Michel Maila, Thomas Homer-Dixon, with contribution from Mary Wilson Short discussion 17 December on an Emerging risk conceptual framework NB. Proposed definitions have been added by MVF Most important emerging issues require to adopt a whole system, multi-factor approach, which is dynamic, evolving and adaptive. It must stay away from any static linear approach and include human involvement or interaction between human action and natural or technological systems. Examples: Titanic, electricity grid 1. Risk profile “Introducing an overarching concept of sound risk governance as alignment of all relevant stakeholders around an acceptable risk profile” Maila Introduction and definitions Central to how organisations address risk and in particular emerging risks is the notion of risk profile1. Several dimensions, qualitative and quantitative, need to be explored, by any organisation or stakeholder before it enters into an active risk evaluation (to judge the acceptability of the risks) and management process. “In the course of risk characterisation, scientists are asked to design a multicriteria profile of the risk in question, make a judgement about the seriousness of the risk and suggest potential options to deal with the risk.” (IRGC white paper 1). Risk profile therefore “assigns a significance to each risk and provides a tool for prioritising risk assessment effort.” (IRGC white paper 1). Following this, risk management will be “aligned with the organization’s external and internal context and risk profile” (ISO 31000) In the case of emerging risks, we will focus in particular on the criteria that inform about: - Risk source - Direction of change - Magnitude of the potential change - Stress testing and scenario analysis - Sensitivity analyses A typical risk profile ends with a “story” like description of the set of risks that may affect the organisation. 2. Tolerance for adverse outcomes Introduction and definitions After having characterised a risk, risk analysts enter into the process of risk evaluation. “Decisions should take account of the wider context of the risk and include consideration of the tolerance of the risks borne by parties other than the organization that benefit from the risk.” (ISO 31000). It is important to place risk in the context of opportunities and to “enable organisations to add value to their activities. Managing risks is not just about stopping or minimising the impact of negative events: it encourages organisations to establish their tolerance of, or appetite for, risk” (Ferma risk management standards). “In order to make good risk management decisions, organisations and stakeholders need to define their level of tolerance for each risk they face (the organisation or stakeholder’s readiness to bear the risk after risk treatment in order to achieve its objectives) [ISO, 2009]. In the private sector in particular, risk decisions will have to explicitly state the level of loss that the organisation is prepared to accept in its operations.” (IRGC report on risk governance deficits). Setting an appropriate level of risks tolerance is a challenge for new or emerging risks, of which level of knowledge is often low. 1 ISO Guide 73 defines risk profile (in terms relating to risk treatment, that is the process to modify risk) as the description of any set of risks. The set of risks can contain those that relate to the whole organisation, part of the organisation or as otherwise defined. 1 Example: how many people can you see die before you decide you must do something about a risk? In practice, tolerance thresholds are determined and are not independent from interaction between elements. Conclusion to 1 and 2: “The notion of an acceptable risk profile for a system may be a useful organizing principle for risk governance purposes. Achieving and maintaining over time the alignment of multiple stakeholders around a common vision of an acceptable risk profile may serve as a useful overarching objective for sound governance. Delineating such a profile on a case by case basis will require common agreement on specific answers to the following questions: - which type of crisis and of what order of magnitude is the system designed or targeted to survive? - what are the relative weights of the probability and severity components as determinants of risk tolerance? - how robust and resilient does a given system need to be for the combined and cumulative impact of emerging risks to be contained within the acceptable level of tolerance?” Maila 3. Contributing factors for fertile grounds for risks to emerge " A useful metaphor for the process of emerging risk is that of a plant emerging from a fertile ground . What are the contributing factors which make for fertile grounds in that sense ? Could some of these "fertility" factors be generic i.e. prevalent across disciplines while others are strictly domain or sector specific ? What combination of factors may be necessary or sufficient for the grounds to be fertile enough for risk to emerge ? Can the presence of several generic contributingg factors in some combination act as a leading indicator or signalling device as to the likelihood of risk emerging in a variety of settings ? Is it possible to identify ex ante the presence of such a combination of factors even in situations where the risk profile is hard to describe ? " (Maila) Contributing factors are “INUS sets of causes”: each factor in each set acts as an insufficient but necessary component of its larger set of factors, and this larger set is, itself, an unnecessary but sufficient cause of a particular dangerous outcome.2 (T. Homer-Dixon). Contributing factors will be grouped in two categories, according to the type of contribution: 1) linear 2) non-linear In linear factors, amplifiers /attenuators acts as “plus”/”minus” In a non-linear case, amplifiers /attenuators acts as “multiply”/”divide” Will also be grouped in two other categories: 1) those that are generic 2) those that are sector/domain specific The dimensions along which the contributing factors can be “analysed” may include (to be developed): - whether the factor is constant or variable - whether the factor is not controllable or controllable - What can amplify or attenuate it (prevent-mitigate-adapt – cost benefit analysis) A preliminary list of generic contributing factors: “Each item on that list should need to pass muster against at least 3 different disciplines before it can make it on the list” . … one “would expect the list to shrink as we do more work, particularly if we decide to focus on ex ante identifiability and signalling potential as additional criteria” (Maila). 1. Complexity From Tad’s paper: • “Rising complexity accompanies the evolution of almost all adaptive systems over time. It is an intrinsic feature of these systems and not an analytically separate phenomenon.” 2 JL Mackie, The Cement of the Universe: A Study of Causation, Oxford University Press, 1974. 2 • “Of the characteristics of complex systems, the ones that are relevant to the an emerging risk framework are: Unboundedness (or Causal openness): We cannot easily draw a boundary around such systems to determine which factors or variables are important to their behavior and which are not. Synergistic causation: Causation in complex systems usually involves multiple factors that combine multiplicatively, which means we cannot identify a single sufficient cause of any particular outcome. Non-linear behaviour (or Disproportional causation): In complex systems, small causes sometimes cause big effects, while big changes sometimes cause little effect whatsoever, a characteristic often called nonlinear behavior. Disproportional causation has a range of sources, including the presence within complex systems of self-reinforcing (or “positive”) feedback loops. Together, disproportional and synergistic causation make it difficult to assign a relative weight or importance to a given cause or set of causes. Feedback loops can be subsumed under non-linear behaviour Emergent properties: In part because of disproportional and synergistic causation, complex systems exhibit novel properties that cannot be explained as an additive consequence of the properties of their constituent parts; in fact, they tend to do things we do not expect even when we know a lot about these parts. Inertia: Complex systems usually exhibit time lags of varying and often indeterminate length between a given perturbation and the system’s behavioral response. Multiple equilibria: They also usually inhabit one of a number of possible equilibria, each metaphorically equivalent to a depression in an energy landscape. Threshold behavior: Transitions between equilibria occur abruptly as the system crosses a critical threshold and flips from one state to another. Such flips involve a substantial reorganization of the system’s internal relationships. Moments of contingency: A complex system’s susceptibility to small perturbations or shocks changes through time. At certain points in its evolution, what would otherwise be relatively insignificant factors can push the system into a new equilibrium or path of development. Path Dependency and Hysteresis: A complex system’s state at any particular time depends on the path the system followed to get to that state – that is, on the causal history of its development. Movement along that path is not trivially reversible. A return to a previous state may be impossible. If it is possible, the system will return via a path different from the one it followed previously. Intractable uncertainty: Because of the above characteristics, people trying to manage complex systems usually cannot estimate with any precision future system behavior or its associated risks. Managers are often surrounded by unknown unknowns, which means they are ignorant of their own ignorance.” Other factors mentioned on 17 Dec: • Opacity • Tight coupling - connectivity • Regime shifts – thresholds • Length and variability of the time lag – space 2. Asymmetries Cf Maila’s paper • asymmetries of information • asymmetries of incentives 3. Degree of safety margin - “slack” – stress – leverage -Cushion – • In financial markets, environment, techno systems • Ability to cope with change, shocks,… • What is generically important is the degree of stress vs. coping capacity: the relationship between the two • Ratio between stress and coping capacity. Examples: stress x quality of life – threshold; carrying capacity in ecosystems. 3 Quality of life Stress Fig.1 : ratio between stress and coping capacity 4. Etc 4. Conclusion • Need: fast innovative capacity • from management to complex adaptation 4