[as published in Risk Decision and Policy 1996, 1 (1), 9-31]
A MULTI-LEVEL, MULTI-STAGE AND MULTI-ATTRIBUTE PERSPECTIVE 1 ON RISK ASSESSMENT, DECISION-MAKING AND RISK CONTROL Charles A.J. Vlek Department of Psychology, University of Groningen Grote Kruisstraat 2/1, 9712 TS Groningen, The Netherlands,
[email protected]
Abstract A comprehensive framework is sketched for risk assessment, decision-making and risk control in situations of varying complexity. The exposé starts with a conceptual analysis of risk, based on decision-theoretical and empirical-psychological work on the nature and the dimensions of risks and hazards. Following a seven-level scaling of risks, a model is presented of risk generation and risk management as a process comprising several stages, where differing actors and factors may either increase or diminish overall riskiness. A multi-attribute characterisation of risk is discussed for capturing the multidimensionality as well as the multi-stage nature of risk. This should yield a 'risk profile' containing either objective assessments or subjective evaluations, or both. The profile may serve as a basis for risk communication and decision-making on risk acceptance, the latter to be done following either a maximising or a satisficing decision model. Also, a sequential decision scheme is presented, which allows for a combination of several risk management principles. For high-level aggregate risks in commons dilemma situations - where there is an inherent conflict between individual and collective interests - risk assessment, decisionmaking and risk control are unfolded into nine foci for research and policy attention. Seven strategies for behaviour change to control collective risks are briefly discussed. The final section discusses the importance of a process view of risk management, it provides general conclusions and suggestions, and it deals with remaining loose ends. 1. Introduction Risks abound in our restlessly striving world. They arise when we go too fast or want too much, compared to what we have learned to handle. Large benefits and thrilling sensations may blind us for the associated risks, especially when the effects are temporally delayed (Björkman, 1984). Threats to collective goods may arise through aggregation of a multitude of limited external costs (i.e., environmental exploitation) from numerous individual actors. Not infrequently we are pushed into risk taking through sheer competition with others. Big risks are not only taken for the basic need to survive; we also confront them because we are curious and wish to explore (Allen, 1983). Risks and risk taking are ubiquitous, and we need them, for a variety of reasons: existential, economic, social and cultural. Not surprisingly, therefore, there exist various lines of theorising and empirical study on risks, such as, e.g., in epidemiology, insurance economics, traffic safety, health care and medical decision-making, industrial safety, and environmental policy. The relevant disciplinary perspectives widely vary along statistics, technical engineering, economics, psychology and cultural antropology (see Renn, 1992, for an overview). Throughout history, men and women always had to take, and have taken risks; they were a normal component of everyday life. In recent times, however, modern society seems to have become unusually risk-aware. Lübbe (1992) has attempted to explain the rise of the 'risk society' (Beck, 1986) as follows. More of the world has become man-made and man-controlled 1
This article has emerged from a background study (Vlek, 1990) followed by several years of intense discussions in the Committee on Risk Measures and Risk Assessment of the Health Council of The Netherlands, whose two advisory reports to the Dutch Government were published in the spring of 1995 and 1996, respectively. The author gratefully acknowledges a multitude of comments and suggestions provided by committee members. He is especially indebted to W.F. Passchier, the project's scientific administrator, for his selections of relevant literature, his partnership in several enlightening discussions, and the provision of comments on a draft version of this paper.
than ever before. The environmental impacts of technology-based activities have become frighteningly apparent. Loss of feedback - 'as a result of civilisation' - has obscured our view of natural process cycles. Rapid technological and social changes undermine life's predictability. Social complexity and information overload boost uncertainties. Individualisation has diminished social control. And our demand for security has grown as a result of increased material safety, comfort and wealth. Modern man, says Lübbe, no longer accepts vital risks as belonging to his fate or destiny (however divine). Risks have become foreground phenomena, and their management a main task of those who initiate them. Research questions and policy issues about risks and risk taking are revolving around risk assessment, acceptance decision-making, and risk control. How individuals deal with personal risks is a topic for psychologists: risk assessment, acceptance and control are all 'in one hand'. How a larger community deals with public or collective risks is another matter. For this may involve expert analysis and assessment, socio-political evaluation and decision-making, and well-organised risk control. These three key activities may be conducted by different parties having differing basic knowledge, values, decision power and control abilities vis-à-vis the risks. The three key activities naturally follow from three essential questions that any theoretical framework and practical methodology for dealing with risks should be able to handle: 1. How risky is a given activity or situation? (or: how safe is it?) 2. Is it not too risky? (or: is it safe enough?) 3. How could its riskiness be reduced? (or: how could its safety be increased?) Answering these questions requires a conceptualisation and a methodology for: (1) the analysis and assessment of risk, (2) the evaluation of, and decision-making about risk acceptance, and (3) effective risk control and general safety management. But developing and applying appropriate concepts and methods is not an easy task, because of the great variation in types of risk, and because of the actual or potential involvement of different parties. Thus there is a need for a classification of risks for the purposes of optimising concepts, methods and procedures for risk assessment, decisionmaking and risk control. Most often, 'risk' is not a static component of an activity or situation (or system of activities), which can be easily measured and decided about, such as in one-shot, well-defined gambles. Instead, in most real-life situations risk is a function of so many factors, technical-physical as well as cognitive-behavioural and social-organisational, that risk may well be seen as a process rather than some kind of 'substance' which could be clearly pinpointed. Therefore, conceptual tools and methods for risk assessment, decision-making and risk control must be supplemented with useful procedures for applying these tools and methods in multi-stage, multi-party risk situations. Before we embark upon a multi-level distinction of risks, let us first consider some differences between formal-theoretic definitions and cognitive-empirical dimensions of risk and riskiness. Thereafter, a relatively low-level, single-source risk approach will be expounded, and this is followed by an approach which is focused on relatively high-level, multiple-sources risks for larger parts of society or the environment. Several concepts, methods and strategies are unfolded, that may aid researchers as well as policy makers to understand risk generation, to systematically evaluate risky activities or situations, to arrive at proper decisions about them, and to design and implement adequate risk control policies. 2. Definitions and dimensions of risk Twenty years ago, when social scientists started to get involved in acceptable-risk debates (e.g., Lowrance, 1976; Slovic, Fischhoff and Lichtenstein, 1976; Rowe, 1977), there seemed to be a solid belief in the statistical and engineering community that 'risk' was a one-dimensional concept whose size or seriousness could be quantitatively assessed. Fairly soon, however, this idea was strongly criticised. Following Kaplan and Garrick (1981) risk cannot be properly expressed in terms of a single number or even a single curve. In their view the best formal
2
definition of risk is a probability distribution of possible (future) frequencies of harmful consequences, which themselves may be multidimensional in nature. More complicating still was the gradual unfolding of a host of differing definitions of risk (e.g., Coombs, 1972; Libby and Fishburn, 1977; Vlek and Stallen, 1980). A recent survey (Vlek, 1990) yielded about ten distinct formal risk definitions, as summarised in Table 1. Table 1. Formal definitions of risk or riskiness (adapted from Vlek, 1990) 1. Probability of undesired consequence 2. Seriousness of (maximum) possible undesired consequence 3. Multi-attribute weighted sum of components of possible undesired consequences 4. Probability x seriousness of undesired consequence ('expected loss') 5. Probability-weighted sum of all possible undesired consequences ('average expected loss') 6. Fitted function through graph of points relating probability to extent of undesired consequences 7. Semivariance of possible undesired consequences about their average 8. Variance of all possible consequences about mean expected consequence 9. Weighted sum of expected value and variance of all possible consequences 10. Weighted combination of various parameters of the probability distribution of all possible consequences (encompasses defs 8 and 9) 11. Weight of possible undesired consequences ('loss') relative to comparable possible desired consequences ('gain')
This collection of risk definitions may be condensed by viewing risk as the characterisation of: (a) a single possibility of accident, loss or disease (defs 1-4), (b) a collection of accident possibilities (defs 5-7), and (c) an activity having accident (and other) possibilities (defs 8-11). Table 1 does not contain various informal definitions of risk, such as 'set of possible negative consequences' or 'lack of perceived controllability'. The variety of risk definitions reflects the difficulty of answering the basic question of any risk manager: "What should, and what should not be comprehended by a concept that could be meaningfully called 'risk'?" In their own search for a valid answer to this question, social and behavioural scientists have discovered a variety of basic dimensions of perceived risk or riskiness. They found out that different groups of 'risk perceivers' rated, or compared, the riskiness of heterogeneous sets of risky activities and situations as following various basic risk characteristics. Various tasks have been presented to available respondents, such as, e.g., ratings of risky activities on a set of explicit risk variables, rank ordering of risky activities following their perceived riskiness and/or acceptability, and sorting a collection of risky activities in groups of similar items. Some relevant studies are: Fischhoff, Slovic, Lichtenstein, Read and Combs (1978), Slovic, Fischhoff and Lichtenstein (1980, 1984), Vlek and Stallen (1981), Renn (1983), Kuyper and Vlek (1984), Kraus and Slovic (1988), and Gardner and Gould (1989). Apart from this there have been theoretical analyses of activities and situations, which have yielded a number of characteristics that policy makers are recommended to take into account when approaching particular risky decision situations; see Vlek and Stallen (1980), Otway and Von Winterfeldt (1982), Hohenemser, Kates and Slovic (1983), Hansson (1989), Jungermann (1990), and Nordberg-Bohm, Clark, Bakshi et al. (1992). From this empirical and theoretical work Vlek and Keren (1992) have compiled the list of basic dimensions underlying the perceived riskiness of an activity or situation, which is given in Table 2. Using this set of dimensions one may either diagnose the reasons why a particular activity or situation is (to be) perceived as 'risky', or one may deliberately change a given activity or situation such that it appears to be riskier, or safer, than it originally was. One problem here is that various groups of respondents attach varying weights to such dimensions and hence also to judged riskiness; this is related to group attitudes towards the expected benefits of a risky activity (Vlek and Stallen, 1981; Buss and Craik, 1983; Kuyper and Vlek, 1984; Kraus and Slovic, 1988; Gardner and Gould, 1989). The eleven dimensions of Table 2 cover most of the seven categories comprising the 32 aspects of risk listed by Vlek and Stallen
3
(1980), whose analysis and review also yielded 'condition of the subject' and 'confidence in experts/regulators' as separate categories. In Table 2 these two would be subsumed under dimension 6: controllability of consequences. Table 2. Basic dimensions underlying perceived riskiness 1. Potential degree of harm or fatality 2. Physical extent of damage (area affected) 3. Social extent of damage (number of people involved) 4. Time distribution of damage (immediate and/or delayed effects) 5. Probability of undesired consequence 6. Controllability (by self or trusted expert) of consequences 7. Experience with, familiarity, imaginability of consequences 8. Voluntariness of exposure (freedom of choice) 9. Clarity, importance of expected benefits 10. Social distribution of risks and benefits 11. Harmful intentionality
The eleven risk dimensions in Table 2 may be seen as elaborations of, or as supplements to the formal risk definitions in Table 1. Dimensions 1-4 provide specifications for the terms 'undesired consequence' and 'components of undesired consequences' in Table 1. Dimensions 5-7 qualify the terms 'probability' and 'probability distribution' in Table 1, and they convey the message that these may be under partial control of the people involved. Control over possible consequences often correlates with decision control and freedom of choice, covered by dimension 8 in Table 2, which is absent in Table 1 because formal risk definitions stem from frameworks in which full autonomy of decision makers (i.e., complete voluntariness of exposure to risk) is presupposed. Dimension 9 in Table 2 may sound somewhat disturbing: the perceived riskiness of an activity varies with the clarity and importance of its benefits; this means that riskiness is perceived relative to expected benefits, which is in line with risk definition 11 in Table 1. Having emerged from risk perception research, dimension 9 badly needs closer investigation so that its underlying dimensions ('perceived beneficiality') may be differentiated. 3. Levels of aggregation in risk Thus, risk and riskiness may vary greatly, depending upon the definition chosen and/or the dimensions perceived relevant. In view of this, an ordering classification of risks may be helpful. Let us consider the following. At one extreme, risks and risk taking may be highly personal, in which case assessment, decision-making and control largely fall under a single individual's responsibility. At the other extreme, risks may be the aggregate result of numerous individuals' negative externalities (costs that they don't bear themselves), and risk taking is a collective affair, which may long remain implicit - whilst individual cost externalisation goes on. Principal differences among various risk generation and risk management problems may be well understood when such problems are ordered along seven scale-levels of human action with its possible consequences and effects. These are summarised in Table 3, which is extended from RIVM (1989). The various levels run from personal to global risks and risk taking. Obviously, the nature and the number of relevant risk takers, potential victims and risk managers is rather different for the seven levels. For one thing, the more 'global' one gets in Table 3, the more 'social' any risk assessment and decision-making will be. Correspondingly, risk generation and the responsibility for risk control shift from strictly personal to almost unmanageably collective, as one goes from top to bottom in Table 3.
4
Table 3. Different scale-levels of risk and risk management Level: Key-words to illustrate risk: 1. personal smoking, drinking, illness 2. indoor air quality, radon, home accidents 3. local traffic, hazardous industry, metropolitan smog 4. regional pollution of atmosphere, soil, groundwater 5. fluvial contamination of rivers, lakes, coastal zones 6. continental acid precipitation, CO2-emissions, large-scale deforestation 7. global ozone-layer depletion, greenhouse effects on climate, sea-level
But there are other significant differences as well. The two extremes, personal and global risks and risk taking would seem to differ from one another especially in that global risks are moreencompassing socially and geographically, involve longer-term consequences and effects, are more uncertain to assess, are less controllable, less familiar, and are more unevenly distributed socially, than personal risks, which are more of a 'here and now' character (but not always) and can be more easily assessed, decided-upon and controlled. Also, 'harmful intentionality' may, as yet, be more easily associated with lower-level than with higher-level risks. Dimensions 8 en 9 in Table 2, 'voluntariness of exposure' and 'clarity, importance of expected benefits', are a special distinguishing characteristic of personal versus global levels of risk. As one goes from the personal to the global level in Table 3, more and more people seem to be involved. We should realise, therefore, that global risks largely arise from the aggregation, in time and space, of negative external effects from individual activities involving personal benefit-seeking. Thus the benefits may be clear and important for each individual concerned, who may well seek them voluntarily. But the 'global' risk that arises is an involuntary aggregate consequence, hard to be weighed against the individual benefits. The control of such large-scale collective risks can only be performed via changes in the costshifting behaviours of individual benefit seekers. This constitutes a 'commons dilemma' problem, whose understanding and management will be further discussed in a later section of the paper. The main implication of Table 3 is that risk assessment, decision-making on risk acceptance, and risk control are rather different processes at the various scale-levels. Hence, the theory, methods and strategies underlying these three critical risk management activities may be entirely different for the lower versus the higher scale-levels of Table 3. In the remainder of the paper this will be illustrated with an elaboration of lowel-level, (personal, indoor, local) risk assessment, decision-making and risk control. This may be applicable, say, to the risks of medical operations, hazardous transports, and industrial installations. Later in the paper, a concise description is (and overview references are) provided on higher-level (from regional to global) risk assessment, decision-making and risk control. This will be done in the context of so-called commons dilemmas which give rise to collective costs and risks for society and/or the environment. Examples here are the formation of tropospheric smog during high-pressure weather periods, soil contamination through wide-spread agricultural use of nutrients or pesticides, and global atmospheric warming through massive CO2-emissions. While this distinction - roughly: between small-scale and large-scale risks - is being made, it will become apparent that diagnosing the process of risk generation, i.e., the gradual emergence of a possible cost or loss, gets more important as one goes from the personal to the global level of risk and risk taking following Table 3. 4. Risk generation and management as a process A golden rule for any kind of problem-solving is: first diagnose, then decide, and finally intervene (and evaluate). For risk management this would involve that the origins and causes of risk are clearly charted, before any decision on risk acceptance is made and risk control is being conducted. Or, if conceived dynamically, there should be a continuous interaction
5
between risk assessment as diagnosis (and evaluation), decision-making on risk acceptance, and risk control as intervention. Such diagnosis and planned intervention for risk control may be done explicitly, with the aid of human cognitive, social and/or technical facilities. In everyday life, however, diagnosis and intervention for risk control often proceed 'automatically', on the basis of some well-established habitual behaviour (such as, e.g., in city bicycling or during medical surgery - by the doctor). Stage-models of risk generation, decision-making and risk control have been proposed by several authors. Table 4 summarises three different views, as developed by Hohenemser, Kates and Slovic (1983), Merkhofer (1987) and Vlek and Keren (1992), respectively. Table 4. Multi-stage models of risk generation and management Hohenemser et al., 1983 Merkhofer, 1987 Vlek & Keren, 1992 1. - human needs 2. - human wants 3. - choice of technology 4. - initiating events 5. - energy/materials' release 6. - exposure to energy/materials 7. - human/environmental effects 8. 9.
- risk source - exposure processes - ultimate effects - consequence valuation
- need arousal, goal specification - design of relevant activities - evaluation of alternatives - choice of activity - implementation of chosen option - monitoring and control of activity - emergency situation - accident occurrence - feedback toward above components
An intriguing question, of course, is whether such models as in Table 4 can be extended so as to both cover the phases of risk assessment, decision-making and risk control, and accommodate the basic dimensions of risk as summarised in Table 2. Also, one would wonder how any stage-model of risk generation and management applies to large-scale, multiplesources risks in commons dilemma situations. In an attempt to answer these questions, the Health Council of The Netherlands 2 (Gezondheidsraad, 1996) has adopted a multi-stage model as represented in Figure 1. This model pictures risk generation and management as a function of the social context, human needs and preferences, activity design and planning, and the choice of a specific goal-directed activity. Once selected, an activity may be implemented according to plan and yield the intended benefits as well as some anticipated negative side-effects. This is portrayed in the lower left line of the box diagram. Or the activity may develop into a 'failing realisation' (the lower right line in Figure 1), whereby unanticipated quantities of energy (as in an explosion) and/or hazardous materials (as in gaseous or liquid emissions) are released. The spreading and the eventual harmful effects of any energy and/or materials' release depend upon situational characteristics such as the vicinity of people, weather conditions, or accident-mitigating activities by rescue workers. The splitting of the single upper line into two lower lines of blocks in Figure 1 also emphasises the fact that risk evaluation and risk taking involve a weighing of benefits (from 'planned realisation') against costs and risks (under 'failing realisation'). To the right of the entire block diagram in Figure 1 a listing is given of pertinent attributes or variables that may contribute to, or detract from the 'riskiness' of the process as a whole. For example, attribute 1: the availability of certain goods or services, may stimulate someone to try to obtain these for achieving particular goals. Under attribute 5, the sheer necessity of a certain good or service may force one to accept the associated risks. Attributes 13: complexity,
2
The final version of this model deviates somewhat from Figure 1, which was initially designed by P.J.M. Stallen in collaboration with the author.
6
Figure 1. Process model of risk generation, showing separate lines for ‘planned realization’ (lower left) and for ‘failing realization’ (lower right), respectively. At the right of the block diagram is a corresponding listing of 42 attributes of risk or riskiness.
15: time horizon, and 16: familiarity of risks, may make it either easy or hard to choose among different alternatives. Whether or not a selected activity may be realised according to plan, very much depends upon its perceived controllability (attribute 20), one's familiarity with failurecontrol procedures (attribute 22) and one's safety goals (attribute 23). Further down Figure 1, an activity's riskiness depends upon the nature and concentration of released energy and/or
7
materials (attribute 24), its environmental persistence after release (attribute 28), and the degree to which environmental qualities are reduced (attribute 30). 'Riskiness' also depends upon the extent to which exposed people (and/or animals) can adequately cope themselves with (e.g., escape from) any accident effects (attribute 34). And finally, the ultimate effects of 'failing realisation' of an activity may comprise deaths (attribute 36), loss of well-being (attribute 39), and/or environmental damage (attribute 41), all of which have a certain time-course and degree of restorability. In Figure 1, the formal risk definitions of Table 1 are not easy to recognise. This is because formal definitions are focused on possible negative consequences in static, well-defined decision situations. Attribute 21: probability of failure or disturbance, is relevant here, as well as attributes 36-42, which may serve as descriptors of negative final effects of 'failing realisation'. In contrast, the eleven basic dimensions of risk as given in Table 2, may all be found somewhere in the list of Figure 1. For example, as just discussed, attributes 36-42 pertain to dimension 1 in Table 2: potential degree of harm or fatality. Dimension 3: social extent of damage, is covered by attribute 31. The important dimension 6 in Table 2: controllability of consequences, is reflected in attributes 2, 9, 10, 12, 20 and 34 of Figure 1, thereby reflecting the fact that 'controllability' itself is a multi-stage, multi-faceted foundation of risk. And attributes 3, 5, 8 and 14 are relevant (albeit in different ways) under dimension 8: voluntariness of exposure. The 42 risk attributes in the right half of Figure 1 constitute a checklist for assessing and evaluating a particular risky activity or situation, and for designing practical measures for controlling overall riskiness. Obviously, there are redundancies and overlaps in this list, and empirical research should yield (further) conclusions about the basic, independent dimensions of risk at various levels and in different domains of human activity. Given the variety of factors underlying risk generation as depicted in Figure 1, it is concluded that risk management - as involving risk assessment, decision-making and risk control - can only partly be a process of technical-physical system manipulation. For an important part it relies on individual human knowledge, judgement and skills. And for the remaining part it is a matter of social-organisational quality, i.e., of effective communication and collaboration among risk management team members. 5. Multi-attribute risk characterisation However strongly one may feel that 'risk' emerges in a multi-stage process, it may nevertheless be desirable to arrive at a compact and sufficiently comprehensive description of the risks inherent in a given activity or situation. Such a summary characterisation may be needed for public deliberation, for political judgement and decision-making, for the communication of decisions made, and for the justification of safety policies. Given the large number of potentially relevant risk attributes, as illustrated in Figure 1, it seems obvious to attempt to carry out a multi-attribute risk characterisation. Briefly, this would involve two basic steps: (1) identification and selection of relevant risk attributes, and (2) the scoring of a given activity or situation with respect to each attribute so as to obtain a multi-attribute risk profile. If one were to go further on the way towards full risk quantification, two additional steps would be: (3) assignment of importance-weights to each relevant attribute, and (4) weighted aggregation of all attribute scores in order to obtain one single numerical risk figure for the activity or situation under consideration (see Edwards and Newman, 1982, Von Winterfeldt and Edwards, 1986, Yoon and Hwang, 1995, for basic models and methods of multi-attribute evaluation). Following the above four steps may seem simpler than it is. Properly making step 1 requires you to generate relevant risk attributes. This may be done following the multi-stage model of Figure 1. Or one may determine risk attributes by systematically comparing various different activities or situations for their distinguishing characteristics. Or one may perform a hierarchical multi-attribute analysis of desired overall 'safety', which may be laid out as a concept involving
8
subgoals, each to be differentiated into various specific safety objectives. But then you would have to select the relevant ones, i.e., those that are both important and nonredundant or nonoverlapping. And you would not want to end up with too many ones, in view of the scoring task of step 2. Also, each risk attribute must be concrete and specific enough for you to be able to assess its value for a given activity or situation. For step 2, the scoring itself, you may have different kinds of information available. This may allow you to score some risk attributes 'objectively' and others by 'expert judgement' or 'public perception'. Also, some attributes may be scoreable on a ratio scale of (multipliable) numbers, while other attributes could only be scored on interval scales (allowing for comparison of differences), or on ordinal scales which only permit rank ordering. However the scoring is done, the end result should be an informative risk profile telling its observer what kind of risk (s)he is dealing with and how high or low an activity or situation scores on its relevant attributes. Full quantification of a multi-attribute risk into a one-dimensional number may serve the purpose of allowing you to numerically compare different risky alternatives, and/or to weigh a multi-attribute risk against a similarly quantified multi-attribute benefit. However, the importance-weighting of individual risk (or benefit) attributes presupposes that these are commensurable. That is, equal scores on each weighted attribute scale should reflect comparable contributions to overall riskiness. Otherwise, weighted aggregation of attribute scores would not be allowed, and a one-figure risk quantification would be meaningless. But commensurability may be too much asked, if one is dealing with a subset of risk attributes as variable in meaning as in the list of Figure 1. We may therefore conclude that a multi-attribute risk characterisation in itself may be necessary and useful, but that a full-fledged weighted aggregation of attribute scores may be impossible or unwarranted, and that it may (therefore) turn out to be counterproductive in any risk management context (but see the examples below). Fischhoff, Watson and Hope (1984) have explicitly defined 'risk' as a weighted combination of value judgements across relevant attributes indicating possible harm or damage. In their analysis, which applies to differing ways of electric power generation, they state that the uncertainty about an alternative's score on a given risk attribute may be accounted for by assessing a probability distribution of all possible scores. A point estimate of the 'score' on that attribute may then be computed by taking the expected value of all possible scores. The overall riskiness of the alternative considered is then defined as the weighted sum of all (expected) attribute values. Fischhoff et al. (1984) realise that the creation of a multi-attribute risk profile very much depends upon the selection of relevant attributes, their scoring, and the assignment of relative-importance weights. Since the several steps in this procedure may well be conducted under the influence of personal or institutional values, they suggest that the construction of a multi-attribute risk index (quantifying the profile) may be 'a political act'. This implies that 'risk', once characterised and perhaps quantified, cannot be a purely (or should we say: 'value-free'?) scientific concept. This inevitable conclusion also, but more simply, applies to any formal risk definition (Table 1) containing a valued (effects) component. A carefully conducted and highly instructive multi-attribute risk analysis on possible nuclear waste repository sites in the U.S.A. was published by Merkhofer and Keeney (1987). These authors considered five options: Davis Canyon (Utah), Deaf Smith (Texas), Richton Dome (Mississipi), Hanford (Washington), and Yucca Mountain (Nevada), with respect to various pre- and postclosure objectives. To illustrate, a 'preclosure objectives hierarchy', elaborated from the general goal of 'minimising adverse preclosure impacts', specified 14 different objectives by which potential sites could be evaluated. Some examples are: 'minimise worker radiological health effects', 'minimise public nonradiological health effects due to transportation', 'minimise aesthetic environmental degradation', and 'minimise repository costs'. The authors then proceeded to collect expert-assessed performance measures of the five sites with respect to these risk attributes. They subsequently established formal utility functions based on evaluations obtained from the Office of Civilian Radioactive Waste Management of the U.S. Department of Energy (DoE). Combining the results of the pre- and
9
postclosure multi-attribute risk analyses yielded an overall rank ordering of the five sites, in which Yucca Mountain turned out the most, and Hanford the least favourable site for establishing the repository. In view of a deviating final selection by the DoE itself, Merkhofer and Keeney (1987) conclude that, of course, relevant other risk attributes may have been left out of their analysis, and that DoE officials may have selected an optimal portfolio of three different sites rather than the three 'best' options. More generally, the authors recommend the use of independent technical experts' panels for determining each option's performance measures on relevant objectives. They also propose that local politicians and other community representatives are invited to participate in the selection of relevant risk attributes and the specification of value judgements concerning technical performance scores. Von Winterfeldt (1992) explicates the 'multiple-stakeholder approach' that naturally goes along with complex multi-attribute risk analysis. The proposed methodology comprises five steps: (1) problem formulation, including stakeholder identification, (2) development of objectives and construction of value trees, (3) experts' assessment of risks, costs, benefits and other impacts, (4) elicitation of a multi-attribute utility model from stakeholders, and (5) sensitivity analyses and 'option invention' (the latter aimed at identifying a possible 'consensus option'). By using this approach one may explore the value side of a risk problem and highlight specific value conflicts among stakeholder groups; one may analyse the factual side of a problem by eliciting technical data and judgements from various independent experts; and one may study the implications of conflicting stakeholder values and differing expert assessments for the evaluation of available policy options. One may thus overcome a serious dilemma in complex risk management: "The experts should not control society's technological choices, but the public and their political representatives are not sufficiently informed to assume complete control themselves" (Von Winterfeldt, 1992, p. 324) 6. Decision-making on risk acceptance From empirical research on the dimensions of perceived risk (see Table 2 plus text above) an early conclusion ventured by Vlek and Stallen (1981) was that risk acceptance seemed to revolve around three key questions concerning a particular activity or situation: (1) Are the benefits large enough? (2) Is the maximum credible accident (or: the catastrophe-potential) low enough? And (3) is the activity or situation sufficiently controllable? Simpler riskacceptance rules than this three-dimensional satisficing heuristic might be so-called choiceproduction rules of the type 'if this and this, do such and so'. For instance, when you are about to stumble down a staircase: go slower and hold the handrail. At the other, formal-analytic extreme lies a full-fledged multi-attribute risk and decision analysis of the type conducted by Merkhofer and Keeney (1987); see the explication above. Let us more generally consider how one might proceed when multi-attribute risk characterisation has taken place. Decision-theoretically, when a multi-attribute risk profile has been established, a decisionmaker may follow roughly two general models. The first one, labelled 'maximising', implies a comparison of two or more alternative options and a rank ordering of these on the basis of their multi-attribute risk profile. This yields a conclusion about which alternative is the 'riskiest' and which the 'safest', or - more modestly perhaps - which alternative seems to have the 'best' risk profile. The comparison and rank ordering required may be done on qualitative, i.e., judgemental grounds, as when one critically considers each multi-attribute profile (without any explicit numerical statements). Or the comparison and rank ordering may be done on the basis of some weighted-aggregate risk score which numerically summarises a multi-attribute profile. A maximising approach is most suitable for strategic decision problems involving risk. Example of 'maximising' decision-making have been discussed above. The second model of decision-making, labelled 'satisficing', involves a consideration of one multi-attribute risk profile at the time, and testing its actual scores against pre-set acceptance criteria on the various risk attributes. This amounts to testing a given course of action against available risk standards, and it requires that such (reasonable and valid) standards have been
10
adopted a priori. There are three submodels of 'satisficing', viz. the conjunctive, disjunctive and compensatory-weighting model. Applying these would yield an acceptance decision when all, or a subset, or some weighted combination of risk attribute standards have been met, respectively. A satisficing approach is most suitable for tactical decision problems. Because of its special suitability and popularity for practical policy making, we will come back to it immediately below. A third general way of making decisions, frequently used in everyday life, involves the application of simple choice-production rules, as indicated in the introductory paragraph to this section. Due to their pre-programmed and often automatic character, risk-acceptance choices made in this way may hardly be called decisions. But they nevertheless are very effective, as well as effort- and time-saving, and sufficiently rewarding in many practical contexts. Choiceproduction rules are effective for solving operational decision problems. Table 5 summarises the three general ways of making decisions and it also indicates the type of decision problem and the quality of the decision going along with them. Table 4. Three general ways of making decisions on risk acceptance Type of problem
Decision approach
Nature of decision
Strategical Tactical Operational
Analytic: maximising Standardised: satisficing Automated: rewarding
'Best alternative' 'Acceptable course' 'Positive outcome'
In many practical cases, the risk problem is 'tactical', i.e., there is a single course of action, or a given situation, which is being questioned as regards its 'acceptability'. Thus the decisionmaker may consider a satisficing approach for which risk attribute standards are needed, and valid attribute scores have to be assessed. Such an approach may facilitate risk-acceptance decision-making by itself, but it heavily relies on prior decision-making concerning operational risk standards. Fischhoff (1984) has extensively discussed the pros and cons of standard setting, and he lists eleven circumstances under which standards testing may be applied. Standards setting and standards testing constitute a practicable and convincing approach towards decision-making on risk acceptance. Its application, however, is limited to well-defined categories of activities or situations, which are more or less comparable amongst each other. Comparability may obviously be determined on the basis of multi-attribute risk profiles. And, obviously (but not so for some), standards monitoring and enforcement should necessarily follow in the wake of any standards-testing decision on risk acceptance. Although it may seem as if decision-making on risk acceptance implies comprehensive decisions of a 'go/no go' character, actually such decision-making may differentially apply to separate stages in the total process of risk generation following Figure 1. For example, decisions - of either a maximising or a satisficing, i.e., standards-testing character - may pertain to goals and preferences, design and planning, feasible courses of action, differing ways of implementing a chosen alternative, and various safety measures. Any set of stagespecific decisions may well start from a careful consideration of a multi-attribute risk profile, and they may greatly contribute to reducing the riskiness of the overall process by which a given activity or situation emerges and is being managed. The decision approaches summarised in Table 5 seem to be mutually-exclusive and selfcontained. More often than not, however, risk acceptance is the result (or even the by-product) of a dynamic process of assessment, decision-making and control, in which several management principles may be successively applied. Inspired by the safety policy of the International Commission on Radiological Protection (ICRP-26, 1977), a sequential decision-making scheme may be followed, in which risk limitation, the ALARA principle (risks should be As Low As Reasonably Achievable), trading-off of risks against benefits ('justification'), and comparison of options (maximisation) are put forward as logically successive
11
evaluation grounds for 'acceptable risk'. The full scheme is displayed in Figure 2 (translated from Vlek, 1990).
Figure 2. Sequential decision-making scheme in which risk limitation (question 2), the ALARA principle (question 3) and ‘justification’ (question 7) are successively applied, with a change-over from a ‘satisficing’ to a ‘maximizing’ (question 8) decision strategy.
According to this approach, evaluation of a given activity or situation against risk standards may form an early and provisional part of the decision-making process. As an exclusive evaluation ground this can only be sufficient under limiting conditions, namely when the activity stays below the risk limit (question 2: 'yes') and the risk is characterized as 'ALARA' (question 3: 'yes'), while no alternative can be found that would be safer yet (question 4: 'no'). If the activity or situation is above the risk limit, a more comprehensive assessment of benefits and risks is undertaken (question 7), unless in the meantime the risk can be successfully reduced or a safer alternative is found. After this satisficing approach aimed at a single option, a comparative maximising evaluation may be performed when there is more than one 'acceptable' option. This would yield a choice for the 'best' available option.
12
The strength of this sequential decision-making scheme lies in the fact that inherent problems surrounding risk assessment and evaluation may be absorbed by the later steps, which deal with risk reduction (question 5), the search for safer options (question 6) and riskbenefit trade-offs (question 7). This means that decision makers could allow themselves a provisional or even 'wrong' outcome of testing against risk limits (question 2). A decision to reject a proposed activity or situation could only be made if: (a) there are no inherent significant benefits (question 1: 'no'), or (b) the benefits do not sufficiently offset the (irreducible) risks. Rejection cannot therefore simply take place because the risk or riskiness is considered too high. In Figure 2 the term 'acceptable risk' varies in meaning. This is a logical implication of the view that acceptable-risk problems are decision problems. Due to the variability of decision rules, together with the differing role of risk variables therein, 'acceptable risk' cannot have a generally applicable meaning. 7. High-level, collective risks in commons dilemmas By far the most difficult kind of risk management occurs, naturally, in connection with higherlevel aggregate risks for society and/or the environment, following Table 3. Here we are not dealing with relative small-scale, single-source (or: few-sources) risks such as associated to hazardous local industry. Instead, we are facing a threat to common goods, which arises from a multitude of individual activities, each performed for its own reasons and with its own benefitcost considerations. Examples are regional air pollution, continental acidic precipitation, and global warming through greenhouse-gas emissions. Because of the contrast between individual and collective optimality of activity patterns, such problem situations are called commons dilemmas. By definition, a commons dilemma is a situation where a collective cost or risk is incurred, taken or generated through the combined negative external effects of various individuals who act (relatively) independently from one another (see the seminal article by Hardin, 1968; see also Dawes, 1980; Liebrand, Messick and Wilke, 1992). The individualcollective contrast is, of course, an idealisation. In practice, many commons dilemma problems are characterised by a range of group and organisational actors, who somehow mediate between individual persons and collective authorities (if existent). In view of the commons dilemma problematique, effective management of collective risks may best cover the same three risk management activities as distinguished before: risk assessment, decision-making on risk acceptance, and risk control. However, because of the intricate nature of the process of collective risk generation, the three management activities should each be more elaborate than before. Also, they are to be directed at the nature and seriousness of the collective risk itself, as well as at individual actors' behaviours contributing to the collective risk. Elsewhere (Vlek, 1996) it is argued: (A) that risk assessment should involve: (1) a comprehensive problem diagnosis including an analysis of the collective risk and its behavioural sources, (2) the promotion of adequate risk perception and communication, and (3) a description and appreciation of individual actors' benefits; (B) that decision-making on risk acceptance should involve: (4) a weighing of the collective risk against total individual benefits, (5) a specification of individual behaviour alternatives, and (6) the setting of collective-risk reduction goals which should be translated into individual behaviour objectives; and (C) that collective-risk control should involve: (7) the deliberate selection and (8) programmatic application of effective strategies for behaviour change - so as to obtain net reductions in individuals' negative external effects, and (9) careful monitoring and evaluation of effects, so as to be able to prove to individual actors that their behaviour changes have been, or are being effective in reducing the collective risk. Thus there are nine foci of attention for research and policy making that should allow for a comprehensive approach to high-level aggregate risk problems. A key question with respect to the management of collective risks is: What strategies for
13
individual (and group and organisational) behaviour change could be used for collective-risk control? Classic policy strategies for the latter are regulation-and-enforcement, financialeconomic stimulation (pricing policies), and public information and education. These three may be supplemented with four more strategies, viz. the provision of technical/physical alternatives, social modelling and support, organisational change, and changing values and morality. Table 6, from Vlek (1996), gives a listing of the seven general strategies for behaviour change, together with brief descriptions of specific policy measures falling under each strategy. See also Dawes (1980), Messick and Brewer (1983) and De Young (1993) for overviews of behaviour-change strategies for safeguarding common goods. Table 6. General strategies for behaviour change to control collective risks
1. Provision of physical alternatives & (re)arrangements (PhAA) [adding/deleting/changing behaviour options, enhancing actors' efficacy] 2. Regulation-and-enforcement (RaE) [enacting laws, rules; setting/enforcing standards, explicit norms] 3. Financial-economic stimulation (FES) [rewards/fines, taxes, subsidies, posting bonds] 4. Provision of information, education, communication (IEC) [about risk generation, types and levels of risk, others' perceptions, risk reduction strategies] 5. Social modeling and support (SMS) [demonstrating cooperative behaviour, others' efficacy] 6. Organisational change (OCh) [resource privatisation/territorialisation, sanctioning system, leadership institution, organisation for selfregulation] 7. Changing values and morality (CVM) [appeal to conscience, enhancing 'altruism' towards others and future generations]
Strategies 1 (PhAA), 2 (RaE) and 3 (FES), and certain (physical) forms of strategy 6 (OCh) would initiate so-called structural (or: hard) solutions to a social dilemma, whose basic nature or type would thereby be altered. Strategies 4 (IEC), 5 (SMS), certain other ('mental') forms of strategy 6 (OCh), and strategy 7 (CVM) would imply cognitive-motivational (or: soft) solutions. Through the latter, individual actors would be induced to behave in a cooperative (collectively optimal) manner, while the basic nature and payoff structure of the social dilemma would be maintained. Structural solution strategies are generally more effective, but they are often not available or not easily implemented. Specific cognitive-motivational solution strategies (IEC, SMS and some OCh) are more easy to design and apply, but their effectiveness is generally lower; in many cases, however, they are the only thing one could rely on. 'Changes in values and morality' (CVM) stands relatively by itself as a cultural solution on which much behavior change might come to rest. Here, the classical attitude-behavior question applies: Is CVM a prerequisite for 'cooperative' behavior change, or would such behavior change - originally induced otherwise - gradually lead to changes in values and morality? The seven strategies are each described in some detail in Vlek (1996), together with key assumptions and implications for practical application; also discussed are 'tradeable exploitation rights' and 'bond pledging' as potentially effective policy instruments in which several of the strategies are jointly applied. Collective-risk management through strategies for individual behaviour change is underdeveloped as a scientific methodology, although many relevant ideas and findings are available in the literature. Important pre-conditions for collective risk management are that the policy maker knows the risk, understands the social process of risk generation, and is able to monitor the risk level when actors' behaviours are changing. Vital conditions for policy acceptance are the existence of public risk awareness and the availability of feasible behaviour alternatives.
14
8. Summary, discussion and conclusions It has been the purpose of this paper to present a comprehensive view of risk assessment, decision-making and risk control in various different settings, ranging from low-level 'personal' risks at one extreme, to high-level 'global' risks on the other. The main points of this psychological decision-theoretic message may be summarised as follows. 'Risk' can be formally defined in rather different ways covering more or less of the possible negative consequences of a given activity or situation (cf. Table 1). Assessed (or 'perceived') riskiness may greatly vary, depending upon about ten different basic dimensions (Table 2). Subsets of those dimensions may be seen as further descriptions of components of risk as formally defined in Table 1. Thus there is nothing especially 'subjective' in Table 2, like there is nothing particularly 'objective' in Table 1. The formal risk definitions and perceived-risk dimensions may both aid in the modelling and characterisation of a given activity or situation. Risk generation and management systematically change in problem complexity and social multiplicity, as one goes from relatively low-level, single-source risks for individual (or small groups of) persons to high-level, multiple-sources risks for society and/or the environment at large. To do justice to this contrast, a multi-stage model for risk generation and management (Figure 1) was discussed, followed by a description of the commons dilemma paradigm. The multi-stage model implies that risk may have early, intermediate and late stages in its emergence, and that all stages may be considered for possibilities of risk control. In commons dilemma situations, collective risks may arise from the aggregation of negative externalities of many different actors. Hence collective-risk control should be focused on behaviour changes of relevant individuals, groups and organisations. For this, seven general strategies were considered (Table 6). Two intermediate sections of the paper are devoted to multi-attribute risk characterisation (which may start from Figure 1) and to decision-making on risk acceptance, respectively. For the latter, three basic decision models were distinguished, of which 'maximising' and 'satisficing' appeared the most explicit. Also, a sequential decision scheme (Figure 2) was presented, in which several principles for risk management would be successively applied. In view of the various decision models, it was concluded that 'acceptable risk' cannot have a generally applicable meaning. For one thing, risk acceptance may be strongly conditional upon intended policies for (post-decisional) risk control. Coming back to the three basic questions in the introductory section ("how risky is a given activity or situation; is it not too risky; how could its riskiness be reduced?"), we may conclude that a systematic approach distinguishing risk assessment, decision-making on risk acceptance, and risk control may enable one to effectively manage risks of varying kinds. However, the operationalisation of these three management activities is rather different for low-level (personal, indoor, local) risks than for high-level (from regional tot global) risks following Table 3. Both for low-level, limited activities or situations and in large-scale commons dilemmas yielding high-level, collective risks, it may be useful to follow the multi-stage model of Figure 1, in order to diagnose the process of single-actor risk generation, or the nature and origins of multiple-actor contributions to collective risk. In this paper, except for the commons dilemma paradigm, the social dimensions of risk and risk taking have hardly been elaborated. But social judgement and decision-making are vital points of interest for any researcher or policy maker concerned about risks going beyond the 'personal' and 'indoor' levels of Table 3. Obviously, multi-party risk assessment and decisionmaking require special procedures for handling the models and methods discussed earlier in the paper (see, e.g., the collection of papers edited by Vlek and Cvetkovich, 1989). Effective risk communication is crucial for successfully conducting such social procedures, and it may be organised on the basis of the risk generation model of Figure 1 and the relevant decision approach as indicated in Table 5 and in Figure 2. One should, of course, reckon with the manifestation of differing actor perspectives on any risky activity or situation, if only because there may be separate risk-initiators, beneficiaries, potential victims and intermediate agents (such as regulators and journalists). Von Winterfeldt's (1992) multiple-stakeholder approach for multi-attribute decision analysis should be highly relevant here.
15
Being focused on risk assessment, decision-making and risk control, the analytical risk management framework discussed so far comprises a variety of different concepts, models and methods. Naturally, the comprehensive approach as well as specific components need to be elaborated and validated in connection with specific risk management problems. Some research issues are: diagnostic instruments for charting specific processes of risk generation following Figure 1; methods and procedures for multi-attribute risk characterisation; the effectiveness of specific (combined) applications of the seven strategies for behaviour change in commons dilemmas; and a further refined classification of risks using the dimensions of Table 2 for differentiating risks per level of Table 3. In debates on the acceptability of risks it is remarkable that so much attention has been devoted to the risk side of the benefit-risk dilemmas involved, whereas little systematic effort has gone into defining and assessing benefits, their categorisation (e.g., as related to more or less basic needs) and different strategies for benefit seeking and benefit management (e.g., in view of excessive risks). Temptations towards risk acceptance may occur when expected benefits are unduly overweighted relative to risks, due to their clarity of presentation, the subject's craving for them, perceptual-cognitive limitations, or social pressures. There may also be temptations to reject risky activities, as when risks appear unduly salient, dreadful, or cognitively available, whereby activities yielding important benefits may be judged unacceptable. For example, Leiss (1989) distinguishes two types of risk-benefit trade-offs leading to downplaying and upgrading, respectively, of an activity's riskiness. Such processes play important roles in determining the dynamics of commons dilemmas, in which collective risk levels may be continually changing. More attention for benefit seeking, benefit perception and the basic dimensions of 'beneficiality' is necessary, if we want to understand risk acceptance and risk taking, at whatever level of aggregation. Finally, let us re-consider a statement made in the introduction to this paper: "..risk may well be seen as a process rather than some kind of 'substance' which may be clearly pinpointed." To the extent that this view cannot be evaded - particularly in situations of complex, multi-actor risk generation, risk assessment, decision-making and risk control should be inspired by a careful diagnosis of the entire process, and by effective selection and tuning of control measures and strategies aimed at 'acceptable' process control. This would involve a rather different approach towards risk management than current approaches relying on standards setting, quantitative risk assessment, and subsequent standards testing (see, e.g., Health and Safety Executive, 1988; Ministry of VROM, 1989). For one thing, it would in practice be a serious mistake to model and manage something as static when it is in fact highly dynamic. A process-oriented approach would enable one to get a better understanding of risk generation processes, and to more effectively design and implement risk control measures and strategies, at differing levels of aggregation (cf. Table 3). This might significantly clarify social debates about serious technical, social and environmental risks. And it may more clearly specify the various tasks to be performed by different groups of actors, in order to obtain adequate insights in, and to enhance the perceived controllability of things that worry people, in the small or in the large. 8. References Allen, V.L. (1983). Eutropistic reactions to risks and hazards. In B.Berglund & C. Levy-Leboyer (Eds): New trends in environmental psychology. Beverly Hills (Cal.): Sage. Beck, U. (1986). Risikogesellschaft. Auf den Weg in eine andere Moderne. Frankfurt/Main: Suhrkamp. Björkman, M. (1984). Decision making, risk taking and psychological time: review of empirical findings and psychological theory. Scandinavian Journal of Psychology 25, 31-49. Buss, D.M. & Craik, K.J. (1983). Contemporary world views: personal and policy implications. Journal of Applied Social Psychology 13, 259-280. Coombs, C.H. (1972). A review of the mathematical psychology of risk and risk taking. University of Michigan: Michigan Mathematical Psychology Program Report MMPP 72-6. Dawes, R.M. (1980). Social dilemmas. Annual Review of Psychology 31, 169-193. De Young, R. (1993). Changing behavior and making it stick. The conceptualization and management of
16
conservation behavior. Environment and Behavior 25 (4), 485-505. Edwards, W. & Newman, J.R. (1982). Multi-attribute evaluation. Beverly Hills (Calif.): Sage. Fischhoff, B. (1984). Setting standards: a systematic approach to managing public health and safety risks. Management Science 30, 823-843. Fischhoff, B., Slovic, P., Lichtenstein, S., Read, S. & Combs, B. (1978). How safe is safe enough? A psychometric study of attitudes toward technological risks and benefits. Policy Sciences 9, 127-152. Fischhoff, B., Watson, S.R. & Hope, C. (1984). Defining risk. Policy Sciences 17, 823-843. Gardner, G.T. & Gould, L.C. (1989). Public perceptions of the risks and benefits of technology. Risk Analysis 9, 225-242. Gezondheidsraad (1995). Niet alle risico's zijn gelijk. Gezondheidsraad, Postbus 90517, 2509 LM Den Haag, 121 blzn. [English version: Not all risks are equal. Health Council of The Netherlands, P.O. Box 90517, 2509 LM The Hague, 113 pages]. Gezondheidsraad (1996). Risico, meer dan een getal. Gezondheidsraad, Postbus 90517, 2509 LM Den Haag, 130 blzn. [English version: Risk is more than just a number. Health Council of The Netherlands, P.O. Box 90517, 2509 LM The Hague, 120 pages]. Hansson, S.O. (1989). Dimensions of risk. Risk Analysis 9, 107-112. Hardin, G. (1968). The tragedy of the commons. Science 162, 136-145. HSE (Health and Safety Executive; 1988). The tolerability of risk from nuclear power stations. London: Her Majesty's Stationary Office. Hohenemser, C., Kates, R.W. & Slovic, P. (1983). The nature of technological hazard. Science 220, 378384. ICRP (1977). Recommendations of the International Commission on Radiological Protection. Annals of the ICRP 1 (3), Publication 26. Oxford: Pergamon. Jungermann, H. (1990). Inhalte und Konzepte der Risiko-Kommunikation. In H. Jungermann, B. Rohrmann & P.M. Wiedemann (Eds): Risiko-Konzepte, Risiko-Konflikte, Risko-Kommunikation, pp. 309-327. Forschungszentrum Jülich GmbH, Postfach 1913, D-5170 Jülich. Kaplan, S. & Garrick, B.J. (1981). On the quantitative definition of risk. Risk Analysis 1, 11-27. Kraus, N.N. & Slovic, P. (1988). Taxonomic analysis of perceived risk: modeling individual and group perceptions within homogeneous hazard domains. Risk Analysis 8, 435-455. Kuyper, H. & Vlek, Ch. (1984). Contrasting risk judgments among interest groups. Acta Psychologica 56, 205-218. Libby, R. & Fishburn, P.C. (1977). Behavioral models of risk taking in business decisions: a survey and evaluation. Journal of Accounting Research, Autumn, 272-292. Leiss, W. (1989). Applying risk communication and risk perception research to the understanding of disagreements about risks. Risk Abstracts 6 (4), 179-186. Liebrand, W., Messick, D. & Wilke, H. (1992). Social dilemmas. Theoretical issues and research findings. Oxford/New York: Pergamon. Lowrance, W.W. (1976). Of acceptable risk; science and the determination of safety. Los Altos (Calif.): W. Kaufmann. Lübbe, H. (1993). Security. Risk perception in the civilisation process. In Bayerische Rück (Eds): Risk is a construct; perceptions of risk perception. Munich: Knesebeck, pp. 23-39. Merkhofer, M.W. (1987). Decision science and social risk management. Boston/Dordrecht (Neth.): Reidel. Merkhofer, M.W. & Keeney, R.L. (1987).A multiattribute utility analysis of alternative sites for the disposal of nuclear waste. Risk Analysis 7 (2), 173-194. Messick, D.M. & Brewer, M.B. (1983). Solving social dilemmas: a review. In L. Wheeler & P. Shaver (Eds): Review of personality and social psychology. Volume 4. Beverly Hills (Ca.): Sage. Ministry of VROM (1989). Premises for risk management. English version of annex to Dutch National Environmental Policy Plan. 29 pp. Ministry of Housing, Physical Planning and Environmental Affairs, P.O. Box 20951, 2500 EZ The Hague. Nordberg-Bohm, V., Clark, W.C. & Bakshi, B. et al. (1992). International comparisons of environmental hazards. Cambridge (MA): Harvard University Center for Science and International Affairs Report no. 92-09. Otway, H.J. & Von Winterfeldt, D. (1982). Beyond acceptable risk: on the social acceptability of technologies. Policy Sciences 14, 241-246. Renn, O. (1983). Technology, risk and public perception. Journal of Applied Systems Analysis/Zeitschrift für Angewandte Systemanalyse 4, 50-65. Renn, O. (1992). Concepts of risk: a classification. In S. Krimsky & D. Golding: Social theories of risk.
17
New York: Plenum, pp. 53-79. RIVM (National Institute for Public Health and Environmental Protection; 1988). Zorgen vooor Morgen; Nationale Milieuverkenning 1990-2005. (Concern for Tomorrow; National Environmental Outlook 19902005). Bilthoven/Alphen a/d Rijn (Neth.): Samson Tjeenk Willink. Rowe, W.D. (1977). An anatomy of risk. New York: Wiley. Slovic, P., Fischhoff, B. & Lichtenstein, S. (1976). Cognitive processes and societal risk taking. In J.S. Carroll & J.W. Payne (Eds): Cognition and social behavior. Potomomac (Md): L. Erlbaum. [Also in H. Jungermann & G. De Zeeuw (Eds): Decision making and change in human affairs. Dordrecht/Boston: Reidel. Slovic,P., Fischhoff, B. & Lichtenstein, S. (1980). Facts and fears: understanding perceived risk. In R.C. Schwing & E. Albers Jr. (Eds.): Societal risk assessment: how safe is safe enough? New York: Plenum. Slovic, P., Fischhoff, B. & Lichtenstein, S. (1984). Behavioral decision theory perspectives on risk and safety. Acta Psychologica 56, 183-203. Vlek, C.A.J. (1990). Beslissen over risico-acceptatie/Decision making about risk acceptance. Rapport in Hoofdlijnen/Executive Summary. 52 pp. Gezondheidsraad/Health Council, Postbus 90517, 2509 LM Den Haag. Report nr A 90/10H, abt. 80 pages. [main report nr. A 90/10, 236 pp. in Dutch]. Vlek, C.A.J. (1996). Collective risk generation and risk management: the unexploited potential of the social dilemmas paradigm. In W.B.G. Liebrand & D.M. Messick (Eds): Frontiers in social dilemmas research. Berlin, Heidelberg, New York: Springer Verlag, pp. 11-38. Vlek, Ch. & Cvetkovich, G. (Eds; 1989). Social decision methodology for technological projects. Boston/Dordrecht: Kluwer Academic Publishers. Vlek, Ch. & G.B. Keren (1992): Behavioral decision theory and environmental risk management: assessment and resolution of four 'survival' dilemmas. Acta Psychologica 80, 249-278. Vlek, Ch. & Stallen, P.J. (1980). Rational and personal aspects of risk. Acta Psychologica 45, 273-300. Vlek, Ch. & Stallen, P.J. (1981). Judging risks and benefits in the small and in the large. Organizational Behavior and Human Performance 28, 235-271. Von Winterfeldt, D. (1992). Expert knowledge and public values in risk management: The role of decision analysis. In S. Krimsky & D. Golding: Social theories of risk. New York: Plenum, pp. 321-342. Von Winterfeldt, D. & Edwards, W. (1986). Decision analysis and behavioral research. New York/Cambridge (U.K.): Cambridge University Press. Yoon, K.P. & Hwang, C.-L. (1995). Multiple attribute decision making; an introduction. Thousand Oaks, London, New Delhi: Sage Publications Series 07-104.
18
