Risk Assessment. Marvin Rausand
with a fair degree of interrelationships and interdependencies between the components. By using current knowledge (e.g. by involving subject experts), we can understand the relevant system properties and analyze it. The relationships between the components can be reduced to clear, predictable interactions. Complicated systems can be decomposed and comply with the Newtonian–Cartesian paradigm. Examples of complicated systems include airplanes and computers.
Complex systems. In a complex system, the behavior of at least some of the components or the interactions between them are not fully understandable, even when using all current knowledge. The performance of a complex system cannot be predicted adequately via linear relationships. A complex system cannot be adequately understood and analyzed by traditional approaches because the system is something more than a sum of its components. A complex system cannot be decomposed without losing some characteristics and does not comply with the requirements of the Newtonian–Cartesian paradigm. Some authors simply define a complex system as a system that does not comply with the Newtonian–Cartesian paradigm.
The term “complexity” may be defined as follows:
Definition 4.11 (Complexity)
A scientific theory that asserts that some systems display behavioral phenomena completely inexplicable by any conventional analysis of the systems' constituent parts.
The following complexity metaphor was coined already by Aristotle (384–322 BCE).
The whole is greater than the sum of its parts.
Complexity leads to several challenges for risk analysis, as pinpointed by Leveson (1995):
Many of the new hazards are related to increased complexity (both product and process) in the systems we are building. Not only are new hazards created by the complexity, but the complexity makes identifying them more difficult.
The ever‐increasing integration of information and communication technology in systems and the expanding digital infrastructure are important contributors to system complexity. This problem is discussed further by Grøtan et al. (2011).
Most often, a system is not designed or built to be complex, but develops into a complex system through changes, coupling, and/or emergent properties.
4.5.1 Emergent Properties
An emergent property may be defined as follows:
Definition 4.12 (Emergent property)
A property of a system of elements that cannot be derived from the properties of the individual elements.
An emergent property is a property of the system as a whole rather than a property that can be deduced from the properties of the system components. This applies even if we had total knowledge about the properties of any one of the system components. Emergent properties can only be observed and measured when the components have been integrated into a system. A system with emergent properties is nondeterministic and does not always produce the same outputs when presented with the same inputs. A frequently used example of emergent property is salt (sodium chloride). Both sodium (Na) and chlorine (Cl) are poisonous when taken separately, but when compounded into salt (NaCl) it is part of our daily diet. It is not at all possible to deduce the properties of salt from the properties of sodium and chlorine.
Emergent properties occur within many categories of systems. In chemical systems, for example, we often see forces that are greater than the sum of the forces of their constituent parts. Many sociotechnical systems have emergent properties and are, therefore, not possible to analyze adequately.
4.6 Problems
1 4.1 What is meant by a “black box” analysis? Give some examples of such an analysis.
2 4.2 Assume that you are going to do risk analysis of an electric coffee maker. Is this a technical or a sociotechnical system? If you concluded that it is a sociotechnical system, what are the nontechnical aspects?
3 4.3 Find examples of technical (man‐made) systems that, if we are going to do a risk analysis of them, would not be considered as sociotechnical systems.
4 4.4 Consider a car ferry transporting passengers and cars across a stretch of water as a system. The system also includes the harbors at both ends. Set up a breakdown structure for this system in two ways: With respect to the physical elements of the system and with respect to the functions/processes performed by the system. Do you think a risk analysis would lead to the same results regardless of which breakdown structure is chosen?
5 4.5 Define the boundaries of the coffee maker considered in Problem 4.2 . What are the external inputs to the system you have defined and what are the outputs? Could a change in the boundaries change the risk analysis?
6 4.6 Define the operating context for the coffee maker in Problem 4.2 .
7 4.7 Describe your interpretation of a complex system. Write down five attributes that make a system complex.
8 4.8 Reconsider the car ferry transporting system in Problem 4.4 . Give two examples of emergent properties that may occur in this system and discuss potential causes of these properties.
9 4.9 Consider an ordinary bicycle and establish a system breakdown structure for this bicycle. Next, consider the stability of the bicycle during normal use. Do you consider it to be possible to deduce the stability properties of the bicycle from the properties of its elements? Would you call the stability an emergent property? Explain why you arrive at this answer.
References
1 von Bertalanffy, L. (1968). General System Theory; Foundations, Development, Applications. New York: George Braziller Inc.
2 Grøtan, T.O., Størseth, F., and Albrechtsen, E. (2011). Scientific foundations of addressing risk in complex and dynamic environments. Reliability Engineering & System Safety 96: 706–712.
3 ISO 12100 (2010). Safety of machinery – general principles for design: risk assessment and risk reduction, International standard ISO 12100. Geneva: International Organization for Standardization.
4 Leveson, N. (1995). Software. System Safety and Computers: A Guide to Preventing Accidents and Losses Caused by Technology. Reading, MA: Addison‐Wesley.
Notes
1 1 Adapted from https://complexitylabs.io/system-boundary/ .
2 2 The manufacturer has to carry out a risk assessment of the washing machine to meet the requirements of the machinery safety regulations, usually according to ISO 12100.
Chapter 5 Risk Acceptance
5.1 Introduction
Results from risk analyses are used as input to decision‐making. In many cases, the decisions are concerned with whether the risk has to be reduced. In an ideal world, we could argue that it should be unnecessary to make this decision; instead, we should avoid all risk. The reality is usually that this is not possible, very often for cost reasons but often also for practical reasons. Normally, we have to accept that all risk cannot be removed. The question then becomes how much risk should be removed? A balance has to be found between our ideal goal of removing all risk and the practical constraint of having a limitation in how much resources can be used to reduce risk. This is where risk acceptance criteria (RAC) are needed to help us decide what this balance should be.
Many people do not like the terms acceptable risk and risk acceptance because “to accept” may imply “to consent” or “to agree with.” Also, they do not want to give the impression that risk associated with their activity is viewed as unconditionally acceptable