221 CHAPTER 6 Concluding a Risk Assessment Contract (Phase III and IV) David A. Belluck and Sally L. Benjamin CONTENTS I. Introduction 221 II. Conclude the Project 221 A. Accept the Final Draft 221 B. Close the Risk Assessment Contract 223 C. Address Risk Management and Risk Communication 223 III. Follow-up Studies and Activities (Phase IV) 228 A. Post-Risk Assessment Report Activities and Studies 228 IV. Conclusion 230 I. INTRODUCTION Phases III and IV are the subject of this chapter. In these last phases of risk assessment report development, final work products are reviewed and accepted, a contract is formally concluded, final documents are delivered, payments made, and risk assess- ment findings are put to use. See Table 1 for an overview of Phases III and IV. II. CONCLUDE THE PROJECT A. Accept the Final Draft When a contractor has produced a draft final report that meets or exceeds all performance standards, a project manager can accept it as a final report on behalf LA4111/ch06 Page 221 Wednesday, December 27, 2000 2:59 PM © 2001 by CRC Press LLC 222 A PRACTICAL GUIDE TO ENVIRONMENTAL RISK ASSESSMENT REPORTS Table 1 Critical Elements for Concluding a Risk Assessment Repor t Phase III: Concluding the Risk Assessment Contract Applicable? (Y/N) Appropriate? (Y/N) Required? (Y/N) Complete? Step 23 Accept the Final Risk Assessment Report (See Chapter 6 for discussion) Step 24 Close contract • Receive report and all supporting documentation • Make payment Step 25 Post-risk Assessment Report Activities and Studies (See Chapters 6 and 21 for discussion) • Risk management activities • Risk communication or public involvement • Further research and analysis Note: Y = Yes N = No LA4111/ch06 Page 222 Wednesday, December 27, 2000 2:59 PM © 2001 by CRC Press LLC CONCLUDING A RISK ASSESSMENT CONTRACT (PHASE III AND IV) 223 of an organization that has hired a contractor. The contractor then produces a required number of copies of the final risk assessment report and distributes them, under contract terms. Typically, enough copies are produced to distribute them within an organization’s management structure and to give copies to key staff members, reg- ulators, political leaders, and other interested members of the general public. It may now be time to close the risk assessment contract, unless the contract provides for additional work following delivery and acceptance of a final report. B. Close the Risk Assessment Contract After all contractual obligations have been discharged a contract can be closed. Each organization will probably need to obtain sign-offs and complete paperwork. Prior to paying a contractor, it may be necessary to determine whether penalties or bonuses are owed under the contract. C. Address Risk Management and Risk Communication Although distinct from a risk assessment report generation process, risk management and risk communication tend to follow immediately upon completion of a risk assessment report. 1. Risk Management Risk management decisions are far from scientific determinations. Rather, scientific information, embodied in risk estimates and technical risk mitigation capabilities, is integrated into societal decisions. The result is a risk management decision. The art of risk management is the art of weighing all factors involved in a case and balancing conflicting demands and data. Risk management decisions are typically trade-offs between risks and benefits or between multiple risks. For many risk managers, risk management decisions are compromises between a desire for lowest possible risks and society’s demand for jobs, economic growth, and goods production. Imagine this scenario: A year has passed since work began on a risk assessment. Close to half a million dollars have been expended on consultant services, peer review sessions, public comment meetings, and responses to public comments. So far, no serious report problems have been discovered (e.g.,wrong inputs, mathemat- ical errors, etc.). One major task remains — how to interpret risk assessment results and selection of a risk management/reduction strategy. It is a risk manager’s respon- sibility to decide how risk findings will be interpreted by regulatory agencies and what action will be taken based on these findings. In this case, cancer risks are estimated at three times acceptable levels set by a state health agency. If a risk manager simply compares risk estimates to an acceptable level set by a health agency, these are found to be unacceptable risks. However, risk management decisions are rarely so simple. Other considerations enter our analysis, including technical concerns, economic concerns, and social/political concerns. Technical concerns trigger questions about risk assessment report quality and its findings. For example, how solid are these risk findings, in light of uncertainties LA4111/ch06 Page 223 Wednesday, December 27, 2000 2:59 PM © 2001 by CRC Press LLC 224 A PRACTICAL GUIDE TO ENVIRONMENTAL RISK ASSESSMENT REPORTS involved in input data to a risk assessment and risk assessment methods? Is report rigor sufficient to support risk management findings? Other technical concerns center on range of options for addressing environmental risk. Are there feasible alternatives to reduce risks? Is a no-action alternative a feasible choice? Will a risk reduction solution have a domino effect and result in other environmental damage? Economic concerns are also triggered; such as, is it feasible to spend several million dollars to achieve a threefold risk reduction merely to bring risks below regulatory yardsticks? Economic issues quickly devolve into broader social problems and associated political, regulatory, and legal issues: What is the nature and severity of identified health risks? Is a particularly deadly type of cancer in a narrow population worse, or better, than widespread effects of a nonlethal nature? With a local community in need of jobs, will a finding of unacceptable risks and costs associated with correcting these risks survive a serious political challenge? Will a decision result in social dislocation? Can a consensus be reached on risk reduction measures? Who will attack a finding of acceptable or unacceptable risk? How much discretion do applicable laws allow in making an acceptable/unacceptable risk deci- sion? Can either decision be successfully defended in court? Rather than ask whether a risk management decision is right or wrong, risk calculus appears to focus on whether a decision is politically survivable, socially acceptable, or economically viable. Risk management is a tough job. Unlike risk assessors, risk managers have no formal methods to follow in making their decisions. As a result, a fundamental incongruity exists between the highly formalized risk assessment process, with its standardized methods and technical peer review, and the ad hoc, values-laden risk management process. Inconsistent rigor of risk assessment and risk management often leads to public outrage over risk management decisions that do not appear to align with risk findings. Public input to a risk assessment process seems to be unappreciated or ignored in final decisions. Until a systematic, formalized, rigorous, peer-reviewed risk manage- ment process becomes a reality, this disparity will continue to pose problems for risk professionals. One solution to problems involving risk management non-transparency has been to develop a formal document, a so-called “Risk Management Decision Document.” This document, prepared by or for risk managers, formally documents data and logic that resulted in a given risk management decision. This type of document allows regulated or interested parties to see how a risk management decision is made; how supportable is a decision based on facts presented; and weaknesses, strengths, and uncertainties associated with risk analysis, its numerical findings, and risk manage- ment determinations. Risk management decision documents have been problematic for risk managers. In some cases, it has allowed interested parties to see exactly how a risk management decision is made. In many cases, it is based more on political and economic factors than risk factors. While risk managers may be willing to admit how they come to important risk management decisions in private, they are often unwilling to place political and economic factors ahead of health protection in public. As a result, risk management decision documents may face a difficult future. LA4111/ch06 Page 224 Wednesday, December 27, 2000 2:59 PM © 2001 by CRC Press LLC CONCLUDING A RISK ASSESSMENT CONTRACT (PHASE III AND IV) 225 One way that risk managers try to control risk management outcomes is to control risk assessment preparation. For example, risk managers can limit resources available to perform a risk assessment and thus limit ability of risk assessors to evaluate all appropriate exposures and risks. In other cases, nonrisk assessors may be given responsibility of developing risk assessment guidance documents in concert with regulated parties. It is not uncommon for risk managers to select risk assessment project managers based on their understanding of a desired risk outcome. While these practices may not be illegal, these approaches are at least unsavory and all too common. It is these types of manipulations that undermine public confidence in risk assessors and risk assessments. How else can some members of the general public interpret the fact that unacceptable chemical exposure risks continue to increase around the nation, while vast environmental protection bureaucracies, for almost two decades, have evaluated these risks and made risk management decisions that allow it to continue? Perhaps reversing or eliminating these poor management practices could restore confidence in the risk assessment process. a. Separating Risk Assessment from Risk Management Risk assessors generate risk estimates, but they do not make risk management decisions. Risk management is the purview of risk managers. It is important to keep a clear separation between these two processes. There are several good reasons for this distinction. Risk managers make risk management decisions, decisions about how to respond to risk findings, by integrating risk estimates with other factors. Other factors typi- cally include statutory and regulatory requirements, economic concerns, political commitments, social impacts, and technical feasibility issues, as well as a wide range of other social and technical concerns. Regulatory, statutory, economic, social, and political concerns are legitimate concerns for a risk manager. But, they are not legitimate factors within a risk assessment process. Thus, to avoid potential bias of risk estimates, these concerns must be set aside until after risk assessment is com- pleted. This is one compelling reason to distinguish risk management and risk managers, from risk assessment and people who perform these assessments. Yet another good reason to distinguish risk management from risk assessment is to encourage accountability. There has been an unfortunate trend toward lobbying and pressuring risk assessors to be more reasonable in their assessments of environ- mental risk. Such pressure on risk assessors is misplaced. It should be brought to bear on risk managers, instead. Risk managers are people with a legitimate task of determining how society deals with environmental risk. Risk managers, perhaps fearful of being held accountable for their contentious decisions, have tended to implicate risk assessors in their decision-making, pleading “the science made me do it.” But, risk managers are not captives of risk assessment findings. Risk estimates are simply one important factor among many considerations in risk management decision-making. Risk managers weigh and balance costs and benefits of their risk management decisions and must accept full responsibility for their decisions. LA4111/ch06 Page 225 Wednesday, December 27, 2000 2:59 PM © 2001 by CRC Press LLC 226 A PRACTICAL GUIDE TO ENVIRONMENTAL RISK ASSESSMENT REPORTS Yet another reason for distinguishing risk management from risk assessment is to develop better risk management decisions through improved tools and better analytical methods. Just as a risk assessor relies on an accepted analytical framework to generate risk estimates, risk managers could benefit from accepted analytical methods to guide risk decision-making. The risk management field would benefit from scrutiny to improve its analysis and decision-making process. Unfortunately, a great deal of effort has been misapplied toward improving risk assessment, while risk managers have been left to muddle ahead with little or no refinement of their decision-making procedures. A strong distinction between technical analysis, which occurs during risk assess- ment, and social decision-making, which occurs during risk management, must be recognized and rigorously maintained, for reasons of: • Unbiased risk estimates • Improved decision-maker accountability • Advancement of methods employed in risk decision-making 4. A Systematic Approach to Risk Management Generally, risk assessment findings are compared by risk managers to state or federal carcinogen and noncarcinogen “bright lines.” Bright lines may be expressions of risk (i.e., cancer risk = E-5; noncancer HI or HQ = 1) or they may be chemical concentrations that, by law or policy, represent the upper bound of what is deemed “acceptable.” If numerical risk assessment findings fall at, or below, a bright line, they are usually considered to be acceptable risks. Risk findings greater than a bright line may not be acceptable. For most government risk management programs, no guidance documents exist. Although bright lines are part of many state and federal programs dealing with environmental risk management, use of a bright line approach presents a number of problems. First, there is a tendency to rely entirely on numeric risk findings. Given inherent uncertainties in risk assessment, blind faith in risk estimates is not justified. A better approach would help a risk manager put a risk estimate into context, both recognizing imprecision of risk findings and taking into account factors beyond the risk assess- ment process, such as economics and technical feasibility. Second, the current bright line approach does not precisely delineate when a risk greater than a bright line value becomes an unacceptable risk. This imprecision leads to high transaction costs by encouraging regulated parties to generate risk assess- ments with risk findings at (or very close to) a bright line, and to then expend huge efforts attempting to convince a risk manager that a marginally acceptable risk estimate should not be interpreted as representing an unacceptable risk. Third, a bright line approach results in an imbalance between technical rigor of risk assessment and risk management decision-making. Several years ago, one state program, the Minnesota Pollution Control Agency’s (MPCA) Air Quality Division, attempted to move away from a bright line approach. As discussed above, the bright line approach deems risks as “unacceptable” if a risk estimate or air monitoring data exceeds an established bright line. In a radical LA4111/ch06 Page 226 Wednesday, December 27, 2000 2:59 PM © 2001 by CRC Press LLC CONCLUDING A RISK ASSESSMENT CONTRACT (PHASE III AND IV) 227 departure from this approach, the MPCA’s planning process for use of Minnesota air quality Health Risk Values (HRVs) considered a flexible risk management strategy, termed a “Zonal Risk Management Approach.” This Zonal Risk Manage- ment Approach would have allowed risk managers to place numerical risk estimates in context, to consider risk assessment quality, as well as nonrisk factors, and to respond based on case-specific or site-specific considerations. The Zonal Risk Management Approach would have established three zones bracketing an existing bright line (see Figure 1). Immediately surrounding a bright line is a gray zone. Width of the gray zone reflects quality of risk analysis used to generate a risk estimate. A higher quality risk assessment would generate a narrower gray zone and would reduce the need for negotiation. A red zone would begin at the upper edge of the gray zone. Risk estimates that fall in the red zone would be clearly unacceptable and would not be permitted. A green zone would begin at the lower edge of the gray zone. Risk estimates in the green zone would be considered clearly acceptable and would be permitted. In certain circumstances, risk managers could permit projects in the gray zone, based on clear and compelling reasons. The Zonal Risk Management Approach linked decision-making to the quality of the risk assessment report by recognizing that risk findings are not simple point estimates; they have a range of uncertainty around them. Correlating the size of the gray zone to the degree of uncertainty around a point risk estimate would encourage positive behavior among the regulated community and their consultants. High quality risk assessments would involve less uncertainty and, thus, should encounter a smaller gray zone and should also have a better chance of generating a risk estimate clearly within the green or red zone. Risk estimates from poor quality risk assessments would tend to fall into the grey zone. The Zonal Risk Management Approach eliminates obviously unacceptable projects, allows for efficient decisions on clearly acceptable and unacceptable projects, and rewards high-quality work by adjusting the size of the gray zone, based on certainty surrounding the risk estimate. The idea is an example of the potential for making better use of agency resources to arrive at defensible risk management decisions, while rewarding high-quality risk assessment reports. This approach was rejected because of political considerations, but it represents an interesting alternative to the ubiquitous “bright line” approach. 2. Risk Communication Risk managers and risk assessment project teams work with risk communication specialists to inform the public about risk findings and risk management decisions. Risk communicators identify strategies and methods to communicate clearly with the public. Risk communicators skillfully employ language skills to transfer infor- mation on the risk assessment process, risk assessment findings, and risk manage- ment decisions. Ideally, risk communication informs. It does not attempt to sell a solution, intimidate, or placate people. Risk communication should be used to provide unbiased information, not to convince people of the correctness of one risk management option over another. In other words, the goal is not to educate the public so that they agree with the organization’s views. Rather it is to help them to become LA4111/ch06 Page 227 Wednesday, December 27, 2000 2:59 PM © 2001 by CRC Press LLC 228 A PRACTICAL GUIDE TO ENVIRONMENTAL RISK ASSESSMENT REPORTS informed and then decide for themselves upon the legitimacy of the risk assessment process and its findings (see Chapter 21). III. FOLLOW-UP STUDIES AND ACTIVITIES (PHASE IV) A. Post-Risk Assessment Report Activities and Studies Persons involved in the risk assessment world often think of post-risk assessment activities being primarily comprised of risk management and communication activ- Figure 1 The Zonal Approach to Risk Management Higher Risk Red Zone Clearly Unacceptable risk E-4 Gray Zone Risks Could be Acceptable or Unacceptable BRIGHT LINE E-5 Gray Zone Risks Could be Acceptable or Unacceptable E-6 Green Zone Clearly Acceptable risk Lower Risk LA4111/ch06 Page 228 Wednesday, December 27, 2000 2:59 PM © 2001 by CRC Press LLC CONCLUDING A RISK ASSESSMENT CONTRACT (PHASE III AND IV) 229 ities, as discussed above. Numerous other activities can, however, follow close on the heels of a completed risk assessment. Site cleanup concentrations and methods might be developed. For example, after the CERCLA or RCRA baseline risk assessments, property transfer evaluations or other specialized risk assessments. If it is determined that current site conditions represent unreasonable risks, a remediation risk assessment is conducted. The size, technical rigor, site specificity, and costs can vary greatly depending on applicable laws or regulations, hazards posed by a site, facility, or activity, and preferences of regulatory agency staff and management. Remedial risk assessments begin with the premise that some environmental medium or media must have its chemical contam- inant concentrations reduced. Determining medium-specific cleanup concentrations is the key to this process. Cleanup concentrations can be mandated by federal or state legislatures, or agencies. They can be developed as risk assessment based standards or guidelines by government agencies, or on a case-specific basis. If the risk assessment was a screening-level risk assessment, and unacceptable risks were found, the next step might be to conduct a full risk assessment. Screening- level risk assessments use conservative inputs and methods to produce conservative estimates of risk in relatively short time periods and for much less cost than full- scale risk assessments. More refined risk assessments are thought to produce lower risk estimates, since they use case-specific data and fewer conservative, generic assumptions, crude models, or default values. Another follow-up project might involve generating Risk Reduction Tables. If a risk assessment produces unacceptable risk findings, regulators and regulated parties might want to alter the parameters and rerun the risk assessment. For example, they might select processes that release less environmental contamination or they might include equipment to control environmental releases. If chemical releases and risk are linearly related, risk levels will drop in direct proportion to reductions in envi- ronmental releases. Risk Reduction Tables are prepared that show the risk reductions that result from alterations in various project parameters. The law might mandate the next step. Findings of unacceptable risks in certain types of screening-level risk analysis may require the preparation of an Environ- mental Impact Statement, a document that evaluates risks in a detailed manner. Or, litigation could be the next challenge. Parties to the risk assessment, or the public, might bring a legal challenge to how the report was produced, its findings, or the resulting risk management decisions. If so, the next steps will be governed by the rules of the court and will probably involve pleadings, discovery, case development, and perhaps settlement negotiations. After the risk assessment is completed, an effort will be made to mend fences with those involved with the risk assessment process and the risk management decision. Risk generates animosity in the mildest of people. It can stir controversy at every level of government. Building and maintaining good relations with govern- ment officials, whose belief system or constituents were offended by a risk manage- ment decision, can be time consuming. It is also essential to the success of the next controversial project. LA4111/ch06 Page 229 Wednesday, December 27, 2000 2:59 PM © 2001 by CRC Press LLC 230 A PRACTICAL GUIDE TO ENVIRONMENTAL RISK ASSESSMENT REPORTS IV. CONCLUSION Since each risk assessment is a customized product, there is no single way to produce a risk assessment report. Each step presented in this chapter is a suggestion to be modified to meet specific project needs. Steps should be eliminated with care, however, since each step is important. Use of the iterative review risk assessment process is highly recommended. There are innumerable issues and technical details that must be addressed by risk assessment project managers and team members throughout the production phase of the risk assessment project. Table 1 provides a series of important principles for managing risk assessment report development. It is not exhaustive; however, it provides many fundamental principles behind the ideas presented here and discussed throughout the book. LA4111/ch06 Page 230 Wednesday, December 27, 2000 2:59 PM © 2001 by CRC Press LLC . A PRACTICAL GUIDE TO ENVIRONMENTAL RISK ASSESSMENT REPORTS involved in input data to a risk assessment and risk assessment methods? Is report rigor sufficient to support risk management findings?. confidence in the risk assessment process. a. Separating Risk Assessment from Risk Management Risk assessors generate risk estimates, but they do not make risk management decisions. Risk management. public. Risk communicators skillfully employ language skills to transfer infor- mation on the risk assessment process, risk assessment findings, and risk manage- ment decisions. Ideally, risk communication