1. Introduction

In an engineering context, to define risk is a concern. As one is focusing on the behavior of a system, say the stability of a slope, a second concern is how to describe risk to communicate it to interested people. In geotechnics, it was found (^{CORTELETTI, 2014}) that risk terminology is currently still very confusing. That is, researchers and engineers do not agree about what is risk and how to communicate it, despite the efforts of professional associations like the American Geotechnics Society - AGS in establishing a single vocabulary. Other important concepts in engineering risk assessment, like hazard, vulnerability and susceptibility, are often the cause of confusion within risk concept.

This paper aims to discuss the concepts of risk and the basis of the methods of risk evaluation considering applications in the field of geotechnics. Because of its mathematical basis, engineers are often willing to use equations to express risk. In this paper, equation and "non-equation" expressions of risk are discussed. Non-equations are functional expressions of risk dependent parameters like hazard, vulnerability, cope capacity and response capacity but not intended to calculate risk and express it by one numerical measure.

2. The concepts of risk, hazard, vulnerability and susceptibility

^{Kaplan and Garrick (1981)}, in a memorable work about quantitative definition of risk, proposed to find its elements as the responses to three intuitive questions that arise when one is observing an engineering system:

What can happen? (i.e., what can go wrong?)

How likely is it that that it will happen?

If it does happen, what are the consequences?

This means that elements of a risk definition, *R*, are a set of scenarios, *S _{s}* (the response of the first question), the probability of its occurrence,

*p*(the response to the second question), and the associated consequences measured by

_{s}*x*(the response to the third equation). Expressing it in mathematical notation one has:

_{s}

The index s runs from 1 to S scenarios to express that question (a) has a great number of responses. For example, in relation with the stability of a 0.15km^{2} sloping metropolitan area of Belo Horizonte, capital of the State of Minas Gerais, a hazardous event is the elevation of the water table beyond a given limit of 1.5m which may be caused by intense rains. In this area lives an estimated population of 5000 people. During the summer, say that the probability of an intense rain which may cause a hazardous elevated water table is 0.25. Expressing the risk of slope instability in this area one may write:

S_{1}= Intense rain which may cause a hazardous elevated water table;

p_{1}=0.25;

x_{1}= 5000 people affected (losing their houses, hurt or died).

^{Aven (2011)} presents the same definition of ^{Kaplan and Garrick (1981)} but he slightly changed the third question: What are the probabilities of scenarios "and" consequences? Thus, risk may be expressed as a somewhat different code as:

where {*A*} is a set of scenarios, {*C*} is a set of consequences corresponding to the scenarios and {*P*} is a set of the probabilities of occurring {*A*} and {*C*}. Comparing code (1) with code (2), in (1) given a scenario, its consequences are considered not affected by any uncertainty; in (2), both the scenario and the consequences are affected by a level of uncertainty. For example, in the slope instability analysis cited before, say that the probability of 5000 people affected is 0.5 once the instability occurs, thus the risk would be expressed as *R* = {*S _{1},x_{1}*,0.125} being 0.125 the probability of

*S*and

_{1}*x*or using the notation of (2) the probability of {

_{1}*A*} Ç {

*C*}.

It is important to be aware that it is not because one uses the expressions (1) and (2) written in a mathematical form that they are or are not quantitative definitions of risk or in other words, quantitative methods to risk evaluation. In fact, (1) and (2) are only linguistic symbols or "codes" to express that the risk is considered as dependent of some parameters like scenario descriptions, probability of scenarios and measures of consequences. In addition, codes (1) and (2) do not address several questions whose answers would be desirable in a rigorous definition of risk: What are the objective criteria for choosing the scenarios *S _{s}*? What concept of probability is used when

*p*is evaluated? How to measure consequences

_{s}*x*?

_{s}Kaplan and Garrick's definition of risk is referred to as a "quantitative definition of risk". ^{Hassel (2010)} argues that this definition is useful not because it is termed "quantitative" but because it uses the notion of scenarios. He called it an "operational definition" of risk as it is not a method to measure risk but a general way of characterizing it.

The notion of risk scenarios is pivotal in this concept. ^{Hassel (2010)} presents a conceptualization of it based on Linear Algebra concept of subspaces. A state of the system is a set of the values of its defining variables u* _{i}*, i=1,

*N*at one instant t

*, {u}*

_{j}_{j}. Considering the state variables as continuously real valued and linearly independent, {{u},t} , span a space-time called systems state space-time herein referred to as

*SS*. A scenario expresses the way that a system can behave when it is externally excited for one or more causes which tend to alter its currently state variables. Using a kinematics analogy, a scenario is a "trajectory in a state space of a system" (

^{Hassel, 2010}). Being u

*the time history of values of the N state variables u*

_{ij}*, a scenario may be understood as a succession of system states {{u}*

_{i}_{1},{u}

_{2},...,{u}

*}. Figure 1 taken from*

_{J}^{Hassel (2010)}illustrates the scenario concept for a system characterized by two variables u

_{1}and u

_{2}. The scenarios are the product of uncertainties in a space of possible combinations of state variables. The scenarios of interest in risk analyses are referred to as risk scenarios

*S*=1,

_{s}, s*S*which are deviations of the "success scenario",

*S*.

_{o}

The risk scenario concept is associated with negative consequences. The ISO 31000 definition of risk (^{ISO, 2009}) which states that "risk are effects of uncertainty on objectives", obviously including positive and negative consequences, is generally used in most technical engineering problems. This may be well understood considering that engineers look for optimized solutions in terms of material and energy consumption, always facing the problem of staying on the safety side but not too far from the safety bounds. Thus, only those scenarios associated with likely negative consequences are of concern.

As can be deduced from codes (1) and (2), identification of risk scenarios must be the first scope on risk analyses. The set of scenarios considered in risk analyses must be finite, disjointed and complete. Finiteness means that the number of scenarios in a set do not have to be very extensive for practical reasons, although theoretically the number of trajectories in the state space of the system is infinite. Disjointed means that scenarios do not exist that cover the same underlying scenarios, or using mathematical language, the scenarios in a set are independent. Completeness means that all important risk scenarios are considered being a combination of occurrence probability and relevance of negative consequences a criterion to decide what scenarios are important.

Up to this point, the development of an "operational definition of risk" was only based on the premise that "in face of an external excitation, a system may behave in such a way that it may suffer or develop negative consequences". In rough terms, this means only that the premise here is that "risk exists". To narrow this broad field, let us consider only risks of natural disasters; that is, human disasters caused by a natural trigger (^{PELLING, 2003}). This takes out of consideration terrorism acts and other intentional human acts. In this context, the risk concept frequently appears modified by concepts like hazard, vulnerability and susceptibility which cause some changes in the scenarios approach.

^{UNISDR (2009)} gives the following definition of hazard: "A dangerous phenomenon, substance, human activity or condition that may cause loss of life, injury or other health impacts, property damage, loss of livelihoods and services, social and economic disruption, or environmental damage". It is observed that hazards vary in nature (phenomenon, substance, human activity or condition), but all classes of hazards are capable of impacting the engineering system itself, causing its malfunctioning and deviating it from a successful scenario.

Risk scenarios and hazards are often interchanged in some definitions of risk (^{BONACHEA et al., 2009}; ^{MAHLER et al., 2012}; LEE and CHI, 2011), but they are not the same concept. Consider that all risk trajectories of a system are a risk subspace-time *RST* of the state space-time *SS*. A risk scenario is a trajectory of the system which has at least one part running into *RST*. For example, consider that Figure 2 illustrates the *SS* of a system dependent on two state variables *u _{1}* and

*u*. Upon investigating the system stability, it was concluded that it is unstable for every state characterized by

_{2}*u*≥ 0 and

_{1}< U_{1}*u*. Thus, trajectories (1) and (2) are risk scenarios. In these trajectories some points are notable: the point "empty circle" when the observation of the system begins, that is, the origin of its trajectories; the point "red circle" when a hazard is identified; the point "yellow triangle" when the system enters the

_{2}< U_{2}≥ 0*RST*; and the point "black arrow" when the system fails. Trajectory (3) is not a risk scenario - not because the first and second "red circles" are not dangerous events but because the system is supposed to behave without any negative consequences.

It is concluded that risk scenarios are potential trajectories in the stated space of a system; hazards are those phenomena which excite the system during a certain period of time influencing its trajectory. Using a physical analogy, hazards are like impulses of a force whose action may occur during a time interval of short or long duration. In sum, two aspects are of most interest considering risk scenarios, hazards and consequences:

some hazards are of long duration, that is, they are always present, like occurs in technological risk analyses (for example, a nuclear power plant located close to a river is perceived as a continuous hazard); some others are phenomena occurring in a short period of time like an intense rainfall;

hazards are distinct of risk scenarios and distinct of consequences. A hazard is a potential, abstract and never directly observable event; risk scenarios are potential but may occur as expected (and, thus, somewhat observable) depending on the accuracy of its description before it happens, if it happens; consequences are transformations of the exterior environment and are directly observable (for example, floods and landslides); others are not observable because of its nature (for example, population panic and fear after disasters) or because they are shifted along time (for example, climate changes).

The concept of vulnerability emerged in the 1970s having two interpretations relevant for risk analyses in engineering. The first is that vulnerability is a global system property (^{JOHANSSON and HASSEL, 2010}) which evaluates the severity of negative consequences on a specific hazardous event. Thus, it is very close to the concept of risk scenario. In the second, vulnerability is used to describe a system component or an aspect of a system.

In the field of engineering, and particularly in geotechnics, vulnerability takes on both interpretations. Often a specific risk scenario is considered because it is likely to occur and it is known that if it happens, it will cause severe negative consequences in the system. In this case, the first interpretation is in use. For example, in landslide risk analysis, it is common to consider an intense rainfall as a hazard and the slope instability as the only risk scenario. Thus, the water table height may not be the vulnerability of a well-drained slope but it certainly is for a clay layered slope. But, when more than one risk scenario is likely to occur for a specific hazard, it may be worth considering vulnerabilities in the second interpretation. For example, if an earthquake and an intense rainfall are likely to occur, both the fact of being fractured and having a clay based slope are vulnerabilities of the system.

Susceptibility is a term often used in geotechnical risk analyses. In general, it expresses the propensity of occurrence of a specific risk scenario in a given area considering its vulnerabilities (^{GUILLARD and ZEZERE, 2012}). Thus, it is a genuinely qualitative concept relating the notions of risk, hazard and vulnerability with a spatial distribution. Its application in engineering and geotechnics comes from first inventories or mapping destined to serve as basis for zonation (^{VARNES, 1984}) and for a future more accurate analyses.

Having the above notions of risk, risk scenario, hazard, vulnerability and susceptibility, one may consider qualitative and quantitative methods to evaluate risk and afterwards, it is possible to go into some definitions of risk and verify that often engineers tend to mix these concepts, creating an unfavorable situation for understanding and communicating risk.

3. Quantitative and qualitative methods to evaluate risk

Two ways are initially open and generally accepted do define risk: qualitatively and quantitatively. Qualitative methods to define risks are often used because they are very intuitive. For example, one may say that the risk of landslide in a known area is "high", "medium" or "low" under intense rainfalls. But, this makes sense only with basis in a convention of what is "high", "medium" or "low" risk to make risk communication possible. Furthermore, even with the use of methods which stand for its objectivity, like Finite Element Method, subjective evaluations of risk causes the indetermination of the safety of the entire solution.

However, methods of quantitative risk assessment are not simply formulated and are based on probabilistic concepts whose physical interpretation demands specific skills. Frequently, when it comes to analyzing risk, engineers wait for a number which may be used as its synthesis or, in other words, its measurement. However, risk is not a concept that can always be expressed as a simple number. For example, one may consider three scenarios on the landslide risk analysis mentioned before generating a table which is the expression of risk. Probabilities and consequence measurements in this table are obtained based on specific methods, for instance those given by ^{Li and Chi (2011)}. ^{Kaplan and Garrick (1981)} proposed that a table like Table 1 is needed to express risk. These authors are sufficiently emphatic to say that "Table 1 is the risk". The methods to obtain other tables like Table 1 are quantitative methods of risk analyses.

Rainfall of 25mm or less |
0.80 | 0.3 | 1.00 |

Rainfall of more than 25mm and less than 100mm |
0.13 | 0.5 | 0.20 |

Rainfall of more than 100mm |
0.07 | 1.2 | 0.07 |

Following arguments of ^{Hassel (2010)}, if risk scenarios are not adopted, one has no description of the potential course of events that lead to negative outcomes; that is, one does not attempt to anticipate what may happen in the system. Furthermore, not considering scenarios, prevention and preparedness are very difficult tasks, since one has no knowledge about what aspects or features of the system affect the courses of negative events.

Probability is essential to express the level of confidence one has that the system will behave as predicted by a particular risk scenario, or to express the frequency this particular risk scenario will appear, if a "mental experiment" is repeated a certain number of times. To do only a rough picture of the way a system behaves, perhaps one does not need to use probabilities. But, in most cases of engineering interest, one needs to be able to screen and prioritize scenarios and then one must consider what future potential events are more or less likely.

However, in several situations, engineers prefer not to do explicit risk scenarios but to use "index approaches" which means to build indicators that are assumed to correlate with risk. They are usually simple and fast to calculate, easy to understand and suitable for quickly supporting engineers in their decision making process about risk management. Risk communication is also easy for an unskilled audience. Furthermore, indexes can be estimated on the basis of information and data already available, not requiring additional efforts. For example, when one says that a tailings dam has a safety factor of 1.3 an index approach is certainly being used.

But, index approaches do not fit well for complex systems even though theoretically it is possible to build a composed risk index using weighting techniques. In geotechnics, systems are not so complex and several authors (BONACHEA *et al.*, 2010; ^{GUILLARD and ZEZERE, 2012}; ^{MAHLER et al., 2012}) apply index approaches to risk analyses. However, this approach is responsible for a loss of content of the analysis, as explicit risk scenarios are able to make people reflect in what may happen in the future and create risk awareness. More important is the fact that index approaches walk in parallel with qualitative methods of risk evaluation.

To perform analyses using an index approach, one needs to know how a system behaves identifying the most important parameters, which will define the risk of a particular event of interest in it. To illustrate, ^{Esposito and Duarte (2010)} proposed a true index approach to classify risk of failure in tailings dams. In sum, a risk index *R _{i}* is defined as:

where: the π* _{i}*, i=1,

*n*are numbers that score existing risk parameters in the system against a table of preset values. For example, considering the volume

*V*of material deposited, the risk parameter π

_{1}=2 for

*V*≥ 20 hm

^{3}; π

_{1}=1.5 for 5hm

^{3}≤

*V*<20 hm

^{3}; and π

_{1}=1.0 for

*V*< 5hm

^{3}may be used. The subjective nature of the values of the parameter π

_{1}is obvious. Hence, generalizing from this example, in order to make use of an index approach method, the analyst's values must correspond to the ones used as a basis for the method, usually those of the developer. But, since values are subjective, this is not always the case.

4. Equations and non-equations on risk analysis

Related to equations and non-equations in risk analysis, one observes an apparent paradox: equations, which are in thesis the expression of objective methods, are used to evaluate risk as part of qualitative analyses, although non-equations, which are in principle an expression of subjective relationships, are associated with quantitative ones. The phenomenon with equations for risk evaluation is referred to as a "compression" because risk is far more than what may be expressed by a number. This question is discussed by ^{Aven (2010)}, where he concluded that risk does not exist "objectively". In fact, it is a cultural phenomenon which has at least three dimensions: the dimension of what is perceived as capable of producing undesirable results; the uncertainty of these events expressed by frequency based on probabilities or by subjective degrees of confidence expressed as probabilities; and the magnitude of the negative consequences. The first one may be called as "cultural dimension" because community identification of risks is informed by their ethical values. The second is the "phenomenal dimension" because it is related to the uncertainty of the phenomena "risk scenarios" which are an internal characteristic. The third, is the "environmental dimension" because it refers to how the real world is modified by the risk phenomena.

^{Corteletti (2014)} presents a review of risk concepts by eleven authors in the area of geotechnics. These concepts are to be criticized in a future work but, in sum, they are all "compressions" of the extended operational concept discussed here (^{KAPLAN and GARRICK, 1981}; ^{AVEN, 2010}; ^{HASSEL, 2010}). Some of these definitions are equations to estimate risk looking forward to express it solely by a number.

One concept for risk estimative often used in geotechnics states that risk is "probability times consequences" (^{LI and CHI, 2011}). This compression of risk concept which is common consists of measuring risk by applying the probability of a risk scenario to its consequences measure. This equation makes sense in a context where only one risk scenario is under consideration and where the consequences are measured by the same unit. In evaluating financial consequences of an event, it may be considered a useful method to evaluate risk. For example, if a stop of twelve hours on a railroad caused by a landslide has a probability of 15% in one year of operation, the correspondent risk is 0.15*C*, where *C* is the amount of goods that would be transported during this period.

A common mistake in geotechnical texts are to consider non-equations as equations to evaluate landslide risk. For example, ^{Corteletti (2013)} cites Fell *et al.* (1994) and Van Westen (2008) who give the "equation":

where *R* is risk; *E* is a measure of the consequences; *P* is the probability of a landslide; and *V* is the vulnerability. Obviously, code (4) is not originally an equation; it is solely a generic statement that risk is a function of consequences, probability of landslide and vulnerability. Without consideration of what probability and vulnerability are taken in this code, it is transformed into an equation only if *E, P* and *V* are indexes qualitatively chosen through some subjective criteria. Thus, once more equations are to be used in risk analyses by qualitative methods.

5. Conclusions

This paper discusses risk concept as expressed by equations and by what is called herein as non-equations. Related concepts like those of risk scenario, hazard, vulnerability and susceptibility are also discussed. It was demonstrated that a risk scenario is distinct of hazard; vulnerability has two points of view both important in geotechnics: a global property of the system and a particular aspect of it; and that susceptibility is a concept related to the spatial distribution of risk or vulnerabilities.

It was concluded that equations defining risk are found in the qualitative risk analysis context and that non-equations are risk expressions used in quantitative context. This is an apparent paradox. As risk is dependent on at least three dimensions (cultural, phenomenal and environmental), equations represent a compression of risk concept and are coherent only in the context of an index approach method.