A presentation on risk analysis boundaries, for reference.

1. Risk Analysis Boundaries

2. Risk Analysis BoundariesRisk Engineering Society3 September 2009 Richard D Rhimes Principal: Rhimes Consulting Pty Ltd Risk management; environment, health & safety; and engineering projects

3. Risk Analysis Boundaries Risk studies must have boundaries that are set in conjunction with the customer to meet project objectives and study use Defining what’s in the study boundary and what’s not is of importance All credible scenarios within the study boundary to be evaluated Risk studies usually cover negative outcomes however feasibility, business and optimization studies should also cover the positives

4. Risk Analysis Boundaries I have facilitated or been involved in about 500 hazard & risk studies over the last 25 years Examples varied from a temporary valve by-pass request, a facility site review, a bulk LPG route study, a ship>ship crude transfer analysis, $A 250 million Fluid-bed Catalytic Cracker design check and a 6 division-wide analysis of maximum plausible events for a $US 56 million premium insurance program Duration being from a few hours to 12 months

5. Risk Analysis Issues Assumptions Uncertainty Consequence boundary Likelihood boundary Risk Tolerance Qualitative study boundary Risk Matrix issues Quantitative study boundary Worst Case vs Credible Worst Case

6. Assumptions Input of customer requirements, especially scope, and on-going reviews Review issues and processes prior to a study, as well as consequence and failure frequency data Use of appropriate methodology eg Lessons Learned lists, HAZOP, What-if? Computer based studies and QRA Good study facilities and adequate time frames Experienced team leader & trained and representative team

7. Uncertainty It is important to bear in mind that there is a significant degree of uncertainty around the analysis of risk. There are a number of ways this uncertainty can be manifested: For risks where there is a range of impacts we cannot predict where in the range the impact will be. A simple example might be the duration of an industrial stoppage by airline ground handling staff – it could be anywhere from four hours to four days. Risks where we do not know all of the possible outcomes or their likelihood. Security and terrorism risks might be a good example. Risks where there is a causal chain involved and some of the links are not fully understood. This commonly occurs when looking at complex risks, say to air safety or airworthiness, where typically a number of failures (5-7) are required and we may be trying to assess one risk (or link) in the chain.

8. Consequence Boundary Significant consequences not trivial ones Consequence to be expressed in terms appropriate to the study methodology and that are defensible If only those consequences that have previously occurred are covered then study is limited Not beyond foresee-ability

9. An Aviation Consequence Table

10. Likelihood Boundary Need to set a sensible cap on probability of events: Qualitative: probabilities of say once in a plant life or over 100 years Most significant occupational health & safety issues will approach Pr=1 over above time frames Quantitative: say E-5 chances p.a Some credible industrial incidents, that should be identified, will approach Pr=0 over much longer time frames

11. Risk Tolerance The term ‘tolerable risk’ is sometimes used instead of ‘acceptable risk’ to give a more realistic impression of the reluctance with which some risks can be tolerated by people. Although a simple ‘treat/do not treat’ approach based on risk level or other criteria is workable, a more realistic approach is to look at risk as being divided into three types: An ‘intolerable’ area where negative risks are intolerable and must be reduced. A ‘tolerable’ area where the risks are small enough that no particular treatment is necessary. An area in between these where the cost of reducing the risk and the benefits the activity brings need to be weighed against the risk. This area in the middle is often referred to as the ‘ALARP’ zone. ‘ALARP’ stands for As Low As Reasonably Practicable. This concept is often applied to safety risks but can also apply equally well to business risks. In essence it means that action is taken to reduce the risks unless the cost is disproportionate to the benefit. The term ‘Practicable’ in this context means both practical (can it be accomplished) and cost effective (is it worthwhile). This comparison can be a difficult one, particularly when for example the safety of aircraft and people is involved: and also given ‘duty of care’ requirements. Nevertheless it is a necessary one, because if the decision is not made explicitly within the risk management process, it will be made implicitly outside the risk management process.

12. Qualitative Studies Study team to look beyond their (often limited) experience, leading to missed scenarios Team leader (facilitator) needs to provide wider view from other plants/operations and history For each scenario more than one consequence-likelihood set needs to considered as sometimes worse risk levels, than for the worst consequence event, can be missed - some mitigation approaches may be different

13. Risk Matrix Issues Used for qualitative and semi-quantitative studies Consequence & Likelihood categories and Risk levels are descriptors not values Action to be taken for high risk levels are then based on values or levels of (in)tolerance Qualitatively determined risk levels are regions, not definitive risk ’values’ and should not be used for regulated ALARP calculations

14. Quantitative Studies Risk Management is both a science and an art Used either for regulatory requirements or to develop an otherwise not easily determined qualitative risk Scenario development is critical On-site acceptable risk levels need to meet regulatory limits and be in accordance with company culture Cost of life is an issue to enable ALARP calculations Communication of risk studies is an issue, particularly when made in the community arena

15. Worst Case vs Credible Worst Case I subscribe to credible worst case. In worst case often “everyone in the vicinity dies.” California studies require worst case – one example: 5,000 fatalities over radius of 25 miles –helpful to the community? Sensible to communicate? what about probability? What’s credible is more than what has happened locally and also in incident records

16. So, Reasons for Risk Analysis Risk analysis is vital to the prevention of incidents Risk analysis can be considered as a reverse incident investigation. The same type of information is required: What can happen? …. What did happen?.... How can we prevent it from happening? Determining reasonable risk boundaries is vital ……

17. Risk Analysis BoundariesFirst & Last Photo slides by Patrick Notley – an autistic German Photographer Questions?