Risk assessment and risk management: Review of recent advances on their foundation

Risk assessment and management was established as a scientiﬁc ﬁeld some 30–40 years ago. Principles and methods were developed for how to conceptualise, assess and manage risk. These principles and methods still represent to a large extent the foundation of this ﬁeld today, but many advances have been made, linked to both the theoretical platform and practical models and procedures. The purpose of the present invited paper is to perform a review of these advances, with a special focus on the fundamental ideas and thinking on which these are based. We have looked for trends in perspectives and approaches, and we also reﬂect on where further development of the risk ﬁeld is needed and should be encouraged. The paper is written for readers with different types of background, not only for experts on risk.


Introduction
The concept of risk and risk assessments has a long history.More than 2400 years ago the Athenians offered their capacity of assessing risk before making decisions ( Bernstein, 1996 ).However, risk assessment and risk management as a scientific field is young, not more than 30-40 years old.From this period we see the first scientific journals, papers and conferences covering fundamental ideas and principles on how to appropriately assess and manage risk.
To a large extent, these ideas and principles still form the basis for the field today-they are the building blocks for the risk assessment and management practice we have seen since the 1970s and 1980s.However, the field has developed considerably since then.New and more sophisticated analysis methods and techniques have been developed, and risk analytical approaches and methods are now used in most societal sectors.As an illustration of this, consider the range of specialty groups of the Society for Risk Analysis ( www.sra.org ) covering inter alia: Dose Response, Ecological Risk Assessment, Emerging Nanoscale Materials, Engineering and Infrastructure, Exposure Assessment, Microbial Risk Analysis, Occupational Health and Safety, Risk Policy and Law, and Security and Defense.Advances have also been made in fundamental issues for the field in recent years, and they are of special interest as they are generic and have the potential to influence a broad set of applications.These advances are the scope of the present paper.
The following main topics will be covered: Risk analysis and science; risk conceptualisation; uncertainty in risk assessment; risk management principles and strategies, having a special focus on confronting large/deep uncertainties, surprises and the unforeseen; and the future of risk assessment and management.Special attention will be devoted to contributions that can be seen as a result of an integrative thinking process, a thinking which per definition reflects a strong "ability to face constructively the tension of opposing ideas and instead of choosing one at the expense of the other, generate a creative resolution of the tension in the form of a new idea that contains elements of the opposing ideas but is superior to each" ( Martin, 2009 , p. 15).As an example, think about the conceptualisation of risk.There are a number of different definitions, which can be said to create tension.However, integrative thinking stimulates the search for perspectives that extend beyond these definitions-it uses the opposing ideas to reach a new level of understanding.The coming review will point to work in this direction and discuss trends we see in the risk research.

The risk field and science
Generic risk research (II) to a large extent defines the risk science.However, applications of type (I) may also be scientific if the work contributes to new insights, for example a better understanding of how to conduct a specific risk assessment method in practice.Rather few publications have been presented on this topic, discussing issues linking science and scientific criteria on the one hand, and risk and the risk fields on the other.Lately, however, several fundamental discussions of this topic have appeared.These have contributed to clarifying the content of the risk field and its scientific basis; see Hansson and Aven (2014), Hollnagel (2014), Hale (2014), Le Coze, Pettersen, and Reiman (2014) and Aven (2014) .Here are some key points made.
We should distinguish between the risk field characterised by the totality of relevant risk educational programmes, journals, papers, researchers, research groups and societies, etc. (we may refer to it as a risk discipline), and the risk field covering the knowledge generation of (I) and (II).
This understanding (I and II) is in line with a perspective on science as argued for by Hansson (2013) , stating that science is the practice that provides us with the epistemically most warranted statements that can be made, at the time being, on subject matters covered by the community of knowledge disciplines, i.e. on nature, ourselves as human beings, our societies, our physical constructions, and our thought constructions ( Hansson, 2013 ).By publishing papers in journals, we are thus contributing to developing the risk science.
The boundaries between the two levels (I) and (II) are not strict.Level II research and development is to a varying degree generic for the risk field.Some works are truly generic in the sense that they are relevant for all types of applications, but there are many levels of generality.Some research may have a scope which mainly covers some areas of applications, or just one, but which is still fundamental for all types of applications in these areas.For example, a paper can address how to best conceptualise risk in a business context and have rather limited interest outside this area.
Consider as an example the supply chain risk management area, which has quite recently developed from an emerging topic into a growing research field ( Fahimnia, Tang, Davarzani, & Sarkis, 2015 ).The work by Fahimnia et al. (2015) presents a review of quantitative and analytical models (i.e.mathematical, optimisation and simulation modelling effort s) f or managing supply chain risks and points to generative research areas that have provided the field with foundational knowledge, concepts, theories, tools, and techniques.Examples of work of special relevancy here include Blackhurst and Wu (2009), Brandenburg, Govindan, Sarkis, and Seuring (2014), Heckmann, Comes, and Nickel (2015), Jüttner, Peck, and Christopher (2003), Peck (2006), Tang and Zhou (2012), Zsidisin (2003) and Zsidisin and Ritchie (2010) .These works cover contributions to (I) but also (II), although they are to a varying degree relevant for other application areas.
As an example of (I), consider the analysis in Tang (2006) , specifically addressing what are the risks that are most relevant for the supply chain area.Although not looking at a specific system, it is more natural to categorise the analysis in (I) than (II), as the work has rather limited relevance for areas outside supply chain management.Another example illustrates the spectre of situations between (I) and (II).Tang and Musa (2011) highlight that the understanding of what risk is definitely represents a research challenge in supply chain management.Heckmann et al. (2015) review common perspectives on risk in supply chain management and outline ideas for how to best conceptualise risk, and clearly this type of research is foundational for the supply chain area, but not for the risk field in general.The work by Heckmann et al. (2015) is in line with current generic trends on risk conceptualisation as for example summarised by SRA (2015aSRA ( , 2015b ) ), with respect to some issues, but not others (see a comment about this in Section 3 ).This is a challenge for all types of applications: transfer of knowledge and experience are difficult to obtain across areas, and we often see that the different fields develop tailor-made concepts, which are not up-to-date relative to the developments of the generic risk field.This demonstrates the generic risk research's need for a stronger visibility and impact.On the other hand, the restricted work in specific areas can often motivate and be influential for generic risk research.The author of the present paper worked with offshore risk analysis applications, and issues raised there led to generic risk research about risk conceptualisation ( Aven, 2013a ).There is a tension between different types of perspectives and this can stimulate integrative and ground-breaking ideas.For another example of work in the borderline between (I) and (II), see Goerlandt and Montewka (2015) , related to maritime transportation risk.See also Aven and Renn (2015) , who discuss the foundation of the risk and uncertainty work of the Intergovernmental Panel on Climate Change (IPCC) which is the principal international authority assessing climate risk.This discussion addresses a specific application and is thus of type (I), but it is strongly based on generic risk research (II).
Next we will discuss in more detail how science is related to key risk assessment and risk management activities, in particular the process in which science is used as a base for decision-making on risk.A key element in this discussion is the concept "knowledge".

Science, knowledge and decision-making
In Hansson and Aven (2014) a model which partly builds on ideas taken from Hertz and Thomas (1983) , is presented, showing the links between facts and values in risk decision-making; see Fig. 1.
Data and information, gathered through testing and analysis, about a phenomenon provides the evidence.These data and information contribute to a knowledge base which is the collection of all "truths" (legitimate truth claims) and beliefs that the relevant group of experts and scientists take as given in further research and analysis in the field.The evidence and the knowledge base are supposed to be free of non-epistemic values.Such values are presumed to be added only in the third stage.Concluding that an activity is safe enough is a judgement based on both science and values.The interpretation of the knowledge base is often quite complicated since it has to be performed against the background of general scientific knowledge.We may have tested a product extensively and studied its mechanism in great detail, but there is no way to exclude very rare occurrences of failures that could materialise 25 years into the future.Although the decision to disregard such possibilities is far from value-free, it cannot in practice be made by laypeople, since it requires deep understanding of the available evidence seen in relation to our general knowledge about the phenomena studied.This leads us into the risk evaluation step, as shown in Fig. 1 .This is a step where the knowledge base is evaluated and a summary judgement is reached on the risk and uncertainties involved in the case under investigation.This evaluation has to take the values of the decision-makers into account, and a careful distinction has to be made between the scientific burden of proof -the amount of evidence required to treat an assertion as part of current scientific knowledge -and the practical burden of proof in a particular decision.However, the evaluation is so entwined with scientific issues that it nevertheless has to be performed by scientific experts.Many of the risk assessment reports emanating from various scientific and technical committees perform this function.These committees regularly operate in a "no man's land" between science and policy, and it is no surprise that they often find themselves criticised on value-based grounds.
But the judgments do not stop there, the decision-makers need to see beyond the risk evaluation; they need to combine the risk information they have received with information from other sources and on other topics.In Fig. 1 we refer to this as the decision-maker's review and judgement.It goes clearly beyond the scientific field and will cover value-based considerations of different types.It may also include policy-related considerations on risk and safety that were not covered in the expert review.Just like the expert's review, it is based on a combination of factual and valuebased considerations.
Above we have referred to "knowledge" a number of times, but what is its meaning in this context?The new SRA glossary refers to two types of knowledge: "know-how (skill) and know-that of propositional knowledge (justified beliefs).Knowledge is gained through for example scientific methodology and peer-review, experience and testing."( SRA, 2015a ) However, studying the scientific literature on knowledge as such, the common perspective is not justified beliefs but justified true beliefs.The SRA (2015a ) glossary challenges this definition.Aven (2014) presents some examples for this view, including this one: "A group of experts believe that a system will not be able to withstand a specific load.Their belief is based on data and information, modelling and analysis.But they can be wrong.It is difficult to find a place for a "truth requirement".Who can say in advance what is the truth?Yet the experts have some knowledge about the phenomena.A probability assignment can be made, for example that the system will withstand the load with probability 0.01, and then the knowledge is considered partly reflected in the probability, partly in the background knowledge that this probability is based on".The above knowledge definition of science and the model of Fig. 1 work perfectly in case of the "justified belief" interpretation of knowledge, but not for the "justified true belief" interpretation.
From such a view the term 'justified' becomes critical.In line with Hansson (2013) , it refers to being the result of a scientific process-meeting some criteria set by the scientific environment for the process considered.For example, in the case of the system load above, these criteria relate to the way the risk assessment is conducted, that the rules of probability are met, etc. Aven and Heide (2009) , see also Aven (2011a) , provide an in-depth discussion of such criteria.A basic requirement is that the analysis is solid/sound (follows standard protocols for scientific work like being in compliance with all rules and assumptions made, the basis for all choices are made clear, etc.).In addition, criteria of reliability and validity should be met.The reliability requirement here relates to the extent to which the risk assessment yields the same results when repeating the analysis, and the validity requirement refers to the degree to which the risk assessment describes the specific concepts that one is attempting to describe.Adopting these criteria, the results (beliefs) of the risk assessments can to a varying degree be judged as "justified".
As shown by Aven and Heide (2009) and Aven (2011a) , this evaluation depends strongly on the risk perspective adopted.If the reference is the "traditional scientific method", standing on the pillars of accurate estimations and predictions, the criteria of reliability and validity would fail in general, in particular when the uncertainties are large.The problems for the risk assessments in meeting the requirements of the traditional scientific method were discussed as early as in 1981 by Alvin M. Weinberg and Robert B. Cumming in their editorials of the first issue of the Risk Analysis journal, in relation to the establishment of the Society for Risk Analysis ( Weinberg, 1981 ;Cumming, 1981 ).However, a risk assessment can also be seen as a tool used to represent and describe knowledge and lack of knowledge, and then other criteria need to be used to evaluate reliability and validity, and whether the assessment is a scientific method.
This topic is discussed by Hansson and Aven (2014) .They give some examples of useful science-based decision support in line with these ideas: -Characterisations of the robustness of natural, technological, and social systems and their interactions.-Characterisations of uncertainties, and of the robustness of different types of knowledge that are relevant for risk management, and of ways in which some of these uncertainties can be reduced and the knowledge made more robust.-Investigations aimed at uncovering specific weaknesses or lacunae in the knowledge on which risk management is based.-Studies of successes and failures in previous responses to surprising and unforeseen events.
Returning to the concept of integrative thinking introduced in Section 1 , we may point to the tension between the ideas that risk assessment fails to meet the criteria of the traditional scientific method, and that it should be a solid and useful method for supporting risk decision-making.The result of a shift in perspective for the risk assessment, from accurate risk estimation to knowledge and lack of knowledge characterisations, can be viewed as a result of such thinking.We will discuss this change in perspective for the risk assessments further in Section 6 .

Risk conceptualisation
Several attempts have been made to establish broadly accepted definitions of key terms related to concepts fundamental for the risk field; see e.g.Thompson et al. (2005) .A scientific field or discipline needs to stand solidly on well-defined and universally understood terms and concepts.Nonetheless, experience has shown that to agree on one unified set of definitions is not realistic.This was the point of departure for a thinking process conducted recently by an expert committee of the Society for Risk Analysis (SRA), which resulted in a new glossary for SRA ( SRA, 2015a ).The glossary is founded on the idea that it is still possible to establish authoritative definitions, the key being to allow for different perspectives on fundamental concepts and to make a distinction between overall qualitative definitions and their associated measurements.We will focus here on the risk concept, but the glossary also covers related terms such as probability, vulnerability, robustness and resilience.
Allowing for different perspectives does not mean that all definitions that can be found in the literature are included in the glossary: the definitions included have to meet some basic criteriaa rationale -such as being logical, well-defined, understandable, precise, etc. ( SRA, 2015a ).
In the following we summarise the risk definition text from SRA (2015a ): We consider a future activity (interpreted in a wide sense to also cover, for example, natural phenomena), for example the operation of a system, and define risk in relation to the consequences of this activity with respect to something that humans value.The consequences are often seen in relation to some reference values (planned values, objectives, etc.), and the focus is normally on negative, undesirable consequences.There is always at least one outcome that is considered as negative or undesirable.
Overall qualitative definitions of risk : (a) the possibility of an unfortunate occurrence, (b) the potential for realisation of unwanted, negative consequences of an event, (c) exposure to a proposition (e.g. the occurrence of a loss) of which one is uncertain, (d) the consequences of the activity and associated uncertainties, (e) uncertainty about and severity of the consequences of an activity with respect to something that humans value, (f) the occurrences of some specified consequences of the activity and associated uncertainties, (g) the deviation from a reference value and associated uncertainties.
These definitions express basically the same idea, adding the uncertainty dimension to events and consequences.ISO defines risk as the effect of uncertainty on objectives ( ISO, 20 09a, 20 09b ).It is possible to interpret this definition in different ways; one as a special case of those considered above, e.g.(d) or (g).
To describe or measure risk-to make judgements about how large or small the risk is, we use various metrics:

Risk metrics/descriptions (examples)
1.The combination of probability and magnitude/severity of consequences.2. The triplet ( s i , p i , c i ), where s i is the i th scenario, p i is the probability of that scenario, and c i is the consequence of the ith scenario, i = 1,2, …N .3. The triplet ( C ', Q , K ), where C ' is some specified consequences, Q a measure of uncertainty associated with C ' (typically probability) and K the background knowledge that supports C ' and Q (which includes a judgement of the strength of this knowledge).4. Expected consequences (damage, loss), for example computed by: i. Expected number of fatalities in a specific period of time or the expected number of fatalities per unit of exposure time.ii.The product of the probability of the hazard occurring and the probability that the relevant object is exposed given the hazard, and the expected damage given that the hazard occurs and the object is exposed to it (the last term is a vulnerability metric).iii.Expected disutility. 5.A possibility distribution for the damage (for example a triangular possibility distribution).
The suitability of these metrics/descriptions depends on the situation.None of these examples can be viewed as risk itself, and the appropriateness of the metric/description can always be questioned.For example, the expected consequences can be informative for large populations and individual risk, but not otherwise.For a specific decision situation, a selected set of metrics have to be determined meeting the need for decision support.
To illustrate the thinking, consider the personnel risk related to potential accidents on an offshore installation.Then, if risk is defined according to (d), in line with the recommendations in for example PSA-N (2015) and Aven, Baraldi, Flage, and Zio (2014) , risk has two dimensions: the consequences of the operation covering events A such as gas leakages and blowouts, and their effects C for human lives and health; as well as uncertainty U, we do not know now which events will occur and what the effects will be; we face risk.The risk is referred to as (A,C,U).To describe the risk, as we do in the risk assessment, we are in general terms led to the triplet ( C , Q , K ), as defined above.We may for example choose to focus on the number of fatalities, and then C equals this number.It is unknown at the time of the analysis, and we use a measure to express the uncertainty.Probability is the most common tool, but other tools also exist, including imprecise (interval) probability and representations based on the theories of possibility and evidence, as well as qualitative approaches; see Section 4 and Aven et al. (2014), Dubois (2010), Baudrit, Guyonnet, and Dubois (2006) and Flage, Aven, Baraldi, and Zio (2014) .Arguments for seeing beyond expected values and probabilities in defining and describing risk are summarised in Aven (2012Aven ( , 2015c ) ); see also Section 4 .Aven (2012 ) provides a comprehensive overview of different categories of risk definitions, having also a historical and development trend perspective.It is to be seen as a foundation for the SRA (2015a ) glossary.
The way we understand and describe risk strongly influences the way risk is analysed and hence it may have serious implications for risk management and decision-making.There should be no reason why some of the current perspectives should not be wiped out as they are simply misguiding the decision-maker in many cases.The best example is the use of expected loss as a general concept of risk.The uncertainty-founded risk perspectives (e.g.Aven et al., 2014;Aven & Renn, 2009;ISO, 2009aISO, , 2009b;;PSA-N, 2015 ) indicate that we should also include the pure probabilitybased perspectives, as the uncertainties are not sufficiently revealed for these perspectives; see also discussion in Section 4 .By starting from the overall qualitative risk concept, we acknowledge that any tool we use needs to be treated as a tool.It always has limitations and these must be given due attention.Through this distinction we will more easily look for what is missing between the overall concept and the tool.Without a proper framework clarifying the difference between the overall risk concept and how it is being measured, it is difficult to know what to look for and make improvements in these tools ( Aven, 2012 ).
The risk concept is addressed in all fields, whether finance, safety engineering, health, transportation, security or supply chain management ( Althaus, 2005 ).Its meaning is a topic of concern in all areas.Some areas seem to have found the answer a long time ago, for instance the nuclear industry, which has been founded on the Kaplan and Garrick (1981) definition (the triplet scenarios, consequences and probabilities) for more than three decades; others acknowledge the need for further developments, such as in the supply chain field ( Heckmann et al., 2015 ).Heckmann et al. (2015) point to the lack of clarity in understanding what the supply chain risk concept means, and search for solutions.A new definition is suggested: "Supply chain risk is the potential loss for a supply chain in terms of its target values of efficiency and effectiveness evoked by uncertain developments of supply chain characteristics whose changes were caused by the occurrence of triggering-events".The authors highlight that "the real challenge in the field of supply chain risk management is still the quantification and modeling of supply chain risk.To this date, supply chain risk management suffers from the lack of a clear and adequate quantitative measure for supply chain risk that respects the characteristics of modern supply chains" ( Heckmann et al., 2015 ).
We see a structure resembling the structure of the SRA glossary, with a broad qualitative concept and metrics describing the risk.The supply chain risk is just an example to illustrate the wide set of applications that relate to risk.Although all areas have special needs, they all face risk as framed in the set-up of the first paragraph of the SRA (2015a ) text above.There is no need to invent the wheel for every new type of application.
To illustrate the many types of issues associated with the challenge of establishing suitable risk descriptions and metrics, an example from finance, business and operational research will be provided.It is beyond the scope of the present paper to provide a comprehensive all-inclusive overview of contributions of this type.
In finance, business and operational research there is considerable work related to risk metrics, covering both moment-based and quantile-based metrics.The former category covers for example expected loss functions and expected square loss, and the latter category, Value-at-Risk (VaR), and Conditional Value-at-Risk (CVaR); see e.g.Natarajan, Pachamanova, and Sim (2009) .Research is conducted to analyse their properties and explore how successful they are in providing informative risk descriptions in a decision-making context, under various conditions, for example for a portfolio of projects or securities, and varying degree of uncertainties related to the parameters of the probability models; see e.g.Natarajan et al. (2009), Shapiro (2013), Brandtner (2013) and Mitra, Karathanasopoulos, Sermpinis, Christian, and Hood (2015) .As these references show, the works often have a rigorous mathematical and probabilistic basis, with strong pillars taken from economic theory such as the expected utility theory.

Uncertainty in risk assessments
Uncertainty is a key concept in risk conceptualisation and risk assessments as shown in Section 3 .How to understand and deal with the uncertainties has been intensively discussed in the literature, from the early stages of risk assessment in the 1970s and 1980s, until today.Still the topic is a central one.Flage et al. (2014) provide a recent perspective on concerns, challenges and directions of development for representing and expressing uncertainty in risk assessment.Probabilistic analysis is the predominant method used to handle the uncertainties involved in risk analysis, both aleatory (representing variation) and epistemic (due to lack of knowledge).For aleatory uncertainty there is broad agreement about using probabilities with a limiting relative frequency interpretation.However, for representing and expressing epistemic uncertainty, the answer is not so straightforward.Bayesian subjective probability approaches are the most common, but many alternatives have been proposed, including interval probabilities, possibilistic measures, and qualitative methods.Flage et al. (2014) examine the problem and identify issues that are foundational for its treatment.See also the discussion note by Dubois (2010) .
One of the issues raised relates to when subjective probability is not appropriate.The argument often seen is that if the background knowledge is rather weak, then it will be difficult or impossible to assign a subjective probability with some confidence.However, a subjective probability can always be assigned.The problem is that a specific probability assigned is considered to represent a stronger knowledge than can be justified.Think of a situation where the assigner has no knowledge about a quantity x beyond the following: The quantity x is in the interval [0, 1] and the most likely value of x is ½.From this knowledge alone there is no way of representing a specific probability distribution, rather we are led to the use of possibility theory; see Aven et al. (2014 , p. 46).Forcing the analyst to assign one probability distribution, would mean the need to add some unavailable information.We are led to bounds of probability distributions.Aven (2010) adds another perspective to this discussion.The key point is not only to represent the available knowledge but also to use probability to express the beliefs of the experts.It is acknowledged that these beliefs are subjective, but they nevertheless support the decision-making.From this view it is not either or; probability and the alternative approaches supplement each other.This issue is also discussed by Dubois (2010) .
The experience of the present author is that advocators of nonprobabilistic approaches, such as possibility theory and evidence theory, often lack an understanding of the subjective probability concept.If the concept is known, the interpretation often relates to a betting interpretation, which is controversial ( Aven, 2013a ).For a summary of arguments for why this interpretation should be avoided and replaced by a direct comparison approach, see Lindley (2006 , p. 38) and Aven (2013a) .This latter interpretation is as follows: the probability P ( A ) = 0.1 (say) means that the assessor compares his/her uncertainty (degree of belief) about the occurrence of the event A with the standard of drawing at random a specific ball from an urn that contains 10 balls ( Lindley, 2006 ).
If subjective probabilities are used to express the uncertainties, we also need to reflect on the knowledge that supports the probabilities.Think of a decision-making context where some risk analysts produce some probabilistic risk metrics; in one case the background knowledge is strong, in the other, weaker, but the probabilities and metrics are the same.To meet this challenge one can look for alternative approaches such as possibility theory and evidence theory, but it is also possible to think differently, to try to express qualitatively the strength of this knowledge to inform the decision-makers.The results are then summarised in not only probabilities P but the pair ( P ,SoK), where SoK provides some qualitative measures of the strength of the knowledge supporting P .Work along these lines is reported in, for example, Flage and Aven (2009) and Aven (2014) , with criteria related to aspects like justification of assumptions made, amount of reliable and relevant data/information, agreement among experts and understanding of the phenomena involved.
Similar and related criteria are used in the so-called NUSAP system (NUSAP: Numeral, Unit, Spread, Assessment, and Pedigree) ( Funtowicz & Ravetz, 1990, 1993;Kloprogge, van der Sluijs, & Petersen, 2005, 2011;Laes, Meskens, & van der Sluijs, 2011;van der Sluijs et al., 2005avan der Sluijs et al., , 2005b ) ), originally designed for the purpose of analysis and diagnosis of uncertainty in science for policy by performing a critical appraisal of the knowledge base behind the relevant scientific information.
See also discussion by Spiegelhalter and Riesch (2014) , who provide forms of expression of uncertainty within five levels: event, parameter and model uncertainty -and two extra-model levels concerning acknowledged and unknown inadequacies in the modelling process, including possible disagreements about the framing of the problem.
For interval probabilities, founded for example on possibility theory and evidence theory, it is also meaningful and relevant to consider the background knowledge and the strength of this knowledge.Normally the background knowledge in the case of intervals would be stronger than in the case of specific probability assignments, but they would be less informative in the sense of communicating the judgements of the experts making the assignments.
As commented by the authors of SRA (2015b) , many researchers today are more relaxed than previously about using nonprobabilistic representations of uncertainty.The basic idea is that probability is considered the main tool, but other approaches and methods may be used and useful when credible probabilities cannot easily be determined or agreed upon.For situations characterised by large and "deep" uncertainties, there seems to be broad acceptance of the need for seeing beyond probability.As we have seen above, this does not necessarily mean the use of possibility theory or evidence theory.The combination of probability and qualitative approaches represents an interesting alternative direction of research.Again we see elements of integrative thinking, using the tension between different perspectives for representing and expressing uncertainties to obtain something new and more wideranging and hopefully better.
A central area of uncertainty in risk assessment is uncertainty importance analysis.The challenge is to identify what are the most critical and essential contributors to output uncertainties and risk.Considerable work has been conducted in this area; see e.g.Borgonovo (20 06 , 20 07 , 2015 ), Baraldi, Zio, and Compare (2009) and Aven and Nøkland (2010) .In Aven and Nøkland (2010) a rethinking of the rationale for the uncertainty importance measures is provided.It is questioned what information they give compared to the traditional importance measures such as the improvement potential and the Birnbaum measure.A new type of combined sets of measures is introduced, based on an integration of a traditional importance measure and a related uncertainty importance measure.Baraldi et al. (2009) have a similar scope, investigating how uncertainties can influence the traditional importance measures, and how one can reflect the uncertainties in the ranking of the components or basic events.
Models play an important role in risk assessments, and considerable attention has been devoted to the issue of model uncertainty over the years and also recently.Nevertheless, there has been some lack of clarity in the risk field regarding what this concept means; compare, for example, Reinert and Apostolakis (2006), Park, Amarchinta, and Grandhi (2010), Droguett andMosleh (2013, 2014 ) and Aven and Zio (2013) .According to Aven and Zio (2013) , model uncertainty is to be interpreted as uncertainty about the model error, defined by g ( x ) − y , where y is the quantity we would like to assess and g ( x ) is a model of y having some parameters x .Different approaches for assessing this uncertainty can then be used, including subjective probabilities.This set-up is discussed in more detail in Bjerga, Aven, and Zio (2014) .

Risk management principles and strategies
Before looking into recent developments in fundamental risk management principles and strategies, it is useful to review two well-established pillars of risk management: (a) the main risk management strategies available and (b) the structure of the risk management process.
For (a), three major strategies are commonly used to manage risk: risk-informed, cautionary/ precautionary and discursive strategies ( Renn, 2008;SRA, 2015b ).The cautionary/precautionary strategy is also referred to as a strategy of robustness and resilience.In most cases the appropriate strategy would be a mixture of these three strategies.
The risk-informed strategy refers to the treatment of riskavoidance, reduction, transfer and retention -using risk assessments in an absolute or relative way.The cautionary/precautionary strategy highlights features like containment, the development of substitutes, safety factors, redundancy in designing safety devices, as well as strengthening of the immune system, diversification of the means for approaching identical or similar ends, design of systems with flexible response options and the improvement of conditions for emergency management and system adaptation.An important aspect here is the ability to adequately read signals and the precursors of serious events.All risk regulations are based on some level of such principles to meet the uncertainties, risks and the potential for surprises.The discursive strategy uses measures to build confidence and trustworthiness, through reduction of uncertainties and ambiguities, clarifications of facts, involvement of affected people, deliberation and accountability ( Renn, 2008;SRA, 2015b ).
For (b), the process can be broken down into the following steps (in line with what one finds in standards such as ISO 310 0 0 and most risk analysis text books (e.g.Aven, 2015a;Meyer & Reniers, 2013;Zio, 2007a ): i. Establish context, which means for example to define the purpose of the risk management activities, and specify goals and criteria.ii.Identify situations and events (hazards/threats/opportunities) that can affect the activity considered and objectives defined.Many methods have been developed for this task, including checklists, HAZOP and FMEA.iii Conduct cause and consequences analysis of these events, using techniques such as fault tree analysis, event tree analysis and Bayesian networks.iv.Make judgements of the likelihood of the events and their consequences, and establish a risk description or characterisation.v. Evaluate risk, to judge the significance of the risk.vi.Risk treatment.
In addition, implementation issues related to the risk management process need to be mentioned, see for example ISO (2009b), Banks and Dunn (2003) and Teng, Thekdi, andLambert (2012, 2013 ).
The risk assessments provide decision support in choosing between alternatives, the acceptance of activities and products, the implementation of risk-reducing measures, etc.The generation of the risk-information is often supplemented with decision analysis tools such as cost-benefit analysis, cost-effectiveness analysis and multi-attribute analysis.All these methods have in common that they are systematic approaches for organising the pros and cons of a decision alternative, but they differ with respect to the extent to which one is willing to make the factors in the problem explicitly comparable.Independent of the tool, there is always a need for a managerial review and judgement, which sees beyond the results of the analysis and adds considerations linked to the knowledge and lack of knowledge on which the assessments are based, as well as issues not captured by the analysis, as was discussed in Section 2 .The degree of "completeness" of an analysis depends on the quality of the analysis and applied cut-offs ( SRA, 2015b ).
For a review of some alternative recent decision analytical approaches, see Gilboa and Marinacci (2013) .This reference provides some interesting historical and philosophical reflections on the foundations of the Bayesian and the expected utility based perspectives to decision-making under uncertainty.
From this basis, considerable work on risk management principles and strategies has been conducted in recent years.A pioneering work was carried out by Klinke and Renn (2002) , who offered a new classification of risk types and management strategies.The scheme includes seven aspects of uncertainty and the extent of damage, e.g.delay effects and the geographical dispersion of the damage, and the potential of mobilisation the risk may have.For each risk type, a set of risk management strategies is defined.The work integrates the three major strategies for managing risk as discussed above: risk-informed, cautionary/precautionary and discursive strategies ( Aven & Cox, 2015 ).
Risk management is closely related to policy and policy analysis.A policy can be defined as a principle or plan to guide decisions and achieve desirable outcomes, and the term applies to international organisations, governments, private sector organizations and groups, as well as individuals.The development and operation of policies are often structured by the following stages inspired by decision theory (e.g.Althaus, Bridgman, & Davis, 2007 ): 1. Problem identification-the recognition of an issue that demands further attention 2. Generating alternatives, analysis 3. Processing covering aspects like policy instrumentation development, consulting, deliberation and coordination 4. Decision-making 5. Implementation 6. Evaluation (assessing the effectiveness of the policy) Linking stage 6 with 1, the process is referred to as the policy cycle.It has similar elements as we find in the quality and project management field for ensuring continuous improvement-plan, do, study and act.The above steps (i)-(vi) for the risk analysis process can also be structured in line with this cycle.The risk field provides input to the elements of the policy process for example by: • Conceptualization and characterization of the problem/issue, covering aspects like objectives, criteria, risk, uncertainties, knowledge and priorities.• Structuring the problem by clarifying and highlighting key principles (e.g. the precautionary principle) and dilemmas, such as the balance between development and value creation on one side and protection on the other.• Statistical data analysis to identify those hazards/threats that contribute the most to risk, and in this way guide the decision making on where to most effectively reduce the risk.• Risk assessments and in particular Quantified Risk Assessment (QRA) of alternative potential developments (for examples technological arrangements and systems), to be able to compare the risk for these alternatives and relate them to possible criteria, and other concerns such as costs.• Risk perception and related studies, providing insights about how different actors perceive the risk and what concerns they have regarding the risk and the potential consequences.

Precautionary principle
Few policies for risk management have created more controversy than the precautionary principle, and it is still being discussed; see for example Aven (2011b), Cox (2011), Lofstedt (2003), Sunstein (2005), Peterson (20 06), Renn (20 08) ) and Aldred (2013) .Two common interpretations are ( SRA, 2015a ): -a principle expressing that if the consequences of an activity could be serious and subject to scientific uncertainties then precautionary measures should be taken or the activity should not be carried out; -a principle expressing that regulatory actions may be taken in situations where potentially hazardous agents might induce harm to humans or the environment, even if conclusive evidence about the potential harmful effects is not (yet) available.
Acknowledging the ideas of Fig. 1 , the principle has a rationale, as no method -quantitative risk analysis, cost-benefit analysis or decision theory -can prescribe what the best risk management policy is in the face of scientific uncertainties.However, it does not provide precise guidance on when it is applicable, as the judgement of what constitute scientific uncertainties is subject to value judgements.If for example the scientific uncertainty is related to the difficulty of establishing a prediction model for the consequences ( Aven, 2011b ), subjective judgements are needed to decide when this is actually the case.
Much of the debate on this principle is due to different understandings of the fundamentals of the risk field, for example related to risk and uncertainties.If one studies the above references, it is evident that the risk field needs a stronger conceptual unity.From the perspective of the present author, a key point is the difference between the cautionary and precautionary principles ( Aven, 2011b ).The former principle is broader than the precautionary principle, stating that if the consequences of an activity could be serious and subject to uncertainties, then cautionary measures should be taken or the activity should not be carried out, i.e. faced with risk we should take action.This principle is used for all industries.For example in the Norwegian oil and gas industry there is a requirement that the living quarters of an installation should be protected by fireproof panels of a certain quality for walls facing process and drilling areas.There are no scientific uncertainties in this case, the phenomena are well-understood, yet measures are implemented which can be seen as justified on the basis of the cautionary principle.One knows that such fires can occur and then people should be protected if they occur.Of course, the decision may not be so straightforward in other cases if the costs are very large.A risk assessment could then provide useful decision support, and, in line with the ideas on risk described in Section 3 , weights should also be placed on the uncertainties.At the final stage the decision-makers need to find a balance between the costs and benefits gained, including the weight to be given to the cautionary principle.
In view of the discussion in Section 2 ( Fig. 1 ) and the first part of this Section 5 , proper risk management relies both on being risk-informed and on cautious (robust/resilient) policies.One of these pillars alone is not enough.

Robustness
Considerable works have been conducted in recent years related to robustness in a context of risk and uncertainties; see e.g.Hites, De Smet, Risse, Salazar-Neumann, andVincke (2006), Baker, Schubert, andFaber (2008), Roy (2010), Klibi et al. (2010), Joshi andLambert (2011), Ben-Haim (2012), Fertis et al. (2012), Gabrel, Murat, and Thiele (2014) , and Malek, Baxter, and Hsiao (2015) .Roy (2010) provides a review of research related to robustness.He uses the term 'robust' as an adjective referring to a capacity for withstanding "vague approximations" and/or "zones of ignorance" in order to prevent undesirable impacts, notably the degradation of the properties to be maintained.In this view, the research dealing with robustness seeks to insure this capacity as much as possible.Robustness is related to a process that responds to a concern: the need for a capacity for resistance or self-protection.Gabrel et al. (2014) present a review of recent developments in the field of robust optimisation, seeking to find the best policies when parameters are uncertain or ambiguous.Ben-Haim (2012) provides some overall perspectives on tools and concepts of optimisation in decision-making, design, and planning, related to risk.The author argues that, in decisions under uncertainty, what should be optimised is robustness rather than performance; the strategy of satisficing rather than optimising.Joshi and Lambert (2011) present an example of a "robust management strategy" using diversification of engineering infrastructure investments, and Klibi, Martel, and Guitouni (2010) discuss robustness of supply chain networks under uncertainty.Gabrel et al. (2014) underline some of the challenges of robust optimisation.They write At a high level, the manager must determine what it means for him to have a robust solution: is it a solution whose feasibility must be guaranteed for any realization of the uncertain parameters? or whose objective value must be guaranteed?or whose distance to optimality must be guaranteed?The main paradigm relies on worst-case analysis: a solution is evaluated using the realization of the uncertainty that is most unfavorable.The way to compute the worst case is also open to debate: should it use a finite number of scenarios, such as historical data, or continuous, convex uncertainty sets, such as polyhedra or ellipsoids?The answers to these questions will determine the formulation and the type of the robust counterpart.Issues of overconservatism are paramount in robust optimization, where the uncertain parameter set over which the worst case is computed should be chosen to achieve a trade-off between system performance and protection against uncertainty, i.e., neither too small nor too large.( Gabrel et al., 2014 ) Aven and Hiriart (2013) illustrate some of these points.Using a simple investment model, it is demonstrated that there are a number of ways the robust analysis can be carried out-none can be argued to be more natural and better than others.This points to the need for a cautious policy in making conclusions on what is the best decision, with reference to one particular robustness scheme.It is concluded that there is a necessity to see the robustness analyses as nothing more than decision support tools that need to be followed up with a managerial review and judgement.It is underlined that such analyses should be supplemented with sensitivity analyses showing the optimal investment levels for various parameter values followed by qualitative analyses providing arguments supporting the different parameter values.

Resilience
Resilience types of strategies play a key role in meeting risk, uncertainties, and potential surprises.The level of resilience for a system or organisation is linked to the ability to sustain or restore its basic functionality following a stressor.A resilient system has the ability to ( Hollnagel, Woods, & Leveson, 2006 ): • respond to regular and irregular threats in a robust yet flexible (adaptive) manner, • monitor what is going on, including its own performance, • anticipate risk events and opportunities, • learn from experience.
Through a mix of alertness, quick detection, and early response, the failures can be avoided.Considerable work has been conducted on this topic in recent years; see for example Weick and Sutcliffe (2007), Lundberg and Johansson (2015), Sahebjamnia, Torabi, and Mansouri (2015), Patterson and Wears (2015), Righi, Saurin, and Wachs (2015) and Bergström, van Winsen, and Henriqson (2015) .The Weick and Sutcliffe reference addresses the concept of collective mindfulness, linked to High Reliability Organisations (HROs), with its five principles: preoccupation with failure, reluctance to simplify, sensitivity to operations, commitment to resilience and deference to expertise.There is a vast amount of literature (see e.g.Hopkins, 2014;Le Coze, 2013;Weick, Sutcliffe, & Obstf eld, 1999 ) providing arguments for organisations to organise their effort s in line with these principles in order to obtain high performance (high reliability) and effectively manage risks, the unforeseen and potential surprises.
According to Righi et al. (2015) , resilience engineering supports studies in risk assessments, identification and classification of resilience, training and accident analysis, and it should be seen in relation to the theory of complex systems.Bergström et al. (2015) confirm this and argue that "resilience engineering scholars typically motivate the need for their studies by referring to the inherent complexities of modern socio-technical systems; complexities that make these systems inherently risky.The object of resilience then becomes the capacity to adapt to such emerging risks in order to guarantee the success of the inherently risky system" ( Bergström et al., 2015 ).Although resilience is a generic term, it is most used in the safety domain, whereas robustness is most commonly referred to in business and operational research contexts.
Traditional risk assessments are based on causal chains and event analysis, failure reporting and risk assessments, calculating historical data-based probabilities.This approach has strong limitations in analysing complex systems as they treat the system as being composed of components with linear interactions, using methods like fault trees and event trees, and have mainly a historical failure data perspective.These problems are addressed in resilience engineering, which argues for more appropriate models and methods for such systems; see e.g.Hollnagel et al. (2006) .Alternative methods have been developed, of which FRAM and STAMP are among the most well-known ( Hollnagel, 2004;Leveson 2004Leveson , 2011 ) ).At first glance, resilience engineering seems to be in conflict with risk management as it rejects the traditional risk assessments, but there is no need for such a conflict.With sufficiently broad risk management frameworks, the resilience dimension is a part of risk management as was highlighted at the beginning of this section, and discussed for example by Steen and Aven (2011) and Aven (2015b) .The latter reference relates to the antifragility concept of Taleb (2012) , which builds on and extends the resilience concept.
The key message of Taleb is that to obtain top performance over time one has to acknowledge and even "love" some level of variation, uncertainty and risk.Taleb (2012 , pp. 4-5) proposes "to stand current approaches to prediction, prognostication, and risk management on their heads".However, as discussed above, there is no conflict here if risk and risk management are sufficiently framed and conceptualised.Proper risk management needs to incorporate these ways of thought, which relate risk to performance and improvement processes over time.

Large/deep uncertainties
The above analysis covers in particular situations characterised by large or deep uncertainties, such as in preparing for climate change and managing emerging diseases.What policies and decision-making schemes should be implemented in such cases?Traditional statistical methods and techniques are not suitable, as relevant supporting models cannot easily be justified and relevant data are missing.The answer is as discussed above, cautionary/precautionary, and robust and resilient approaches and methods.Cox (2012) reviews and discusses such approaches and methods to meet deep uncertainties.He argues that the robust and adaptive methods provide genuine breakthroughs for improving predictions and decisions in such cases.Ten tools that "can help us to better understand deep uncertainty and make decisions even when correct models are unknown are looked into: (subjective) expected utility theory; multiple priors, models or scenarios, robust control, robust decisions; robust optimisation; average models; resampling; adaptive boosting; Bayesian model averaging; low regret online detection; reinforcement learning; and model-free reinforcement learning".These tools are founded on two strategies: "finding robust decisions that work acceptably well for many models (those in the uncertainty set); and adaptive risk management, or learning what to do by well-designed and analysed trial and error" ( Cox, 2012 ).
Adaptive analysis is based on the acknowledgement that one best decision cannot be made but rather a set of alternatives should be dynamically tracked to gain information and knowledge about the effects of different courses of action.On an overarching level, the basic process is straightforward: one chooses an action based on broad considerations of risk and other aspects, monitors the effect, and adjusts the action based on the monitored results ( Linkov et al., 2006 ).In this way we may also avoid the extreme events.See also Pettersen (2013) who discusses abductive thinking, which is closely linked to adaptive analysis.Aven (2013b) provides some reflections on some of the foundational pillars on which the work by Cox (2012) is based, including the meaning of the concept of deep uncertainty.He also provides some perspectives on the boundaries and limitations of analytical approaches for supporting decision-making in the case of such uncertainties, highlighting the need for managerial review and judgements, as was discussed in Section 2 .
For some alternative perspectives on how to meet deep uncertainties, see Karvetski and Lambert (2012) and Lambert et al. (2012) , who seek to turn the conventional robustness discussion away from its urgency to know which action is most robust and towards identifying which are the uncertainties that matter most, which matter least, which present opportunities, and which present threats, and why.See also Hamilton, Lambert, and Valverde (2015) .

Surprises and black swans
Taleb (2007) made the black swan metaphor well-known and it is widely used today.His work has inspired many authors, also on foundational issues (e.g., Aven, 2015a;Chichilnisky, 2013;Feduzi & Runde, 2014;Masys, 2012 ), and recently there has been a lively discussion about the meaning of the black swan metaphor and its use in risk management; see Haugen and Vinnem (2015) and Aven (2015d.The metaphor has created a huge interest in risk, in particular among lay persons.It has also created increased focus in the professional risk analysis society about risk, knowledge and surprises.Different types of black swans have been defined and measures to meet them discussed (e.g.Aven, 2015d;Aven & Krohn, 2014;Paté-Cornell, 2012 ).But it is just a metaphor and cannot replace the need for conceptual precision linked to terms such as 'risk', 'probability' and 'knowledge'.As highlighted by Aven (2015b) , the basic idea of addressing black swans is to obtain a stronger focus on issues not covered by the traditional risk perspectives, highlighting historical data, probabilities and expected values (the world of Mediocristan in Taleb's terminology).Surprises do occur relative to the beliefs determined by these measures and concepts (historical data, probabilities and expected values).We need to get more focus on the world outside Mediocristan, what Taleb refers to as Extremistan.Approaches to meet the potential surprises and blacks swans include improved risk assessments better capturing the knowledge dimension, and adaptive and resilient (antifragile) thinking and analysis, as discussed in the references mentioned in this paragraph.

Risk criteria
Risk management is about balancing different concerns, profits, safety, reputation, etc.In general one considers a set of alternatives, evaluates their pros and cons, and makes a decision that best meets the decision-makers' values and priorities.In this process, it is common to introduce constraints, in particular related to safety aspects, to simplify the overall judgements and ensure some minimum level on specific areas, to avoid the consideration of too many variables at the same time.
Such constraints are often referred to as risk criteria, risk acceptance criteria and tolerability criteria; see e.g.Rodrigues, Arezes, and Leão (2014) and Vanem (2012) .For example, in Norway the petroleum regulations state that the operator has a duty to formulate risk acceptance criteria relating to major accidents and to the environment.This practice is in line with the internal control principle, which states that the operator has the full responsibility for identifying the hazards and seeing that they are controlled.This practice is, however, debated, and in a recent paper Abrahamsen and Aven (2012) argue that it should be reconsidered.It is shown that if risk acceptance criteria are to be introduced as a risk management tool, they should be formulated by the authorities, as is the common practice seen in many countries and industries, for example in the UK.Risk acceptance criteria formulated by the industry would not in general serve the interest of the society as a whole.The main reason is that an operator's activity usually will cause negative externalities to society (an externality is an economically significant effect due to the activities of an agent/firm that does not influence the agent's/firm's production, but which influences other agents' decisions).The increased losses for society imply that society wants to adopt stricter risk acceptance criteria than those an operator finds optimal in its private optimization problem.The expected utility theory, which is the backbone for most economic thinking, is used as a basis for the discussion.
The critique against the use of such criteria also covers other aspects; see e.g.Aven (2015a) .Firstly, tolerability or acceptance levels expressed through probability ignore important aspects of risk as discussed in Sections 3 and 4 .A key point is that the strength of knowledge on which the probability judgements are based, is not reflected in the probabilities used for comparing with these levels.Secondly, the use of such criteria can easily lead to the wrong focus, namely meeting the criteria rather than finding the best possible solutions and measures, taking into account the limitations of the analysis, uncertainties not reflected by the analysis, and other concerns important for the decision-making.As strongly highlighted by for example Apostolaksis (2004) , a risk decision should be risk-informed, not risk-based.There is always a need for managerial review and judgement, as indicated by Fig. 1.
The ALARP principle (ALARP: As Low As Reasonably Practicable) is a commonly adopted risk-reduction principle, which is based on both risk-informed and cautionary/precautionary thinking.The principle is founded on the idea of gross disproportion and states that a risk-reducing measure shall be implemented unless it can be demonstrated that the costs are in gross disproportion to the benefits gained.The principle's practical implementation is still a matter of discussion and research; see e.g.Ale, Hartford, and Slater (2015), French, Bedford, and Atherton (2005), Melchers (2001), Vinnem, Witsø, and Kristensen (2006) and Jones-Lee and Aven (2011) .It is tempting to use cost-benefit analysis, calculating expected net present values or expected costs per expected saved lives, to verify the gross disproportionate criterion.And this is commonly done, but should be used with care as these costbenefit criteria do not adequately reflect the uncertainty component of risk ( Aven & Abrahamsen, 2007 ).Uncertainty assessments extending beyond the cost-benefit analyses consequently need to be supplemented with broader processes, as discussed for example by Aven and Vinnem (2007) .

Integrative perspectives
Again we can see aspects of integrative thinking, the tension being caused by the different perspectives, traditional risk analysis, resilience and antifragility, leading to broader risk management frameworks incorporating all these elements.Several frameworks have been developed with such an aim, e.g. the risk frameworks of Renn (2008) and Aven and Krohn (2014) .This former approach has a perspective of governance and combines scientific evidence with economic considerations as well as social concerns and societal values.The latter framework builds on risk thinking as described in Section 3 , focuses on knowledge building, transfer of experience and learning, and adds theories and practical insights from other fields specifically addressing the knowledge dimension.Three areas are given main attention, firstly the collective mindfulness concept linked to High Reliability Organisations (HROs), with its five principles mentioned above.The second area relates to the quality discourse, with its focus on variation, system thinking and continuous improvements ( Bergman & Klefsjö, 2003 ;Deming, 2000 ), while the third includes the concept of antifragility ( Taleb, 2012 ).

The future of risk assessment and management
The future of risk assessment and risk management is discussed in SRA (2015b) and Aven and Zio (2014) ; see also reviews and reflections by Venkatasubramanian (2011), Pasman and Reniers (2014) and Khan, Rathnayaka, and Ahmed (2015) .
A key challenge is related to the development of the risk field, as outlined in Section 2 , having a focus on knowledge and lack of knowledge characterisations, instead of accurate risk estimations and predictions, to meet situations of large uncertainties.Today risk assessments are well established in situations with considerable data and clearly defined boundaries for their use.Statistical and probabilistic tools have been developed and provide useful decision support for many types of applications.However, risk decisions are, to an increasing extent, about situations characterised by large uncertainties and emergence.Such situations call for different types of approaches and methods, and it is a main challenge for the risk field to develop suitable frameworks and tools for this purpose ( SRA, 2015b ).There is a general research focus on dynamic risk assessment and management rather than static or traditional risk assessment.
The concept of emerging risk has gained increasing attention in recent years.Flage and Aven (2015 ) perform an in-depth analysis of the emerging risk concept and in particular its relation to black swan type of events through the known/unknown.According to this work, we face emerging risk related to an activity when the background knowledge is weak but contains indications/justified beliefs that a new type of event (new in the context of that activity) could occur in the future and potentially have severe consequences to something humans value.The weak background knowledge inter alia results in difficulty specifying consequences and possibly also in fully specifying the event itself; i.e., in difficulty specifying scenarios.
We need to further develop risk assessments that are able to capture these challenges linked to the knowledge dimension and the time dynamics.A pure probabilistic approach, for example a Bayesian analysis, would not be feasible as the background knowledge -the basis for the probability models and assignmentswould be poor.There is a need to balance different risk management strategies in an adaptive manner, including cautionary strategies and attention to signals and warnings.
There is also a need for substantial research and development to obtain adequate modelling and analysis methods -beyond the "traditional" ones -to "handle" different types of systems.Examples include critical infrastructures (e.g.electrical grids, transportation networks, etc.), which are complex systems and often interdependent, i.e. "systems of systems".Another example is securitytype applications, where qualitative assessments are often performed on the basis of judgements of actors' intentions and capacities, without reference to a probability scale.There seems to be a huge potential for significant improvements in the way security is assessed by developing frameworks that integrate the standard security approaches and ways of assessing and treating uncertainty.The paper by Aven (2013c) provides an example of a work in this direction.
Societal risk decision-making is more and more challengingit is characterised by many and diverse stakeholders.Some of the challenges and research issues that need to be focused on, here, relate to, inter alia ( Aven & Zio, 2014;SRA, 2015b ): -"how the outcomes of the risk and uncertainties assessment should be best described, visualised and communicated, for their informative use in the above described process of societal decision-making involving multiple and diverse stakeholders, -how issues of risk acceptability need to be seen in relation to the measurement tools used to make judgements about risk acceptability, accounting for the value generating processes at the societal level, -how the managerial review and judgement should be defined in this context.
Key issues that we need to address are: -In intergenerational decision-making situations, what are the available frameworks and perspectives to be taken?What are other options?When are different frameworks more appropriate than others?How do we capture the key knowledge issues and uncertainties of the present and future?What duty of care do we owe to future generations?-How can we describe and represent the results of risk assessments in a way that is useful to decision-makers, which clearly presents the assumptions made and their justification with respect to the knowledge upon which the assessment is based?-How can we display risk information without misrepresenting what we know and do not know?-How can we accurately represent and account for uncertainties in a way that properly justifies confidence in the risk results?-How can we state how good expert judgements are, and how can we improve them?-In the analysis of near-misses, how should we structure the multi-dimensional space of causal proximity among different scenarios in order to measure "how near is a miss to an actual accident"?" The above list covers issues ranging from important features of risk assessment to overall aspects concerning risk management and governance.It can obviously be extended.One example to add is the link between sustainability and risk, which is an emerging research topic; see e.g.Fahimnia et al. (2015) and Giannakis and Papadopoulos (2016) .

Conclusions
Risk assessment and risk management are established as a scientific field and provide important contributions in supporting decision-making in practice.Basic principles, theories and methods exist and are developing.This review paper has placed its focus on recent work and advances covering the fundamental ideas and thinking on which the risks fields are based.Having evaluated a considerable number of papers in this area, the following main conclusions are drawn: 1.The scientific foundation of risk assessment and risk management is still somewhat shaky on some issues, in the sense that both theoretical work and practice rely on perspectives and principles that could seriously misguide decision-makers.Examples include the general conception of risk as an expected value or a probability distribution.
2. In recent years several attempts at integrative research have been conducted, establishing broader perspectives on the conceptualisation, assessment and management of risk.The present author sees this way of thinking as essential for developing the risk field and obtaining a strong unifying scientific platform for this field.These perspectives relate to: • Concepts and terms, like risk, vulnerability, probability, etc.
• The emphasis on knowledge and lack of knowledge descriptions and characterisations in risk assessments • The way uncertainty is treated in risk assessments • The way the risk thinking is combined with principles and methods of robustness and resilience • The acknowledgement of managerial review and judgement in risk management 3.There are signs of a revitalisation of the interest in foundational issues in risk assessment and management, which is welcomed and necessary for meeting the challenges the risk field now faces, related to societal problems and complex technological and emerging risks.
It is hoped that the present review and discussion can inspire more researchers to take part in this work, building a stronger platform for risk assessment and management, meeting current and future challenges, in particular related to situations of large/deep uncertainties and emerging risks.The risk field needs more researchers that have the passion and enthusiasm to bring this field to the next level.

Fig. 1 .
Fig. 1.A model for linking the various stages in the risk informed decision-making (based on Hansson & Aven, 2014 ).