Читать книгу Risk Assessment - Georgi Popov - Страница 53

A central theme in this text is the concept of assessing risk within the principles, framework, and process of risk management. According to the American National Standard Institute’s ANSI/ASSP/ISO 31000 risk management standard, risk management is defined as “coordinated activities to direct and control an organization with regard to risk.” In a way, it is the process of making management decisions based on known risks and the organization’s acceptance of those risks.

The term “risk assessment” is often misused. It’s the authors’ experience that some organizations (and even some safety professionals) refer to hazard inspections, analyses, surveys, and compliance audits as “risk assessments.” Thus, a clear understanding of the term is necessary. ANSI/ASSP/ISO 31000 states there are three distinct sequential components to the act of “risk assessment” which are:

1 Risk Identification – finding, recognizing, and recording hazards.

2 Risk Analysis – understanding consequences and probabilities and existing controls.

3 Risk Evaluation – comparing levels of risk and considering additional controls.

Consequences are the potential outcomes of an undesirable event which is measured by severity. Probability or likelihood is an estimation of the chances of the undesirable event occurring over a unit of time or for a specific activity. Risk assessment is an attempt to “predict” the worst event that could reasonably happen as a result of the hazard or operation, and how likely it is to occur. This estimation is often qualitative in nature; however, some are semiquantitative or quantitative based. It is important to remember that the risk level relates to uncertainty and its effect on an organization’s ability to achieve its objectives.

Within the risk management process, risk assessment is the primary component. This is illustrated in Figure 3.1 adapted from the ANSI/ASSP/ISO 31000 risk management consensus standard.

Figure 3.1 The Risk Management Process.

Source: Adapted from ANSI/ASSP/ISO 31000–2018.

Unfortunately, risk assessments have not been a common practice in the United States. One example is the 20 April 2010 Deepwater Horizon incident. According to estimates, the losses from the offshore oil rig accident resulted in 11 lives lost, $40 billion dollars, and 4.9 million barrels of oil released in the Gulf during the 87‐day incident. BP’s internal investigation team of the Deepwater Horizon accident (i.e. “Deepwater Horizon Accident Investigation Report” 8 September 2010; page 36) concluded that one of the eight key causes to the accident was that no risk assessment was performed of the cement slurry barrier application. The report stated, “the investigation team has not seen evidence of a documented risk assessment regarding annulus barriers”. The accuracy of cement slurry barriers was described as “critical” in the report, yet no formal risk assessment was performed.

Other examples indicate risk assessments are inconsistently performed. In a webinar hosted by the American Society of Safety Professionals (ASSP), “Prevention through Design: Guidelines for Addressing Occupational Hazards and Risks in Design and Redesign Processes” 30 November 2011, one of the webinar facilitators, Bruce Main, quoted a study conducted by a Fortune 500 company indicating that 65% of serious incidents had no previous risk assessment. This number may be indicative of other Fortune 500 companies and supports the authors’ experience that many smaller companies perform very few if any risk assessments.

The takeaway message here is that organizations should establish a strategy for determining when and how risks should be assessed. Basic criteria for a written policy for conducting risk assessments and when assessments are needed might include some of the following:

 Projects or tasks that have not had a formal risk assessment.

 New facilities, processes, or equipment.

 When there are a number of risks present or introduced that make it necessary to apply risk priorities in an organized way.

 When there is a risk which could have serious consequences, and where control measures are unclear.

 Where there is a planned change to equipment, machinery, or a particular process (as outlined in ANSI Z10.0 8.5 – Design Review and Management of Change).