Webinar ‘The Lifecycle of a Risk Model’ Ruairí Kennedy ...
Transcript of Webinar ‘The Lifecycle of a Risk Model’ Ruairí Kennedy ...
Webinar ‘The Lifecycle of a Risk Model’ Ruairí Kennedy, 4th May 2017
About me – Ruairí Kennedy
■ UK, Australia and Middle East, Public and Private Sector▪ Safety Risk Model v3, v4, v5 (2002 to 2007)▪ RailCorp’s Quantitative Risk Model (NSW passenger operator and
infrastructure manager)▪ Level Crossings (ALCRM in UK, ALCAM in Australia, User Worked
Crossings Risk Model)▪ Structures Over Track Risk Model
■ Master of Physics■ Chief Consultant Rail System Safety, 16 years improving rail, road and
maritime safety■ Our Vision: to be thought leaders delivering quality in the fields of
▪ Risk Management▪ Risk Analysis▪ Safety Management
2
Our audience■ 30+ people■ 5+ countries
▪ Australia▪ United Kingdom
■ 10+ industries▪ Rail▪ Nuclear▪ Oil & Gas▪ Defence▪ Aviation▪ Energy & Power
3
Overview ■ What is a risk model?■ Why have a risk model?■ Risk Models and the System Lifecycle■ Strengths, Weaknesses, Opportunities■ Further uses ■ Looking forward – systemic challenges■ Invitation■ Q&A
4
What is a risk model?
5
■ FMEA/FMECA/FMEDA■ Hazard Record■ Hazard Log■ Risk Register■ What models are out there?
▪ GB Safety Risk Model▪ CTRL (Channel Tunnel Rail Link) HS1▪ Irish Rail, Location specific▪ ALCRM (All Level Crossings Risk Model)▪ ALCAM (All Level Crossings Assessment Model)▪ RailCorp Safety Risk Register▪ Structures over Track Risk Model▪ Australian Risk Model▪ Existing and future operators in Middle East
What is a risk model?
6
Why have a risk model?
7
LEGAL CONTEXT, UK
■ 2015, West Coast Railways Companyseconds from one of these…
…colliding with the side of a potentiallyderailed element of one of these…
…at high speed; as close to a multi-fatality train collision as wehave come in the last decade
■ Romney, Hythe and Dymchurch Light Railway (1/3 scale, 15” gauge)
▪ Two fatal level crossing collisions in period 2003 to 2005
■ All assumptions require validation
Why have a risk model?
8
LEGAL CONTEXT, UK
Why have a risk model?
9
LEGAL CONTEXT AUSTRALIA, MIDDLE EAST■ Australia
▪ Rail Safety Act 2012■ Middle East (Dubai, Doha, Riyadh)
▪ Looks to Europe and UK for Heavy, Metro and Light Rail legislation/best practice
▪ ALARP (As Low As Reasonably Practicable)▪ CENELEC EN 50126/8/9▪ Safety Directive, Common Safety Method Risk Evaluation and
Assessment, Acceptance Criteria:1. Codes of Practice2. Reference Systems3. Explicit Risk Estimation
• An essential tool in managing risk to As Low As Reasonably Practicable
• Perhaps the area that presents the greatest opportunity to achieve safety benefit
Why have a risk model?
10
BUSINESS CONTEXT
Why have a risk model?
11
BUSINESS CONTEXT
Risk Models and the System Lifecycle
12
The ‘V’ Lifecycle - 50126/8/9GB SRM
ALCAM/ALCRM
Strengths, Weaknesses, Opportunities
13
Qualitative (Risk Matrices), Safety
Strengths, Weaknesses, Opportunities
14
Qualitative (Risk Matrices)■ Strengths
▪ Perceived to be easier to use by a greater number of people▪ Great for prioritising into big buckets
■ Weaknesses▪ Can be easy to use badly
▪ If poorly designed▪ Before and after risk assessments - incentive is there to
reduce the risk to the next ranking just to show impact of controls
▪ Insufficient granularity▪ Each matrix square can be between 25x and 100x the risk,
depending on matrix design▪ Control cost benefit analysis
Strengths, Weaknesses, Opportunities
15
Qualitative (Risk Matrices), Enterprise
Strengths, Weaknesses, Opportunities
16
Quantitative (GB Safety Risk Model)
Strengths, Weaknesses, Opportunities
17
Quantitative (GB SRM)■ Strengths
▪ Great overall representative picture of the risk at the UK level▪ Solid foundation for detailed CBA, industry strategy (example Train
Protection and Warning strategy, Regulator’s Higher Levels of Safety)■ Weaknesses (acknowledge not part of design)
▪ No risk controls, no risk management▪ Safety only▪ For the most part, retrospective, with contributions to allow for low
frequency high consequence, giving it its ‘predictive’▪ No TOC (organisational), route or location granularity for either
collective or individual risk
Strengths, Weaknesses, Opportunities
18
Quantitative (Level Crossings)■ ALCAM (Australia)■ ALCRM (UK)
Strengths, Weaknesses, Opportunities
19
Quantitative (RailCorp Quantitative Risk Model)■ Less depth to
system safety hazardous events
■ Greater risk management transparency
▪ How exactly does who control which risk?
▪ Which controls are to be assessed how often using which method?
▪ Performance Standards
Strengths, Weaknesses, Opportunities
20
Quantitative■ Level Crossing
Risk Model (User-Worked Crossings)
■ Structures over Track Risk Model
▪ Bridges, car parks, shopping centres, any development in airspace above potentially derailing train
Strengths, Weaknesses, Opportunities
21
Quantitative■ Strengths
▪ Deep granularity▪ Control cost benefit analysis
■ Weaknesses▪ Few can create, few can use, few can understand and interpret▪ Not genuinely predictive
■ Do they need to be?▪ At some point a train/tram driver/operator in a given population
is going to feel tired and fall asleep in the cab on the approach to a low radius curve
▪ If we know where the fault paths lie
Strengths, Weaknesses, Opportunities
22
Systems Theoretic Process Analysis - Leveson
Further Uses
23
■ Concept through Specification▪ System Requirements Specification
■ Design & Build▪ CSM REA, EN 50126/8/9 - Preliminary System Definition - Iterative
▪ Each system definition is a model of reality designed to identify and manage uncertainty (i.e. risk) and used to support decision making
▪ Confusion of consortia▪ Depot, with three maintenance contractors working side by side▪ Hi-speed consortium (multiple entities)
■ Operations & Maintenance▪ Change Management▪ Performance Monitoring (Reporting to Group, Regulator, Industry)▪ Organisational Design
▪ Identification of safety critical roles; Team size▪ Risk Based Training Needs Analysis
▪ Control Effectiveness■ Circle of knowledge
▪ Learning - intra organisational, inter-organisational, inter-industry▪ Tool to address loss of key experience (engineering and operational)
Looking forward - Systemic Challenges
24
■ In or Out, Brexit constitutes a threat to (continental) knowledge sharing
■ EU funding for UK based R&D projects more difficult▪ Barrier = Less Collaboration▪ Less Collaboration = Less Knowledge sharing▪ Less Knowledge Sharing = Lesson Learning comes more
slowly and at higher cost
Brexit
Looking forward - Systemic Challenges
25
■ The more fragmented the industry the stronger the regulatory position regarding an overarching systems approach should be
■ The design of franchises in a privatised industry drive a particular behaviour in which the interest of the system are not paramount
▪ E.g. Money available for investment in the first two years of a seven-year franchise
Risk Model Ownership
Conclusions
26
■ Through System Lifecycle – the earlier the better■ Align with systems and key decision-making entities within those systems –
Regulator, Design & Build Contractors (Project Directors), Operator Maintainers (Managing Directors)
▪ Priority▪ Control cost benefit▪ Control effectiveness assessment (Clarity of roles and responsibilities)▪ Allow us to discover risk we are not managing (at all or well enough)
■ KISS - Keep it Simple Stupid■ Quality of conversations and learning around system safety needs to
improve both within and across industry▪ Well designed risk models▪ Valid documented referenceable understanding of systems
■ Flexibility is key - ability to adapt as disruptive technologies come to fruition
▪ E.g. Autonomous mobility
Where do our Risk Models need to go?
27
QUALITY INTEGRITY LEADERSHIP
CRA’s 8th Annual Risk ForumInvitation