Risk Analysis and Public Policy

This article focuses on risk analysis. It provides an investigation of risk analysis techniques including brainstorming, sensitivity analysis, the Delphi method, decision tree analysis, and modeling. The connections between risk analysis and risk management are described. The relationship between comparative risk analysis, cost benefit analysis, and public policy decision-making is discussed.

Keywords Cost Benefit Analysis; Decision Tree Analysis; Federal Government; Mitigation; Modeling; Public Policy; Public Sector; Risk Analysis; Risk Management; Sensitivity Analysis; Values

Business & Public Policy > Risk Analysis

Overview

Risk analysis refers to the study of the "likelihood that an agent or hazard will produce an adverse effect" (Swaney, 1996, p.463). Risk refers to a measure of the potential for harm, loss, or hazard. The main types of organizational risks include:

  • External Unpredictable
  • External Predictable
  • Internal Non-technical
  • Technical

• Legal

Risks are analyzed to determine the probability, severity, and effect of occurrence (Basu, 1998). Organizations face risks from strategic, market, credit, operational, and financial exposure as well as man-made and natural disasters (Banham, 2004). Organizations identify and mitigate these risks through active risk analysis and risk management. Risk analysis, according to the Society for Risk Analysis, includes "risk assessment, risk characterization, risk communication, risk management, and policy relating to risk" (Society for Risk Analysis, 2007). Risk analysis may be applied to areas of human health; the environment; threats from physical, chemical, and biological agents; human activities; and natural events.

The field of risk analysis is in debate about whether, and to what extent, risk assessment and risk management activities should be separate endeavors. Risk assessment refers to the study of the “adverse effects of hazards, primarily through estimating probabilities or establishing exposure thresholds.” Risk management builds on risk assessment findings and “develops strategies for dealing with hazards” (Swaney, 1996, p.463). Risk analysis has numerous applications including mediation, scheduling, planning, and policy choices or debate.

Elements of Risk Analysis

The basic elements of risk analysis include probability and valuation.

Probability

Probability refers to the likelihood of a particular statement of fact or scenario being true. Probability is most meaningful for scenarios that can be determined to be objectively true or false. For probability analysis to be effective, the scenario under analysis must not contain implied subjective judgments. The variables of joint and independent probability affect the analytical outcome. Independent events occur when one event is not affected by the occurrence or non-occurrence of another event under consideration. Dependent events are dependent on each other if the probability of one occurring is affected by another event under consideration. Probability analysis results in a set of possible outcomes.

Valuation

Once possible and probable outcomes have been determined, probability analysis progresses to basic valuation analysis. Basic valuation assigns a value to probable outcomes. The variables of relevance, context, and certainty effect the basic valuation (Slavitt, 2005).

Emergence of Risk Analysis

Risk analysis emerged in the public and private sectors in the 1970s. The risk analysis field emerged in response to the environmental, health, and consumer safety movements of the 1960s. The U.S. federal government created numerous federal agencies in the 1960s and 1970s to monitor, analyze, and mediate risks facing the United States. Examples of risk-mediating agencies include the National Transportation Safety Board (NTSB), the Occupational Safety and Health Administration (OSHA), the Environmental Protection Agency (EPA), the Consumer Product Safety Commission (CPSC), and the Nuclear Regulatory Commission (NRC).

"Risk researcher," "risk expert," and "risk analyst" became recognized professions in the 1970s. The risk analysis field's professional organization, the Society for Risk Analysis (SRA), emerged in 1980 and the field's journal, "Risk Analysis: An International Journal," began publication in 1981. The Society for Risk Analysis includes approximately 2000 members from 43 countries. The Society for Risk Analysis' mission includes the following goals and objectives: "Promote the acquisition and utilization of knowledge in risk analysis and facilitate the exchange of information among members; foster and promote knowledge and understanding of risk analysis techniques and their applications; and apply risk analysis techniques to assess the hazards and risks to which individuals and populations are exposed" (Thompson & Deisler, 2005, p. 1340).

The following section describes and analyzes the main steps and elements of the risk analysis process including brainstorming, sensitivity analysis, the Delphi method, decision tree analysis, and modeling. This section serves as the foundation for later discussion of the relationship between risk analysis, cost benefit analysis, and public policy decision-making.

Applications

The Process of Risk Analysis

Risk analysis involves risk evaluation and classification. Risk classification is performed in an effort to create or select effective, efficient, and feasible strategies for risk reduction and mitigation. The process, focus, and tools of risk analysis vary based on the stage, scope, budget, schedule, and quality of the project. The main methods for analyzing risk include: Brainstorming, sensitivity analysis, the Delphi method, decision tree analysis, and modeling.

  • Brainstorming refers to a process of cooperative inquiry used to analyze an issue from multiple perspectives in the interest of uncovering and discussing risks. (Knowing and working to remedy some of the most-common brainstorming problems, such as evaluation apprehension, groupthink, and cognitive narrowing, will benefit the brainstorming process [Wood & Pickerd, 2011].)
  • Sensitivity analysis refers an analytical tool used to explore how economic and financial models will respond to changes in the input values of the variables used to calculate the results.
  • The Delphi method refers to an analytical process in which groups of experts contribute their risk assessment in the interest of reaching consensus.
  • Decision tree analysis refers to a decision-making tool that uses a model of decisions and their potential consequences.
  • Models, along with simulation, are techniques for conceptualizing and predicting risk. A model refers to a mock-up reproduction of a system or problem. A simulation refers to a reproduction of functionality. The Monte Carlo Analysis is an example of a model and simulation. Monte Carlo analysis refers to the use of data obtained by simulating a statistical model in which all parameters are numerically specified. Monte Carlo analysis and simulations may be used to test how an estimation procedure would behave in multiple environments or markets. Monte Carlo Analysis involves the following steps and stages: Range of values, probability distributions, random values for simulation, simulation, and analyses.

Approaches to Risk Analysis

Risk analysis can be quantitative or qualitative in its approach. Qualitative risk analysis involves the following steps, features, and elements: Project team, project scope, data collection, data analysis, and risk mediation or management plan. Qualitative risk analysis, in an organizational setting, requires the establishment of a risk analysis project team. Risk analysis is generally a team effort requiring the development of a risk analysis team and open communication channels. In the private sector, the risk analysis team may include the following people: Representatives of the business owner, designer, constructor, maintenance group, the end-user; people responsible for estimating, scheduling, project management, construction management, and site supervision; and members from procurement, validation, and testing. The project team must define the basis and scope of the risk analysis study and project terminology. In addition, the project team should determine project milestones and phasing. The project team must collect relevant information and data. Determining and executing data collection techniques usually requires the participation and cooperation of the entire team. The project team must analyze results and use results to develop risk management and risk mitigation plan. A risk mitigation plan should identify the major risk events and planned responses to unfavorable outcomes (Basu, 1998).

Risk Management Strategies

Once risk analysis has been completed, risk management strategies and approaches may be implemented. An organizational risk management strategy is generally a corporate-wide approach to business practice. The main methods and elements of risk management strategy operate to integrate the risk management approach into all levels of operations and the organizational culture itself. There are six main strategies or principles that characterize risk management:

  • Develop intimate organizational knowledge.
  • Coordinate the risk management vision with that of the organization.
  • Determine and examine the organization’s vulnerabilities to risk.
  • Balance financials and objectives.
  • Utilize strategic initiatives to close gaps.
  • Continuous assessment and advancement after implementation.

Risk managers require intimate knowledge of organizational operations, goals, and missions to successfully evaluate risk exposures relating to all areas of the organization.

Role of Risk Managers

Risk managers are responsible for creating an integrated risk management strategy that reflects and furthers the goals and values of the organization. Risk managers develop successful risk management strategies by analyzing and planning for possible losses both vertically and horizontally throughout an organization. Risk managers are responsible for identifying the amount of time, effort, and money required to achieve a certain objective. Risk managers use a balanced scorecard methodology (BSC), a management tool that converts the established strategical course of action into operational terms, to connect internal and external processes with their organization’s cultural and financial objectives. Risk managers, along with organizational management, are responsible for finding strategies to close any existing gaps in corporate performance and achievement. Risk managers are responsible for creating a risk management system as well as evaluating and improving its performance. Risk managers use data capture and reporting to measure the effectiveness of risk management initiatives (Jorgensen, 2005).

Managers who feel confident that their organization's policies and controls can handle, maybe even benefit from, openness about risk are more likely to share information that signals risk events and allow the organization to resolve emerging issues in advance of their becoming crises (Krivkovich & Levy, 2013). They see a risk issue developing and mobilize the organization to analyze and remedy it-possibly at the board level and often within a few days.

Risk Management Tools

Risk analysis and risk management work together to transform unacceptable risks into acceptable risks within a normal range. Different types of risks require different types of risk analysis and risk management tools such as risk-based, precaution-based, and discourse-based approaches. Once the risk analysis, evaluation, and risk classification are conducted, the proper risk management tool can be chosen and applied to the problem or situation (Klinke & Renn, 2002). The most common risk management tools include enterprise risk management (ERM), alternative risk transfers (ART), and risk differentiation (Coffin, 2007).

An important part of crafting any risk management policy, according to Wood, Bostrom, Bridges, and Linkov (2012), is to incorporate stakeholder values and point to how a proposal might align with existing stakeholder beliefs. Mental-model diagramming methods collectively provide what Wood et al. call "a golden opportunity for policymakers" to identify these values and beliefs a priori, thereby minimizing the need for trial and error through comprehensive public hearings or other forms of stakeholder elicitation.

Ultimately, risk management relies on and builds on the results generated from risk analysis, risk identification, and risk documentation (Basu, 1998).

Issues

Public Policy, Risk Analysis & Cost Benefit Analysis

The U.S. federal government engages in policy analysis that combines risk analysis and cost benefit analysis. Public policy refers to the basic policy or set of policies that serve as the foundation for public laws. Public policy is often characterized as a social goal, enabling objective, or social solution. The public policy process is a problem-solving activity that solves or resolves a problem or conflict in society. Public policy, requested by society and enacted by government, unites and mediates the relationship between society and government. Public policy is created within a specific historical context, socio-cultural context, and political system. Public policy encompasses and regulates nearly all areas of human and social behavior (Williams & Thompson, 2004).

Public policy is created within or through a policy cycle. The policy cycle process involves both politics and administration. The public policy process includes four major stages: "Agenda setting; policy formulation; implementation; and evaluation" (Skok, 1995, p. 326). These steps are usually though not always sequential. There are numerous actors involved in each stage of the policy cycle. The major players in the policy process are referred to as policy entrepreneurs, social entrepreneurs, issue initiators, policy brokers, strategists, fixers, brokers, or caretakers. While public policy is created by politicians and legislative representatives, public administrators are responsible for policy implementation. In policy implementation, administrators are granted varying degrees of discretion in the details, range, and scope of the policy (Skok, 1995).

The Public Sector & Cost Benefit Analysis

Cost benefit analysis (CBA), a type of investment appraisal also referred to as benefit-cost analysis, is one of the most prominent and widely used analytical and quantitative tools for decision making in the public sector. The federal government recommends cost benefit analysis to its agencies as the main tool to use in an official economic analysis of federal programs and projects. Cost benefit analysis, as an analytical tool or methodological technique, is a practical tool for appraising the desirability of projects particularly in situations when it is important to take a long-term view. In this process, costs and benefits will be enumerated and evaluated (Hough, 1994). Cost benefit analysis provides a systematic and formalized set of procedures for assessing whether to fund and implement a public policy or program. In instances where a choice must be made between public programs or policies, cost benefit analysis can be used to compare the programs and select the most promising one (Mustafa, 1994). Cost benefit analysis is the government's primary economic tool to assess and evaluate proposed resource allocation. The public sector is responsible for allocating public resources. Resource allocation influences economic development, quality of life, and opportunity for the public at large. The public sector works to make decisions about the allocation of resources in ways that promote and sustain economic productivity (Julnes, 2000). Cost benefit analysis is implemented in instances when a cost analysis will supply information that will help decision-makers decide how resources should be divided (Beyea, 1999), based on the idea that government should only undertake programs that promise favorable (usually monetary) return and focuses on the economic efficiency aspects of governmental decision- making (Mustafa, 1994).

Cost benefit analysis, in combination with risk analysis, is used in every area of public sector investment, including in nationalized industries, health expenditures, housing schemes, traffic networks, land-use, town planning problems, and regional development. Cost benefit analysis, though developed in the early twentieth century in United States to assess public sector environmental projects, is practiced throughout the industrialized and developing world. The United States has most notably used cost benefit analysis to assess reservoir projects and disease control. The United Kingdom has most notably used cost benefit analysis to assess major projects such as the M1 motorway, the third London airport, London’s Victoria Line underground, the Morecambe Bay Barrage project and the re-siting of London’s Covent Garden market (Hough, 1994).

Data Development

Cost benefit analysis produces data about the cost and benefit of a program, practice, or investment. This data can be presented in three main ways to aid the evaluation stage of analysis:

  • First, data can be presented in a cost-benefit ratio.
  • Second, data can be presented through a measurement of the current net value of a given project.
  • Third, data can be presented by determining the internal rate of return generated by the investment.

The third method, the internal rate of return or rate-of-return analysis, is the most common cost benefit analysis tool used to evaluate investments and make decisions. Cost benefit analysis provides data with which to assess and rank public sector risks.

Determining Costs

Cost benefit analysis generally begins with a compilation of all the costs and all the benefits of the proposed investment. Costs can include "direct and indirect costs for labor, programming, hiring, training, equipment and supplies, overhead, startup costs, adverse effects, loss of productivity, and morbidity" (Beyea, 1999). The tabulation or computation of costs and benefits is often a process characterized by debate and disagreement. Benefits, in particular, can be extremely difficult to tabulate due to the differing subjectivity, philosophy, and values of the people involved in the assessment process. In theory, cost benefit analysis leads the public sector to choose to undertake projects where the current value of benefits is greater than the total value of costs (Hough 1994). While cost benefit analysis is used to varying degrees in nearly every area of the public sector investment and decision making (including nationalized industries, health expenditures, housing schemes, traffic networks, land-use, town planning problems and regional development), there are areas of public sector decision making where cost benefit analysis proves to be the most applicable and useful and areas where cost benefit analysis cannot be used effectively. Examples include physical investment projects, loan guarantees, clean air initiatives, and big science (Gramlich, 2002).

Cost Benefit Analysis & Comparative Risk Analysis

The public sector uses cost benefit analysis to complete comparative risk analysis (CRA). Comparative risk analysis refers to the process of applying risk analysis to policy choices to "provide a framework for systematically evaluating risk reduction programs and budgets" (Swaney, 1996, p. 463). Comparative risk analysis is undertaken to determine which course of action will best benefit stakeholders. Comparative risk analysis compares and ranks risks based on the opinions of risk analysts and public opinion. Variables that effect comparative risk analysis include the “values problem, the dimensions problem, and the rationality problem” (Swaney, 1996, p. 464). Personal and organizational values are an inherent challenge to risk analysis. The ideas of risk, hazard, harm, unwelcome outcome, and adverse effect are subjective value judgments. Risk analysis does not measure all dimensions of risk but only two dimensions of risk including probability and severity. Risk analysis is effected by different types of rationality (Swaney, 1996).

Ultimately, risk analysis is a crucial part of public policy making process. In particular, risk analysis is a vital tool in the government's efforts to respond to the public concerns about environmental and health impacts that have resulted from rapid scientific and technological change. Risk analysis helps the public and policy makers determine the costs and benefits of public policy choices. Examples of areas of public policy to which risk analysis is applied include the following: Radioactive waste disposal and storage; energy production controls; pesticide usage and monitoring; smoking regulation; tobacco export; and medical research on animals (Ahearne, 1993).

Conclusion

In the final analysis, risk analysis is a crucial component in the operations of the public and private sectors. The main quantitative risk analysis techniques, including brainstorming, sensitivity analysis, the Delphi method, decision tree analysis, and modeling, are used in the public and private sectors (Swaney, 1996). In the public sectors, risk analysis, in combination with cost benefit analysis provide tools for ranking risks and making public policy.

Terms & Concepts

Cost Benefit Analysis: A systematic and formalized set of procedures for assessing whether to fund and implement a policy or program.

Decision Tree Analysis: A decision-making tool that uses a model of decisions and their potential consequences.

Federal Government: A form of government in which a group of states recognizes the sovereignty and leadership of a central authority while retaining certain powers of government.

Mitigation: Efforts taken to reduce either the probability or consequences of a threat.

Public Policy: The basic policy or set of policies that serve as the foundation for public laws.

Public Sector: The economic and administrative enterprises of a local, regional, or national government.

Risk Analysis: The study of the “likelihood that an agent or hazard will produce an adverse effect” (Swaney, 1996, p.463).

Risk Management: The process of evaluating, classifying, and reducing risks to a level acceptable by stakeholders.

Sensitivity Analysis: An analytical tool used to explore how economic and financial models will respond to changes in the input values of the variables used to calculate the results.

Values: Personally and culturally specific moral judgments.

Bibliography

Aheame, J. (1993). Integrating risk analysis into public policymaking. Environment, 35, 16-27.

Banham, R. (2004). Enterprising views of risk management. Journal of Accountancy, 197, 65-71. Retrieved October 18, 2007, from EBSCO Online Database Business Source Complete. http://search.ebscohost.com/login.aspx?direct=true&db=bth&AN=13318843&site=ehost-live

Beyea, S & Nicoll, H. (1999). Finding answers to questions using cost analysis. Association of Operating Room Nurses. AORN Journal, 70, 128-131.

Basu, A. (1998). Practical risk analysis in scheduling. AACE International Transactions, 4.

Coffin, B. (2007). The i word. Risk Management, 54, 4-5.

Gramlich, E. (2002). The methodology of benefit-cost analysis. Vital Speeches of the Day, 69, 68. Retrieved October 18, 2007, from EBSCO Online Database Business Source Complete. http://search.ebscohost.com/login.aspx?direct=true&db=bth&AN=8554177&site=ehost-live

Hough, J. (1994). Educational cost-benefit analysis. Education Economics, 2, 93. Retrieved October 18, 2007, from EBSCO Online Database Business Source Complete. http://search.ebscohost.com/login.aspx?direct=true&db=bth&AN=9707160475&site=ehost-live

Jorgensen, H. Methods & elements of a solid risk management strategy, Risk Management, 52, 53-54.

Mustafa, H. (1994). Conflict of multiple interests in cost-benefit analysis. International Journal of Public Sector Management, 7(3/4), 16. Retrieved October 18, 2007, from EBSCO Online Database Business Source Complete. http://search.ebscohost.com/login.aspx?direct=true&db=bth&AN=3920537&site=ehost-live

Krivkovich, A., & Levy, C. (2013). Managing the people side of risk. McKinsey Quarterly, , 123-128. Retrieved November 13, 2013, from EBSCO Online Database Business Source Complete. http://search.ebscohost.com/login.aspx?direct=true&db=bth&AN=91665820&site=ehost-live

Schuebert, R. (2006). Analyzing and managing risks - on the importance of gender differences in risk attitudes. Managerial Finance, 32, 706.

Slavitt, E. (2005). Using risk analysis as a mediation tool. Dispute Resolution Journal, 60, 18-34.

Skok, J. (1995). Policy issue networks and the public policy cycle: A structural-functional framework for public administration. Public Administration Review, 55, 325-333. Retrieved October 18, 2007, from EBSCO Online Database Business Source Complete. http://search.ebscohost.com/login.aspx?direct=true&db=bth&AN=9507281722&site=ehost-live

Society for Risk Analysis. (2007). Retrieved October 18, 2007, from http://www.sra.org/

Swaney, J. (1996). Comparative risk analysis: Limitations and opportunities. Journal of Economic Issues, 30, 463. Retrieved October 18, 2007, from EBSCO Online Database Business Source Premier. http://search.ebscohost.com/login.aspx?direct=true&db=buh&AN=9606156966&site=ehost-live

Thompson, K., Deisler Jr., P., & Schwing, R. (2005). Interdisciplinary vision: the first 25 years of the Society for Risk Analysis (SRA), 1980-2005. Risk Analysis: An International Journal, 25, 1333-1386. Retrieved October 18, 2007, from EBSCO Online Database Business Source Premier. http://search.ebscohost.com/login.aspx?direct=true&db=buh&AN=19473323&site=ehost-live

Williams, R., & Thompson, K. (2004). Integrated analysis: Combining risk and economic assessments while preserving the separation of powers. Risk Analysis: An International Journal, 24, 1613-1623. Retrieved October 18, 2007, from EBSCO Online Database Business Source Premier. http://search.ebscohost.com/login.aspx?direct=true&db=buh&AN=15456649&site=ehost-live

Wood, D.A., & Pickerd, J. (2011). Problems to avoid when brainstorming fraud risks. CPA Journal, 81, 64-65. Retrieved November 13, 2013, from EBSCO Online Database Business Source Complete. http://search.ebscohost.com/login.aspx?direct=true&db=bth&AN=65030865&site=ehost-live

Wood, M.D., Bostrom, A., Bridges, T., & Linkov, I. (2012). Cognitive mapping tools: review and risk management needs. Risk Analysis: an International Journal, 32, 1333-1348. Retrieved November 13, 2013, from EBSCO Online Database Business Source Complete. http://search.ebscohost.com/login.aspx?direct=true&db=bth&AN=78384634&site=ehost-live

Suggested Reading

Deisler Jr., P. (2002). A perspective: Risk analysis as a tool for reducing the risks of Terrorism. Risk Analysis: An International Journal, 22, 405-414. Retrieved October 18, 2007, from EBSCO Online Database Business Source Premier. http://search.ebscohost.com/login.aspx?direct=true&db=buh&AN=6778345&site=ehost-live

Hofstetter, P., Bare, J., Hammitt, J., Murphy, P., & Rice, G. (2002). Tools for comparative analysis of alternatives: Competing or complementary perspectives? Risk Analysis: An International Journal, 22, 833-851. Retrieved October 18, 2007, from EBSCO Online Database Business Source Premier. http://search.ebscohost.com/login.aspx?direct=true&db=buh&AN=7572022&site=ehost-live

Paté-Cornell, E. (2002). Risk and uncertainty analysis in government safety decisions. Risk Analysis: An International Journal, 22, 633-646. Retrieved October 18, 2007, from EBSCO Online Database Business Source Premier. http://search.ebscohost.com/login.aspx?direct=true&db=buh&AN=6778325&site=ehost-live

Essay by Simone I. Flynn, Ph.D.

Dr. Simone I. Flynn earned her Doctorate in cultural anthropology from Yale University, where she wrote a dissertation on Internet communities. She is a writer, researcher, and teacher in Amherst, Massachusetts.