One threat and the many risk perspectives: Risk management challenges and confounders

Overly simplistic 'risk' considerations fail to acknowledge or accommodate the reality that any single threat results in a multitude of risk perspectives, distributed across the affected, the accountable and the responsible.

That is, you are not alone in the world, nor are you or your organisation alone when hazards, threats or dangers materialise.

As a result, who do you represent?

Who's risk have you calculated and have you considered risk in its entirety or just your own very narrow, subjective perspective?

Moreover, has your calculus or 'resilience' evaluated and rated all the actors and factors required that contribute to organisational, community and national resilience, or is it more of a holding statement lacking specific evidence and network consideration?

Consider for a moment, a relatively simple, yet common phenomena. Heavy rain. From the perspective of local authorities, there is an expectation and requirement from citizens that that there is analysis, preparations and support in advance of the event, backed up by response measures if required. Triggers, risk events, controls, mitigation and consequences are all formally considered, applied and maintained. But that isn't the end of it, nor is it adequate to evaluate resilience based on one perspective or actor.

Now consider many other views, including that of a resident, homeowner or tenant. Their view is likely to be much more constrained and broad.

That is, flooding, not the mechanism for creation or root cause. Consequently, what is considered a risk event by the local authorities is merely a trigger for someone else's perspective on risk. In other words, for many, the risk has already materialised before many actor respond or their own plans come into effect. Formal or otherwise.

Therefore, response is personal, localised and ad-hoc. Insurance may constituted the major mitigation... if they have it, if it is honoured, or it is representative of the value, utility or loss when exposed to the threat. However, both parties need each other to be prepared and share the responsibility for prevention, response and resilience.

If not, fragility remains the default setting.

Risk is NOT defined as a threat to objectives. Risk is NOT a simple, expedient consideration of likelihood and consequence. As a result, risk management is neither purely objectives orientated nor elementary maths summarised in a matrix.

"the (risk) analysis needs to be coupled with an assessment of the impact of the underlying variables, one on another, and in terms of their effect on the ultimate outcomes being considered. To put it another way, the accuracy of the risk assessment is crucially dependent on the fidelity of the underlying model used to represent the risk; the simple formulation of

(risk= probability x impact) is insufficient. Unfortunately, much risk analysis involves going through the motions to assign numbers without actually doing much thinking about what lies underneath." - (Fenton and Neil, 2019)

In sum, threats, hazards and danger have multiple affected parties, therefore risk is viewed from many perspectives.

It is therefore essential that risk representatives, practitioners and professionals routinely consider which perspective they represent, along with the perspectives of many others.

In short, a failure to understand and map risk causal factors, decision points, networks and modifiers is a failure of matters related to the management of risk/s.

As a result, resilience will forever remain elusive if the many actors and perspectives are not comprehensively considered, maintained and supported, no matter the elegant government, organisation and departmental attestations, statements and claims.

Tony Ridley, MSc CSyP MSyl M.ISRM

Security, Risk, Safety & Management Sciences

Reference:

Fenton, N. And Neil, M. (2019) Risk Assessment and Decision Analysis within Bayesian Networks, 2nd ed, CRC Press, pp. 45-63