2022 Strategic Forecasting and Risk Analysis - Introduction - Lecture 4

Strategic Forecasting and Risk
Analysis
Dr. V. MAGADZIRE
Ph.D. in Economics, University of Leeds, UK
Ph.D. in Public Policy, South Korea
Master of Public Policy, Japan
Master of International Business, The Netherlands
Master of Science in Finance and Investment, NUST Zim
B.Com (Hons) in Banking, NUST Zimbabwe
Definitions & Concepts
 Achievinga common terminology

remains a challenge
 Scientists
and practitioners have
developed specific terminology for
the assessment of particular risks
and impacts
Definitons & Concepts
 This terminology differs

significantly between the various
disciplines
i. Risk
ii. Vulnerability
iii. Risk assessment
iv. Risk analysis
v. Risk criteria
vi. Risk criteria
vii. Political/social impacts
viii. Threat
ix. Strategic forecasting

 Risk:
is a combination of the

consequences of an event
(hazard) and the associated
likelihood/probability of its
occurrence
 Risk:
 Intechnical settings, risks are described

quantitatively by the likely frequency of
occurrence of different intensities for
different areas, as determined from
historical data or scientific analysis
 Risk analysis:
isthe process to comprehend

the nature of risk and to
determine the level of risk
 Vulnerability
The characteristics and

circumstances of a community,
system or asset that make it
susceptible to the damaging effects
of a hazard
 Vulnerability
In probabilistic/quantitative risk

assessments the term vulnerability
expresses the part or percentage of
exposure that is likely to be lost due
to a certain hazard
Intelligence and Risk
Objectives of the lecture
 To:
describe how risk analysis can be

integrated into intelligence
 We want to see how risk specialists

structure their problems
and what the implications are for

bringing risk management into
intelligence and security affairs
 The reason risk management

hasn't been widely used in the
intelligence community is not
hard to understand
i. Few people have given much

thought to what it is or how it
could be used
 The same was once true in

other fields
ii. It isn’t bureaucratic resistance

that's the problem
 Rather, the problem is the lack of a

clear statement of exactly what risk
management is and why it is useful
 Itis necessary to dispose of some
preconceptions here.
One is that risk management

consists of using models and
mathematical methods
◦ e.g. Value at Risk, options theory , or decision and

fault trees
 There are many modeling

techniques, and they may have
useful application in intelligence
 But risk management conceived

as a collection of methodological
tools is much too narrow an
approach
 Creating
a collaborative structure -
for example, between intelligence
and operations –
ismore than just disseminating

narrowly focused tools
 It
is about managing the complex
interplay that occurs in these
disparate networks, of which one
of the most important is risk
 The real payoff of risk

management lies in its ability to
foster a common language for
assessing and discussing risk by
the different parts of an
organization
 It
raises the level of conversation
about risk in such a way that
terms and categories have a
consistent meaning
 Riskwill take an increasingly

central place in national security
decision-making
 For
intelligence, this leads to a
new game
 The intelligence community

needs not only to be aware of
this, but also to design their work
to better assess, clarify, and define
the risks that follow from these
changes
 Intelligence
also has to develop a
more productive conversation with
other operational components of
national security, because it is ever
more tightly linked to them. Risk
management offers a powerful
framework to facilitate this
conversation
 Intelligenceprofessionals can use

the risk analyst’s toolbox to sharpen
conclusions that are made in
intelligence products by providing
support for identification of
scenarios of greatest concern
 Riskanalysis can also be used to

focus future collection efforts on
information that appears to be
most relevant to refining existing
estimates of risks
 However, risk analyses must be
conducted to:
i. meet challenges of information

availability
ii. match resolution of results to

the problem
iii. reflect risk as the social

construct that it is
iv. and not ignore the possibility

of surprise
 it is important that practitioners

applying risk analysis recognize its
limitations to ensure that results are
appropriate for the purpose and
that its use does not blind the
analyst to potential surprises
 Riskanalysis provides a framework

for considering threat, vulnerability,
and consequences of potential
terrorist attacks and developing
strategies to manage these risks
most effectively with limited
resources
Intelligence and Risk Analysis
 risk analysis combines intelligence
about:
i. the objectives and capabilities of

terrorist groups with
assessments of the required
capabilities and resources to
complete successfully an attack
Intelligence and Risk analysis
ii. assessments of the vulnerabilities of

targets to different attack modes,
and
iii. assessments of consequences of

different types of attacks on different
targets
 Theproduct of this analysis is

identification of terrorism
scenarios that present the
greatest risk
This result itself can be used by the

intelligence cycle
Thus, at its most basic form, risk

analysis can be integrated into the
intelligence cycle as part of the analysis
and production step
 However:
assessments of the relative risks of

different attack scenarios may only
be adequate as intelligence products
to support for strategic and
operational analysis
 Often more specificity than
relative risks of different attacks
is required about:
i. where an attack will occur

ii. when the attack will occur
iii. who will try to attempt the
attack
 In particular:
 Int-officers
attempting to prevent
future terrorist attacks need to have
guidance of where to conduct
further surveillance and who to
target with such efforts
 Thisinformation requires an
understanding of the detailed
steps and timelines associated
with planning and orchestrating
an attack
Some aspects of this are specific to

the target and attack mode being
considered
Others aspects are specific to how

the group that is planning the attack
operates
 Detailed information about

attack planning can be developed
through:
i. surveillance of terrorist groups

ii. investigations into foiled or

successful plans for attacks
iii. red-teaming studies facilitated

by tools of risk analysis
 Rosoffand von Winterfeldt
(2006) demonstrated how
probabilistic risk analysis can be
used in this way within the
context of scenarios for
detonating a radiological device
at the ports of Los Angeles and
Long Beach
 In this study:
 probabilistic
risk analysis was used
to decompose the attack scenario
into its component steps and
explore how defensive
countermeasures directed at each
step could reduce the risks of attack
 Bycombining the results of risk

analysis with detailed assessments of
the planning stages of terrorist
attacks, the intelligence process can
provide directed intelligence
products and refine future planning
and direction of intelligence
collection
 ANALYST’S CHALLENGES TO APPLYING RISK ANALYSIS
PRODUCTIVELY
 The productive application of risk

analysis to support intelligence
analysis must address four
methodological challenges:
i. developing methods that can

be supported with obtainable
information
ii. matching resolution of results

with the problem
iii. applying the best practices of

risk analysis
iv. avoiding the potential for

blinding analysts to the
possibility of surprise
 Considerations regarding
availability of information to
support risk analysis:
Basinganalysis on obtainable
information
 Matching resolution of analysis to the problem
 There is no single risk

assessment tool that fits the
demands of all problems
 Each problem has unique aspects

that determine requirements for
the spatial and temporal
resolution of results
 Risk assessments intended to

support design or performance
assessment for security need to
be tuned to a specific threat or
target, but not necessarily on a
specific time
 For example, consider an

assessment used to buttress physical
security at a nuclear power plant.
Designs need to be focused on
specific types of attacks on specific
parts of the plant, but it is much less
important whether the attacks
would occur this year or next
 Risk assessments for strategic

planning need to be specific
about what types of attacks could
occur,
 butdo not require specificity of

when or where the attacks will
occur because strategic
assessments need only reflect the
range of threats of terrorism
 For example:
think of analysis to support the

division of resources among
control of nuclear proliferation
and border security
Here the decision making does

not require distinctions between
specific places or which attack
will happen first
It is important instead that the

planning consider the correct
range of attacks
 risk assessments to support

tactical decisions require both
spatial and temporal specificity
They will be used to help decide

what actions to take and when to
take them
 For example:
 consider analysis that would help local law

enforcement determine where and how
many officers to deploy in security around
a national political convention and when
and where to supplement security in
response to specific threats
 In this case:
Assessments of risks based on

capabilities terrorists had last
year are irrelevant if the way the
group operates has changed
dramatically
 Applying the best practices of risk analysis
 The best practices of risk analysis

recognize that:
i. risk is a social construct
ii. risk analysis requires an analytic

and deliberative process
 An analytic risk assessment must

address all three of the factors
that determine risk:
threat,
vulnerability, and
Consequence
When feasible, this should be

done quantitatively
using qualitative methods to fill in

data gaps were necessary and
appropriate
To the extent qualitative

methods are used, risk analysis
will be more useful for sorting
high risks from low ones than for
optimizing or fine tuning risk
management strategies
 Risk assessments must be

repeatable so all parties can
replicate, analyze, and understand
them
 Risk assessment will require

standard definitions within an
analysis or methodology to
ensure that results are consistent
among analysts
 It may be impossible to develop

consistent definitions across all risk
analyses
◦ However, that is not necessary so long as

consistency is applied within an analysis
and when results are compared from one
analysis to another
It is most important that the

analysis is transparent such that
definitions are clearly
documented and appropriate for
the problem at hand
 Deliberative
A deliberative process is
necessary because the notion of
a cold, actuarial risk assessment is
unrealistic
 Deliberative
 Although one might think risk analysis

could be performed only on the basis of
data about threat, vulnerability and
consequences, it is not possible to assess
risks without considering individual values
and judgments about risks and risk
exposures
 Deliberative
 As a result:
risk analyses must include

deliberative processes that make
it possible to take these
judgments into account
 Avoiding blinding analysts to surprise
 The strength of applying risk

analysis to intelligence analysis is
that it provides a set of tools for
translating available information
about:
i. motivations
ii. capabilities
iii. infrastructure
iv. vulnerabilities, and
v. attack consequences
 into a set of common metrics that can

be used to develop strategies to protect
communities from attack effectively
The results of a risk analysis are

bounded by the information and
assumptions that go into it
Only those attacks that are

envisioned will be assessed and
only those targets that are
considered relevant will be
considered
 As a result:
 the potential exists that risk analysis
could lead the intelligence community to
place too much attention on events that
are presumed to be likely, thus only
reinforcing prior beliefs about threats and
risks and not revealing new insights or
trends
 To counter this potential bias, it

is necessary to:
i. state explicitly the principal

assumptions built into risk
assessments and security plans
 To counter this potential bias, it

is necessary to:
ii. fully explore uncertainties

around the risk
 To counter this potential bias, it is necessary

to:
ii. adopt methods that allow

analysts to consider the extent
to which information they are
assessing could explain
alternatives that they are not
considering
 To counter this potential bias, it is

necessary to:
iii. consider institutional

structures designed to prevent
myopic policies with respect
to the possibility of surprise
Summary
 In this lecture:
 described how methods of risk

analysis can be integrated into
the intelligence cycle used to
produce warnings and threat
assessments
Summary
 This connection reveals two ways that

risk analysis can be of potential value to
the intelligence community
 Risk analysis can be a tool that can help

intelligence practitioners sharpen their
conclusions by providing analytic support
for identification of scenarios of greatest
concern.
Summary
Risk analysis can also be used to

direct future collection efforts on
information that appears to be
most relevant to refining existing
estimates of terrorism risks
Summary
 However:
risk analyses must be conducted

to meet challenges of information
availability
Summary
 However:
matching resolution of results to

the problem, reflecting risk as the
social construct that it is, and not
ignoring the possibility of
surprise

2022 Strategic Forecasting and Risk Analysis - Introduction - Lecture 4

Uploaded by

2022 Strategic Forecasting and Risk Analysis - Introduction - Lecture 4

Uploaded by

Strategic Forecasting and Risk

 Achievinga common terminology

 This terminology differs

vi. Risk criteria

vii. Political/social impacts

ix. Strategic forecasting

is a combination of the

 Intechnical settings, risks are described

isthe process to comprehend

The characteristics and

In probabilistic/quantitative risk

describe how risk analysis can be

 We want to see how risk specialists

and what the implications are for

 The reason risk management

i. Few people have given much

 The same was once true in

ii. It isn’t bureaucratic resistance

 Rather, the problem is the lack of a

One is that risk management

◦ e.g. Value at Risk, options theory , or decision and

 There are many modeling

 But risk management conceived

ismore than just disseminating

 The real payoff of risk

 Riskwill take an increasingly

 The intelligence community

 Intelligenceprofessionals can use

 Riskanalysis can also be used to

i. meet challenges of information

ii. match resolution of results to

iii. reflect risk as the social

iv. and not ignore the possibility

 it is important that practitioners

 Riskanalysis provides a framework

i. the objectives and capabilities of

ii. assessments of the vulnerabilities of

iii. assessments of consequences of

 Theproduct of this analysis is

This result itself can be used by the

Thus, at its most basic form, risk

assessments of the relative risks of

i. where an attack will occur

Some aspects of this are specific to

Others aspects are specific to how

 Detailed information about

i. surveillance of terrorist groups

ii. investigations into foiled or

iii. red-teaming studies facilitated

 Bycombining the results of risk

 The productive application of risk

i. developing methods that can

ii. matching resolution of results

iii. applying the best practices of

iv. avoiding the potential for

 There is no single risk

 Matching resolution of analysis to the problem

 Each problem has unique aspects

 Risk assessments intended to

 For example, consider an

 Risk assessments for strategic

 butdo not require specificity of

think of analysis to support the

Here the decision making does

It is important instead that the

 Matching resolution of analysis to the problem

 risk assessments to support

 Matching resolution of analysis to the problem

They will be used to help decide

 consider analysis that would help local law

Assessments of risks based on

 The best practices of risk analysis

i. risk is a social construct

ii. risk analysis requires an analytic

 An analytic risk assessment must

When feasible, this should be