[SystemSafety] Confusion over Risk, Yet Again
Matthew Squair
mattsquair at gmail.com
Thu Aug 10 02:51:18 CEST 2017
Apologies. Meant to share more widely, we do seem to be trapped in a
frequentist time-warp...
Well…
Risk: "The possibility of unwanted consequences of an event or
decision
So risk is just the ‘possibility’? Or is it the combination of possibility
and the unwanted combinations?
*) Probability: A measure of the likelihood that a risk's unwanted
consequences will be suffered, possibly a number between 0.0 and 1.0
This seems to be going down the frequentist interpretation of probability
rabbit hole, there is however the evidential interpretation and the
evidential interpretation was excluded because?
For example say I am designing a parachute. The proposition that there is a
design error is either True/False. However there is some uncertainty about
the proposition. Which I can express (for arguments sake) using pascalian
probability. Here probability = uncertainty. Not frequency. That’s an
'evidence of’ perspective.
Strictly if a outcome has a probability of 0 or 1 it is not a risk, e.g if
I jump out of a plane without my aforementioned parachute then there’s an
absolute certainty* that I’ll die. P=1 so no risk. Risk only relates to
uncertain propositions.
*Lets not quibble about trees, assume it’s the Nullabor.
) Severity: A measure of the (degree of) harm caused by a risk's unwanted
consequence, possibly in terms of money, time, or other valued resource
Missing from this is whether we care. Not all losses are worth caring
about, for example I don’t care about paper cuts. I don’t care about
spraining an ankle when parachuting either in other words such events are
not risks from my perspective. I do care if I break my neck though. So the
definition needs to be compounded with “… that we care about”.
*) Exposure: A measure that combines probability and severity so that
different risks can be reasonably compared.
But what of risks that we are unaware of but are still exposed to? For
example I may be unaware that there’s a design flaw in my parachute release
handle. It’s there, I’m exposed but I don’t know about it. So risk really
expresses our perception of risk, not the actuality. All the above is
therefore a definition of our [risk perception]. In other words an
observer’s internal state.
Exposure is such an overloaded term and incorrect to use, in this context
Exposure = risk as far as I can see, so why not actually use that word?
Clearly, a high probability &
high severity risk gives a higher exposure than a low probability & low
severity risk. But, if Risk A has high probability & low severity while
Risk B has low probability & high severity, which one gives higher
exposure?
This is heading towards the risk = expectation fallacy. Irreversible risks
are simply not the same as reversible risks.
Let’s play a game called Russian dice, we get a six sided die and if it’s
anything other than a six nothing happens. If it’s a 6 I get to shoot you.
Now expectation wise the E=(1+2+3+4+5+6)/6 21/6 = 3.5 that’s less than 6 so
mathematically you’re safe, but would you take that gamble. I wouldn’t, nor
would anybody I know because we recognise the numbers don’t reflect the
risk.
Exposure should be derived via a defined function, e.g., if
probability is expressed as a fraction between 0.0 and 1.0 & severity is
expressed in terms of money then exposure can be calculated as the
probability value times the severity value. Measurement theory becomes
very important here, however.
And now we have arrived, the long way round, at risk as the expectation of
loss as per de Moivre. See previous comment about it’s limitations. If
that’s the destination why not use de Moivre’s definition in the first
place?
Measurement theory becomes
very important here, however.
Unmentioned is that you're trying to measure something that doesn’t exist,
it’s an measurement of an intangible object. Measuring risk is not the same
as measuring say the deflection of a steel leaf spring. In point of fact
all that exists is the method you use, which defines in turn the intangible
object you are ‘measuring’. So ‘risk' is an operationalism of an
intangible.
Therefore using probability is a specific operationalism of ‘risk', don’t
assume that it’s the only one
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.techfak.uni-bielefeld.de/mailman/private/systemsafety/attachments/20170809/09479d85/attachment-0001.html>
More information about the systemsafety
mailing list