ASSE-AIHA Alliance Presentation Annual OSHA Update: Technical Support and Emergency Management
Risk Assessment What, Why, When and How UCM Fall Symposium and ASSE/AIHA/A&WMA PDC November 5, 2015...
-
Upload
jennifer-rose -
Category
Documents
-
view
219 -
download
0
Transcript of Risk Assessment What, Why, When and How UCM Fall Symposium and ASSE/AIHA/A&WMA PDC November 5, 2015...
Risk AssessmentWhat, Why, When and How
UCM Fall Symposium and ASSE/AIHA/A&WMA PDC
November 5, 2015
Bruce Lyon, CSP, PE, ARM, CHMMHays Companies
Risk Assessment Fundamentals
ObjectivesWhat… Hazards, Risks, and Risk ManagementWhy… Developing Trends, Standards, FSI & PtD When… Triggers for Assessing RiskHow… Steps for Conducting Risk Assessments
What is Risk Management?
The coordinated activities of risk avoidance, control, and financing to a level that is considered acceptable.
‘Risk Assessment’ is the cornerstone of Risk
Management.
What is Risk?
Hazards vs. Risks…
Hazard • Source of harm. (Z690.1)
Hazards vs. Risks…
Exposure – • Contact with or proximity to a hazard, taking into account
duration and intensity. (Z10) • Extent to which an organization or stakeholder is subject to
an event. (Z690.1)
Exposure includes frequency and duration of a hazard coming into contact with the population or assets at risk.
Hazards vs. Risks…
Risk • Effect of uncertainty on objectives. (Z690.1)
• An estimate of the probability of a hazard-related incident or exposure occurring and the severity of harm or damage that could result. (Z590.3)
Risk is the estimated severity of harm and likelihood of occurrence from the hazard.
Definitions
• Severity – Degree of harm.• Likelihood – Chance of something happening.• Operational Risk – Risks generated from the workplace including
SH&E, liability, legal and information technology.• Acceptable Risk - The risk level that is considered by the organization
to be acceptable in its current context. This level of risk is generally lowered as the organization matures and the control technologies improve.
Definitions
Risk Assessment • “A process that commences with hazard identification and analysis,
through which the probable severity of harm or damage is established, followed by an estimate of the probability of the incident or exposure occurring, and concluding with a statement of risk.” (Z590.3)
• “Overall process of risk identification, risk analysis and risk evaluation.” (Z690.1)
Risk Assessment is a three step process that including identifying hazards, analyzing their risk, and evaluation the risk to determine if it requires additional control.
The Risk Assessment Process
Hazard/Risk Identification
Risk Analysis
Risk Evaluation
Risk Assessment within the Risk Management Framework
Why Assess Risk?
Fatalities and Serious Incidents (FSI) Continue to Occur• While Incident Rates have decreased, Fatality Rates
remain steady • Major Disasters, Fires, Explosions, Chemical Releases• FSIs in Construction, Petro-chemical, Transportation,
Agribusiness among other industries
Why Assess Risk?
Why Assess Risk?
The Rising Importance of Managing RiskRisk assessments required in: • many countries• branches of the military• NASA• Chemical operations – (OSHA Process Safety Management &
EPA RMP)• Atomic energy field • Pharmaceuticals
Global Trends
ISO 31000 Risk Management Standards
Key Standards
• ISO 31000 - ANSI/ASSE Z690-2011 Risk Management Standards
• ANSI/ASSE Z590.3-2011 Prevention through Design• ANSI B11.0-2015 Safety of Machinery• MIL-STD-882E-2012
The Purpose of Assessing Risk…
to “provide evidence-based information and analysis to make informed decisions on how to treat particular risks and how to select between options.”
ISO 31010/ANSI/ASSE Z690.3-2011
Risk Assessments required in Management Systems StandardsPlan, Do, Check, Act“The effectiveness of an ORMS requires the continual identification, analysis and evaluation of risks to understand their magnitude of loss, and potential of occurring, as well as adequacy of existing control measures and needed improvements within the organization.”
• OSHA’s Voluntary Protection Program (VPP) • ANSI Z10-2012 • BS OHSAS 18001-2007• International Labor Office ILO-OSH 2001• ISO 14001-2004, Environmental management systems• ISO 45001- 2015-16, Occupational Health and Safety
Management Systems
Operational Risk Management Systems
The Rising Importance of Risk Assessment
• Established February 2013• Risk-based information, tools, and research for safety professionals• Risk Assessment Certificate Program
http://www.oshrisk.org/
OSHA Recognizes Need for Risk-based ApproachIn a July 19, 2010 letter to the OSHA staff, Assistant Secretary David Michaels wrote:
“Ensuring that American workplaces are safe will require a paradigm shift, with employers going beyond simply attempting to meet OSHA standards, to implementing risk-based workplace injury and illness prevention programs.”
When should Risks be Assessed?Design of New SystemsRedesign of Existing SystemsChanges & Additions (MOC)ProcurementHigh Risk ActivitiesNon-routine ActivitiesSerious Incidents (FSI)
Upsets and EmergenciesThird-party Interactions,
Contractors, & ConstructionExternal Requirements
When Assess Risks?
Develop a Strategy for ‘when’, ‘where’, ‘who’ and ‘how’ risk assessments are to be performed
Gain Management CommitmentInvolve StakeholdersEnsure Adequate Resources are Available
Qualified Risk Assessors
Document and Communicate Risk
Establish Risk Criteria
Establish Context
Assemble Team
Identify Hazards
Analyze Risks
Evaluate Risks
Treat Risks
Document
Monitor / Review
Risk Assessment
Process
Establish Risk Criteria and Matrix
Define Risk Criteria & LevelsEstablish Risk Scoring System Select Risk Assessment Matrix
Monitoring and review (5.6)
Risk assessment (5.4)
Communication and consultation
(5.2)
Establishing the context (5.3)
Risk identification (5.4.2)
Risk analysis (5.4.3)
Risk evaluation (5.4.4)
Risk treatment (5.5)
Establish Risk Criteria and Matrix
Establish a Risk Scoring System Qualitative, Semi-quantitative, or QuantitativeRisk Factors in System
• Severity, Likelihood, Control Effectiveness, Exposure, etc.Existing or Customized System
• MIL-STD-882• ANSI Z10• ANSI Z590.3 PtD
Establish Risk Criteria and Matrix
Define Risk Criteria & Levels for the Organization• Severity • Likelihood• Action Levels• Acceptable Level
Establish Risk Criteria and Matrix
“A method to categorize combinations of probability of occurrence and severity of harm, thus establishing risk levels.” (Z590.3)
Establish Risk Criteria and Matrix
Risk Level
Unacceptable
High
Moderate
Low
Immediate action required. Operation not permissible, except in rare and extra-ordinary circumstances.
Remedial action is to be taken at appropriate time.
Action
Remedial action is to be given high priority.
Remedial action is discretionary. Procedures are to be in place to ensure risk level is maintained.
Risk Action Levels
Establish Context
Purpose and ScopeBoundaries and LimitationsSelect Risk Assessment Method(s)
Form a Team
Context will Determine Size and MakeupCross-functional Group Roles and ResponsibilitiesTraining in Method(s)
Identify Hazards/Risks
Find, Recognize and Record • Hazards • Causes and Sources • Events, Scenarios or Failure
Modes • Existing Controls
Monitoring and review (5.6)
Risk assessment (5.4)
Communication and consultation
(5.2)
Establishing the context (5.3)
Risk identification (5.4.2)
Risk analysis (5.4.3)
Risk evaluation (5.4.4)
Risk treatment (5.5)
Identification Methods
• Brainstorming• Checklists• Regulations (OSHA, EPA, DOT etc.)• Standards (ANSI, ASTM, NFPA, etc.)• Experts (external or internal)• Job Hazard Analyses/Job Safety Analyses • Accident/incident investigations • OSHA Injury and Illness Records• Insurance claims• Formal hazard/risk identification techniques (31 listed in ANSI Z690.3-2011)
Risk Analysis
1. Severity of Consequences (S)2. Likelihood of Occurrence (L) 3. Effectiveness of Existing
Controls 4. Estimated Risk Levels
Monitoring and review (5.6)
Risk assessment (5.4)
Communication and consultation
(5.2)
Establishing the context (5.3)
Risk identification (5.4.2)
Risk analysis (5.4.3)
Risk evaluation (5.4.4)
Risk treatment (5.5)
Risk Analysis
Determine Consequence(s) and their Severity
Fertilizer Warehouse Fire
EnvironmentPublic Building LiabilityEmployees
Risk Analysis
Estimate Severity Level (S) for each ConsequenceSeverity Ranking Severity Level (S) Severity of Consequence Description
4 Catastrophic One or more fatalities; multiple serious hospitalizations; incident resulting in more than $250 K
3 Critical Disabling injury or illness; permanent impairment; incident resulting in more than $ 50 K
2 Marginal Medical treatment or restricted work; recordable incidents; incident resulting in more than $ 1 K
1 Low First aid or non-treatment incidents; incident resulting in less than $ 1 K
Risk Analysis
Estimate Likelihood (L)• Review historical data • Consider exposure
frequency, duration and population
• Estimate Likelihood of Occurrence
Risk Analysis
Assess Existing Controls (PE) • Adequacy and Effectiveness • Consider the type of controls and
their effectiveness according to the ‘Hierarchy of Controls’
Risk Analysis
Estimate Risk Level • Using the Risk Scoring System calculate the Risk Level
Take care not to dilute severity if using multiple risk factors in the formula (i.e. severity, probability, exposure, protection effectiveness, failure detectability, frequency, duration, etc.)
Examples:Severity + Likelihood = Risk Level
Severity x (Likelihood x Protection Effectiveness) = Risk Level
Risk Evaluation
• Compare estimated Risk Levels with established Risk Criteria
• Determine if Risk is Acceptable or if Treatment is needed
• Prioritize Actions based on Risk Levels
Monitoring and review (5.6)
Risk assessment (5.4)
Communication and consultation
(5.2)
Establishing the context (5.3)
Risk identification (5.4.2)
Risk analysis (5.4.3)
Risk evaluation (5.4.4)
Risk treatment (5.5)
Risk – ‘As Low As Reasonably Practicable’
Decisions on treating a risk will depend on the risk level and the costs and benefits of implementing improved controls.
Risk Treatment
‘The process of reducing or modifying risk using Risk Treatment Options.’ Risks that are judged unacceptable must be ‘treated’ to reduce risk.
Monitoring and review (5.6)
Risk assessment (5.4)
Communication and consultation
(5.2)
Establishing the context (5.3)
Risk identification (5.4.2)
Risk analysis (5.4.3)
Risk evaluation (5.4.4)
Risk treatment (5.5)
Risk Treatment Options
1) Avoidance - avoiding the risk by deciding not to start or continue with the activity that gives rise to the risk
2) Elimination - removing the risk source3) Substitution - changing the consequences 4) Engineering and Administrative controls - changing the likelihood 5) Transfer & Financing - sharing the risk with another party such as
insurance contracts and risk financing 6) Retain - retaining the risk by informed decision
Hierarchy of ControlsMost
Preferred
Least Preferred
Risk Avoidance: Prevent entry of hazards into a workplace by selecting and incorporating appropriate technology and work methods criteria during the design processes. Eliminate: Eliminate workplace and work methods risks that have been discovered. Substitution: Reduce risks by substituting less hazardous methods or materials. Engineering Controls: Incorporate engineering controls/safety devices. Warning: Provide warning systems.
Administrative Controls: Apply administrative controls (the organization of work, training, scheduling, supervision, etc.). Personal Protective Equipment: Provide Personal Protective Equipment (PPE).
Documentation
Virtually all aspects of the process should be documented Selecting the risk assessment matrix Determining the purpose and scope (context) Forming the team Selecting the hazards or operations to be assessed Identifying Hazards/risks Analyzing Risks Evaluating Risks Communicating and documenting Monitoring and continuous improvement
DocumentationRisk Register
Case # Location Task Hazard # HazardCurrent State Risk
LevelAdditional Controls Completion Date
Future State Risk Level
1 QC Lab - Weld Plasma cutter 1.1 Electrical Shock 14 Yes 2/20/2015 12
1 QC Lab - Weld Plasma cutter 1.2 burns 15.2 Yes 3/15/2015 12
1 QC Lab - Weld Plasma cutter 1.3 arc flash 11.2 Yes 2/20/2015 9.8
1 QC Lab - Weld Plasma cutter 1.4 noise 19 Yes 3/15/2015 8.4
1 QC Lab - Weld Plasma cutter 1.5 fire 14 Yes 3/15/2015 12
1 QC Lab - Weld Plasma cutter 1.6 dust 11.2 Yes 3/15/2015 9.6
2 QC Lab - Weld Weld Destruct 2.1 ergo-strains 14 Yes 4/15/2015 14
2 QC Lab - Weld Weld Destruct 2.2 vibration 19 Yes 4/15/2015 4.8
2 QC Lab - Weld Weld Destruct 2.3 noise 11.2 Yes 4/15/2015 10.8
2 QC Lab - Weld Weld Destruct 2.4 struck by 15.2 Yes 2/20/2015 14.4
2 QC Lab - Weld Weld Destruct 2.5 dust 16 Yes 4/15/2015 8.4
2 QC Lab - Weld Weld Destruct 2.6 struck against 11.4 Yes 3/15/2015 6.3
2 QC Lab - Weld Weld Destruct 2.7 falls same level 16 Yes 3/15/2015 11.2
3 Finishing Wash Station 3.1 hot liquid 9 Yes 4/15/2015 6.3
3 Finishing Wash Station 3.2 struck against 14.25 Yes 4/15/2015 0.2
3 Finishing Wash Station 3.3 chem-corrosive 11.2 Yes 4/15/2015 4.2
3 Finishing Wash Station 3.4 hot surfaces 14.25 Yes 4/15/2015 2.1
3 Finishing Wash Station 3.5 mechanical 9.6 Yes 3/15/2015 4.8
3 Finishing Wash Station 3.6 ergo-strains 11.2 Yes 4/15/2015 0.2
Monitoring & Continuous Improvement
Hazards and operations change Changes can effect existing
controls and their effectiveness Update risk assessments to
consider these possible changes Monitoring and review (5.6)
Risk assessment (5.4)
Communication and consultation
(5.2)
Establishing the context (5.3)
Risk identification (5.4.2)
Risk analysis (5.4.3)
Risk evaluation (5.4.4)
Risk treatment (5.5)
Communication
The importance of communication can not be overstated.
Successful risk assessments are dependent on effective communication among stakeholders prior to, during and after the process.
Monitoring and review (5.6)
Risk assessment (5.4)
Communication and consultation
(5.2)
Establishing the context (5.3)
Risk identification (5.4.2)
Risk analysis (5.4.3)
Risk evaluation (5.4.4)
Risk treatment (5.5)
The Take Away Message
Take a ‘Risk-based’ ApproachEstablish a Strategy for Performing Risk AssessmentsLead the Way