Читать книгу Risk Assessment - Georgi Popov - Страница 58

The purpose and scope known as the context of the risk assessment must be established. This step is considered critical since it sets the direction, tone, and expectations for the project. Within the organization’s risk management process, the context should define the purpose and scope of the assessment; the stakeholders/team members responsibilities and accountabilities; the degree, extent, or rigor of the assessment; the risk assessment methodologies; the risk criteria; and resources available. Ultimately, the context defines the parameters for managing the risk throughout the process as stated in ANSI/ASSP/ISO 31010.

The context for the risk assessment should be clear, concise, and well understood by all stakeholders. Every successful risk assessment needs a tightly defined beginning and end, so the assessment team is not tempted to make it more complicated than needed or take it further than it is intended. The context should set the boundaries for the assessment with internal (resources, knowledge, culture, and values among others) and external (legal, regulatory, economy, perceptions of external stakeholders, etc.) parameters in mind.

To ensure the risk assessment team is focused on the correct elements, the context should “clearly explain” what is expected. For example:

 If the hazards associated with the job of cleaning windows were to be assessed, would it just cover the actual cleaning, or would it include associated hazards like setting up the ladders, transferring the cleaning chemicals, or even driving to and from the location?

 If a facility was to be assessed, would it include just the plant operations on‐site, or would it include items like transportation, utilities, waste, and emissions to and from the facility?

 For a risk assessment of potential emergencies/disasters, should the assessment be limited to emergencies/disasters at facility sites or include events off‐site? Should it include natural, man‐made, or technological emergencies/disasters, or all of them?

Setting the scope too narrow might prevent a hazard and the resulting risk from being identified and assessed or making it too broad could prevent the risk assessment from getting to the real purpose. It is important to get input from those who will be using the risk assessment to make decisions.

A well‐written and understood context is important as a guide that can be checked against frequently to keep the risk assessment team from drifting off course. The authors recommend that a concise “Purpose and Scope” statement be produced and written at the beginning of each risk assessment. Two simple examples are provided below.

1 The purpose and scope of the risk assessment for the Robotic Welding Cell # 214 is to determine the risk level to Operators when entering the cell to change welding tips on the robot considering existing controls using a Preliminary Hazard Analysis method by a cross‐functional team of certified assessors.

2 The purpose and scope of the risk assessment for the Westfall Plant is to determine the risk level that natural hazards (including wind, severe rail, hail, tornado, earthquake, lightning, hurricane, and flood) present to the plant considering existing controls. The assessment team consisting of risk management, insurance professionals, and an outside consultant will use an Organizational Risk Assessment methodology to identify and quantify risk levels that may need additional risk treatment or risk financing.

Prior to conducting a risk assessment, an organization should clearly define and communicate its own risk criteria and “acceptable risk” level. Risk criteria should correspond to the selected risk assessment matrix, and take into account the type of consequences expected; how likelihood or probabilities will be determined and expressed; the specific risk level classifications to be used; at what level of risk will corrective action be required; and the organization’s established acceptable risk level.

The criteria used to determine risk criteria and acceptable risk level should include the organization’s business objectives and safety and health goals, the use of cost/benefit analyses of risks and their treatment, and will be influenced by its culture and industry setting. Typically, as an organization matures and improves its risk control measures, the acceptable risk level will move closer to the negligible risk level. Further discussion on risk criteria and acceptable risk are provided in Chapter 4.