The Social Affairs Unit

Print Version • Website Home • Weblog Home

Use the buttons below to change the style and font size of our site.
Screen version     Print version:   
March 10, 2005

Risk Management: it's not rocket science - it's much more complicated

Posted by John Adams

In popular imagination, rocket science is the totemic example of scientific complexity. Professor John Adams - Britain's leading academic expert on risk - argues here that risk management is in fact much more complex. As Professor Adams puts it, for the scientist studying turbulence "the clouds do not react to what the weatherman or physicist says about them". The risk manager must, however, deal not only with risk perceived through science, but also with virtual risk - risks where the science is inconclusive and people are thus "liberated to argue from, and act upon, pre-established beliefs, convictions, prejudices and superstitions."

The affluent world is drowning in risk assessments. Almost everyone now has a "duty of care" to identify formally all possible risks to themselves, or that they might impose on others, and to demonstrate that they have taken all reasonable steps to "control" them. It is not clear that those imposing this duty of care appreciate the magnitude and difficulty of the task they have set.

Last year I participated in a conference on terrorism [See Science and Terrorism: Post-conference After-thoughts, World Federation of Scientists' International Seminar on Terrorism, Erice, Sicily, 7-12 May 2004]. Most of the other participants were eminent scientists, and I found myself in a workshop entitled Cross-disciplinary challenges to the quantification of risk.

Lord Kelvin famously said:

Anything that exists, exists in some quantity and can therefore be measured.

This dictum sits challengingly alongside that of another famous scientist, Peter Medewar who observed:

If politics is the art of the possible, research is the art of the soluble. Both are immensely practical minded affairs. Good scientists study the most important problems they think they can solve [my emphasis]. It is, after all, their professional business to solve problems, not merely to grapple with them.

Terrorism undoubtedly exists, and some of its consequences can be quantified. One can count the numbers killed and injured. With the help of insurance companies one can have a stab at the monetary value of property destroyed and, for those with business continuity insurance, the value of business lost. But what units of measurement might be invoked to calculate the impact of the terror that pervades and distorts the daily life of someone living in Chechnya, or Palestine, or Darfur or . ? Or the loss of civil liberties resulting from the anti-terrorism measures now being imposed around the world.

The problem becomes more difficult when one moves on to the challenge of quantifying the risk of terrorism. Risk is a word that refers to the future. It has no objective existence. The future exists only in the imagination. There are some risks for which science can provide useful guidance to the imagination. The risk that the sun will not rise tomorrow can be assigned a very low probability by science. And actuarial science can estimate with a high degree of confidence that the number of people killed in road accidents in Britain next year will be 3500, plus or minus a hundred or so. But these are predictions, not facts. Such predictions rest on assumptions; that tomorrow will be like yesterday; that next year will be like last year; that future events can be foretold by reading the runes of the past. Sadly, the history of prediction contains many failures from those of stock market tipsters to those of vulcanologists seeking to predict eruptions, earthquakes and tsunamis.

Type "risk" into an Internet search engine and you will get over 100 million of hits. You need sample only a small fraction to discover many unnecessary and often acrimonious, arguments. Risk is a word that means different things to different people [see Judging Juries Judging Risk, Social Affairs Unit, 5th October 2004]. It is a word that engenders a sense of urgency because it alludes to the probability of adverse, sometimes catastrophic, outcomes. Much of the acrimonious urgency, or the urgent acrimony, that one uncovers searching for "risk" on Google stems from a lack of agreement about the meaning of the word. People are using the same word, to refer to different things, and shouting past each other.

Figure 1 is proffered in the hope of clearing away some unnecessary arguments.

Figure 1
john adams - risk types.jpg

Directly perceptible risks are dealt with using judgement a combination of instinct intuition and experience. One does not undertake a formal, probabilistic, risk assessment before crossing the road. Crossing the road in the presence of traffic involves prediction based on judgement. One must judge vehicle speeds, the gaps in traffic, one's walking speed, and hope one gets it right, as most of us do most of the time.

Most of the published literature on risk management falls into the category of risk perceived through science. Here one finds not only biological scientists in lab coats peering through microscopes, but physicists, chemists, engineers, doctors, statisticians, actuaries, epidemiologists and numerous other categories of scientist who have helped us to see risks that are invisible to the naked eye. Collectively they have improved enormously our ability to manage risk as evidenced by the huge increase in average life spans that has coincided with the rise of science and technology.

But where the science is inconclusive we are thrown back on judgement. We are in the realm of virtual risk. These risks are culturally constructed when the science is inconclusive people are liberated to argue from, and act upon, pre-established beliefs, convictions, prejudices and superstitions. Such risks may or may not be real but they have real consequences. In the presence of virtual risk what we believe depends on whom we believe, and whom we believe depends on whom we trust.

A participant at the conference on terrorism was one of the world's foremost experts on turbulence, notoriously the most intractable problem in science. In the mythology of physics Werner Heisenberg is reported as saying:

When I meet God, I am going to ask him two questions: Why relativity? And why turbulence? I really believe he will have an answer for the first.
I would trust the physicist I met at the conference to tell me the truth about turbulence, so far as he knew it. But the problems he is studying are simple compared to those of the risk manager, because the clouds do not react to what the weatherman or physicist says about them.

We are all risk managers. Whether buying a house, crossing the road, or considering whether or not to have our child vaccinated, our decisions will be influenced by our judgement about the behaviour of others, and theirs by their judgements about what we might do. The world of the risk manager is infinitely reflexive. In seeking to manage the risks in our lives we are confronted by a form of turbulence unknown to natural science, in which every particle is trying to second guess the behaviour of every other. Will the vendor accept less in a falling market? Will the approaching car yield the right of way? Will enough other parents opt for vaccination so that my child can enjoy the benefits of herd immunity while avoiding the risks of vaccination? And, increasingly, if things go wrong, who might sue me? Or whom can I sue? The risk manager is dealing with particles with attitude.

Another participant at the conference, alert to the strict limits of natural science in the face of such turbulence, warned that we were in danger of becoming the drunk looking for his keys, not in the dark where he dropped them, but under the lamp post where there was light by which to see.

This caution prompted the re-drawing of Figure 1. Figure 2 is an attempt to highlight the strict limits to the ability of science to foretell the future.

Figure 2
john adams - searching for keys.jpg

In the area lit by the lamp of science one finds risk management problems that are potentially soluble by science. Such problems are capable of clear definition relating cause to effect and characterized by identifiable statistical regularities. On the margins of this area one finds problems framed as hypotheses and methods of reasoning, such as Bayesian statistics, which guide the collection and analysis of further evidence. As the light grows dimmer the ratio of speculation to evidence increases. In the outer darkness lurk unknown unknowns. Here lie problems with which, to use Medawar's word, we are destined to "grapple".

As the light of science has burned brighter most of the world has become healthier and wealthier and two significant changes have occurred in the way in which we grapple with risk. We have become increasingly worried about more trivial risks, and the legal and regulatory environments in which we all must operate as individual risk managers have become more turbulent. As the likelihood of physical harm has decreased the fear, and sometimes the likelihood, of being sued has increased.

Perhaps the clearest demonstration of this can be found in the increase in the premiums that doctors must pay for insurance, and the way this varies according to the type of medicine practiced. The Medical Protection Society of Ireland has four categories of risk: low, medium, high and obstetricians. Between 1991 and 2000 the premium charged to those in the low category increased by 360 percent to 9854, and that charged to obstetricians increased by 560 percent to 54567.

Measured in terms of its impact on peri-natal mortality rates, obstetrics and gynecology can claim a major share of the credit for the huge increases in average life expectancy over the last 150 years. This most successful medical discipline is now the most sued so successful that almost every unsuccessful outcome now becomes a litigious opportunity. I don't know of any risk assessment that predicted that [For more on this theme see J. Adams, Do we have enough injidents?, The British Journal of General Practice (June 2002)].

There is a distinction, frequently insisted upon in the literature on risk management, between "hazard" and "risk". A hazard is defined as something that could lead to harm, and a risk as the product of the probability of that harm and its magnitude; risk in this literature is hazard with numbers attached. So, relating this terminology to Figures 1 and 2, it can be seen that risk can be placed in the circle "perceived through science" while the other two circles represent different types of hazard.

Typing "hazard management" into Google at the time of writing yielded 70,000 hits; "risk management" 12 million. The number of potential harms in life to which useful numbers can be attached is tiny compared to the number through which we must navigate using unquantified judgement. The Kelvinist, rocket-science approach to virtual risks, with its emphasis on the quantitatively soluble, threatens to divert attention from larger, more complicated, more urgent problems with which we ought to be grappling.

John Adams is emeritus professor of geography at University College London.

Comments Notice
This comments facility is the property of the Social Affairs Unit.
We reserve the right to edit, amend or remove comments for legal reasons, policy reasons or any other reasons we judge fit.

By posting comments here you accept and acknowledge the Social Affairs Unit's absolute and unfettered right to edit your comments as set out above.

John Adams always writes on the complex issue of risk management with amazing clarity and humour. He manages to turn an - all too often - dry as dust issue, into something which is genuinely interesting. To anyone who has not read it, I would recommend "Risk" by Prof. John Adms, his 1995 book on the subject (still easily available from Amazon) - and simply the best thing written on it.

Posted by: David at March 10, 2005 02:22 PM

Interesting and thought provoking as always. Risk management can be practically managed by organizations within their objectives. The new ISO risk management guideline (now more or less finalized and to be released in 2009) provides practical guidance on how organizations might do this, whether they be governments, international organizations, private firms, NGO. Whatever the organization does, it has a mandate and objectives which may be informed by stakeholders views, the collective wisdom (John's virtual risk), or science including actuarial science as in value of sub prime mortgage portfolios and other strange assets, which may be wrong since risk is risk after all. However, all these risks can be managed by organizations in useful and better than random gut feeling ways. In ISO even the up side risks of windfalls, longer than expected life, etc. can be managed. In the practical realm of risk management, while it is useful to speculate and classify it does not mean nothing can be done, including do nothing.

Posted by: John Shortreed at November 5, 2007 04:26 PM
Post a comment

Anti-spambot Turing code

Creative Commons License
Except where otherwise noted, this site is licensed under a Creative Commons License.

The Social Affairs Unit's weblog Privacy Statement