Risk

From Securipedia
Jump to navigation Jump to search


Risk

Risk is a measure for the expectation of undesirable outcome has attribute::impact to realise. This expectation concerns both the has attribute::likelihood and magnitude of the undesired outcome. Quantified levels of risk are often used to enable an assessment of risk in order to establish if they fall within acceptable limits or to determine which risks pose the highest has attribute::threat.

Definitions

There is no one, universally accepted definition for risk. A prominent definition of risk is provided in the ISO 31000:2009 risk management standard [1], where risk is defined as the ‘effect of uncertainty on objectives’ and both positive and negative effects are included. As this definition is of a high conceptual level and can be counter-intuitive, for the purpose of this wiki, the definition as mentioned above will be used.

Objective and subjective risk

There are two aspects of the determination of risks: the risks that are in fact present (objective risks), and the risks as they are perceived (subjective risks). One would expect the two to be very similar, but studies have shown they can (and often do) differ quite a bit.

About subjective risk

Results from urban planning decisions can influence citizens’ perception of risk including the distraction of risk perception for more objective risk levels. Conversely, citizens’ risk perception can result in societal demands on urban planning. Several specific aspects as addressed in the following are worth consideration in strategic urban planning. These aspects among others include indicators for citizens’ subjective perception of criticality of infrastructure and need to protect it, including by appropriate urban planning measures. Conversely, infrastructure that results from urban planning may also influence subjective assessment of its criticality and contribution to security or susceptibility to natural or anthropogenic (“man made”) risk.

Risk perception is strongly influenced by various subjective factors that drag it from objective risk figures. Factors such as overconfidence, loss aversion, individual experience, temporal factors, capacity of remembering, level of information and knowledge, public discourse, stigmatization, cultural factors, orientation of values, confidence in institutions, etc.[2]

This is relevant to urban planners since they have some means to direct the perceived security or at the very least has means to predict it and account for it in planning. Addressing of risk in planning should be coherent with societal risk perception and views [3]. Adequate risk management and public communication can help urban planners to prevent negative effects from public risk perception, or misperception, and related public demands on or acceptance of urban design. However, effects of urban planning decisions can also distract citizens’ risk perception from more objective risk levels.

To do so, the complexity of individual and social mechanisms of risk perception has to be appreciated.[4] Humans usually do not fear statistically highly ranked threats to life and health (such as car accidents, food poisoning, cancer and others), whereas they are disproportionately wary of spectacular hazards, even if related vulnerabilities are low.

About objective risk

Although terminology may vary, two widely accepted elements in the definition of risk are the inclusion of likelihood and magnitude and to a lesser extent, the fact that to arrive at a measure of risk, the two should be multiplied. A simple, but widely used definition of risk is therefore

Risk = Likelihood of event realizing X Impact (expected loss in case the accident realizes).

Many variations exist, for example by distinguishing between the likelihood of a threat realizing (also called probability) and the likelihood that that threat will affect an object (has attribute::vulnerability). An example would be storm damage: the probability would reflect the likelihood of a storm at the object, the vulnerability would reflect the likelihood that this storm would cause damage and the impact would reflect the extent of damage that would occur if the storm would cause damage. The quantified risk formula associated with this definition is

Risk = Likelihood of event realizing X vulnerability (probability of realized event impacting object) X Impact (expected loss in case the accident realizes and impacting object).

Most commonly, likelihood can be quantified by statistical analysis. The likelihood of weather events occurring, for instance, has been the subject of long and well-established study and has a solid statistical basis. Wherever statistical data can predict the future, likelihood can be interpreted to equal has attribute::probability.

Problems with the use of probability

A precondition for statistical analysis to be valid is that the future can be predicted on the basis of events in the past and this does not hold for all situations. Particularly in security analysis the use of statistical analysis for the determination of likelihood is highly debatable, as:

  • the likelihood of occurrance is influenced by the vulnerability (Compare the risk of flooding with the risk of burglary: whereas the likelihood of high water occurring is independent of dykes being erected, the likelihood of a burglary attempt occurring at a building depends on the doors having visible locks or not).
  • the likelihood is influenced by external factors (measures taken at one place can influence the likelihood for burglary at another place (crime displacement or 'waterbed effect'))
  • the likelihood is subject to rational beings, who can act against trends. (a criminal will actively look for the weakest link, irrespective of choices made in the past - if the last three attacks where (unsuccessful) hostage takings, is that an indication that the next one will also be a hostage taking, or is it likely that the next one will be a different attack method?)
  • some forms of crime have a very low rate of occurrence, which is a problem for the accumulation of enough data to assure the validity of statistical analysis.

A way to overcome these problems is to substitute has attribute::attractiveness for probability and has attribute::conceivability for vulnerability. In this way, assumptions about historical data predicting future events can be avoided.

Uses of risk assessment

Risk assessment is used to get a good understanding of the various circumstances that might have a negative impact on the realisation of your goals. In other words, it can be used as a systematic way to survey the weak spots in your plans and do somethinmg about it before they cause problems.

The SecuRbAn tool is a tool to quickly do a high-level risk assement on planned urban development.

Sources of risk

One way to typify types of risk, is by their causes. A cause for risk is called a is caused by::threat. Threats can be classified into is the opposite of::safety threats, consisting of natural threats, is caused by::human failure, is caused by::technical failure, is caused by::failure of critical services and is the opposite of::security threats which are due to is caused by::human intent.

Related subjects

Footnotes and references

  1. [See: http://en.wikipedia.org/wiki/ISO_31000]
  2. cf. V. T. Covello et. al.: Risk Communication, the West Nile Virus Epidemic, and Bioterrorism: Responding to the Communication Challenges Posed by the Intentional or Unintentional Release of a Pathogen in an Urban Setting. Journal of Urban Health: Bulletin of the New York Academy of Medicine, Volume 78, No. 2, 2001, p. 382-391. OECD: OECD Reviews of Risk Management Policies. Future Global Shocks. Improving Risk Governance. Preliminary Version. OECD Publishing, 2011; D. Proske: Katalog Risiken. Risiken und ihre Darstellung. 1. Auflage. Eigenverlag: Dresden, 2004, p.167-174. Online: http://www.qucosa.de/fileadmin/data/qucosa/documents/71/1218786958574-1736.pdf. P. Slovic et al.: Facts and Fears: Societal Perception of Risk. In: K.B. Monroe/A. Abor (eds.): Advances In Consumer Research. Volume 08, Association For Consumer Research, 1981, p. 497-502. Online: http://www.acrwebsite.org/volumes/display.asp?id=5844. H. Sterr et al.: Risikomanagement im Küstenschutz in Norddeutschland. In: C. Felgentreff/T. Glade: Naturrisiken und Sozialkatastrophen. Berlin Heidelberg: Springer, 2008, p. 345-346. M. Zwick/O. Renn: Risikokonzepte jenseits von Eintrittswahrscheinlichkeit und Schadenserwartung. In: C. Felgentreff/T. Glade: Naturrisiken und Sozialkatastrophen. Berlin Heidelberg: Springer, 2008, p. 85-95.
  3. ECD: OECD Reviews of Risk Management Policies. Future Global Shocks. Improving Risk Governance. Preliminary Version. OECD Publishing, 2011. OECD (2003): Emerging Risks in the 21st Century. An Agenda for Action. OECD Publication Service: Paris. Retrieved from: http://www.unisdr.org/eng/library/Literature/7754.pdf [last access: 2011 07 28]: 54-56.
  4. D. P. Coppola: Introduction to International Disaster Management. Oxford: Butterworth-Heinemann, 2007, p. 162.

MAP

<websiteFrame> website=http://securipedia.eu/cool/index.php?wiki=securipedia.eu&concept=Risk height=1023 width=100% border=0 scroll=auto align=middle </websiteFrame> <headertabs/>