Title: Decision Theory and Risk Analysis: Some organising questions
1Decision Theory and Risk Analysis Some
organising questions
David Rios Insua
Jesus Rios Risk
Analysis, Extreme Event and Decision Theory
Program, SAMSI Stats and
OR, U. Rey Juan Carlos
Interneg, Concordia U. Durham NC, September
07
2Outline
- Background
- Risk analysis framework
- Adversarial risk analysis several approaches
- Final questions
3Background Risk analysis
- Risk assessment. Information on the extent and
characteristics of risk attributed to a hazard. - Risk management. Activities undertaken to control
the hazard - Risk communication. Exchange of info and opinion
concerning risk and risk-related factors among
risk assessors, risk managers and other
interested parties.
4Background Our interest in RA
- Interest in risk management in project management
driven by auctions - Interest in negotiation analysis in political
decision making
5BackgroundRisk challenges in a complex world
- Sao Paulo airport accident
- Population has increased facilities previously
remote, now close to lots of population - Chinese toys
- Use of toxic or potentially toxic materials
increased, genetically modified organisms - Climate change
- Public much more aware of hazards posed to humans
- Estonian hacker attack
- Need to protect critical infrastructures to
assure continuity of a nation. Interconnected
international infrastructures - EU Water directives
- Government agencies tend to involve the public,
multiplicity of stakeholders - Awareness about equity with respect to risks
- ..
6Back Risk mgt in project mgt
- Standard practice 1
- Increase costs by a default 25. If very
uncertain, further add 5 -
- Risk management is current top priority for top
executives - Standard practice 2
- For each incurred cost provide minimum, most
likely, maximum. Fit triangular distributions.
Simulate.
7Background risk mgt in ICT
- Singpurwalla (2006) they often do a credible
job analyzing the causes of software failure, but
then quantify their uncertainties using a myriad
of analytical techniques, many of them ad hoc.
This has caused concern about the
state-of-the-art of software risk assessment - www.enisa.europa.eu/rmra/rm_ra_tools.html
- (2007) Putting numbers on such risks may be at
best dubious and at worse will only result in
spurious accuracy - Probabilities (ordinal scale)
- 1 zero, 2 very low,., 6 very high, 7 certain
- Impact (ordinal scale)
- 1 none, 2 small, 3 large, 4 catastrophic
- Comparison with current system
- 1 additional, 2 increased, 3 neutral, 4
decreased, 5 eliminated
8Background Many criteria, guiding principles,
some unformalised
- Many methods for assessing (eg Covello,
Merkhofer, 93) and expressing (eg Stern, Fineburg
96) - Value at Risk
- Maximum loss over a target horizon such that
there is a low, prespecified probability (defined
as the confidence level) that the actual loss
will be larger - As Low as Reasonably Practicable/Achievable
- Ideal and Upper Limits to probability of death as
a result of operation of a system
9Question 1
- Many unformalised criteria, very different in
various fields. - Could we unify them through decision theory,
decision analysis?
10A framework for risk analysis/mgt starting
assumptions
- Firstly informed by project management, auctions.
Later by counterterrorism - Only interested in (project) cost, initially
- An existing project design, initially
- Only another participant (if any)
- Aim. Maximise expected utility (most times)
11Risk analysis and mgt. framework (Single DM)
- Forecast costs under normal circumstances
- Identify hazard events, estimate probabilities
and impacts on costs (additional induced costs) - Forecast costs (a mixture model). Compute
expected utility - Identify interventions, estimate impact on
probabilities and/or costs. - Compute expected utilities. Choose best
intervention
12Basic setting
- Design given (no interventions, status quo)
13Question 2. Uncertainty in costs??
- SAMSI RA-EV-DT page
- To a significant extent costs are not treated as
random - RAND, 2006. Better methods for analyzing Cost
Uncertainty can improve acquisition
decisionmaking - OSD have historically underestimated the cost of
buying new weapon systems - Davey (2000)
- Preventing project escalation costs
- Garvey (2000)
- Probability Methods for Cost Uncertainty Analysis
14Question 2. Uncertainty in costs??
- Model (Palomo, RI, Ruggeri, 2008)
- Impact of future technological
- Advances (Harville, Yaschin, 2007)
-
15Basic setting
- Including choice of design
16Risk assessement
- Likelihood and impact of identified hazards
- Expected utility after risk assessed
17Question 3? Modeling hazards Risk assessment
- Extreme event models
- As in Palomo, Rios Insua, Ruggeri (2007)
- K potentially disruptive eventsnothing happens.
Beta binomial for their probabilities q - Independent case
- Beta marginalsDeterministic constraints
- Copulas
- Limiting interactions (Dirichlet-multinomial)
- Gravity (Additional cost). (max, min, mode) Beta
18Risk management
- Intervention to be chosen
- Gain through managed risk
19Adversarial risks
- Other intelligent participants
- Auctions for large projects,
Counterterrorism, Regulators, - Their actions influence my risks
- My actions influence their risks
- Some nodes might be shared
- Possibly conflicting interests, but possibly
cooperating,
20Adversarial risks Just me
21Adversarial risks Me and other
22Adversarial risks Modelling 3
23Adversarial risks. Solving 1 Game Theoretic
approach
- Forecast costs and model preferences for me
- Forecast costs under normal circumstances
- It. under abnormal circumstances (RA)
- Model preferences
- Estimate costs and preferences for others
- Solve problem (Nash equilibrium??)
- Summarise solutions
24Adversarial risks. Solving 2 Game Theoretic
approach
- Computing best responses
- Computing my best intervention given
- Computing my best strategy given
25Adversarial risks. Solving 3 Game Theoretic
approach
- Iterative elimination of dominated actions
- Mainly used in discrete settings but SEF
- Sample policies, Evaluate policies, Filter
dominated ones - May be used to focus attention on interesting
policies
26Adversarial risks. Solving 4 Game Theoretic
approach
27Adversarial risks. Solving 5 Game Theoretic
approach
- Nash equilibrium (Auctions with risk I)
Decision to be made bid If winner, win
bid-costs (once costs realised) If not,
win 0
28Adversarial risks. Solving 5 bis Game Theoretic
approach
- Nash equilibrium (Auctions with risk II)
29Adversarial risks. Solving 5 tris Game Theoretic
approach
- Nash equilibrium (Auctions with risk III)
Under certain technical general conditions, if
all participants are constant risk averse, there
is a unique equilibrium Palomo, Rios Insua,
Ruggeri (2008).
30Adversarial risks. Questions 4,5,6 Game
Theoretic approach
- Compute equilibria in influence diagrams,
- Common and uncommon structures (Koller and
Milsch, 2003 Rios and Rios Insua, 2008) - Compute equilibria for various types of utility
functions - Summarise solutions
- Efficient implementations of SEF
- Role of MCMC (Augmented probability simulation)
- .
31Adversarial risks. Solving 6 Game Theoretic
approach
- Critics to game theoretic approach
- Full and common knowledge of the game by the
players - FOTE, FOTID
- Simultaneous decision making
- What if not unique
- Social dilemmas
- Implementation of security initiatives in
international networks requires contribution of
all members - each member is better off if he defects and the
rest contribute - But if everyone defects the result is worse than
if they would cooperate - Cooperation incentives
- Disclose free rider identities, reward for
cooperation, punishment for defect,.. - Equilibria are not tools for giving partisan
advise
32Adversarial risks Bayesian approach
- An symmetrically prescriptive/descriptive
approach to negotiation analysis (Raiffa, Kadane,
Larkey,) - Prescriptive advice to one party conditional on a
(probabilistic) description of how others will
behave - Based on MABOO analysis from auctions
- Estimate
- Probabilities of the others uncertain
costsThink about how the other would assess
these probabilities - Preferences of the other over his costs
- Treat the other participant decisions as
uncertain - Assess probabilities over the others decision
actions - Choose strategy that maximises my expected utility
33Adversarial risks Bayesian approach
34Question 7
- How to assess the probability of other
participants actions, e.g. - Sensitivity/Robustness analysis
35Adversarial risks. A negotiation approach
- Even in disputed settings, negotiate
- Terrorism, example of Spain
- Until a few months ago, government negotiating
with Basque terrorist organisation the
opposition party strongly against it. Now, at
least in public, no negotiations. - Auctions, temporary unions of (competing)
enterprises - Cooperation between France and Spain against
terrorism - Negotiation a decision making process in which
two or more parts communicate and exchange ideas,
arguments and offers to satisfy their needs and
achieve their objectives educating and informing
their rivals, possibly modifying their relations
and making concessions to reach an agreement - (Concessions, Joint gains, Pareto frontier
exploration)
36Adversarial risks How to reach a solution?
Balanced increment method
- Bliss point, Kalai-Smorodinsky solution
37Adversarial risks Negotiations with BIM, first
steps
- Desirable properties of a negotiated solution
- Feasibility
- Efficiency
- Fairness
- Discreteness
- Rios, Kim,
- Rios Insua (2007)
UTILITY SPACE
38Questions
BIM and other methods like BCM? How do they
compare Computational implementations in specific
structures like influence diagrams Role of MCMC
(augmented probability simulation)
39Negotiations for adversarial risks. Intervention
portfolios
- Security system
- FMEA
- Critical event (successful terrorist attack) E
- Failure modes
- Logical relations between them, e.g.
- Adversarial agent 's (terrorists) possible
actions - Elicit probabilities of failure modes given
adversarial actions - and probabilities of each adversarial action
40Negotiations for adversarial risks. Intervention
portfolios
- Compute probability of critical event under the
logical model - (ind)
- Is it below an acceptable bound,
41Questions
- Probability elicitations
- Include consequences (not just successful attack)
- Formalise through DT
- Assess acceptable level
- Should we consider values form experts, public,
stakeholders?
42Negotiations for adversarial risks. Intervention
portfolios
- If not acceptable
- Propose interventions improving failure mode
occurrence - Interventions entail limited resource consumption
(money, human resources, ) - C maximum amount of money that can be spent
- H human resources
- R other limited resources
- Each proposal needs
- ci euros
- hi people working on it
- ri units of other limited resources
43Negotiations for adversarial risks. Intervention
portfolios
- If proposal i is implemented
- Choosing a portfolio of interventions to improve
system security affordable under limited resources
44Negotiations for adversarial risks. Intervention
portfolios
- Portfolio of intervention proposals
- A feasible portfolio F should satisfy
- Select feasible portfolio of proposals which
minimise failure probability p(EF)? -
45Negotiations for adversarial risks. Intervention
portfolios
- Assessment of P(EF)
- probabilities of adversarial actions (may be
influenced by F) - probabilities of failure modes when F is
implemented -
-
-
46Negotiations for adversarial risks. Intervention
portfolios
- P(EF) under the previous logical model (
) ind - Optimization problem
- Is p below acceptable bounds,
47Questions
- Effective reassessment of probabilities
- Computation of objective function (when
dependencies arise) - Efficient solution of problem
- Other formulations
- Minimise costs for acceptable solution
48Negotiations for adversarial risks. Intervention
portfolios
- If optimal portfolio of interventions not
acceptable? - Acceptable failure risk as a constraint
- Nondominated (infeasible) portfolios P.F.(c,h,r)
- How to select a unique F such that
- Multiobjective optimization
- Goal programming
- Goal G (C,H,R)
- Look for a point x (c h r) such that
49Question
- Acceptable but infeasible interventions
F.P.(c,h,r) F can be used as preparation for a
negotiation with somebody for additional
resources - How to conduct such negotiations?
- Add new issues and trade them for necessary
resources - Logrolling
50Negotiations for adversarial risks. Risk sharing
negotiations
- Terrorism as an international problem
- Uncertainty about which countries are targets of
terrorism - Responses to terrorist attacks (ex-post
antiterrorist actions) requires resources that
not all countries have - This leads to international antiterrorist
cooperation - How to negotiate a priori a contingent ex-post
antiterrorist response? - Sharing risks resources
51Negotiations for adversarial risks. Risk sharing
negotiaitions
- Participants
- Governments of two negotiating countries (G and
G ) - Terrorists (T)
- T's possible actions
- Resources needed to respond to
x - G and G negotiate who contributes with how
much resources - Contribution of G x
- Contribution of G x
- Negotiators bottom line
- Limited resources of G R
- x lt R
- Limited resources of G R
- x lt R
x x gt x
52Negotiations for adversarial risks. Risk sharing
negotiations
- Set resource contributions depend on what T will
do - Probabilistic assessments over
- Viewpoint of G
- Viewpoint of G
- A contingent contract specifies each ones
contribution per
53Negotiations for adversarial risks. Risk sharing
negotiations
- G and G agree on the contingent contract
- Analysis of joint gain opportunities
- FOTE or FOTID
- Is agreement Q a dominated contract?
- G G
-
54Negotiations for adversarial risks. Risk sharing
negotiations
G
R
Q
x
Joint gains
Bliss point
G
R
x
55Questions
- Securing insecure agreements
- Is agreement Q secure?
- Convert agreement Q in a Nash equilibrium
- Do we implement BIM or BCM or
56Some final questions
- Public involvement in risk analysis is increasing
- Producing better decisions and outcomes
- Changing the manner in which decisions are made
or deliberations are conducted - Better information, better communication,
increased confidence in institutions, - More costs, Delayed processes
- Deliberative polls
- Referenda
- Workshops
- Negotiated rule making
-
- How to rationally support public involvement?
E-democracy, E-participation - Gregory, Fischoff, Mac Daniels (2005), Rios
Insua, Kersten, Rios (2007) - Risk communication
57- IT COULD BE A FUN AT RISK YEAR AT SAMSI !!!!