Risk Assessment What, Why, When and How UCM Fall Symposium and ASSE/AIHA/A&WMA PDC November 5, 2015...

Risk AssessmentWhat, Why, When and How

UCM Fall Symposium and ASSE/AIHA/A&WMA PDC

November 5, 2015

Bruce Lyon, CSP, PE, ARM, CHMMHays Companies

Risk Assessment Fundamentals

ObjectivesWhat… Hazards, Risks, and Risk ManagementWhy… Developing Trends, Standards, FSI & PtD When… Triggers for Assessing RiskHow… Steps for Conducting Risk Assessments

What is Risk Management?

The coordinated activities of risk avoidance, control, and financing to a level that is considered acceptable.

‘Risk Assessment’ is the cornerstone of Risk

Management.

What is Risk?

Hazards vs. Risks…

Hazard • Source of harm. (Z690.1)


Exposure – • Contact with or proximity to a hazard, taking into account

duration and intensity. (Z10) • Extent to which an organization or stakeholder is subject to

an event. (Z690.1)

Exposure includes frequency and duration of a hazard coming into contact with the population or assets at risk.


Risk • Effect of uncertainty on objectives. (Z690.1)

• An estimate of the probability of a hazard-related incident or exposure occurring and the severity of harm or damage that could result. (Z590.3)

Risk is the estimated severity of harm and likelihood of occurrence from the hazard.

Definitions

• Severity – Degree of harm.• Likelihood – Chance of something happening.• Operational Risk – Risks generated from the workplace including

SH&E, liability, legal and information technology.• Acceptable Risk - The risk level that is considered by the organization

to be acceptable in its current context. This level of risk is generally lowered as the organization matures and the control technologies improve.

Definitions

Risk Assessment • “A process that commences with hazard identification and analysis,

through which the probable severity of harm or damage is established, followed by an estimate of the probability of the incident or exposure occurring, and concluding with a statement of risk.” (Z590.3)

• “Overall process of risk identification, risk analysis and risk evaluation.” (Z690.1)

Risk Assessment is a three step process that including identifying hazards, analyzing their risk, and evaluation the risk to determine if it requires additional control.

The Risk Assessment Process

Hazard/Risk Identification

Risk Analysis

Risk Evaluation

Risk Assessment within the Risk Management Framework

Why Assess Risk?

Fatalities and Serious Incidents (FSI) Continue to Occur• While Incident Rates have decreased, Fatality Rates

remain steady • Major Disasters, Fires, Explosions, Chemical Releases• FSIs in Construction, Petro-chemical, Transportation,

Agribusiness among other industries

Why Assess Risk?

The Rising Importance of Managing RiskRisk assessments required in: • many countries• branches of the military• NASA• Chemical operations – (OSHA Process Safety Management &

EPA RMP)• Atomic energy field • Pharmaceuticals

Global Trends

ISO 31000 Risk Management Standards

Key Standards

• ISO 31000 - ANSI/ASSE Z690-2011 Risk Management Standards

• ANSI/ASSE Z590.3-2011 Prevention through Design• ANSI B11.0-2015 Safety of Machinery• MIL-STD-882E-2012

The Purpose of Assessing Risk…

to “provide evidence-based information and analysis to make informed decisions on how to treat particular risks and how to select between options.”

ISO 31010/ANSI/ASSE Z690.3-2011

Risk Assessments required in Management Systems StandardsPlan, Do, Check, Act“The effectiveness of an ORMS requires the continual identification, analysis and evaluation of risks to understand their magnitude of loss, and potential of occurring, as well as adequacy of existing control measures and needed improvements within the organization.”

• OSHA’s Voluntary Protection Program (VPP) • ANSI Z10-2012 • BS OHSAS 18001-2007• International Labor Office ILO-OSH 2001• ISO 14001-2004, Environmental management systems• ISO 45001- 2015-16, Occupational Health and Safety

Management Systems

Operational Risk Management Systems

The Rising Importance of Risk Assessment

• Established February 2013• Risk-based information, tools, and research for safety professionals• Risk Assessment Certificate Program

http://www.oshrisk.org/




OSHA Recognizes Need for Risk-based ApproachIn a July 19, 2010 letter to the OSHA staff, Assistant Secretary David Michaels wrote:

“Ensuring that American workplaces are safe will require a paradigm shift, with employers going beyond simply attempting to meet OSHA standards, to implementing risk-based workplace injury and illness prevention programs.”

When should Risks be Assessed?Design of New SystemsRedesign of Existing SystemsChanges & Additions (MOC)ProcurementHigh Risk ActivitiesNon-routine ActivitiesSerious Incidents (FSI)

Upsets and EmergenciesThird-party Interactions,

Contractors, & ConstructionExternal Requirements

When Assess Risks?

Develop a Strategy for ‘when’, ‘where’, ‘who’ and ‘how’ risk assessments are to be performed

Gain Management CommitmentInvolve StakeholdersEnsure Adequate Resources are Available

Qualified Risk Assessors

Document and Communicate Risk

Establish Risk Criteria

Establish Context

Assemble Team

Identify Hazards

Analyze Risks

Evaluate Risks

Treat Risks

Document

Monitor / Review

Risk Assessment

Process

Establish Risk Criteria and Matrix

Define Risk Criteria & LevelsEstablish Risk Scoring System Select Risk Assessment Matrix

Monitoring and review (5.6)

Risk assessment (5.4)

Communication and consultation

(5.2)

Establishing the context (5.3)

Risk identification (5.4.2)

Risk analysis (5.4.3)

Risk evaluation (5.4.4)

Risk treatment (5.5)


Establish a Risk Scoring System Qualitative, Semi-quantitative, or QuantitativeRisk Factors in System

• Severity, Likelihood, Control Effectiveness, Exposure, etc.Existing or Customized System

• MIL-STD-882• ANSI Z10• ANSI Z590.3 PtD


Define Risk Criteria & Levels for the Organization• Severity • Likelihood• Action Levels• Acceptable Level


“A method to categorize combinations of probability of occurrence and severity of harm, thus establishing risk levels.” (Z590.3)


Risk Level

Unacceptable

High

Moderate

Low

Immediate action required. Operation not permissible, except in rare and extra-ordinary circumstances.

Remedial action is to be taken at appropriate time.

Action

Remedial action is to be given high priority.

Remedial action is discretionary. Procedures are to be in place to ensure risk level is maintained.

Risk Action Levels

Establish Context

Purpose and ScopeBoundaries and LimitationsSelect Risk Assessment Method(s)

Form a Team

Context will Determine Size and MakeupCross-functional Group Roles and ResponsibilitiesTraining in Method(s)

Identify Hazards/Risks

Find, Recognize and Record • Hazards • Causes and Sources • Events, Scenarios or Failure

Modes • Existing Controls




(5.2)






Identification Methods

• Brainstorming• Checklists• Regulations (OSHA, EPA, DOT etc.)• Standards (ANSI, ASTM, NFPA, etc.)• Experts (external or internal)• Job Hazard Analyses/Job Safety Analyses • Accident/incident investigations • OSHA Injury and Illness Records• Insurance claims• Formal hazard/risk identification techniques (31 listed in ANSI Z690.3-2011)

Risk Analysis

1. Severity of Consequences (S)2. Likelihood of Occurrence (L) 3. Effectiveness of Existing

Controls 4. Estimated Risk Levels




(5.2)






Risk Analysis

Determine Consequence(s) and their Severity

Fertilizer Warehouse Fire

EnvironmentPublic Building LiabilityEmployees

Risk Analysis

Estimate Severity Level (S) for each ConsequenceSeverity Ranking Severity Level (S) Severity of Consequence Description

4 Catastrophic One or more fatalities; multiple serious hospitalizations; incident resulting in more than $250 K

3 Critical Disabling injury or illness; permanent impairment; incident resulting in more than $ 50 K

2 Marginal Medical treatment or restricted work; recordable incidents; incident resulting in more than $ 1 K

1 Low First aid or non-treatment incidents; incident resulting in less than $ 1 K

Risk Analysis

Estimate Likelihood (L)• Review historical data • Consider exposure

frequency, duration and population

• Estimate Likelihood of Occurrence

Risk Analysis

Assess Existing Controls (PE) • Adequacy and Effectiveness • Consider the type of controls and

their effectiveness according to the ‘Hierarchy of Controls’

Risk Analysis

Estimate Risk Level • Using the Risk Scoring System calculate the Risk Level

Take care not to dilute severity if using multiple risk factors in the formula (i.e. severity, probability, exposure, protection effectiveness, failure detectability, frequency, duration, etc.)

Examples:Severity + Likelihood = Risk Level

Severity x (Likelihood x Protection Effectiveness) = Risk Level

Risk Evaluation

• Compare estimated Risk Levels with established Risk Criteria

• Determine if Risk is Acceptable or if Treatment is needed

• Prioritize Actions based on Risk Levels




(5.2)






Risk – ‘As Low As Reasonably Practicable’

Decisions on treating a risk will depend on the risk level and the costs and benefits of implementing improved controls.

Risk Treatment

‘The process of reducing or modifying risk using Risk Treatment Options.’ Risks that are judged unacceptable must be ‘treated’ to reduce risk.




(5.2)






Risk Treatment Options

1) Avoidance - avoiding the risk by deciding not to start or continue with the activity that gives rise to the risk

2) Elimination - removing the risk source3) Substitution - changing the consequences 4) Engineering and Administrative controls - changing the likelihood 5) Transfer & Financing - sharing the risk with another party such as

insurance contracts and risk financing 6) Retain - retaining the risk by informed decision

Hierarchy of ControlsMost

Preferred

Least Preferred

Risk Avoidance: Prevent entry of hazards into a workplace by selecting and incorporating appropriate technology and work methods criteria during the design processes. Eliminate: Eliminate workplace and work methods risks that have been discovered. Substitution: Reduce risks by substituting less hazardous methods or materials. Engineering Controls: Incorporate engineering controls/safety devices. Warning: Provide warning systems.

Administrative Controls: Apply administrative controls (the organization of work, training, scheduling, supervision, etc.). Personal Protective Equipment: Provide Personal Protective Equipment (PPE).

Documentation

Virtually all aspects of the process should be documented Selecting the risk assessment matrix Determining the purpose and scope (context) Forming the team Selecting the hazards or operations to be assessed Identifying Hazards/risks Analyzing Risks Evaluating Risks Communicating and documenting Monitoring and continuous improvement

DocumentationRisk Register

Case # Location Task Hazard # HazardCurrent State Risk

LevelAdditional Controls Completion Date

Future State Risk Level

1 QC Lab - Weld Plasma cutter 1.1 Electrical Shock 14 Yes 2/20/2015 12

1 QC Lab - Weld Plasma cutter 1.2 burns 15.2 Yes 3/15/2015 12

1 QC Lab - Weld Plasma cutter 1.3 arc flash 11.2 Yes 2/20/2015 9.8

1 QC Lab - Weld Plasma cutter 1.4 noise 19 Yes 3/15/2015 8.4

1 QC Lab - Weld Plasma cutter 1.5 fire 14 Yes 3/15/2015 12

1 QC Lab - Weld Plasma cutter 1.6 dust 11.2 Yes 3/15/2015 9.6

2 QC Lab - Weld Weld Destruct 2.1 ergo-strains 14 Yes 4/15/2015 14

2 QC Lab - Weld Weld Destruct 2.2 vibration 19 Yes 4/15/2015 4.8

2 QC Lab - Weld Weld Destruct 2.3 noise 11.2 Yes 4/15/2015 10.8

2 QC Lab - Weld Weld Destruct 2.4 struck by 15.2 Yes 2/20/2015 14.4

2 QC Lab - Weld Weld Destruct 2.5 dust 16 Yes 4/15/2015 8.4

2 QC Lab - Weld Weld Destruct 2.6 struck against 11.4 Yes 3/15/2015 6.3

2 QC Lab - Weld Weld Destruct 2.7 falls same level 16 Yes 3/15/2015 11.2

3 Finishing Wash Station 3.1 hot liquid 9 Yes 4/15/2015 6.3

3 Finishing Wash Station 3.2 struck against 14.25 Yes 4/15/2015 0.2

3 Finishing Wash Station 3.3 chem-corrosive 11.2 Yes 4/15/2015 4.2

3 Finishing Wash Station 3.4 hot surfaces 14.25 Yes 4/15/2015 2.1

3 Finishing Wash Station 3.5 mechanical 9.6 Yes 3/15/2015 4.8

3 Finishing Wash Station 3.6 ergo-strains 11.2 Yes 4/15/2015 0.2

Monitoring & Continuous Improvement

Hazards and operations change Changes can effect existing

controls and their effectiveness Update risk assessments to

consider these possible changes Monitoring and review (5.6)



(5.2)






Communication

The importance of communication can not be overstated.

Successful risk assessments are dependent on effective communication among stakeholders prior to, during and after the process.




(5.2)






The Take Away Message

Take a ‘Risk-based’ ApproachEstablish a Strategy for Performing Risk AssessmentsLead the Way

Risk Assessment What, Why, When and How UCM Fall Symposium and ASSE/AIHA/A&WMA PDC November 5, 2015...

Documents

Transcript of Risk Assessment What, Why, When and How UCM Fall Symposium and ASSE/AIHA/A&WMA PDC November 5, 2015...