Loading in 5 sec....

Risk Assessment and ManagementPowerPoint Presentation

Risk Assessment and Management

- 95 Views
- Uploaded on

Download Presentation
## PowerPoint Slideshow about ' Risk Assessment and Management' - daniel-kelley

**An Image/Link below is provided (as is) to download presentation**

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.

- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript

Getting the Measure of Risk

- Having understood the potential accident sequences associated with a hazard (e.g. using ETA) …
- Next step is to determine the severity of the credible accidents identified
- Remember risk is the product of severity and probability of an accident
- Two different approaches:
- Estimate probability of accident, and hence get a measure of accident risk… then decide whether estimated risk is acceptable
- Used in many domains, including rail, military aerospace
- Will discuss this approach first, using rail standards as example

- Establish acceptable risk, and set probability targets
- Civil aerospace approach (ARPs etc.)
- Will discuss this approach later

- Estimate probability of accident, and hence get a measure of accident risk… then decide whether estimated risk is acceptable

Accident Severity

- Accident Severity Categories are qualitative descriptions of consequences of failure conditions (hazards)
- considering likely impact

EN 50126

Accident Probability

Next, estimate (predict) accident probability

- Use historical results, analysis, and engineering judgment to determine appropriate qualitative probability category
- Note we may have to consider both
- how likely hazard is to arise
- how likely hazard is to develop into accident

EN 50126

Classifying Risk

- Having assigned severity and probability associated with hazard consequences …
- Next step is to use a Hazard Risk Matrix to classify the the risk

EN 50126

Accepting Risk

Reasoning about risk

- Using HRI now possible to say, e.g.
Risk(Hazard H1) > Risk(Hazard H2)

- In order to say what is acceptable / unacceptable, must provide an interpretation, e.g.

EN 50126

Managing Risk

Risk Resolution

- Can associate objectives or actions with risk class, e.g.
- technologies used
- development processes
- assessment criteria

- Example, for “undesirable” risk, might decide
- no single point of failure shall lead to system accident
- probability of fatality must be < 1x10-8 per hour
- failure behaviour over time (lifetime of system) must be estimated using accepted engineering mathematics and models

Determining Risk - Civil Aerospace Style 1

Start with determination of severity

- very similar to rail categories

ARP 4761

Determining Risk - Civil Aerospace Style 2

- When severity has been determined, can set objectives (requirements) for risk control
- primarily boundaries on acceptable probability of failure condition (hazard)

Adapted from ARP 4761

Determining Risk - Civil Aerospace Style 3

For civil aerospace, severity-related objectives are set in

standards

- easy to work with
- unambiguous
- provided you can agree on standardised and objective measures of severity!
BUT

- provided you can agree on standardised and objective measures of severity!
- Need to understand that direct mapping from severity to probability objectives is based on important assumption:
Acceptable Risk is fixed and predetermined

Determining Risk - Civil Aerospace Style 4

Where does acceptable risk come from?

- in principle, requirements reflect “what risk the public is willing to accept”
- risk (A) = probability (A) * severity (A)
- level of acceptable risk hard to determine, and subjective

- in practice, certification bodies (airworthiness authorities) act as surrogates for the public
- “bottom line” is hull loss rate
- civil aviation hull loss rate target is currently 10-7 per flying hour
- for comparison, military aviation (UK) hull loss rate target is 10-6 per flying hour

Determining Risk - Civil Aerospace Style 5

- Has further implications:
- implicit assumption about number of catastrophic failure conditions on an aircraft
- also implicit assumption about how probable failure condition is to actually develop into an accident

- Example:
- probability objective (target) for catastrophic failure condition is < 10-9 per flight hour
- target hull loss rate is < 10-7 per flight hour
- implies either a maximum of 100 catastrophic failure conditions on an aircraft, assuming all occurrences of catastrophic failure conditions will develop into hull loss accident
- or if more than 100, must be assumption that not all occurrences will result in loss of aircraft

Determining Risk - Civil Aerospace Style 6

- Note that objective of probability per flying hour has its problems…
- Consider:
- histogram shows accidents / time
- 1.8% of accidents occur in load / taxi / unload

The ALARP Principle 1

ALARP = As Low As Reasonably Practicable

The ALARP Principle 2

- Provides an interpretation of identified risks
- Pragmatic – although you can always spend more money to improve safety, it is not always cost-effective
- However, “cost-effectiveness” introduces ambiguity
- Regions of tolerability defined by regulatory domain and customer
- Approach is often implicit in the management of safety-critical projects anyway
- Helps focus attention on most critical hazards

Risk Reduction Flowchart 1

- Identify and determine risk associated with identified hazards

Precedence in Risk Reduction 1

- Redesign to eliminate risk
- Best where practical
- Change in operational role, or removal of hazardous material

- Best where practical
- Redesign to reduce hazard likelihood
- Select architecture or components
- Duplex or triplex or …
- Higher integrity components, with lower failure rates

- Select architecture or components
- Incorporate mitigation to reduce impact of failures
- Automated protection, e.g. pressure relief valves
- Where incorporated, need to check periodically
- To avoid dormant failures

Precedence in Risk Reduction 2

- Provide warning devices
- Detect the hazardous condition and warn operators
- e.g. indicate that landing gear has not fully deployed
- e.g. to evacuate building due to fire or fumes

- Detect the hazardous condition and warn operators
- Provide procedures and training
- Reduce likelihood of hazard, or mitigate
- may involve use of personal protective equipment

- Do not assume procedures are enough by themselves
- consider evolution of power guillotine regulations

- Reduce likelihood of hazard, or mitigate
- Precedence order
- Elimination is enough by itself
- Others used in combination, typically emphasising automation

Residual Risk - 1

- Residual Risks are those that cannot be ‘designed out’
- risks inherent to design, where benefit is desirable

- Significant residual risks must be formally accepted by the appropriate authority (typically customer / operator)
- Can use Decision Authority Matrix, e.g.

(MIL-STD-882C)

Residual Risk 2

Appropriate Decision Authority (From MIL-STD-882C)

- HIGH – Service Acquisition Executive
- e.g. no ground collision avoidance on F22 – signed off by4-star Air Force General

- MEDIUM – Program Executive Officer
- LOW – Program Manager
- Usually a requirement to document all actions taken to resolve risk within terms of contract
- Customer authority can then decide whether to attempt to apply additional resources to resolve risk or forward decision to higher authority

Summary

- Risk Assessment is the process of identifying the risk associated with system hazards
- Approach in many sectors (military, rail…) is to use Hazard Risk Matrix to determine the risk associated with a hazard from severity and probability estimates
- then decide on acceptability of risk

- Alternative approach (Civil Aerospace) is based around severity
- assumption of fixed level of acceptable risk...
- … so can derive objectives, including probability, from severity

- Both approaches can be used to define how risks should then be tackled in system development

Download Presentation

Connecting to Server..