How To Determine “Acceptable” Risk
Noted science fiction writer Ray Bradbury, author of Fahrenheit 451, once said that living at risk is jumping off the cliff and building your wings on the way down. Accordingly, we are all building wings. In fact, anyone involved in risk management will tell you that risk is always present, that we are all living at risk; the goal is to reduce it to an acceptable level.
Risk explains the likelihood and consequences of a hazard. ISO 12100 defines it as the probability of occurrence of harm and the severity of harm. Risk assessment is the overall process of identifying all the risks to and from an activity and assessing the potential impact of each risk. It determines the potential impact of an individual risk by measuring or otherwise assessing both the likelihood that it will occur and the impact if it should occur. Then it combines the result according to an agreed-upon rule to give a single measure of potential impact.
“Risk gets ranked,” says Kevin Connelly, business development manager, energy and industrial systems at UL. “UL recommends using a published method of ranking; there are many of them. Some organizations may have proprietary methods. But if you are just starting out, it’s not necessary to develop your own.”
The standards that refer to risk assessment are legion. They range from industrial standards such as EN-ISO 13849 or ASME A17.7, to process standards, financial standards, or simply good engineering practices. All these dictate risk assessment.
Of course, taking steps to protect workers and business, while complying with applicable laws, are crucial to an organization’s ability to operate and compete in today’s competitive, global economy. Whether a machine builder or an end user, focusing on risks that can cause real harm will have the greatest impact on business operations and procedures, and can also provide cost savings. But where does one start? What standards apply? How do you know where and what to look for? What processes do you use?
Connelly refers to a flowchart contained in ISO 14798, a standard that establishes general principles and specific procedures for assessing risk, as a good starting point for best practices in risk assessment process development.
Here is a sequential synopsis:
- Determine the reason for risk assessment.
- Form the risk assessment team.
- Determine the risk assessment subject.
- Identify scenarios, harmful event causes, and effects.
- Estimate risk.
- Evaluate risk.
- Assess risk mitigation.
- Reduce risk.
“The process is iterative,” says Connelly. “You must periodically go back and assess whether the risk is acceptable.”
Behold the Saw Blade
Consider the risk assessment process for a common industrial item: the saw blade. Can the saw blade be a hazard? With dismemberment as a possible outcome of use, the answer would have to be yes. This answer gives us a valid reason to trigger the risk assessment process.
“Probably the most critical step in the risk assessment process is next: the development of the team,” says Connelly. Consider the following points in this step:
- The team should be multidisciplinary in order to analyze and assess all risks.
- It should take into account the systems involved in the risk being assessed: chemical, mechanical, electrical, and so on.
- Communication must be a point of emphasis within the team. Success is directly related to how well the team communicates within itself.
- Members need to understand that risk assessment is a process, not a one-and-done task. Work must be reflected upon and revisited to assure the validity of risk mitigation over time.
When estimating risk, it is important to lead with severity. This provides focus to the work. ISO 14798 estimates risk in four categories:
- High: results in death, system loss, or severe environmental damage.
- Medium: results in severe injury, significant occupational illness, or major system or environmental damage.
- Low: results in minor injury, minor occupational illness, or minor system or environmental damage.
- Negligible: will not result in any of the above.
Probability is the other factor to consider. Five levels of probability are typically cited in risk estimation:
- Highly probable: likely to occur frequently
- Probable: likely to occur several times in the lifecycle
- Occasional: likely to occur at least once in the lifecycle
- Improbable: very unlikely to occur in the lifecycle
- Highly improbable: probability cannot be distinguished from zero
Perform the risk evaluation by estimating the probability of risk against the severity of its outcome.
From this comparison, develop classes of risk:
At this point the question must be posed: is the residual risk as low as reasonably possible? According to these measures, the saw blade has a Class II severity and, without measures, a probability of A. Perhaps a light curtain is an option. This may reduce the probability from A to B, but the risk level remains Class I, so further measures are required. The team considers guarding as an additional measure. This may reduce the probability from B to C, but the risk level still remains at Class I. (Remember, the severity is constant in this case.) Further measures are still required.
So the team adds interlocking. This reduces the probability to D, and now as 2D the saw blade is reduced to a Class II level risk. This is still not the Class III that all risk mitigation aspires to, but a mitigation that may be sufficient. As a Class II risk, review will continue to be required on a periodic basis, but certain hazards may be considered acceptable as Class II risks, based on community standards and industry practice.
“When you believe the risk has been sufficiently mitigated, the risk assessment is essentially complete,” says Connelly. “The team has to discuss the case and agree, and periodically they will have to revisit the case.”
Risk Assessment and Asset Owners
Connelly says that asset owners need to pay close attention to any risk assessments they receive. “Responsibilities for risk can be transferred to the asset owner or integrator,” he says. For example, it may be assumed that machine guarding is installed at the end of an installation. Who is responsible for that? The risk assessment may assume proper maintenance. But who is responsible and how frequently? What about testing? How and how often will that occur? Additionally, required training is an important issue.
“The risk assessment doesn’t eliminate risk,” cautions Connelly.“ A smart asset owner will always review the process and conclusions.” Risk assessments should be reviewed periodically because of the many factors that may have changed and impacted the initial assessment, such as product, process, environmental, and regulatory issues.
Connelly concludes with four best practices for anyone considering risk assessments:
- Review the risk assessment closely.
- Review every change since the last review.
- Review any additions to confirm they do not affect the risks.
- Ensure that maintenance/repair operations haven’t affected the risks.
After all, you wouldn’t want a saw blade severing the wings you are building.Have an Inquiry for Siemens about this article? Click Here >>