Loading presentation...

Present Remotely

Send the link below via email or IM

Copy

Present to your audience

Start remote presentation

  • Invited audience members will follow you as you navigate and present
  • People invited to a presentation do not need a Prezi account
  • This link expires 10 minutes after you close the presentation
  • A maximum of 30 users can follow your presentation
  • Learn more about this feature in our knowledge base article

Do you really want to delete this prezi?

Neither you, nor the coeditors you shared it with will be able to recover it again.

DeleteCancel

Risk assessment techniques

According ISO 31010. Annex B. Articles 3/7/11/15/19/23/27/31.
by

Zlatin Kolev

on 5 June 2012

Comments (0)

Please log in to add your comment.

Report abuse

Transcript of Risk assessment techniques

RISK MANAGEMENT
ACCORDING TO ISO 31010
The Delphi technique
Overview
A procedure which aims to obtain a reliable
consensus
of opinion from a group of
experts
.
It is related to brainstorming.
Experts express their opinions
individually and anonymously
while having access to the other expert’s views as the process progresses.
Use
The Delphi technique can be applied
at any stage
of the risk management process or
at any phase
of a system life cycle, wherever a consensus of views of experts is needed.
Inputs
A set of options for which consensus is needed.
Experts are questioned using a semi-structured questionnaire.
They do not meet so their opinions are independent.
• formation of a
team to undertake and monitor
the Delphi process;

• selection of a
group of experts
(may be one or more panels of experts);

• development of round 1
questionnaire
;


testing
the questionnaire;


sending
the questionnaire to panellists individually;


information
from the first round of responses
is analysed
and combined and re- circulated to panellists;

• panellists
respond
;
THE PROCESS
is repeated until consensus is reached.
Convergence toward consensus on the matter in hand.
Outputs
Strengths
Limitations
• as views are anonymous, unpopular opinions are more likely to be expressed;

• all views have equal weight, which avoids the problem of dominating personalities;

• achieves ownership of outcomes;

• people do not need to be brought together in one place at one time.
• it is labour intensive and time consuming;

• participants need to be able to express themselves clearly in writing.
Hazard analysis and critical control points (HACCP)
Overview
Use
The HACCP is used by
organizations
operating anywhere within the food chain
to control
risks from physical, chemical or biological
contaminants of food
. It has also been extended for use in manufacture of
pharmaceuticals
and to
medical devices
.
Inputs
Information on the hazards and their risks and ways in which they can be controlled. Starts from a basic flow diagram or process diagram and information on hazards which might affect the quality, safety or reliability of the product

identifies hazards
and preventive measures related to such hazards;


determines
the points in the process where the hazards can be controlled or eliminated (
the critical control points
or CCPs);


establishes critical limits
needed to control the hazards, i.e. each CCP should operate within specific parameters to ensure the hazard is controlled;


monitors the critical limits
for each CCP at defined intervals;


establishes corrective actions
if the process falls outside established limits;

• establishes
verification
procedures;

• implements
record keeping
and documentation procedures for each step.
THE PROCESS
Strengths
Limitations
• HACCP requires that hazards are identified, the risks they represent defined, and their significance understood as inputs to the process. Appropriate controls also need to be defined. These are required in order to specify critical control points and control parameters during HACCP and may need to be combined with other tools to achieve this;

• taking action when control parameters exceed defined limits may miss gradual changes in control parameters which are statistically significant and hence should be actioned.
T E C H N I Q U E S
The main idea of the HACCP is by
identifying hazards
and
putting controls at all relevant parts
of a process to protect against the hazards and to maintain the quality reliability and safety of a product.
HACCP aims to ensure that
risks are minimized
by controls
throughout the process
rather than through inspection of the end product.
•a structured process that provides documented evidence for quality control as well as identif ying and reducing risks;

•a focus on the practicalities of how and where, in a process, hazards can be prevented and risks controlled;

•better risk control throughout the process rather than relying on final product inspection;

•an ability to identif y hazards introduced through human actions and how these can be controlled at the point of introduction or subsequently.
The
hazard analysis worksheet
lists for each step of the process:


hazards
which could be introduced, controlled or exacerbated at this step;

• whether the hazards present a
significant risk
;

• a
justification
for the significance;

• possible
preventative measures
for each hazard;

• whether
monitoring or control measures
can be applied at this step
The
HACCP plan
delineates the procedures to be followed to assure the control of a specific design, product, process or procedure. The plan includes a list of all CCPs and for each CCP:

• the
critical limits
for preventative measures;

• monitoring and continuing
control activities
(including
what, how, and when
monitoring will be carried out and by
whom
);


corrective actions
required if deviations from critical limits are detected;


verification and record-keeping
activities.
Refference document
ISO 22000, Food safety management systems – Requirements for any organization in the food chain
Business impact analysis (BIA)
11
3
Overview
Analyses
how
key disruption risks
could affect an organization’s operations and
identifies and quantifies
the
capabilities
that would be needed to manage it.
Use
BIA is used to
determine the criticality and recovery timeframes
of processes and associated resources (people, equipment, information technology) to ensure the continued achievement of objectives. Additionally, the BIA assists in
determining interdependencies and interrelationships
between processes, internal and external parties and any supply chain linkages.
Outputs 1/2
Outputs 2/2
• the
identification
and criticality of
key business processes
, functions and associated resources and the
key interdependencies
that exist for an organization;

• how
disruptive events
will
affect
the
capacity and capability
of achieving critical business objectives;

• the capacity and capability needed to manage the impact of a disruption and
recover the organization
to agreed levels of operation.
•a
team
to undertake the analysis and develop a plan;


information
concerning the objectives, environment, operations and interdependencies of the organization;


details
on the activities and operations of the organization, including processes, supporting resources, relationships with other organizations, outsourced arrangements, stakeholders;


financial and operational consequences
of loss of critical processes;

•prepared
questionnaire
;

•list of
interviewees
from relevant areas of the organization
and/or stakeholders
that will be
contacted.
A BIA can be undertaken using questionnaires, interviews, structured workshops or combinations of all three, to obtain an understanding of the critical processes, the effects of the loss of those processes and the required recovery timeframes and supporting resources.

The key steps include:
THE PROCESS
• a priority
list of critical processes
and associated interdependencies;

• documented
financial and operational impacts
from a loss of the critical processes;

• supporting
resources needed
for the identified critical processes;

• outage
time frames
for the critical process and the associated information technology recovery time frames.
INPUTS
OUTPUTS
3
7
based on the
risk
and
vulnerability
assessment, confirmation of the key processes and outputs of the
organization
to determine the criticality of the processes;
determination of
the
consequences
of a disruption on the identified critical processes in
financial
and/or operational terms, over defined
periods
;
identification
of the
interdependencies
with key
internal and external stakeholders
. This could include
mapping the nature
of the interdependencies through
the supply chain
;
determination
of the current
available resources
and the essential level of resources needed to
continue to operate
at a
minimum acceptable level
following a disruption;
identification of
alternate workarounds
and processes currently
in use
or
planned to be developed
. Alternate workarounds and processes may need to be developed where resources or capability are inaccessible or insufficient during the disruption;
determination of the
maximum acceptable outage

time

(MAO)
for each process based on the identified consequences and the
critical success factors
for the function. The MAO represents the
maximum period
of time the
organization can tolerate the loss of capability
;
determination of the
recovery time
objective(s)
(RTO)
for any specialized equipment or information technology. The RTO represents the
time
within which the
organization

aims to recover
the specialized equipment or information technology
capability
;
confirmation
of the
current level
of preparedness of the critical processes to manage a disruption. This may include
evaluating the level of redundancy within the process
(e.g.
spare equipment
) or the
existence of alternate suppliers
.
Strengths
•an
understanding
of the
critical processes
that provide the organization with the
ability
to
continue
to
achieve
their
stated objectives
;

•an
understanding
of the
required resources
;

•an
opportunity
to
redefine
the
operational process
of an organization to assist in the
resilience
of the
organization
.
Limitations

lack of knowledge
by the
participants involved
in completing
questionnaires, undertaking interviews or workshops
;


group dynamics

may affect
the
complete analysis of a critical process
;


simplistic or over-optimistic expectations
of recovery requirements;

• difficulty in
obtaining an adequate level of understanding
of the organization’s operations and activities.
Event tree analysis (ETA)
Overview
ETA is a
graphical technique
for representing the mutually
exclusive sequences
of events following an
initiating event
according to the functioning/not functioning of the various systems designed to mitigate its consequences. It can be
applied
both
qualitatively and quantitatively
.
• qualitative
descriptions of potential problems
as combinations of events producing various types of problems (range of outcomes) from initiating events;

• quantitative
estimates of event frequencies or probabilities
and relative importance of various failure sequences and contributing events;

• lists of
recommendations
for reducing risks;

• quantitative
evaluations of recommendation effectiveness
.
THE PROCESS
• a
list
of appropriate
initiating events
;


information on treatments
, barriers and controls, and their failure probabilities (for quantitative analyses);

• understanding of the processes whereby an
initial failure
escalates.
• ETA displays
potential scenarios following an initiating event
, are
analysed
and the influence of the
success or failure
of mitigating systems or functions in a
clear diagrammatic way
;

• it accounts for
timing, dependence and domino effects
that are cumbersome to model in fault trees;
OUTPUTS
Use
ETA can be used for
modelling
,
calculating
and
ranking
(from a risk point of view) different
accident scenarios
following the
initiating event
.

ETA can be used at
any stage in the life cycle
of a product or process. It may be used qualitatively to
help brainstorm
potential scenarios and sequences of events following an initiating event and
how outcomes are affected by various treatments
, barriers or controls intended to mitigate unwanted outcomes.

ETA can be used to
model initiating events
which might bring
loss or gain
. However, circumstances where pathways to optimize gain are sought are more often modelled using a decision tree.
INPUTS
15
An event tree starts by selecting an initiating event. This may be an incident such as a dust explosion or a causal event such as a power failure. Functions or systems which are in place to mitigate outcomes are then listed in sequence. For each function or system, a line is drawn to represent their success or failure. A particular probability of failure can be assigned to each line, with this conditional probability estimated e.g. by expert judgement or a fault tree analysis. In this way, different pathways from the initiating event are modelled.
By fanning out like a tree, ETA is able to represent the
aggravating or mitigating events
in response to the
initiating
event, taking into account additional systems, functions or barriers.
• in order to use ETA as part of a comprehensive assessment,
all potential initiating events need to be identified
. This may be done by using another analysis method (e.g. HAZOP, PHA), however, there is
always a potential for missing some important initiating events
;

• with event trees,
only success and failure states of a system are dealt with
, and it is difficult to incorporate delayed success or recovery events;
Limitations
Strengths
Decision tree analysis (DTA)
19
Overview
A decision tree
represents decision alternatives

and outcomes in a sequential manner
which takes account of uncertain outcomes. It is
similar to an event tree
in that it starts from an initiating event or an initial decision and models different pathways and outcomes as a result of events that may occur and different decisions that may be made.
Use
•a
logical analysis of the risk
displaying different options that may be taken;

•a
calculation of the expected value
for each possible path.
A
project plan with decision points
. Information on possible
outcomes
of decisions and on
chance events
which might affect decisions.
THE PROCESS
A decision tree
starts with an initial decision
, for example to proceed with project A rather than project B. As the
two hypothetical projects
proceed, different events will occur and different predictable decisions will need to be made. These are
represented in tree format
, similar to an event tree. The probability of the events can be estimated together with the cost or utility of the final outcome of the pathway.
• they
provide a clear graphical representation
of the details of a decision problem;

• they
enable a calculation of the best pathway
through a situation.
Strengths
• large decisions trees
may become too complex
for easy communication with others;

• there
may be a tendency to oversimplify the situation
so as to be able to represent it as a tree diagram.
Limitations
INPUTS
OUTPUTS
A decision tree is used
in managing project risks
and in other circumstances to
help select the best course of action
where there is uncertainty. The graphical display can also help communicate reasons for decisions.
23
Overview
Sneak analysis (SA) is a
methodology for identifying design errors
. A
sneak condition
is a latent hardware, software or integrated condition that may cause an unwanted event to occur or may inhibit a desired event and is not caused by component failure. These conditions are characterized by their
random nature and ability to escape detection
during the most rigorous of standardized system tests. Sneak conditions can cause improper operation, loss of system availability, program delays, or
even injury or death to personnel
.
Sneak analysis is unique from the design process in that
it uses different tools
(network trees, forests, and clues or questions to help the analyst identify sneak conditions)
to find a specific type of problem
.
THE PROCESS
The
basic steps
in performing a sneak analysis consist of:


data
preparation;

• construction of the network
tree
;

• evaluation of network
paths
;

• final
recommendations and report
.
A sneak circuit is an
unexpected path or logic flow
within a system which, under certain conditions, can
initiate an undesired function or inhibit a desired function
. The path may consist of hardware, software, operator actions, or combinations of these elements. There are
four categories
of sneak circuits:

a) sneak paths;
b) sneak timing;
c) sneak indications;
d) sneak labels.
Use
Sneak analysis includes and far exceeds the coverage of sneak circuit analysis.
It can locate problems in both hardware and software using any technology
. The sneak analysis tools can
integrate several analyses
such as fault trees, failure mode and effects analysis (FMEA), reliability estimates, etc.
into a single analysis saving time and project expenses
.
• sneak analysis is
good for identifying design errors
;

• it
works best
when applied in conjunction
with HAZOP
;

• it is
very good for
dealing with
systems which have multiple states
such as batch and semi-batch plant.
Strengths
• the process is somewhat
different depending on whether it is applied to
electrical circuits, process plants, mechanical equipment or software;

• the method is
dependent on establishing correct network trees
.
Limitations
Sneak analysis (SA) and sneak circuit analysis (SCI)
INPUTS
OUTPUTS
27
FN curves
Overview
FN curves are a
graphical representation
of the
probability of events
causing a specified
level of harm
to a
specified

population
. Most often they refer to the frequency of a given number of casualties occurring.
Use
FN curves are a
way of representing the outputs of risk analysis
. Many events have a high probability of a low consequence outcome and a low probability of a high consequence outcome. The FN curves
provide a representation of the level of risk that is a line
describing this range rather than a single point representing one consequence probability pair.

FN curves can be
used
either
for system or process design, or for management of existing systems
.

sets of the probability consequence
pairs over a given period of time;

• the
output of data from a quantitative risk analysis
giving estimated probabilities for specified numbers of casualties;

• data from
both historical records and a quantitative risk analysis
.
THE PROCESS
The available
data is plotted onto a graph
with the number of casualties (to a specified level of harm, i.e. death) forming the abscissa with the probability of N or more casualties forming the ordinate. Because of the large range of values, both
axes are normally on logarithmic scales
.
FN curves are a
useful way of presenting risk information
that can be used by managers and system designers
to help make decisions about risk and safety levels
.

Also they are
appropriate for comparison of risks from similar situations
where sufficient data is available. They should not be used to compare risks of different types with varying characteristics in circumstances where quantity and quality of data varies.
Strengths
A limitation of
FN curves
is that they
do not say anything about the range of effects or outcomes of incidents other than the number of people impacted
, and there is no way of identif ying the different ways in which the level of harm may have occurred.
They map a particular consequence type, usually harm to people.
FN curves are
not a risk assessment method
, but one way of presenting the results of risk assessment.
Limitations
A
line representing risk across a range of values of consequence
that can be compared with criteria that are appropriate for the population being studied and the specified level of harm.
OUTPUTS
INPUTS
23
Sneak analysis (SA) and sneak circuit analysis (SCI)
Use
Sneak analysis includes and far exceeds the coverage of sneak circuit analysis.
It can locate problems in both hardware and software using any technology
. The sneak analysis tools can
integrate several analyses
such as fault trees, failure mode and effects analysis (FMEA), reliability estimates, etc.
into a single analysis saving time and project expenses
.
Overview
Sneak analysis (SA) is a
methodology for identifying design errors
. A
sneak condition
is a latent hardware, software or integrated condition that may cause an unwanted event to occur or may inhibit a desired event and is not caused by component failure. These conditions are characterized by their
random nature and ability to escape detection
during the most rigorous of standardized system tests. Sneak conditions can cause improper operation, loss of system availability, program delays, or
even injury or death to personnel
.
Sneak analysis is unique from the design process in that
it uses different tools
(network trees, forests, and clues or questions to help the analyst identify sneak conditions)
to find a specific type of problem
.
THE PROCESS
The
basic steps
in performing a sneak analysis consist of:


data
preparation;

• construction of the network
tree
;

• evaluation of network
paths
;

• final
recommendations and report
.
• sneak analysis is
good for identifying design errors
;

• it
works best
when applied in conjunction
with HAZOP
;

• it is
very good for
dealing with
systems which have multiple states
such as batch and semi-batch plant.
Strengths
• the process is somewhat
different depending on whether it is applied to
electrical circuits, process plants, mechanical equipment or software;

• the method is
dependent on establishing correct network trees
.
Limitations
A sneak circuit is an
unexpected path or logic flow
within a system which, under certain conditions, can
initiate an undesired function or inhibit a desired function
. The path may consist of hardware, software, operator actions, or combinations of these elements. There are
four categories
of sneak circuits:

a) sneak paths;
b) sneak timing;
c) sneak indications;
d) sneak labels.
OUTPUTS
Full transcript