Full Paper

PCLogo.gif (4410 bytes)

Using Risk Ranking to Develop a Safety Management System

by Philip Charsley (DNV)

and Robert Hunt (British Energy Generation Ltd)

Summary

The Health and Safety Legislation in UK has been moving for a number of years towards less prescription and more requirement for each industrial organisation to tailor its safety management to the risks of its business. Risk assessment has been with us now for two decades, but it is still seen by many as an activity in isolation. This paper describes how risk assessment and risk ranking can be used to drive the development of a complete safety management system.

Introduction

Risk ranking is a technique used to identify the most significant risks in any situation. The process requires the following steps:

Hazard identification
Risk evaluation
Development of a ranking list, comparing the risks, and placing them in order.

A Safety Management System (SMS) includes all those activities necessary to identify and manage risks. There are many references to the tools available for use in an SMS [Ref 1, 2, 3], but relatively little advice is available to help an organisation to decide which tools to include for a particular situation, nor how to adjust the activities to suit their needs. This paper sets out to redress the balance.

Development of a Risk Ranking List

The starting point for risk ranking is the risk identification process. This process asks the simple question "what could go wrong?" The HSE booklet "Five Steps to Risk Assessment"[4] gives some help in what to do, but concentrates quite naturally on risks to people. Industrial studies have shown that far greater losses would be ignored if we only focussed our attention here, so we need to extend our identification process to include hazards to and from:

People and tasks
Equipment, materials and processes
Environment

Initial Considerations

There are a number of tools [Ref 1,2 & 3] available for use in an SMS and these identify a range of issues which need to be considered when undertaking a risk assessment. For our purposes, we will be considering the following items in more detail:

<> <>

	The area and environment in which the task is to be undertaken
	The nature and complexity of the task
	The competence of the those undertaking the task

Area Risk Assessment

Many methods can be used to identify hazards, such as HAZOP studies and task analysis. A simple method can be used to initiate identification, which allows rapid progress to be made. This would not replace analysis of critical tasks, nor HAZOP of critical processes, but would rather identify those tasks and processes needing the more detailed techniques. This paper does not cover the established risk assessment processes, which are used within fields such as the nuclear and petro-chemical industries to determine the controls required for certain specific hazards, but concentrates upon the identification and ranking of other hazards across the site.

This simple approach can be called "Area Risk Assessment". It involves splitting a site or working area into discrete areas with common activities and conditions, making sure that no area is missed. Then for each area a knowledgeable team identifies hazards by inspection and review of equipment, materials and activities that take place in the area. This approach has been found to be most effective where the team has been briefed to consider all the hazards within the area and the adequacy of the passive controls e.g. bunding around storage tanks. In addition consideration should be given to the existing instructional signs, general or specialised work rules, procedures, permits etc. applicable to the area.

The resulting list of hazards and details of the existing controls can then be passed on to the risk evaluation process. This process should identify hazardous conditions, hazardous practices, hazardous equipment and hazardous materials in each area, whether permanently present or not. Checklists can be used to assist the team, but nothing is so effective as physical check of the area by a trained and experienced hazard spotting team.

Risk Evaluation and Risk Ranking

In order to be able to differentiate between the risks from various scenarios, we need a technique that is relatively easy to use, reasonably reproducible, and giving a high level of differentiation. For most situations, full Quantified Risk Assessment (QRA) is not an option, but a risk index approach can meet the bill. In order to give easy of decision making, a logarithmic scale is much more helpful than a linear scale.

The first factor we need to estimate and differentiate is the potential outcome of the event. In this estimation, we will normally choose the most likely outcome, as if we choose the most serious outcome, it is amazing how many times the possibility of fatality seems to exist (even from trips and falls). The most important thing to recognise is that the frequency we estimate should be that of the outcome we choose, not of all outcomes! Once again, since we are not only interested in injury events, we need to be able to differentiate outcomes from damage and loss events, and relate these to injury events. This, in effect, requires us to put a value on an injury or fatality. Table 1 suggests a value for a life of Ł1 million or more. This stands up reasonably well compared to some recent court judgements.

Table 1: Severity Index

Index	Injury/Illness	Damage or Loss
1	<1 day lost time	<< Ł1000
2	3 days lost time	Ł1,000 to Ł10,000
4	30 days lost time	Ł10,000 to Ł100,000
6	> 30 days lost time	Ł100,000 to Ł1m
8	Death/Multiple injuries	Ł1m to Ł 5m
10	Multiple deaths	> Ł5m

The table includes only whole numbers, but the missing odd numbers may be used for intermediate values. Decimal numbers would imply too much accuracy for estimation, but can be used if averaging the judgement of several members of the team.

The second factor to be estimated is the scenario frequency, which expresses how likely it is to occur, and give the outcome we have selected. Although we should try to avoid mathematics, it is helpful to decision making to have some understanding of number when attempting to differentiate between different repeat frequencies for a particular scenario. Table 2 gives an index for frequency ranging from 1 to 10, which will cover most of the frequencies of interest for our simple risk assessment. Lower repeat frequencies than 1 in 200 years are too difficult to differentiate by judgement, so the scale stops there, and quantified techniques would be needed.

Table 2: Frequency Index

Index	Frequency Description	Frequency
1	Extremely remote	Up to 1 in 200 years
2	Highly remote	1 in 100 years
4	Remote	1 in 25 years
6	Reasonably likely	1 in 5 years
8	Likely	1 in 1 year
10	Frequent	1 in 3 months or less

It should be noted that the words used for describing the frequency steps are only included to demonstrate how difficult it is to differentiate with words alone! Note that this scale is not truly logarithmic, but is much easier to use than a linear scale.

Use of these tables is far more accurate if a team is involved, rather than a single individual, and this team is best chosen to include those with operations and safety experience, and knowledge of past accidents. Use of the IChemE Incident Database [5] could be considered.

In order to calculate the risk index, the two separate indices are summed, as one would for logarithms. This gives an index from 2 to 20, allowing good differentiation. Although this process is for purposes of comparison, and decision making should not be based just on the numbers, many users consider that an index of 10 may be acceptable at the first pass without immediate measures to reduce the risk, whereas higher values would trigger risk reduction.

With our Risk Ranking Technique we can now simply list the scenarios in order of risk index, with the highest first.

Existing Safeguards

When evaluating the risk from a particular scenario, the question often arises "how should we take account of existing safeguards? One approach is to assume that all safeguards will fail, and to discount them. This overestimates risk, so is not helpful. The best approach is to ignore safeguards when estimating the seriousness of the scenario, but to take them into account when assessing likelihood. We would thus need to estimate the probability that the safeguard will fail when called upon to act. This is relatively straightforward for instrumented or mechanical safeguards, but may also involve the estimation of human error probabilities. Having estimated risk, taking account of existing safeguards, we can then determine whether additional controls are required.

Acting upon the Risk Ranking

Many systems are available for risk control, but in general the more effective they are, the more effort they require. Hence, a risk ranking approach allows us to economise on effort by suiting the controls to the risk. A simple application of this approach is given in Figure 1, where rules, work permits and procedures are used at different levels of risk for tasks or activities.

The types of activity in an SMS that can be adjusted for graduations of risk level are discussed below.

1 Workplace Inspections

The frequency and depth of workplace inspections should be related to the ranking of the risks in the workplace. Thus, the area risk assessment can be used to categorise areas according to the cumulative risk in each. Inspections can not only look for hazardous conditions and practices, but can also inspect the existence, state and effectiveness of controls. Controls for the highest risk scenarios may require daily inspection, or where appropriate pre-use inspections.

2 Critical Equipment and Critical Part Inspections

Equipment may also be ranked according to the risk from its malfunction, whether that risk is to people, property, production or environment. Such a ranking process can lead to risk based inspection systems, and to risk based spare parts philosophies. For some critical equipment and parts, legal requirements already exist (e.g. for cranes, lifting equipment and passenger lifts). However, these requirements are mainly based on risk to people, so may need to be extended to other types of risk. The Nuclear Industry uses a "QA Grading" system, which ranks equipment and systems against the consequences of their failure.

3 Task Related Risk

Critical tasks may be chosen by application of risk ranking. The critical tasks would be those where there is a moderate to high risk to people, business, or the environment. These tasks, once chosen, can be given special attention in terms of procedures, training and task observation. There is a danger in setting our risk ranking threshold too low, as this could mean so many critical tasks that the extra attention we give to them is ineffective. The "Pareto Principle" suggests that 20% of tasks could lead to 80% of our total risk. If task teams change, the risk ranking will need to be reassessed based upon the competence of those who will actually be undertaking the task. Experience and familiarity with the task should be considered when determining the level of supervision or control actually required.

4 Incident Investigation

Whether or not an event results in injury or damage, the decision to carry out an investigation, and the depth of the investigation should not be determined just by "gut feel." A risk ranking approach allows us to consider the potential consequences of a similar event, and the likelihood of its recurrence. Using the ranking we can determine a sliding scale of response, from only recording for trend analysis to a full-blown expert panel investigation. Investigation may often lead us to the realisation that a task considered low risk is actually "critical."

5 Emergency Preparedness

The proposed COMAH Regulations [6] include a requirement for "adoption and implementation of procedures to identify foreseeable emergencies by systematic analysis and to prepare, test and review emergency plans to respond to such emergencies." The systematic analysis required is a major hazard risk assessment, and is not limited only to consideration of the substance or substances that cause the site to fall under the Regulations. This approach to major hazard risk ranking is just as applicable to operations that will not fall under the Regulations. It requires the preparation of an Emergency Plan that identifies appropriate actions for all major hazard scenarios with significant risk potential.

6 Work Rules and Work Permits

The example of Figure 1 shows how a risk ranking approach to work activities can be used to identify particular work regimes for control of different levels of risk. An area risk assessment can be used to identify the need for specific work rules. A risk assessment process as part of a Work Permit system can identify graduated controls related to the risk ranking. As the assessed risk rises, so the need for assessment at the work site by the work designer, the permit issuer and the worker becomes greater. The ranking process can specify these steps, and ensure that more attention is given at all stages to the higher ranked risks.

7 Training

The competence of those undertaking tasks can have a significant influence on the risks associated with undertaking a specific task. Training for high risk tasks should naturally be more thorough, and the emphasis on risk controls should be greater than for low risk tasks. The "critical task" principle can help with this identification process, as can the risk assessment for Work Permits.

8 Personal Protective Equipment (PPE)

Area risk assessment can be used to identify PPE needs. Analysis of critical tasks often identifies PPE as a requirement for risk control. Although in many companies the rules for PPE have "grown like Topsy", a risk assessment approach can often identify areas where PPE requirements can be relaxed, as well as identifying those where additional requirements are appropriate.

9 Occupational Health

In UK the COSHH Regulations [7] were originally published before the words "risk assessment" were in common use. Therefore a COSHH assessment was considered to be something different, and this misapprehension persists today. In fact there is no theoretical difference, and risk assessment should be the approach we use to control risk from hazardous chemicals. The risk ranking approach can therefore be used to manage task based risk and area risk, and can be used to determine appropriate controls, including training and monitoring requirements.

10 Monitoring and Audits

The need to assure management that controls are in place and working is seen as vitally important in "Successful Health and Safety Management" [3]. Monitoring and audit may be vital, but we still need to decide the frequency of these activities, since they consume resources. Since each part of our SMS is there to control risk, we should be able to use risk ranking to decide how important each part is, and choose an appropriate frequency for monitoring and audit. In practice this seems a rather complex approach, and the authors have only seen fixed frequencies used.

11 New Projects and Change Management

There are many techniques used for the review of engineering projects, and for the management of change to industrial processes [8]. The choice of technique can be based on risk ranking, with the simpler processes such as "What If" studies used for low to medium risk situations, and more rigorous processes such as HAZOP, Fault Tree Analysis and QRA being reserved for high risk situations.

12 Special Topic Promotion

Special topic promotions are used in many companies to concentrate communications to a specific theme. The choice of the theme, though, is often somewhat ad hoc. A risk ranking list can be used to produce much better informed choices. However, it must be remembered that topic promotion is normally aimed at large groups, so choices should not be made the basis of high ranked risks where they apply only to a small number of workers. Appropriate topics would relate to perhaps moderate risks shared by the majority of workers.

13 Capability Assessment

Critical task identification allows us to target high risk occupations. For these employees it is vital that their capability and capacity match the job requirements. In some jurisdictions we are told that workers may not be selected for their physical capability. However, in terms of who does what, it must make sense not to expose workers of lesser capability to high risk situations. Whether our choice is who to employ or where to employ them, a risk based approach seems best in meeting the duties under Health and Safety at Work legislation!

14 Purchasing and Spares Philosophy

The specification, selection and purchase of equipment and materials should be based on risk. This can link back to our "Critical Parts" identification process, and ensure that the business risk associated with failure is identified. The specification of the equipment, part or material can then take into account that risk. Decisions on whether to purchase, or even install spare parts and equipment can then be made against a risk background.

15 Maintenance

Just as spares philosophy can be determined by risk ranking, so can maintenance philosophy. The decision on which equipment requires planned maintenance, and how often this should occur, can be made based on the likelihood of failure of the part or system, and its consequences. While many maintenance philosophies are determined solely upon manufacturer’s recommendations, no manufacturer knows the full consequences of failure of his machine in any particular plant. Risk Based Inspection [9] has developed strongly in recent years, fuelled by this realisation.

16 Contractors

Selection of contractors is often made on purely commercial considerations, without the clear realisation that high risk contracts require more advanced contractors than low risk contracts. The paper by Colin Bennet [10] in this symposium addresses the process of assessing contract risk, and specifying a contractor’s SMS accordingly, as does the recent paper by Phil Charsley [11].

Summary

We have shown how many elements of a safety management system can be specified based on risk assessment. Had this paper been written ten years ago, this concept would have been considered far out, and impractical. Today, risk-based approaches are (becoming?) common place in most companies and many Safety Management Systems now include arrangements for continuing risk reduction. Risk assessment and risk ranking have come of age!

References

1 PRACTICAL LOSS CONTROL LEADERSHIP; Bird and Germain; DNV Loss Control Management, 1996 (Revised ed.)

2 LOSS PREVENTION IN THE PROCESS INDUSTRIES; Lees F.P.; Butterworth-Heinemann, 1996 (2^nd ed.)

3 SUCCESSFUL HEALTH AND SAFETY MANAGEMENT; HSG65; Health and Safety Executive 1997

4 FIVE STEPS TO RISK ASSESSMENT; INDG163(rev1); Health and Safety Executive 1998

5 THE ACCIDENT DATABASE; CD ROM; Institution of Chemical Engineers 1998

6 THE CONTROL OF MAJOR ACCIDENT HAZARDS REGULATIONS (DRAFT); Health and Safety Executive 1998

7 THE CONTROL OF SUBSTANCES HAZARDOUS TO HEALTH REGULATIONS; Health and Safety Executive 1994

8 PROJECT MANAGEMENT FOR THE PROCESS INDUSTRIES; Lawson, Wearne and Iles-Smith; Institution of Chemical Engineers 1998

9 THE USE OF RISK-BASED ASSESSMENT TECHNIQUES TO OPTIMISE INSPECTION REGIMES; Bennett; Middleton; and Topalis: IChemE symposium series no. 144, 1998, p. 503-513

10 MANAGING CONTRACTORS BY PERFORMANCE MEASUREMENT: Bennet C; MANOSAF 1999

11 HOW TO IMPROVE CONTRACTOR SAFETY PERFORMANCE; Charsley P; PIRA Conference Achieving Optimum Plant Safety Performance 1998.

Contacts

Phil Charsley may be contacted via E-mail: phil@ConsultPC.co.uk

Bob Hunt may be contacted via E-mail: bobhunt@penyard.freeserve.co.uk