risk assessment and management n.
Skip this Video
Download Presentation
Risk Assessment and Management

Loading in 2 Seconds...

play fullscreen
1 / 23

Risk Assessment and Management - PowerPoint PPT Presentation

  • Uploaded on

Risk Assessment and Management. Getting the Measure of Risk. Having understood the potential accident sequences associated with a hazard (e.g. using ETA) … Next step is to determine the severity of the credible accidents identified

I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
Download Presentation

PowerPoint Slideshow about 'Risk Assessment and Management' - daniel-kelley

Download Now An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.

- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
getting the measure of risk
Getting the Measure of Risk
  • Having understood the potential accident sequences associated with a hazard (e.g. using ETA) …
  • Next step is to determine the severity of the credible accidents identified
  • Remember risk is the product of severity and probability of an accident
  • Two different approaches:
    • Estimate probability of accident, and hence get a measure of accident risk… then decide whether estimated risk is acceptable
      • Used in many domains, including rail, military aerospace
      • Will discuss this approach first, using rail standards as example
    • Establish acceptable risk, and set probability targets
      • Civil aerospace approach (ARPs etc.)
      • Will discuss this approach later
accident severity
Accident Severity
  • Accident Severity Categories are qualitative descriptions of consequences of failure conditions (hazards)
    • considering likely impact

EN 50126

accident probability
Accident Probability

Next, estimate (predict) accident probability

  • Use historical results, analysis, and engineering judgment to determine appropriate qualitative probability category
  • Note we may have to consider both
    • how likely hazard is to arise
    • how likely hazard is to develop into accident

EN 50126

classifying risk
Classifying Risk
  • Having assigned severity and probability associated with hazard consequences …
  • Next step is to use a Hazard Risk Matrix to classify the the risk

EN 50126

accepting risk
Accepting Risk

Reasoning about risk

  • Using HRI now possible to say, e.g.

Risk(Hazard H1) > Risk(Hazard H2)

  • In order to say what is acceptable / unacceptable, must provide an interpretation, e.g.

EN 50126

managing risk
Managing Risk

Risk Resolution

  • Can associate objectives or actions with risk class, e.g.
    • technologies used
    • development processes
    • assessment criteria
  • Example, for “undesirable” risk, might decide
    • no single point of failure shall lead to system accident
    • probability of fatality must be < 1x10-8 per hour
    • failure behaviour over time (lifetime of system) must be estimated using accepted engineering mathematics and models
determining risk civil aerospace style 1
Determining Risk - Civil Aerospace Style 1

Start with determination of severity

  • very similar to rail categories

ARP 4761

determining risk civil aerospace style 2
Determining Risk - Civil Aerospace Style 2
  • When severity has been determined, can set objectives (requirements) for risk control
    • primarily boundaries on acceptable probability of failure condition (hazard)

Adapted from ARP 4761

determining risk civil aerospace style 3
Determining Risk - Civil Aerospace Style 3

For civil aerospace, severity-related objectives are set in


  • easy to work with
  • unambiguous
    • provided you can agree on standardised and objective measures of severity!


  • Need to understand that direct mapping from severity to probability objectives is based on important assumption:

Acceptable Risk is fixed and predetermined

determining risk civil aerospace style 4
Determining Risk - Civil Aerospace Style 4

Where does acceptable risk come from?

  • in principle, requirements reflect “what risk the public is willing to accept”
    • risk (A) = probability (A) * severity (A)
    • level of acceptable risk hard to determine, and subjective
  • in practice, certification bodies (airworthiness authorities) act as surrogates for the public
    • “bottom line” is hull loss rate
    • civil aviation hull loss rate target is currently 10-7 per flying hour
      • for comparison, military aviation (UK) hull loss rate target is 10-6 per flying hour
determining risk civil aerospace style 5
Determining Risk - Civil Aerospace Style 5
  • Has further implications:
    • implicit assumption about number of catastrophic failure conditions on an aircraft
    • also implicit assumption about how probable failure condition is to actually develop into an accident
  • Example:
    • probability objective (target) for catastrophic failure condition is < 10-9 per flight hour
    • target hull loss rate is < 10-7 per flight hour
    • implies either a maximum of 100 catastrophic failure conditions on an aircraft, assuming all occurrences of catastrophic failure conditions will develop into hull loss accident
    • or if more than 100, must be assumption that not all occurrences will result in loss of aircraft
determining risk civil aerospace style 6
Determining Risk - Civil Aerospace Style 6
  • Note that objective of probability per flying hour has its problems…
  • Consider:
    • histogram shows accidents / time
    • 1.8% of accidents occur in load / taxi / unload
the alarp principle 1
The ALARP Principle 1

ALARP = As Low As Reasonably Practicable

the alarp principle 2
The ALARP Principle 2
  • Provides an interpretation of identified risks
  • Pragmatic – although you can always spend more money to improve safety, it is not always cost-effective
  • However, “cost-effectiveness” introduces ambiguity
  • Regions of tolerability defined by regulatory domain and customer
  • Approach is often implicit in the management of safety-critical projects anyway
  • Helps focus attention on most critical hazards
risk reduction flowchart 1
Risk Reduction Flowchart 1
  • Identify and determine risk associated with identified hazards
precedence in risk reduction 1
Precedence in Risk Reduction 1
  • Redesign to eliminate risk
    • Best where practical
      • Change in operational role, or removal of hazardous material
  • Redesign to reduce hazard likelihood
    • Select architecture or components
      • Duplex or triplex or …
      • Higher integrity components, with lower failure rates
  • Incorporate mitigation to reduce impact of failures
    • Automated protection, e.g. pressure relief valves
    • Where incorporated, need to check periodically
      • To avoid dormant failures
precedence in risk reduction 2
Precedence in Risk Reduction 2
  • Provide warning devices
    • Detect the hazardous condition and warn operators
      • e.g. indicate that landing gear has not fully deployed
      • e.g. to evacuate building due to fire or fumes
  • Provide procedures and training
    • Reduce likelihood of hazard, or mitigate
      • may involve use of personal protective equipment
    • Do not assume procedures are enough by themselves
      • consider evolution of power guillotine regulations
  • Precedence order
    • Elimination is enough by itself
    • Others used in combination, typically emphasising automation
residual risk 1
Residual Risk - 1
  • Residual Risks are those that cannot be ‘designed out’
    • risks inherent to design, where benefit is desirable
  • Significant residual risks must be formally accepted by the appropriate authority (typically customer / operator)
  • Can use Decision Authority Matrix, e.g.


residual risk 2
Residual Risk 2

Appropriate Decision Authority (From MIL-STD-882C)

  • HIGH – Service Acquisition Executive
    • e.g. no ground collision avoidance on F22 – signed off by4-star Air Force General
  • MEDIUM – Program Executive Officer
  • LOW – Program Manager
  • Usually a requirement to document all actions taken to resolve risk within terms of contract
  • Customer authority can then decide whether to attempt to apply additional resources to resolve risk or forward decision to higher authority
  • Risk Assessment is the process of identifying the risk associated with system hazards
  • Approach in many sectors (military, rail…) is to use Hazard Risk Matrix to determine the risk associated with a hazard from severity and probability estimates
    • then decide on acceptability of risk
  • Alternative approach (Civil Aerospace) is based around severity
    • assumption of fixed level of acceptable risk...
    • … so can derive objectives, including probability, from severity
  • Both approaches can be used to define how risks should then be tackled in system development