1. The Risk Management Cycle
07 November 2012
Andrew Pilgrim
Zurich Risk Engineering
Global Corporate
INTERNAL USE ONLY
2. If you think safety is expensive –
Try having an Accident
Dr Trevor Kletz (ICI)
INTERNAL USE ONLY 2
3. Andrew Pilgrim
• Graduated from University of Leeds (Master of Engineering)
• Hands on experience with major Petrochemical Company in UK
– Design, Operations, Product Development, Customer
Support, Process Safety. Global Production and Assets Technical
Support
– Qualified Hazard Study Leader
• Insurance Risk Engineer since 2005 and relocated to Bahrain
• Joined Zurich March 2011
• Fellow of the Institution of Chemical Engineers
(FIChemE)
INTERNAL USE ONLY 3
4. Zurich Risk Engineering Services
1,000 Risk Specialists
63,000 Site Assessments
138,000 Risk Assessments
680 International Programmes
Local Zurich staff representation
Serviced by Cooperative Partners
INTERNAL USE ONLY 4
5. The Middle East Zurich Risk Engineering
Team:
– Dubai Based
• Glenn Doan – Risk Engineering Manager
• Santosh Cletus – Risk Engineer - Property
– Bahrain Based
• Andrew Pilgrim – Senior Risk Engineer Energy and Special Chemical
Risks
• Dean Pola – Senior Risk Engineer - Construction and Property
INTERNAL USE ONLY 5
6. Agenda
• Definition of Risk
• What I am not going to talk about
• A Historical Perspective
• Risk Management
– Project / Operational
• Industry forums in the Middle East
• Q&A
INTERNAL USE ONLY 6
7. Definition of Risk
• Risk is the possibility of incurring misfortune or loss (Collins English
Dictionary).
• Risk is the chance, great or small, that damage or an adverse
outcome of some sort will occur as a result of a particular hazard
(Accounts Commission – Scotland).
• Risk is any unintended or unexpected outcome of a decision or course
of action (F. Wharton).
• Risk is the chance of something happening that will have an impact on
objectives (Australian Standard AS/NZS 4360:1999).
• Risk is the possibility that an event will occur and adversely affect the
achievement of objectives (COSO).
• Risk is the impact of uncertainty on objectives (ISO31000)
• But it‟s also about the failure to take advantage of opportunities to
enable the organisation to best achieve objectives.
INTERNAL USE ONLY 7
8. What I am not going to talk about
• Personnel safety
– Slips, Trips and Falls
– Motor Vehicle Accidents (MVAs)
– Cuts and Bruises
INTERNAL USE ONLY 8
16. VCE / Fire – Longford Gas Plant
• Date: 25 September 1998
• Plant: Gas Plant
• Material: Condensate / gas
• Human Cost: 2 dead and 8 injured
• Financial Cost: USD 590 MM + fines + lawsuit
• Third Party: Significant impact on Victoria gas supply,
1.4 million users interrupted
• Cause: Poor Safety Management Systems, Poor Operating
Practice, Poor Plant Knowledge
INTERNAL USE ONLY 16
18. VCE / Fire - Flixborough
• Date: 01 June 1974
• Plant: Petrochemical
• Material: Cyclo - Hexane
• Human Cost: 28 employees killed, and 36 injured
• 53 recorded casualties outside plant, many minor injuries
• Financial Cost: Site damage USD250 million at 2009 values
• Cause: No Management of Change process, Large
inventories of hydrocarbon, No Responsible Engineer
“What you don‟t have, can‟t Leak” - Trevor Kletz 1980
INTERNAL USE ONLY 18
19. In theory there is no difference between
theory and practice. In practice there is.
INTERNAL USE ONLY 19
20. Where does Project Risk Management
Start?
Feasibility
Study
1 FEED
2 3 Contractor
Selection
4 Engineering
5 Procurement
5 Construction
Venture kick-off 5 6 Commissionin
g
7
EPC
Contract Operation
Commercial operation
0 24 60
months
INTERNAL USE ONLY 20
21. PRM continued
• Starts at the beginning of the project – Time Zero
– Different technique for assessing the risk
– 1 Concept stage Hazard Review
– 2 FEED / process definition
– 3 Detail engineering design
– 4 Construction / design verification
– 5 On going Risk Assessments
– 6 Pre-commissioning safety review
– 7 Post start up review
• Different teams involved, different techniques e.g.
HACCP, HAZOP, What if, Inherent Safety etc – Depends on the
industry / Product
INTERNAL USE ONLY 21
22. Time Zero – Risk Management
Questions to be answered
• Where do the risks come from?
• How big are they?
• What are the major contributors? (Time, Cost etc)
• What are the risks sensitive to, and how can they be changed?
• What level of risk does the company find intolerable, what is considered
trivial?
• What is it worth doing to reduce the risk?
• Fundamental First steps
INTERNAL USE ONLY 22
23. Time Zero - Understand the Business?
• What is the business?
• What is the industry?
• What is the strategic plan?
– NOW, WHERE, HOW
• Who owns the business?
• Who runs the business?
• How will risk management „fit‟?
• What is the Risk Appetite for the company
or Project
INTERNAL USE ONLY 23
24. Layers of Protection
Use the opportunity to remove hazards and reduce risk!
• Inherent Safety
– Removal or reduction of a hazard at source
• Prevention Measures
– Prevent initiation of a sequence of events
• Control Measures
– Prevent a hazardous event escalating into a major accident
• Limitation Measures
– Taken to reduce the consequences
of a major incident Control Measures
• COSTS LESS
INTERNAL USE ONLY 24
26. Inherent Safety
• The best defence against the atom bomb is not to be there when it goes
off (British Army Journal)
• Or our Process safety approach
• If it is not there – it can not leak
– For example
Volume of LPG 80% Damage
Circle (Diameter)
1 70 m
10 150 m
25 204 m
INTERNAL USE ONLY 26
27. Substitute
• Alternative Chemical Route
– Avoid storage of toxic or flammable materials
– E.g. Production of Pesticide via Methyl Iso Cyanate (MIC) at Bhopal
– Storage of 180 m3 on site, runaway reaction leads to release
– Safer alternative to make in situ
INTERNAL USE ONLY 27
29. BUT – not at any price
• “Safety, like everything else can be bought at a price. The more we
spend on safety the less we have to fight poverty and disease or to
spend on those goods and services which make life worth living, for
ourselves and others. Whatever money we make available we should
spend in such a way that it produces the maximum benefit. There is
nothing humanitarian in spending lavishly to reduce a particular hazard
which has been brought to our attention and ignoring the others.”
• Trevor Kletz, 1986
INTERNAL USE ONLY 29
31. (Operational) Risk Management Cycle
Is it so different?
Implementation
Training, Supervision,
Selection, Manning
Interpretation Measurement
Procedures, Methods, Job Audit, Monitoring, Sampling,
Description, Responsibility Inspection, Checking,
Identification
Policy Making Feedback
Policy Statements, Analysis, Trends, Evaluation,
Corporate Goals, Standards Actions
External Influence
Laws, Industry Standards,
Stake Holder Pressure, Public
Concern, Company Image
INTERNAL USE ONLY 31
32. Risk Management Maxims
• “What we learn from history is that people don‟t learn from History” –
Warren Buffet
• “The first duty of business is to survive and the guiding principle of
business economics is not the maximization of profit -it is the avoidance
of loss” - Peter Drucker (The Drucker Institute)
• The first step in the risk management process is to acknowledge the
reality of risk. Denial is a common tactic that substitutes deliberate
ignorance for thoughtful planning – Charles Tremper (Centre for Digital
Innovation)
INTERNAL USE ONLY 32
33. Insurance Industry Networks
Middle East focus
• Middle East Risk Engineers (MERE) – OGP Focus
– Andrew.pilgrim@zurich.com
• Property and Construction Insurance Risk Engineering Forum
– Hermann.frankfurth@axa-gulf.com
INTERNAL USE ONLY 33
34. Summary - Risk Management Process
Benefits
? ? ×
Engineered QUALITATIVE Decisions
System ANALYSIS ? ? ? 1. ______
Judgement 2. ______
? 3. ______
..
HAZID QUANTITATIVE ..
ANALYSIS ..
ALARP ..
FTA ETA Costs
Criteria
RISK ANALYSIS
RISK ASSESSMENT
RISK MANAGEMENT
INTERNAL USE ONLY 34
35. It is a Journey – not a destination
(Project) Risk Management is an ongoing
process!
INTERNAL USE ONLY 35
36. What has not been identified can neither be
assessed nor mitigated…?”
Thank you
Zurich Risk Engineering
zurich.com
INTERNAL USE ONLY
38. 10 Important Rules for PRM
(In no particular Order)
INTERNAL USE ONLY 38
39. Top Tips
1. Plan for risk management in your projects
Decide how to approach and plan the risk management activities for
your project
2. Identify risks throughout the project
Determine which risks are likely to affect the project and document the
characteristics of each
INTERNAL USE ONLY 39
40. 3 Analyse the Risk
Make use of any available data to enable a thorough understanding of the
risk
• Understanding the nature of a risk is a precondition for a good response
• It is useful to categorise risks to reflect common sources and
interdependencies
• Questions to ask include:
– what is the cause / source of the risk?
– What is the background to the risk?
– What are the potential effects of this risk?
– Has this risk occurred before? Is there any data?
• Investigate the current controls of the risk
• Obtain as much information on the risk as possible and detail the
causes and the possible consequences in order to help with the risk
mitigation process
INTERNAL USE ONLY 40
41. Example Risk Categories
Risk category Description
Risks that relate to the organisation’s logo or image, or which may cause embarrassment to the
Reputation
organisation and adversely affect ‘Public Confidence’ in the organisation.
Risks that relate to the loss or inaccuracy of data, systems, and the timeliness of reported
Information
information.
Financial Risks that relate to losing monetary resources or incurring unacceptable liabilities.
People The risks associated with employees and management, e.g. retention/recruitment, turnover.
Professional Those risks associated with the particular nature of a profession.
The risks related to the regulatory environment such as Financial Regulations, Corporate
Regulatory
Governance, Health & Safety and legislation.
Physical Risks related to fire, security, accident prevention and health & safety.
Risks associated with the continuation of the service in the event of disaster, reliance on operational
Business Continuity
equipment, or loss of funding/contract, poor performance measures.
Risks associated with the failure of contractors to deliver services or products to the agreed cost and
Contractual
specification.
Those risks relating to pollution, noise, or the ongoing energy efficiency of ongoing service
Environmental
operations.
Risks associated with partnerships/relationships with other organisations such as other public
Partnership
authorities or voluntary organisations.
Economic Risks associated with the inefficient operation of systems, and the duplication of effort.
INTERNAL USE ONLY 41
42. Top Tips continued
4. Consider both threats and opportunities
Make some time to think about the upside of risk and any potential
opportunities within your project – you could be rewarded!
5. Prioritise risks
Get an understanding of which risks need immediate attention so that
appropriate resources can be allocated
INTERNAL USE ONLY 42
43. Impact Criteria
The potential impact is expressed in terms of severity of
the consequences should a risk occur. Many different
impact criteria can be used.
Project Cost Schedule Service Stakeholders
Additional expenditure / More than one year delayed e.g. catastrophic fall in e.g. affects all major
Loss of service income service levels, failure of stakeholders with long-term
4 inc. associated costs of major impact on public memory
Severe > 10m partnership, complete causing damage to
failure in service reputation
standards
Additional expenditure / 6months – 1 year delay e.g. significant fall in e.g. affects more than one
Loss of service income service levels, project group of stakeholders with
3 inc. associated costs of deadlines not widespread medium-term
Significant between 5m < 10m achieved, serious impact on reputation
disruption in service
standards
Additional expenditure / 1 - 6 months delays e.g. moderate fall in e.g. affects more than one
Loss of service income service levels, major group of stakeholders but
2 inc. associated costs of partnership relationships only short-term impact on
Moderate between 2m < 5m strained reputation
Additional expenditure / Delayed by less than 1 month e.g. small fall in service e.g. affects only one group
Loss of service income levels, some minor quality of stakeholders with
1 inc. associated costs of standards are not met minimum impact on
Minor < 2m performance
INTERNAL USE ONLY 43
44. Likelihood Criteria
The likelihood of an event can be described as the
potential of a risk occurring
Degree of
Score Likelihood definition
likelihood
4 Very high 75 – 100% chance of occurring – very likely
3 High 50 – 75% chance of occurring - likely
2 Medium 25 – 50% chance of occurring - unlikely
1 Low 0 – 25% chance of occurring – Extremely likely
INTERNAL USE ONLY 44
45. Top tips continued
6. Document risks in a register
Maintain a risk log to enable you to capture all the risks as well as view
progress.
7. Plan and implement risk responses
Develop options and determine actions to enhance opportunities and
reduce threats to the projects objectives
There are a number of options for treating risks:
– Risk transfer
– Risk retention
– Risk control
– Organisational change
INTERNAL USE ONLY 45
46. Top tips continued
8. Appoint risk owners
Assign a risk owner for each risk - it is important to allocate
responsibility
9. Monitor and report risks and associated tasks
Keep track of the identified risk, monitoring residual risks and
identifying new risks, ensure the execution of risk mitigation plans
INTERNAL USE ONLY 46
47. 10 Communicate about risks
Consistently include risk communication in the tasks you carry out
• Make risk management a part of day to day project activity
• Include risk management in:
– project policies and procedures
– project planning
– project meeting agendas
– training of staff
– personal objectives and appraisals
• Talk about risk management successes and challenges in the project
and lessons learned from previous projects
• All project team members have a responsibility for risk and
communication about risk should reach all project team members
INTERNAL USE ONLY 47