M

Risk Management Process & Risk Acceptance Criteria Notes

Project 1A and Lecture Overview

  • Project 1A marking and feedback will be provided.
  • Recap of Control Assurance Management System (CAMS) will be given.
  • Risk acceptance criteria will be discussed, including:
    • As Low As Reasonably Practicable (ALARP)
    • Reasonable practicability
    • Gross disproportion
    • Quantitative risk acceptance criteria

Control Assurance Management System (CAMS)

  • CAMS ensures controls survive and remain available, reliable, repeatable, and responsive over time.
  • CAMS items need to be specifiable, observable, and auditable.
  • Critical controls prevent unwanted events or mitigate their consequences. Failure significantly increases risk despite other controls.
  • A control preventing multiple unwanted events or mitigating multiple consequences is critical.

CAMS Table Example

  • Control Name: Oxygen analyzers and pressure sensors with safety interlocks to automatically reduce oxygen concentration by adding inert gas.
  • Control Description:
    • Purpose: Automatically reduce oxygen concentration to avoid fire/explosion damage and human injury/fatality.
    • Criticality: Prevents most consequences and potential risks to equipment and personnel by responding immediately to unplanned flammable atmospheres.
    • Type: Arresting control, early-stage preventative barrier.
    • Key Aspects:
      • Automatically reduces oxygen concentration by adding inert gas.
      • Explosion vents and pressure relief valves minimize pressure build-up.
      • Fast response oxygen gas analyzer.
      • Measures explosive gas concentration and alarms.
      • Oxygen sensor not affected by acid gases.
      • Controls oxygen < 25% to avoid increased flammability.
      • Gas detection system linked to automatic activation of Deluge Fire Sprinkler System.

Related Risks

  • Ignition of flammable vapors.
  • Build-up of toxic and flammable vapors in the working area.
  • Ignition of nearby combustibles.
  • Equipment falling from working platform.
  • Low pressure/vacuum inside the tank.

CAMS Activities

  • Competency-based training for maintenance workers, repair workers, the risk manager, and the engineering manager.
  • Operational checks by managers and workers before commencing work, including daily equipment inspections.
  • Maintenance activities involving workers and contractors checking equipment and work areas daily, and reporting equipment damage.
  • Regular inter- and intra-company audits.
  • Communication between workers and managers on inspections.
  • Oxygen analyzers complying with technical standards.
  • Evaluation of oxygen analyzer efficiency and effectiveness.

Bow-Tie Relationships

  • Threat/consequence: Sparks or molten slag falling on the tank roof and heating up the tank contents (unplanned flammable atmosphere).
  • Electric arc generation on tank roof from lowered or dropped welding torch (unplanned flammable atmosphere).

ISO 31000 Risk Management Framework

  • Risk Treatment:
    • Unwanted event identification.
    • Control analysis and selection.
    • Control management and evaluation.
  • Risk Assessment:
    • Establish the context.
    • Risk Identification.
    • Risk analysis.
    • Risk evaluation.
  • Communication and consultation.
  • Monitoring and review.
  • Tools: HAZID, RISK MATRIX, BOWTIE & Control Management.

Risk Acceptance Criteria

  • Risk acceptance criteria define the level to which risk measures must be taken.
  • Legal Requirements:
    • Qld WH&S Act (2011) and Qld EP Act (1994) require ensuring the highest level of health and safety protection for people affected by business or undertaking.
    • A person must not carry out any activity that causes environmental harm unless taking all reasonable and practicable measures to prevent or minimize the harm.

'As Low As Reasonably Practicable' (ALARP)

  • Legislation mandates measures to reduce risks 'As Low As Reasonably Practicable' (ALARP).
  • ALARP determination involves weighing up relevant matters:
    1. Likelihood of exposure to a hazard and an adverse outcome.
    2. The degree of harm that might result.
    3. Knowledge about the hazard or risk and ways of eliminating or minimizing it.
    4. Availability of suitable ways to eliminate or minimize the hazard or risk.
    5. Cost of eliminating or minimizing the hazard or risk, including whether the cost is grossly disproportionate to the risk.
  • Cost and effort are not determined by the budget constraints/viability of a project.
  • Reasonable practicability involves assessing the risk to be avoided, the sacrifice involved, and comparing the two.
  • Gross disproportion: If a measure is practicable and its cost isn't grossly disproportionate to the benefit, it should be implemented.
  • Criterion: reasonably practicable, not reasonably affordable.
  • Capacity to pay is not relevant; all duty-holders should provide the same level of protection regardless of financial position.
  • ALARP implementation involves some subjectivity regarding acceptable risk levels.
  • Organizations set guidelines for acceptable and unacceptable risk levels.
  • Achieving ALARP underpins all professional engineering practice.

Qualitative Risk Matrices

  • Risk Ranking Matrix example, considering Impact (OH&S, Asset Damage, Environment, Reputation/Legal) and Likelihood (Rare to Almost Certain).
  • Risk ratings range from Low to Extreme, with corresponding management plans.
  • UQ Risk Matrix management plan levels:
    • Low: Task can proceed upon approval of the risk assessment by the Line Manager or supervisor.
    • Medium: Task can proceed upon approval of the risk assessment by the Line Manager or supervisor. A risk reduction plan is recommended within a reasonable timeframe.
    • High: Task can only proceed in extraordinary circumstances with authorization by the Head of Function and a plan to reduce the risk promptly.
    • Extreme: Task must not proceed; prompt action is required to reduce the risk.
  • The matrix is used to updates the risk assessment with additional controls, aiming to achieve a low-risk rating.

Acceptable Levels of Risk (ALARP)

  • Unacceptable risk levels require mitigation regardless of costs.
  • Tolerable risk if ALARP, meaning risk is mitigated as far as reasonably practicable.
  • Acceptable risk levels need no additional risk treatment but require regular monitoring.
  • Example risk criteria (UK HSE):
    • Unacceptable: 1 in 1,000 worker fatalities per year, 1 in 10,000 public fatalities per year.
    • Tolerable: mitigated to ALARP.
    • Acceptable: 1 in 100,000 fatalities per year.

Quantitative Methods for Ranking Risks

  • Where data is available, probabilities of control failures can be combined to calculate the probability of the top event occurring.
  • Probabilities of various consequences can also be calculated, given the probability of failure of mitigating controls.
  • Fault Tree Analysis: Combines probabilities of all threats.
  • Event Tree Analysis: Combines probabilities of consequences.
  • Bowtie analysis is most often used qualitatively but can be quantitative where data is available.

Pros and Cons of Quantitative Methods

  • Pros:
    • Allow a more precise and consistent approach to defining the likelihood, consequence, and severity of a major incident.
  • Cons:
    • Results can vary significantly depending on assumptions made for the calculations.
    • Resource-intensive.
    • Lack of transparency.
    • May be difficult for a non-specialist to understand and may give a misleading sense of accuracy of risk estimates.

Examples of Quantifying Risks

  • Fault Tree:

    • Overflow of sewerage network, considering:
      • Infiltration of rainfall to the sewer during a storm (1 in 10 years, f_{Infil} = 0.1 \text{ yr}^{-1}).
      • Blockage of the trunk sewer (1 in 5 years) with a 20% chance of non-detection (f{block} = 0.2 \text{ yr}^{-1}, P{\text{non-detect}} = 0.2).
    • Failure of sewage treatment plant due to:
      • Flooding caused by exceptionally high tides during cyclonic conditions (1 in 20 years, f_{tide} = 0.05 \text{ yr}^{-1}).
      • A flush of toxic waste from an industrial fire or spill (1 in 10 years, f_{toxic} = 0.1 \text{ yr}^{-1}).
    • Calculations:
      • Overflow = Infiltration + Blockage
        f{overflow} = f{Infil} + (f{block} \times P{\text{non-detect}} ) = 0.1 + (0.2 \times 0.2) = 0.14 yr^{-1}
      • Treatment failure = tide + toxic waste
        f{treatment} = f{tide} + f_{toxic} = 0.05 + 0.1 = 0.15 yr^{-1}
      • Total Contamination Failure = Overflow + Treatment failure
        f{contamination} = f{overflow} + f_{treatment} = 0.14 + 0.15 = 0.29 yr^{-1}

  • Event Tree

    • Environmental Damage to ecosystems
    • Human impact: Death, injury, increased risk of cancer, acute illness
      • Risk = P(Exposure) x P(likelihood) x consequence
      • Risk = f(P{\text{exposure}}, P{\text{likelihood}}, \text{consequence}) = f(distance, height, amount of fuel, number of workers, hazardous material….)
      • P_{\text{exposure}}: probability of one or more top events being realized.
      • P_{\text{likelihood}}: probability of circumstances coinciding with the unwanted event (e.g., the probability of an ignition source with the gas leak).
      • Consequence: severity of the outcome, given the unwanted event and circumstances.
    • The result of this calculation can be expressed as the probability of a consequence, such as the probability of a fatality as the result of an activity (e.g., deaths.game-1; deaths.jump-1) or a process (deaths.plant-1.yr-1 or deaths.person-1.yr-1).

Quantitative Risk Acceptance Criteria

  • Regulators and operators typically use risk matrix-based qualitative assessment techniques.
  • Quantitative risk assessment standardizes risk interpretation in some industries.
  • Comparisons can be made against pre-determined acceptable risk criteria

Types of Quantitative Risk Measures

  • Individual Risk: Frequency at which an individual may be expected to sustain a given level of harm.
    • Ensures no single person is overexposed to risk.
    • Based on Risk contour plots.
  • Societal Risk: Relationship between the frequency of major incidents and the number of people suffering from a specified level of harm.
    • Controls risk to society as a whole.
    • Based on Frequency-consequence (FN) graphs.

Individual Risk Criteria Examples

  • Vary across different regions (EPA of the United States, Western Australia, Hong Kong, Netherlands, United Kingdom, PDVSA).
  • Have levels for unacceptable risk, acceptability to be negotiated, and acceptable risk.

Fatality Risk Values

  • Off-site risk to the general population is based on interim criteria used in Victoria.
  • These criteria do not have legal status but provide guidance on values.
  • For major hazard facilities:
    • Risk [\text{deaths.person}^{-1}.\text{yr}^{-1}] = Probability_{\text{event}} [\text{incidents.yr}^{-1}] × Consequence [\text{deaths.person}^{-1}.\text{incident}^{-1}]
    • Risk must not exceed 10 \text{ per million per year } (10^{-5} \text{ deaths.person}^{-1}.\text{yr}^{-1}) at the boundary of any new facility (individual risk!).
    • If risk exceeds 10 \text{ per million per year } at the boundary of an existing facility, risk reduction measures must be taken.
    • If risk off-site is between 0.1 \text{ and } 10 \text{ per million per year}, all practicable risk reduction measures are to be taken, and residential developments are to be restricted.
  • Risk levels below 0.1 \text{ per million per year } are broadly tolerable.

Frequency-Consequence (FN) Graph

  • Plots cumulative number of fatalities against frequency.
  • The units are [deaths.yr-1].
  • The value of [deaths.yr-1] is not constant along the boundaries that separate the risk regions!

Considerations

  • Calculations require placing a value on life. These calculations are commonly used internationally and aid decision-making for major hazards.
  • A low ‘Implied Cost of Averting Fatality’ (ICAF) implies a highly effective measure.
  • A high ICAF implies a relatively ineffective measure.
    • ICAF = \frac{\text{cost of measure}}{\text{initial PLL – reduced PLL}}

Off-Shore Oil Rigs

  • Fatality risk of 10^{-3} \text{ per year } has been considered the limit of tolerability.

Risk Contour Plot

  • Risk (x,y) = \text{Fatality risk to a person at position (x,y)}
  • p_i = \text{probability of unwanted event i}.
  • c_i = \text{Chance of fatality at position (x,y) if event i occurs}.

Societal Risk - ‘Potential Loss of Life’ (PLL)

  • ‘Potential Loss of Life’ (PLL): Number of fatalities expected to occur each year, averaged over a long period.

    • ICAF = \frac{\text{cost of measure}}{\text{initial PLL – reduced PLL}}

  • If 100 people are each exposed to a risk level of 10 in a million per year, the PLL is 0.001 [deaths.yr-1].

  • PLL is a basis for cost-benefit analyses via the ‘Implied Cost of Averting Fatality’ (ICAF):

Risk Contour Plots vs. Frequency-Consequence (FN) Graph

  • Risk contour plots represent the risk to a hypothetical person at each location.
  • FN analysis considers the spatial distribution of people around a hazardous facility.

Risk - Reward - Informed consent - Own choice

  • Examples of voluntary risks:
    • Smoking: 9.7 x 10%/yr or 9,700 fatalities per year per million smokers
    • Automobile accident: 1.4 x 104/yr or 140 fatalities per year per million people
    • Lightning strike: 1.5 x 10%/yr or 15 fatalities per 100 years per million people