Presentation is loading. Please wait.

Presentation is loading. Please wait.

Risk Assessment: A Practical Guide to Assessing Operational Risk

Similar presentations


Presentation on theme: "Risk Assessment: A Practical Guide to Assessing Operational Risk"— Presentation transcript:

1 Risk Assessment: A Practical Guide to Assessing Operational Risk
Chapter 3: Risk Assessment Fundamentals

2 Risk Assessments: Risk Assessment Fundamentals
Objectives Describe the Fundamentals of the Risk Assessment Process Introduce the Steps in the Process Describe How to Complete the Steps Successfully

3 Introduce to Risk Assessment Fundamentals
Organizations, whether they realize it or not, are exposed to hazards and their risks each day capable of significantly affecting the ability to achieve important business goals or even remain in business. Risk assessment is an important and sophisticated tool used to assess an organization’s operational risks so that proper decisions can be made to avoid or effectively mitigate and manage risks to an acceptable level. It is considered the cornerstone of risk management, and the basis for the practice of safety.

4 Risk Assessment within the Risk Management Framework
Risk management is defined as “coordinated activities to direct and control an organization with regard to risk.” It is the process of making management decisions based on known risks and the organization’s acceptance for those risks.

5 Risk Assessment within the Risk Management Framework
Risk Identification - finding, recognizing and recording hazards Risk Analysis - understanding consequences and probabilities and existing controls Risk Evaluation – comparing levels of risk and considering additional controls

6 Risk Assessment within the Risk Management Framework

7 Failure to Perform Risk Assessments

8 Failure to Perform Risk Assessments

9 Risk Assessments – the take away message
Organizations should establish a strategy for determining when and how risks should be assessed. Projects or tasks not previously assessed New facilities, processes or equipment Large number of risks present that require prioritization Risks that present serious consequences, and where control measures are unclear Planned change to equipment, machinery or a particular process

10 Risk Assessments required in Operational Risk Management Systems
OSHA’s Voluntary Protection Program (VPP) ANSI/AIHA/ASSE Z BS OHSAS International Labor Office ILO-OSH 2001 “Guidelines on occupational safety and health management systems” ISO , Environmental management systems – Requirements with guidance for use ISO , Occupational Health and Safety Management Systems

11 Risk Assessments required in Operational Risk Management Systems
Plan, Do, Check, Act The effectiveness of an ORMS requires the continual identification, analysis and evaluation of risks to understand their magnitude of loss, and potential of occurring, as well as adequacy of existing control measures and needed improvements within the organization.

12 The Purpose of Assessing Risk…
to “provide evidence-based information and analysis to make informed decisions on how to treat particular risks and how to select between options.” ANSI/ASSE Z

13 The Risk Assessment Process

14 Selecting a Risk Assessment Matrix
The purpose of the risk assessment matrix is to provide “a method to categorize combinations of probability of occurrence and severity of harm, thus establishing risk levels.” (ANSI/ASSE Z )

15 Selecting a Risk Assessment Matrix
It is important that the risk rating criteria and matrix used by an organization are consistent. When developing or selecting a risk assessment matrix which expresses numerical values, rating criteria should be standardized so that a lower risk score or risk priority number (RPN) value indicates a lower risk level. Thus, on a 10 point risk scale, a risk score of 1 is considered the lowest level, while a 10 is considered the highest risk.

16 Selecting a Risk Assessment Matrix
Risk Scoring Levels and Action Required example from ANSI/ASSE Z

17 Establishing Context define the purpose and scope of the risk assessment set the boundaries for the assessment with internal (resources, knowledge, culture and values among others) and external (legal, regulatory, economy, perceptions of external stakeholders, etc.) parameters in mind should be clear, concise and well understood by all stakeholders clearly define and communicate the risk criteria and ‘acceptable risk’ level

18 The Risk Assessment Team
Context of the risk assessment assignment will determine the size and makeup of the team Cross-functional group of individuals who are familiar and knowledgeable with the hazards and operations May require outside expertise in more complex situations Good communication and skills are essential

19 Hazard/Risk Identification
Hazards are the source of risk. Thus, if risks are to be assessed, hazards must first be identified. Risk identification is defined as the process of finding, recognizing and recording risks Key components of risk identification are the identification of the causes and source of the risk (hazard in the context of physical harm), events, situations or circumstances which could have a material impact upon objectives and the nature of that impact. Once identified, existing controls for the risk should also be identified. (ANSI Z )

20 Hazard/Risk Identification Methods
Brainstorming Checklists Regulations (OSHA, EPA, DOT etc.) Consensus industry standards (ANSI, ASTM, NFPA, etc.) Experts (external or internal) Job Hazard Analyses/Job Safety Analyses Accident/incident investigations OSHA Injury and Illness Records Insurance claims Formal hazard/risk identification techniques (31 listed in ANSI Z )

21 Risk Analysis Upon identifying hazards, the team will analyze the potential risk. As stated by ISO 31010/ANSI Z690.3, risk analysis involves developing an ‘understanding’ of the risk.

22 Risk Analysis This analysis of each hazard/risk includes:
determining the severity of consequences estimating the likelihood of occurrence assessment of the effectiveness of existing controls an estimation of the risk level

23 Risk Analysis Consequence Analysis: The assessment team determines the nature and type of consequences that could result for exposure to a particular hazard or event. A single hazard or event may produce a number of impacts with various magnitudes (levels of severity), and could affect multiple assets or stakeholders. The assessment’s context determines the types of consequence analyzed and stakeholders affected.

24 Risk Analysis Likelihood Analysis:
Determining probability or likelihood generally involves: a review of relevant historical data to identify events or situations which have occurred; predictive type techniques such as fault tree analysis and event tree analysis and; a structured systematic process guided by a qualified, knowledgeable expert(s). Any available data used should be relevant to the focus of the assessment. Where historical data shows a very low frequency of occurrence, it may be difficult to properly estimate probability. Therefore, it may be necessary to consider exposure frequency, time, and duration to a certain hazard or event in the likelihood analysis.

25 Risk Analysis Assessment of Controls: The adequacy and effectiveness of existing control measures greatly affect the level of risk and must be assessed. This assessment of controls should include determining the type of controls for each specific risk, and a judgment of their effectiveness based on the Hierarchy of Controls.

26 Risk Evaluation Risk evaluation involves comparing the estimated risk levels with the defined risk criteria to determine the significance of the level and type of risk. It is based on the combination of estimated consequences and likelihood and uses information from the hazard/risk identification and risk analysis phases to make recommendations for decision makers.

27 As Low As Reasonably Practicable
Decisions on treating a risk will likely depend on the costs and benefits of risk and the costs and benefits of implementing improved controls.

28 Risk Treatment Risk treatment is the process of modifying risk.
Risks that are judged unacceptable must be ‘treated’ to reduce risk. Risk treatment involves the selection and implementation of one or more risk control measures or enhancements to existing controls. The risk treatment process involves: the assessment of a risk treatment; determining if residual risk levels are tolerable; selecting new risk treatments for those residual risks that are not acceptable; and assessing the effectiveness of any new control measure.

29 Risk Treatment Selection of control options should be made using the Hierarchy of Controls model.

30 Risk Treatment As indicated by ANSI Z , risk treatment options are not always mutually exclusive or appropriate for all situations. Treatment options include: avoiding the risk by deciding not to start or continue with the activity that gives rise to the risk; removing the risk source; changing the likelihood; changing the consequences; sharing the risk with another party such as insurance contracts and risk financing; and retaining the risk by informed decision.

31 Communication Successful risk assessment processes are dependent on effective communication among stakeholders prior to, during and after the process. Communication is a provision of both ANSI Z690.3 and ANSI Z Communication is also required by virtually all of the national and international health and safety management standards such as ANSI Z10, OHSAS and OSHA VPP, but it is seldom done well. As a result, poor communication is often identified as a major contributor to poor outcomes such as accidents. As with many other functions within organizations, people should make it a priority to communicate effectively when performing risk assessments. Those involved in the risk assessments should think about who could help them do the risk assessment more effectively. For example, they could ask others within their own departments for input. Alternatively, they should think about who might be interested and benefit from the risk assessment that is being performed and let them know the outcome. Take a few minutes and think.

32 Documentation Virtually all aspects of the risk assessment process discussed in this chapter should be documented • Selecting the risk assessment matrix • Determining the purpose and scope (context) • Selecting the team • Identifying the hazards or operations to be assessed • Hazard/risk identification • Risk analysis • Risk evaluation • Communication and documentation • Monitoring and continuous improvement NASA’s Space Shuttle Columbia explosion February 1, 2003 which claimed seven lives was determined by the investigation board to be partially due a lack of effective communication of critical safety information. The Synopsis of the Report of the Columbia Accident Investigation Board concluded that organizational causes including lack of communication contributed to the incident. “Cultural traits and organizational practices detrimental to safety were allowed to develop, including: reliance on past success as a substitute for sound engineering practices..., organizational barriers that prevented effective communication of critical safety information and stifled professional differences of opinion; lack of integrated management across program elements; and the evolution of an informal chain of command and decision-making processes that operated outside the organization’s rules. (p. 9)”

33 Monitoring and Continuous Improvement
Hazards and operations continuously change and with these changes come new and different risks. Examples of these might include different equipment, processes, operating environments, production rates, etc. Each of these changes could have an effect on the existing controls and their effectiveness. Thus, it may be appropriate to update risk assessments to consider these possible changes. NASA’s Space Shuttle Columbia explosion February 1, 2003 which claimed seven lives was determined by the investigation board to be partially due a lack of effective communication of critical safety information. The Synopsis of the Report of the Columbia Accident Investigation Board concluded that organizational causes including lack of communication contributed to the incident. “Cultural traits and organizational practices detrimental to safety were allowed to develop, including: reliance on past success as a substitute for sound engineering practices..., organizational barriers that prevented effective communication of critical safety information and stifled professional differences of opinion; lack of integrated management across program elements; and the evolution of an informal chain of command and decision-making processes that operated outside the organization’s rules. (p. 9)”

34 Conclusion Safety professionals must understand the risk assessment process, and be able to complete the steps in the risk assessment process competently if they are to fulfill their roles successfully. Risk assessments will be the norm in the future as they are required and referenced by more regulations and standards going forward. Just as safety professionals have been expected to be competent in OSHA regulations and their compliance in the past, they will be expected to lead hazard analyses and risk assessments. This is the advancement of the safety profession.


Download ppt "Risk Assessment: A Practical Guide to Assessing Operational Risk"

Similar presentations


Ads by Google