Risk Governance Deficits
A summary of the conclusions of
the IRGC report on Risk Governance
Deficits
Chemin de Balexert 9, CH – 1219 Châtelaine, Geneva, Switzerland | tel +41 (0)22 795 17 30 fax +41 (0)22 795 17 39 | www.irgc.org
international risk governance council
Risk Governance Deficits
January 2010
1 | 31
IRGC’S Risk Governance Framework
Deciding
Understanding
Pre-Assessment
Management
Communication
Characterisation
and Evaluation
international risk governance council
Risk Governance Deficits
Appraisal
Categorising
the
knowledge
about the risk
January 2010
2 | 31
What are risk governance deficits?

Risk governance deficits are deficiencies (when key elements are absent)
or failures (when actions are not taken or prove unsuccessful) in the risk
governance process.

They weaken the overall process. They can (and do) recur.

One way for risk practitioners to improve the governance of risks is to
identify and remedy deficits in the risk governance processes of which they
are a part.
international risk governance council
Risk Governance Deficits
January 2010
3 | 31
IRGC has identified 23 common risk governance deficits
Cluster A: Risk assessment
Cluster B: Risk management
– Detecting early warnings of risk
– Factual knowledge about risks
– Perceptions of risk, including their
determinants and consequences
– Stakeholder involvement
– Evaluating the acceptability of the risk
– Misrepresenting information about risk
– Understanding complex systems
– Recognising fundamental or rapid changes
in systems
– The use of mathematical models
– Assessing potential surprises
international risk governance council
Risk Governance Deficits
– Responding to early warnings
– Designing effective risk management
strategies
– Considering a reasonable range of risk
management options
– Designing efficient and equitable risk
management policies
– Implementing and enforcing risk
management policies
– Anticipating side-effects of risk
management
– Reconciling time horizons
– Balancing transparency and confidentiality
– Organisational capacity
– Dealing with dispersed responsibilities
– Dealing with commons problems and
externalities
– Managing conflicts of interests and
ideology
– Acting in the face of the unexpected
January 2010
4 | 31
B8
Balancing transparency and confidentiality
A1
Early warning systems
A4
Stakeholder involvement
A6
Misrepresenting information about risk
A9
The use of formal models
B10
Dealing with dispersed responsibilities
B1
Responding to early warnings
B5
Implementing and enforcing risk management
decisions
B9
Organisational capacity
B2
Designing effective risk management strategies
B3
Considering a reasonable range of risk
management options
B4
Designing efficient and equitable risk
management policies
B6
Anticipating side effects of risk management
B7
Reconciling time horizons
B10
The Risk Governance Deficits
in the Risk Governance Framework
A1
Early warning systems
A1
Assessing potential surprises
A2
Factual knowledge about risks
A3
Perceptions of risk, including their
determinants and consequences
B9
Organisational capacity
A2
Factual knowledge about risks
A7
Understanding complex systems
A8
Recognising fundamental or rapid changes in
systems
A9
The use of formal models
A6
Misrepresenting information about risk
A3
Perceptions of risk, including their determinants
and consequences
A4
Stakeholder involvement
Dealing with dispersed responsibilities
B3
Considering a reasonable range of risk
management options
B11
Dealing with commons problems and externalities
B4
Designing efficient and equitable risk
management policies
B12
Managing conflicts of interests, beliefs, values
and ideologies
B6
Anticipating side effects of risk management
B7
Reconciling time horizons
B11
Dealing with commons problems and
externalities
B13
A5
Acting in the face of the unexpected
Evaluating the acceptability of the risk
international risk governance council
Primary allocation
Secondary allocation
Risk Governance Deficits
January 2010
5 | 31
IRGC has focused on causes,
risk governance deficits have consequences

Diminution (or even suffocation) of technological innovation and diffusion

Neglect of high-probability, low-impact risks

Missing low-probability, high-impact risks

Secondary impacts due to inadequate consideration of trade-offs

High costs of inefficient regulations

Loss of public trust in public and private institutions as well as NGOs

Unfair or inequitable distribution of risks and / or benefits

A failure to move from business as usual and trigger necessary actions (underreaction)
international risk governance council
Risk Governance Deficits
January 2010
6 | 31
Two clusters of risk governance deficits
Deciding
Understanding
Pre-Assessment
CLUSTER B:
Management
Managing risks
…which may lead to
under-reaction or
over-reaction in risk
management
international risk governance council
Communication
Characterisation
and Evaluation
Risk Governance Deficits
CLUSTER A:
Appraisal
Assessing and
understanding risks
Both under- and
Categorising
over-estimation
can
the
be knowledge
observed in risk
about the risk
assessment…
January 2010
7 | 31
Risk governance deficits, Cluster A – Assessing risks
international risk governance council
Risk Governance Deficits
January 2010
8 | 31
A1 Early warning systems
Missing, ignoring or
exaggerating early
signals of risks
►
Early warning systems may be formal (as in the use of
radar in WW2) or informal (observation of effects of
benzene on Turkish shoemakers)
► When perfect, they prevent serious harm without
causing false alarms
► Early warning systems may:
– Be too insensitive to detect signs of an emerging
risk
– Show False Negatives, causing a risk to evolve
unnoticed
– Indicate False Positives, leading to mistrust and
“Crying Wolf”
The subprime crisis in the United States
The risks of home foreclosures were spread to
investors throughout the world without
transparency about what those risks actually
were, while the few experts expressing concern
were ignored
international risk governance council
Risk Governance Deficits
January 2010
9 | 31
A2 Factual knowledge about risks
The lack of adequate
knowledge about a hazard,
including the probabilities of
various events and the
associated economic, human
health, environmental and
societal consequences
►
Scientific data can be absent, of poor quality or
incomplete
► Factual knowledge is most likely to be lacking
when risks are at their emergent stage
► Even with adequate data, deficits can occur in
the processes of analysis and interpretation
► Further difficulties arise from:
– Whether or not data has been subject to
peer review
– How best to treat uncertainty? (Evidence of
absence of risk or absence of evidence of
risk?)
Radio-frequency electro-magnetic fields
Despite numerous scientific studies, questions
remain as to the health hazards of possible nonthermal effects of radio-frequency EMFs. Results
between studies are often inconsistent and cannot be
replicated.
international risk governance council
Risk Governance Deficits
January 2010
10 | 31
A3 Perception of risk, including their determinants and consequences
The lack of adequate
knowledge about values,
beliefs and interests, and
therefore about how risks are
perceived by stakeholders
►
Risk perceptions vary between people and societal
groups, and can change
► Perceived risks can be very different from estimates
derived from assessments based on scientific
evidence
► Erroneous information about risk perceptions can
mislead decision-makers as much as erroneous
factual information
► Factors influencing risk perception include:
– Personal experience / familiarity with the risk
source
– Distribution and amount of perceived benefits
– Whether or not the risk affects identifiable
people
Risk perceptions of nuclear power
Public perceptions of risk are central to policies
regarding nuclear power. Experts judge risk on the
basis of probability and consequences; most people
base their judgement on criteria that include
“catastrophic potential”.
international risk governance council
Risk Governance Deficits
January 2010
11 | 31
A4 Stakeholder involvement
Failure to adequately identify
and involve relevant
stakeholders in risk assessment
in order to improve information
input and confer legitimacy on
the process
►
Stakeholders can contribute valuable
knowledge to risk assessments
► Excluding relevant stakeholders can
undermine trust in the entire governance
process
► Excessive inclusiveness can, however, slow
down the process or obscure the responsibility
of legitimate decision-makers
► Stakeholders should be able to:
– Contribute useful knowledge or experience
– Add legitimacy to the risk assessment
process
Large infrastructure projects (dams)
The Nagara River Estuary Barrage (Japan) was
delayed for years by legal cases brought by local
stakeholders who were excluded from a topdown planning process. Planning proceeded only
after authorities began a constructive dialogue
with stakeholders.
international risk governance council
Risk Governance Deficits
January 2010
12 | 31
A5 Evaluating the acceptability of risk
A risk’s acceptability is a judgement based on values
and how people balance anticipated risks and benefits
► People and organisations need to define, inter alia,
their risk appetite and level of tolerance for each risk
► Many factors influence the acceptability of risk, such
as:
– Is it incurred voluntarily, or is it imposed?
– Is the risk familiar or unfamiliar?
– Is it controllable by personal action or only through
collective action?
– Does it disproportionately impact on the poor, or
on children?
►
Failure to consider
variables that influence
risk acceptance and risk
appetite
Radioactive waste disposal
Equity considerations (both intra- and intergenerational) are important when assessing risks
relating to the siting of hazardous facilities. Objections
by 3 US states to storing all US LLRW led to the
Federal Low-Level Radioactive Waste Policy Act (1980)
which had the effect of increasing the number of people
at risk from LLRW disposal facilities.
international risk governance council
Risk Governance Deficits
January 2010
13 | 31
A6 Misrepresenting information about risk
►
The provision of biased,
selective or incomplete
information
Many risk management decisions are made under
time and other pressures, and with constrained
resources. Perfect knowledge is rarely available or
possible to communicate
► Each attribute of the risk science – complexity,
uncertainty and ambiguity – can be either over- or
under-stated
► Risk governance can be manipulated by providing
biased, selective or incomplete knowledge, or when
no effort is made to establish its quality and
objectivity
► People tend to over-estimate the validity of evidence
that conforms to their prior beliefs and values
Disposal of the Brent Spar
Greenpeace made an erroneous public claim
that the Brent Spar oil storage buoy contained
some 5000 tonnes of oil and toxic chemicals.
This contributed to consumer boycotts costing
Shell an estimated £60-100 million
international risk governance council
Risk Governance Deficits
January 2010
14 | 31
A7 Understanding complex systems
A lack of appreciation or
understanding of the
potentially multiple
dimensions of a risk and of
how interconnected risk
systems can entail complex
and sometimes
unforeseeable interactions
►
Interactions between components of complex
systems raise numerous difficulties for risk
assessment
► Typically, risk assessments address single issues;
without acknowledging systemic interactions, they
will not be fully informative
► Efforts to reduce risk may lead to unexpected
secondary consequences, in sectors or areas
other than those targeted
► System complexity can both attenuate and amplify
a risk and its consequences
SARS – from civet cats in China, to Toronto
First reported in China in early 2003, SARS infected
8096 people in 27 countries; 774 died. Apart from grave
harm to health, SARS led to severe economic impacts
in Toronto (Canada), on airlines with routes in the
Pacific region (eg Qantas), and up to 90% reductions in
Chinatown restaurant business (in the US).
international risk governance council
Risk Governance Deficits
January 2010
15 | 31
A8 Recognising fundamental or rapid changes in systems
Failure to re-assess in a
timely manner fast and/or
fundamental changes
occurring in risk systems
►
Risk assessment is most straightforward in a
relatively stable environment
► Fundamental changes to political, technological,
environmental or social systems can make obsolete
the assumptions of risk assessments
► These changes may be extremely rapid (e.g. AIDS)
or evolve very slowly and not become apparent until
a “tipping point” is reached (e.g. effects of climate
change)
► These changes are rarely expected
Potato blight and the Irish Famine
The introduction of the “clipper” reduced
journey times from America to Europe,
allowing potatoes carrying blight to survive the
voyage. Between 1845-49 Ireland suffered a
famine which killed over one million people; of
the additional 1 million who emigrated, 20%
died on the ships
international risk governance council
Risk Governance Deficits
January 2010
16 | 31
A9 The use of formal models
An over- or under-reliance on
models and/or a failure to
recognise that models are
simplified approximations of
reality and thus can be fallible
►
►
►
►
►
Deficits can occur from both under-reliance (on
useful models) and over-reliance (on imperfect
models)
Too little may be known about a system to permit
useful modelling
Models may be based on incorrect data or
assumptions
The model itself may behave unpredictably
Models and their results can be manipulated or
used selectively to support strategic or ideological
positions
The subprime crisis in the US
“The essential problem is that our models – both risk models
and econometric models – as complex as they have become,
are still too simple to capture the full array of governing
variables that drive global economic reality. A model, of
necessity, is an abstraction from the full detail of the real
world”.
Alan Greenspan, Financial Times, 16 March 2008
international risk governance council
Risk Governance Deficits
January 2010
17 | 31
A10 Assessing potential surprises
►
Failure to overcome cognitive
barriers to imagining events
outside of accepted paradigms
(“black swans”)
No-one can reliably anticipate the future; there
will always be surprises and unexpected events
► Unknowable risks will be subject to deficits in
their assessment until it is understood that their
existence is NOT predictable, that they cannot
be characterised, measured, prevented or
transferred
► This situation will not be resolved by more
sophisticated tools to model risk
► Instead, what is needed is lateral thinking,
creativity and the capacity to deal with
surprises when they occur
9/11
“We were trapped by our own paradigm… programs to
handle the endless sequence of hijackings and hostage
takings…a “book” was devised and experts
trained…the premise was that the hostage takers
wanted something negotiable; this time, all they wanted
was our lives.”
David T. Jones
international risk governance council
Risk Governance Deficits
January 2010
18 | 31
Risk governance deficits, Cluster B – Managing risks
international risk governance council
Risk Governance Deficits
January 2010
19 | 31
B1 Responding to early warnings
Failure of managers to
respond and take action when
risk assessors have
determined from early signals
that a risk is emerging
►
Signals of a risk may exist, but no action is
taken to prevent or mitigate the risk. This may
be due to:
– Poor communication
– Poor prioritisation
– An “unwillingness to know”
► Conversely, there may be over-reaction to a
warning signal:
– Unnecessary regulation (e.g. US and
Canadian ban on saccharin)
– Apprehension / counterproductive
behaviours (e.g. MMR in the UK)
Hurricane Katrina
Despite being known as “the New Orleans scenario” it took
FEMA five years to model the effect of a hurricane hitting New
Orleans. Funds were insufficient to include an evacuation in
the simulation. In August 2005 weather warnings persuaded
the Governors of Mississippi and Louisiana to declare states
of emergency on Friday 26th, but the mayor of New Orleans
did not order evacuation until Sunday 28th. Katrina hit the
following day.
international risk governance council
Risk Governance Deficits
January 2010
20 | 31
B2 Designing effective risk management strategies
►
Failure to design risk
management strategies
that adequately balance
alternatives
Effective risk management requires:
– A clear objective
– An appropriate risk strategy
– A suitable risk policy, regulation and
implementation plan
► When there are two or more objectives, deficits arise
from a preoccupation with one at the expense of the
other(s)
► Effectiveness includes measuring progress towards
the predetermined objective and revising policies and
regulation to account for new knowledge
The US biofuels policy
Biofuels are part of government strategies to increase
energy security, reduce GHG emissions and boost
agricultural development. US policies emphasise energy
security and boosting farm incomes, but take no account of
scientific evidence that producing corn-based ethanol may
generate more CO2 emissions than come from the
petroleum-based products it replaces.
international risk governance council
Risk Governance Deficits
January 2010
21 | 31
B3 Considering a reasonable range of risk management options
Failure to consider a
reasonable range of risk
management options (and
their negative or positive
consequences) in order to
meet set objectives
►
Risk managers can select favoured or familiar
risk management options for the wrong reasons:
– Not considering trade-offs
– Prior use
– Time constraints
– Resource (including financial) constraints
► Highly uncertain risks pose additional challenges:
– Excessively precautionary approaches can
stifle innovation
– Least-cost options can prevent building
redundancy and resilience into vulnerable
systems
Fisheries management
Measures to reduce the impact of fishing include quotas,
closed seasons and areas, and restrictions on fishing gear,
but the competitive “race to fish” can still lead to excessive
harvests. Rights-based management (e.g. individual
transferable quotas) can protect fishing communities and
fishery stocks, particularly if closely monitored.
international risk governance council
Risk Governance Deficits
January 2010
22 | 31
B4 Designing efficient
and equitable risk management policies
Inappropriate risk
management occurs when
benefits and costs are not
balanced in an efficient and
equitable manner
►
Assessing the efficiency of risk management
options involves tools such as benefit-cost analysis
(when consequences can be quantified), “soft”
benefit-cost analysis (including the use of
judgement to weigh unquantifiable or intangible
benefits and costs), and cost-effectiveness.
► Achieving society-wide efficiency may not result in
an equitable sharing of costs and benefits.
Inequitable decisions can:
– Impose more burdens than benefits on the
most vulnerable or least advantaged members
of society
– Assign costs or restrictions on people or
nations that did not create a risk and do not
deserve to be burdened
The Kyoto Protocol
The Kyoto Protocol takes equity as one of its guiding
principles (e.g. it is industrialised Annex 1 countries that are
subject to emission reduction commitments). It addresses
efficiency through the Joint Implementation and Clean
Development Mechanisms, allowing reductions to be made
where they can be most efficiently achieved.
international risk governance council
Risk Governance Deficits
January 2010
23 | 31
B5 implementing and enforcing risk management decisions
►
Failure to muster the necessary
will and resources to implement
risk management policies and
decisions
Having devised efficient and equitable risk
management policies to meet the assessed
level of risk, the challenge becomes that of
implementing and enforcing them
► Even perfectly conceived policies can achieve
little if they are not implemented and enforced
► Voluntary policies (as in codes of conduct) can
be undermined by free-riders and a lack of
punitive sanctions for non-compliance
► Legally-binding policies can be weakened by a
lack of willingness or capacity to monitor
behaviours and punish transgression
BSE in the UK
The British government used regulations
(including the ruminant feed ban and Specified
Bovine Offal Ban) as part of its management of
the BSE crisis. A “failure to give proper thought to”
the SBO ban was one reason for 48% of
abbatoirs not complying with it 6 years after it
came into force.
international risk governance council
Risk Governance Deficits
January 2010
24 | 31
B6 Anticipating side effects of risk management
Failure to anticipate,
monitor and react to the
outcomes of a risk
management decision in
the case of negative side
effects
►
Changes in one part of a system can impact on and
beyond other components of the system
► Risks managers need to consider both the intended
and unintended consequences of decisions
► The effects of decisions therefore need to be
monitored for both their direct and indirect benefits
and adverse impacts
► Decisions should also be accompanied by
contingency plans for dealing with unintended side
effects
Monitoring the use of clozapine
The anti-psychotic drug clozapine was introduced in Europe in
1973 but reports in Finland in 1975 of patients developing
agranulocytosis (8 died) led to the product’s withdrawal. Later
studies indicated these adverse side effects could be
anticipated by monitoring each patient’s white blood cell count.
With strict requirements for blood monitoring, clozapine was
reintroduced in Europe and approved for use in the US in 1990.
international risk governance council
Risk Governance Deficits
January 2010
25 | 31
B7 Reconciling time horizons
An inability to reconcile
the time frame of the
risk with the time frames
of decision-making and
incentive schemes
►
Business and politics are often dominated by short-term
considerations
► Risks have a variety of timeframes:
– Some emerge only a long period of time (many
chronic diseases)
– Some strike suddenly, often with limited warning
(natural disasters)
– Some start slowly, then escalate rapidly (e.g. AIDS)
– Some are so persistent they breed familiarity (e.g.
alcohol abuse)
► Long-term risks are even ignored in favour of “urgent”
day-to-day needs, or subject to “simple” quick fixes
Asbestos
Asbestos-related health hazards were first reported in
1898. Partially-enforced regulations were first introduced in
Britain in 1931. Licensing regulations and exposure limits
were introduced in 1984 and a full ban on asbestos was
implemented in 1999. It is estimated that asbestos-related
claims will cost British employers and insurers up to £20
billion in the coming decades.
international risk governance council
Risk Governance Deficits
January 2010
26 | 31
B8 Balancing transparency and confidentiality
Failure to balance two of the
necessary requirements of
decision-making: transparency,
which can foster stakeholder
trust, and confidentiality, which
can protect security and
maintain incentives for
innovation
►
Excessive confidentiality can:
– Reduce trust in risk decisions and decisionmakers
– Raise suspicion of the protection of vested
interests
► Excessive transparency can:
– Undermine national security
– Reveal information essential to a
business’s competiveness
– Invade an individual’s rights to privacy
► The modern trend towards greater transparency
and openness makes a decision to invoke
confidentiality more difficult
Enron
Despite increasing emphasis on “corporate governance” in the
US, UK and elsewhere, Enron was able to hide massive amounts
of debt in off-balance sheet overseas entities. This, combined
with mark-to-market accounting, greatly inflated its reported
earnings and share price. Fortune magazine named Enron as
America’s most innovative company for six successive years,
including 2001 – the year Enron collapsed.
international risk governance council
Risk Governance Deficits
January 2010
27 | 31
B9 Organisational capacity
►
Failure to build or maintain
an adequate organisational
capacity to manage risk
IRGC has summarised organisational risk
management capacity as having three dimensions:
– Assets – knowledge, resources, structures and
processes
– Skills – to adapt assets to deal with changing
and dynamic situations
– Capabilities – the overall framework in which the
assets and skills are best exploited, including
external networks
► At the most intangible level, organisations need a
risk culture that recognises the value of risk
management and shows awareness of risk, its
consequences, and the benefits of sound risk
management
Hurricane Katrina
After 9/11 the US Federal Emergency Management Agency
(FEMA) became a part of the new Department of Homeland
Security (DHS). FEMA’s powers and resources were
downgraded and the agency began to suffer budget shortages.
This led to personnel shortages and, prior to Katrina, FEMA had
a 15-20% vacancy rate. It did not have sufficient organisational
capacity to respond effectively.
international risk governance council
Risk Governance Deficits
January 2010
28 | 31
B10 Dealing with dispersed responsibilities
Failure of the multiple
departments or organisations
responsible for a risk’s
management to act cohesively
►
Many risks require a coordinated response from
multiple actors including companies, national
and local governments, and others
► Even within a company or between government
departments, responsibilities are fragmented and
can overlap or be unclear
► International organisations created to handle
trans-boundary issues have the additional
problem of needing to coordinate sovereign
nation states
► Things can, and do, fall between the cracks
Swiss-Italian blackout
On 28 September 2003 a tree flashover in Switzerland
caused a trip of the highly-loaded 380kV Mettlen-Lavorgo line
in Switzerland. A second line then overloaded and tripped.
Rapidly, all of the Italian mainland lost electricity. Costs of the
blackout are estimated at US$139 million. The underlying
problems that led to the incident were largely the result of how
responsibilities for cross-border power transmission were
shared between separate transmission service operators.
international risk governance council
Risk Governance Deficits
January 2010
29 | 31
B11 Dealing with commons problems and externalities
A lack of understanding of the
complex nature of commons
problems and consequently
also of the specific risk
management tools required to
address them
►
Multiple individuals acting in their own selfinterest can ultimately destroy a shared resource
even though each has a long-term interest in
preserving it
► Such resources often fall outside systems of
property rights
► Protecting these resources often requires
individuals to relinquish economic or other
benefits
► When these resources extend globally (e.g.
international fisheries; the atmosphere) their
management requires global action, including
international agreement among governments
Fisheries depletion
The collapse of stocks of cod in the Canadian
Grand Banks, blue-fin tuna in the Mediterranean
and herring in the North Sea all illustrate the
multiple challenges of dealing with the “Tragedy of
the Commons”. Management of the Alaskan
pollock fishery suggests a solution can be found.
international risk governance council
Risk Governance Deficits
January 2010
30 | 31
B12 Managing conflicts of interest, beliefs,
values and ideologies
A conflict may be
negotiable or irreconcilable,
and risk managers must
have the capacity to
distinguish between the two
►
A conflict may be negotiable or irreconcilable
► Conflict may derive from different:
– Interests (which are typically tangible or
economic)
– Beliefs regarding the nature and consequences of
an issue or risk
– Basic values, such as social justice and
ecological sustainability
– Ideologies (often grounded in religion, ethics,
culture, tradition or politics)
► Risk managers need to understand the different
motivations for conflict in order to distinguish those
conflicts that may be resolvable from those that are
irreconcilable
The Canadian asbestos industry
Quebec’s asbestos industry employs under 1,000 workers
yet has “an almost sacred status in the province” which has
“made it politically untouchable”. Canada is the world’s 4th
largest producer and 2nd largest exporter of asbestos, and
has consistently opposed global efforts to regulate
international trade in asbestos.
international risk governance council
Risk Governance Deficits
January 2010
31 | 31
B13 Acting in the face of the unexpected
Insufficient flexibility in the
face of unexpected risk
situations
►
►
►
►
►
For many reasons, risk managers may be unable
to act in the face of the unexpected
Skills and resources suited to prior emergencies
or well-known risks may be insufficient for dealing
with new threats
Managers may delay or fail to change from
routine to crisis management
There may be an absence of authority to
reallocate resources
An emphasis on efficiency makes it difficult to
retain slack resources or build redundancies and
resilience into systems
The Millennium Bug
Dire consequences were predicted from the possible failure of
computers to deal with date-related data between 31 December
1999 and 1 January 2000. Millions were spent checking and
upgrading computer systems, but no problems were reported.
However, work done to prepare for “Y2K” may have added
resilience to systems so as to allow the New York infrastructure
to function after 9/11.
international risk governance council
Risk Governance Deficits
January 2010
32 | 31