Risk assessment and management
1 / 23

Risk Assessment and Management - PowerPoint PPT Presentation

  • Uploaded on

Risk Assessment and Management. Getting the Measure of Risk. Having understood the potential accident sequences associated with a hazard (e.g. using ETA) … Next step is to determine the severity of the credible accidents identified

I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
Download Presentation

PowerPoint Slideshow about ' Risk Assessment and Management' - daniel-kelley

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.

- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript

Getting the measure of risk
Getting the Measure of Risk

  • Having understood the potential accident sequences associated with a hazard (e.g. using ETA) …

  • Next step is to determine the severity of the credible accidents identified

  • Remember risk is the product of severity and probability of an accident

  • Two different approaches:

    • Estimate probability of accident, and hence get a measure of accident risk… then decide whether estimated risk is acceptable

      • Used in many domains, including rail, military aerospace

      • Will discuss this approach first, using rail standards as example

    • Establish acceptable risk, and set probability targets

      • Civil aerospace approach (ARPs etc.)

      • Will discuss this approach later

Accident severity
Accident Severity

  • Accident Severity Categories are qualitative descriptions of consequences of failure conditions (hazards)

    • considering likely impact

EN 50126

Accident probability
Accident Probability

Next, estimate (predict) accident probability

  • Use historical results, analysis, and engineering judgment to determine appropriate qualitative probability category

  • Note we may have to consider both

    • how likely hazard is to arise

    • how likely hazard is to develop into accident

EN 50126

Classifying risk
Classifying Risk

  • Having assigned severity and probability associated with hazard consequences …

  • Next step is to use a Hazard Risk Matrix to classify the the risk

EN 50126

Accepting risk
Accepting Risk

Reasoning about risk

  • Using HRI now possible to say, e.g.

    Risk(Hazard H1) > Risk(Hazard H2)

  • In order to say what is acceptable / unacceptable, must provide an interpretation, e.g.

EN 50126

Managing risk
Managing Risk

Risk Resolution

  • Can associate objectives or actions with risk class, e.g.

    • technologies used

    • development processes

    • assessment criteria

  • Example, for “undesirable” risk, might decide

    • no single point of failure shall lead to system accident

    • probability of fatality must be < 1x10-8 per hour

    • failure behaviour over time (lifetime of system) must be estimated using accepted engineering mathematics and models

Determining risk civil aerospace style 1
Determining Risk - Civil Aerospace Style 1

Start with determination of severity

  • very similar to rail categories

ARP 4761

Determining risk civil aerospace style 2
Determining Risk - Civil Aerospace Style 2

  • When severity has been determined, can set objectives (requirements) for risk control

    • primarily boundaries on acceptable probability of failure condition (hazard)

Adapted from ARP 4761

Determining risk civil aerospace style 3
Determining Risk - Civil Aerospace Style 3

For civil aerospace, severity-related objectives are set in


  • easy to work with

  • unambiguous

    • provided you can agree on standardised and objective measures of severity!


  • Need to understand that direct mapping from severity to probability objectives is based on important assumption:

    Acceptable Risk is fixed and predetermined

Determining risk civil aerospace style 4
Determining Risk - Civil Aerospace Style 4

Where does acceptable risk come from?

  • in principle, requirements reflect “what risk the public is willing to accept”

    • risk (A) = probability (A) * severity (A)

    • level of acceptable risk hard to determine, and subjective

  • in practice, certification bodies (airworthiness authorities) act as surrogates for the public

    • “bottom line” is hull loss rate

    • civil aviation hull loss rate target is currently 10-7 per flying hour

      • for comparison, military aviation (UK) hull loss rate target is 10-6 per flying hour

Determining risk civil aerospace style 5
Determining Risk - Civil Aerospace Style 5

  • Has further implications:

    • implicit assumption about number of catastrophic failure conditions on an aircraft

    • also implicit assumption about how probable failure condition is to actually develop into an accident

  • Example:

    • probability objective (target) for catastrophic failure condition is < 10-9 per flight hour

    • target hull loss rate is < 10-7 per flight hour

    • implies either a maximum of 100 catastrophic failure conditions on an aircraft, assuming all occurrences of catastrophic failure conditions will develop into hull loss accident

    • or if more than 100, must be assumption that not all occurrences will result in loss of aircraft

Determining risk civil aerospace style 6
Determining Risk - Civil Aerospace Style 6

  • Note that objective of probability per flying hour has its problems…

  • Consider:

    • histogram shows accidents / time

    • 1.8% of accidents occur in load / taxi / unload

The alarp principle 1
The ALARP Principle 1

ALARP = As Low As Reasonably Practicable

The alarp principle 2
The ALARP Principle 2

  • Provides an interpretation of identified risks

  • Pragmatic – although you can always spend more money to improve safety, it is not always cost-effective

  • However, “cost-effectiveness” introduces ambiguity

  • Regions of tolerability defined by regulatory domain and customer

  • Approach is often implicit in the management of safety-critical projects anyway

  • Helps focus attention on most critical hazards

Risk reduction flowchart 1
Risk Reduction Flowchart 1

  • Identify and determine risk associated with identified hazards

Precedence in risk reduction 1
Precedence in Risk Reduction 1

  • Redesign to eliminate risk

    • Best where practical

      • Change in operational role, or removal of hazardous material

  • Redesign to reduce hazard likelihood

    • Select architecture or components

      • Duplex or triplex or …

      • Higher integrity components, with lower failure rates

  • Incorporate mitigation to reduce impact of failures

    • Automated protection, e.g. pressure relief valves

    • Where incorporated, need to check periodically

      • To avoid dormant failures

Precedence in risk reduction 2
Precedence in Risk Reduction 2

  • Provide warning devices

    • Detect the hazardous condition and warn operators

      • e.g. indicate that landing gear has not fully deployed

      • e.g. to evacuate building due to fire or fumes

  • Provide procedures and training

    • Reduce likelihood of hazard, or mitigate

      • may involve use of personal protective equipment

    • Do not assume procedures are enough by themselves

      • consider evolution of power guillotine regulations

  • Precedence order

    • Elimination is enough by itself

    • Others used in combination, typically emphasising automation

Residual risk 1
Residual Risk - 1

  • Residual Risks are those that cannot be ‘designed out’

    • risks inherent to design, where benefit is desirable

  • Significant residual risks must be formally accepted by the appropriate authority (typically customer / operator)

  • Can use Decision Authority Matrix, e.g.


Residual risk 2
Residual Risk 2

Appropriate Decision Authority (From MIL-STD-882C)

  • HIGH – Service Acquisition Executive

    • e.g. no ground collision avoidance on F22 – signed off by4-star Air Force General

  • MEDIUM – Program Executive Officer

  • LOW – Program Manager

  • Usually a requirement to document all actions taken to resolve risk within terms of contract

  • Customer authority can then decide whether to attempt to apply additional resources to resolve risk or forward decision to higher authority


  • Risk Assessment is the process of identifying the risk associated with system hazards

  • Approach in many sectors (military, rail…) is to use Hazard Risk Matrix to determine the risk associated with a hazard from severity and probability estimates

    • then decide on acceptability of risk

  • Alternative approach (Civil Aerospace) is based around severity

    • assumption of fixed level of acceptable risk...

    • … so can derive objectives, including probability, from severity

  • Both approaches can be used to define how risks should then be tackled in system development