Between Risk Assessment and Risk Management

"Risk assessment and risk management are two mutually-complementary processes whose relevance and influence only exist when positioned side by side." Special analysis of the national decision-making process by Brig. Gen. (res.) Nitzan Nuriel

Israeli border police officers stand near the Dome of the Rock Mosque in the Al Aqsa Mosque compound in Jerusalem (Photo: AP)

The process known as risk assessment is a part of nearly every professional activity in our life. As such, it is an important instrument that accompanies every thinking process associated with the need to make short-term, intermediate-term and long-term decisions.

Why, then, is it important to analyze the risk assessment process without detaching it from the risk management process?

Risk assessment and risk management are two mutually-complementary processes whose relevance and influence only exist when positioned side by side. Risk assessment is the infrastructure (although not only that) for the ability to manage the risk.

The risk assessment process is a professional, methodical process, and some authorities maintain that different groups of people can reach the same conclusions exactly regarding the object of the risk assessment. For example, assessing the risk embodied in the missile and rocket capabilities of Hezbollah is an almost-mathematical process that relies on performance analysis, technological capabilities and other measurable factors, while the influence of other factors is relatively minor.

When dealing with the actual management of the risk, many other, less easily measurable elements will enter the equation. These elements are affected, among other things, by the personality of the risk manager as well as by his/her political inclinations.

Therefore, the question is what should be done so that the risk assessment process is conducted as professionally as possible but equally – how to ensure that the risk management process is conducted professionally, methodically and with minimum bias owing to non-professional considerations.

In order to illustrate the issue, allow me to present an example from the not-too-distant past – the plan for the disengagement from the Gaza Strip, executed in the summer of 2005.

In the context of the assessment of the risks associated with the continued existence of Israeli settlements in the Gaza Strip, numerous elements were raised and addressed. Most of these elements were measurable and quantifiable, and jointly led to the emergence of a list of individual risks whose synergistic effect pointed to a high level of risk.

When the risks associated with the continued existence of the Israeli settlements in this area progressed from the phase of being identified and understood to the risk management phase, it was obvious that each authority/organization wanted to manage the same measurable risk in a different way. The infrastructure for the risk management concept was mainly the political view of the people who voiced the positions of those organizations (in this context, I have neutralized the gaps between those who were actually in charge and those who had the privilege of voicing a view with the intention of rallying political support, as well as other "noises").

So, what is the appropriate way to lead the risk management process, with as little political bias as possible, or at least how to present other risk management alternatives so that the decision maker echelon will be able to view and analyze the extensive range of options?

I am fully aware of the additional elements that accompany the risk management process and have an effect on the decision makers, such as "What are the messages we wish to convey to our opponents?" or "Which elements will be relevant to the issue of our cooperation with our allies", and many similar elements.

The fact that the picture and the risk management process, which are highly complex to begin with, have become more complex cannot constitute grounds for dragging one's heels or ignoring the risk assessment which, as stated, constitutes the knowledge infrastructure for the risk management process.

Going back to the disengagement example, within the context of Israeli reality, a different human make-up may have made completely different decisions. The solution to this should rely on advanced simulation capabilities possessing the potential to present different risk management models, so that the decision maker echelon may view, through simulation, the effects of their decisions on the management of the conflict and the process of shaping the new reality.

At present, no system exists that is capable of presenting different risk management models as a complementary and essential phase of the risk assessment process. Presenting the alternatives and models verbally cannot be a substitute for a complete, comparative and analyzed presentation that may be provided by a complex and multidimensional system.

Whereas we, as a state, are at a stage that could prove critical to decisions made for the future and their effect on the process of shaping the reality, it is necessary that we hone and further develop our national-level risk management capabilities based on a solid understanding and structured analysis of the alternatives, and not just on the basis of healthy intuition or personal experience.

In conclusion, risk assessment and risk management are mutually-complementary elements that must be enhanced while using drilling and multidimensional simulation as decision-supporting tools.

***

Brig. Gen. (res.) Nitzan Nuriel is the former head of Israel’s Counter Terrorism Bureau. He served in the IDF for nearly 30 years, during which he served as the IDF Ground Forces attaché in Washington, among other roles