رویکرد سیستم ها به اعتبار سنجی تحلیلی ریسک برای مدیریت ریسک A systems approach to risk analysis validation for risk management

1. Introduction Risk Analysis shows up in our lives in several arenas. In many of those arenas, e.g. consumer product safety, medical treatment strategies, siting of hazmat facilities, routing of hazmat transport (rail, pipeline, truck), nuclear power and many more, risk analysis does not show up as a set of calculations, but shows up as support for arguments on one side or another (or both) of vigorous public debates over actions, regulations, laws and policies. In those cases the effectiveness of a risk analysis depends on a great deal more than what is typically covered in ‘‘Verification and Validation” (Goerlandt et al., 2016; Aven and Heide, 2009; Sargent, 2013; Petty, 2010; Department of Defense, 2008; United States Coast Guard, 2006). An analysis can be fully verified and validated in a purely analytic sense, yet still be ineffective because it is not accepted and trusted in the public debate it is to support. In particular, if one side of the debate can credibly cast doubt on the risk analysis, its role can be markedly limited. So what we have, there, are cases where the definition of ‘‘Validation” should be extended beyond a solely analytic test of the risk analysis, to concepts of validation covering the effectiveness of the risk analysis in the debate it is to support. That, in turn, calls upon us to adopt a systems approach to risk analysis validation – extending to tests of achieving trust and acceptance in the applicable public debate. This paper presents such a systems approach. That systems approach has several implications. The most important one is that the duty of the risk analyst is not only to conduct all calculations in a valid and validly scoped way, but also to design his or her analysis specifically to most effectively couple with downstream elements standing between the risk analysis and its effectiveness in the real-world risk management process. What matters, at the end of the day, is the risk management that actually occurs, and that risk management is the result of a system of elements, only some of which are the analytic elements of risk analysis. That reasoning is based on the definition of validation presented in ISO 15288: ‘‘Confirmation, through … objective evidence, that the requirements for a specific intended use … have been fulfilled” (International Organization for Standardization, 2015). While that definition is not specifically concerning risk analysis/management, it applies at the more general level of validation of systems approaches, which is the perspective taken in this paper. We add to that the obvious point that in the case of risk analysis for risk management, the specific intended use is to support the risk management involved, that is, the risk management decisions involved. That scope reflects the scope of this special issue, risk analysis in risk management. As Rae et al. (2014) point out, risk assessment ‘‘is used in many domains for many different purposes.”