Risk is diverse, diffuse, and multi-faceted; it cannot be addressed assuming fixed event propagation paths from root causes, or within sectorial bounds, as in traditional risk and reliability analysis. Furthermore, the information flow alongside or part of this event propagation carries its own additional risks. These are the multi-disciplinary challenges addressed at the systemic level by this multi-authored volume, with most of the authors coming from the Munich University of Technology. It is clear that the common approach by the contributors is to seek formalizations and analysis using mathematics, and to hope for quantitative risk assessments. Part 1 is devoted to contexts in which risk is seen, such as history, business ethics, and decision-making processes. Part 2, which is the longest, deals with quantitative theories and methods for risk assessment with some illustration examples (such as finance). Part 3 is a mixture of different methodologies (cost-benefit, probabilistic engineering models and measures, and human-computer interaction related risks), and a few sectorial aspects (manufacturing, information technology, and medical screening). The chapters are fairly coherent in their order and structure; each includes its own bibliography and some include a section devoted to open issues, providing something beyond a mathematics subject classification. The volume has no common index, which is a definite drawback.

The overall coverage of the book is reasonable, although it takes a mostly quantitative risk analysis point of view. It needs to be put to the test with real events and human activities. Let’s take, for example, a so-called megaproject, which involves the design, construction, and operation of a multi-billion-dollar infrastructure (such as energy or telecommunications) that a whole society depends upon and that must be funded over at least a generation, but that depends heavily on political and business processes. Risks therefore are truly diverse, diffuse, and multi-faceted, including fracture mechanics, political activist groups, financial risk taken by pension funds, and more. This book does not address the core issue of the quality of the data and information that need to be collected before, during, and after deployment of such a megaproject in order to prevent and manage risks. On the other hand, the book covers subjects related to handling some of the engineering design (except process control) of hardware components as well as the project finances, assuming all needed information is available and correct. Regarding project execution, with its overall implications, the book offers no summary of key management techniques for concretely mitigating organizational risks affecting delays, costs, and technical capabilities (such as stakeholder selection, information dissemination control, technology selection, and information security). Some chapters discuss assessing the probabilistic or value-at-risk levels and the different risk categories, and weighing them against each other; however, no framework is given for the containment and mitigation of accumulating risks.

In summary, this volume is an excellent compilation of risk analysis and quantification methods rooted in mathematics and probability theory, assuming correct data, but it does not offer the complementary set of quantified techniques for risk alleviation and control that all organizational and information management approaches to the same would require. Maybe this should be the core of another volume: techniques to diagnose, monitor, and control the risks.