Risk assessment and management
This presentation is the property of its rightful owner.
Sponsored Links
1 / 23

Risk Assessment and Management PowerPoint PPT Presentation


  • 58 Views
  • Uploaded on
  • Presentation posted in: General

Risk Assessment and Management. Getting the Measure of Risk. Having understood the potential accident sequences associated with a hazard (e.g. using ETA) … Next step is to determine the severity of the credible accidents identified

Download Presentation

Risk Assessment and Management

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript


Risk assessment and management

Risk Assessment and Management


Getting the measure of risk

Getting the Measure of Risk

  • Having understood the potential accident sequences associated with a hazard (e.g. using ETA) …

  • Next step is to determine the severity of the credible accidents identified

  • Remember risk is the product of severity and probability of an accident

  • Two different approaches:

    • Estimate probability of accident, and hence get a measure of accident risk… then decide whether estimated risk is acceptable

      • Used in many domains, including rail, military aerospace

      • Will discuss this approach first, using rail standards as example

    • Establish acceptable risk, and set probability targets

      • Civil aerospace approach (ARPs etc.)

      • Will discuss this approach later


Accident severity

Accident Severity

  • Accident Severity Categories are qualitative descriptions of consequences of failure conditions (hazards)

    • considering likely impact

EN 50126


Accident probability

Accident Probability

Next, estimate (predict) accident probability

  • Use historical results, analysis, and engineering judgment to determine appropriate qualitative probability category

  • Note we may have to consider both

    • how likely hazard is to arise

    • how likely hazard is to develop into accident

EN 50126


Classifying risk

Classifying Risk

  • Having assigned severity and probability associated with hazard consequences …

  • Next step is to use a Hazard Risk Matrix to classify the the risk

EN 50126


Accepting risk

Accepting Risk

Reasoning about risk

  • Using HRI now possible to say, e.g.

    Risk(Hazard H1) > Risk(Hazard H2)

  • In order to say what is acceptable / unacceptable, must provide an interpretation, e.g.

EN 50126


Managing risk

Managing Risk

Risk Resolution

  • Can associate objectives or actions with risk class, e.g.

    • technologies used

    • development processes

    • assessment criteria

  • Example, for “undesirable” risk, might decide

    • no single point of failure shall lead to system accident

    • probability of fatality must be < 1x10-8 per hour

    • failure behaviour over time (lifetime of system) must be estimated using accepted engineering mathematics and models


Determining risk civil aerospace style 1

Determining Risk - Civil Aerospace Style 1

Start with determination of severity

  • very similar to rail categories

ARP 4761


Determining risk civil aerospace style 2

Determining Risk - Civil Aerospace Style 2

  • When severity has been determined, can set objectives (requirements) for risk control

    • primarily boundaries on acceptable probability of failure condition (hazard)

Adapted from ARP 4761


Determining risk civil aerospace style 3

Determining Risk - Civil Aerospace Style 3

For civil aerospace, severity-related objectives are set in

standards

  • easy to work with

  • unambiguous

    • provided you can agree on standardised and objective measures of severity!

      BUT

  • Need to understand that direct mapping from severity to probability objectives is based on important assumption:

    Acceptable Risk is fixed and predetermined


Determining risk civil aerospace style 4

Determining Risk - Civil Aerospace Style 4

Where does acceptable risk come from?

  • in principle, requirements reflect “what risk the public is willing to accept”

    • risk (A) = probability (A) * severity (A)

    • level of acceptable risk hard to determine, and subjective

  • in practice, certification bodies (airworthiness authorities) act as surrogates for the public

    • “bottom line” is hull loss rate

    • civil aviation hull loss rate target is currently 10-7 per flying hour

      • for comparison, military aviation (UK) hull loss rate target is 10-6 per flying hour


Determining risk civil aerospace style 5

Determining Risk - Civil Aerospace Style 5

  • Has further implications:

    • implicit assumption about number of catastrophic failure conditions on an aircraft

    • also implicit assumption about how probable failure condition is to actually develop into an accident

  • Example:

    • probability objective (target) for catastrophic failure condition is < 10-9 per flight hour

    • target hull loss rate is < 10-7 per flight hour

    • implies either a maximum of 100 catastrophic failure conditions on an aircraft, assuming all occurrences of catastrophic failure conditions will develop into hull loss accident

    • or if more than 100, must be assumption that not all occurrences will result in loss of aircraft


Determining risk civil aerospace style 6

Determining Risk - Civil Aerospace Style 6

  • Note that objective of probability per flying hour has its problems…

  • Consider:

    • histogram shows accidents / time

    • 1.8% of accidents occur in load / taxi / unload


The alarp principle 1

The ALARP Principle 1

ALARP = As Low As Reasonably Practicable


The alarp principle 2

The ALARP Principle 2

  • Provides an interpretation of identified risks

  • Pragmatic – although you can always spend more money to improve safety, it is not always cost-effective

  • However, “cost-effectiveness” introduces ambiguity

  • Regions of tolerability defined by regulatory domain and customer

  • Approach is often implicit in the management of safety-critical projects anyway

  • Helps focus attention on most critical hazards


Risk reduction flowchart 1

Risk Reduction Flowchart 1

  • Identify and determine risk associated with identified hazards


Risk reduction flowchart 2

Risk Reduction Flowchart 2


Risk reduction flowchart 3

Risk Reduction Flowchart 3


Precedence in risk reduction 1

Precedence in Risk Reduction 1

  • Redesign to eliminate risk

    • Best where practical

      • Change in operational role, or removal of hazardous material

  • Redesign to reduce hazard likelihood

    • Select architecture or components

      • Duplex or triplex or …

      • Higher integrity components, with lower failure rates

  • Incorporate mitigation to reduce impact of failures

    • Automated protection, e.g. pressure relief valves

    • Where incorporated, need to check periodically

      • To avoid dormant failures


Precedence in risk reduction 2

Precedence in Risk Reduction 2

  • Provide warning devices

    • Detect the hazardous condition and warn operators

      • e.g. indicate that landing gear has not fully deployed

      • e.g. to evacuate building due to fire or fumes

  • Provide procedures and training

    • Reduce likelihood of hazard, or mitigate

      • may involve use of personal protective equipment

    • Do not assume procedures are enough by themselves

      • consider evolution of power guillotine regulations

  • Precedence order

    • Elimination is enough by itself

    • Others used in combination, typically emphasising automation


Residual risk 1

Residual Risk - 1

  • Residual Risks are those that cannot be ‘designed out’

    • risks inherent to design, where benefit is desirable

  • Significant residual risks must be formally accepted by the appropriate authority (typically customer / operator)

  • Can use Decision Authority Matrix, e.g.

(MIL-STD-882C)


Residual risk 2

Residual Risk 2

Appropriate Decision Authority (From MIL-STD-882C)

  • HIGH – Service Acquisition Executive

    • e.g. no ground collision avoidance on F22 – signed off by4-star Air Force General

  • MEDIUM – Program Executive Officer

  • LOW – Program Manager

  • Usually a requirement to document all actions taken to resolve risk within terms of contract

  • Customer authority can then decide whether to attempt to apply additional resources to resolve risk or forward decision to higher authority


Summary

Summary

  • Risk Assessment is the process of identifying the risk associated with system hazards

  • Approach in many sectors (military, rail…) is to use Hazard Risk Matrix to determine the risk associated with a hazard from severity and probability estimates

    • then decide on acceptability of risk

  • Alternative approach (Civil Aerospace) is based around severity

    • assumption of fixed level of acceptable risk...

    • … so can derive objectives, including probability, from severity

  • Both approaches can be used to define how risks should then be tackled in system development


  • Login