Introduction to risk management Jouni Tuomisto, Mikko Pohjola THL

Conventional perspectives to risk management

Contents Introduction to (conventional) RM Open risk management (ORM) RM in the swine flu story

Introduction to (conventional) RM Risk management (of what?) Conventional paradigms of environment and health RM Some related concepts Interim conclusions

Risk management (of what?) Google RM, what do you find? –Economical risk management finance, project, investement, … –World bank social RM –Also a number of environment & health related These are of our interest here

Conventional frameworks for environment and health RM Several views to EH RM (conventional paradigms), e.g. –EHRM framework –NRC: Red book, Understanding risk, Science and decisions –IRGC risk governance framework –REACH –YVA - regulatory EIA in Finland –water management –LCA? –nuclear safety? Considered in terms of e.g. –risk? –management; who, what, how? –interaction/participation?

EHRM

Risk management is the process of identifying, evaluating, selecting, and implementing actions to reduce risk to human health and to ecosystems. The goal of risk management is scientifically sound, cost-effective, integrated actions that reduce or prevent risks while taking into account social, cultural, ethical, political, and legal considerations.

EHRM Risk is defined as the probability that a substance or situation will produce harm under specified conditions. Risk is a combination of two factors: –The probability that an adverse event will occur (such as a specific disease or type of injury). –The consequences of the adverse event. Risk encompasses impacts on public health and on the environment, and arises from exposure and hazard. Risk does not exist if exposure to a harmful substance or situation does not or will not occur. Hazard is determined by whether a particular substance or situation has the potential to cause harmful effects.

NRC: Red book Extrapolation Measurements and population characteristics Hazard identification Dose-response assessment Exposure assessment Risk characterization Regulatory options Evaluation of options Decisions and actions Risk assessmentRisk management Observations

NRC: Red book Regulatory actions are based on two distinct elements, risk assessment, the subject of this study, and risk management. Risk assessment is the use of the factual base to define the health effects of exposure of individuals or populations to hazardous materials and situations. Risk management is the process of weighing policy alternatives and selecting the most appropriate regulatory action, integrating the results of risk assessment with engineering data and with social, economic, and political concerns to reach a decision.

NRC: Red book …the risk of cancer and other adverse health effects associated with exposure of humans to toxic substances. Many decisions of federal agencies in regulating chronic health hazards have been bitterly controversial. The roots of the controversy lie in improvements in scientific and technologic capability to detect potentially hazardous chemicals, in changes in public expectations and concerns about health protection, and in the fact that the costs and benefits of regulatory policies fall unequally on different groups within American society.

NRC: Understanding Risk (Orange book) Role and importance of deliberation Decision Problem formulation Process design Selecting options & outcomes Information gathering Synthesis Public officials Natural and social scientists Interested and affected parties Implementation Evaluation Learning and feedback Analysis and deliberation

NRC: Science and decisions (Silver book)

How we deal with risk depends largely on how well we understand it. The process of risk assessment has been used to help us understand and address a wide variety of hazards… U.S. Environmental Protection Agency (EPA), other federal and state agencies, industry, the academic community, and others in evaluating public-health and environmental concerns. From protecting air and water to ensuring the safety of food, drugs, and consumer products such as toys, risk assessment is an important public-policy tool for informing regulatory and technologic decisions, setting priorities among research needs, and developing approaches for considering the costs and benefits of regulatory policies.

IRGC Assessment sphere: Generation of knowledge Risk management Implementation ▪ Option realization ▪ Monitoring & control ▪ Feedback from risk management practice Decision making ▪ Option identification & generation ▪ Option assessment ▪ Option evaluation & selection Pre assessment ▪ Problem framing ▪ Early warning ▪ Screening ▪ Determination of scientific conventions Communicatio n Tolerability & acceptability judgement Risk appraisal Risk assessment ▪ Hazard identification & estimation ▪ Exposure & vulnerability assessment ▪ Risk estimation Concern assessment ▪ Risk perceptions ▪ Social concerns ▪ Socio-economic impacts Risk evaluation ▪ Judging tolerability & acceptability ▪ Need for risk reduction measures Risk characterization ▪ Risk profile ▪ Judgment of the seriousness of risk ▪ Conclusions & risk reduction options Management sphere: Decision & implementation of actions

IRGC Risk is an uncertain ( generally adverse ) consequence of an event or activity with respect to something that humans value. Risks are often accompanied by opportunities. Systemic risks are embedded in the larger context of societal, financial and economic consequences and are at the intersection between natural events, economic, social and technological developments and policy-driven actions. Such risks are not confined to national borders; they cannot be managed through the actions of a single sector; they require a robust governance approach if they are to be adequately managed. The governance of systemic risks requires cohesion between countries and the inclusion within the process of governments, industry, academia and civil society.

IRGC Governance refers to the actions, processes, traditions and institutions by which authority is exercised and decisions are taken and implemented. Risk governance deals with the identification, assessment, management and communication of risks in a broad context. It includes the totality of actors, rules, conventions, processes and mechanisms and is concerned with how relevant risk information is collected, analysed and communicated, and how management decisions are taken. It applies the principles of good governance that include transparency, effectiveness and efficiency, accountability, strategic focus, sustainability, equity and fairness, respect for the rule of law and the need for the chosen solution to be politically and legally feasible as well as ethically and publicly acceptable. Risk accompanies change. It is a permanent and important part of life and the willingness and capacity to take and accept risk is crucial for achieving economic development and introducing new technologies. Many risks, and in particular those arising from emerging technologies, are accompanied by potential benefits and opportunities. The challenge of better risk governance lies here: to enable societies to benefit from change while minimising the negative consequences of the associated risks.

IRGC

REACH Hazard assessment ▪ Hazard identification ▪ Classification & labeling ▪ Derivation of threshold levels ▪ PBT/vPvB assessment Exposure assessment ▪ Exposure scenarios building ▪ Exposure estimation Risk characterisation Information: available vs. required/needed ▪ Substance intrinsic properties ▪ Manufacture, use, tonnage, exposure, risk management Dangerous or PBT/vPvB Risk controlled noyes noyes Iteration Chemical safety report

YVA Opinions and statements about the program Statements of the ministry of employment and economy about the evaluation Evaluation report Statements of the ministry of employment and economy about the report Evaluation program Opinions and statements about the report Participation Phase 1 Phase 2 Assessment

YVA

Water resource management (integrated modeling approach)

Risk analysis Risk assessmentRisk management Hazard identification Exposure assessment Dose- response assessment Options generation Policy selection & implementation Policy effect evaluation Options evaluation Risk characterization

Does risk analysis pay off? Risk assessmentRisk management Hazard identification Exposure assessment Dose-response assessment Risk communication Options generation Policy selection & implementation Policy effect evaluation Options evaluation Risk characterization Million euro cycle Billion euro cycle

Some related concepts RC, RP, RA, RCh –how do they relate to RM?

Interim conclusions Similarities and differences? Risk -> impact? Sufficient? DA in RM?

Open risk management (ORM) Introduction to the concept(s) Operationalization: ”discussion engine”

Six hours which topics Risk management traditional views Is there a theory for RM? –Context: you must understand this to be able to operate –Find a decision or decisions that are reasonable and relevant –Essential parts: context, research question, decision(s), objectives –RA-RM process

Introduction to risk management. What is managed, who is responsible, what is included? Traditional paradigm.Introduction to risk management Look from decision-maker's point of view: needs, communication, and assessment all included. Openness: RA, RM, RC are not totally separate. Performance: Context about what we actually aim to achieve. How do we know if we succeeded? Developing risk management options. Development of risk assessment questions. Science-policy interface. Why it does not exist. Boundaries of RA and RM

There is no science-policy interface

Different roles in decision-making Authority (has the decision-making power) Policy-maker (develops policies to be decided) NGO Industry and other commercially interested parties Other stakeholders Citizens Anyone

What is the point here?

Theory of open risk management Incremental improvements Everyone involved The idea of justice as one basis Decision analysis as one basis after we know what the decision is Open assessment/trialogue as one basis as the method to reach shared understanding.

Concepts in the theory Problem(s) identified (something wrong with the world) Decisions (as responses to problems) Partners/actors: –Decision maker of a particular decision (may be several decisions) –Those influenced in any way –Everyone else

* Risk ** what risk(s)? ** how about benefits (costs)? ** whose risks / whose benefits? * Management: ** who manages? ** manages what? ** on what basis (→ role of knowledge/learning)? ** manages how? * → RM: from needs to knowledge, knowledge to action ** is ''risk'' the right question? ** are traditional RA, RM, RC approaches sufficient? ** a societal knowledge process

What is managed, who is responsible, what is included? Traditional paradigm. *Look from decision-maker's point of view: needs, communication, and assessment all included. *Openness: RA, RM, RC are not totally separate. *Performance: Context about what we actually aim to achieve. How do we know if we succeeded? *Developing risk management options. *Development of risk assessment questions. *Science-policy interface. Why it does not exist. *Boundaries of RA and RM

RM in the swine flu story Independent exploration –Beginning of the Pandemic –Prepredness in Finland and elsewhere Mini-presentations and discussions Summary

Open risk management

Definitions of risk and related issues Hazard, endanger, exposure to mischange or peril. (Oxford English Dictionary) The chance of hazard or commercial loss. (Oxford English Dictionary) As in Risk-Money, an allowance paid to a cashier to cover accidental deficits. (Oxford English Dictionary) Risk = Probability ⊗ Severity (Wilson and Crouch) Risk = S{Probability ⊗ Severity ⊗ Weight} (Wilson and Crouch) – ⇤ 1 However, sometimes risks are not truly multiplicative. (Tversky et al., 1990) Risk: a characteristic of a situation or action wherein two or more outcomes are possible, the particular outcome that will occur is unknown, and at least one of the possibilities is undesired. (Covello and Merkhofer, 1993) … and there is a need to improve the expectation of the outcome. (Tuomisto, 2006)

Societal role of RA Risk assessment is collection, synthesis and interpretation of scientific information and value judgments for use of the society

Definition of risk 3 In this course, we use the word risk in a loose/broad sense. –Risk = impact (good, bad) –The probability of risk may be low, high, or even 1. –Why? Because you treat favourable and harmful, likely and unlikely impacts all in the same way.

Questions in risk management What is the problem? Who is responsible for the problem? What are the possible decisions/actions? What are the objectives? What are the outcomes to be monitored? Who are influenced by the problem? Who are influenced by the actions?

Risk management of bus traffic in Kuopio What are the problems? What are potential actions? What are outcomes of interest? Who decides? Who acts?

Is there a theory for RM? –Context: you must understand this to be able to operate –Find a decision or decisions that are reasonable and relevant –Essential parts: context, research question, decision(s), objectives –RA-RM process

Open risk management: overview QRAQRA

Risk management Also, we could use the term ”impact management” instead of ”risk management”. This is just a matter of tradition. (But if we had called this course Open assessment and impact management, the professors hadn’t been interested in including the course in ToxEn MSc studies.)

Open risk management: context All risks emerge in a society (or group). The society observes the risks, valuates them, is afraid of them, suffers from them, manages them, and adapts to them.

Definition of open risk management How can scientific information and value judgements be organised for improving societal situations by identifying potential decisions and relevant outcomes in a situation where open participation is allowed? –Emphasis: The decision situation should be clarified.

Machine for risk management within a society 1.Identify a problem. 2.Formulate it as a (decision) question. 3.Perform argumentation about it. 1.Create hypotheses. 2.Attack and remove poor hypotheses. 4.Make conclusions. 5.Act based on the conclusions.

Definition of open assessment How can scientific information and value judgements be organised for improving societal decision-making in a situation where open participation is allowed? –Emphasis: The decision situation is clear, focus on choosing good options.

Difference between OA and ORM There is no clear separation between open assessment and open risk management. If your decision options are clear (for the moment), you are more on OA side. However, be prepared for surprises and revisiting your original questions (RM).

Theory of open risk management Incremental improvements Everyone involved The idea of justice as one basis Decision analysis as one basis after we know what the decision is Open assessment/trialogue as one basis as the method to reach shared understanding.

Assessment, management, and communication A traditional view separates –Risk assessment (by scientists) –Risk management (by decision-makers) –Risk communication (by all, but especially to stakeholders) However, in trialogue there is no need for separation.

There is no science-policy interface The most important tools for making science and making policy are the same. Making artificial separations only confuse and slow down efficient actions. This is not obvious, though. Why?

What are science and policy? ”Science is what a scientist does.” ”Policy is what a politician does.”  We know how is a scientist and who is a politician. We can answer the question by observation. This is a reasonable assumption, if the current way is the best way to make science and policy. Is it?

What is the best way to make science and policy? You cannot answer by observing. –However, you can find problems by observing and then try to understand why they exist. You can start from the ultimate objective and then try to find efficient methods to reach it.

Different roles in decision-making Authority (has the decision-making power) Policy-maker (develops policies to be decided) NGO Industry and other commercially interested parties Other stakeholders Citizens Anyone

Independence of assessors? How to ensure that science is objective? What if assessments are only made to justify existing decisions? Can political pressures be overcome if scientists step out of the ivory tower? (Should this topic be discussed in more detail eg. In a decision analysis lecture?)

Concepts in the theory Problem(s) identified (something wrong with the world) Decisions (as responses to problems) Partners/actors: –Decision maker of a particular decision (may be several decisions) –Those influenced in any way –Everyone else

Performance Context about what we actually aim to achieve. How do we know if we succeeded?