An adequately hazard management in a worksite requires first to identify these hazards, and secondly, understand their nature and the potential consequence that they may produce. However, there is a third important aspect of hazard control, and that is the likelihood of occurrence. This last one plays an essential role in hazard management by allowing a resource prioritization in order of hazard significance. This prioritization leads to assigning resources as needed to control hazards, depending on their relevance. Mainly when the resources are limited as it is in the majority of the cases in the organizations. For example, when the safety budget is limited, this needs to be used as smart as possible by prioritizing the hazards in a level of significance, utilizing it to control the most significant hazards.
In contrast, the lower significance hazards use lower-cost control options. In doing this, the main question is: how to assign a level of significance?
A common question encounter in this exercise is, which hazard has a higher significance, the one that produces a higher degree of impact or the ones that are more likely to occur?
And this is where the concept of risk provides the solution to the problem.
Risk is the combination of the level of loss, known as severity, and the likelihood of occurrence of a particular event. This measurement represents the level of significance of a hazard. The importance of a hazard increases with the risk. Additionally, the risk concept allows controlling the current level of risk instead of adding extra features that are not necessary.
Due to the importance of the risk in the management of safe operations, the estimation of risk must be adequate. A risk estimation failure would produce inadequate risk control, potentially leading to a potential impact. The followings are the possible “pitfalls” of a risk assessment, which could lead to an incorrect risk estimation.
Risk Assessment Pitfalls
Many incidents have occurred because the hazards and associated risks were unknown. For example, the major fire an explosion occurred at Longford gas-processing plant in Australia when workers embrittled the metal of a heat exchanger when attempting to recover from an upset. In this particular event, the planed hazard identification and risk assessment did not take place.
In that sense, hazard identification and risk assessments are essential activities to manage the hazards properly. However, an incorrect risk assessment would lead to inadequate risk perception, potentially leading to deficient risk control. For example, in the case of the Longford case, a failure to identify metal embrittlement in a risk assessment would have led to operating without controlling this particular risk, leading to a similar event.
In this regard, the main question is, what is considered a proper risk assessment? The following section identifies the most common pitfalls (typical errors) when performing risk assessments. Remembering these pitfalls during the preparation and development of the evaluation would help the evaluation team to an adequate assessment.
Safety Culture
Safety culture is the collection of beliefs, perceptions, and values of the people inside the organization related to the risks that the organization has. In that sense, the safety culture plays an essential role in a risk assessment, many times an inadequate safety culture is the source of the failure of risk assessments. One of the common issues in risk assessment is the lack of vulnerability awareness, which is the perception that an undesired and unplanned event could take place, generating a loss. The absence of vulnerability awareness is presented by the belief that events that occurred in the industry are a direct result of incompetence, and for that reason, will never take place in the organization.
The lack of events occurrence also adds another complexity to the lack of vulnerability awareness; many times, the fact that losses have not occurred reinforce the belief that will never happen. This belief could lead to reducing the control rigor, generating inadequate control, and a potential loss.
One of the most difficult challenges for a safety or risk professional is an inadequate safety culture. This situation could impact every safety and risk control in the entire organization, and fixing it involves a slow and painful process.
Objective & Scope
Similarly to any engineering and science project, each risk assessment has a purpose. The purpose could be to evaluate a change or to analyze a project design. There are many reasons for doing a risk assessment. However, whatever is the reason for doing the evaluation, the objective and scope should be defined. This definition should take place before starting the evaluation to ensure that the analysis fulfills its purpose.
Risk evaluation without a proper definition of objective and scope could lead to a potential failure of meeting the required purpose. This failure leads to a loss value of the assessment misleading the risk management from its real objective, which is the coordination and prioritization of resources with the intention of risk reduction.
For example, conversations during a capital project risk assessments could lead to detailed design characteristics of particular equipment instead of focusing on the risk controls implemented.
Context
Context is one of the most critical aspects when estimating the risk. The context represents the entire situation around the scenario evaluated. This context includes:
1. The technology used and its parameters (e.g., pressure, temperature, rpm)
2. Environment (e.g., temperature, winds)
3. Conditions (e.g., new, old, modification)
4. Social and Cultural Environment (e.g., potential behavior of operators)
5. Occupation in the facility (e.g., people near the event)
6. Organizational characteristics.
7. Regulatory Conditions (e.g., requirements, submission, risk assessments)
8. Stakeholder and their point of view
9. Any other aspects that interact with the situation
Many times, the risk estimation fails due to a lack of contextual understanding. Although the science and process is the same, the context would affect the likelihood of occurrence and the potential impact that a particular event could have. For example, the same chemical reactor would have a higher risk if it is located in a home basement rather than in a facility in the middle of the New Mexico desert. In the first case, a single operator handles the reactor. In contrast, in the second case, there is a structured team of operators reducing the likelihood of hazardous conditions. Additionally, in case unsafe conditions occur, in the first case, there is a higher possibility to impact neighbors and house occupants. In the second case, there is no neighboring community to affect, and the facility personnel should have safety procedures to react.
Methodology
There are diverse risk assessment methodologies and approaches, and each one has its benefits, disadvantages, and purpose. One of the most common pitfalls is to use a method that is not adequate for the objective and situation.
There are three main classifications of Risk assessments, a qualitative approach, a semi-quantitative, and a quantitative risk assessment. The type of risk assessment used should allow meeting the assessment goals and objectives. For example, comparing the risk of two hazardous material truck routes requires more than a general comparison using a risk matrix. A qualitative method using the risk matrix tends to show the same risk level, clearly indicating that further detail is needed. Instead, evaluating the potential toxic cloud if a leak occurs in conjunction with the estimation of the exposed population along the routes shows a better risk understanding. Using the second method requires more data and calculation but allows meeting the goal. In contrast, the first method is more comfortable to apply. However, inadequately indicates that the routes have the same risk level.
This example does not mean that numeric risk assessments are always a better method. A qualitative approach using a risk matrix is the right approach in certain conditions. For example, when the purpose is to review an entire facility or process to divide the hazards by risk level. Situations with lower complexity and low uncertainty are good candidates for qualitative evaluation. However, as the complexity and uncertainty increase, the risk quantification requirement increases.
Assumptions
The assumptions directly impact the outcome of a risk assessment as it represents the aspects, parameters, and conditions used as the basis for the evaluation. The assumptions are parameters used as input to the evaluation; therefore, if these assumptions are incorrect, the assessment produces an erroneous conclusion. In that regard, many risk analysts represent the importance of the assumptions with the common phrase “garbage in, garbage out.”
There are many types of assumptions; the most common ones that can impact the assessment outcome include:
Physical dimension
This assumption includes all the proportions and measurements of any equipment or physical object included in the scope. Considering an incorrect dimension would lead to inadequate risk estimation.
Process conditions
Process conditions include any manufacturing process state and variables, for example, pressure, temperature, revolutions per minute. An incorrect variable consideration would define the wrong consequence and likelihood. For example, assuming a low rpm of rotative equipment would estimate less severe effects when someone gets in contact with the machine.
Material behavior
Different materials behave differently in different conditions; a wrong behavior consideration could lead to an inadequate understanding of the potential effect and consequences. A proper risk assessment should consider this material behavior during operation and any abnormal condition. One typical error is to believe that the material behaves during an abnormal condition the same way as normal conditions. For example, during a fire, the steel columns and beams can present a plastic deformation when their temperature exceeds 500oC, potentially leading to the collapse of the structure exposed to the fire.
Human performance:
This assumption relates to how people behave during an unforeseen event and the effectiveness of their required tasks. A recurrent error is to believe that humans cannot make mistakes or do not panic during the event considering an adequate reaction. Unfortunately, experience and human factors studies have shown that the average human being could present a deviation from the expected behavior when an unexpected condition takes place. This deviation is also present during normal operations; humans tend to make mistakes, and not considering this fact in the evaluation leads to inadequate risk estimation. For example, a particular organization could expect an operator to shut down specific equipment if a fire occurs.
Nevertheless, during a fire, people can panic and may forget to shut down the equipment before leaving the area. It does not matter how many times the supervisor has reminded the operator of this expectation. The human instinct of survival takes over at the moment that the fire, blocking the rational area of the brain, commanding the individual to evacuate because the event represents a dangerous situation.
The assumption of human performance is especially dangerous when the working group does not have representation during the risk assessment. For example, assuming the behavior or actions of the fire brigade could be utterly erroneous if there is no emergency response professional during the evaluation. Even when there is an emergency response professional in the team, the project team should consult with the emergency response team to verify the assumption.
Organizational considerations
Organizations have different dynamics, processes, activities, and culture. Assuming an incorrect organizational aspect, differently of what is in place, would lead to inadequately estimate the consequences or likelihood of a particular event. For example, a non-smoking policy impacts the probability of ignition due to smoke materials.
There is a direct relationship between these assumptions and the individuals involved in the risk assessment and the organizational safety culture. Appropriate personnel, with the right knowledge, need to be involved in the evaluation to ensure that the information is adequate, and the consideration of the proper knowledge. However, even with the right representation, inadequate safety culture, where people cannot express their point of view freely without being attacked or punished, would not allow an adequate risk estimation.
Consequence Minimization
Consequence minimization is when, respective of the evidence and facts behind an event, the consequence is set with a lower severity than expected. This error typically has two causes; the first one relates to safety culture, and the second is related to inadequate participation. When a weak safety culture is present in the organization, the participants propose a lower consequence to show a low risk, instead of evaluating the actual risk. Many individuals see the risk assessment as a requirement with no value that has to be fulfilled and showing low risk allow the activity to continue without delay. A consequence minimization due to inadequate participation occurs due to a lack of knowledge or faulty assumptions.
Overconfidence & Human Performance
Overconfidence is the excessive perception of equipment or humans capabilities. Typically, this perception is unjustifiable and exceeds the real capabilities of humans or equipment.
This overconfidence is the source of an inadequate risk perception leading to inadequate risk control. For example, overconfidence on a piece of equipment as risk control would lead to believe that no other control is needed. When the piece of equipment fails, there is nothing to control the situation, leading to a loss.
Another aspect of overconfidence involves the belief that human reaction and abilities avoid the impact. One famous and commonly seeing overconfidence is known as the “superhero perception.” Present when some people believe that they can accomplish exceptional activities. For example, during an evaluation, it was found that the emergency shutdown valves were difficult to reach during an emergency where a toxic vapor is released. The operator during the assessment indicates that a remote operation shutdown was not needed because he could close the manual valve during the emergency. However, in other to accomplish this, the operator had to go through a toxic cloud and perform the closure maneuver in a toxic environment, something that experience has shown to be outside the human capacity. Others have indicated that they can run and evacuate when an explosion occurs. But to accomplish this, a human needs to run a speed of approximately 100 m/s in an open field. When the World Record runner Usain Bolt top speed recorded has been 12 m/s.
Inadequate Risk Controls & Reliability
One of the main aspects of a risk assessment is the identification of the necessary risk control measures. These controls have to comply with specific rules to ensure that they effectively control the risk. These rules include:
1. The control needs to be Effective:
This rule means that the control successfully controls the risk by preventing the occurrence or mitigating the effect of the event. For example, a flammable liquid fire needs a specific fluid to adequately extinguish the fire, e.g., foam, dry chemical.
This rule excludes a water extinguisher as a risk control because it does not extinguish this type of fire.
2. The control needs to be independent:
Independence indicates that the control is not connected somehow with the occurrence of the event or to other control implemented. A control that depends on the occurrence of the event cannot prevent or mitigate its occurrence. For example, if the cause of an event is the failure of following a procedure, the procedure cannot be defined as a risk control measure. Another aspect of independence is that the failure of defined controls should not disable another control.
3. The control should be auditable:
This rule means that it should be possible to measure if the control is working. An unverified feature does not provide certainty of controlled risk.
Many risk assessments fail because the defined controls do no follow these rules. Additionally, sometimes there is a perception of having multiple layers of protection. However, evaluating the situation against this rule shows evidence that there is only one poor risk control.
Inadequate likelihood
The likelihood is one of the parameters in the risk. Therefore, there is a direct relationship between risk and likelihood. Reducing the likelihood decrease the risk and increasing the likelihood increase the risk. An underprediction of the likelihood directly results in lower risk perception. This underprediction could occur because of a lack of vulnerability awareness, where the assessment participants believe that those events cannot happen in the organization minimizing the likelihood. On the contrary, overestimation of the likelihood would lead to a higher risk, leading to the implementation of unnecessary controls.
Likelihood underprediction is more frequent, leading to an inadequate risk perception generating poor risk control. In contrast, risk overprediction, produce more expensive operations, by the implementation of additional unnecessary layers of protection.
Frame Scenario to Meet risk Target
Scenario framing is the action to carefully defined the scenario in a way that the evaluation shows a risk below the risk target without applying any additional risk controls. During framing, the scenario looks adequate in the paper. However, it does not correspond to the reality, leading to inadequate risk control and the potential occurrence of the undesired event.
Framing is typical in organizations with poor safety culture as a way to “check” the risk assessment requirements. As indicated in the safety culture description, these organizations tend to minimize the value of risk assessments considering scenario framework an acceptable practice.
Independence of Events
Risk assessments typically consider only a single event. The premise is that the probability of simultaneous independent events is small enough to consider it a low risk. Nevertheless, many individuals misunderstand this assumption with conditions or following circumstances, removing essential events from the risk assessment. For example, a release of flammable liquid could result in a fire if the fluid ignites. The resulting fire is a consequent event produced after the release due to a condition. Many risk assessments identified the ignition as an independent event removing the fire of the evaluation, even when this has the potential for a higher loss. In these assessments, the risk values tend to show lower estimations leading to a misperception of the real risk.
The independence of events needs to ensure that the two considered events are truly independent and that the occurrence of one event does not lead to the other event. For example, if a lightning strike leads to a power failure, which stops a pump, an event where this pump fails at the same time that a thunderstorm takes place is a legitimate scenario.
Lack of collaboration
Risk highly depends on the context of the situation and the different parameters that interact with each other during a particular event. For that reason, collaboration is essential to receive feedback and input from diverse subject matter experts (SME) and organizational elements that could interact during the evaluation. Performing the risk in isolation would lead to a risk misperception leading to implementing inadequate or poor risk controls. The multidisciplinary participation in the assessment would ensure considerations of different aspects, leading to a better understanding of the risk.
Misunderstanding interaction between Risk and time
The risk changes over time, and the risk assessment is a “Snapshot in time” of the situation. Changing or altering any parameter could lead to a deviation of the risk profile, potentially leading to inadequate risk control. Reevaluating the risk assessment to ensure that the risk is still valid is an essential requirement in any risk management system.
Additionally, different events can occur during different times of the year. For example, some consequences could take place in winter when the ambient temperature dropped to freezing points, or in summer when the ambient temperature is extremely high. Understanding this interaction leads to proper risk estimation, considering the potential impact and likelihood of the event.
Details
One challenge during any risk assessment is to balance details. The risk should be as detailed as needed, not too much but not to generic. Being too generic would lead to misunderstanding the real issue, but considering too many details could lead to a loss of focus. A perfect balance is needed allowing an understanding of the real problem without losing focus on the risk evaluation. This balance would depend on the type of risk performed and the objective and purpose of the assessment.
Use your brain, not your heart
A risk assessment should use data, facts, calculations, and specifications to back-up the evaluation. However, many times the participants are unable to put their feelings apart, creating conflicts when the assessment questions the methods, process, or design implemented. Many participants take the evaluation personally as an attack on their competence or skills, generating conflicts, and dispute during the assessment. This issue is common in organizations with a poor safety culture. In contrast, a good safety culture organization understand that the evaluation is a way to improve and not complain against individuals.
How CAN SURETY help?
Surety Consultants has staff that has performed many risk assessments for different types of hazards, organizations, and manufacturing processes. We can support any risk assessment by helping identify an adequate methodology for the evaluation, the objective, purpose, and scope. Additionally, we can assist during the evaluation by facilitating the discussion, performing the required risk calculations needed, and providing our unique experience during risk assessments.
Comentarios