risk governance deficits - irgc - international risk ...€¦ · governance deficitsto improve...
TRANSCRIPT
Policy Brief
international risk governance council
Risk Governance Deficits
Analysis, illustration and recommendations
international risk governance council Risk Governance Deficits
P 2
BSE Bovine Spongiform Encephalopathy
CFC Chlorofluorocarbon
CO2 CarbonDioxide
EU EuropeanUnion
HIV/AIDS HumanImmunodeficiencyVirus/AcquiredImmunoDeficiency
Syndrome
IRGC InternationalRiskGovernanceCouncil
IT Information Technology
LLR Low-LevelRadioactive
MMR Measles,MumpsandRubella
OSHA OccupationalSafetyandHealthAdministration
RIA RegulatoryImpactAssessment
UK UnitedKingdom
US UnitedStates
Acknowledgements
ThispolicybriefwaspreparedbyIRGCasasummaryofitsreportonRiskGovernance
Deficits,withaddedrecommendations.Thereportcontainsadetailedlistofauthorsand
contributors.
TheSwissReinsuranceCompanyandOliverWyman Inc. in particular haveprovided
valuableinputtothecontentofthisdocument.
This IRGCprojectandpolicybriefwouldnothavebeenpossiblewithout thefinancial
support of IRGC’s donors, including the Swiss State Secretariat for Education and
Research, the Swiss Agency for Development and Cooperation, the Government of
Quebec,AlpiqGroup,SwissReinsuranceCompanyandOliverWymanInc.
Coverpicture:SatelliteimageofHurricaneKatrinaapproachingtheGulfCoastoftheUnitedStates.
©Allrightsreserved,InternationalRiskGovernanceCouncil,Geneva,2010ISBN978-2-9700672-0-7
Abbreviations used in the text:
international risk governance councilRisk Governance Deficits
P 3
Contents
PrefaceIntroductionI Cluster A: Assessing and understanding risks
1.1 Gathering and interpreting knowledge
1.2 Dealing with disputed, potentially biased or subjective knowledge
1.3 Dealing with knowledge related to systems and their complexity
1.4 Acknowledging that knowledge and understanding are never complete or
adequate
II Cluster B: Managing risks2.1 Preparing and deciding on risk management strategies and policies
2.2 Formulating responses, resolving conflicts and deciding to act
2.3 Developing organisational capacities for responding and monitoring
III Recommendations3.1 What to do: reducing risk governance deficits
3.2 How to do it: a structured approach aimed at continuous improvement
Annex: Decision MapsReferencesAbout IRGC
4
5
6
7
8
9
10
11
12
14
16
17
17
18
20
22
23
The IRGC Risk Governance Deficits:CLUSTER A: Assessing and understanding risks
A1 EarlywarningsystemsA2 FactualknowledgeaboutrisksA3 Perceptionsofrisk,includingtheirdeterminantsandconsequencesA4 StakeholderinvolvementA5 EvaluatingtheacceptabilityoftheriskA6 MisrepresentinginformationaboutriskA7 UnderstandingcomplexsystemsA8 RecognisingfundamentalorrapidchangesinsystemsA9 TheuseofformalmodelsA10 Assessingpotentialsurprises
CLUSTER B: Managing risks B1 RespondingtoearlywarningsB2 DesigningeffectiveriskmanagementstrategiesB3 ConsideringareasonablerangeofriskmanagementoptionsB4 DesigningefficientandequitableriskmanagementpoliciesB5 ImplementingandenforcingriskmanagementdecisionsB6 AnticipatingsideeffectsofriskmanagementB7 ReconcilingtimehorizonsB8 BalancingtransparencyandconfidentialityB9 OrganisationalcapacityB10 DealingwithdispersedresponsibilitiesB11 DealingwithcommonsproblemsandexternalitiesB12 Managingconflictsofinterests,beliefs,valuesandideologiesB13 Actinginthefaceoftheunexpected
international risk governance council Risk Governance Deficits
P 4
The International Risk Governance Council (IRGC) defines risk governance asthe identification,assessment,managementandcommunicationof risks inabroadcontext.Itincludesthetotalityofactors,rules,conventions,processesandmechanismsconcernedwithhowrelevantriskinformationiscollected,analysedandcommunicated,andhowandbywhomriskmanagementdecisionsaretaken.
IRGC’sapproachtoriskgovernancewasoriginallydescribedinitswhitepaper“RiskGovernance–TowardsanIntegrativeApproach”,published in2005.TheIRGCriskgovernanceframeworkoffersthoseconcernedwithriskassessmentandmanagementamethodologyforhandlingriskthatiscomprehensiveandsensitivetocontext.Ithassubsequently been adopted bymany organisations as the basis for their own riskanalysisandasatooltohelpdevelopappropriatemanagementstrategies.
Insubsequentworkonspecific risk issuesakeyquestionhasbeen:Whatare thedeficitsinriskgovernanceprocessesandstructuresthatneedimprovement?Asmoresubject-specificprojectshavebeenundertakenandcompleted,thisquestionhasarisenevermorefrequently.IRGC’sownworkthereforelaidthefoundationforaprojectwhichhassoughttofurtherexplorethegeneralconceptofriskgovernancedeficits.
Deficitscanbe found throughout the riskgovernanceprocessand inmostsectors,from when unsafe forms of food are unintentionally introduced, to ineffective andcostlyregulationinfisheriesmanagement.Withchangecancomegreatopportunities,includingtechnicalandscientific innovationsthatcanbring improvementstohealth,societyand theenvironment.But changealsobrings risks,and these risks requiregovernanceifwearetomaximisetheassociatedopportunities.
In November 2009, IRGC published the report “Risk Governance Deficits: An analysis and illustration of the most common deficits in risk governance”.Thereport identifies and describes a number of common and recurring deficits in riskgovernanceprocessesandstructures.
Withthispolicybrief,IRGCaimstomakeitsresearchandinsightsonriskgovernancedeficitsavailable toanyoneresponsible for riskgovernanceprocesses,orelementsthereof, whether in government, industry, academia, research organisations or thenon-profitsector.Wehopereaderswillusetheconceptofriskgovernancedeficitstoidentifysignificantgapsorlimitationsintheriskgovernancestructuresandprocessesintheirownorganisations.Withthisknowledge,itishopedtheymaythenbeabletodevelopstepstoremedytheidentifieddeficits.
Preface
international risk governance councilRisk Governance Deficits
P 5
Introduction
IRGC’s recent emphasis on deficits is intended to pinpoint very specific elements of riskgovernancewhereprocessesoftenfail.Theanalysisenablesriskdecision-makersingovernmentandindustrytounderstandthecausesofdeficitsinriskgovernanceprocessesandhowthosedeficitsexacerbaterisk.
IRGCdefines risk governance deficits asdeficiencies(whereelementsarelacking)orfailures(whereactionsarenottakenorproveunsuccessful)inriskgovernancestructuresandprocesses.Deficits hinder fair and efficient risk governance and increase the severity and cost of a riskevent.
Thedeficits identifiedanddescribedby IRGChave recurredover timeandhaveaffected riskgovernanceinmanytypesoforganisationsandfornumerousdifferentkindsofrisks.Systemicrisks,onwhichIRGCfocussesitsattention,aredefinedasthoserisksthataffectthefunctionalityof thesystemsuponwhichsocietydepends.Theyhave impactsbeyond theirgeographicandsectoraloriginsandmaychangethe“rulesof thegame”bywhichsocietyoperates.Systemicrisksprovideagreaterchallengeforriskgovernanceand,thus,greaterscopefortheoccurrenceofdeficits.
Thepotentialconsequencesof riskgovernancedeficitscanbesevere in termsofhuman life,health, the environment, financial systems, the economy and social and political institutions.Theremaybeafailuretotriggernecessaryaction,whichmaybecostlyintermsoflives,propertyorassetslost;or,thecompleteopposite–anover-reactionorinefficientactionwhichiscostlyintermsofwastedresources.Theconsequencesofdeficitscanalsobeparticularlyharmfultothedevelopmentofnewtechnologies,wheretheycanleadtoasuffocationof innovation(throughover-zealousregulation)ortounintendedconsequences(throughfailingtoaccountforsecondaryimpacts).Otherpossibleadverseoutcomesincludethelossofpublictrustinthoseresponsibleforassessingandmanagingriskoranunfair(orinequitable)distributionofrisksandbenefits.
IRGChasidentifiedaseriesofriskgovernancedeficitsthataregroupedintotwobroadclusters:
Deficits in• cluster A relate to the assessment and understanding of risks, including thecollectionanddevelopmentofknowledge.Theyaffectthedecisionsthatwillbemadewithregardtoriskmanagement.
Deficitsin• cluster Brelatetothemanagementofrisks;theacceptanceofresponsibilityandthetakingofactioninordertoreduce,mitigateoravoidtherisk.
Thefirst twosectionsof thispolicybriefoutline the identifiedriskgovernancedeficitsandareanabridgedversionofthefullreport.Thesesectionsalsoincludeafewkeyquestionsthatmayassistdecision-makersintheevaluationoftheirownorganisation’sriskgovernancecapability.
The third section provides general recommendations for how organisations can use the riskgovernance deficits to improve their assessment andmanagement of existing and emergingrisks.
Wehopeyoufindthispolicybriefvaluableandwelcomeyourcommentsviagovernance@irgc.org
international risk governance council Risk Governance Deficits
P 6
Peopletodayareoftendissatisfiedwithhowtheyareabletodealwiththecomplexity,uncertaintyandambiguitywhichareprevalentinourinterconnectedandfast-changingworld. Scientific discovery and technological innovation are occurring at a rapidpaceandglobaltrade,travelandelectroniccommunicationarecreatingincreasinglyinterconnectedandinterdependentnetworks.Asaresult,almostallsectorsofsocietyandtheeconomymaybeaffectedbysystemicrisks,inwhichentiresystemsmaybeendangeredbyapparentlyminororfar-awayevents.Eventswithalowprobabilityofoccurrence,butwithverysevereconsequences,canbeparticularlydestabilising.Theconsequencesofa riskora riskmanagementdecisioncan thereforebedifficult topredict.Undersuchcircumstances,riskassessmentbecomesmuchmorechallengingandanumberofimportantknowledge-relatedgovernancedeficitscanoccur.
IRGChasidentifiedtendeficitsrelatingtoassessingandunderstandingriskswhichcanbegroupedintofourareasasillustratedinFigure1belowanddiscussedfurtherinthefollowingsections.
Figure 1: Deficits relating to assessing and understanding risks
I Cluster A: Assessing and understanding risks
Cluster A: Assessing and understanding risks
Gathering and interpreting knowledge
Dealing with disputed, potentially biased or subjective knowledge
Dealing with knowledge related to systems and
their complexity
Acknowledging that knowledge and
understanding are never complete or adequate
A1: Missing,ignoringorexaggeratingearlysignalsofrisk
A2: Lackofadequateknowledgeaboutahazard,includingprobabilitiesandconsequences
A3: Lackofadequateknowledgeaboutvalues,beliefsandinterests,andthereforeabouthowrisksareperceivedbystakeholders
A4: Failuretoadequatelyidentifyandinvolverelevantstakeholdersinriskassessment
A5: Failuretoconsidervariablesthatinfluenceriskappetiteandriskacceptance
A6: Theprovisionofbiased,selectiveorincomplete information
A7: Lackofappreciation or understandingofthepotentiallymultipledimensionsofarisk
A8: Failuretore-assessinatimelymannerfastand/orfundamentalchangesoccuringinrisksystems
A9: Over-orunder-relianceonmodels
A10: Failuretoovercome cognitive barrierstoimaginingeventsoutsideofacceptedparadigms
international risk governance councilRisk Governance Deficits
P 7
1.1 Gathering and interpreting knowledge
Thefirstchallengewithanewornewlyre-emergingriskisearlyandeffectivedetection.The failure to detect early signals of risk(A1)maybeduetodubiousinformation,themisinterpretationofinformationor,simply,insufficientinformation.
Early warning systems gather information. It is extremely difficult to make themcompletelyreliableasthesignal-to-noiseratio isoften low,signalsmaybeweakorstrong,andsignalinterpretationmaybeambiguous.Earlywarningsystemsarepronetofalsepositives,whichcostresourcestoinvestigateandundermineconfidenceinthesystem,andfalsenegatives,inwhichtheymissthesignalstheywereintendedtospot.Thekeyistoensurethatearlywarningsystemscanidentifyperturbations,eventsortrendswiththepotentialtobecomesignificantrisks.
There aremany examples of the consequences of ineffective early warnings. ThetsunamiofDecember26,2004,whichkilledapproximately230,000peopleinSouth-EastAsia,was not a unique event – there had beenmany before – but its timingandmagnitude were unpredictable. This pointed to the need for an early warningsystem todetectanearthquakewhichmightcausea tsunami in the IndianOcean.Thesubsequently implementedearlywarningsystemgavewarningofa tsunami inIndonesiainSeptember2007over15minutesbeforeithit[Normile,2007].
An early warning system will not by itself provide sufficient or appropriate factualknowledge for a robust risk assessment.A lack of factual knowledge (A2) mayresultfromgapsinscientificdata(forexampleduetoinsufficientresearchfundingormisdirectedefforts). It couldalso result frommisinterpretationor flawedanalysisofinformation,orafailuretoverifythequalityandcompletenessofthedata(itsscientificbasis)ortoappreciateitsassociateduncertainty.Inadequateknowledgeisalsolinkedtoimportantdeficitsinriskmanagement(seeSection2).
Poorfactualknowledgeaboutriskisexemplifiedbycontroversiesoverradio-frequencyelectromagnetic fields. The spread of mobile telephones and other electronictechnologyhasincreasedourexposuretothesefieldsfasterthanourknowledgeofthepotentialriskshasgrown.Inparticular,scientificevidencedoesnotindicatethatelectromagneticfieldscauselong-termhealtheffectssuchascancer,butthiscannotbecompletelyruledoutwiththeevidencetodate[NRPB,2003].
Even when a risk is apparent, stakeholders may nevertheless disagree on itsimportance. For this reason, the omission of (or use of erroneous) knowledge related to the public’s risk perceptions and concerns (A3) can mislead riskdecision-makers.Citizens,managers,politiciansandothershavetheirowninterests,valuesandwaysofthinkingaboutthings.Perceivedriskscanbeverydifferentfromscientifically-derivedestimates,anddifferences in riskperceptioncanvarybetweensocialgroups,orevencountries.EuropeanstendtoworrymoreaboutclimatechangethanAmericans,butlessaboutlocalairpollutionfromvehiclesorfromsecond-hand
A1Is there an early warning system in place that produces useful signals?
A2Is adequate and factual knowledge available?
A3How do perceptions of the risk differ from factual evidence?
international risk governance council Risk Governance Deficits
P 8
tobaccosmoke;Americanconsumersare,overall, lesswaryofgeneticallymodifiedfoodthanEuropeans.Importantly,perceptionsofriskcanalsochangeovertime.
1.2 Dealing with disputed, potentially biased or subjective knowledge
Knowledgemaybedisputed,potentiallybiasedorsubjective.Thismakes itdifficultbothtojudgewhetherornotariskneedsspecificattentionoractionandhowitshouldbemanaged. Nevertheless, the inclusion of knowledge gathered from a variety ofstakeholderscanbehighlyvaluableinriskassessment,andshouldnotbediscounted.Not consulting the relevant stakeholders (A4)couldde-legitimiseboththeprocessoftheriskassessmentanditsoutcome.
Manystakeholderswillofferusefulinput.Thismaybederivedfromscientificexpertise,localknowledgeorpriorexperience.Whilstenriching theriskassessment, thedatamaybeselectiveandmayreflectanorganisation’sorindividual’sparticularinterestsand, in some cases, ideologies.With carefulmanagement, however, seeking suchinput can enrich the risk assessment process and uncover valuable and uniqueknowledgeandinsights.Thereisalsoevidence(forexamplefromalargeinfrastructuredamproject-theNagaraRiverEstuaryBarrageprojectinJapan)thatthoughtfulandearlyinvolvementofcitizengroupsinriskassessmentcanincreasetheacceptabilityofmajorcapitalprojects[Okadaetal.,2008].
Perceptionsandvaluejudgementsinfluenceriskacceptability.Gathering information about risk attitude, risk acceptance and risk appetite(A5)isthereforeanecessarypartofsoundriskgovernanceandalogicalfollow-onfromcollectingknowledgeofpublicrisk perceptions. Doing so requires developing an understanding of the underlyingvariablesthatinfluencepublicriskacceptanceandprivateriskappetite.Suchvariablesinclude:whetherariskisincurredvoluntarily(e.g.,smoking);whetheritiscontrollablebypersonalaction;whetherornotitisafamiliarrisk;and,whetheritdisproportionatelyaffectsvulnerablesubpopulations(e.g.,thepoororchildren).Objectionstogeneticallymodifiedfoodorstemcelltechnologiesshowthataversiontoriskmaysometimesbebasedmoreonbeliefsthanonscientificfacts.
One common criterion for acceptability is that the risk should be spread equitably,so that thepeoplewhobenefit fromanactivitycannot imposenegative impactsonothers.However,policiesintendedtoincreaseequitycanhaveundesirablesecondaryeffects:inthe1970s,threestatesintheUnitedStates(US)refusedtohousenationalrepositoriesforlow-levelradioactive(LLR)wasteleadingCongress,in1980,topasslawsmakingeachstateresponsiblefor itsownLLRwaste.Thisledtomorepeoplebeingaffectedbystoragesitesaswellasmakingdisposallessefficient[Vari,1996].
Sometimes risk assessors will deliberately be provided with biased, selective or incomplete information (A6). Those supporting or opposed to a development,
A4How are
stakeholders involved?
A5What variables
influence risk attitude?
A6Is this a
controversial issue?
international risk governance councilRisk Governance Deficits
P 9
governmentofficialshopingtocalmdebate,orjournalistswantingtoheatitupmayallstrategicallymanipulateinformation.Sometimesthesourceoffundingforresearchmayitselfcauseconcern.Formanyyears,thetobaccoindustryfundedscientificresearchthatyieldedresultscompatiblewithitspublicpositionsandcreateduncertaintyaboutthehealthrisksofpassivesmoking.Ariskassessmentfailstofulfilitspurposeifriskdecision-makerscannotascertainthequality,objectivityandcertaintyoftheknowledgepresentedtothem.
1.3 Dealing with knowledge related to systems and their complexity
Thedifficult identificationandquantificationof causal linksbetweencomponentsofcomplexsystemspresentssignificantriskassessmentchallenges.Assessmentsthatdonotappreciate or understand the consequences of complexity (A7)willnotbefullyinformativeandcanleadtoinappropriatetrade-offsandincreasesinotherrisks.
AcaseinpointistheBarentsSeafishery,intheArcticOcean,northofNorway.Priorto itssuddencollapse in the1980snobodyhadaccounted for thecomplexityof itsecosystem.Theroleoflocalherringaspredatorsofcapelinwasignoreduntilchangedenvironmental conditions brought about a large growth in the numbers of herring,leadingtoadevastatingcollapseincapelinnumbers[Hamre,2003].
Fast or fundamental changes to a system(A8)cancausenewriskstoemergeoroldonestomutate.Whenthisoccurs,aswhenatippingpointisreached,disruptivechange can necessitate a new risk assessment. However, analysts and decision-makersmaynotrecognisesuchchangesiftheyarenovelorunexpectedortheireffectisnotimmediatelyapparent.Theymaythusbeslowtoreact,potentiallyincreasingtheriskofadverseconsequences.
In the US, the spread of the Human Immunodeficiency Virus (HIV) which causesAcquiredImmunoDeficiencySyndrome(AIDS)wentunnoticeduntilratesofinfectionrapidlyincreased.Educationcampaignstoraisesocialawarenessanddecreasetheinfection ratewerenotput inplaceuntilsevenyearsafter thefirstdiagnoses.NewcasesarenowmuchrarerintheUS,butHIV/AIDSremainsachallenge.
Modelscanbeausefultoolinriskassessment,helpingtoimprovetheunderstandingof interactions, or foresee possible future changes. However, risk assessors anddecision-makersneedtorememberthatmodels have limitations(A9).Forexample,theyaredependentonthequalityoftheirinputdataandareboundtoreflectmodellers’assumptions,suchastheirideasregardingwhatamodelisintendedtoobserveandcontrol.Also,theresultsofmodellingexercisescanbemisinterpretedanddecision-makersneedabasicunderstandingofamodelinordertoaccuratelyjudgeitsresults.Anover-orunder-relianceonmodelscanthusbeproblematic.
A7Does the assessment consider systemic interactions?
A8Are we monitoring relevant changes?
A9Are model inputs, assumptions and results regularly reviewed?
international risk governance council Risk Governance Deficits
P 10
IntheUSsubprimecrisisdecision-makersreliedtooheavilyonmodelstogivethemindicationsofriskandthecreditworthinessofsecuritieswhen,asAlanGreenspanputit,models“arestilltoosimpletocapturethefullarrayofgoverningvariablesthatdriveglobaleconomicreality”[citedinShiller,2008].
1.4 Acknowledging that knowledge and understanding are never complete or adequate
Past experience has taught us to expect surprises. No one can reliably predictthe future.Nomatterhowgoodanearlywarningsystem is,orhow thoroughly riskassessmentsareconducted,itisimportanttoacknowledgethatriskassessmentreliesondecisionsaboutwhat,conceivably,couldgowrong.Insettingtheboundariesfortheformalriskassessmentprocess,decision-makersneedtoremainconsciousofthefactthatsurprises,oreventsoutsideexpectedparadigms(socalled“BlackSwans”),arealwayspossibleandthatitisnecessarytobreakthroughembeddedcognitivebarriersinordertoimagine events outside the boundaries of accepted paradigms(A10).
Whiletherehadbeensomewarningsofattacksofthetypethathappenedon9/11,theywerenottakenseriouslybecauseoftheirsheerunimaginability.USexpertsadmittedlaterthattheirthinkinghadbeenframedbyaneraofkidnappingandhostage-takinginwhich the criminals involvedwanteda basis for negotiation.The ideaof suicideattackerswhosimplywantedtokilllargenumbersofpeoplebyusinganairplaneasabombwasbeyondimagination[Jones,2001].
A10What tools are used to stimulate creative
thinking?
international risk governance councilRisk Governance Deficits
P 11
Successful risk management builds on prior risk assessment and understanding.However,evenifriskassessmentissound,deficitsinriskmanagementcanunderminethegovernanceprocessandleadtoadverseoutcomes.
In practice, riskmanagers in government and businessmay neglect serious risks,make decisionswith unintended outcomes or side effects, ormicromanage risk tothepointthattechnologicalinnovationsaresuffocated.Manyorganisationsareunder-equipped todealwith thechallengesofuncertain future risks thatarise incomplexsystems.Theymayalso lack theflexibilityand resilience that isoftencriticalwhenrespondingtorisksthatoccurunexpectedly.Dependingontheirvalues,resourcesandpriorities,organisationsmayprioritiseandmanagethesameriskdifferently.
IRGChasidentified13deficitsrelatingtomanagingriskswhichcanbegroupedintothreeareasasillustratedinFigure2,below.
Figure 2: Deficits relating to managing risks
II Cluster B: Managing risks
Cluster B: Managing risks
Preparing and deciding on risk management strategies and
policies
Formulating responses, resolving conflicts and deciding to act
Developing organisational capacities for responding and
monitoring
B2: Failuretodesignriskmanagementstrategiesthatadequatelybalancealternatives
B3: Failuretoconsiderareasonablerangeofriskmanagementoptions
B4: Inappropriatebalancingofbenefitsandcostsinanefficientandequitablemanner
B6: Failuretoanticipate,monitorandreacttotheoutcomesofriskmanagementdecisions
B7: Inabilitytoreconcilethetimeframeoftheriskwiththoseofdecision-makingandincentiveschemes
B8: Failuretobalancetransparencyandconfidentiality
B1: Failureofmanagerstorespondtoearlysignalsthatariskisemerging
B11: Lackofunderstandingofthecomplexnatureofcommonsproblemsandofadequatemanagementtools
B12: Inappropriate managementofconflictsofinterests,beliefs,valuesandideologies
B13: Insufficientflexibilityinthefaceofunexpectedrisksituations
B5: Failuretomusterthenecessarywillandresourcestoimplementriskmanagementpoliciesanddecisions
B9: Failuretobuildormaintainanadequateorganisationalcapacitytomanagerisk
B10: Failureofthemultipledepartmentsororganisationsresponsibleforarisk’smanagementtoactcohesively
international risk governance council Risk Governance Deficits
P 12
2.1 Preparing and deciding on risk management strategies and policies
Severaldeficitsderivefromfailuresordeficienciesonthepartofriskdecision-makerstosetgoalsandthoroughlyevaluateall theavailableriskmanagementoptionsandtheirpotentialconsequences.
Effectiveriskmanagementneedsaclearobjective,astrategytoreachthisobjective,and a plan to implement that strategy. This seems straightforward, butdesigning an effective risk management strategy(B2)isnotalwayseasy–especiallywhendealingwithsystemic risks in complexsystems.Often therewill bemore thanoneobjective for a riskmanagement policy, in which case trade-offsmust be carefullyconsidered.
OnereasonfortheUnitedKingdom(UK)government’sfailuretoenactefficientpoliciestostopthetransmissionofBovineSpongiformEncephalopathy(BSE)wasitspursuitofdualpolicyobjectives–toprotectbothpublichealthandagriculturalandindustrialinterests.Asaresult, regulations imposedonthemeat industrywerenot initiallyasstringentastheyshouldhavebeen,andthisendedupcostingmoneyaswellaslives[vanZwanenbergandMillstone,2002].
Longer-term problems can call for strategies that are flexible over time – adaptivegovernance can help maximise regulatory effectiveness. An example is the USOccupationalSafetyandHealthAdministration(OSHA),whichwassetupin1971withspecifictargetsforreducedworkplaceinjuries.WhenOSHAdidnotmeetthesetargets,itchangeditsstrategytoafocussedcampaignofinspectingandpunishingknownbademployers.Thisledtoameasurablereductioninworkplaceinjuries[Viscusi,1992].
Often, thereareseveral riskmanagementoptionsavailable tomeetsetobjectives.But not all reasonable, available options are necessarily considered (B3) before aplanofaction isdecidedupon:riskmanagersmaynot lookforall theoptions,maybe pressed for time, or have set preferences for (or prejudices against) particularapproaches. Ideally, a wide range of alternative risk management options, and their consequences, should be evaluated and compared.
Fisheries regulationoften requires thatacombinationofdifferent riskmanagementstrategiesbeused,includingclosedseasonsandareas,catchquotas(whichcanbetraded in some cases), and restrictions on fishing gear.Multiple riskmanagementoptionsmustbeconsidered,aloneorincombination,foreachindividualfisheryanditsparticularcircumstancesinordertogetthebestresults.
Riskmanagement strategies should also be as efficient and equitable as possible(B4).Inefficiencycanarisepartlybecauseitcanbedifficulttoattachdefinitenumericalvaluestothecostsofariskstrategyortothebenefitswhichitwillgenerate.Inequitycanarisewhenameasureintendedtoreduceriskhasacostwhichfallsmainlyonthose
B2What is the risk
management strategy?
B3Are all reasonable
options fully considered?
B4Is this an efficient risk
management strategy?
Is this an equitable risk management strategy?
international risk governance councilRisk Governance Deficits
P 13
leastabletoaffordit.Toolssuchas“soft”cost-benefitanalyses(includingqualitativeaspects)andRegulatoryImpactAssessment(RIA)havebeendesignedtohelpavoid inefficiencies and inequalities.
Thedebateaboutefficiencyandequityanalysisiswellillustratedbythequestionofhowtotacklegreenhousegasemissions.Manyanalyseshavebeendonetocomparetheefficiencyoftradablepermitsversustaxesasameanstoreducecarbondioxide(CO2)emissions,withtheEuropeanUnion(EU),forexample,decidinginfavouroftradablepermits.Equityconsiderations(acknowledgingthedevelopedworld’sdominantroleinproducingharmfulemissions)werealsocentraltoconcludingtheKyotoProtocoltotheUnitedNationsFrameworkConventiononClimateChange.
However, even an effective, efficient and equitable risk management policy couldstillhaveunintendedsecondaryimpacts(B6).Forthisreason,effortsmustbemadeto anticipate the consequences (particularly negative side effects) of a risk management decision.
Biofuel policies designed to strengthen energy security, for example by promotingproductionofcorn-basedethanolintheUS,couldhavenegativeimpactselsewhere,such as on food prices or indirect greenhouse gas emissions. Because not allside-effects canbeanticipated, it is equally important tomonitor theeffects of riskmanagementdecisionsandactionsandtopreparecontingencyplansforuseintheevent that monitoring reveals risk management measures to be failing or causingnegativeimpacts.
Monitoringplayedanimportantpart inhowtheworldhasaddressedtheproblemofozone depletion.When itwas discovered in 1974 that anthropogenic emissions ofchlorofluorocarbons(CFCs)werecausingthedepletionofstratosphericozone,effortstomonitortheseemissionlevelsandtheratesofozonelosswerequicklymounted.ThesigningoftheMontrealProtocolonSubstancesthatDepletetheOzoneLayerin1987ledtotheimplementationofriskmanagementmeasures(bansandphasingoutofozone-depletingsubstances),theeffectsofwhichhavebeenconsistentlymonitoredeversince,withpromisingresults[UNEP,2000].
Manyrisksoccuroverthelong-termandneedmanagementsolutionsthataresuitedtothistimeframe.Avarietyofpressuresleadgovernmentsandbusinessestofocusontheshort-term–thepoliticalprocessisdrivenbytheelectioncycleandpoliticianshavestrongincentivestochoosesolutionsthatwillshowimmediateresults,whilecompanydirectorsareresponsibleformaintainingsharepricesandprofitsinthepresent,notindecadestocome.However,aninabilitytoreconcile the time-frame of the risk issue with that of decision-making pressures and incentives(B7)canseverelyaffectarisk’smanagement.
Thecaseofasbestosprovidesaprimeexample.Thelonglatencyperiodofthelungdiseases caused by asbestos, which can appear up to 50 years after exposure,contributedtocomplacencyonthepartofindustryandregulatorsinmanycountries,
B6What are the potential side effects of the risk management decision?
B7Does the risk management strategy’s timescale fit that of the risk?
international risk governance council Risk Governance Deficits
P 14
whowereprimarilyworriedaboutmoreimmediateissuessuchasprofitsandjobs.Itisnowestimatedthatclaimsfromvictimsofasbestos-relateddiseasemaytotalupto£20billionintheUKaloneoverthecomingdecades[Jones,2004].
Finally, when deciding on a risk management strategy, there is a need to find a balance between transparency and confidentiality(B8).Transparencyisagrowingrequirement in politics and business and can foster stakeholder trust in the riskgovernanceprocess.But confidentiality isalso important for reasonswhich includenationalsecurity,protectingsensitivebusinessinformation,andpersonalprivacy(e.g.,confidentialityofhealthrecords).
AdeliberatelackoftransparencyintheaccountingpracticesoftheAmericanenergycompany Enron hid its dire financial situation from investors and shareholders sothatitssuddenbankruptcyin2001shockedthemarketandcausedahugescandal[Dembinski,2006].
2.2 Formulating responses, resolving conflicts and deciding to act
Clearly, the careful design, evaluation, communication and monitoring of a riskmanagement strategy is not a straightforward task and requires consideration ofmanydifferentelements.Additionally,riskmanagementtakesplaceinawidercontext,andthatcontextisimportantbothtoachievingagoodunderstandingofariskandtoformulatingariskmanagementresponse.
Whenthereisadvancewarningofarisk,decision-makersmustdecidewhetheritisapriorityandwhatlevelofresponse,ifany,itdeserves.Adeficitcanoccuratthisstageif,forexample, early warnings are picked up by analysts but are not effectively filtered, analysed and communicated(B1)tothedecision-makerswhoshouldactonthem.Forwarningsthatdogetthrough,anyambiguityinthewarningmayturnintoareasonforinactioniftheinformationisinconvenientorjeopardisesparticularinterests.Under-reactionmayalsoresultfromthewaytheriskisprioritised.
OnesuchcaseprecededHurricaneKatrina,whichdevastatedNewOrleansin2005.Inboththe longandtheshort-term,amplewarningof thedisasterwasmetwithaninsufficient response. It had longbeenappreciated that thecitywas indanger,butfunding for hurricane protection (including levees) and preparation and response(includingevacuationexercises)wasnotadequatelyprioritised[ILIT,2006].
Over-reaction to a possible hazard, on the other hand, may lead policymakersto introduce over-zealous regulation or it may produce public alarm. In the UK, aspeculativeandnowdiscreditedarticleinThe Lancet in1998ledtothecontroversialassociation of themeasles,mumpsand rubella (MMR) vaccinewith autism,whichresulted inasignificant reduction in thenumberofchildrenbeingvaccinated [HPA,2008].
B8What should and can be communicated to
stakeholders?
B1Are early warning
signals processed?
international risk governance councilRisk Governance Deficits
P 15
Sometypesofriskmayrequiretheuseofspecifictoolstomanagethem.Onetypearethosewhichconcernthe“Commons”,assetstowhichallmembersofacommunitysharerightsoraccessandwhichcanbedamagedbecausenobody,individually,hasastrongenoughinterestinconservingthem.Indeed,commonsmaybesubjecttonosystemofpropertyrightsatall.TheEarth’sclimateisperhapstheultimatecommons.Anunderstandingofthecomplex nature of commons problems isessential(B11)forformulatingasuitableriskmanagementresponse.Thisisbecausetheserisksarepeculiar in that theygenerally require solutions that provide some formof propertyrights, plus long-term cooperation between multiple parties (sometimes betweennations).TheMontrealProtocol(seep.13) isagoodexampleofsuchcooperation.
Cooperation can be difficult to achieve when fundamentally different interests,valuesand ideologiesare involved. Insuchcases,conflict resolution (B12) isanindispensableskillfortheriskmanager.Beingawareofwhenaconflictcoloursariskissue,andwhatthebasisandoutlookforthisconflictmightbe,willhelpindecidingifandhowtoact.Dependingonthenatureandmotivationoftheconflict(e.g.,ideology-basedversusinterest-basedconflict),differentpathwaystoresolutionmayberequired.However,someconflictsmaybeinherentlyirreconcilable:manyobserversregardtheIsraeli-Palestinianconflictasoneofthemostintractableintheworldtoday.
Standardresponsesaresometimesnotsufficientoradequatetodealwithrisksthatescalateintounexpectedcrises(B13).Riskmanagersmustbeabletorecognisewhenthey are facedwith such risks, such aswhen they have to face natural disasters,breakdowns of large critical networks, or acts of terrorism with large secondaryeffects.Theyshouldalsoacknowledgethatsystemsandprocesseswhichworkwelltodaymaynotworkwellwhendealingwithunexpectedandunforeseeableevents.This means that decision-makers’ capacity to respond to unexpected events dependson theirflexibility– forexample, theirauthorityorwillingness to reallocateresourceswhenrequired–andthelevelofresilienceandredundancybuiltintotheirorganisationalsystems.Thegreater theredundanciesandresilience, thebetter thesystemwillreacttounexpectedsurprises,givingriskmanagersmoretimetoadapttonewcircumstances.
Actions taken in lightof thepotential risksposedby the “MillenniumBug” includedbuildingredundanciesbyinstallingmultipleback-upsystemsandincreasingresiliencebydecentralisingcertaincriticalinfrastructures.Althoughnomajorproblemssurfacedon1January2000,theseactionswerenotwithoutbenefit,astheyhadamajoreffecton risk management and contingency planning in the information technology (IT)industry[Cumming,2002].
B11Will stakeholders engage to manage risks to common assets?
B12Is there a conflict resolution process?
B13Are we prepared for and can we respond to unexpected events?
international risk governance council Risk Governance Deficits
P 16
2.3 Developing organisational capacities for responding and monitoring
Howeverwellriskmanagementstrategiesaredesigned,itistheirexecution,throughplansanddecisions,thatwillmakethedifferenceinmanagingrisk.Forthis,decision-makingpower,resourcesandcoordinationareprerequisitesforsuccess.
Thereissometimesatemptationforpoliticiansorbusinessestoannouncethattheyaredoingsomethingaboutariskbutnottofollowthrough,especiallywhenavoluntaryagreementorcodehasbeenadoptedinsteadofaregulation,orwhenfollowingthroughwilldrainresourcesorbeexpensive.Riskmanagementdecisionscanachievelittleifthere are failures in either implementation or enforcement(B5).
AnexampleofthelatteroccurredduringtheoutbreakofBSEintheUK,whenabanimposedontheincorporationofcertainkindsofbovineoffalinhumanfoodwaswidelydisregardedbyindustrybecauseofalackofenforcementmeasures[vanZwanenbergandMillstone,2002].
Also,formostorganisations,riskmanagementisonlyoneofmanybusinesspriorities.Therefore,theymaylackanadequatelydevelopedriskcultureandmaynotpossessthe organisational capacity (B9) (assets,skillsandcapabilities) tomanageall theriskstowhichtheyareexposed.
Evenorganisationswhicharefocussedonriskmanagementcanbefoundlackinginorganisational capabilities – theUS Federal EmergencyManagementAgencywassufferingseriouspersonnelandbudgetshortagesatthetimewhenHurricaneKatrinahit,thusmakingitspreparationforandresponsetothedisasterseverelyinadequate[SenateReport,2006].
Many risks, particularly thosewhich are systemic in nature or which affect one ormore interdependentcomplexsystems, requiremanagementbymultiple,dispersedgovernance structures. No single entity has overall responsibility. Instead, riskmanagement involves a combination of many different organisations, or differentdepartmentswithin thesameorganisation (as in thecaseofgovernmentministriesoroperatingcompanieswithinacorporategroup).Mostorganisationsareintendedtoworkinadispersedway.However,dispersed responsibilities(B10)generateanotherchallengeforriskgovernance.Whilecompartmentalisationcancreateexcellentfocusonaspecificproblem,itcanalsomeanthatnovelorunexpectedissuesareoverlooked.Therecanberisksthatarenotconsideredtobeanyone’sresponsibility.Alternatively,multiple entities may have overlapping responsibilities, leading to uncoordinatedresponsesorduplicatedeffortsandwastedresources.
The Swiss-Italian power outage of September 2003 affected 56 million people. Itwaspartlyblamedonmisunderstandingsbetweenindependenttransmissionserviceoperators in the twocountries,andhowresponsibilitiesweresharedbetween them[UCTE,2004].
B5How well are risk
management decisions enforced and implemented?
B9Is the necessary
risk management capacity available?
B10Are there
defined and clear responsibilities?
international risk governance councilRisk Governance Deficits
P 17
3.1 What to do: reducing risk governance deficits
Comprehensiverecommendationscouldbedrawnfromeachofthe23riskgovernancedeficitsbutherewechoosetohighlight fourthematicdirectionsthatare likelytobeusefulforpractitionersinmanysituations.
Address the uncertainty challenge
Themostcompellingfeatureofriskisthenecessitytoactinthefaceofuncertaintyaboutwhattheconsequencesofactionwillbe.Evenadecisionnottoactisaformofactionwithuncertainconsequences.
Partof thesolution is toseescience,data,andanalyticmodelsas tools toresolvesomeofthetractableuncertainties.Organisationsneedtoimprovetheirearlywarningsystems, identifygapsandbiases inexistingdata,gathernewscientific informationaboutwhichpopulationsarevulnerableandwhicheffectsareirreversible,usemodelsto gain insight into how risks may emerge from complex systems, and establishsurveillancesystemstomonitorhowanevolvingriskisbehavingovertimeandhowwellresponsestrategiesareworking.Soundriskassessmentisreceptivetoscientificadvancesbutalsorecognisesthelimitationsofanalyticmodels,andthebarriersthatsingle disciplines or prevailing paradigms may impose. Ideally, risk assessors willimagineeventsthatareoutsidetherealmofwhatisconsideredlikelyorevenplausible,withoutgivingundueattentiontofar-fetchedoralarmistsuggestions.
Embrace risk taking and risk aversion
Aforward-lookingorganisationrecognisesthatwisemanagementofrisksentailssomerisk taking aswell as some risk avoidance.When a sentiment for risk aversion isdominant, the organisationmay suffocate or discouragebeneficial innovations.Butwhenrisktakingisnotprudent,theorganisationmayimposeunnecessaryharmonworkers,consumers, investorsand/orecosystems.While itmaynotbefeasibleforanorganisationtoaccomplishoptimalrisktakingwithmathematicalprecision,ariskcultureimpliesthattheorganisationfostersandrespectsvoicesforrisktakingandriskaversion.
Adapt rules and regulations to new circumstances
Riskmanagersandregulatorshaveanatural tendencybothtoavoidonerousrulesandregulationsunlesstheyarenecessaryandtodefendthemagainstcriticismoncethey have been adopted. Many risks, however, are characterised by unexpectedchangesinthelikelihoodofharm,thescopeandseverityofpotentialdamages,andtherangeofmeasuresthatareconsideredsuitableforriskmanagement.Indecision-making environments that are uncertain and dynamic, a good risk culture calls foradaptiveregulatoryresponses.Adaptabilityissometimesatoddswiththedesireforacertainorpredictablepolicyorregulatoryenvironment,but,inthefaceofchangingcircumstances, riskmanagersand regulatorsmust retainadegreeofflexibility thatallowsforreconsiderationofpastchoices.
III Recommendations
international risk governance council Risk Governance Deficits
P 18
Cultivate trust through communication
Manyfailuresingovernancearelinkedtoproblemsoftrust,yetriskscanexacerbatemistrust bymaking it easier for antagonistic parties to point fingers at each other.There is no foolproof remedy for mistrust, but open lines of communication, bothinsideandoutsideanorganisation,areknowntohelpfostertrustamongstakeholders.Communication means not just the release of information but the opportunity formeaningful dialogue at each stage of the process: as signals from early warningsystemsareinterpreted,asriskassessmentsaresubjecttopeerreview,asstakeholderandpublicsentimentsaboutrisksaregauged,asjudgementsaboutriskacceptabilityarereached,andasriskmanagementstrategiesareconsidered.Ariskculturedefinedbyopenlinesofcommunication,combinedwithconfidentialityonlywhenunavoidable,canhelpsustaintrustthathasbeenearnedandgraduallyrestoreitwhenithasbeenlost.
3.2 How to do it: a structured approach aimed at continuous improvement
AlthoughIRGC’sreportandthispolicybriefhavepresented23governancedeficitsasdistinctphenomena,therearemanylinksbetweenthedeficits(e.g.,designingeffectiveriskmanagementstrategiesandensuringthattheyareimplementedandenforced).Nor havewe tried to rank the various deficits in any particular order of priority fororganisations to address. When faced with a specific risk, some risk governancedeficitsmaybemorerelevantormoreimportanttoaddressthanothers.Itisthetaskofeachriskdecision-makerorpractitionertoidentifythosedeficitsimportanttothemandtothecontextoftheriskthattheyareaddressing.
Whatwecansaywithconfidence is thatorganisationscanbenefit fromanexplicit,structuredapproachtoriskassessmentandmanagement that isdesignedto fostercontinuousimprovement.Intheabsenceofsuchaprocess,organisationstendtotreatrisksasisolatedincidents,withoutconsciousefforttocompareandlearnfromdifferentexperiences.While it is true that risks often have unique features, our inquiry intocommonriskgovernancedeficitssuggests thatorganisationsandsocietycan learnfromexperienceandimproveperformanceovertime.
Wesuggestthatorganisationsusethe23deficitsasabasistoeithercreateanexplicitstructuredapproachtoriskassessmentandmanagement;asavehicletohelprefineanapproachthatalreadyexists;oreventochallengepredominantriskperspectives.Wesuggest further that theapproachbeappliedacross theorganisationonlyafterstakeholdershavehadanopportunitytoparticipateinthedesignoftheapproach.Theapproachshouldbeappliedtoemergingaswellasexistingrisks,andshouldincludefeedbackorevaluationloopstoensurethatlearningtakesplaceovertime.
international risk governance councilRisk Governance Deficits
P 19
Sincerisksareoftenuncertainorrareevents,itmaynotbefeasibletodetermine,ex post,whetherspecificmanagementmeasureswereeffective.Inparticular,cost/benefitcalculationsforlow-probabilityrisksareoftendifficult.Forexample,ifnoadverseeventsoccur,itmaybethatthepostulatedriskwasnotpresentinthefirstplace.Moreover,evenhighlyeffectivemeasuresmayonlyreducetheprobabilityorseverityofadverseevents.Thus,whenadverseoutcomesoccur, itshouldnotnecessarilybeassumedthatmeasureswere ineffectiveoranorganisation’sentireapproachtorisk is faulty.Asystemtodocumentnearmissesandtocommunicatethemacrossorganisationsfor similar situations can be very helpful.What can be learned iswhether the keycomponentsofariskculturewereoperational(e.g.,earlywarningsystems,analysisofunlikelyyethigh-consequenceevents,meaningfulstakeholderparticipation,explicitjudgements about risk acceptability, relevant risk decision architecture within anorganisation,considerationofmultiplemeasuresandsoforth).
Insummary,thereisno“cookbookapproach”toriskculturethatorganisationsshouldimplement.Agoodplacetostartmaybeadeliberativeexercisewhereanorganisationconsiderswhetherandhowthe23riskgovernancedeficitsareapplicableacrosstheirrisklandscape,andwhethertheirriskculturecanbebuttressedinspecificwaysduetoabetterappreciationofthecommondeficitsthatwehavedocumented.
Application guidelines(including,forexample,exercisesandquestionsthatcouldbeused in training sessionsorworkshops)will alsobedevelopedbyIRGC.
Please consult IRGC’s website at http://irgc.org/-Risk-Governance-Deficits-and,124-.htmlforupdatesontheprogressofthisproject.
This policy brief is based on the IRGC report on Risk Governance Deficits, available at www.irgc.org. A complete list of references is published in that report.
international risk governance council Risk Governance Deficits
P 20
Itiseasiertopinpointdeficitsinprevioussituationsthanitistoofferforward-lookingrecommendations for risk practitioners in government, business and elsewhere.Recognisingthateachriskmayhaveuniquefeaturesthatrequiretailoredresponses,we offer some general recommendations for how organisations can improve theirgovernance of risks. One set of recommendations concerns “what to do” while asecondsetconcerns“howtodoit”(seeFigures3and4).Takentogether,thetwosetsofrecommendationscanbeseenasanorganisationalpathwaytowardsestablishinganeffective“riskculture”.
Annex: Decision Maps
Need for early warning systems (A1)
Understanding: Assessing risks
Need to acquire and develop knowledge
What to achieve with good risk assessment?
How to achieve good risk assessment?
Objectives and criteria for adequate risk assessment:
Need to get factual knowledge (A2) Need to get knowledge about perceptions (A3)
Involving stakeholders (A4)
Using formal models (A9)
Assessing potential surprises (A10)
Risk appetite and risk acceptance must be evaluated (A5)
Misinterpretation of information must be avoided (A6)
Complex systems need to be understood (A7)
Rapid or fundamental changes in systems must be recognised (A8)
Allocationofdeficitstotheleftorrightsideofthisfiguremaybesubjecttointerpretation,butintends,here,tofocusonthemaincharacteristicsofeachdeficit.A10inparticularcouldbeconsideredtoincludeelementsofbothobjectivesandcriteria.
Tools/capabilities to conduct adequate risk assessment:
Figure 3: Risk assessment decision map
international risk governance councilRisk Governance Deficits
P 21
Risk culturereferstoasharedsetofbeliefs,valuesandpracticeswithinanorganisationregardinghowtoassess,addressandmanagerisks.Amajoraspectofriskcultureishowopenlyriskscanbeaddressedandinformationaboutthemsharedamongariskcommunity.Risk cultureswill vary betweenorganisations, according to their needsandcircumstances.However,agoodriskculturealwaysproducesasoundbasisfordecidinghowthecompetingpressuresforriskavoidance,riskreduction,risktransferandrisktakingareresolved.
Responding to early warnings (B1)
Designing effective risk management strategies (B2)
GOAL
STRATEGY
POLICY
REGULATION
IMPLEMENTATION
Acting: Managing risks
What to achieve with good risk management?
How to achieve good risk management?
Objectives and criteria for effective risk management:
Tools/capabilities that decision-makers must use/develop:
Developing organisational capacity (B9)
Risk management policies must be efficient and equitable (B4)
Dealing with dispersed responsibilities (B10)
Side effects of risk management must be anticipated (B6)
Managing fundamental conflicts (B12)
Time horizons must be reconciled (B7)
Developing the capacity to act in the event of the unexpected (B13)
Transparency and confidentiality must be balanced (B8)
Commons problems and externalities must be dealt with (B11)
Allocationofdeficitstotheleftorrightsideofthisfiguremaybesubjecttointerpretation,butintends,here,tofocusonthemaincharacteristicsofeachdeficit.B12andB13inparticularcouldbeconsideredtoincludeelementsofbothobjectivesandcriteria.
Selecting a reasonable range of policy options (B3)
Implementing and enforcing
risk management decisions (B5)
Figure 4: Risk management decision map
international risk governance council Risk Governance Deficits
P 22
Please refer to the Risk Governance Deficits report for a more extensive list of references.
[Cumming,2002]Cumming,C.M.,September11andtheU.S.PaymentSystem,Finance and Development,39(1),March,2002,http://www.imf.org/external/pubs/ft/fandd/2002/03/cumming.htm
[Dembinski,2006]DembinskiP.,LagerC.,CornfordE.andBonvinJ.M.,EnronandtheWorldofFinance:aCaseStudyinEthics,Palgrave Macmillan
[Hamre,2003]Hamre,J.,Capelinandherringaskeyspeciesfortheyieldofnorth-eastArcticcod.Resultsfrommultispeciesruns,Scientia Marina,67,315-323
[HPA,2008]ConfirmedMeaslesCasesinEnglandandWales–anUpdatetoend-May2008,Health Protection Report,2(25),June20,2008,http://www.hpa.org.uk/hpr/archives/2008/news2508.htm
[ILIT,2006]IndependentLeveeInvestigationTeam,InvestigationofthePerformanceoftheNewOrleansFloodProtectionSystemsinHurricaneKatrinaonAugust29,2005,http://www.ce.berkeley.edu/projects/neworleans/
[IRGC, 2005] International RiskGovernanceCouncil,White Paper 1 onRiskGovernance: Towards an IntegrativeApproach,Geneva,IRGC,http://www.irgc.org/IMG/pdf/IRGC_WP_No_1_Risk_Governance__reprinted_version_.pdf
[ISO,2009]InternationalOrganizationforStandardization,DraftISOGuide73:RiskManagement–Vocabulary,Geneva,ISO
[Jones,2004]Jones,R.,SurgeinBritishasbestosclaimswillcostbillions,The Guardian,November2,2004,http://www.guardian.co.uk/business/2004/nov/02/medicineandhealth.healthinsurance
[Jones,2001]Jones,D.T.,ParadigmShift,TheNautilusInstitute,PolicyForumOnline,http://www.nautilus.org/archives/fora/Special-Policy-Forum/11_Jones.html
[Normile,2007]Normile,D.,TsunamiWarningSystemShowsAgility–andGapsinIndianOceanNetwork,Science,317,September21,2007
[NRPB,2003]NationalRadiologicalProtectionBoardUK,HealthEffectsfromRadiofrequencyElectromagneticFields:ReportofanIndependentAdvisoryGrouponNon-IonisingRadiation,Documents of the NRPB,14(2),http://www.hpa.org.uk/Publications/Radiation/NPRBArchive/DocumentsOfTheNRPB/Absd1402/
[Okadaetal.,2008]Okada,N.,Tatano,H.andTakagi,A.,NagaraRiverEstuaryBarrageConflict,In:GlobalRiskGovernance:ConceptandPracticeUsingtheIRGCFramework,Renn,O.andWalker,K.(eds),Dordrecht,Springer,221-228
[SenateReport, 2006]USSenateCommitteeofHomelandSecurityandGovernmentAffairs,HurricaneKatrina:ANationStillUnprepared,Washington,DC,GovernmentPrintingOffice
[Shiller, 2008]Shiller,R.J.,TheSubprimeSolution:HowToday’sGlobal FinancialCrisisHappened andWhat toDo about It,Princeton,NJ,PrincetonUniversityPress
[UCTE,2004]Unionfor theCo-ordinationofTransmissionofElectricity,FinalReportof the InvestigationCommitteeonthe28September2003BlackoutinItaly,http://www.aei.it/ucte_fulltext.pdf
[UNEP,2000]UnitedNationsEnvironmentProgramme,TheMontrealProtocolonSubstancesthatDepletetheOzoneLayeraseitheradjustedand/oramendedinLondon1990,Copenhagen1992,Vienna1995,Montreal1997,Beijing1999,http://www.unep.org/OZONE/pdfs/Montreal-Protocol2000.pdf
[vanZwanenbergandMillstone,2002]vanZwanenberg,P.andMillstone,E.,MadCowDisease1980s-2000:howreassurancesunderminedprecaution,In:LateLessonsFromEarlyWarnings:ThePrecautionaryPrinciple1896-2000,Harremoës,P.,Gee,D.,MacGarvin,M.,Stirling,A.,Keys,J.,Wynne,B.andGuedesVaz,S.(eds),Copenhagen,EuropeanEnvironmentAgency
[Vari,1996]Vari,A.,PublicPerceptionsaboutEquityandFairness:SitingLow-LevelRadioactiveWasteDisposalFacilitiesintheUSandHungary,RISK: Health, Safety and Environment,7(Spring),http://www.piercelaw.edu/risk/vol7/spring/vari.htm
[Viscusi,1992]Viscusi,W.K.,FatalTradeoffs:PublicandPrivateResponsibilities forRisk,Cambridge,MA,HarvardUniversityPress
Note: Allwebaddresseslastaccessed13April2010
References
international risk governance councilRisk Governance Deficits
P 23
About IRGC
TheInternationalRiskGovernanceCouncil(IRGC)isanindependent organisation based inSwitzerlandwhosepurpose is to identify and propose recommendationsfor the governance of emerging global risks. IRGC’smission is to promote the improved understandingand governance of emerging global risks to humanhealth,safety, theenvironmentandtosocietyat large.Understanding, assessing and managing as well asbalancingrisksandopportunitiesisanimportantelementofthisprocess.
IRGC’s work includes developing concepts of riskgovernance,anticipatingmajorriskissues,andprovidingrisk governance recommendations for decision-makers. To ensure the objectivity of its governancerecommendations, IRGC draws upon internationalscientificknowledgeandexpertisefromboththepublicand private sectors in order to develop fact-basedrisk governance recommendations for policymakers,untaintedbyvestedinterestsorpoliticalconsiderations.
Members of the Foundation Board
Donald J. Johnston (Chairman), FormerSecretary-General,
OECD(1996-2006);Christian Mumenthaler (Vice-Chairman),
Memberof theGroupExecutiveBoard, Life&Health,Swiss
Reinsurance Company, Switzerland; Pierre Béroux, Senior
Vice President, Risk Group Controller, Electricité de France,
France;John Drzik,PresidentandCEO,OliverWyman,USA;
Walter Fust, Chief Executive Officer, Global Humanitarian
Forum,Switzerland;José Mariano Gago,MinisterforScience,
Technology and Higher Education, Portugal; C. Boyden
Gray, Gray & Schmitz LLP, USA; Charles Kleiber, Former
State Secretary for Education and Research, Swiss Federal
Department of HomeAffairs, Switzerland;Wolfgang Kröger
(IRGC Founding Rector), Director, Laboratory for Safety
Analysis,SwissFederal InstituteofTechnology(ETH)Zurich,
Switzerland; Liu Yanhua,FormerViceMinisterforScienceand
Technology,People’sRepublicofChina;L. Manning Muntzing,
EnergyStrategistsConsultancyLtd,USA;Rajendra Pachauri,
Chairman,IntergovernmentalPanelonClimateChange(IPCC)
and Director-General, The Energy and Resources Institute,
India.TheOECDhasobserver statusand is representedby
Michael Oborne,DirectoroftheOECD’sInternationalFutures
Programme.
Members of the Scientific and Technical Council
Prof. M. Granger Morgan (Chairman),Head,Departmentof
Engineering and Public Policy, Carnegie Mellon University,
USA;Dr V. S. Arunachalam,ChairmanandFounder,Centerfor
StudyofScience,TechnologyandPolicy,India;Prof. Fabiana
Arzuaga,ProfessorofRegulationofBiotechnologyandPatent
Law,FacultyofLaw,UniversityofBuenosAires,Argentina;Dr
Lutz Cleemann,SeniorAdviser,SustainableBusinessInstitute,
Germany;Dr Anna Gergely,Director,EHSRegulatory,Steptoe
& Johnson, Belgium; Dr John D. Graham, Dean, Indiana
University School of Public and EnvironmentalAffairs, USA;
Prof. Manuel Heitor,SecretaryofStateforScience,Technology
andHigherEducation,Portugal;Prof. Carlo C. Jaeger,Head,
Social Systems Department, Potsdam Institute for Climate
ImpactResearch(PIK),Germany;Prof. Ola M. Johannessen,
Director,NansenEnvironmentalandRemoteSensingCenter,
Norway; Prof. Wolfgang Kröger (IRGC Founding Rector),
Director,LaboratoryforSafetyAnalysis,SwissFederalInstitute
ofTechnology(ETH)Zurich,Switzerland;Dr Patrick Lagadec,
Director of Research, Ecole Polytechnique, France; Prof.
Ragnar E. Löfstedt,ProfessorofRiskManagement,Directorof
King’sCentreofRiskManagement,King’sCollege,UK;Jeffrey
McNeely, Senior ScientificAdvisor, IUCN -The International
Union for Conservation of Nature, Switzerland; Dr Stefan
Michalowski,HeadoftheSecretariat,GlobalScienceForum,
OECD,France;Dr Warner North,President,NorthWorksInc.,
andConsultingProfessor,DepartmentofManagementScience
and Engineering, Stanford University, USA; Prof. Norio
Okada,Director,DisasterPreventionResearchInstitute,Kyoto
University, Japan; Prof. Kenneth Oye, Associate Professor,
Political Science and Engineering Systems, Massachusetts
InstituteofTechnology(MIT),USA;Prof. Ortwin Renn,Professor
forEnvironmentalSociology,UniversityofStuttgart,Germany;
Prof. Úrsula Oswald Spring, Research Professor, Regional
Centre of Multidisciplinary Research, National University of
Mexico, Mexico; Dr Mihail Roco, Chairman, Subcommittee
onNanoscaleScience,EngineeringandTechnology,National
Science and Technology Council, and Senior Advisor for
Nanotechnology, National Science Foundation, USA; Prof.
Joyce Tait,InnogenScientificAdvisor,ESRCCentreforSocial
andEconomicResearchon Innovation inGenomics,UK;Dr
Timothy Walker, Chair, Accounting and Actuarial Discipline
Board,FinancialReportingCouncil,UK;Prof. Xue Lan,Dean,
SchoolofPublicPolicyandManagement,TsinghuaUniversity,
People’sRepublicofChina.
international risk governance council
international risk governance council
Chemin de Balexert 91219 ChâtelaineGeneva Switzerland
tel +41 (0)22 795 17 30fax +41 (0)22 795 17 39
© All rights reserved, International Risk Governance Council, Geneva, 2010
ISBN 978-2-9700672-0-7