OECD Workshop of Sharing Experience in the Training of Engineers in Risk Management:

Session: Multi-discipline approach to risk management

RISK ASSESSMENT or HAZARD MANAGEMENT?

Author:

  • Family/surname:Dalzell
  • First/given names:Graham Alexander
  • CountryUnited Kingdom
  • AffiliationHazards Forum (representing the UK

engineering institutions)

  • E.mail
  • Phone (+4415242 76364

Introduction

This paper is presented in the section of the workshop entitled “Multi-discipline Approach to Risk Management” It does take such an approach and considers the breadth of “disciplines” to extend;

  • fromcompany directors to designers, operators and technicians;
  • across all engineering disciplines;
  • from the regulator to the regulated
  • from the conceptual designers to the decommissioning team
  • from the customer to the supplier

Examining a safety or environmental management system can be like looking into the box of a jigsaw puzzle. There are many pieces, some of which stand out because of their shape size or colour. However, it is not common to find a completed jigsaw; one in which all of the pieces are present, where they all fit together and complement each other. All too often, organisations concentrate upon the detail without looking at the whole picture. Many corporate HSE management systems consist of 10 – 16 elements each with a series of supporting expectations. Without a clear description of the interrelationship of these elements, a compliance culture can result where each component is addressed in isolation. As a result, there is a failure to take a strategic approach to managing hazards and thereby minimising risk. The education process can fall into the same trap. It may teach particular types of safety studies in detail, such as HAZOP, or focus on critical aspects of design such as instrumented safety systems, but it may not teach students how to understand and manage the whole picture. Regulators have tried to take a holistic approach to risk reduction through the advent of the safety case, but even this has not always managed to deliver fully integrated and balanced hazard management. The paper asks the question; Risk Assessment or Hazard Management? An earlier paper for the workshop (1) argued that there is a tendency to assume that carrying out a risk assessment and actioning the findings effectively manages those risks, instead of initiating a continuous process of hazard management. This paper offers an integrated process as the basis for education, industry and regulation.

The views expressed in this paper are solely those of the author.

Acknowledgement

The author gratefully acknowledges the major contribution from BP in the development of a structured approach for hazard management both in operations through its Major Accident Hazard Management project in Trinidad (2) and in the development of their Inherently Safer Design Guidelines (3). At the time of writing, this last document was not in the public domain but it is hoped that BP will make it freely available in the future. The author also acknowledges the particular contribution from the other members of the BP Trinidad Major Accident Hazard Managementproject and the supporting DNV team.It is most notable that a Caribbean country has the courage to take established practice from many parts of the world, challenge it and attempt to develop a superior process.

Hazard and Risk Understanding

This is potentially the greatest risk reducer at everyone’s disposal. “You can run a dangerous plant safely and a safe plant dangerously” (4). The Trinidad project developed a simple but profound goal for everyone who works for, or with,their local BP operations. It is:

We will all know what is dangerous, why it is dangerous and what each of us has to do to keep us all safe.

This is easy to say but quite difficult to put into practice. A full examination of hazards and risk delivers so much information that it could fill a bookcase or a computer hard drive. As has been seen in some safety cases, it can be impenetrable. This information must be distilled into specific knowledge for each person according to their role and seniority. We can each carry a moderate amount of critical knowledge in our heads; have a second level of detail as a ready reference, such as an operating manual, and a third deeper resource in supporting documents. Distillation of key knowledge is a critical, but difficult process. A process operator doesn’t need to know about the societal risk numbers and the directors don’t need to know the dosing rates for corrosion inhibitor, but for each other, the information may be critical to their work.

The Trinidad project developed the concept of four levels within a company. This was done separately from the work by Hopkins (5) but the parallels are most marked.At each of the levels, people’s understanding drives their particular responsibilities. These are shown in Table 1. It shows that, at the highest levels, typically the board of a company, the knowledge and responsibilities revolve around overall risk which should influence the direction, infrastructure and resourcing of the company. Descending through the company, the focus slowly moves from risk to hazard, with the understanding of cause and consequence and their management. At the lowest, individual level, it moves to the plant and people; the safety critical plant and activities, and the assurance of their effective performance. If is often failures at the upper levels which create the conditions to flourish leading to major accidents. This process attempts to facilitate a better definition of these corporate and senior management responsibilities.

In teaching the management of risk, it is imperative that this holistic view of understanding and responsibility is explained. This will allow the students to understand where their work applies, whether it is a lecture on quantitative risk assessment(QRA) or the selection of a design safety factor for a beam. It should also teach them to share their knowledge on the hazards associated with their work with everyone who will be affected by their actions.

Hazard Management – A Holistic Approach:

This hazard management model is based upon the five steps from the classical HSE management systems described in ISO 14001 and ISO 18001:

Policy – Plan – Implement – Monitor– Review

It is intended to be a cycle of continuous improvement aiming to progressively elevate standards and reduce risks, both in design and operations. An overview of each of these steps with respect to engineers and major hazards is given below with more detailed requirements outlined in Table 2.

Policy:

This should be a clear statement of the company minimum standards, its attitude to HSE, the tolerable risk criteria and the way in which it sets about doing business. There should be a structure to corporate policy rather than a series of individual initiatives. This model suggests that policies could be set relating to the four levels of responsibility.

Planning:

This is the core of the risk management process and is dealt with in detail in later sections of this paper. It has two distinct components;

  1. the determination of the hazard management strategies, systems and performance requirements;
  2. the assessment of the resources needed to implement these decisions during the design and the operations lifecycle.

These are described in more detail in Appendices IA (Hazard and Risk Analysis), I B (Judgement of Adequacy) and II (Resource Requirements).

Implementation:

Hazard management depends on the three Ps – people, plant and the processes.It cannot be a stand alone process as it affects most activities and virtually every item of equipment. It must rely upon the existing business infrastructure of design, integrity management, operational controls, competence, contracts, procurement and emergency response. The planning will identify who and what is critical and the performance standards that they must meet. These will be managed by embedding these requirements into the aforementioned processes. Many of these requirements, up to 90%, will already exist through default design standards, systems and procedures. The planning will confirm if these defaultsystems and performance standards are correct, improve them or add extra features and controls. The planning will also provide an overview of the relative importance of all measures to control risk allowing an overall prioritisation of resources.

Monitoring:

Measurement is becoming an increasingly dominant part of business and regulatory life. There is a temptation to focus on those items against which measurable criteria can be set, mainly the performance of plant and safety systems.This only deals with the lowest level described above. There is also great interest in lagging indicators such as occupational accidents, lost time injuries (LTIs) or equipment failures. Measurement needs to take a broader view, examining leading indicators such as hazard understanding amongst the workforce or the quality and completeness of the hazard management process. This is an area where further work may be needed. One example is the Design Capability Maturity Model developed by CranfieldUniversity (6). This only addresses design but it could be broadened to operations.

Review:

Every organisation should strive to improve. The review should determine where, and how much, further improvement is needed. It may be triggered by incidents within or beyond the organisation, or else by trends or failures highlighted by the monitoring. It must take a strategic view and avoid a knee jerk. Learning lessons from incidents is imperative but these may not be a predominant risk within the organisation and should not distort the corporate focus.Classical risk reduction improvements for major hazards are based on measures which can make a quantifiable reduction in individual or societal risk numbers. These tend only to focus on additional hardware, particularly that which reduces consequences. Again, a broader view needs to be taken.Improvement can focus in two areas;

  1. The improvement of the infrastructure, resourcing and the quality of the whole hazard management process.
  2. A strategic examination of the management of risk and hazard, using the flowchart in Fig 1. It would focus preferentially upon the hazards which contribute the greatest proportion of the risk. Thereafter, it would revisit the hazard management questions of standards, systems and strategy to see where further risk reduction is most appropriate.

Using this approach, systematic improvement can be applied to each of the four levels of an organisation.

Regulation:

Regulation can promote this approach to risk and hazard management, or it can undermine it. A purely prescriptive regime in which all safety and integrity requirements are defined by law has been proved to be inadequate. The Piper Alpha Inquiry (7) recommended a change from this type of regime as did many others. In the UK and Europe, the Safety Case was the logical successor. It argued that a case for safety should be made and accepted by the regulator. It is undoubtedly a much better approach but experience from the North Sea indicates that there is still cope for improvement if the greatest risk reduction is to be achieved for the investment. (8)

The regulations in themselves might be satisfactory but their implementation should encourage a much more structured approach to managing hazards similar to that described in this paper. The regulators should tone down the emphasis on the numerical quantification of tolerable risk levels and the subsequent demonstration that risks are “As Low As Reasonably Practical”. This has placed too much emphasis on these additional measures while leaving the basics of safety such as competence, integrity management and adequate resourcing in the background. Some of the rigour that existed in the prescriptive era seems to have been lost and it should be reinstated. The regulations should call for a clear linkage between the hazards, these critical systems and their performance. The regulations should also press for explicit presentation of hazards and risks, and associated responsibilities as outlined in Table 1. It is through the knowledge and understanding of dangers that we are safe.

Conclusions and Recommendations

The open communication and discussion of dangers, hazards and risks must not be inadvertently suppressed by regulation or the fear of litigation. It is better to have the smoking gun and no murder than the other way around.

The understanding of hazards; cause, severity, and consequence, is the most powerful means of reducing risk. Engineers and corporate organisations must have an underlying ethos which delivers this knowledge, links it to management systems, and regards it as essential for the safe design and operation of any facility.

Risk assessments must distil and deliver appropriate information to each part and level of an organisation; from delivering the overall risk and underlying risk drivers to the directors; to delivering specific performance requirements for procedures and plant to the individual at the workplace. This must be used to define responsibilities at every level.

Risk assessments must not be a one off specialist activity. They must be owned by those responsible for the risks, undertaken in conjunction with those faced with them and be a living process which is at the forefront of daily and strategic activity

Every engineer should be able to apply structured approach to risk assessment without reference to guidelines or specialised techniques such as QRA. These should be there to support the development of a complete picture but should not determine the content or how it is painted.

LEVEL / TYPICAL INDIVIDUALS / HAZARD AND RISK MANAGEMENT KNOWLEDGE
(these are not specific to the individuals listed in the preceding column) / TYPICAL RESPONSIBILITITES
(these are not specific to the individuals and knowledge in the preceding columns)
LEVEL 1
Senior Management /
  • Board Directors
  • Engineering Directors
  • Project Directors
  • HSE Governance Board
/
  • Overall corporate risk levels both individual and societal
  • Comparative risk with similar and other industries
  • Spread of risk by the type of business and location
  • Change of risk patterns as the business develops
  • Underlying risk drivers such as the age of the facilities, geographical and political influences, business change
  • Public perception of risks relating to the company business
  • Risk from future growth options
/ To set the overall standards for tolerable risk and the investment levels to reduce that risk
To manage the company in the knowledge of the risks
To set overall company targets which can realistically be achieved
To decide if specific businesses or facilities have intolerable risks which cannot practically be reduced and to close them down
To provide the resources and infrastructure to support the business units in their management of risk
To manage the future risk exposure of the company
LEVEL 2
Local Management /
  • Business unit managers
  • Operations
  • Project managers
  • Departmental managers e.g. contracts, procurement, engineering, integrity management, HSE
/
  • Business and facility risk levels
  • Spread of risk by facility
  • Spread of risk by hazard or activity
  • Spread of risk by types of personnel
  • Risks from future development options
  • Critical areas of ignorance and uncertainty
  • Overall and specific dependence upon business processes such as integrity management, competence and emergency response
  • Dependence on others; major contractors, corporate support,
/ To manage the operations in the knowledge of the hazards and risks
To determine and implement the risk management strategy for each facility and major hazard
To set the priorities and determine the extent of risk reduction required to meet corporate standards
To shut down plants or limit activities if the operational risks exceed tolerable levels
To select safer concepts where the risks can be effectively managed within corporate limits
To optimise inherent safety and put in place effective hazard management on new designs
To provide local business processes and infrastructure to ensure competent people and plant integrity
To provide sufficient resources for operations and support services
LEVEL 3
Supervisors and Technical Authorities /
  • Offshore platform managers
  • Plant managers and supervisors
  • Discipline engineers
  • Internal contract managers
  • External contract managers
/
  • Hazards on the facility and the relative risks
  • Overall characteristics of each of the major accident hazards; primary causes, severity, immediate consequences, potential and timing for escalation
  • Hazard management strategy and the critical measures to prevent, detect, control, mitigate and evacuate
  • The processes and people that ensure these measures are effective
/ To operate the plant within clearly defined safe limits
To manage the hazards in line with the selected strategy and prioritise work in recognition of their relative risks
To control hazardous activities which may cause or exacerbate major accident hazards
To ensure that the critical measures are suitable and effective through setting and meeting performance standards
LEVEL 4
Individual /
  • Designers and draughtsmen
  • Plant operators
  • Maintenance technicians
  • Contractors
/
  • To understand the hazards associated with their work
  • To know which procedures and plant are critical
  • To know the performance standards and limitations of critical plant
/ To comply with critical operating procedures
To maintain and work within their competence
To design the plant to meet the performance standards for its working life
To maintain the plant to the performance standards

TABLE 1- HAZARD AND RISK UNDERSTANDING AND RESPONSIBILITIES

TABLE 2 –MAJOR ACCIDENT HAZARD MANAGEMENT SYSTEM – BASED ON 1SO 14001 AND 18001

References

  1. Safety Leadership; What it should mean to engineers; Dalzell G; OECD Workshop on the Training of Engineers in Risk Management; Montreal 2003
  2. Understanding Major Accident Hazards, the Cutting Edge of Common Sense; Ditchburn, S.; Mohess, R.; Dalzell G.; Hazards XVII, Institute of Chemical Engineers; Manchester 2003
  3. Inherently Safer Design Guidelines; BP internal document
  4. Frank Crawley – personal quote
  5. Lessons from Longford; Andrew Hopkins; AustralianNationalUniversity, published by CCH Australia Limited
  6. Strutt J.; Sharp J.: Design Capability Maturity Model; developed by CranfieldUniversity for the UK Health and Safety Executive Offshore Safety Division
  7. The Report of the Public Inquiry into the Piper Alpha Disaster; Cullen et al; HMSO Publications 1990
  8. Hazard Management or Safety Case?; Dalzell G.; Fourth International Seminar on Fire and Explosion Hazards; September 2003, Londonderry.
  9. Is Operating Cost a Direct Measure of Inherent Safety; Dalzell G.; Process Safety and Environmental Protection; paper no T03054; I. Chem. E
  10. Nothing is Safety Critical; Dalzell G.; Chesterman A.; Hazards XIII, I. Chem, E Conference; Manchester 1997; ISBN 0 85295 388 7
  11. Guidelineson the Management of Fire and Explosion Hazards published by the United Kingdom Offshore Operators Association.
  12. Guidelines on a Framework for Risk Related Decision Support published by the United Kingdom Offshore Operators Association, 9 Albyn Terrace, Aberdeen, Scotland
  13. A Review of Education in Safety in Undergraduate Engineering Courses; Crossland B.; Hazards Forum meeting July 2002
  14. American Petroleum Institute Recommended Practice RP 2A; Design Loadings for Offshore Structures
  15. Offshore Installations(Prevention of Fire and Explosion, and Emergency Response) Regulations (SI 1995 No 743) UK legislation
  16. Offshore Installations (Design and Construction etc) Regulations (SI 1996 No 913) UK legislation

APPENDIX IA