Introduction to risk management Jouni Tuomisto, Mikko Pohjola THL

Contents Conventional perspectives to risk management Open risk management (ORM) RM in the swine flu case –Beginning of the pandemic –Preparedness in Finland and elsewhere

Conventional perspectives to risk management Mikko Pohjola, THL

Risk management (of what?) Google ”risk management”, what do you find? –Finance, project, legal, credit, accident, disaster, terrorism, … What we want to find, is environment and health risk management –Also several perspectives to this! Somewhat related to E&H RM are: –Workplace health and safety RM –Engineering safety RM (e.g. nuclear safety) –World Bank’s social RM (SRM)

Definitions of RM Wikipedia: –Risk management is the identification, assessment, and prioritization of risks (defined in ISO as the effect of uncertainty on objectives, whether positive or negative) followed by coordinated and economical application of resources to minimize, monitor, and control the probability and/or impact of unfortunate events, or to maximize the realization of opportunities.

Definitions of RM BusinessDictionary.com: –Policies, procedures, and practices involved in identification, analysis, assessment, control, and avoidance of unacceptable risks. A firm may use risk assumption, risk avoidance, risk retention, risk transfer, or anu other strategy (or combination of strategies) in proper management of future events.

RM strategies Wikipedia (RM): –Avoidance eliminate, withdraw from or not become involved –Reduction optimize - mitigate –Sharing transfer - outsource or insure –Retention accept and budget Wikipedia (SRM): –Prevention –Mitigation –Coping

RM strategies STTV (National Product Control Agency for Welfare and Health): –Non-acceptance / substitution –Design of packaging (child resistant fastening) –Classification & labeling –Limit of the product volume –Modification of a physical state –Limiting the marketing or use –Instructions, information, warnings –Technical measure (closed system, exhaust ventilation, …) –Training –Medical surveillances –Personal protective equipment (gloves, filters, covers,…) Presentation by J. Räisänen, STTV Introduction to environmental risk assessment. Kuopio.

Conventional frameworks for E&H RM Several perspectives exist, e.g.: –EHRM framework –NRC Red book RA, Understanding risk, Science and decisions –IRGC risk governance framework –REACH –YVA - regulatory EIA in Finland –Water resources management (integrated modelling) –Ecological RA/RM –Risk analysis

EHRM framework The Presidential / Congressional comission on Risk Assessment and Risk Management: Final Report Volume 1, 1997.

EHRM framework Risk management is the process of identifying, evaluating, selecting, and implementing actions to reduce risk to human health and to ecosystems. The goal of risk management is scientifically sound, cost-effective, integrated actions that reduce or prevent risks while taking into account social, cultural, ethical, political, and legal considerations.

EHRM framework Risk is defined as the probability that a substance or situation will produce harm under specified conditions. Risk is a combination of two factors: –The probability that an adverse event will occur (such as a specific disease or type of injury). –The consequences of the adverse event. Risk encompasses impacts on public health and on the environment, and arises from exposure and hazard. Risk does not exist if exposure to a harmful substance or situation does not or will not occur. Hazard is determined by whether a particular substance or situation has the potential to cause harmful effects.

NRC: Red book Extrapolation Measurements and population characteristics Hazard identification Dose-response assessment Exposure assessment Risk characterization Regulatory options Evaluation of options Decisions and actions Risk assessmentRisk management Observations NRC Risk Assessment in the Federal Government: Managing the Progress. The National Research Council. National Academy Press, Washington D.C.

NRC: Red book Regulatory actions are based on two distinct elements, risk assessment and risk management. Risk assessment is the use of the factual base to define the health effects of exposure of individuals or populations to hazardous materials and situations. Risk management is the process of weighing policy alternatives and selecting the most appropriate regulatory action, integrating the results of risk assessment with engineering data and with social, economic, and political concerns to reach a decision.

NRC: Red book …the risk of cancer and other adverse health effects associated with exposure of humans to toxic substances. Many decisions of federal agencies in regulating chronic health hazards… …improvements in scientific and technologic capability to detect potentially hazardous chemicals, in changes in public expectations and concerns about health protection, and in the fact that the costs and benefits of regulatory policies fall unequally on different groups...

NRC: Understanding Risk (Orange book) Role and importance of deliberation Risk characterization as the link between assessment and management Decision Problem formulation Process design Selecting options & outcomes Information gathering Synthesis Public officials Natural and social scientists Interested and affected parties Implementation Evaluation Learning and feedback Analysis and deliberation NRC Understanding Risk: Informing Decisions in a Democratic Society. The National Research Council. National Academy Press, Washington D.C.

NRC: Science and decisions (Silver book) NRC Science and Decisions: Advancing Risk Assessment. The National Research Council. National Academy Press, Washington D.C.

NRC: Science and decisions (Silver book) How we deal with risk depends largely on how well we understand it. The process of risk assessment has been used to help us understand and address a wide variety of hazards… U.S. Environmental Protection Agency (EPA), other federal and state agencies, industry, the academic community, and others in evaluating public-health and environmental concerns. From protecting air and water to ensuring the safety of food, drugs, and consumer products such as toys, risk assessment is an important public-policy tool for informing regulatory and technologic decisions, setting priorities among research needs, and developing approaches for considering the costs and benefits of regulatory policies.

IRGC – Risk governance Assessment sphere: Generation of knowledge Risk management Implementation ▪ Option realization ▪ Monitoring & control ▪ Feedback from risk management practice Decision making ▪ Option identification & generation ▪ Option assessment ▪ Option evaluation & selection Pre assessment ▪ Problem framing ▪ Early warning ▪ Screening ▪ Determination of scientific conventions Communicatio n Tolerability & acceptability judgement Risk appraisal Risk assessment ▪ Hazard identification & estimation ▪ Exposure & vulnerability assessment ▪ Risk estimation Concern assessment ▪ Risk perceptions ▪ Social concerns ▪ Socio-economic impacts Risk evaluation ▪ Judging tolerability & acceptability ▪ Need for risk reduction measures Risk characterization ▪ Risk profile ▪ Judgment of the seriousness of risk ▪ Conclusions & risk reduction options Management sphere: Decision & implementation of actions IRGC Risk governance – towards an integrative approach. International Risk Governance Council. Geneva.

IRGC Risk is an uncertain (generally adverse) consequence of an event or activity with respect to something that humans value. Risks are often accompanied by opportunities. Systemic risks are embedded in the larger context of societal, financial and economic consequences and are at the intersection between natural events, economic, social and technological developments and policy-driven actions. Such risks are not confined to national borders; they cannot be managed through the actions of a single sector; they require a robust governance approach if they are to be adequately managed. The governance of systemic risks requires cohesion between countries and the inclusion within the process of governments, industry, academia and civil society.

IRGC Governance refers to the actions, processes, traditions and institutions by which authority is exercised and decisions are taken and implemented. Risk governance deals with the identification, assessment, management and communication of risks in a broad context. It includes the totality of actors, rules, conventions, processes and mechanisms and is concerned with how relevant risk information is collected, analysed and communicated, and how management decisions are taken. It applies the principles of good governance that include transparency, effectiveness and efficiency, accountability, strategic focus, sustainability, equity and fairness, respect for the rule of law and the need for the chosen solution to be politically and legally feasible as well as ethically and publicly acceptable. Risk accompanies change. It is a permanent and important part of life and the willingness and capacity to take and accept risk is crucial for achieving economic development and introducing new technologies. Many risks, and in particular those arising from emerging technologies, are accompanied by potential benefits and opportunities. The challenge of better risk governance lies here: to enable societies to benefit from change while minimising the negative consequences of the associated risks.

IRGC

REACH – EU Chemical safety Hazard assessment ▪ Hazard identification ▪ Classification & labeling ▪ Derivation of threshold levels ▪ PBT/vPvB assessment Exposure assessment ▪ Exposure scenarios building ▪ Exposure estimation Risk characterisation Information: available vs. required/needed ▪ Substance intrinsic properties ▪ Manufacture, use, tonnage, exposure, risk management Dangerous or PBT/vPvB Risk controlled noyes noyes Iteratio n Chemical safety report ECHA Guidance on Information Requirements and Chemical Safety Assessment. Guidance for the Implementation of REACH.

YVA - regulatory EIA in Finland Opinions and statements about the program Statements of the ministry of employment and economy about the evaluation Evaluation report Statements of the ministry of employment and economy about the report Evaluation program Opinions and statements about the report Participation Phase 1 Phase 2 Assessment Pohjola et al. State of the art in benefit- risk analysis: Environmental health. Manuscript.

YVA Jantunen & Hokkanen YVA- lainsäädännön toimivuusarviointi – Ympäristövaikutusten arviointimenettelyn toimivuus ja kehittämistarpeet. Ympäristöministeriö. Helsinki.

Water resource management (integrated modeling approach) Liu et al Linking science with environmental decision making: Experiences from an integrated modelling approach to supporting sustainable water resources management. Environmental Modelling and Software, 23:

Ecological RA/RM Ecological risk assessment. Book. ???

Risk analysis

Risk assessmentRisk management Hazard identification Exposure assessment Dose- response assessment Options generation Policy selection & implementation Policy effect evaluation Options evaluation Risk characterization Lessons from the KTL Centre of excellence in environmental health risk analysis

Does risk analysis pay off? Risk assessmentRisk management Hazard identification Exposure assessment Dose-response assessment Risk communication Options generation Policy selection & implementation Policy effect evaluation Options evaluation Risk characterization Million euro cycle Billion euro cycle

Some RM related concepts Risk communication (RC) –WHO: Risk communication is an interactive process of exchange of information and opinion on risk among risk assessors, risk managers, and other interested parties. Risk perception (RP) –Wikipedia: the subjective judgment that people make about the characteristics and severity of risks. Risk assessment (RA) Risk characterisation Risk analysis

Discussion points Similarities and differences between perspectives? Clear? Solid? Unambiguous? –In comparison e.g. to the theory of DA Sufficient?

Different roles in risk management Political decision makers (has the decision-making power) Policy makers (develops policies to be decided) Scientists, risk assessors in administration, or consultants working for administration Representatives of the industry or business. Representatives of NGOs. Citizens directly affected by the risk assessment outcomes. Anyone interested.

Questions to ask about RM Risk –what risk(s)? –how about benefits (costs)? –whose risks / whose benefits? Management: –who manages? –manages what? –manages how? –on what basis?

Interim conclusions RM: from needs to knowledge, knowledge to action –a societal knowledge/learning process Confused? Don’t worry, we’ll get back to these issues on the later part of the course…

Open risk management Jouni Tuomisto, THL

Outline Some concepts and terms. Overview of open risk management. Major questions in risk management. Need-knowledge-action as the basis of ORM. Risk management machinery. Research questions of open risk management and open assessment. –Differences and similarities Information structure Discussion points: Performance, independence of assessors. Science-policy interface. Why it does not exist. Boundaries of RA and RM

Definitions of risk and related issues Hazard, endanger, exposure to mischange or peril. (Oxford English Dictionary) The chance of hazard or commercial loss. (Oxford English Dictionary) As in Risk-Money, an allowance paid to a cashier to cover accidental deficits. (Oxford English Dictionary) Risk = Probability ⊗ Severity (Wilson and Crouch) Risk = S{Probability ⊗ Severity ⊗ Weight} (Wilson and Crouch) – ⇤ 1 However, sometimes risks are not truly multiplicative. (Tversky et al., 1990) Risk: a characteristic of a situation or action wherein two or more outcomes are possible, the particular outcome that will occur is unknown, and at least one of the possibilities is undesired. (Covello and Merkhofer, 1993) … and there is a need to improve the expectation of the outcome. (Tuomisto, 2006)

Definition of risk in open risk management In this course and in open risk management, we use the word risk in a loose/broad sense. –Risk = any impact (good, bad, neutral, health, money, fear) –The probability of risk may be low, high, or even 1. Why such a loose definition? Because ORM treats favourable and harmful, likely and unlikely impacts all with the same tools and procedures. There is no need for separate risk assessment, benefit-risk assessment, benefit-risk-cost assessment, cost-benefit assessment, health impact assessment etc.

Why do we talk about ”Risk management”? Indeed, we could use the term ”impact management” instead of ”risk management”. This is just a matter of tradition. (But if we had called this course Open assessment and impact management, the professors hadn’t been interested in including the course in ToxEn MSc studies.)

Open risk management: overview QRAQRA

Open risk management: context All risks emerge in a society (or group). The society observes the risks, valuates them, is afraid of them, suffers from them, manages them, and adapts to them.

Important aspects in open risk management Problem(s) identified (something wrong in the world) Decisions and actions as responses to problems Incremental improvements (we do not look for perfect solutions but better solutions than the current ones). Everyone involved as participant as well as actor. Decision analysis as one basis after we know what decision options to evaluate. Open assessment/trialogue as one basis as the method to reach shared understanding. Values of people are included. The idea of justice as one basis (should be explored more carefully)

Societal role of RA Risk assessment is collection, synthesis and interpretation of scientific information and value judgments for use of the society

Participation and action in open risk management 1.Understand your own role and capabilities. 2.Within an open assessment, find a decision that suits your role as an actor. 3.If you cannot find one, create a new decision into the assessment. 4.Assess or let other people assess your decision. 5.Act based on the conclusions.  Need – knowledge – action.

Questions in risk management What is the situation or problem? Who is responsible for the problem? What are the possible decisions/actions? By whom? What are the objectives? What are the outcomes to be monitored? Who are influenced by the problem? Who are influenced by the actions?  Which things should be included in an assessment and why?

Risk management of bus traffic in Kuopio What is the situation or problem? Who is responsible for the problem? What are the possible decisions/actions? By whom? What are the objectives? What are the outcomes to be monitored? Who are influenced by the problem? Who are influenced by the actions?  Which things should be included in an assessment and why?

Research question for open risk management How can scientific information and value judgements be organised for improving societal situations by identifying potential decisions and relevant outcomes in a situation where open participation is allowed? –Emphasis: The decision situation should be clarified.

Research question for open assessment How can scientific information and value judgements be organised for improving societal decision-making in a situation where open participation is allowed? –Emphasis: The decision situation is clear, focus on evaluating and choosing good options.

Relation of open risk management and open assessment There is no clear separation between open assessment and open risk management. –Open risk management focuses on finding right questions. –Open assessment focuses on finding correct answers to the questions identified. Iterative feedback: assessment teaches about better questions. –If your decision options are clear (for the moment), you are more on OA side. –However, be prepared for surprises and revisiting your original questions (ORM).

Machinery for open risk management within a society 1.A problem or issue emerges or is identified. 2.Formulate it as a (decision) question or statement. 3.Perform argumentation about it. Create hypotheses about answers. Collect evidence to support hypotheses. Attack and remove poor hypotheses. 4.Make conclusions. 5.Act based on the conclusions.  From a need (1) to knowledge (2-4) to action (5).

Information structure is always the same (but the order may differ). Variable (in a model): Scope (question) Result (answer) Definition (rationale) Discussion (within assessments or variables): Statement(s) Resolution (outcome) Argumentation

Assessment, management, and communication A traditional view separates –Risk assessment (by scientists) –Risk management (by decision-makers) –Risk communication (by all, but especially to stakeholders) However, in ORM there is no need for separation.

There is no science-policy interface The most important tools for making science and making policy are the same. Making artificial separations only confuse and slow down efficient actions. This is not obvious, though. Why?

What are science and policy? ”Science is what a scientist does.” ”Policy is what a politician does.”  We know who is a scientist and who is a politician. We can answer the question by observation. This is a reasonable assumption, if the current way is the best way to make science and policy. Is it?

What is the key difference between conventional RM and ORM? Byrocracy. Risk management is based on the idea that certain people have certain roles and authority to decide. –There are strict rules about procedures. Open risk management is based on the idea that anyone can suggest solutions and ideas, and she is taken seriously. Stupid ideas are shot down, good ideas are promoted, and everyone is thanked for participation. –The procedure is open and limited mostly by the structure of the issue and capabilities of the participants.

The cathedral and the bazaar _Bazaarhttp://en.wikipedia.org/wiki/The_Cathedral_and_the _Bazaar Centralized vs. decentralized ways of working Traditional RM is typically centralized, while ORM is decentralized. If you want to manage risks of the Mission Mars, you might prefer cathedral. However, when managing risks involving everyone (falling in home, climate change), you should consider bazaar.

What is the best way to make science and policy? You cannot answer by observing. –However, you can find problems by observing and then try to understand why they exist. You can start from the ultimate objective and then try to find efficient methods to reach it.

Independence of assessors? How to ensure that science is objective? What if assessments are only made to justify existing decisions? Can political pressures be overcome if scientists step out of the ivory tower? This topic will be discussed in more detail in a decision analysis lecture.

Performance How do we know if we succeeded in risk management? –Standard procedure leads to qualified outcome. –Quality control of the outcome product (e.g. peer review of a risk assessment report). –Evaluation of changes in action. What do we actually aim to achieve? This topic will be discussed more later during the course.

Risk management in the swine flu story

RM in the swine flu story Independent exploration –Beginning of the Pandemic –Prepredness in Finland and elsewhere Mini-presentations and discussions Summary

Risk management exercise It is the evening of 29th April, WHO has just “… decided to raise the current level of influenza pandemic alert to phase 5. Influenza pandemics must be taken seriously precisely because of their capacity to spread rapidly to every country in the world.” The Ministry of Social Affairs and Health establishes an influenza expert panel. You are nominated as a member because you are an expert in decision analysis and risk management. How would you describe the context? What is the situation? What issues do you consider? What are your immediate conclusions? Find background information in groups during the first afternoon lecture. Present your conslusions to others at

Questions in risk management What is the situation or problem? Who is responsible for the problem? What are the possible decisions/actions? By whom? What are the objectives? What are the outcomes to be monitored? Who are influenced by the problem? Who are influenced by the actions?  Which things should be included in an assessment and why?