation of scientific information and value
judgments for use of the society
Definition of risk 3
• In this course, we use the word risk in a loose/broad
sense.
– Risk = impact (good, bad)
– The probability of risk may be low, high, or even 1.
– Why? Because you treat favourable and harmful,
likely and unlikely impacts all in the same way.
Questions in risk management
• What is the problem?
• Who is responsible for the problem?
• What are the possible decisions/actions?
• What are the objectives?
• What are the outcomes to be monitored?
• Who are influenced by the problem?
• Who are influenced by the actions?
Risk management of bus traffic in Kuopio
• What are the problems?
• What are potential actions?
• What are outcomes of interest?
• Who decides? Who acts?
Is there a theory for RM?
– Context: you must understand this to be able to
operate
– Find a decision or decisions that are reasonable and
relevant
– Essential parts: context, research question,
decision(s), objectives
– RA-RM process
Open risk management: overview

Q
R
A
Risk management
• Also, we could use the term ”impact management”
instead of ”risk management”.
• This is just a matter of tradition.
• (But if we had called this course Open assessment
and impact management, the professors hadn’t
been interested in including the course in ToxEn
MSc studies.)
Open risk management: context
• All risks emerge in a society (or group).
• The society observes the risks, valuates them, is
afraid of them, suffers from them, manages them,
and adapts to them.
Definition of open risk management
• How can scientific information and value
judgements be organised for improving societal
situations by identifying potential decisions and
relevant outcomes in a situation where open
participation is allowed?
– Emphasis: The decision situation should be clarified.
Machine for risk management within a
society
1. Identify a problem.
2. Formulate it as a (decision) question.
3. Perform argumentation about it.
1. Create hypotheses.
2. Attack and remove poor hypotheses.
4. Make conclusions.
5. Act based on the conclusions.
Definition of open assessment
• How can scientific information and value
judgements be organised for improving societal
decision-making in a situation where open
participation is allowed?
– Emphasis: The decision situation is clear, focus on
choosing good options.
Difference between OA and ORM
• There is no clear separation between open
assessment and open risk management.
• If your decision options are clear (for the moment),
you are more on OA side.
• However, be prepared for surprises and revisiting
your original questions (RM).
Theory of open risk management
• Incremental improvements
• Everyone involved
• The idea of justice as one basis
• Decision analysis as one basis after we know what
the decision is
• Open assessment/trialogue as one basis as the
method to reach shared understanding.
Assessment, management, and
communication
• A traditional view separates
– Risk assessment (by scientists)
– Risk management (by decision-makers)
– Risk communication (by all, but especially to
stakeholders)
• However, in trialogue there is no need for
separation.
There is no science-policy interface
• The most important tools for making science and
making policy are the same.
• Making artificial separations only confuse and slow
down efficient actions.
• This is not obvious, though. Why?
What are science and policy?
• ”Science is what a scientist does.”
• ”Policy is what a politician does.”
We know how is a scientist and who is a
politician. We can answer the question by
observation.
• This is a reasonable assumption, if the current way
is the best way to make science and policy. Is it?
What is the best way to make science and
policy?
• You cannot answer by observing.
– However, you can find problems by observing and
then try to understand why they exist.
• You can start from the ultimate objective and then
try to find efficient methods to reach it.
Different roles in decision-making
• Authority (has the decision-making power)
• Policy-maker (develops policies to be decided)
• NGO
• Industry and other commercially interested parties
• Other stakeholders
• Citizens
• Anyone
Independence of assessors?
• How to ensure that science is objective?
• What if assessments are only made to justify
existing decisions?
• Can political pressures be overcome if scientists
step out of the ivory tower?
• (Should this topic be discussed in more detail eg. In
a decision analysis lecture?)
Concepts in the theory
• Problem(s) identified (something wrong with the
world)
• Decisions (as responses to problems)
• Partners/actors:
– Decision maker of a particular decision (may be
several decisions)
– Those influenced in any way
– Everyone else
Performance
• Context about what we actually aim to achieve. How
do we know if we succeeded?
RM in the swine flu story
• Independent exploration
– Beginning of the Pandemic
– Prepredness in Finland and elsewhere
• Mini-presentations and discussions
• Summary