ACU
(A, C, U) Risk Perspective — Event, Consequences, Uncertainties
Aven & Steen · University of Stavanger · Aviation Safety Frameworks

ACU is a foundational reframing of risk as the triplet (A, C, U): the events or activities that may occur, their consequences, and the uncertainties surrounding both. It shifts risk analysis from a narrow probability-and-loss definition toward an uncertainty-centred view that makes knowledge, assumptions, and surprise first-class concerns.

Overview of the framework

Developed principally by Terje Aven at the University of Stavanger and applied to safety and resilience engineering with Riana Steen, the ACU perspective defines risk as "the two-dimensional combination of the consequences C of an activity or event A, and the associated uncertainties U" (Aven, 2010, 2011). Probability is retained, but demoted to a tool for expressing U rather than the definition of risk itself. The perspective is typically extended to (A, C, U, P, K), where P denotes subjective probabilities and K the background knowledge — data, assumptions, and models — on which those probabilities rest (Aven & Krohn, 2014).

In practice, an ACU analysis describes scenarios (A), models possible consequences (C), expresses uncertainty using probabilities P or qualitative measures such as "strength of knowledge" (K), and explicitly lists the assumptions on which the analysis depends. Deviation from those assumptions — "assumption deviation risk" — becomes a separate object of analysis. Steen and Aven (2011) showed how this frame aligns with resilience engineering: if uncertainty and surprise are central to risk, then capacity to absorb and recover from the unforeseen becomes a principal safety strategy.

A event / activity C consequences U uncertainties RISK = (A, C, U) Extended: (A, C, U, P, K) — P = subjective probabilities · K = background knowledge & assumptions Strength of Knowledge weak · medium · strong
Figure 1 · Risk as (A, C, U). Probability P and background knowledge K qualify U; strength-of-knowledge ratings travel with the numbers.

When to use it

Typical applications

  • Framing and scoping risk assessments in the concept and requirements phases of complex systems.
  • Integrating safety and security risk analysis under one vocabulary (Aven, 2007).
  • Risk assessments where data is sparse, assumptions dominate, and "black swan" events cannot be ruled out.
  • Aligning risk analysis with resilience engineering and adaptive decision-making.

Aviation relevance

  • Certification-stage assessments for novel architectures (eVTOL, highly-automated flight decks, autonomous ATM) where reliability data is limited.
  • Cyber-physical aviation risks, where intent and uncertainty cannot be captured by historical frequencies.
  • Safety cases for new operations (BVLOS drones, single-pilot jet) that rely on load-bearing assumptions.
  • SMS maturity work: strengthening how operators report uncertainty and assumptions, not just probabilities.

Benefits

  • Uncertainty as a first-class citizen. Prevents the common mistake of equating risk with expected loss and over-trusting low-confidence probabilities.
  • Explicit knowledge base. K forces analysts to list assumptions and data sources, making review and update straightforward.
  • Compatible with probability-based methods. QRA, FTA, and BBN outputs live naturally inside the framework as expressions of P given K.
  • Ties risk and resilience together. Steen & Aven (2011) show how a (A, C, U) view integrates with resilience engineering where traditional probabilistic risk sometimes fails.
  • Supports decisions under deep uncertainty. Strength-of-knowledge ratings give decision-makers a clear signal about analysis fragility.
  • Handles intentional threats. Works for security as well as safety, without forcing a frequentist probability on adversary behaviour.
  • SRA-aligned. Adopted by the Society for Risk Analysis as part of its foundational glossary and principles.
  • Lightweight overlay. Can be applied on top of an existing risk register or assessment without rebuilding it.

Limitations

  • Philosophical rather than procedural. ACU specifies what risk is, not step-by-step how to assess it — analysts still need a method (QRA, BBN, bow-tie) underneath.
  • Strength-of-knowledge scoring is judgemental. Ratings depend on the analyst's calibration and can vary between teams.
  • Adoption friction. Stakeholders familiar with the classical risk = probability × consequence formulation may resist, especially in regulated settings that still require numeric ALARP demonstrations.
  • No built-in aggregation rules. Combining assumption-deviation risk and core risk into a single decision metric is left to the analyst.
  • Documentation-heavy. Properly capturing K can significantly extend a risk assessment report.
  • Still debated. The definition has been critiqued for ambiguity around C (a set of outcomes vs. a realised consequence) and for blurring the boundary between risk and uncertainty.
In short ACU is the risk-concept upgrade behind much of Aven's writing — a principled way to treat uncertainty, assumptions, and surprise as part of what "risk" means. Use it when classical probability-times-consequence risks understating deep uncertainty, especially in novel aviation operations and integrated safety–security assessments.

References (APA 7)

Aven, T. (2007). A unified framework for risk and vulnerability analysis covering both safety and security. Reliability Engineering & System Safety, 92(6), 745–754.

Aven, T. (2010). On how to define, understand and describe risk. Reliability Engineering & System Safety, 95(6), 623–631.

Aven, T. (2011). On some recent definitions and analysis frameworks for risk, vulnerability, and resilience. Risk Analysis, 31(4), 515–522.

Aven, T. (2012). The risk concept — Historical and recent development trends. Reliability Engineering & System Safety, 99, 33–44.

Steen, R., & Aven, T. (2011). A risk perspective suitable for resilience engineering. Safety Science, 49(2), 292–297.

Aven, T., & Krohn, B. S. (2014). A new perspective on how to understand, assess and manage risk and the unforeseen. Reliability Engineering & System Safety, 121, 1–10.

Aven, T. (2015). Risk analysis (2nd ed.). Wiley.

Society for Risk Analysis. (2015). SRA glossary. Society for Risk Analysis.

Further reading

Flage, R., & Aven, T. (2009). Expressing and communicating uncertainty in relation to quantitative risk analysis. Reliability: Theory & Applications, 2(13), 9–18.

Aven, T. (2013). Practical implications of the new risk perspectives. Reliability Engineering & System Safety, 115, 136–145.

Aven, T., & Zio, E. (2014). Foundational issues in risk assessment and risk management. Risk Analysis, 34(7), 1164–1172.

Aven, T. (2016). Risk assessment and risk management: Review of recent advances on their foundation. European Journal of Operational Research, 253(1), 1–13.

Aven, T. (2020). The science of risk analysis: Foundation and practice. Routledge.