MARVIN RAUSAND Risk Assessment
-
Upload
others
-
View
6
-
Download
0
Embed Size (px)
Citation preview
STATISTICS I:-\ PRACTICE
Founding Editor
Vic Barnett Nottingham Trent University, UK
The texts in the series provide detailed coverage of statistical
concepts, methods, and worked case studies in specific fields of
investigation and study.
With sound motivation and many worked practical examples, the books
show in down-to-earth terms how to select and use an appropriate
range of statistical tech niques in a particular practical field.
Readers are assumed to have a basic under standing of introductory
statistics, enabling the authors to concentrate on those techniques
of most importance in the discipline under discussion.
The books meet the need for statistical support required by
professionals andre search workers across a range of employment
fields and research environments. Subject areas covered include
medicine and pharmaceutics; industry, finance, and commerce; public
services; the earth and environmental sciences.
A complete list of titles in this series appears at the end of the
volume.
RISK ASSESSMENT Theory, Methods, and Applications
MARVIN RAUSAND Norwegian University of Science and Technology
~WILEY A JOHN WILEY & SONS, INC., PUBLICATION
Cover photo credit: Helge Hansen/Statoil
Copyright© 2011 by John Wiley & Sons, Inc. All rights
reserved.
Published by John Wiley & Sons, Inc., Hoboken, New Jersey.
Published simultaneously in Canada.
No part of this publication may be reproduced, stored in a
retrieval system, or transmitted in any form or by any means,
electronic, mechanical, photocopying, recording, scanning, or
otherwise, except as permitted under Section I 07 or I 08 of the
1976 United States Copyright Act, without either the prior written
permission of the Publisher, or authorization through payment of
the appropriate per-copy fee to the Copyright Clearance Center,
Inc., 222 Rosewood Drive, Danvers, MA 01923, (978) 750-8400, fax
(978) 750-4470, or on the web at www.copyright.com. Requests to the
Publisher for permission should be addressed to the Permissions
Department, John Wiley & Sons, Inc., Ill River Street, Hoboken,
NJ 07030, (20 I) 748-60 II, fax (20 I ) 7 48-6008, or online at
http://www. wiley .com/go/permission.
Limit of Liability/Disclaimer of Warranty: While the publisher and
author have used their best efforts in preparing this book, they
make no representations or warranties with respect to the accuracy
or completeness of the contents of this book and specifically
disclaim any implied warranties of merchantability or fitness for a
particular purpose. No warranty may be created or extended by sales
representatives or written sales materials. The advice and
strategies contained herein may not be suitable for your situation.
You should consult with a professional where appropriate. Neither
the publisher nor author shall be liable for any loss of profit or
any other commercial damages, including but not limited to special,
incidental, consequential, or other damages.
For general information on our other products and services or for
technical support, please contact our Customer Care Department
within the United States at (800) 762-2974, outside the United
States at (317) 572-3993 or fax (317) 572-4002.
Wiley also publishes its books in a variety of electronic formats.
Some content that appears in print may not be available in
electronic formats. For more information about Wiley products,
visit our web site at www.wiley.com.
Library of Congress Cataloging-in-Publication Data:
Rausand, Marvin. Risk assessment : theory, methods, and
applications I Marvin Rausand.
p. em.- (Statistics in practice) Includes index.
ISBN 978-0-470-63764-7 (hardback)' I Technology-Risk assessment. 2.
Risk assessment. I. Title.
TI74.5.R37 2011 363.1 '02-dc22 2011010971
Printed in the United States of America.
10 9 8 7 6 5 4 3 2 I
To Hella, Guro, and /dunn
CONTENTS
1 Introduction 3
1.1 Introduction 3 1.2 Risk Analysis, Assessment, and Management 7
1.3 The Study Object 12 1.4 Accident Categories 15 1.5 Risk in Our
Modem Society 17
1.6 Safety Legislation 19 1.7 Risk and Decision-Making 21 1.8
Structure of the Book 27 1.9 Additional Reading 28
vii
2 The Words of Risk Analysis 29
2.1 Introduction 29 2.2 Events and Scenarios 30 2.3 Probability and
Frequency 33 2.4 Assets and Consequences 41 2.5 Risk 45 2.6
Barriers 54 2.7 Accidents 56 2.8 Uncertainty 58 2.9 Vulnerability
and Resilience 59 2.10 Safety and Security 61 2.11 Additional
Reading 63
3 Hazards and Threats 65
3. I Introduction 65 3.2 Ha7.ards 66
3.3 Classi cation of Hazards 70 3.4 Threats 71 3.5 Energy Sources
72
3.6 Technical Failures 74 3.7 Human and Organizational Factors 76
3.8 Additional Reading 76
4 How to Measure and Evaluate Risk 77
4.1 Introduction 77
4.2 Risk Indicators 78 4.3 Risk to People 79 4.4 Risk Matrices
99
4.5 Risk Acceptance Criteria 106
4.6 Closure 115 4.7 Additional Reading 115
5 Risk Management 117
5.1 Introduction 117 5.2 Risk Management 117 5.3 Bow-Tie Analysis
119 5.4 Risk Analysis 121
CONTENTS lx
5.5 Risk Evaluation 132 5.6 Risk Control and Risk Reduction 133 5.7
Competence Requirements 134 5.8 Quality Requirements 134 5.9
Additional Reading 136
6 Accident Models 137
6.1 Introduction 137 6.2 Accident Causation 139 6.3 Accident Models
141 6.4 Energy and Barrier Models 144 6.5 Sequential Accident
Models 147 6.6 Epidemiological Accident Models 153 6.7 Event
Causation and Sequencing Models 160 6.8 Systemic Accident Models
166 6.9 Additional Reading 176
7 Data for Risk Analysis 177
7.1 Introduction 177 7.2 Types of Data 178 7.3 Accident Data 180
7.4 Component Reliability Data 183 7.5 Human Error Data 191 7.6
Software Failure Data 193 7.7 Expert Judgment 193 7.8 Data Dossier
194 7.9 Additional Reading 194
PART II RISK ASSESSMENT METHODS AND APPLICATIONS
8 Risk Assessment Process 199
8.1 Introduction 199 8.2 Plan and Prepare 201 8.3 Reporting 206 8.4
Updating 210 8 . .5 Additional Reading 211
X CONTENTS
9 Hazard ldentl cation 213
9.1 Introduction 213 9.2 Hazard Log 216 9.3 Checklist Methods 219
9.4 Preliminary Hazard Analysis 223 9.5 Change Analysis 232 9.6
FMECA 236 9.7 HAZOP 246 9.8 SWIFT 256 9.9 Master Logic Diagram 262
9.10 Additional Reading 263
10 Causal and Frequency Analysis 265
10.1 Introduction 265 10.2 Cause and Effect Diagram Analysis 267
10.3 Fault Tree Analysis 271 10.4 Bayesian Networks 294 10.5 Markov
Methods 304 10.6 Petri Nets 316 10.7 Additional Reading 335
11 Development of Accident Scenarios 337
11.1 Introduction 337 11.2 Event Tree Analysis 339 11.3 Event
Sequence Diagrams 359 11.4 Cause-Consequence Analysis 359 11.5
Escalation Problems 360 11.6 Consequence Models 361 11.7 Additional
Reading 362
12 Barriers and Barrier Analysis 363
12.1 Introduction 363 12.2 Barriers and Barrier Classi cation 364
12.3 Barrier Properties 370 12.4 Safety Instrumented Systems 372
12.5 Hazard-Barrier Matrices 382 12.6 Safety Barrier Diagrams
383
CONTENTS xl
12.8 Energy Flow/Barrier Analysis 385
12.9 Layer of Protection Analysis 388 12.10 Barrier and Operational
Risk Analysis 397
12.11 Additional reading 407
13.1 Introduction 409
13.4 HRA Methods 434
13.5 Additional Reading 456
14.1 Introduction 457 14.2 Objectives and Applications 457 14.3
Analysis Procedure 458 14.4 Resources and Skills Required 466
14.5 Advantages and Limitations 467
14.6 Additional reading 467
15 Common-Cause Failures 469
15.6 More Complex CCF Models 486
15.7 Additional Reading 495
16.1 Introduction 497
16.2 Uncertainty 499
16.3 Categories of Uncertainty 500 16.4 Contributors to Uncertainty
502 16.5 Uncertainty Propagation 507
16.6 Sensitivity Analysis 512
17.1 Introduction
17.3 Nuclear Power Industry
17.6 Space Industry
A.l Introduction
A.7 Bayesian Approach
A.9 Additional Reading
Appendix 8: Acronyms
Appendix C: Glossary
571
575
577
583
585
593
608
635
Preface
This book gives a comprehensive introduction to risk analysis and
risk assessment, and the main methods for such analyses. It deals
with accidents that may occur in technical or sociotechnical
systems with focus on sudden, major accidents. Day-to day
occupational accidents and negative health effects due to long-term
exposure are therefore outside the scope of the book.
In I 99 I, the Norwegian standard NS 5814, Requirements to Risk
Analysis, was issued and I wrote a small book in Norwegian called
Risk Analysis: Guidance to NS 58/4 (Rausand, 1991). The book was
very basic but filled a purpose and was used extensively. I began
to write the current book in 1995 after the first edition of the
book System Reliability Theory was published. After awhile I
realized that writing a book on risk assessment was much more
difficult than writing a book on system reliability. This was due
mainly to the confusing terminology, the multidisciplinary
character of the topics, and the overwhelming number of reports and
guidelines that had been written.
In 2008, the second edition of NS 5814 was issued and the guideline
had to be updated and extended. This resulted in the book Risk
Analysis: Theory and Methods (Rausand and Utne, 2009b), which is
written in Norwegian and coauthored by Ingrid Bouwer Utne. The book
was strongly influenced by the manuscript of the current book, has
a similar structure, but is more basic and straightforward.
XIII
XIV PREFACE
The current book is divided into two main parts. Part I introduces
risk analysis and defines and discusses the main concepts used. Our
understanding of how accidents occur will always influence our
approach to risk assessments, so a chapter describing accident
models and accident causation is therefore included. Input data
requirements and data quality are also presented in a separate
chapter. The various steps of a risk assessment are explained and
arranged in a structure.
Part II deals with the main methods of risk analysis, such as
preliminary hazard analysis, HAZOP, fault tree analysis, and event
tree analysis. Special problem areas such as common-cause failures
and human errors are also discussed. Part II ends with a brief
survey of the development and application of risk assessment in
some main application areas.
Part III of the book contains appendices. Some main results from
probability and statistics are given in Appendix A. Readers who
have not taken a basic course in probability and statistics should
consider reading this appendix first. Other readers may find it
useful to check formulas in the appendix. Part III also contains a
list of acronyms and a glossary of main terms used in risk
assessment.
The book gives several references to laws, regulations, and
standards. When using these references, you should always check to
see if new versions have been made available.
Several organizations have issued a number of technical reports and
guidelines related to risk assessment. Many of these are of very
high quality but often use con flicting terminology, and they
present a multitude of methods with more or less the same purpose.
Very few textbooks on risk assessment are on the market,
however.
To contribute to a more standardized terminology in risk
assessment, I have put considerable effort into using a stringent
terminology and giving clear definitions. The main definitions are
written as separate paragraphs preceded by the symbol ~F.
When writing this book, I have read guidelines from many different
organizations and tried to extract the main messages from these
guidelines. Such guidelines seem to be issued faster than I am able
to read, so I cannot claim that I cover all of them. There are
certainly several important organizations that I have missed while
searching for guidelines. Among these are obviously guidelines that
are written in languages that I am not able to understand.
I have selected methods that are commonly applied and that I find
useful. Whether or not this is a good selection is up to you to
judge. The book may perhaps be accused of being old-fashioned
because I have included mainly proven methods instead of brand-new
suggestions.
Within some areas of risk assessment, such as human reliability
analysis, there are a vast number of approaches, and it seems to be
a strategy that every person working with human reliability should
develop her/his own method.
Suggestions for further reading are provided at the end of each
chapter. I do not claim that the references listed are the most
relevant that can be found. Rather, these are the references I have
found most useful and that are most in line with the views
presented in this book.
PREFACE XV
The book is written mainly as a textbook for university courses in
risk analysis and risk assessment. For this reason, a set of
problems have been developed and are available on the book's
homepage, http: I lwww. ntnu. edulrosslbookslrisk.
The book is also intended to be a guide for practical risk
assessments. The various methods are therefore described
sufficiently that you should be able to use the method after having
read the description. Each method is described according to the
same structure, and the various steps of the methods are listed and
often also illustrated in workflow diagrams. The descriptions of
the methods are, as far as possible, self contained, and it should
therefore not be necessary to read the entire book to have enough
background to use the individual methods.
The descriptions and examples given in the book are largely from
Europe, espe cially from Norway. I trust, however, that most of
the book is also relevant in other parts of the world.
The book is written in a style similar to that used in my book on
system reliability theory (Rausand and H~yland, 2004). Some methods
are treated in both books, but from different standpoints. Several
issues are described in more detail in Rausand and H~yland (2004),
and I therefore recommend that you have both books available, even
if it is not strictly required.
I hope that you will enjoy reading this book and that you will find
it useful. If you have questions or comments, you will find my
email address on the book's homepage (see below).
Tmndheim, Norway
Acknowledgments
It is a pleasure to acknowledge and thank several friends and
colleagues whose ideas and suggestions have contributed greatly to
the book. I mention them in alphabetical order.
- Stein Haugen is a professor in risk analysis at NTNU and has
extensive experience using risk analyses in industry projects. He
has read several chapters and given many helpful comments that have
improved the book.
- Per Hokstad of SINTEF coauthored an earlier version of Chapter 15
on common cause failures and has strongly influenced the content
of that chapter.
- Inger Lise Johansen is a Ph.D. student at NTNU. I have the
pleasure of being the supervisor of her master's thesis and
currently of her Ph.D. project. Her master's thesis was written in
parallel with Chapters 2 and 4 of this book, and she has made
significant contributions to these chapters. She has also read
several other chapters, reformulated some of my clumsy expressions,
added content, and made valuable comments as to both language and
content.
- Ondfej Nyvlt of the Czech Technical University in Prague spent
six months at NTNU as an exchange Ph.D. student. I had the pleasure
of being his local super visor, and he helped me to write the
section on Petri nets in Chapter I 0.
XVII
xvlli
- Ingrid Bouwer Utne coauthored the Norwegian book Risk Analysis;
Theory and Methods (Rausand and Utne, 2009a) while she was a
postdoc at NTNU. Our dis cussions and her ideas have also clearly
influenced the current book.
- Knut 0ien of SINTEF is also an adjunct professor in risk
assessment at NTNU. He coauthored an early draft of Chapter 13 on
human reliability analysis and has read and commented on the final
version. Chapter 17, describing the development and application of
risk assessment, is based on a note in Norwegian that Knut 0ien and
I wrote some years ago.
I also acknowledge the editing and production staff at John Wiley
& Sons for their careful, effective, and professional
work.
I thank the International Electrotechnical Commission (IEC) for
permission to reproduce information from the standards IEC
60300-3-9 ed.l.O ( 1995), IEC 60300- 3-4 ed.2.0 (2007), IEC
60050-191 ed.1.0 ( 1990), IEC 61508-0 ed. 1.0 (2005), IEC 6 l 508-4
ed.2.0 (20 l 0), IEC 6 l 508- l ed.2.0 (20 l 0), IEC 6 l 508-6
ed.2.0 (20 l 0). All such extracts are copyright of IEC, Geneva,
Switzerland. @All rights reserved. Fur ther information on the IEC
is available from http: I /www. iec. ch. IEC has no responsibility
for the placement and context in which the extracts and contents
are reproduced by the author, nor is IEC in any way responsible for
the other content or accuracy herein.
Point 2. l 3 from NS-ISO 3 l 000:2009 Risk management - Principles
and guide lines, as well as definitions in 2. l. l, 2. l .5, 2. l.
l 3, 2. l .20 and Table A. l from NS-EN ISO 17776:2002 are
reproduced in this book under license from Standard Online AS 03/20
l l. @All rights reserved. Standard Online makes no guarantees or
warranties as to the correctness of the reproduction.
Several references are given to publications by the UK Health and
Safety Executive (HSE). This is public sector information published
by the HSE and licensed under the Open Government Licence v. l
.0.
The book was completed during my sabbatical year at ParisTech,
Ecole Nationale Superieured'Arts et Metiers (ENSAM) in Aix en
Provence, France. I am very grateful to Professor Lionel Roucoules
and his colleagues, who helped me and made this stay a positive
experience.
During the writing of the book, I have read many books, scientific
articles, stan dards, technical reports, guidelines, and notes
related to risk assessment. I have tried to process, combine, and
reformulate the information obtained and I have tried to give
proper references. If I unconsciously copied sentences without
giving proper reference, it has not been my intention, and I
apologize if that has happened.
In the preface of the book The Importance of Living (William
Morrow, New York, l 937), Lin Yutang writes: "I must therefore
conclude by saying as usual that the mer its of this book, if any,
are largely due to the helpful suggestions of my collaborators,
while for the inaccuracies, deficiencies and immaturities of
judgment, I alone am re sponsible." If the word collaborators is
replaced by colleagues and references, this statement applies
equally well for the current book.
M.R.
INTRODUCTION
Risk is a curious and complex concept. In a sense it is unreal in
that it is always concerned. with the future, with possibilities,
with what has not yet happened.
-Elms (1992)
1.1 INTRODUCTION
If you ask ten people what they mean by the word risk, you will
most likely get ten different answers. The same inconsistency also
prevails in newspapers and other me dia. A brief search for the
word risk in some Internet newspapers gave the results in Table
1.1. In some of the statements, the word risk can be replaced with
chance, likelihood, or possibility. In other cases, it may be
synonymous with hazard, threat, or danger. The situation is not
much better in the scientific comrimnity, where the interpretation
is almost as varying as among the general public. A brief search in
risk assessment textbooks, journal" articles, standards, and
guidelines will easily prove that this applies also for the
specialists in risk assessment.
In 1996, the prominent risk researcher Stan Kaplan received the
Distinguished Award from the Society of Risk Analysis. To express
his gratitude, Kaplan gave a
Risk Asse.ument: Theory, Method.~. and Application.~. First
Edition. Marvin Rausand. © 2011 John Wiley & Sons, Inc.
Published 201 I by John Wiley & Sons, Inc
3
4 INTRODUCTION
Table 1.1 The word risk as used in some Internet newspapers (in May
2010) .
. . . the government would risk a humiliating defeat ...
. . . people judged to be at high risk of having a fall ...
... there's no simple equation for predicting divorce risk
...
... investors are willing to take on a high risk
. . . encouraged financiers to seek out greater pmfits by taking
risks in areas beyond regu latory purview ...
... the flight from risk has hit the stock mar kets ...
. . . investments that had put their capital at risk ...
... we could put at risk our food and water supplies ...
. . . she was considered at risk because of her work ...
... because of the risk of theft ...
. .. the number of homes exposed to flood risk could increase
...
. .. a more envimnmentally risky mode of getting our energy
...
. .. risk appetite for equities and corporate bonds ...
. . . by reducing the risk of collisions with ve hicles ...
... bicycle helmets have been shown to re duce the risk of head
injuries by up to KK percent ...
. .. a high-risk attempt to plug the leaking oil well ...
. .. carries an accident risk of "Chernobyl proportions" ...
. .. that created the illusion that risk was be ing responsibly
managed ...
talk to the plenary session at the society's annual meeting. In the
introduction to this talk, he said: 1
The words of risk analysis have been, and continue to be a problem.
Many of you remember that when our Society for Risk Analysis was
brand new, one of the first things it did was to establish a
committee to define the word "risk." This committee labored for 4
years and then gave up, saying in its final report, that maybe it's
better not to define risk. Let each author define it in his own
way, only please each should explain clearly what way that is
(Kaplan, 1997).
1.1.1 Three Main Questions
Risk (as used in this book) is always related to what can happen in
the future. In contrast to our ancestors, who believed that the
future was determined solely by the acts of God (e.g., see
Bernstein, 1996), we have the conviction that we can analyze and
manage risk in a rational way. Our tool is risk analysis, and the
goal is to inform decision-making concerning our future
welfare.
1Reprinted from Risk Analysis, Vol. 17, Kaplan, S. "The words of
risk analysis", Copyright (1997), with permission from
Wiley-Blackwell.
INTRODUCTION 5
The possibility of harmful events is an inherent part of life. Such
events can be caused by natural forces, such as flooding,
earthquake, or lightning; technical failures; or human actions.
Some harmful events can be foreseen and readily addressed, while
others come unexpectedly because they appear unforeseeable or have
only a very remote likelihood of occurrence. In many systems,
various safeguards are installed to prevent harmful events or to
mitigate the consequences should such events occur. Risk analysis
is used to identify the causes of harmful events, to determine the
possible consequences of harmful events, to identify and prioritize
barriers, and to form a basis for deciding whether or not the risk
related to a system is tolerable.
A risk analysis is carried out to provide answers to the following
three main ques tions (Kaplan and Garrick, 1981 ):
Q 1. What can go wrong? To answer this question, we must identify
the possible hazardous events 2 that may lead to harm to some
assets that we want to keep and protect. These assets may be
people, animals, the environment, buildings, technical
installations, infrastructure, cultural heritage, our reputation,
information, data, and many more.
Q2. What is the likelihood of that happening! The answer can be
given as a qualitative statement or as probabilities or fre
quencies. We consider the hazardous events that were identified· in
Q 1, one by one. To determine their likelihood, we often have to
carry out a causal analysis to identify the basic causes (hazards
or threats) that may lead to the hazardous event.
Q3. What are the consequences? For each hazardous event, we must
identify the potential harm or adverse con sequences to the assets
mentioned in Q I. Most systems have barriers that are installed to
prevent or mitigate harm. The harm to the assets is dependent on
whether or not these barriers function when the hazardous event
takes place.
For now, we suffice by defining risk as the answer to these three
questions.
1.1.2 A Conceptual Model
For each hazardous event that is identified by answering QI, the
analytical process used to answer Q2 and Q3 may be illustrated by
Figure 1.1. The figure illustrates that various hazards and/or
threats may lead to a hazardous event, and that the hazardous event
may in turn lead to many different consequences. Various barriers
are often available between the hazards/threats and the hazardous
event, and also between the hazardous event and the consequences.
The model in Figure 1.1 is called a bow-tie model because it
resembles the bow-tie that men sometimes use in place of a necktie
with a formal suit.
2 Kaplan and Garrick ( 19!! I) use the term scenario instead of
hazardous event.
6 INTRODUCTION
Figure 1.1 A simpli ed bow-tie model.
The bow-tie model is useful for illustrating both the conception
and analysis of risk. The terms needed to answer the three related
questions of Kaplan and Garrick ( 1981) have, however, been
interpreted differently by various sources and practitioners, as
have the methods in which they are used. Today, numerous laws and
regulations require that risk analyses or risk assessments be
carried out, but there is still no unified terminology or standard
framework for carrying out these assessments.
1.1.3 Objective of the Book
The main objective of this book is to give a comprehensive
introduction to risk as sessment and present the essential theory
and the main methods that can be used to perform a risk assessment
of a technical or sociotechnical system.
More specific objectives are:
(a) To present and discuss the terminology used in risk assessment
of technical and sociotechnical systems. A vague hope is that this
may contribute to a more harmonized terminology in risk
assessment.
(b) To define and discuss how risk can be quantified and how these
metrics may be used to evaluate the tolerability of risk.
(c) To present the main methods for risk assessment and discuss the
applicability, advantages, and limitations of each method.
(d) To present and discuss some main problem areas related to risk
assessment (e.g., human errors, dependent failures).
(e) To describe how a risk assessment may be carried out in
practice and illustrate some important application areas.
1.1.4 Focus of the Book
This book is mainly concerned with risk related to:
- a technical or sociotechnical system in which
RISK ANALYSIS, ASSESSMENT, AND MANAGEMENT 7
- events may occur in the future and that
- have unwanted consequences
- to assets that we want to protect.
The systems to be considered may be any type of engineered system,
ranging from small machines up to complex process plants or
transportation networks. This book does not cover all aspects of
risk, but is limited to accidents where an abrupt event may give
negative outcomes (some kind of loss or damage). Adverse effects
caused by continuous and long-term exposure to a hazardous
environment or dangerous ma terials (e.g., asbestos) are thus not
covered unless the exposure is caused by a specific event (e.g., an
explosion). Neither is an objective of this book to present and
discuss detailed physical consequence models, such as fire and
explosion models.
In the financial world, investments are often made and risk is
taken to obtain some benefit. The outcome may be either positive or
negative, and risk is then a statement about the uncertainty
regarding the outcome of the investment. This interpretation of the
word risk is not relevant for this book, which is concerned
exclusively with adverse outcomes.
The main focus of the book is risk assessment per se, not how the
results from the assessment may be used or misused. Some issues
related to risk management are, however, discussed briefly in
Chapter 5.
The objective of this introductory chapter is to introduce the main
concepts used in risk assessment and to place risk assessment into
a decision-making context.
1.2 RISK ANALYSIS, ASSESSMENT, AND MANAGEMENT
1.2.1 Risk Analysis
So far, we have mentioned risk analysis several times, but not
given any clear defini tion. A commonly used definition is:
"' Risk analysis: Systematic use of available information to
identify hazards and to estimate the risk to individuals, property,
and the environment (IEC 60300-3-9, 1995).
A risk analysis is always a proactive approach in the sense that it
deals exclusively with potential accidents. This is opposed to
accident investigation, which is a reactive approach that seeks to
determine the causes and circumstances of accidents that have
already happened.
Three Main Steps. As indicated in Section 1.1, a risk analysis is
carried out in three main steps by providing answers to the three
questions in Section 1.1.2:
I. Hazard ident(fication. In this step, the hazards and threats
related to the sys tem are identified together with the potential
hazardous events. As part of this process, assets that may be
harmed are also identified.
8 INTRODUCTION
2. Frequency analysis. This step will usually involve a deductive
analysis to iden tify the causes of each hazardous event and to
estimate the frequency of the hazardous event based on experience
data and/or expert judgments.
3. Consequence analysis. Here, an inductive analysis is carried out
to identify all potential sequences of events that can emerge from
the hazardous event. The objective of the inductive analysis is
usually to identify all potential end consequences and also their
probability of occurrence.
Qualitative vs. Quantitative Analysis. The risk analysis may be
qualitative or quantitative, depending on the objective of the
analysis.
~ Qualitative risk analysis: A risk analysis where probabilities
and consequences are determined purely qualitatively.
~ Quantitative risk analysis (QRA): A risk analysis that provides
numerical esti mates for probabilities and/or
consequences-sometimes along with associated un certainties.
A QRA is best suited for quantifying risk associated with
low-probability and high-consequence events, and may range from
specialized probabilistic assessment to large-scale analysis. The
term semiquantitative risk analysis is sometimes used to denote
risk analyses that quantify probabilities and consequences
approximately within ranges.
Remark: Some industries use other names for the QRA. In the U.S.
nuclear industry and in the space industry, the QRA is called
probabilistic risk analysis (PRA). In the European nuclear
industry, QRA is referred to as probabilistic safety analysis
(PSA), whereas the maritime industry uses the term formal safety
assessment (FSA). The term total risk analysis (TRA) sometimes
appears in the Norwegian offshore industry. E9
Types of Risk Analyses. Risk analyses can be classified in many
different ways. One attempt of classification can be made on the
basis of Figure 1.2, which displays three categories of hazards and
and three categories of assets in a 3 x 3 matrix.
This book is concerned mainly with the last column of Figure 1.2,
where the hazard source is a technical system or some dangerous
materials. The other types of risk analyses are, however, also
discussed briefly.
1.2.2 Risk Evaluation
We distinguish between risk analysis and risk evaluation, which may
be defined as:
~ Risk evaluation: Process in which judgments are made on the
tolerability of the risk on the basis of a risk analysis and taking
into account factors such as socioeco-
RISK ANALYSIS, ASSESSMENT, AND MANAGEMENT 9
Hazard source
Humans 1 2 3
Figure 1.2 Different types of risk analyses.
nomic and environmental aspects (IEC 60300-3-9, 1995).
The risk evaluation will sometimes include a comparison of the
results from the risk analysis with some risk acceptance criteria.
Risk acceptance criteria are dis cussed further in Chapter
4.
Too often, it happens that the management does the risk evaluation
without any involvement from those who have produced the risk
analysis. This may create com munication problems and lead to
erroneous inferences, and it is therefore strongly recommended that
the risk analysts also be involved in the evaluation:
1.2.3 Risk Assessment
When risk analysis and risk evaluation are carried out in a joint
process, we say that we do a risk assessment .
...- Risk assessment: Overall process of risk analysis and risk
evaluation (IEC 60300- 3-9, 1995).
• EXAMPLE 1.1 Five steps to risk assessment
The UK HSE has published a simple and informative introduction to
risk as sessment called Five steps to risk assessment (HSE, 2006).
The five steps are:
I. Identify the hazards.
4. Record your findings and implement them.
5. Review your assessment and update if necessary.
1 0 INTRODUCTION
I
Risk analysis Risk evaluation Risk control
- Identify hazards and threats - Evaluate risk (against - Make
decisions related to - Identify hazardous events risk acceptance
criteria)
H- risk-reducing measures
- Establish risk picture - Assess alternative risk- - Communicate
risk reducing measures
---- -----t--------------------t--------- t
Figure 1.3 Risk analysis, evaluation, assessment, and management
(see also IEC 60300-3-9, 1995).
Remark: Some books and guidelines do not distinguish between risk
analysis and risk assessment and tend to use the term risk
assessment also when risk evaluation is not part of the job. Other
guidelines define risk assessment as an add-on to risk eval
uation. An example here is the U.S. Federal Aviation
Administration, which defines risk assessment as "the process by
which the results of risk analysis are used to make decisions" (US
FAA, 2000, App. A). EB
1.2.4 Risk Management
If we, in addition, identify and (if necessary) implement
risk-reducing actions and survey how the risk changes over time, we
conduct risk management.
~ Risk management: A continuous management process with the
objective to iden tify, analyze, and assess potential hazards in a
system or related to an activity, and to identify and introduce
risk control measures to eliminate or reduce potential harms to
people, the environment, or other assets.
Slightly different definitions of risk management may be found in
guidelines and textbooks. Some of these stress that risk management
is a proactive and systematic approach to setting the best course
of action under uncertainty, and that it also involves
communicating the risk to the various stakeholders (e.g., see
Treasury Board, 2001 ).