Risk Management

Composite risk is already a thing and a subset of risk. If we replace risk with composite risk, we only muddy the waters further. I also think we should strive for a common definition of risk across all the engineering disciplines.  Unilaterally adopting a unique definition is not helpful to this goal. 

We need to influence ASCE to clean up its act rather than going through gymnastics to accommodate the mess that's been created by improper use of the word risk.

Thanks for the thoughts, Mitch.

I agree that the term is already in use but disagree about it being a subset. The word composite is used to denote including multiple risk elements, not just one as the Hazard Tool does. As far as I can tell, the Army originated the Composite Risk term to indicate that non-enemy threats such as weather could also affect objectives. The environmental community, among others, has since picked up the term. Nevertheless, I'm not wedded to "composite." I do think a new term is needed, so we disagree on that, too, but disagreement is healthy. I'm hoping for others' informed dissent,

Composite risk is already a thing and a subset of risk. If we replace risk with composite risk, we only muddy the waters further. I also think we should strive for a common definition of risk across all the engineering disciplines.  Unilaterally adopting a unique definition is not helpful to this goal. 

We need to influence ASCE to clean up its act rather than going through gymnastics to accommodate the mess that's been created by improper use of the word risk.

Wiliam - what problem are you trying to solve? If it's just terminology, then I agree with Mitchell. The last thing the risk community needs is another definition of risk. To quote my former professor, Dr. Yoe, "The language of risk is messy." I agree with the ISO 31000 definition of risk as the effect of uncertainty on objectives. At first, I didn't. The objective of infrastructure is to effectively serve a purpose. We evaluate the risk of infrastructure failing. In my line of work, the risk of dam failure. So, it is the effect of uncertainties on site characterization, design, construction, performance, etc. on infrastructure's purpose.

If what you're looking for is a way to evaluate composite risk, I would direct you to Multicriteria Decision Analysis.

If you're wanting to include composite risk in the primer, that is probably OK to introduce the concept of combining multiple dimensions of risk into one value. I'm reviewing the primer and will follow up with comments. A single dimension of risk would be annualized lives lost due to the hazard. Another dimension would be annualized economic damages due to the same hazard. Thus, composite risk presents a method of adding the two together.

We have elected to use a more judgmental approach for composite risk. We numerically estimate both lives lost and economic damages. There are some of our dams where failure might result in economic damages on a national level that could be weighted more than the local lives lost, though we have stopped short of numerically combining them. In those cases, we judge the composite risk to be higher than another dam with similar lives lost.

Regards,

Thanks for the thoughts, Mitch.

I agree that the term is already in use but disagree about it being a subset. The word composite is used to denote including multiple risk elements, not just one as the Hazard Tool does. As far as I can tell, the Army originated the Composite Risk term to indicate that non-enemy threats such as weather could also affect objectives. The environmental community, among others, has since picked up the term. Nevertheless, I'm not wedded to "composite." I do think a new term is needed, so we disagree on that, too, but disagreement is healthy. I'm hoping for others' informed dissent,

Composite risk is already a thing and a subset of risk. If we replace risk with composite risk, we only muddy the waters further. I also think we should strive for a common definition of risk across all the engineering disciplines.  Unilaterally adopting a unique definition is not helpful to this goal. 

We need to influence ASCE to clean up its act rather than going through gymnastics to accommodate the mess that's been created by improper use of the word risk.

Wiliam - what problem are you trying to solve? If it's just terminology, then I agree with Mitchell. The last thing the risk community needs is another definition of risk. To quote my former professor, Dr. Yoe, "The language of risk is messy." I agree with the ISO 31000 definition of risk as the effect of uncertainty on objectives. At first, I didn't. The objective of infrastructure is to effectively serve a purpose. We evaluate the risk of infrastructure failing. In my line of work, the risk of dam failure. So, it is the effect of uncertainties on site characterization, design, construction, performance, etc. on infrastructure's purpose.

If what you're looking for is a way to evaluate composite risk, I would direct you to Multicriteria Decision Analysis.

If you're wanting to include composite risk in the primer, that is probably OK to introduce the concept of combining multiple dimensions of risk into one value. I'm reviewing the primer and will follow up with comments. A single dimension of risk would be annualized lives lost due to the hazard. Another dimension would be annualized economic damages due to the same hazard. Thus, composite risk presents a method of adding the two together.

We have elected to use a more judgmental approach for composite risk. We numerically estimate both lives lost and economic damages. There are some of our dams where failure might result in economic damages on a national level that could be weighted more than the local lives lost, though we have stopped short of numerically combining them. In those cases, we judge the composite risk to be higher than another dam with similar lives lost.

Regards,

Thanks for the thoughts, Mitch.

I agree that the term is already in use but disagree about it being a subset. The word composite is used to denote including multiple risk elements, not just one as the Hazard Tool does. As far as I can tell, the Army originated the Composite Risk term to indicate that non-enemy threats such as weather could also affect objectives. The environmental community, among others, has since picked up the term. Nevertheless, I'm not wedded to "composite." I do think a new term is needed, so we disagree on that, too, but disagreement is healthy. I'm hoping for others' informed dissent,

Composite risk is already a thing and a subset of risk. If we replace risk with composite risk, we only muddy the waters further. I also think we should strive for a common definition of risk across all the engineering disciplines.  Unilaterally adopting a unique definition is not helpful to this goal. 

We need to influence ASCE to clean up its act rather than going through gymnastics to accommodate the mess that's been created by improper use of the word risk.

Dear Jacob

I fully agree with what you say and am happy that you got used to the definition in ISO 31000 (where I was part of our national mirror committee). The linkage to decision theory is interesting and perhaps worth a discussion of its own.

Some 'complications' need to be accepted, though:

1. The reactivation of risks associated with failing mitigation (on the failure tree side) -- this should be taken care of by monitoring mitigation effectiveness -- but also emerging 'secondary risks through mitigating actions as 'by-product' of good intentions, so to speak.
2. The downstream risks in the event tree, which concern problems in dealing with consequences, from the simple case of failing rescue provisions (the fire brigade not making it through the traffic...) to incomplete investigations of the aftermath. For instance, a lesson learnt from the fire in the chemical plant in Basle/Switzerland in 1986 was to construct catchment basins for polluted extinguishing water [https://en.wikipedia.org/wiki/Sandoz_chemical_spill].

Here is a 'risk breakdown' graph by Jörg Schneider (ETH Zurich) on drains to effective risk management (with typical percentages in civil engineering):

Kind regards, Martin

Wiliam - what problem are you trying to solve? If it's just terminology, then I agree with Mitchell. The last thing the risk community needs is another definition of risk. To quote my former professor, Dr. Yoe, "The language of risk is messy." I agree with the ISO 31000 definition of risk as the effect of uncertainty on objectives. At first, I didn't. The objective of infrastructure is to effectively serve a purpose. We evaluate the risk of infrastructure failing. In my line of work, the risk of dam failure. So, it is the effect of uncertainties on site characterization, design, construction, performance, etc. on infrastructure's purpose.

If what you're looking for is a way to evaluate composite risk, I would direct you to Multicriteria Decision Analysis.

If you're wanting to include composite risk in the primer, that is probably OK to introduce the concept of combining multiple dimensions of risk into one value. I'm reviewing the primer and will follow up with comments. A single dimension of risk would be annualized lives lost due to the hazard. Another dimension would be annualized economic damages due to the same hazard. Thus, composite risk presents a method of adding the two together.

We have elected to use a more judgmental approach for composite risk. We numerically estimate both lives lost and economic damages. There are some of our dams where failure might result in economic damages on a national level that could be weighted more than the local lives lost, though we have stopped short of numerically combining them. In those cases, we judge the composite risk to be higher than another dam with similar lives lost.

Regards,

Thanks for the thoughts, Mitch.

I agree that the term is already in use but disagree about it being a subset. The word composite is used to denote including multiple risk elements, not just one as the Hazard Tool does. As far as I can tell, the Army originated the Composite Risk term to indicate that non-enemy threats such as weather could also affect objectives. The environmental community, among others, has since picked up the term. Nevertheless, I'm not wedded to "composite." I do think a new term is needed, so we disagree on that, too, but disagreement is healthy. I'm hoping for others' informed dissent,

Composite risk is already a thing and a subset of risk. If we replace risk with composite risk, we only muddy the waters further. I also think we should strive for a common definition of risk across all the engineering disciplines.  Unilaterally adopting a unique definition is not helpful to this goal. 

We need to influence ASCE to clean up its act rather than going through gymnastics to accommodate the mess that's been created by improper use of the word risk.

Dear Jacob

I fully agree with what you say and am happy that you got used to the definition in ISO 31000 (where I was part of our national mirror committee). The linkage to decision theory is interesting and perhaps worth a discussion of its own.

Some 'complications' need to be accepted, though:

1. The reactivation of risks associated with failing mitigation (on the failure tree side) -- this should be taken care of by monitoring mitigation effectiveness -- but also emerging 'secondary risks through mitigating actions as 'by-product' of good intentions, so to speak.
2. The downstream risks in the event tree, which concern problems in dealing with consequences, from the simple case of failing rescue provisions (the fire brigade not making it through the traffic...) to incomplete investigations of the aftermath. For instance, a lesson learnt from the fire in the chemical plant in Basle/Switzerland in 1986 was to construct catchment basins for polluted extinguishing water [https://en.wikipedia.org/wiki/Sandoz_chemical_spill].

Here is a 'risk breakdown' graph by Jörg Schneider (ETH Zurich) on drains to effective risk management (with typical percentages in civil engineering):

Kind regards, Martin

Wiliam - what problem are you trying to solve? If it's just terminology, then I agree with Mitchell. The last thing the risk community needs is another definition of risk. To quote my former professor, Dr. Yoe, "The language of risk is messy." I agree with the ISO 31000 definition of risk as the effect of uncertainty on objectives. At first, I didn't. The objective of infrastructure is to effectively serve a purpose. We evaluate the risk of infrastructure failing. In my line of work, the risk of dam failure. So, it is the effect of uncertainties on site characterization, design, construction, performance, etc. on infrastructure's purpose.

If what you're looking for is a way to evaluate composite risk, I would direct you to Multicriteria Decision Analysis.

If you're wanting to include composite risk in the primer, that is probably OK to introduce the concept of combining multiple dimensions of risk into one value. I'm reviewing the primer and will follow up with comments. A single dimension of risk would be annualized lives lost due to the hazard. Another dimension would be annualized economic damages due to the same hazard. Thus, composite risk presents a method of adding the two together.

We have elected to use a more judgmental approach for composite risk. We numerically estimate both lives lost and economic damages. There are some of our dams where failure might result in economic damages on a national level that could be weighted more than the local lives lost, though we have stopped short of numerically combining them. In those cases, we judge the composite risk to be higher than another dam with similar lives lost.

Regards,

Thanks for the thoughts, Mitch.

I agree that the term is already in use but disagree about it being a subset. The word composite is used to denote including multiple risk elements, not just one as the Hazard Tool does. As far as I can tell, the Army originated the Composite Risk term to indicate that non-enemy threats such as weather could also affect objectives. The environmental community, among others, has since picked up the term. Nevertheless, I'm not wedded to "composite." I do think a new term is needed, so we disagree on that, too, but disagreement is healthy. I'm hoping for others' informed dissent,

Composite risk is already a thing and a subset of risk. If we replace risk with composite risk, we only muddy the waters further. I also think we should strive for a common definition of risk across all the engineering disciplines.  Unilaterally adopting a unique definition is not helpful to this goal. 

We need to influence ASCE to clean up its act rather than going through gymnastics to accommodate the mess that's been created by improper use of the word risk.

Dear Jacob

I fully agree with what you say and am happy that you got used to the definition in ISO 31000 (where I was part of our national mirror committee). The linkage to decision theory is interesting and perhaps worth a discussion of its own.

Some 'complications' need to be accepted, though:

1. The reactivation of risks associated with failing mitigation (on the failure tree side) -- this should be taken care of by monitoring mitigation effectiveness -- but also emerging 'secondary risks through mitigating actions as 'by-product' of good intentions, so to speak.
2. The downstream risks in the event tree, which concern problems in dealing with consequences, from the simple case of failing rescue provisions (the fire brigade not making it through the traffic...) to incomplete investigations of the aftermath. For instance, a lesson learnt from the fire in the chemical plant in Basle/Switzerland in 1986 was to construct catchment basins for polluted extinguishing water [https://en.wikipedia.org/wiki/Sandoz_chemical_spill].

Here is a 'risk breakdown' graph by Jörg Schneider (ETH Zurich) on drains to effective risk management (with typical percentages in civil engineering):

Kind regards, Martin

Wiliam - what problem are you trying to solve? If it's just terminology, then I agree with Mitchell. The last thing the risk community needs is another definition of risk. To quote my former professor, Dr. Yoe, "The language of risk is messy." I agree with the ISO 31000 definition of risk as the effect of uncertainty on objectives. At first, I didn't. The objective of infrastructure is to effectively serve a purpose. We evaluate the risk of infrastructure failing. In my line of work, the risk of dam failure. So, it is the effect of uncertainties on site characterization, design, construction, performance, etc. on infrastructure's purpose.

If what you're looking for is a way to evaluate composite risk, I would direct you to Multicriteria Decision Analysis.

If you're wanting to include composite risk in the primer, that is probably OK to introduce the concept of combining multiple dimensions of risk into one value. I'm reviewing the primer and will follow up with comments. A single dimension of risk would be annualized lives lost due to the hazard. Another dimension would be annualized economic damages due to the same hazard. Thus, composite risk presents a method of adding the two together.

We have elected to use a more judgmental approach for composite risk. We numerically estimate both lives lost and economic damages. There are some of our dams where failure might result in economic damages on a national level that could be weighted more than the local lives lost, though we have stopped short of numerically combining them. In those cases, we judge the composite risk to be higher than another dam with similar lives lost.

Regards,

Thanks for the thoughts, Mitch.

I agree that the term is already in use but disagree about it being a subset. The word composite is used to denote including multiple risk elements, not just one as the Hazard Tool does. As far as I can tell, the Army originated the Composite Risk term to indicate that non-enemy threats such as weather could also affect objectives. The environmental community, among others, has since picked up the term. Nevertheless, I'm not wedded to "composite." I do think a new term is needed, so we disagree on that, too, but disagreement is healthy. I'm hoping for others' informed dissent,

Composite risk is already a thing and a subset of risk. If we replace risk with composite risk, we only muddy the waters further. I also think we should strive for a common definition of risk across all the engineering disciplines.  Unilaterally adopting a unique definition is not helpful to this goal. 

We need to influence ASCE to clean up its act rather than going through gymnastics to accommodate the mess that's been created by improper use of the word risk.

I like that this message brings to light another level of thinking regarding risk and consequence analysis - the secondary effects!  It may be that the second level effects may grow to the level of the primary effects so such possible situations should be pointed out in the evaluation.

Dear Jacob

I fully agree with what you say and am happy that you got used to the definition in ISO 31000 (where I was part of our national mirror committee). The linkage to decision theory is interesting and perhaps worth a discussion of its own.

Some 'complications' need to be accepted, though:

1. The reactivation of risks associated with failing mitigation (on the failure tree side) -- this should be taken care of by monitoring mitigation effectiveness -- but also emerging 'secondary risks through mitigating actions as 'by-product' of good intentions, so to speak.
2. The downstream risks in the event tree, which concern problems in dealing with consequences, from the simple case of failing rescue provisions (the fire brigade not making it through the traffic...) to incomplete investigations of the aftermath. For instance, a lesson learnt from the fire in the chemical plant in Basle/Switzerland in 1986 was to construct catchment basins for polluted extinguishing water [https://en.wikipedia.org/wiki/Sandoz_chemical_spill].

Here is a 'risk breakdown' graph by Jörg Schneider (ETH Zurich) on drains to effective risk management (with typical percentages in civil engineering):

Kind regards, Martin

Wiliam - what problem are you trying to solve? If it's just terminology, then I agree with Mitchell. The last thing the risk community needs is another definition of risk. To quote my former professor, Dr. Yoe, "The language of risk is messy." I agree with the ISO 31000 definition of risk as the effect of uncertainty on objectives. At first, I didn't. The objective of infrastructure is to effectively serve a purpose. We evaluate the risk of infrastructure failing. In my line of work, the risk of dam failure. So, it is the effect of uncertainties on site characterization, design, construction, performance, etc. on infrastructure's purpose.

If what you're looking for is a way to evaluate composite risk, I would direct you to Multicriteria Decision Analysis.

If you're wanting to include composite risk in the primer, that is probably OK to introduce the concept of combining multiple dimensions of risk into one value. I'm reviewing the primer and will follow up with comments. A single dimension of risk would be annualized lives lost due to the hazard. Another dimension would be annualized economic damages due to the same hazard. Thus, composite risk presents a method of adding the two together.

We have elected to use a more judgmental approach for composite risk. We numerically estimate both lives lost and economic damages. There are some of our dams where failure might result in economic damages on a national level that could be weighted more than the local lives lost, though we have stopped short of numerically combining them. In those cases, we judge the composite risk to be higher than another dam with similar lives lost.

Regards,

Thanks for the thoughts, Mitch.

I agree that the term is already in use but disagree about it being a subset. The word composite is used to denote including multiple risk elements, not just one as the Hazard Tool does. As far as I can tell, the Army originated the Composite Risk term to indicate that non-enemy threats such as weather could also affect objectives. The environmental community, among others, has since picked up the term. Nevertheless, I'm not wedded to "composite." I do think a new term is needed, so we disagree on that, too, but disagreement is healthy. I'm hoping for others' informed dissent,

Composite risk is already a thing and a subset of risk. If we replace risk with composite risk, we only muddy the waters further. I also think we should strive for a common definition of risk across all the engineering disciplines.  Unilaterally adopting a unique definition is not helpful to this goal. 

We need to influence ASCE to clean up its act rather than going through gymnastics to accommodate the mess that's been created by improper use of the word risk.

Thanks, David. Here's an example bow from the 2015 National Petroleum Council study, ARCTIC POTENTIAL - Realizing the Promise of U.S. Arctic Oil and Gas Resources. This figure was developed to help non-expert readers understand the measures used to mitigate the risk of an offshore oil spill.

I like that this message brings to light another level of thinking regarding risk and consequence analysis - the secondary effects!  It may be that the second level effects may grow to the level of the primary effects so such possible situations should be pointed out in the evaluation.

Dear Jacob

I fully agree with what you say and am happy that you got used to the definition in ISO 31000 (where I was part of our national mirror committee). The linkage to decision theory is interesting and perhaps worth a discussion of its own.

Some 'complications' need to be accepted, though:

1. The reactivation of risks associated with failing mitigation (on the failure tree side) -- this should be taken care of by monitoring mitigation effectiveness -- but also emerging 'secondary risks through mitigating actions as 'by-product' of good intentions, so to speak.
2. The downstream risks in the event tree, which concern problems in dealing with consequences, from the simple case of failing rescue provisions (the fire brigade not making it through the traffic...) to incomplete investigations of the aftermath. For instance, a lesson learnt from the fire in the chemical plant in Basle/Switzerland in 1986 was to construct catchment basins for polluted extinguishing water [https://en.wikipedia.org/wiki/Sandoz_chemical_spill].

Here is a 'risk breakdown' graph by Jörg Schneider (ETH Zurich) on drains to effective risk management (with typical percentages in civil engineering):

Kind regards, Martin

Wiliam - what problem are you trying to solve? If it's just terminology, then I agree with Mitchell. The last thing the risk community needs is another definition of risk. To quote my former professor, Dr. Yoe, "The language of risk is messy." I agree with the ISO 31000 definition of risk as the effect of uncertainty on objectives. At first, I didn't. The objective of infrastructure is to effectively serve a purpose. We evaluate the risk of infrastructure failing. In my line of work, the risk of dam failure. So, it is the effect of uncertainties on site characterization, design, construction, performance, etc. on infrastructure's purpose.

If what you're looking for is a way to evaluate composite risk, I would direct you to Multicriteria Decision Analysis.

If you're wanting to include composite risk in the primer, that is probably OK to introduce the concept of combining multiple dimensions of risk into one value. I'm reviewing the primer and will follow up with comments. A single dimension of risk would be annualized lives lost due to the hazard. Another dimension would be annualized economic damages due to the same hazard. Thus, composite risk presents a method of adding the two together.

We have elected to use a more judgmental approach for composite risk. We numerically estimate both lives lost and economic damages. There are some of our dams where failure might result in economic damages on a national level that could be weighted more than the local lives lost, though we have stopped short of numerically combining them. In those cases, we judge the composite risk to be higher than another dam with similar lives lost.

Regards,

Thanks for the thoughts, Mitch.

I agree that the term is already in use but disagree about it being a subset. The word composite is used to denote including multiple risk elements, not just one as the Hazard Tool does. As far as I can tell, the Army originated the Composite Risk term to indicate that non-enemy threats such as weather could also affect objectives. The environmental community, among others, has since picked up the term. Nevertheless, I'm not wedded to "composite." I do think a new term is needed, so we disagree on that, too, but disagreement is healthy. I'm hoping for others' informed dissent,

Composite risk is already a thing and a subset of risk. If we replace risk with composite risk, we only muddy the waters further. I also think we should strive for a common definition of risk across all the engineering disciplines.  Unilaterally adopting a unique definition is not helpful to this goal. 

We need to influence ASCE to clean up its act rather than going through gymnastics to accommodate the mess that's been created by improper use of the word risk.

Thanks, David. Here's an example bow from the 2015 National Petroleum Council study, ARCTIC POTENTIAL - Realizing the Promise of U.S. Arctic Oil and Gas Resources. This figure was developed to help non-expert readers understand the measures used to mitigate the risk of an offshore oil spill.

I like that this message brings to light another level of thinking regarding risk and consequence analysis - the secondary effects!  It may be that the second level effects may grow to the level of the primary effects so such possible situations should be pointed out in the evaluation.

Dear Jacob

I fully agree with what you say and am happy that you got used to the definition in ISO 31000 (where I was part of our national mirror committee). The linkage to decision theory is interesting and perhaps worth a discussion of its own.

Some 'complications' need to be accepted, though:

1. The reactivation of risks associated with failing mitigation (on the failure tree side) -- this should be taken care of by monitoring mitigation effectiveness -- but also emerging 'secondary risks through mitigating actions as 'by-product' of good intentions, so to speak.
2. The downstream risks in the event tree, which concern problems in dealing with consequences, from the simple case of failing rescue provisions (the fire brigade not making it through the traffic...) to incomplete investigations of the aftermath. For instance, a lesson learnt from the fire in the chemical plant in Basle/Switzerland in 1986 was to construct catchment basins for polluted extinguishing water [https://en.wikipedia.org/wiki/Sandoz_chemical_spill].

Here is a 'risk breakdown' graph by Jörg Schneider (ETH Zurich) on drains to effective risk management (with typical percentages in civil engineering):

Kind regards, Martin

Wiliam - what problem are you trying to solve? If it's just terminology, then I agree with Mitchell. The last thing the risk community needs is another definition of risk. To quote my former professor, Dr. Yoe, "The language of risk is messy." I agree with the ISO 31000 definition of risk as the effect of uncertainty on objectives. At first, I didn't. The objective of infrastructure is to effectively serve a purpose. We evaluate the risk of infrastructure failing. In my line of work, the risk of dam failure. So, it is the effect of uncertainties on site characterization, design, construction, performance, etc. on infrastructure's purpose.

If what you're looking for is a way to evaluate composite risk, I would direct you to Multicriteria Decision Analysis.

If you're wanting to include composite risk in the primer, that is probably OK to introduce the concept of combining multiple dimensions of risk into one value. I'm reviewing the primer and will follow up with comments. A single dimension of risk would be annualized lives lost due to the hazard. Another dimension would be annualized economic damages due to the same hazard. Thus, composite risk presents a method of adding the two together.

We have elected to use a more judgmental approach for composite risk. We numerically estimate both lives lost and economic damages. There are some of our dams where failure might result in economic damages on a national level that could be weighted more than the local lives lost, though we have stopped short of numerically combining them. In those cases, we judge the composite risk to be higher than another dam with similar lives lost.

Regards,

Thanks for the thoughts, Mitch.

I agree that the term is already in use but disagree about it being a subset. The word composite is used to denote including multiple risk elements, not just one as the Hazard Tool does. As far as I can tell, the Army originated the Composite Risk term to indicate that non-enemy threats such as weather could also affect objectives. The environmental community, among others, has since picked up the term. Nevertheless, I'm not wedded to "composite." I do think a new term is needed, so we disagree on that, too, but disagreement is healthy. I'm hoping for others' informed dissent,

Composite risk is already a thing and a subset of risk. If we replace risk with composite risk, we only muddy the waters further. I also think we should strive for a common definition of risk across all the engineering disciplines.  Unilaterally adopting a unique definition is not helpful to this goal. 

We need to influence ASCE to clean up its act rather than going through gymnastics to accommodate the mess that's been created by improper use of the word risk.

I like that this message brings to light another level of thinking regarding risk and consequence analysis - the secondary effects!  It may be that the second level effects may grow to the level of the primary effects so such possible situations should be pointed out in the evaluation.

Dear Jacob

I fully agree with what you say and am happy that you got used to the definition in ISO 31000 (where I was part of our national mirror committee). The linkage to decision theory is interesting and perhaps worth a discussion of its own.

Some 'complications' need to be accepted, though:

1. The reactivation of risks associated with failing mitigation (on the failure tree side) -- this should be taken care of by monitoring mitigation effectiveness -- but also emerging 'secondary risks through mitigating actions as 'by-product' of good intentions, so to speak.
2. The downstream risks in the event tree, which concern problems in dealing with consequences, from the simple case of failing rescue provisions (the fire brigade not making it through the traffic...) to incomplete investigations of the aftermath. For instance, a lesson learnt from the fire in the chemical plant in Basle/Switzerland in 1986 was to construct catchment basins for polluted extinguishing water [https://en.wikipedia.org/wiki/Sandoz_chemical_spill].

Here is a 'risk breakdown' graph by Jörg Schneider (ETH Zurich) on drains to effective risk management (with typical percentages in civil engineering):

Kind regards, Martin

Wiliam - what problem are you trying to solve? If it's just terminology, then I agree with Mitchell. The last thing the risk community needs is another definition of risk. To quote my former professor, Dr. Yoe, "The language of risk is messy." I agree with the ISO 31000 definition of risk as the effect of uncertainty on objectives. At first, I didn't. The objective of infrastructure is to effectively serve a purpose. We evaluate the risk of infrastructure failing. In my line of work, the risk of dam failure. So, it is the effect of uncertainties on site characterization, design, construction, performance, etc. on infrastructure's purpose.

If what you're looking for is a way to evaluate composite risk, I would direct you to Multicriteria Decision Analysis.

If you're wanting to include composite risk in the primer, that is probably OK to introduce the concept of combining multiple dimensions of risk into one value. I'm reviewing the primer and will follow up with comments. A single dimension of risk would be annualized lives lost due to the hazard. Another dimension would be annualized economic damages due to the same hazard. Thus, composite risk presents a method of adding the two together.

We have elected to use a more judgmental approach for composite risk. We numerically estimate both lives lost and economic damages. There are some of our dams where failure might result in economic damages on a national level that could be weighted more than the local lives lost, though we have stopped short of numerically combining them. In those cases, we judge the composite risk to be higher than another dam with similar lives lost.

Regards,

Thanks for the thoughts, Mitch.

I agree that the term is already in use but disagree about it being a subset. The word composite is used to denote including multiple risk elements, not just one as the Hazard Tool does. As far as I can tell, the Army originated the Composite Risk term to indicate that non-enemy threats such as weather could also affect objectives. The environmental community, among others, has since picked up the term. Nevertheless, I'm not wedded to "composite." I do think a new term is needed, so we disagree on that, too, but disagreement is healthy. I'm hoping for others' informed dissent,

Composite risk is already a thing and a subset of risk. If we replace risk with composite risk, we only muddy the waters further. I also think we should strive for a common definition of risk across all the engineering disciplines.  Unilaterally adopting a unique definition is not helpful to this goal. 

We need to influence ASCE to clean up its act rather than going through gymnastics to accommodate the mess that's been created by improper use of the word risk.

Hi William,

Thank you for sharing your proposal. I find the idea of using "Composite Risk" very clear, as it explicitly combines probability, causes, and magnitude of consequences. This seems to capture both positive and negative outcomes, which is often overlooked in traditional definitions. I like that it provides a structured approach for discussion and aligns with multi-parameter risk models.

Best regards,
Darya

I accept William's (Bill) definition and use of the term "Composite Risk."

David