Risk Assessment and Management

1 / 23

# Risk Assessment and Management - PowerPoint PPT Presentation

Risk Assessment and Management. Getting the Measure of Risk. Having understood the potential accident sequences associated with a hazard (e.g. using ETA) … Next step is to determine the severity of the credible accidents identified

I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.

## PowerPoint Slideshow about 'Risk Assessment and Management' - daniel-kelley

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.

- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript

### Risk Assessment and Management

Getting the Measure of Risk
• Having understood the potential accident sequences associated with a hazard (e.g. using ETA) …
• Next step is to determine the severity of the credible accidents identified
• Remember risk is the product of severity and probability of an accident
• Two different approaches:
• Estimate probability of accident, and hence get a measure of accident risk… then decide whether estimated risk is acceptable
• Used in many domains, including rail, military aerospace
• Will discuss this approach first, using rail standards as example
• Establish acceptable risk, and set probability targets
• Civil aerospace approach (ARPs etc.)
• Will discuss this approach later
Accident Severity
• Accident Severity Categories are qualitative descriptions of consequences of failure conditions (hazards)
• considering likely impact

EN 50126

Accident Probability

Next, estimate (predict) accident probability

• Use historical results, analysis, and engineering judgment to determine appropriate qualitative probability category
• Note we may have to consider both
• how likely hazard is to arise
• how likely hazard is to develop into accident

EN 50126

Classifying Risk
• Having assigned severity and probability associated with hazard consequences …
• Next step is to use a Hazard Risk Matrix to classify the the risk

EN 50126

Accepting Risk

• Using HRI now possible to say, e.g.

Risk(Hazard H1) > Risk(Hazard H2)

• In order to say what is acceptable / unacceptable, must provide an interpretation, e.g.

EN 50126

Managing Risk

Risk Resolution

• Can associate objectives or actions with risk class, e.g.
• technologies used
• development processes
• assessment criteria
• Example, for “undesirable” risk, might decide
• no single point of failure shall lead to system accident
• probability of fatality must be < 1x10-8 per hour
• failure behaviour over time (lifetime of system) must be estimated using accepted engineering mathematics and models
Determining Risk - Civil Aerospace Style 1

• very similar to rail categories

ARP 4761

Determining Risk - Civil Aerospace Style 2
• When severity has been determined, can set objectives (requirements) for risk control
• primarily boundaries on acceptable probability of failure condition (hazard)

Determining Risk - Civil Aerospace Style 3

For civil aerospace, severity-related objectives are set in

standards

• easy to work with
• unambiguous
• provided you can agree on standardised and objective measures of severity!

BUT

• Need to understand that direct mapping from severity to probability objectives is based on important assumption:

Acceptable Risk is fixed and predetermined

Determining Risk - Civil Aerospace Style 4

Where does acceptable risk come from?

• in principle, requirements reflect “what risk the public is willing to accept”
• risk (A) = probability (A) * severity (A)
• level of acceptable risk hard to determine, and subjective
• in practice, certification bodies (airworthiness authorities) act as surrogates for the public
• “bottom line” is hull loss rate
• civil aviation hull loss rate target is currently 10-7 per flying hour
• for comparison, military aviation (UK) hull loss rate target is 10-6 per flying hour
Determining Risk - Civil Aerospace Style 5
• Has further implications:
• implicit assumption about number of catastrophic failure conditions on an aircraft
• also implicit assumption about how probable failure condition is to actually develop into an accident
• Example:
• probability objective (target) for catastrophic failure condition is < 10-9 per flight hour
• target hull loss rate is < 10-7 per flight hour
• implies either a maximum of 100 catastrophic failure conditions on an aircraft, assuming all occurrences of catastrophic failure conditions will develop into hull loss accident
• or if more than 100, must be assumption that not all occurrences will result in loss of aircraft
Determining Risk - Civil Aerospace Style 6
• Note that objective of probability per flying hour has its problems…
• Consider:
• histogram shows accidents / time
The ALARP Principle 1

ALARP = As Low As Reasonably Practicable

The ALARP Principle 2
• Provides an interpretation of identified risks
• Pragmatic – although you can always spend more money to improve safety, it is not always cost-effective
• However, “cost-effectiveness” introduces ambiguity
• Regions of tolerability defined by regulatory domain and customer
• Approach is often implicit in the management of safety-critical projects anyway
• Helps focus attention on most critical hazards
Risk Reduction Flowchart 1
• Identify and determine risk associated with identified hazards
Precedence in Risk Reduction 1
• Redesign to eliminate risk
• Best where practical
• Change in operational role, or removal of hazardous material
• Redesign to reduce hazard likelihood
• Select architecture or components
• Duplex or triplex or …
• Higher integrity components, with lower failure rates
• Incorporate mitigation to reduce impact of failures
• Automated protection, e.g. pressure relief valves
• Where incorporated, need to check periodically
• To avoid dormant failures
Precedence in Risk Reduction 2
• Provide warning devices
• Detect the hazardous condition and warn operators
• e.g. indicate that landing gear has not fully deployed
• e.g. to evacuate building due to fire or fumes
• Provide procedures and training
• Reduce likelihood of hazard, or mitigate
• may involve use of personal protective equipment
• Do not assume procedures are enough by themselves
• consider evolution of power guillotine regulations
• Precedence order
• Elimination is enough by itself
• Others used in combination, typically emphasising automation
Residual Risk - 1
• Residual Risks are those that cannot be ‘designed out’
• risks inherent to design, where benefit is desirable
• Significant residual risks must be formally accepted by the appropriate authority (typically customer / operator)
• Can use Decision Authority Matrix, e.g.

(MIL-STD-882C)

Residual Risk 2

Appropriate Decision Authority (From MIL-STD-882C)

• HIGH – Service Acquisition Executive
• e.g. no ground collision avoidance on F22 – signed off by4-star Air Force General
• MEDIUM – Program Executive Officer
• LOW – Program Manager
• Usually a requirement to document all actions taken to resolve risk within terms of contract
• Customer authority can then decide whether to attempt to apply additional resources to resolve risk or forward decision to higher authority
Summary
• Risk Assessment is the process of identifying the risk associated with system hazards
• Approach in many sectors (military, rail…) is to use Hazard Risk Matrix to determine the risk associated with a hazard from severity and probability estimates
• then decide on acceptability of risk
• Alternative approach (Civil Aerospace) is based around severity
• assumption of fixed level of acceptable risk...
• … so can derive objectives, including probability, from severity
• Both approaches can be used to define how risks should then be tackled in system development