Risk Assessment. Marvin Rausand
this term makes it clear that this risk is something we can cope with, something we can endure. We tolerate risk, but we do not accept it. The same people also prefer the term risk tolerance criteria over RAC. We have chosen to use the term RAC in this book.
In the Railway Safety Directive (EU 2016), the term common safety targets (CSTs) is used. The directive states that “CSTs may be expressed in terms of risk acceptance criteria.”
5.2 Risk Acceptance Criteria
NS 5814 (2008) states that “the results of risk analysis must be compared with the criteria for acceptable risk” and requires that RAC be established before a risk assessment is conducted. A definition of RAC is
Definition 5.1 (Risk acceptance criteria, RAC)
Criteria used as a basis for decisions about acceptable risk (NS 5814 2008).
RAC can be quantitative and/or qualitative. Some standards and guidelines find it essential that certain qualitative principles be adopted, irrespective of the numerical value of quantitative acceptance criteria (e.g. see NSW 2011). Examples of qualitative criteria include the following:
All avoidable risk should be avoided.
Risk should be reduced wherever practicable.
The effects of events should be contained within the site boundary.
Further development should not pose any incremental risk.
No single component failure should lead to serious consequences.
Some of these criteria are not very precise. What is “avoidable risk”? What is a “practicable” risk reduction? Without further guidance on what these terms mean, they can be interpreted very differently by decision‐makers. Most things are in principle “avoidable” and the term “practicable” can mean very different things to people. It may be observed that some of these criteria are useful for design purposes. The third and the last criterion can both be used directly as design criteria for technical systems.
RAC may be based on requirements from authorities, standards, experience, theoretical knowledge, and norms. The level of risk that is considered “acceptable” in a given context depends on several factors, among others, the benefits we get from the activities that cause the risk and whether or not the risk is voluntary. NS 5814 (2008) defines acceptable risk as follows:
Definition 5.2 (Acceptable risk)
Risk that is accepted in a given context based on the current values of society and in the enterprise.
This definition makes it clear that acceptable risk is related to a specific context. This means that risk is not accepted unconditionally. What is acceptable in one context is thus not necessarily acceptable in other contexts. Further, it is conditioned on current values and those values may change with time. Also, different societies and different enterprises may have different values.
The seminal book by Fischhoff et al. (1981) states that no risk is acceptable in isolation or in a universal sense. It is, therefore, somewhat misleading to talk about acceptable risk. They claim that one rather should speak in terms of acceptable options. The acceptability of an option represents a trade‐off among the full set of associated risk, costs, and benefits of this option. In turn, the desirability of these factors depends on the other options, values, and facts examined in the decision‐making process. Owing to this fact, the most acceptable option in an acceptable risk problem may not be the option with the least risk. According to Fischhoff et al. (1981):
Acceptable risk problems are decision problems, that is, they require a choice among alternatives. That choice is dependent on values, beliefs, and other factors. Therefore, there can be no single, all‐purpose number that expresses the acceptable risk for a society ….
Example 5.1 (Choosing the option with highest risk)
In many decision situations, we are considering just two options: to perform an activity or not. In the North Sea, developing oil and gas fields represents risk to the people working there and to the environment due to possible oil spills. The safest option has clearly been not to develop the fields, but still decisions have been made again and again to develop new fields. The reason for this is obviously that the benefits are very large. What we accept is thus to get a certain set of benefits in return for taking a certain risk.
Example 5.2 (RAC for nuclear power plants)
Much effort has been devoted to establishing quantitative RAC in the nuclear power industry. The following items have, for example, been proposed as candidates for setting quantitative criteria (e.g. see Cameron and Willers 2001 ; CNCS 2009):
1 The overall risk to the public.
2 The risk to an individual.
3 The sum of frequencies of all event sequences that can lead to a release of radioactive material that may require temporary evacuation of the local population (called small release frequency, SRF).
4 The sum of frequencies of all event sequences that can lead to a release of radioactive material that may require long‐term relocation of the local population (called large release frequency, LRF).
5 The conditional probability of containment failure (given core damage).
6 The sum of frequencies of all event sequences that lead to significant core degradation (called core damage frequency, CDF).
7 The probability of a particular accident sequence.
8 The reliability of individual safety systems.
Quantitative criteria for new nuclear power plants may, for example, be formulated as follows (CNCS 2009):
CDF per reactor year
SRF per reactor year
LRF per reactor year
There is still no general agreement on the values to be used for these limits. As Fischhoff et al. (1981) argue, it may never be possible to define these limits completely generally.
Observe that the quantitative criteria mentioned in Example 5.2 are not risk criteria, but rather probability criteria, stating limits on the probability of certain events per reactor year. This is used in some contexts, in particular for events where the consequence is considered to be high in any case.
Example 5.3 (RAC for offshore oil and gas installations)
The Norwegian offshore industry has used quantitative RAC since around 1985. The legislation in Norway partly requires that the oil companies themselves should define criteria and the criteria are therefore formulated in different ways and with varying risk levels. Among the criteria that are in use or have been used by different companies are the following:
Maximum annual probability of being killed for an average person working on the installation.
Maximum annual probability of being killed for individuals in the group exposed to the highest risk. The groups are defined to distinguish between groups exposed to high risk (e.g. drill crew) and groups with lower risk (e.g. admin staff).
Maximum annual frequencies for accidents with varying consequence from high to low. This is expressed through an ‐curve (ref Chapter 6).
Maximum frequency of loss of main safety functions (MSFs). MSFs are key functions that need to be in place to ensure that personnel on the installation