Why risk acceptance criteria need to be defined by the authorities and not the industry? Eirik Bjorheim Abrahamsen n , Terje Aven 1 University of Stavanger, 4036 Stavanger, Norway article info Article history: Received 13 April 2011 Received in revised form 16 October 2011 Accepted 10 November 2011 Available online 30 November 2011 Keywords: Risk acceptance criteria Expected utility theory Offshore oil and gas industry abstract In various industries it is common to use risk acceptance criteria to support decision-making. The criteria are seen as absolute in the sense that measures need to be implemented if the criteria are not met. In Norway the petroleum regulations state that the operator has a duty to formulate risk acceptance criteria relating to major accidents and to the environment. This practice is in line with the internal control principle, which states that the operator has the full responsibility for identifying the hazards and seeing that they are controlled. In this paper we discuss the rationale for this practice. The expected utility theory, which is the backbone for all economic thinking, is used as a basis for the discussion. We show that if risk acceptance criteria are to be introduced as a risk management tool, they should be formulated by the authorities, as is the common scheme seen in many countries and industries, for example in the UK. Risk acceptance criteria formulated by the industry would not in general serve the interest of the society as a whole. & 2011 Elsevier Ltd. All rights reserved. 1. Introduction The Health, Environmental and Safety (HES) regulation in the Norwegian petroleum sector is founded on internal control [7,8,10]. This means that the licensees have the full responsibility for ensuring that the petroleum activities are carried out in compliance with the conditions laid down in the legislation, and the authorities’ supervisory activities aim to ensure that the licensee’s management systems are adequately catering for the safety and working environment aspects in their activities. The HES regulation states that the operator has a duty to formulate their own risk acceptance criteria (upper limits of acceptable risk), which is in line with the internal control principle. This practice of formulating risk acceptance criteria is in contrast to what is done in many countries and industries, for example in the UK, where the risk acceptance criteria are formulated by the authorities. This difference triggered the analysis reported in this paper. Our initial hypothesis was that the Norwegian approach could not be justified from a societal safety point of view, but a further study of the validity of this hypothesis (and of the characteristics of the different regimes) was required as the issue is complicated. There are many aspects to consider – including fundamental economic principles that govern the operators’ willingness to invest in safety. Of major importance here is the fact that an operator’s activity usually will cause negative externalities to society. An externality is an economically significant effect due to the activities of an agent/ firm that does not influence the agent’s/firm’s production, but which influences other agents’ decisions [12]. An accidental event may, for example, lead to loss of lives, environmental damages, etc., which are not fully taken into consideration by the firm when managing its activity. Our discussion is founded on the expected utility theory. This theory is the ruling paradigm for decision-making under uncer- tainty, which states that the decision alternative with highest expected utility is the best alternative. The expected utility is in mathematical terms written as Eu(X), where u is the utility function and X is the outcome expressing a vector of different attributes, for example costs and the number of fatalities. Through the expected utility theory we may reflect that we dislike negative consequences so much that these are given more weight than what is justified by reference to the expected value. The decision maker’s attitude towards risk is then referred to as risk averse, which is the standard behavioral assumption. The decision maker can also be risk seeker or risk neutral. Mathematically these terms are defined as follows; we call the decision maker’s behavior risk averse if Eu(X) ou(EX). The behavior is risk neutral if Eu(X) ¼ u(EX) and risk seeking if Eu(X) 4u(EX). We will not repeat the rationality of the expected utility principle, but it has validity under very reasonable considera- tions for logical and consistent behaviors. See for example references [6,9,11,13]. The paper is partly based on Abrahamsen [1,2]. Contents lists available at SciVerse ScienceDirect journal homepage: www.elsevier.com/locate/ress Reliability Engineering and System Safety 0951-8320/$ - see front matter & 2011 Elsevier Ltd. All rights reserved. doi:10.1016/j.ress.2011.11.004 n Corresponding author. Tel.: þ47 51 83 21 96; fax: þ47 51 83 17 50. E-mail addresses: eirik.b.abrahamsen@uis.no (E.B. Abrahamsen), terje.aven@uis.no (T. Aven). 1 Tel.: þ47 51 83 22 67; fax: þ47 51 83 17 50. Reliability Engineering and System Safety 105 (2012) 47–50