Risk Analysis & Public Policy
This article focuses on risk analysis. It provides an investigation of risk analysis techniques including brainstorming, sensitivity analysis, the Delphi method, decision tree analysis, and modeling. The connections between risk analysis and risk management are described. The relationship between comparative risk analysis, cost benefit analysis, and public policy decision-making is discussed.
Keywords Cost Benefit Analysis; Decision Tree Analysis; Federal Government; Mitigation; Modeling; Public Policy; Public Sector; Risk Analysis; Risk Management; Sensitivity Analysis; Values
Risk analysis refers to the study of the "likelihood that an agent or hazard will produce an adverse effect" (Swaney, 1996, p.463). Risk refers to a measure of the potential for harm, loss, or hazard. The main types of organizational risks include:
- External Unpredictable
- External Predictable
- Internal Non-technical
Risks are analyzed to determine the probability, severity, and effect of occurrence (Basu, 1998). Organizations face risks from strategic, market, credit, operational, and financial exposure as well as man-made and natural disasters (Banham, 2004). Organizations identify and mitigate these risks through active risk analysis and risk management. Risk analysis, according to the Society for Risk Analysis, includes "risk assessment, risk characterization, risk communication, risk management, and policy relating to risk" (Society for Risk Analysis, 2007). Risk analysis may be applied to areas of human health; the environment; threats from physical, chemical, and biological agents; human activities; and natural events.
The field of risk analysis is in debate about whether, and to what extent, risk assessment and risk management activities should be separate endeavors. Risk assessment refers to the study of the “adverse effects of hazards, primarily through estimating probabilities or establishing exposure thresholds.” Risk management builds on risk assessment findings and “develops strategies for dealing with hazards” (Swaney, 1996, p.463). Risk analysis has numerous applications including mediation, scheduling, planning, and policy choices or debate.
Elements of Risk Analysis
The basic elements of risk analysis include probability and valuation.
Probability refers to the likelihood of a particular statement of fact or scenario being true. Probability is most meaningful for scenarios that can be determined to be objectively true or false. For probability analysis to be effective, the scenario under analysis must not contain implied subjective judgments. The variables of joint and independent probability affect the analytical outcome. Independent events occur when one event is not affected by the occurrence or non-occurrence of another event under consideration. Dependent events are dependent on each other if the probability of one occurring is affected by another event under consideration. Probability analysis results in a set of possible outcomes.
Once possible and probable outcomes have been determined, probability analysis progresses to basic valuation analysis. Basic valuation assigns a value to probable outcomes. The variables of relevance, context, and certainty effect the basic valuation (Slavitt, 2005).
Emergence of Risk Analysis
Risk analysis emerged in the public and private sectors in the 1970s. The risk analysis field emerged in response to the environmental, health, and consumer safety movements of the 1960s. The U.S. federal government created numerous federal agencies in the 1960s and 1970s to monitor, analyze, and mediate risks facing the United States. Examples of risk-mediating agencies include the National Transportation Safety Board (NTSB), the Occupational Safety and Health Administration (OSHA), the Environmental Protection Agency (EPA), the Consumer Product Safety Commission (CPSC), and the Nuclear Regulatory Commission (NRC).
"Risk researcher," "risk expert," and "risk analyst" became recognized professions in the 1970s. The risk analysis field's professional organization, the Society for Risk Analysis (SRA), emerged in 1980 and the field's journal, "Risk Analysis: An International Journal," began publication in 1981. The Society for Risk Analysis includes approximately 2000 members from 43 countries. The Society for Risk Analysis' mission includes the following goals and objectives: "Promote the acquisition and utilization of knowledge in risk analysis and facilitate the exchange of information among members; foster and promote knowledge and understanding of risk analysis techniques and their applications; and apply risk analysis techniques to assess the hazards and risks to which individuals and populations are exposed" (Thompson & Deisler, 2005, p. 1340).
The following section describes and analyzes the main steps and elements of the risk analysis process including brainstorming, sensitivity analysis, the Delphi method, decision tree analysis, and modeling. This section serves as the foundation for later discussion of the relationship between risk analysis, cost benefit analysis, and public policy decision-making.
The Process of Risk Analysis
Risk analysis involves risk evaluation and classification. Risk classification is performed in an effort to create or select effective, efficient, and feasible strategies for risk reduction and mitigation. The process, focus, and tools of risk analysis vary based on the stage, scope, budget, schedule, and quality of the project. The main methods for analyzing risk include: Brainstorming, sensitivity analysis, the Delphi method, decision tree analysis, and modeling.
- Brainstorming refers to a process of cooperative inquiry used to analyze an issue from multiple perspectives in the interest of uncovering and discussing risks. (Knowing and working to remedy some of the most-common brainstorming problems, such as evaluation apprehension, groupthink, and cognitive narrowing, will benefit the brainstorming process [Wood & Pickerd, 2011].)
- Sensitivity analysis refers an analytical tool used to explore how economic and financial models will respond to changes in the input values of the variables used to calculate the results.
- The Delphi method refers to an analytical process in which groups of experts contribute their risk assessment in the interest of reaching consensus.
- Decision tree analysis refers to a decision-making tool that uses a model of decisions and their potential consequences.
- Models, along with simulation, are techniques for conceptualizing and predicting risk. A model refers to a mock-up reproduction of a system or problem. A simulation refers to a reproduction of functionality. The Monte Carlo Analysis is an example of a model and simulation. Monte Carlo analysis refers to the use of data obtained by simulating a statistical model in which all parameters are numerically specified. Monte Carlo analysis and simulations may be used to test how an estimation procedure would behave in multiple environments or markets. Monte Carlo Analysis involves the following steps and stages: Range of values, probability distributions, random values for simulation, simulation, and analyses.
Approaches to Risk Analysis
Risk analysis can be quantitative or qualitative in its approach. Qualitative risk analysis involves the following steps, features, and elements: Project team, project scope, data collection, data analysis, and risk mediation or management plan. Qualitative risk analysis, in an organizational setting, requires the establishment of a risk analysis project team. Risk analysis is generally a team effort requiring the development of a risk analysis team and open communication channels. In the private sector, the risk analysis team may include the following people: Representatives of the business owner, designer, constructor, maintenance group, the end-user; people responsible for estimating, scheduling, project management, construction management, and site supervision; and members from procurement, validation, and testing. The project team must define the basis and scope of the risk analysis study and project terminology. In addition, the project team should determine project milestones and phasing. The project team must collect relevant information and data. Determining and executing data collection techniques usually requires the participation and cooperation of the entire team. The project team must analyze results and use results to develop risk management and risk mitigation plan. A risk mitigation plan should identify the major risk events and...
(The entire section is 3904 words.)