The ‘how’ and ‘when’ of risk assessment is widely known and well described, but the ‘so what’ part seems to be applied with much less consistency. To determine if the level of risk is acceptable or where additional control measures should be implemented, some sort of criteria is used, often embedded in a risk matrix. Where do those boundaries come from though? And how often do we step back and consider if they are appropriate?
These might sound like odd questions, but when you consider that a lot hinges on these seemingly simple things, they are quite important. Risk criteria are used in all sorts of ways, but ultimately they inform the amount of effort we put into analysis and the amount of resource we expend on risk management, so there is a lot of weight put on them. They are the lynch pin of risk management, yet so often we find that their origins are long forgotten.
Quite often we find that a single set of criteria is being used for a whole myriad of situations, perhaps not helped by the loss of original intentions. Certainly, if you don’t know where they came from, you won’t be in a position to defend their use as appropriate for your assessment.
There are many types of assessment, and depending on the type of risk being calculated, we need to be sure that we are comparing the result to appropriate criteria, or we won’t be comparing apples and apples. This could undermine our whole risk management decision making process.
The most widely talked about risk criteria is the Tolerability of Risk ‘TOR carrot’ from R2P2. This defines criteria for Individual Risk. However, Individual Risk is probably not the type of risk you have calculated. Especially if you have:
- Risk ranked an event in a HAZOP
- Estimated the risk of a scenario in a LOPA
- Focused on the risk from a specific piece of equipment
- Used a risk matrix
In fact, only if you have understood all of the hazards impacting an individual, will you have calculated individual Risk. It is quite likely that you have calculated a form of societal risk or group risk, for ease of communication we will call it ‘Scenario Risk’. The concept of Individual Risk versus Scenario Risk is illustrated in the diagram above.
Scenario Risk cannot be compared to Individual Risk tolerability criteria, and tolerability criteria for Scenario Risk cannot be derived from the Individual Risk criteria.
For these reasons it is incorrect to look at a risk matrix or LOPA target and expect to see the one fatality box align with the tolerability limits shown in R2P2 for Individual Risk. Yet so often this is what even experienced practitioners and the regulator trip up over.
If we want to use our Scenario Risk as calculated:
- We must define our scenario risk criteria
- We must ensure it is calibrated to account for other events on the site
If we want to use Individual Risk criteria:
- We must adjust our Scenario Risk to account for the number of individuals ‘sharing’ the risk
- We must adjust our criteria to account for other events that may impact that individual
Either route is acceptable, so long as we know what we have done and why.
If we are using corporate criteria that we have been handed, we need to understand how these adjustments have been made in order to match the correct criteria to the correct situation.
We need to be confident in our criteria. It is important that we challenge the status quo, and truly understand. There is so much that hinges on it