risk analysis types

7/27/2019 Risk Analysis types

1/41

Marvin Rausand, October 7, 2005 System Reliability Theory (2nd ed), Wiley, 2004 1 / 41

Risk Analysis

An Introduction

Marvin Rausand

Department of Production and Quality EngineeringNorwegian University of Science and Technology

[email protected]
http://www.ntnu.no/~marvinrhttp://www.ntnu.no/ross/srthttp://www.ntnu.no/ross/srthttp://www.ntnu.no/~marvinr


2/41

IntroductionWhat is ..?

Brief history

Cons. spectr.

Accident categ.

Standards

ProcedureAcceptable risk

ALARP principle

Assessment

Main Steps

Conclusions


Introduction


3/41

What is risk analysis?


Brief history

Cons. spectr.

Accident categ.

Standards


ALARP principle

Assessment

Main Steps

Conclusions


A risk analysis is:

u Systematic use of available information to identify hazardsand to estimate the risk to individuals or populations,

property or the environment IEC 60300-3-9

u A systematic approach for describing and/or calculating risk.Risk analysis involves the identification of undesired

(accidental) event, and the causes and consequences of theseevents

NS 5814


4/41


5/41

Consequence spectrum


Brief history

Cons. spectr.

Accident categ.

Standards


ALARP principle

Assessment

Main Steps

Conclusions


A consequence spectrum (or, risk picture) of an activity is a

listing of its potential consequences and the associatedprobabilities (e.g., per year). Usually, only unwantedconsequences are considered.

Activity

C1

C2

C3

Ck

p1

pk

p3

p2

Risk is sometimes defined as:

Risk = C1p1 + C2p2 + + Ckpk =k

i=1

Cipi

This requires that all consequences may be measured with a

common measure (e.g., as monetary value)


6/41

Categories of accidents


Brief history

Cons. spectr.

Accident categ.

Standards


ALARP principle

Assessment

Main Steps

Conclusions


- Traffic accidents- Occupational

accidents, etc.- Air trafic accidents- Railway accidents- Major industrialaccidents

- Nuclear accidents

- Catastrophies

Severity (log scale)

Frequency(lo

gscale)

1.

3.

2.

Low risk

High risk

Based on Rasmussen (1994)


7/41

Standards for risk analysis


Brief history

Cons. spectr.

Accident categ.

Standards


ALARP principle

Assessment

Main Steps

Conclusions


u IEC 60300-3-9: Risk analysis of technologuical systemsu EN 1050: Safety of machinery Risk assessmentu EN 50126: Railway applications The specification and

demonstration of reliability , availability, maintainability amd

safety (RAMS)u ISO 17776: Petroleum and natural gas industries Offshore

production installations Guidelines and tools for hazardidentification and risk assessment

u NORSOK Z-013: Risk and emergency preparedness analysis

u EN 1441: Medical Devices - Risk Analysis

More standards on: http://www.ntnu.no/ross/srt


8/41

Risk analysis procedure


Brief history

Cons. spectr.

Accident categ.

Standards


ALARP principle

Assessment

Main Steps

Conclusions


Planning and

organizing

Description

of object

Hazardidentification

Frequencyanalysis

Consequenceanalysis

Riskevaluation

Risk reducingmeasures

What is

acceptable risk?

Other measuresdesirable?

Acceptable?No

Yes


9/41

Risk analysis procedures - (2)


Brief history

Cons. spectr.

Accident categ.

Standards


ALARP principle

Assessment

Main Steps

Conclusions


Accidental

eventCausal

analysis

Consequence

analysis

Methods

- Checklists

- Preliminary hazardanalysis

- FMECA*

- HAZOP

- Event data sources

- Fault tree analysis*

- Reliability blockdiagrams*

- Influence diagrams*

- FMECA*

- Reliability data

sources*

- Event tree analysis*

- Consequencemodels

- Reliability

assessment*

- Evacuation models

- Simulation

(a)(b) (c)


10/41

Acceptable risk


Brief history

Cons. spectr.

Accident categ.

Standards


ALARP principle

Assessment

Main Steps

Conclusions


Several principles can be used to determine the acceptable risk:

u The ALARP principle (As low as reasonably practicable)u The precautionary principleu

Risk acceptance as defined in NORSOK Z-013u Minimum endogeneous mortality (MEM)u Globalement au moins aussi bon (GAMAB)

Risk acceptable is generally a complicated and multifaceted issue.


11/41

ALARP principle


Brief history

Cons. spectr.

Accident categ.

Standards


ALARP principle

Assessment

Main Steps

Conclusions


Negligible risk

Unacceptable region

The ALARP or Tolerabilityregion (Risk is undertaken only

if a benefit is desired)

Broadly acceptable region(No need for detailed work to

demonstrate ALARP)

Risk cannot be justified exceptin extraordinary circumstances

Tolerable only if risk reduction isimpracticable or its cost isgrossly disproportionate to the

improvement gained

Tolerable if cost of reductionwould exceed the improvement

gained

Necessary to maintainassurance that risk remains at

this level


12/41

Risk assessment and management


Brief history

Cons. spectr.

Accident categ.

Standards


ALARP principle

Assessment

Main Steps

Conclusions


Risk analysis

- Scope definition

- Hazard identification

- Risk estimation

Risk evaluation

- Risk tolerability

decisions- Analysis of options

Risk reduction/control

- Decision making

- Implementation

- Monitoring

Riskassessment

Risk

management

IEC 60300-3-9


13/41

Introduction

Main Steps

Planning

System descript.

Hierarchy

Hazard ident.

Methods

Accidental events

Event matrix

Causal analysis

Frequency analysis

Consequences

Risk evaluation

Risk matrix

Risk elimination

Report

Conclusions


Main Steps


14/41

Planning and organization

Introduction

Main Steps

Planning

System descript.

Hierarchy

Hazard ident.

Methods

Accidental events

Event matrix

Causal analysis

Frequency analysis

Consequences

Risk evaluation

Risk matrix

Risk elimination

Report

Conclusions


u Identify relevant laws and regulationsu Clarify internal policies and risk acceptance criteriau Define the purpose and objectives of the risk analysis

3 What type of risks should be studied? (Major accidents vs.occupational accidents; random hazards, deliberate actions, and/orenvironmental loads)

3 Which life phases should be included? (Normal operation, start-up,end-of-life, major overhaul, etc.)

u Organize the work, multidisciplinary team where selectedexperts provide the required expertice


15/41

Description of the analysis object

Introduction

Main Steps

Planning

System descript.

Hierarchy

Hazard ident.

Methods

Accidental events

Event matrix

Causal analysis

Frequency analysis

Consequences

Risk evaluation

Risk matrix

Risk elimination

Report

Conclusions


Description encompassing everything that can incluence theanalysis results

Main questions:

u What is the system dependent upon? (inputs)u What activities are performed by the system? (functions)u

What services does the system provide? (outputs)


16/41

Description of the analysis object - (2)

Introduction

Main Steps

Planning

System descript.

Hierarchy

Hazard ident.

Methods

Accidental events

Event matrix

Causal analysis

Frequency analysis

Consequences

Risk evaluation

Risk matrix

Risk elimination

Report

Conclusions


u Technical, personnel, and organizational relationshipsu Significant political, social, and economic relationshipsu Association with and dependency on the wider worldu External support if an accidental should occur

u Indicate special relationships that are significant to safety


17/41

Description of the analysis object - (3)

Introduction

Main Steps

Planning

System descript.

Hierarchy

Hazard ident.

Methods

Accidental events

Event matrix

Causal analysis

Frequency analysis

Consequences

Risk evaluation

Risk matrix

Risk elimination

Report

Conclusions


u Large enterprises can be broken down into smaller elements(i.e., objects and/or functions)

u A breakdown that constitutes too many too small elementswill demand much resources, whereas insufficient breakdown

of the enterprise can lead to unintentional omissions of rarebut significant events

u A possible technique for breaking down a system ishierarchical breakdown


18/41

Hierarchical breakdown

Introduction

Main Steps

Planning

System descript.

Hierarchy

Hazard ident.

Methods

Accidental events

Event matrix

Causal analysis

Frequency analysis

Consequences

Risk evaluation

Risk matrix

Risk elimination

Report

Conclusions


1.

Company

1.2.2

Building 2

1.2

Production unit

1.1

Design offices

1.2.3

Building 3

1.2.1

Building 1


19/41

Identification of hazards

Introduction

Main Steps

Planning

System descript.

Hierarchy

Hazard ident.

Methods

Accidental events

Event matrix

Causal analysis

Frequency analysis

Consequences

Risk evaluation

Risk matrix

Risk elimination

Report

Conclusions


u Potential hazards related to the activity must be identified(e.g., mechanical hazards, fire, explosion, toxix materials,radiation)

u In which part(s) of the system are the hazards relevant (e.g.,

pressure vessels, cranes, storage)


20/41

Methods and tools

Introduction

Main Steps

Planning

System descript.

Hierarchy

Hazard ident.

Methods

Accidental events

Event matrix

Causal analysis

Frequency analysis

Consequences

Risk evaluation

Risk matrix

Risk elimination

Report

Conclusions


u Checklistsu Preliminary hazard analysis (PHA), also known as:

3 Hazard identification (HAZID)3 Rapid risk ranking (RRR)

u Failure modes, effects, and criticality analysis (FMECA)u Hazard and operability analysis (HAZOP)u Brainstorming

u Experience data - data bases


21/41

Accidental events

Introduction

Main Steps

Planning

System descript.

Hierarchy

Hazard ident.

Methods

Accidental events

Event matrix

Causal analysis

Frequency analysis

Consequences

Risk evaluation

Risk matrix

Risk elimination

Report

Conclusions


Some questions to consider when defining accidental events:

u What type of event is it?

3 Describe the type of event (e.g., fire, gas leak, falling object)

u Where does the event take place?

3 Describe where the event occurs (e.g., in process area A)

u When does the event occur?3 Describe the conditions under which the event occurs (e.g., normal

operation, start-up, during maintenance)

Example: Contamination of water supply by bacteria duringflood conditions


22/41

Accidental events - (2)

Introduction

Main Steps

Planning

System descript.

Hierarchy

Hazard ident.

Methods

Accidental events

Event matrix

Causal analysis

Frequency analysis

Consequences

Risk evaluation

Risk matrix

Risk elimination

Report

Conclusions


u The list of accidental events arising from the PHA orbrainstorming should be sorted and filtered (i.e., events maybe disregarded due to insignificant consequences or likelihoodof occurrence are closed out without unnecessary delay)

u The different accidental events are considered for each of theelements to be analyzed. Where are the events relevant? Inthis relation one can use a simple event/element matrix.


23/41

Event-element matrix

Introduction

Main Steps

Planning

System descript.

Hierarchy

Hazard ident.

Methods

Accidental events

Event matrix

Causal analysis

Frequency analysis

Consequences

Risk evaluation

Risk matrix

Risk elimination

Report

Conclusions


Admin. building

Production unit

Loading area

Storage

Laboratory

Fire

Collision

Droppedobject

Toxicexposure

Explosion

Ar

ea(Systemelement)

Accidental event


24/41

Accidental events - (3)

Introduction

Main Steps

Planning

System descript.

Hierarchy

Hazard ident.

Methods

Accidental events

Event matrix

Causal analysis

Frequency analysis

Consequences

Risk evaluation

Risk matrix

Risk elimination

Report

Conclusions


The results from this step are:

u A listing of all relevant hazardsu

A listing and description of all potential (and relevant)accidental eventsu Identification of where each accidental event may occur


25/41

Causal analysis

Introduction

Main Steps

Planning

System descript.

Hierarchy

Hazard ident.

Methods

Accidental events

Event matrix

Causal analysis

Frequency analysis

Consequences

Risk evaluation

Risk matrix

Risk elimination

Report

Conclusions


The causes of each accidental event must be identified anddescribed

HumanfactorsTechnical

factors

Organizationalfactors

Environmental

factors

Societal

factors

Accidental

event


26/41

Methods and tools

Introduction

Main Steps

Planning

System descript.

Hierarchy

Hazard ident.

Methods

Accidental events

Event matrix

Causal analysis

Frequency analysis

Consequences

Risk evaluationRisk matrix

Risk elimination

Report

Conclusions


u Fault tree analysisu Bayesian belief networks (Influence diagrams)u Cause-effect diagramsu Reliability block diagramsu Root cause analysisu Experience data - data bases


27/41

Causal analysis results

Introduction

Main Steps

Planning

System descript.

Hierarchy

Hazard ident.

Methods

Accidental events

Event matrix

Causal analysis

Frequency analysis

Consequences


Risk elimination

Report

Conclusions


u For each potential accidental event:

All combinations of events (technical failures, human errors,environmental loads, etc.) that may lead to the accidental

event (minimal cut set)u The minimal cut sets may be used to reveal weaknesses in the

system and form a basis for improvements


28/41

Frequency analysis

Introduction

Main Steps

Planning

System descript.

Hierarchy

Hazard ident.

Methods

Accidental events

Event matrix

Causal analysis

Frequency analysis

Consequences


Risk elimination

Report

Conclusions


u After the causes of the accidental event have been identified,one is better placed to estimate the frequency (and how theaccidental event may be avoided)

u The frequency of the accidental events may be estimated

based on:

1. Data from previous incidents (and data bases)2. Fault tree analysis3. Expert judgement


29/41

Consequence analysis

Introduction

Main Steps

Planning

System descript.

Hierarchy

Hazard ident.

Methods

Accidental events

Event matrix

Causal analysis

Frequency analysis

Consequences


Risk elimination

Report

Conclusions


u What is the result?u Identify consequences - bot immediate and delayed, given the

accidental event

When analyzing consequences, do not forget:

u The whole chain of events triggered by the accidental event(can a relatively benign event ultimately end up in adisaster?)

u Both immediate consequences and those that are notapparent until some time after the event.


30/41

Consequence categories

Introduction

Main Steps

Planning

System descript.

Hierarchy

Hazard ident.

Methods

Accidental events

Event matrix

Causal analysis

Frequency analysis

Consequences


Risk elimination

Report

Conclusions


It is often desirable to classify consequences into differentcategories:

u

Personnel (i.e., health and safety)u Environmentalu Economicu Operational

u Company reputation


31/41

Consequence chains

Introduction

Main Steps

Planning

System descript.

Hierarchy

Hazard ident.

Methods

Accidental events

Event matrix

Causal analysis

Frequency analysis

Consequences


Risk elimination

Report

Conclusions


u All potential event chains following an accidental event mustbe identified and described

u Most systems have one or more safety functions (barriers)that may stop or mitigate the effects of the accidental event.

The event chains will depend on whether or not these safetyfunctions are functioning or not.


32/41

Methods and tools

Introduction

Main Steps

Planning

System descript.

Hierarchy

Hazard ident.

Methods

Accidental events

Event matrix

Causal analysis

Frequency analysis

Consequences


Risk elimination

Report

Conclusions


u Event tree analysisu Cause consequence analysisu Fire and explosion calculationsu Simulationu Experience data - data bases


33/41

Risk evaluation

Introduction

Main Steps

Planning

System descript.

Hierarchy

Hazard ident.

Methods

Accidental events

Event matrix

Causal analysis

Frequency analysis

Consequences


Risk elimination

Report

Conclusions


u Which risks are present in my enterprise?u Risk classification matrices should be developed for each

consequence category.


34/41

Risk evaluation - (2)

Introduction

Main Steps

Planning

System descript.

Hierarchy

Hazard ident.

Methods

Accidental events

Event matrix

Causal analysis

Frequency analysis

Consequences


Risk elimination

Report

Conclusions


u Risk is a function of the frequency of the accidental eventsand the consequences of the accidental events

u Higher frequency of occurrence higher risku More severe consequences higher risk

u A useful tool for describing risk is a risk classification matrix


35/41

Risk classification matrix

Introduction

Main Steps

Planning

System descript.

Hierarchy

Hazard ident.

Methods

Accidental events

Event matrix

Causal analysis

Frequency analysis

Consequences


Risk elimination

Report

Conclusions


Frequency/consequence

1Very unlikely

2Remote

3Occasional

4Probable

5Frequent

Catastrophic

Critical

Major

Minor

Acceptable - only ALARP actions considered

Acceptable - use ALARP principle and consider further investigations

Not acceptable - risk reducing measures required


36/41

Risk evaluation - (2)

Introduction

Main Steps

Planning

System descript.

Hierarchy

Hazard ident.

Methods

Accidental events

Event matrix

Causal analysis

Frequency analysis

Consequences


Risk elimination

Report

Conclusions


u What do we do with accidental events once classified?u Part of risk management: guidelines for what should be done

with individual events dictated by the risk category to whichthey belong (Shouldnt this have been done during the

planning phase?)


37/41

Risk elimination

Introduction

Main Steps

Planning

System descript.

Hierarchy

Hazard ident.

MethodsAccidental events

Event matrix

Causal analysis

Frequency analysis

Consequences


Risk elimination

Report

Conclusions


u All accident causal factors (hazards) should be eliminated!We may, however, not have the resources to accomplish it

u We must therefore prioritize our corrective actions byaddressing high risks before low risks


38/41

Risk analysis report

Introduction

Main Steps

Planning

System descript.

Hierarchy

Hazard ident.

MethodsAccidental events

Event matrix

Causal analysis

Frequency analysis

Consequences


Risk elimination

Report

Conclusions


1. Summary and conclusions2. Objectives and scope3. Limitations, assumptions and justification of hypotheses4. Description of relevant parts of the system5. Analysis methodology

6. Hazard identification results7. Models used, including assumptions and validation8. Data and their sources9. Risk estimation results

10. Sensitivity and uncertainty analysis11. Discussion of results (including discussion of analytic difficulties)12. References

IEC 60300-3-9


39/41

Introduction

Main Steps

Conclusions

Criticism

Challenges


Conclusions


40/41

Criticism

Introduction

Main Steps

Conclusions

Criticism

Challenges


We sometimes hear that:

u A risk analysis takes too much time and resourcesu The risk analysis is used to slow down decision processesu Risk analysis can be a manipulative tool


41/41

Challenges

Introduction

Main Steps

Conclusions

Criticism

Challenges

M i R d O b 7 2005 S R li bili Th (2 d d) Wil 2004 41 / 41

u Where data lacks, qualitative assessments through expertjudgment is unaviodable

u Confidence in achieved results highly depends on:

3 the confidence in the experts (i.e., their qualification and

competence)3 the effectiveness of assessment procedures

u However, uncertainties will be revealed and documented,rather than suppressed

u When properly performed, a risk analysis is very transparent

Adapted from IACS (2002)

risk analysis types

Documents