Monday, 24 November 2014

Legislative techniques: Designing risk-based legislation

(These are notes from a workshop conducted in November 2014.  In turn, it is a highly summarized form of a series of lectures intended to run over a semester, designed for policy officers.)

1.   Anatomy of Risk

  Risk Management Standard ISO 31000:2009 -  Risk is defined as the “effect of uncertainty on objectives”.
  Emphasises effect rather than event. For example, risk is not an earthquake but the chance that an earthquake might impact objectives.
  Risk to be managed in an integrated way.
  Principles for managing risk stress the need for risk management to:
  create value
  be an integral part of organizational processes
  be part of decision making
  explicitly address uncertainty
  be systematic, structured and timely
  be based on the best available information
  be aligned to a specific organisation and its objectives
  take human and cultural factors into account
  be transparent and inclusive
  be dynamic, iterative and responsive
  facilitates continual improvement
  Traditional Approach
  Identification: What could happen?; How and where it could happen?; Why it could happen?; What is the impact or potential impact?
  Analysis: Identify the causes, contributing factors and actual or potential consequences; identify existing or current controls; assess the likelihood & impact/consequence to determine the risk rating
  Evaluation: Is the risk acceptable or unacceptable?; Does the risk need treatment or further action?; Do the opportunities outweigh the threats?
  A preferential list is given for managing risk:
  Avoiding the risk by deciding not to start or continue with the activity that gives rise to the risk
  Accepting or increasing the risk in order to pursue an opportunity
  Removing the risk source
  Changing the likelihood
  Changing the consequences
  Sharing the risk with another party or parties (including contracts and risk financing)
  Retaining the risk by informed decision
  Supplementary Standards (risk assessment, continuous communication, consultation)
  AS/NZS 5050:2010 Business continuity – Managing disruption-related risk  (28 June, 2010) - emphasises the need to undertake proactive risk treatment and preparation during periods of routine management before a risk event is identified.  These proactive controls can minimise the occurrence or severity of future disruptive events (eg, building evacuation drills, off-site computer backups).  Once an event commences, a non-routine management techniques need to be embraced emphasising stability, continuance of critical business functions and recovery, during the transition to routine management.
  HB 266:2010 – Guide for managing risk in not-for-profit organisations  (12 August, 2010)
  HB 246:2010 Guidelines for managing risk in sport and recreation organisations  (18 August, 2010)
  ISO 31000-2009 and the related standards provide a sensible basic and generic framework for risk management planning.  They provide a basis for categorising some risk types and planning to deal with risks.
  However, as witnessed by the need for a subsequent standard dealing with disruption-related risk (AS/NZS 5050:2010 Business continuity), this is still a developing area and there remains debate about how the standards will change over time. 
  Insufficient emphasis is given to proactive action prior to risks emerging.  Further, while useful tools have emerged as a result of ISO 31000-2009, the reports generated using it all too often end up collecting dust.
  A Strategic Risk Policy approach goes beyond ISO 31000-2009 to deal with risk in complex pre-existing situations – where the risk is endemic to a market (eg. international deals requiring bilingual contracts), can emerge swiftly from regulatory or environmental conditions (eg. grounding of airlines due to volcanic ash) or where it arises from circumstances that can only be dealt with at a whole-of-market level (eg. market insurance arrangements).
  While a Risk Matrix (mapping likelihood against consequence) is a useful planning tool, it suffers a number of problems:
  Matrices fail to capture vulnerabilities (which defy simplistic likelihood/consequence analysis).  Vulnerabilities fall outside the definitions of risk in ISO 31000-2009 (the effect of uncertainty on objectives).  Vulnerabilities, if addressed, may eliminate or significantly reduce risk.
  Local matrices are hostage to inefficient management structures.
  Sometimes matrices serve to prioritise expenditure.  For this reason, the financial cost of dealing with the risk may be taken into account in assessing the likelihood of a risk emerging.  Financial cost must be rigorously excluded from any risk assessment methodology. 
  Exercise: Deconstruct a wicked problem
  Kaci Hickox:  A Maine judge rejected Maine’s request to quarantine Hickox in her home, ruling that the Doctors Without Borders nurse does not pose enough of a health risk to justify her forced confinement.
  Judge Charles LaVerdiere’s order states that Hickox "currently does not show symptoms of Ebola and is therefore not infectious."  However, Chief Medical Officer had considered the risk justified quarantine measures.
  Identify Vulnerability, Risk, Wicked Problem elements.  Consider the framing of the statutory provision (including discretions which could be attacked)

2.   Tools
  The nature of legal norms. Public, private legislation differentiated from decisional law and judicial decisions.
  Using symbolic logic to represent legal statements: Deontic Logic (fm deon – Gk – that which is proper). A basic syntax
  Ox – It is obligatory that x
  Px – It is permissive that x
  O(not)x – It is obligatory that not x
  P(not)x – It is permissive that not x
  Ox/a – It is obligatory that x in case a
  Basic propositions: Deontic Logic
  D: (not)  (Ox (and) O(not)x)  Coherence – you cannot be obliged to do 2 mutually inconsistent things
  D:  (Ox/a (and) O(not)x/b) (only if a (not) b)  Coherence – you can be obliged to do inconsistent things in different circumstances
  D: (Px (and) P(not)x)  Permission is different to Obligation
  You must not kill.   Ox  (x = kill a human being)
  You may sing on Sunday.  Px/a (x = sing, a = on Sunday)
  Exercise: Use Symbolic logic to represent the following norms from the Road Transport Act
30(1)     A person must not, without lawful authority or excuse, possess—
        (a)     an Australian driver licence or external driver licence issued to someone else; or
        (b)     an Australian driver licence or external driver licence that has been forged, fraudulently changed or changed in a way calculated to deceive; or
        (c)     anything resembling an Australian driver licence or external driver licence that is calculated to deceive.
Maximum penalty: 20 penalty units.
40. The road transport authority may refuse to issue, replace, renew or vary a driver licence or proof of age card if—
        (a)     the applicant has not gone to a place designated by the road transport authority and had a photograph taken, by a person authorised by the authority to take photographs for this Act, that is suitable for use on the driver licence or proof of age card…
  Basic legal technique
v  Prohibition (Ox)
v  Rights (Px)
v  Permissive (eg, note special example of a licence, which is a hybrid prohibition/permissive state. Ox AND Px  … or a conditional prohibition Ox/a)
v  Status (eg, note special example of ownership which may require a hybrid prohibition/permissive approach. Ox AND Px  … or a conditional prohibition Ox/a)
v  Public Arranging (eg, expenditure of public money)
v  Private Arranging (eg, private legislation, contracts)
v  Exercise – Provide a symbolic logic representation of each technique using deontic logic operators Px and Ox
v  Advanced techniques
v  Legislating a Product (eg, a graphical tool) (eg, a simple piece of legislation paired with a product which shows outcomes in different situations)
v  Detailed example – apprenticeship: integrated cost/benefit/contract 

 Exercise 1: Applying tools to vulnerabilities
Exercise 2: Apply each technique to the Motorbike injury scenario. Contrast the different schemes, having regard to cost and effectivity. Discuss how, in reality, some of these measures are already being used.  Observe that, over time, multiple measures can be deployed.

3.   Environments
  Vertical financial imbalance 
  Horizontal financial imbalance 
  Present confusion about which level of government is responsible for imposing and spending tax.  (Local political public arranging choices have NO immediately recognisable taxation consequences.) 
  Re-orientation of functions
  The missing element – the missing Interstate Commission
  Paul Collits, Manager Regional Policy NSW Department of State and Regional Development said in 2002:
"Policy development and policy change are complex processes with multiple dimensions and explanations. In Australia, with its three tiered system of government, short term  6 electoral cycles, spatially differentiated electorates, vigorous political debates, varying geography and widely (and increasingly) divergent regional issues, it is not surprising that regional policy would be subject to shifts in emphasis, changing levels of resources, and the comings and goings of intellectual fashions. Regional policy is also, of course, hostage to many other areas of policy which inevitably have varying and often unforeseen impacts on regions."
  Example – Ebola, changing ‘facts’
  In a sensible effort to deal with fear, a great deal of effort has been spent on good news stories about how the virus is being beaten.  On 29 October the WHO fuelled hopes that the rate of infection has stopped growing exponentially and is starting to level off.  WHO has been under pressure for its initial response to the virus and these releases take some of the pressure off the reformed local response team from WHO. 
   The view from the ground is not so good. On 30 October 2014 the first clinical analysis from the present outbreak was published (Tulane University).  The results have not been widely published.  The virus is far more deadly that has been reported. 94% of those contracting Ebola over 45 years of age died. 57% of those contracting Ebola under 21 years of age died. Western health authorities have been claiming mortality levels of less than 30%.  It appears that this number is being calculated from comparing those who have contracted with those who have died, in circumstances where in the majority of cases the virus has not run its course.
  Activity: Discuss how this changes vulnerability, risk, wicked problem

4.   Issues in risk based regulation
  Vulnerability v Risk
  Complexity v Risk
  Rule Shifting v Reduction of Rule Burden
  Challenge of Deregulation
  Activity – Information based system supported by norms
  A typical example is employment in any of our large service industries – for example motor repair shops, electricians or hairdressers.  These service industries engage a lot of young people entering the workplace, yet educators and industry observers say that many of these arrangements fail, to the cost of both parties. 
  The problem is simple.  The rules dealing with employment in these industries are a mess.  There is significant confusion of Commonwealth legislation and awards that govern the area.  For a small business, with limited time to decide whether to engage an apprentice and the cost impacts – and for a young apprentice, just out of school – this is a serious problem.   More than any other single issue, this strategic risk is one of the most serious regulatory problem facing small business – acting as a significant disincentive to employment.

Peter Quinton
November 2014
Post a Comment