for International Settlement (2011). Principles for the Sound Management of Operational Risk. Basel, Switzerland: https://www.bis.org/publ/bcbs195.pdf (accessed 6 June 2021).
10 BS OHSAS 18001‐2007 (2007). Occupational Health and Safety Management Systems – Requirements. London, UK: British Standards Institution (BSI).
11 BusinessDictionary.com, 2015. (accessed 6 June 2021)http://www.businessdictionary.com/
12 Carlson, C.S. (2012). Effective FMEAs – Achieving Safe, Reliable, and Economical Products and Processes Using Failure Mode and Effects Analysis. Hoboken, NJ: Wiley.
13 EPA. Risk management programs for chemical accidental release prevention. https://www.epa.gov/rmp (accessed 6 June 2021)
14 Manuele, F.A. (2013). On the Practice of Safety. Hoboken, NJ: Wiley.
15 MIL‐STD‐882E (2012). Standard Practice for System Safety. Washington, DC: Department of Defense http://www.system‐safety.org/. Scroll down and click on MIL‐STD‐882E in the right hand column for a free copy.
16 NFPA 70E (2015). Standard for Electrical Safety in the Workplace, 2015e. National Fire Protection Association: Quincy, MA.
17 (1992). OSHA’s Rule for Process Safety Management of Highly Hazardous Chemicals, 1910.119. Washington, DC: Department of Labor, Occupational Safety and Health Administration.
18 OSHA 29 CFR 1910.134. Personal Protective Equipment, General Requirements. Washington, DC: Department of Labor, Occupational Safety and Health Administration.
19 OSH Act of 1970. Section 5, Duties, General Duty Clause. Washington, DC: Department of Labor, Occupational Safety and Health Administration.
20 OSHA Law & Regulations. https://www.osha.gov/laws‐regs/oshact/completeoshact 1970 (accessed 6 June 2021).
21 Rausand, M. (2011). Risk Assessment: Theory, Methods, and Applications. Hoboken, NJ: Wiley.
22 (1996). Risk Management Programs for Chemical Accidental Release Prevention, 40 CFR Part 68. Washington, DC: Environmental Protection Agency.
23 Stephans, R.A. (2004). System Safety for the 21st Century: The Updated and Revised Edition of System Safety 2000. Hoboken, NJ: Wiley.
24 The Institutes. Risk Management Principles and Practices, Quadrants of Risk: Hazard, Operational, Financial, and Strategic. http://www.theinstitutes.org/comet/programs/arm/assets/arm54‐chapter.pdf (accessed 18 March 2015).
25 U.S.NRC. ALARA. United States Nuclear Regulatory Commission Library. On‐line glossary last updated 9 March 2021. http://www.nrc.gov/reading‐rm/basic‐ref/glossary/alara.html (accessed 6 June 2021).
26 Walline, D.L. (2014). Prevention through design: Proven solutions from the field. Professional Safety 59 (11): 43–49.
27 Whiting, J.F. (2013). Effective Risk Assessment in TA, JHA, JSA, JSEA, WMS, TAKE 5, and Incident Investigation. Las Vegas, NV: ASSP Professional Development Conference.
3 Risk Assessment Fundamentals
Bruce Lyon1 and Bruce Hollcroft2
1 Brown & Brown
2 PayneWest Insurance, A Marsh & McLennan Agency LLC Company
OBJECTIVES
Describe the Fundamentals of the Risk Assessment Process
Introduce the Steps in the Process
Describe How to Complete the Steps Successfully
3.1 Introduction
Organizations, whether they realize it or not, are exposed to hazards and their risks each day, some of which may be capable of significantly affecting the ability to achieve important business goals or even remain in business. Risk assessment is an important and sophisticated tool used to assess an organization’s operational risks so that proper decisions can be made to avoid or effectively reduce and manage risks to an acceptable level. It is considered the cornerstone of risk management, and the basis for the practice of safety.
In Europe, the importance of operational risk assessment is well known and publicized as indicated in the following statement from the European Agency for Safety and Health at Work (EU‐OSHA) website.
If the risk assessment process – the start of the health and safety management approach – is not done well or not done at all, the appropriate preventive measures are unlikely to be identified or put in place.
(EU‐OSHA 2015)
In fact, risk assessments are a common practice in Europe, Australia, New Zealand, Canada, and other parts of the world. In the United Kingdom, risk assessments have been legally required since 1999 by the Health and Safety Executive (HS&E). As previously stated, the United States is behind other parts of the world in the use of risk assessment; however, there is momentum being generated by recent standards, risk‐centric organizations, and their leaders.
3.2 Risk Assessment Within the Risk Management Process
A central theme in this text is the concept of assessing risk within the principles, framework, and process of risk management. According to the American National Standard Institute’s ANSI/ASSP/ISO 31000 risk management standard, risk management is defined as “coordinated activities to direct and control an organization with regard to risk.” In a way, it is the process of making management decisions based on known risks and the organization’s acceptance of those risks.
The term “risk assessment” is often misused. It’s the authors’ experience that some organizations (and even some safety professionals) refer to hazard inspections, analyses, surveys, and compliance audits as “risk assessments.” Thus, a clear understanding of the term is necessary. ANSI/ASSP/ISO 31000 states there are three distinct sequential components to the act of “risk assessment” which are:
1 Risk Identification – finding, recognizing, and recording hazards.
2 Risk Analysis – understanding consequences and probabilities and existing controls.
3 Risk Evaluation – comparing levels of risk and considering additional controls.
Consequences are the potential outcomes of an undesirable event which is measured by severity. Probability or likelihood is an estimation of the chances of the undesirable event occurring over a unit of time or for a specific activity. Risk assessment is an attempt to “predict” the worst event that could reasonably happen as a result of the hazard or operation, and how likely it is to occur. This estimation is often qualitative in nature; however, some are semiquantitative or quantitative based. It is important to remember that the risk level relates to uncertainty and its effect on an organization’s ability to achieve its objectives.
Within the risk management process, risk assessment is the primary component. This is illustrated in Figure 3.1 adapted from the ANSI/ASSP/ISO 31000 risk management consensus standard.