Basics of Risk Management

Compiled by Project Risk Team Member

Dr. Alim Hashem El Sayed

JEP 30095

December 2005

Acknowledgement

This introductory manuscript is planned for initiating undergraduate

engineering students on the principles and basics of risk assessment.

The manuscript is divided into six chapters: chapters 1 & 2 are basic
definitions. The author, Dr. Abdel Alim \hashem, and Risk Project Team are
indebted to Dr. Yasser El Shayeb, Assisstant Professor, Mining, Petroleum
and Metallurgical Engineering Department, CUFE for supplying the main
material for Chapters 3 and 4. Chapters 5 and 6 are succinctness compiled
from references cited at the end of the manuscript.
 Purpose

The purpose of this course is to provide the students with a structured system for
identifying hazard, assessing risks associated with those hazards, putting measures
to control the unacceptable risks and to review the control measures to ensure they
are effective and have not introduced new hazards. This called Risk Management
Process

Objectives

1. Assess and analysis risk in oil and gas production operations.

2. Discuss the advantages, limitations and range of applicability of each hazard
analysis method so that its selection and integration into the overall process
is fully understood presenting a generic overview on the hazard
identification.
3. HAZOP analysis and its identification.
4. Learn the basic vocabulary unique to the hazard and operability in industrial
plants.
5. Raise general awareness of the need to apply hazard identifications
technique, HAZOP.
6. Share knowledge and experiences on HAZOP related issues in different
industrial plant.
7. Enable students to understand the impacts of industry activities on the HSE
to discuss on professional level the best practical solutions and make/advise
on well informed decisions for industry activities.
8. Help participants to judge the HSE consequences of, and advise on
mitigating measures, for industry activities.
 Table of Contents
Objectives 3

List of Figures 7

List of Tables 8

Chapter 1: Risk Definition and Accident Theory 9

1.1 Definitions 9

1.2 Basics of Risk Assessment 12

1.2.1 Risk assessment process 13

1.3 Accident Theory 15

1.3.1 Single factor theory 17

1.3.2 Multiple factors theory 18

1.3.3 Domino effect theory 18

1.3.4 Energy transfer theory 20

1.3.5 The “Symptoms versus Causes” theory 20

1.4 Structure of Accidents 21

1.5 The Role of Human Error in Accidents 21

1.5.1 The traditional concept of human error 22

1.5.2 Classification of human errors 23

1.5.3 Classifying active failures 24

1.5.4 Latent failures 26

1.5.5 Strategies for reducing human error 27

1.5.6 Actions for overcoming active failures 27

1.6 Reasons for Preventing Accidents 28

1.6.1 Moral 28
 1.6.2 Costs 29

1.6.3 Legislation 31

1.5.4 Accident trends 32

1.7 Summary 32

Chapter 2: Importance of Risk Management 34

2.1 Importance 34

2.2 Principle of Risk Management 34

2.3 Hazard Identifications 34

2.3.1 Previous accident reports 35

2.3.2 Physical inspection of the workplace 35

2.3.3 Brainstorming 39

2.3.4 Knowledge of employees 40

2.3.5 Trade Journals 40

2.3.6 OSHA (Occupational Safety & Hazard Administration) publication and safety
alerts 44

2.3.7 Manufacturers instruction books 47

2.3.8 Sample inspection worksheet 47

2.4 Risk Examples in Pictures 49

2.5 Common Risks Associated with New Project 55

2.5.8 Political risk 57

2.5.10 Environmental risk 58

Chapter 3 Identification of Risks 59

3.1 Preliminary Risk Analysis (PRA) 60

3.2 Failure Modes, Effect and Criticality Analysis (FMECA) 61

3.2.1 Objectives and domains of applications 61

3.2.2 Preparation for the study and the methodology of analysis 62

 3.3 HAZOP 64

3.3.1 What is HAZOP? 64

3.3.2 When is a HAZOP Carried Out? 67

3.3.3 Some Points to Watch during HAZOP 67

3.4 What is Risk Assessment? 68

3.4.1 Likelihood 69

3.4.2 Consequences 71

3.4.3 Risk matrix 73

3.4.5 Risk management worksheets 74

3.5 Risk Control 75

3.5.1 Hierarchy of control 76

3.5.2 Elimination 76

3.5.3 Substitution 76

3.5.4 Separation 77

3.5.5 Administration 77

3.5.6 Personal protective equipment (PPE) 77

3.6 Apply Hierarchy of Control 80

3.7 Monitoring and Review 80

3.8 Conclusion 81

Chapter 4 Methods of System Analysis 82

4.1 Introduction 82

4.2 Markov Chains 83

4.2.1 Presentation of the Process 84

4.3 PETRI Network 86

4.4 Simulation, (The Monte Carlo Technique) 87

 4.5 Fault Trees 88

4.5.1 The construction of the tree. 88

4.6 Critical Analysis of System (Simulation) 89

4.6.1 Example 1: simulation of a CPM network 89

4.6.2 Results 92

Chapter 5: The Process of Fire Risk Management 93

5.1 Methodology of Hazard Identification 94

5.2 Fire Risk Assessment 94

5.2.1 The primary steps in fire risk assessment include: 94

5.2.2 Type of risk assessment 95

5.2.3 Risk management 95

5.2.4 Risk management for handling fire risk exposure 96

5.2.5 Cost /benefit analysis 96

5.2.6 Development and monitoring of loss control program 96

5.2.7 Fire prevention 97

Chapter 6: Summary of Risk Assessment Steps in Workplace 98

6.1 Step 1: Look for the Hazards 99

6.2 Step 2: Decide Who Might Be Harmed, and How 99

6.3 Step 3: Evaluate The Risks And Decide Whether Existing Precautions Are Adequate or
More Should Be Done. 99

6.4 Step 4: Record Your Findings 101

6.5 Step 5: Review Your Assessment and Revise It If Necessary 102

Acronyms 102

Appendices 104

Appendix 1: Some Important Pieces of Health and Safety Legislation 104

 A.1.1 Besides the Health and Safety at Work Act itself, the following apply across the
full range of workplaces: 104

A.1.2 specific regulations cover particular areas, as asbestos and lead, 105

Glossary of Risk Terms 107

 List of Figures

117 1

117 7

Figure 1: Elements of risk assessment 13

Figure 2: Risk assessment process 14

Figure 3: Risk assessment methods 15

Figure 4: Gas pipeline fire 16

Figure 5: Human Fall from a ship 16

Figure 6: Fire in an offshore oil and gas production platform 17

Figure 7: Causes of workplace fatalities 17

Figure 8: Domino theory illustration 19

Figure 9: Structure of accident 21

Figure 10: Classification of human failure 24

Figure 11: Cost of accidents in USA 30

Figure 12: Insurance and accident costs 31

Figure 13: Slipping or tripping at work 49

Figure 14: Getting into contact with hazardous material (asbestos, fumes, etc. ) 50

Figure 15: Performing work at height 50

Figure 16: Handling, transporting or supporting loads while suffering from sprains, strains, or
pains 50

Figure 17: Having long exposure to computers or other display screen equipment 51

Figure 18: Working at a noisy place: causes hearing loss or deafness. 51

Figure 19: Predictable or unpredictable, controlled or uncontrolled risk associated with
natural or climate phenomena. 51

Figure 20: Being exposed to vibration 52

Figure 21: Getting hurt by electricity 53

Figure 22: Neglecting maintenance or doing unsafe maintenance work 53

Figure 23: Improper selection of work equipment 54

Figure 24: Risks resulting from transport, road traffic, road conditions 54

Figure 25: Risk associated with pressure systems 54

Figure 26: Risks resulting from fire or explosions or use or storage of explosive materials or
chemicals 55

Figure 27: Feeling stressed by work 55

Figure 28: Identification and analysis of risk 59

117 59

Figure 29: Preparation of the analysis 63

Figure 30: Flow chart of the method HAZOP 66

Figure 31: Five degree probability (likelihood) scale 70

Figure 32: Four degree probability (likelihood) scale 70

Figure 33: Five degree consequences (severity) scale 72

Figure 34: Four degree consequences (severity) scale 73

Figure 35: 9X9 risk matrix 74

Figure 36: Risk matrix after applying preventive measures 75

Figure 37: Stochastic Processes 83

Figure 38: Parallel system of two components 84

Figure 39: Graphical Presentation of the System 85

Figure 41: Network model of the Project 90

Figure 42: Final critical paths for the network 92

Figure 43: Hazard identification 93

List of Tables

Table 1: Inspection report 38

Table 2: Sample inspection worksheet 48

Table 3: Sample inspection of pizza shop 48

Table 4: Maximum daily duration per day for sound levels 52

Table 5: Action and corresponding sound level 53

Table 6: Some of the physical risks originates from work operations 58

Table 7: PRA 60

Table 8: Deviation generated by each guide word 65

Table 9: HAZOP 68

Table 10: Risk matrix based on consequences and likelihood 73

Table 11: Example of risk management worksheet 74

Table 12: Protective requirement for eye, head, and foot/toe 78

Table 13: Protective requirement for hand, hearing and respiratory 79

Table 14: Different states of the system. 84

Table 15: Random observations 91

Table 16: Critical Index of activities (activities with * means that it was on the Critical Path
in this sample). 91
 Chapter 1: Risk Definition and Accident Theory

1.1 Definitions

The term “risk” is used in a variety of ways in everyday speech. It is

frequently to refer to activities such as rock-climbing or day-trading stocks
as “risky”; or discuss “risk” of getting the flu this coming winter. In the case
of rock-climbing and day-trading, “risky” is used to mean hazardous or
dangerous. In the latter reference, “risk” refers to the probability of a
defined outcome (the chance of contracting the flu). Before beginning a
discussion of risk assessment, it is important to provide a clear definition of
the term “risk” and some of the other terminology used in the risk
assessment field.

For the purposes of this course, discussion will be limited to the risk of
unintended incidents occurring which may threaten the safety of
individuals, the environment or a facility’s physical assets. In this setting, a
number of terms have to be defined:

 Hazards or Threats: are conditions which exist and may potentially

lead to an undesirable event.
 Controls: are the measures taken to prevent hazards from causing
undesirable events. Controls can be physical (safety shutdowns,
redundant controls, conservative designs, etc.), procedural (written
operating procedures), and can address human factors (employee
selection, training, supervision).
 Health: Acute and chronic ill health caused by physical, chemical or
biological agents as well as adverse effects on mental health.
 Event: is an occurrence that has an associated outcome. There are
typically a number of potential outcomes from any one initial event
which may range in severity from trivial to catastrophic, depending
upon other conditions and add-on events.
 Risk: is composed of two elements, frequency and consequence.
Risk is defined as the product of the frequency with which an event is
anticipated to occur and the consequence of the event’s outcome.

Risk = Frequency × Consequence

 Frequency or likelihood or probability: The frequency of a

potential undesirable event is expressed as events per unit time,
usually per year. The frequency should be determined from historical
data if a significant number of events have occurred in the past.
Often, however, risk analyses focus on events with more severe
consequences (and low frequencies) for which little historical data
 exist. In such cases, the event frequency is calculated using risk
assessment models.

 Consequence or severity or gravity: can be expressed as the

number of people affected (injured or killed), property damaged,
amount of spill, area affected, outage time, mission delay, dollars
lost, etc. Regardless of the measure chosen, the consequences are
expressed “per event”. Thus the above equation has the units
“events/year” times “consequences/event”, which equals
“consequences/year”, the most typical quantitative risk measure.

Hazard Effect

The consequences, which could result from a hazard being realized

 Types of hazards:-

o Biological hazards

Bacteria

o Environmental

Wastes &Toxic gases

o Social and Loss of Image

Loss of image of department or organization as a result of conditions and

hazards contained in the building

o Human

Irresponsible behaviors, being careless

o Managerial

Loss of control

o Electrical
 Eclectic shock could lead to fire, explosion, equipment failure, and
people fatalities

o Mechanical

Mechanical failure could lead to equipment damage

o Radiation

Radioactive hazards

Radiation hazards may emanate from the use of mobile phones and
interference with lab equipment!

o Chemical

Flammable and toxic materials could lead to chemical hazards.

o Infrastructural

Short windows, broken glass, lift problems.

o Economical

Any shortage in the faculty budget could lead to economical hazard

o Fire/Explosion

Any source of fire plus oxygen could lead to big losses.

o Natural

Any natural situation a such as flood, hurricanes, earthquake,

landslide

 Risk Matrix: Represents the relation between the probability and the
severity

 The Residual Risk: The residual risk after Appling the method which reduce
the hazard
  Significant: Indicates that a Hazard or a Risk is anything other than trivial.
A significant risk is one which requires some form of positive safeguard to
eliminate it or reduce it to an acceptable level.

 Task: An individual work assignment carried out by one or more persons. 

Risks arise from the interaction of people, equipment, materials and the
work environment. For the purposes of this practice, they can be described
as follows:

o Task-related

Effect, caused by the activities of people in the workplace

o Inherent

It is an effect associated with the design of the workplace, its

equipment and its location.

o Process-related:

Effect, arising from the process being carried out, the properties of
the fluid and the process condition

o Safety Measures

A precautionary measures which prevents or reduces a risk.

Safety measures can be classified as physical, procedural,
human, time-related or contingency.

1.2 Basics of Risk Assessment

Risk assessment is the process of gathering data and synthesizing
information to develop an understanding of the risk of a particular
enterprise. To gain an understanding of the risk of an operation, one must
answer the following three questions:

1. What can go wrong?

2. How likely is it?
3. What are the impacts?

Qualitative answers to one or more of these questions are often sufficient

for making good decisions. However, as managers seek more detailed
cost/benefit information upon which to base their decisions, they may wish
to use quantitative risk assessment (QRA) methods. Both qualitative and
quantitative methods are discussed in this document. Figure 1 below
illustrates the elements of Risk Assessment.

Figure 1: Elements of risk assessment

More details about the tools and methods available for conducting risk
assessments, considerations for setting up an assessment, information
about relevant regulatory requirements and examples of risk assessment
applications will be provided. Before initiating a risk assessment, all parties
involved should have a common understanding of the goals of the exercise,
the methods to be used, the resources required, and how the results will be
applied.

1.2.1 Risk assessment process

To use a systematic method to determine risk levels, the Risk Assessment

Process is applied. This process consists of four basic steps:

1. Hazard Identification
2. Frequency Assessment
3. Consequence Assessment, and
4. Risk Evaluation

The level of information needed to make a decision varies widely. In some

cases, after identifying the hazards, qualitative methods of assessing
frequency and consequence are satisfactory to enable the risk evaluation.
In other cases, a more detailed quantitative analysis is required. The Risk
Assessment Process is illustrated in Figure 2, and the results possible from
qualitative and quantitative approaches are described. There are many
different analysis techniques and models that have been developed to aid
in conducting risk assessments. Some of these methods are summarized
in Figure 3. A key to any successful risk analysis is choosing the right
method (or combination of methods) for the situation at hand. For each
step of the Risk Assessment Process, this part provides a brief introduction
to some of the analysis methods available and suggests risk analysis
approaches to support different types of decision making within the
maritime and offshore industries. For more information on applying a
particular method or tool, the following chapters will identify clearly the
steps followed for risk assessment. It should be noted that some of these
methods (or slight variations) can be used for more than one step in the
risk assessment process. For example, every tree analysis can be used for
frequency assessment as well as for consequence assessment. Figure 3
lists the methods only under the most common step to avoid repetitions.
Figure 2: Risk assessment process

Figure 3: Risk assessment methods

1.3 Accident Theory

The increasing size and complexity of industrial processes creates

increased scope for major disasters, leading to greatly increased public
concern about industrial safety. The last two decades have seen a series of
such disasters both world-wide (e.g. Bhopal, Seveso, and Cheroybl) and
the UK (e.g. Clapham Junction, King’s Cross, Piper Alpha, Herald of Free
Enterprise, Ladbrock Grove, Paddington) and in Egypt (e.g. Salim Furry,
Upper Egypt Train).

In the UK, the 1990 Labor Force Survey stated that there were an
estimated 1.6 million accidents at work where 750,000 people suffered ill
health caused or made worse by working conditions. In all 30 million
working days were lost in which 20,000 people were forced to give up work.

It is estimated that each year there are 3 million fatalities resulting from
accidents or poisoning, the majority of which occur in under developing
countries. Occupational accidents, defined as those accidents that occur at
the place of work, are also of major concern. Each year 180,000 people are
killed as a result of accidents at work, whilst 110 million are injured (Harms
Ringdahl, 1992).

According to data collected in 1988 (Hoyos & Zimolong, 1988), in the USA
a fatal accident occurs every 6 minutes, a fatal occupational injury occurs
every 46 minutes and a work accident that results in an injury occurs every
17 seconds. In 1992, more then 86,000 people died in the US. The
following figures show some accidents and workplace fatalities.
 Figure 4: Gas pipeline fire

Figure 5: Human Fall from a ship

Figure 6: Fire in an offshore oil and gas production platform

 Figure 7: Causes of workplace fatalities

There are some theories concerning the causes of accidents to give us an

insight into how we should approach the task of risk management.

1.3.1 Single factor theory

This theory stems from the assumption that an accident is a result of a

single cause. If this single cause can be identified and eliminated, the
accident will not be repeated. People who have even the most basic of risk
training do not accept this theory.

Example: A person in a hurry walks through a poorly lit area and trips over a
piece of wood.

Single Factor Theory Solution: Remove the offending piece of wood to

solve the problem.

Reality: Accidents always have more than one contributing factor

1.3.2 Multiple factors theory

It says that an accident occurs when a number of factors act together to cause an
accident. This and similar ideas are favored by most experienced risk participations

Example: A person in a hurry walks through a poorly lit area and trips over
a piece of wood.

Multiple Factors Theory Solution: this theory would require answers to

such question as:

Was there a necessity for the person to walk in that area or was there a
safer route?

If the person was not in a hurry, would he have been more aware of their
surroundings and avoided the wood?

If the area were better lit, would the person have avoided the wood?

Could the wood have been removed?

The answer of these questions shows that not only the person is
responsible for the accident.
1.3.3 Domino effect theory

According to W.H. Heinrich (1931), who developed the so-called domino

theory, 88% of all accidents are caused by unsafe acts of people, 10% by
unsafe actions and 2% by “acts of God”. He proposed a “five-factor
accident sequence” in which each factor would actuate the next step in the
manner of toppling dominoes lined up in a row. The sequence of accident
factors is as follows:

1. Ancestry and social environment: Those conditions that make us take

or accept risk.
2. Worker fault or Undesirable Human Trait: Anger, careless, tiredness,
lack of understanding, un-attention.
3. Unsafe act or condition together with mechanical and physical
hazard: Poor planning, unsafe equipment, hazardous environment.
4. Accident: The accident occurs when the above events conspire
(combine) to cause something to go wrong.
5. Damage or injury: Injury occurs when the person sustains damage.

Figure 8: Domino theory illustration

Often accidents occur without injury and they are referred to as near
misses. All too often, these near misses are ignored until, figuratively
speaking, the last domino is knocked over and the injury occurs.

In the same way that the removal of a single domino in the row would
interrupt the sequence of toppling, Heinrich suggested that removal of one
of the factors would prevent the accident and resultant injury; with the key
domino to be removed from the sequence being number 3. Although
Heinrich provided no data for his theory, it nonetheless represents a useful
point to start discussion and a foundation for future research.

The domino theory has its merits but may be too limited to consistently
reflect reality. A more accurate picture of reality may gain by combining the
elements of the Multiple Factors Theory and the Domino Effect.

1.3.4 Energy transfer theory

It states that accidents are more likely to happen at or during a transfer of

energy. The rate of energy release is important because the greater the
rate of release the greater the potential for damage. It should be noted that
this concept of identifying hazards is very limited and not dissimilar to the
Single Factor theory. Factors other than energy release are important.

Those who accept the energy transfer theory put forward the claim that a
worker incurs injury or equipment suffers damage through a change of
energy, and that for every change of energy there is a source, a path and a
receiver. This theory is useful for determining injury causation and
evaluating energy hazards and control methodology. Strategies can be
developed which are preventive, limiting or ameliorating with respect to the
energy transfer. Control of energy transfer at the source can be achieved
by the following means:

 Elimination of the source

 Changes made to the design or specification of elements of the work
station
 Preventive maintenance.

The path of energy transfer can be modified by:

 Enclosure of the path

 Installation of barriers
 Installation of absorbers
 Positioning of isolators.

The receiver of energy transfer can be assisted by adopting the following

measures:

 Limitation of exposure
 Use of personal protective equipment
1.3.5 The “Symptoms versus Causes” theory

The “symptoms versus causes” theory is not so much a theory as an

admonition to be heeded if accident causation is to be understood. Usually,
when investigating accidents, we tend to fasten upon the obvious causes of
the accident to the neglect of the root causes. Unsafe acts and unsafe
conditions are the symptoms—the proximate causes—and not the root
causes of the accident.

1.4 Structure of Accidents

The belief that accidents are caused and can be prevented makes it
imperative for us to study those factors which are likely to favor the
occurrence of accidents. By studying such factors, the root causes of
accidents can be isolated and necessary steps can be taken to prevent the
recurrence of the accidents. These root causes of accidents can be
grouped as “immediate” and “contributing”. The immediate causes are
unsafe acts of the worker and unsafe working conditions. The contributing
causes could be management-related factors, the environment and the
physical and mental condition of the worker. A combination of causes must
converge in order to result in an accident.

Figure 9: Structure of accident

1.5 The Role of Human Error in Accidents

Although the role that human error plays in accident causation has been
accepted for many years, it is only recently that a lot of concerted effort has
been put into detailed research into human error in accidents. Beyond the
technical issues two common points emerged strongly from the inquiries
into these accidents, which are:

 The influence of human error in the chain of events leading to the

accident;
 Failures in the management and organization of safety.

 People can cause or contribute to accidents (or mitigate the

consequences) in a number of ways through a failure a person can
directly cause an accident. However, people tend not to make such
errors deliberately. We are often ‘set up to fail’ by the way that our
brain processes information by our training, through the design of
equipment and procedures and even through the culture of the
organization that we work for.

 People can make disastrous decisions even when they are aware of
the risks. We can also misinterpret a situation and act inappropriately
as a result. Both of these can lead to the escalation of an incident.
 On the other hand we can intervene to stop potential accidents. Many
companies have their own anecdotes about recovery from a potential
incident through the timely actions of individuals. Mitigation of the
possible effects of an incident can result from human resourcefulness
and ingenuity.
 The degree of loss of life can be reduced by the emergency response
of operators and crew. Emergency planning and response including
appropriate training can significantly improve rescue situations.

1.5.1 The traditional concept of human error

Traditionally the promotion of safety has been largely reactive,

concentrating on accident investigation with the primary aim of avoiding
repeat events. In part this arose from too simple an approach to accident
causation based on the apparent importance placed on the concept of a
single primary cause; either an unsafe act or an unsafe condition (as a
result of the domino theory). If the former were the case, responsibility was
clear and blame could be apportioned. If the latter was the case then a
technical solution could be sought. In part this also arose from the fact that
a reactive approach, based on a single primary cause was also an easy
approach to handle.

Taking a “blame” approach to human error in accidents provides little of

use in terms of future accident prevention. For example, if one made a
mistake which resulted in an accident and we work on the basis of a
“blame” approach then there are only three options available to us:

 We accept that human error is inevitable, shrug weir shoulders, tell

him to be a bit more careful and carry on as before with weir fingers
crossed.
 Alternatively, we can say as he was responsible, we should discipline
him, perhaps even sack him.
 The third option is a half-way house whereby we give him the benefit
of the doubt and decide that he might need retraining. However, if all
we have found out about the accident was that he was the “cause”
we have learnt nothing new on which to base the retraining. We will
almost certainly therefore be reduced to repeating the training which
we know has already failed!

Unfortunately this is a pretty reasonable description of the approach to

human error in accidents that has existed in most industrial organizations
for years. If accidents are to be prevented in the future it is no use
whatsoever to “blame” people for their mistakes unless we have a detailed
understanding of what caused the mistakes. Only by understanding all the
issues which have caused (or could cause) an accident can we identify the
way to prevent future accidents

1.5.2 Classification of human errors

The term ‘human error’ is wide and can include a great variety of human
behaviour. Therefore, in attempting to define human error, different
classification systems have been developed to describe their nature.
Identifying why these errors occur will ultimately assist in reducing the
likelihood of such errors occurring.

The distinction between the hands on ‘operator’ errors and those made by
other aspects of the organization has been described as ‘active’ and ‘latent’
failures.

Active Failures have an immediate consequence and are usually made by

front-line people such as drivers, control room and machine operators.
These immediately proceed, and are the direct cause, of the accident.

Latent failures are those aspects of the organization which can

immediately predispose active failures. Common examples of latent failures
include (HSE, 1999):

 Poor design of plant and equipment;

 Ineffective training;
 Inadequate supervision;
 Ineffective communications; and
 Uncertainties in roles and responsibilities.


Latent failures are crucially important to accident prevention for two

reasons:

1. If they are not resolved, the probability of repeat (or similar) accidents
remains high regardless of what other action is taken;
2. As one latent failure often influences several potential errors,
removing latent failures can be a very cost-effective route to accident
prevention.
1.5.3 Classifying active failures

The classification of active failures distinguishes between intentional and

unintentional error. Intentional errors are described as violations, whilst
unintentional errors are classified as either slips/lapses or mistakes. These
types of human failure are shown in the diagram below (HSE, 1999), Figure
10:

Figure 10: Classification of human failure

Slips and Lapses: These occur in routine tasks with operators who know
the process well and are experienced in their work:

 They are action errors which occur whilst the task is being carried
out;
 They often involved missing a step out of a sequence or getting steps
in the wrong order and frequently arise from a lapse of attention;
  Operating the wrong control through a lapse in attention or
accidentally selecting the wrong gear are typical examples.

Mistakes: These are inadvertent errors and occur when the elements of a
task are being considered by the operator.

They are decisions that are subsequently found to be wrong, although at

the time the operator would have believed them to be correct. There are
two types of ‘mistake’ (HSE, 1999), rule based and knowledge based:

 Rule based mistakes occur when the operation in hand is governed

by a series of rules. The error occurs when an in appropriate action is
tied to a particular event
 Knowledge based errors occur in entirely novel situations when you
are beyond your skills, beyond the provision of the rules and you
have to rely entirely on adapting your basic knowledge and
experience to deal with a new problem.

Violations are any deliberate deviation from the rules, procedures,

instructions and regulations, which are deemed necessary for the safe or
efficient operation and maintenance of plant or equipment. Breaches in
these rules could be accidental/unintentional or deliberate.

Violations occur for many reasons, and are seldom willful acts of sabotage
or vandalism. The majority stem from a genuine desire to perform work
satisfactorily given the constraints and expectations that exist. Violations
are divided into three categories: routine, situational and exceptional (HSE,
1999).

Routine Violations are ones where breaking the rule or procedure has
become the normal way of working. The violating behavior is normally
automatic and unconscious but the violation is recognized as such, by the
individual(s) if questioned. This can be due to cutting corners, saving time.
or be due to a belief that the rules are no longer applicable.
Situational Violations occur because of limitations in the employees
immediate work space or environment. These include the design and
condition of the work area, time pressure, number of staff, supervision,
equipment availability, and design and factors outside the organizations
control, such as weather and time of day. These violations often occur
when a rule is impossible or extremely difficult to work to in a particular
situation.

Exceptional Violations are violations that are rare and happen only in
particular circumstances, often when something goes wrong. They occur to
a large extent at the knowledge based level. The individual in attempting to
solve a novel problem violates a rule to achieve the desired goal.

1.5.4 Latent failures

Latent failures are the factors or circumstances within an organization

which increase the likelihood of active failures. Consider some examples of
latent failures in relation to the example accidents given earlier:

The latent failures King’s Cross Underground Station Fire here included:

While several minor escalator fires had occurred previously and had been
investigated, apparently no one in the organization seriously considered the
fact that a major escalator fire was a possibility - consequently, as the
inquiry states, little effective action had been taken on the warnings
provided by the minor fires. Similarly the inquiry also reported that there
were serious flaws in the managerial and organizational responsibilities and
accountability for safety with virtually all aspects of the organization thinking
passenger safety was some one else’s responsibility.

The existence of these, and other similar, latent failures within the London
Underground operation significantly increased the probability of a major
escalator fire, with hindsight it was almost a matter of when rather than
whether. It is also apparent, as suggested above, that unless the remedial
action taken encompassed these organizational/management latent
failures, that a repeat event was likely for, quite simply, the major
influencing factors would have remained in place to predispose a similar
event.

1.5.5 Strategies for reducing human error

Reducing human error involves far more than taking disciplinary action
against an individual. There are a range of measures which are more
effective controls including the design of the equipment, job, procedures
and training.

1.5.6 Actions for overcoming active failures

1.5.6.1 Slips and lapses

Design improvement is the most effective route for eliminating the cause of
this type of human error. For example, typical problems with controls and
displays that cause this type of error include:

 Switches which are too close and can be inadvertently switched on or

off;
 Displays which force the user to bend or stretch to read them
properly;
 Critical displays not in the operators field of view;
 Poorly designed gauges;
  Displays which are cluttered with non-essential information and are
difficult to read.

1.5.6.2 Mistakes

Training, for individuals and teams, is the most effective way for reducing
mistake type human errors. The risk of this type of human error will be
decreased if the trainee understands the need for and benefits from safe
plans and actions rather than simply being able to recite the steps parrot
fashion. Training should be based on defined training needs and
objectives, and it should be evaluated to see if it has had the desired
improvement in performance.

1.5.6.2 Violations

There is no single best avenue for reducing the potential for deliberate
deviations from safe rules and procedures. The avenues for reducing the
probability of violations should be considered in terms of those which
reduce an individual's motivation to violate. These include:

 Under-estimation of the risk

 Real or perceived pressure from the boss t adopt poor work
practices;
 Pressure from work-mates to adopt their poor working practices;
 Cutting corners to save time and effort

1.5.6.3 Addressing Latent Failures

The organization must create an environment which:

  Reduces the benefit to an individual from violating rules.
 Reduces the risk of an operator making slips/lapses and mistakes.

This can be done by identifying and addressing latent failures.

Examples of latent failures include:

 Poor design of plant and equipment;

 Impractical procedures,
 Ineffective training;
 Inadequate supervision;
 Ineffective communications; and
 Uncertainties in roles and responsibilities.

One of the principal ways of systematically doing this is through a health

and safety management system. This is the subject of the next topic area in
this course.

1.6 Reasons for Preventing Accidents

There are three main reasons for preventing accidents and ill-health, these
are moral/humane, cost and legislation.

1.6.1 Moral

No-body comes to work to get injured or to become ill. No-one likes getting
injured or seeing their colleagues or friends injured in accidents. Nothing is
more important than the humane aspects of accidental loss: injury, pain,
sorrow, anguish, loss of body particles or functions, occupational illness,
disability and death. Employers and employees have a moral responsibility
to prevent accidents and ill-health at work.

1.6.2 Costs

Whether or not people are hurt, accidents do cost organizations money and
the actual injury or illness costs represent only a small part of the total. A
recent study by the HSE has shown that for every £1 of insured costs (i.e.
the actual cost of the injury or illness in terms of medical costs or
compensation costs) the uninsured (or ‘hidden’ costs) varied between £8
and £36. This has been traditionally depicted as an ‘iceberg’ as the largest
part of an iceberg is hidden under the sea

Even a simple or minor accident can be expensive. Some of the costs

associated with accidents can be quickly identified such as medical
treatment, lost wages and decreased productivity. These easily-identified
expenses are often known as the "direct" costs associated with accidents.
Less evident expenses associated with accidents are known as "indirect" or
"hidden" costs and can be several times greater than the value of the direct
costs. Listed below are just a few of the hidden costs associated with most
accident.

1. The expense and time of finding a temporary replacement for the

injured worker,
2. Time used by other employees to assist the injured worker,
3. Time used by supervision to investigate the mishap, preparation of
accident reports and adjustments made to work schedules,
4. Property damage to tools, materials and equipment,
5. Delays in accomplishment of work task by a group.

Indirect cost exists, varies greatly from case to case, and is often difficult to
quantify. The main point to remember is that accidents are much more
costly than just the basic or direct costs.
 Figure 11: Cost of accidents in USA

Whether or not people are hurt, accidents do cost organizations money and
the actual injury or illness costs represent only a small part of the total. A
recent study by the HSE has shown that for every £1 of insured costs (i.e.
the actual cost of the injury or illness in terms of medical costs or
compensation costs) the uninsured (or ‘hidden’ costs) varied between £8
and £36, Figure 12. This has been traditionally depicted as an ‘iceberg’ as
the largest part of an iceberg is hidden under the sea.

In October 1999 the HSE published new data on the costs to the UK of
workplace accidents and work related ill-health in 1995/96 which estimated
that:

 The costs to employers are estimated between £35 billion and £73
billion a year (between 4% and 8% of all gross company trading
profits).
 Work related accidents & Illnesses cost between 2.1% and 2.6% of
the Gross Domestic Product each year – equivalent to between
£14.5 and 18.1 billion.
 Figure 12: Insurance and accident costs

1.6.3 Legislation

Organizations have a legal obligation to prevent accidents and ill-health.

Health and Safety Legislation in the UK consists of a number of Acts that
are supported by subordinate legislation in the form of Regulations.

The principal act is the Health and Safety at Work Act. This Act sets in
place a system based on self-regulation with the responsibility for accident
control placed on those who create the risks in the first instance. It also
allows for the progressive replacement of existing safety law so that the
general duties set in the act could be backed by Regulations, setting goals
and standards for specific hazards and industries. Any breach of this
statutory duty can result in criminal proceedings.

1.5.4 Accident trends

 Fatals –The three most common causes of fatalities to employees

were falls from height, being struck by a moving vehicle, and being
struck by a falling object. However, the causes varied from sector to
sector. In construction, most deaths were caused by falls from height
(46%). In manufacturing and the service sector, falls from height
accounted for 20% and 16% of deaths respectively. Within the
service sector, 40% of all deaths were caused by being struck by
moving vehicles, up 33% the previous year.
 Non Fatal Major Injuries – The four most common causes of major
injuries to all employees were slips, trips and falls, falls from a height,
being struck by a moving or falling object, and being injured whilst
handling, lifting or carrying. HSE figures mention that an estimated
591 major injuries were caused by violence at work, this is a
reduction from the previous year’s number (680) but still represents 2
per cent of all major injuries experience by employees.
 +3 day Injuries – Lifting, handling or carrying, slips, trips or falls, and
being struck by a moving or falling object were the three most likely
ways in which employees were likely to sustain over three day
injuries. These figures also pick up the number of injuries caused by
violence in the workplace (4335) which is down on the previous year.
 Ill-health – The most prevalent forms of work related ill-health in the
UK are:

 Musculoskeletal disorders – an estimated 1.2 million people were

affected in 1995 (including back-problems & RSI)
 Stress – an estimated 0.5 people were affected in 1995.

Both these conditions accounted for over three-quarters of people suffering

from an illness caused by their work. A significant number of people were
suffering from a lower respiratory illness, including asthma (an estimated
200,000) and ear conditions, including deafness (an estimated 170,000)
which were caused by their work.
1.7 Summary
Accident causation is very complex and must be understood adequately in
order to improve accident prevention. Since safety lacks a theoretical base,
it cannot be regarded as being a science yet. This fact should not
discourage us, as most of the scientific disciplines—mathematics, statistics
and so on—passed through a similarly tentative phase at one time or the
other. Accident causation study holds great promise for those who are
interested in developing the pertinent theory. At present, theories of
accident causation are conceptual in nature and, as such, are of limited use
in preventing and controlling accidents. With such a diversity of theories, it
will not be difficult to understand that there does not existed one single
theory that is considered right or correct and is universally accepted. These
theories are nonetheless necessary, but not sufficient, for developing a
frame of reference for understanding accident occurrences.
 Chapter 2: Importance of Risk Management

2.1 Importance

The absence of accidents does not necessarily mean there are no hazards.
It also does not mean that there is no hazard. A risk management process
must be adopted and repeated at regular intervals. We often find that
hazards with devastating consequences are not addressed until an
accident has occurred.

A risk management process should adapted and repeated at regular

interval to ensure that all hazards have been identified, the risks assessed
and adequate measures to control those risks are in place. Initiation of a
risk management program is clearly the responsibility of management
whilst the employees’ role is one of support and assistance.

2.2 Principle of Risk Management

A Hazard: Is defined as anything that may cause harm, injury, or ill health
to a person, or economic loss of a property

Risk: is the chance, high or low, that someone will be harmed by a hazard.
Some countries impose that business having five or more persons has
safety policy statement. The following is an example of statement

Controlling danger at work is not different from tracking any other task: training
personnel, being proactive (premising), recognizing the problem, knowing enough
about it, deciding what to do, and putting the solution into place is a guarantees for
minimizing risks.

2.3 Hazard Identifications

It is the first step in the risk management process. Only people with a
through knowledge of the area, process or machine under review should
carry out a hazard identification survey. The person delegated the task of
hazard identification should explore the many sources of information
available for identifying hazards within the area of their inquiry. These may
include any of the following:

2.3.1 Previous accident reports

Review the history of the area review. Any accident or near misses should
be carefully investigated. At this stage it is worth sorting all the accidents
and near misses information into a number of categories. Typically these
categories heading could be:

 Location
  Machine
 Person
 Age of person
 Time of day
 Day of week
 Part of body
 Severity of injury
 Occupation

Identifying a trend of accidents in any of the above areas may assist the
investigator identify the possible hazard.

2.3.2 Physical inspection of the workplace

A physical examination of the workplace requires an inquiring mind, lateral

thinking, and the ability to be remaining open minded. It is of little use to
look at a particular area and, in a perfunctory manner, declare it to be
hazard free.

2.3.2.1 Guidelines

Employees and supervisors are responsible for day-to-day workplace

inspections to identify and eliminate occupational hazards. Everyone must
be vigilant for physical deficiencies in the workplace and for unsafe work
practices. If workplace parties relegate their inspection responsibilities
entirely to the local joint health and safety committee, then the internal
responsibility system will be undermined and problems will not be resolved
effectively.

2.3.2.2 Types of safety inspections

There are several types of workplace inspections essential for due

diligence. Daily “walkabouts” or “continuous inspections” are performed by
employees and supervisors to check for obvious hazards. These
inspections must be conducted daily because hazards and unsafe
conditions are continuously created (i.e. equipment is changed, work
spaces are rearranged, parts become worn, new processes are
introduced). Incidents resulting in injury often occur after something has
been changed. Spot inspections and job observations are performed by
supervisors to ensure safe work practices. Specialized inspections include
pre-operational checks and critical parts inspections in equipment.
Comprehensive planned inspections are performed monthly by
departmental (local) safety committee members to audit the effectiveness
of the aforementioned inspection efforts. Written inspection reports serve
as valuable confirmation of due diligence, that the University is taking every
precaution reasonable to protect employees and students. Inspection
reports may be audited by the Ministry of Labor.

2.3.2.2 Safety committee inspections

Workplace inspections by Joint Health and Safety Committee personnel

are prescribed by the Occupational Health and Safety Act to help ensure
that the internal responsibility system is “alive” and functioning to maintain
safety as a priority. Committee inspections should identify safety concerns
that have not been resolved by employees and supervisors. They provide
an opportunity to commend employees and supervisors for successful
safety efforts. Inspections also confirm that hazard controls are effective
and operational.

The Occupational Health and Safety Act requires that Committee

inspections be conducted monthly. If this is not practical, then the
workplace shall be inspected yearly with part of the workplace being
inspected monthly according to a written schedule determined by the local
safety committee.

Inspections must be performed by worker members of the committee. In

some areas, a worker member and a management member may inspect
the workplace as a team. The area supervisor should be invited to
participate in the inspection process. Hazards and unsafe work practices
must be noted on the inspection form and prioritized according to severity
of the hazard. “Immediately dangerous to life and health (IDLH)” hazards
shall be isolated, corrected on the spot, or work must be stopped.

Workplace inspections by safety committee members should identify

unresolved health and safety issues or hazards that might cause injury or
illness. Committee inspections are not intended to identify lists of “fix-it”
items. “Fix-it” items must be reported daily by all employees as part of their
routine workplace vigilance and due diligence. Workplace inspections
should evolve to become an efficient audit of a department’s internal
responsibility system and its occupational health and safety management
programs.

After inspections are completed, the departmental safety committee shall

review their inspection reports and the actions recommended to the Chair
or Department Head. A summary of the inspection process and safety
issues identified shall be included in the next minutes of the local safety
committee.

Confirmation of corrective actions is essential. It may be appropriate to re-

inspect the area of concern at a pre-set date or to discuss the action plan
for the safety issue identified.

2.3.2.4 Inspection checklists

No checklist can be complete enough to evaluate a workplace for all

hazards. They are useful tools for recording notes about physical or
procedural deficiencies, but should not become the focus of the workplace
inspection. The focus must be on outstanding or newly created hazards
and unsafe work procedures. A sample inspection report form is appended.
The Agricultural Safety Audit Program (ASAP) from the Workplace Safety
and Insurance Board promotes a systematic approach for farm safety
audits. The hazard identification checklists are useful tools for workplace
inspections..
 Table 1: Inspection report

BUILDING: ROOM DEPARTMENT

INSPECTED BY DATE

ACCOMPANIED BY

TO BE COMPLETED DURING THE INSPECTION: ASSIGNED TO: FOLLOW-UP:

(Person to

Correct)

Item Hazard and Location Hazard Action Taken and

Date
No. (Include any Immediate Action Taken) Rating
HAZARD PRIORITY RATING DISTRIBUTION

1. Immediately dangerous to life and health (e.g. stop work) 1. Supervisor 9

2. High (e.g. correct within a day) 2. Dept. Chair 9

3. Medium (e.g. correct within two weeks) 3. Local JHSC 9

4. Low (e.g. correct within a semester) 4. EHS 9

Notes
2.3.3 Brainstorming

Most problems are not solved automatically by the first idea that comes to
mind. To get to the best solution it is important to consider many possible
solutions. One of the best ways to do this is called brainstorming.
Brainstorming is the act of defining a problem or idea and coming up
anything related to the topic - no matter how remote a suggestion may
sound. All of these ideas are recorded and evaluated only after the
brainstorming is completed.

2.3.3.1 Procedure

This is a process of conducting group meetings with people who are

familiar with the operation of the area under review, recording all ideas a
thoughts relating to possible hazards and then sorting the results into some
of priority order.

1. In a small or large group select a leader and a recorder (they may be

the same person).

2. Define the problem or idea to be brainstormed. Make sure everyone

is clear on the topic being explored.

3. Set up the rules for the session. They should include:

 o Letting the leader have control.
o Allowing everyone to contribute.
o Ensuring that no one will insult, demean, or evaluate another
participant or his/her response.
o Stating that no answer is wrong.
o Recording each answer unless it is a repeat.
o Setting a time limit and stopping when that time is up.

4. Start the brainstorming. Have the leader select members of the group
to share their answers. The recorder should write down all
responses, if possible so everyone can see them. Make sure not to
evaluate or criticize any answers until done brainstorming.

5. Once you have finished brainstorming, go through the results and

begin evaluating the responses. Some initial qualities to look for
when examining the responses include

o Looking for any answers that are repeated or similar.

o Grouping like concepts together.
o Eliminating responses that definitely do not fit.
o Now that you have narrowed your list down some, discuss the
remaining responses as a group.

2.3.4 Knowledge of employees

Employees should be encouraged to describe any hazards they are aware

of. Inquiries of this nature should be conducted in an atmosphere of "no
blame" where even if the employee is not doing things properly they are not
criticized for it. The aim is to identify and document hazards at this stage.

An authorized employee representative will be given the opportunity to

attend the opening and closing conferences, and to accompany the
investigator and the employer during the walk-around inspection. The
investigator may also consult with a reasonable number of employees
concerning safety and health matters in the workplace. Employees are
protected under the Act from discrimination by the employer for exercising
their safety and health rights.

The investigator will also explain the requirements of the Employee Right-
to-Know (RTK) Standard. Under RTK, employers must establish a written
comprehensive Right-to-Know program that includes provisions for
container labeling, material safety data sheets and employee training. The
program must contain a list of the hazardous chemicals in each work area
and the means the employer will use to inform employees of the hazards of
both everyday and non-routine tasks.

2.3.5 Trade Journals

Trade journals are often a source of information regarding hazards

encountered by others in the industry. They can be a source of useful
inquiry, as members of the same industry would expect to encounter similar
hazards. Trade journals can offer statistical data about accidents happened
in the risk assessment field. They can offer hazards as well as hazard
areas associated with the new technology and fields of industry. Each
industrial, social, engineering, medical, agricultural branch has its own
trade journals. Consulting trade journal help assessor to consult new
hazardous materials exists in the assessed industry.

2.3.5.1 International Journal of Applied Management and Technology

The on-line, international, peer-reviewed journal IJAMT, sponsored by

Walden University School of Management, is published biannually in May
and November. It is available on the Internet to all interested parties for
purposes of research and practical application. The journal welcomes
original, unpublished manuscripts in the field of applied management and
technology in all sectors of society from scholars, scholar-practitioners, and
advanced graduate students. http://www.ijamt.org/

2.3.5.2 Journal of Accident Investigation

This biannual, interdisciplinary journal published by the National

Transportation Safety Board provides for the public exchange of ideas and
information developed through accident investigations at the NTSB in all
modes of transportation. The intended audience is professionals in safety,
accident investigations, engineering, and the behavioral sciences.
http://www.ntsb.gov/publictn/2005/JRN0501.htm
2.3.5.3 Risk Analysis

Risk Analysis, the journal of the Society for Risk Analysis, provides a focal
point for new developments in risk analysis for scientists from a wide range
of disciplines. The analysis of risks is being increasingly viewed as a field in
itself, and the demand for a more orderly and formal treatment of risks is
great. Risk Analysis is designed to meet these needs of organization,
integration, and communication. The journal covers topics of great interest
to regulators, researchers, and scientific administrators. It deals with health
risks, engineering, mathematical, and theoretical aspects of risks, and
social and psychological aspects of risk such as risk perception,
acceptability, economics, and ethics. All scientific articles in Risk Analysis
are fully peer reviewed.

http://www.sra.org/journal.htm

2.3.5.4 Risk, Decision and Policy

This unique publication is published three times per year by Cambridge

University Press and includes both theoretical and applied papers on
decision-making while under risk. The journal's coverage includes technical
articles, comments, guest-edited symposia on current policy issues, forum
pieces, commissioned surveys, book and software reviews, and news on
conferences and related societies around the world. This publication will
help decision and risk researchers in statistics, economics, psychology,
medicine and public health, as well as policy-makers in both business and
government. http://www.cup.org.  

2.3.5.5 Risk: Health, Safety & Environment

As the official journal of the Risk Assessment & Policy Association, this
refereed, interdisciplinary quarterly explores public and private efforts to
manage science and technology for net reduction in the probability,
severity, and aversive quality of health, safety, and environmental impacts
of natural and artificial hazards. A cumulative index is provided, as well as
an index of book reviews and essays.

http://www.fplc.edu/risk/profrisk.htm

2.3.5.6 Risk Management: An International Journal

This journal aims to generate ideas and promote good practice and to
facilitate the exchange of information and expertise for those involved in the
business of managing risk, across countries and across disciplines.
Perpetuity Press in Leicester, United Kingdom, publishes the journal's four
issues annually. Starting January 2002, free instant access to a leading
risk, security, and crime prevention abstract database--Security and Risk
Abstract Database--is included with every journal subscription.
http://www.perpetuitypress.com/ (click on "Journals")

2.3.5.7 Environmental & Ecological Risks

See Human and Ecological Risk Assessment Journal listed below.

2.3.5.8 Annals of Internal Medicine

The American College of Physicians-American Society of Internal Medicine

publishes Annals of Internal Medicine, one of the most cited medical
journals in the world, on the second and fourth Tuesdays every month.
ACP-ASIM membership or a nonmember subscription is required to view
the journal's research articles on line, but non-technical summaries of the
articles are available to the public.
http://www.acponline.org/journals/annals/

2.3.5.8 Health, Risk & Society

Social scientists, practitioners, and policy makers who have an interest in
risk issues relating to health are among the readership of this international
scholarly journal devoted to a theoretical and empirical understanding of
the social processes that influence the ways in which risks are taken,
communicated, assessed, and managed in relationship to health and
health care. Published quarterly by Taylor and Francis Group Ltd., the
journal welcomes contributions from a variety of social sciences disciplines
that examine the issues of risk within health and health care, including
economics, sociology, psychology, and management. Submission of
articles that explore the ways in which risk was handled at a variety of
levels--that is, in the community, within various organizations, and at
national and supranational levels--is encouraged.
http://www.tandf.co.uk/journals/titles/13698575.asp

2.3.5.9 Human and Ecological Risk Assessment Journal

Human and Ecological Risk Assessment is the first journal devoted to

providing a framework for professionals researching and assessing
developments in both human and ecological risk assessment. The journal
was created to enhance the communication and cooperation of
professionals working on human risk assessment with those in the
ecological risk assessment domain. Given the rapid development in these
respective disciplines and their unique potential inter-relatedness, efforts to
directly enhance technical information transfer will markedly benefit each
field. The journal is a bimonthly, international, peer-reviewed publication
focusing on scientific and technical information and critical analysis. 

http://www.crcpress.com/cgi-in/scart.cgi?store=wrisk&catalog=10807039

2.3.5.10 Journal of the American Medical Association (JAMA)

This international peer-reviewed general medical journal, which began

publication in 1883, promotes the science and art of medicine and the
betterment of the public health. A search of the JAMA web will produce
many references to health-related risk, such as the topical October 27,
1999, issue on obesity research that includes information on related
disease risks. http://jama.ama-assn.org/
2.3.5.11 Journal of the National Cancer Institute

The Journal of the National Cancer Institute, which includes news articles,
abstracts of reports, calendar of events, and job openings, is published
twice a month and is available on line by subscription. The journal's table of
contents and abstracts are available without charge.
http://jnci.oupjournals.org/

2.3.5.12 Toxicological Sciences

One of the Society of Toxicology's official journals and fully owned and
financed by the society, Toxicological Sciences publishes research articles
12 times a year that are broadly relevant to assessing the potential adverse
health effects resulting from exposure of human or animals to chemicals,
drugs, natural products, or synthetic materials. Manuscripts are published
in all areas of toxicology, both descriptive and mechanistic, as well as
interpretive or theoretical investigations that elucidate the risk assessment
implications of exposure to toxic agents alone or in combination. Beginning
January 1, 1999, Toxicological Sciences became available on line free to
the public and is published by Oxford University Press.
http://toxsci.oupjournals.org/

2.3.6 OSHA (Occupational Safety & Hazard Administration) publication and

safety alerts

More than three decades ago, the Occupational Safety and Health Act of
1970 created the Occupational Safety and Health Administration to help
employers and employees reduce injuries, illnesses, and deaths on the job
in America. Since then, workplace fatalities have been cut by 62 percent
and occupational injury and illness rates have declined 40 percent. At the
same time, U.S. employment has doubled and now includes nearly 115
million workers at 7 million sites.

OSHA provides national leadership in occupational safety and health. The

agency seeks to find and share the most effective ways to get results—to
save lives and prevent injuries and illnesses. The message is simple—
Safety and health add value: to your business, to your workplace, and to
your life.

For business, protecting workers’ safety and health is the right thing to do.
It saves money and adds value to the organization. When workers stay
whole and healthy, businesses experience lower workers’ compensation
insurance costs, reduced medical expenditures, decreased payout for
return-to-work programs, fewer faulty products, and lower costs for job
accommodations for injured workers. There are also indirect benefits such
as increased productivity, lower costs for training replacement workers, and
decreased costs for overtime.

Every workplace is a community. Safety and health add value to

workplaces by increasing morale, improving productivity, and reducing
turnover. The best companies build a reputation that is synonymous not
only with an excellent product, but also an outstanding work environment
where safety and health is a core value.

Every employee benefits when safety and health is a priority at the

workplace. Every worker wants to make a contribution through his or her
job, yet the primary purpose of work is to make a living. Safety and health
add value to the lives of workers by enabling them to maintain their
incomes and provide for their families. Getting hurt or sick is not just
physically painful. On-the-job injuries and illnesses can significantly reduce
income, increase stress, and hinder a full family life.

Establishing a safe and healthful working environment requires every

employer and every worker to make safety and health a top priority. The
entire workforce—from the CEO to the most recent hire—must recognize
the value of safety and health and acknowledge that this is central to the
mission and key to the corporate vision and identity.

OSHA provides leadership and encouragement to employers and workers

to help them recognize and realize the value of safety and health on the
job. The agency’s ultimate goal will always be to reduce injuries, illnesses,
and deaths to zero.
2.3.6.1 OSHA's history and purpose

OSHA stands for the Occupational Safety and Health Administration, an

agency of the U.S. Department of Labor. The U.S. Congress passed the
Occupational Safety and Health Act of 1970 (the OSH Act)1 “…to assure
so far as possible every working man and woman in the nation safe and
healthful working conditions and to preserve our human resources.” The
legislation, signed into law by President Richard M. Nixon on Dec. 29,
1970, established OSHA and its sole responsibility to provide worker safety
and health protection.

Nearly everyone in America works or has someone in the immediate family

who does. Whether you are an employer, employee, or have a family
member who works, you need to know about OSHA. The more you know
about OSHA, the better you can protect yourself, your coworkers, or your
employees and contribute to safe and healthful working conditions for all
Americans.

2.3.6.2 What OSHA does?

OSHA uses three basic strategies, authorized by the Occupational Safety

and Health Act, to help employers and employees reduce injuries,
illnesses, and deaths on the job:

 Strong, fair, and effective enforcement;

 Outreach, education, and compliance assistance; and
 Partnerships and other cooperative programs.

Based on these strategies, OSHA conducts a wide range of programs and

activities to promote workplace safety and health. The agency:

 Encourages employers and employees to reduce workplace hazards

and to implement new safety and health management systems or
improve existing programs;
  Develops mandatory job safety and health standards and enforces
them through worksite inspections, employer assistance, and,
sometimes, by imposing citations, penalties, or both;
 Promotes safe and healthful work environments through cooperative
programs, partnerships, and alliances;
 Establishes responsibilities and rights for employers and employees
to achieve better safety and health conditions;
 Supports the development of innovative ways of dealing with
workplace hazards;
 Maintains a reporting and recordkeeping system to monitor job-
related injuries and illnesses;
 Establishes training programs to increase the competence of
occupational safety and health personnel;
 Provides technical and compliance assistance and training and
education to help employers reduce worker accidents and injuries;
 Works in partnership with states that operate their own occupational
safety and health programs; and
 Supports the Consultation Service.

www.osha.gov

2.3.6.3 Who is not covered?

The OSH Act does not cover:

 The self-employed;
 Immediate members of farming families on farms that do not employ
outside workers;
 Employees whose working conditions are regulated by other federal
agencies under other federal statutes. These include mine workers,
certain truckers and transportation workers, and atomic energy
workers;
 Public employees in state and local governments; some states have
their own occupational safety and health plans that cover these
workers.

For more information visit http://www.osha.gov or

http://www.osha.gov/Publications/osha2056.pdf#search='about%20OSHA'
2.3.7 Manufacturers instruction books

Manufactures instruction books often provide advice and warnings

regarding safety and health issues. It is important to ensure all instructions
are understood and more importantly, followed by all employees.
Manufacturers information, including material safety data sheets, should
always be reviewed to ensure the products in use are the safest available
and do not have hidden hazards.

Ask " what if ……..? It is important to try to anticipate how human

behavior, plant, and system failure could combine to create a hazardous
situation. Constantly ask yourself. What if ……….?

2.3.8 Sample inspection worksheet

Always note details of the hazard onto a worksheet. Development of a

physical hazard list is very important as this forms the basis for the next
step of the process. There are no standard formats used to record the data
and so the following example worksheet, Tables 2 & 3 are only for
reference and may need modification to suit nature of individual projects.

Table 2: Sample inspection worksheet

 Company: Printing Site / location

Inspection work sheet No.1

Inspected by:

Date:

Plant Hazard and source Comments

Large paper Crush from paper holding Operator and casual

guillotine bar passes-by need protection

Amputation from blade due

to:

 Access to blade from

rear
 Safety latch failure
 Electronic beam not
failing to safety

Industrial lift Could trip over or lose load Usually received pallet loads
truck if overloaded within capacity, but heavier
loads than the trucks
capacity arrive occasionally

If raised above mast height Fitted with overhead

load could fall on operator protection

Person could be struck and Truck regularly – operates

crushed by lift truck near operations on binding
line

Rear turning wheels could Two people have previously

run over and crush a had their feet run over while
persons foot talking to driver
 Table 3: Sample inspection of pizza shop

Company: Pizza shop Site / location

Inspection work sheet No.1

Inspected by:

Date:

Plant Hazard and source Comments

Pizza oven Possible bums when Has happened frequently.

taking food out. Should use gloves.

Electric knife Possible electrocution Could connect through

form cutting cord remote controlled device
(RCD)

Electric meat slicker Possible electrocution Use RCD: test regularly

Cutting hazard Use steel mesh cutting

glove& safe work practices.

2.4 Risk Examples in Pictures

Vision is the most effective sense for people to memorize and remember
things. Therefore, here below are some risk pictures that enables the
student to be familiar with daily and operational risk.

Figure 13: Slipping or tripping at work

 Figure 14: Getting into contact with hazardous material (asbestos, fumes, etc. )

Figure 15: Performing work at height

Figure 16: Handling, transporting or supporting loads while suffering from sprains,
strains, or pains
Figure 17: Having long exposure to computers or other display screen equipment

Figure 18: Working at a noisy place: causes hearing loss or deafness.

Figure 19: Predictable or unpredictable, controlled or uncontrolled risk associated
with natural or climate phenomena.

Figure 20: Being exposed to vibration

Using hand powered hand tools, equipment or processes causing hand-

arm vibration syndrome that impair blood circulation, damage to the nerves
and muscles, and of ability to grip things properly. Table 4 shows the
maximum time to be exposed to sound depending on the sound intensity.
Table 5 shows the action and the corresponding sound level for each
action. It is clear that people works in a very noisy factor has to use ear
protectors if they worked more than 8 hours per day. Also, people works in
an airport have to use ear protector all the time to save their hearing
nerves.
 Table 4: Maximum daily duration per day for sound levels

Duration per Day Sound Level

Hours dB

8 90

6 92

4 95

2 100

1 105

3/4 107

1/2 110

1/4 115

Table 5: Action and corresponding sound level

Action Sound level, dB

Leaves rustling 10
Whispers 20
Quiet Radio 40
Conversation 60
Busy Traffic 70
Very Noisy Factory 90
Loud Rock Band 110
Threshold of pain 120
Jet airplane from 30 m 140

Figure 21: Getting hurt by electricity

Figure 22: Neglecting maintenance or doing unsafe maintenance work

Figure 23: Improper selection of work equipment

 Figure 24: Risks resulting from transport, road traffic, road conditions

Figure 25: Risk associated with pressure systems

Figure 26: Risks resulting from fire or explosions or use or storage of explosive
materials or chemicals
  Risks due to radioactive materials: Non-ionizing radiation
(ultraviolet radiations from the sun) can damage skin, laser (can
cause burns and damage eyes); Ionizing radiations naturally
occurring radiations from radon gas or radiations from radiography or
thickness measuring gauges
 Feeling stressed by work (adverse reaction people have to excessive
pressure or other types of demand placed on them). Stress is
identified by defining the hazard behind it.

Figure 27: Feeling stressed by work

2.5 Common Risks Associated with New Project

The following lists common risks that most projects will encounter; they
form a starting point for developing a catalog of risks. However, the list is
not exhaustive; most project managers will find several more risks that they
can add, and project experience will tend to increase this number. When
you are assessing the risks for your projects, always refer to a list such as
this. Otherwise, you run the project management risk that not all project
risks are identified.

2.5.1 Staff risks

 Key staff will not be available when needed.

 Key skill sets will not be available when needed.
 Staff will be lost during the project.

2.5.2 Equipment risks

 Required equipment will not be delivered on time, Access to

hardware will be restricted.
 Equipment will fail.

2.5.3 Client risks

 Client resources will not be made available as required.

 Client staff will not reach decisions in a timely manner.
 Deliverables will not be reviewed according to the schedule.
 Knowledgeable client staff will be replaced by those less qualified.
2.5.4 Scope risks

 Requirements for additional effort will surface.

 Changes of scope will be deemed to be included in the project.
 Scope changes will be introduced without the knowledge of project
management.

2.5.5 Technology risks

 The technology will have technical or performance limitations that

endanger the project.
 Technology components will not be easily integrated.
 The technology is new and poorly understood.

2.5.6 Delivery risks

 System response time will not be adequate.

 System capacity requirements will exceed available capacity.
 The system will fail to meet functional requirements

2.5.7 Physical risks

 The office will be damaged by fire, flood, or other catastrophe.

 A computer virus will infect the development system.
  A team member will steal confidential material and make it available
to competitors of the client.
 Contaminants originates from work operations

2.5.8 Political risk

 Governmental intervention
 Inflationary/deflationary polices
 Changes in legislation, sanctions

2.5.9 Financial risk

 Inadequate inflation forecasts

 Incorrect marketing decision
 Availability of money on time

2.5.10 Environmental risk

 Work and surrounding environment

 Environmental regulation

Table 6: Some of the physical risks originates from work operations

Process Types Contaminant Type Contaminant
Examples

Hot operations

Welding Gases (g) Chromates (p)

Chemical reactions Particulates (p) Zinc, Manganese and

compounds (p)
Soldering (dusts, fumes, mists)
Carbon monoxide (g)
Melting
Fluorides (p)
Burning
Vinyl chloride (g)

Liquid operations
Benzene (v)
Vapors (v)
Painting
Sulfuric acid (m)
Gases (g)
Degreasing
Hydrogen chloride (g)
Mists (m)
Cleaning

Shaping operations
Asbestos
Dusts (d)
Cutting
Uranium
Grinding
Zinc
Drilling

Therefore, it is very essential for work places or projects to identify hazards

and risks as a first step in risk assessment process. The following chapter
show in details the methods used to identify hazards for risk assessment
procedures.
 Chapter 3 Identification of Risks

The techniques for identifying Hazards and Risks - for finding out what
types of hazards exist in a certain plant- are often confused with the
methods and techniques for risk analysis; the following figure represents
the difference between the two categories. The left-hand side of the figure
shows methods of risk and hazard identifications, while the right hand side
shows methods of risk analysis.

The traditional methods for identification of hazards was to build up (or to

dig down) the plant and see what happens, until an error or a risk occurs,
we can say that we didn't know that the risk exists. This is not a bad
method if the size of the accident is limited, but it is not satisfactory when
the limits of the accidents are very wide.

Figure 28: Identification and analysis of risk

Check lists are often used to identify hazards but their disadvantage is that
items, which are not on the list, are not mentioned and our minds are
closed to what is on the list. Indeed, checklists may be satisfactory if there
is little or no innovation of risks and all the hazards have been met before.

For this reason the process industries have come to prefer the more
creative or open-ended technique such as HAZOP and FMECA.

After we have identified the hazards, we have to decide how far to go in

removing them or protecting people and property. Some of the methods
used are listed on the right hand side of Figure 28. Sometimes there is a
cheap and obvious way of removing the hazard, and sometimes it is less
easy to decide. We can then try to work the probability of an accident and
the extent of the consequences and compare them with a target or
criterion.

3.1 Preliminary Risk Analysis (PRA)

The Preliminary Risk Analysis is a practical method for the analysis of the
dangerous elements of a system; it consists of a table of elements
associated with the impact of each element on the system, as a sort of
listing, or check tables, Table 7.

Table 7: PRA

System or Phase Dangerous Events Dangerous Events causes Potential Consequences Gravity Preventative
subsystem elements causes situation potential accidents measures
dangerous accidents
situation

Restaurants Food Oil Contact Beginning of No Fire Complete Very Sprinkles and
preparation between oil fire extinguisher destruction of high fire
and heat extinguisher
 source the restaurant
Oven

Heaters

The main aim of the method is to identify the different dangerous materials
presented in the system and to watch out for all elements, their capability of
initiating an accident according to their existence or mistreating.

In order to identify the dangerous elements and the dangerous situations,

the analyst is helped by checklists of these elements or their dangerous
situations. These checklists should be adapted for each case and made
according to similar situations or in a way that serves the required study or
the required analysis.

The Columns of Gravity and Consequences, give the analyst the chance to
list hierarchically the risks encountered in site, while the columns
Preventative Measures and Application of Measurements, and drive the
way for prediction and detection of the risks in order to be minimized or
eliminated. These columns indicate the measures selected in specific sites
in order to show out their capacity of their efficiency in the system.

This study, as the name says, permits the analyst to have a preliminary
view of the risks and the dangerous situations existing in the system. Its
objective mainly is the listing of the big problems encountered in the system
without the details of each risk. This analysis is usually followed by another
type of risk identification acting as a middle way between no identifications
and a detailed identification of risks at a certain site.

3.2 Failure Modes, Effect and Criticality Analysis

(FMECA)
Dated earlier in the 1960's in the aeronautics industry, the method of
FMECA had been applied successfully in the nuclear, chemical, and the
petroleum industry. For the time being, it is the method mostly applied in all
industries for the identifications of risks.

Its success relies on the ease of use that necessitates a good knowledge of
its theory and manipulations. The method of FMECA, consider
systematically, each one of the components of the system in terms of
operating modes and modes of failure. Causes of these failures are listed,
the consequences of each failure on the system, the environmental impact,
etc. In order to complete the study, two other factors are added which are
the Probability and the Gravity of each mode of failure, so this combination
makes it possible to analyze critically the mode of failure and the
component(s) associated with it.

If the system has a very big number of components, a global FMECA is

made and after, each component of the global study will be studied in
details and so on.

3.2.1 Objectives and domains of applications

The FMECA is a tool for the prevention of accidents; it is used generally at

the stage of design of a new process. In general, we can recognize two
types of this study:

 FMECA in Manufacturing.
 FMECA in Processing.

The FMECA in manufacturing is concentrated on the optimization of the

reliability. It is generally based on historical data, and it permits the
designer to define the actions necessary and the dangers surrounding this
type of design.
The FMECA in processing serves as a method of:

 Means of production (machines, production lines, etc.).

 The sequence of the operation of production, either manually or
automatically of a certain product, treatment of information, etc.

The method of FMECA is a technique that eases the critical examination of

the projected process, it analyses the quantity and the quality of the
process with the estimation of its criticality and it is accomplished at the
stage of design and along the line of production. At the stage of the study,
the risk associated with the used technology might be quantified. It is
assumed that the analysis is revised in the phase of production and the
exploitation of the product. The study is made throughout the process of
Manufacturing in its different stages.

3.2.2 Preparation for the study and the methodology of analysis

For the preparation of the study, certain steps has to be made in order to
start, these different steps are shown in Figure 26.
Figure 29: Preparation of the analysis
3.3 HAZOP

For certain procedures, and in particular, in the industry that involves the
production of the usage of chemical products, the PRA is not suitable, and
it is preferable to make what is called, the influence of deviations with
respect to nominal values. These different deviations in physical
parameters, guide the study of the HAZOP.

3.3.1 What is HAZOP?

As been mentioned before, HAZOP is a method of risk identification; it is

the abbreviation to HAZard and OPerability study. It is the method
recommended for the identification of risks and hazards, which prevent
efficient operation.

HAZOP is a technique which provides opportunities for people to let their

imaginations go free and think of all possible ways in which hazards and
operating problems might arise but, to reduce the chance that there is
something that is forgotten, it is done systematically. Each path and each
sort of hazard is being considered in turn. The study is carried out by a
team so that they can stimulate each other and build upon each other's
ideas.

A path for this purpose, is one joining two main items, for example, we
might start with the line leading from the feed tank through the feed pump
to the first feed heater. A guide series of key words are applied to this line
in turn. These guide words are:

NONE PART OF

MORE OF MORE THAN

LESS OF OTHER THAN

NONE for example, means any forward flow or reverse flow when there
should be forward flow, so we ask:

 Could there be no flow?

 If so, how could it arise?
 What are the consequences of no flow?
 Are the consequences hazardous or do they prevent efficient
operation?
 If so, can we prevent no flow by changing the design?

These questions are typical questions in the case of the guide word NONE,
similar questions could be asked in case of MORE OF, and so on for all
guide words.

Table 8: Deviation generated by each guide word

NONE No forward flow when there should be,

I.e. no flow or reverse flow
MORE OF More of any relevant physical property than there
should be,
e.g. higher flow, higher temperature, higher
pressure, etc.
LESS OF Less of any relevant physical property than there
should be,
 e.g. lower flow, lower temperature, lower pressure,
etc.
PART OF Part of composition of system different from what it
should be,
e.g. change in ratio of components, component
missing, etc.
MORE THAN More components present in the system than
should be,
e.g. extra phase, impurities, etc.
OTHER What else can happen apart from normal operation,
THAN
e.g. uprating, low rate, maintenance, etc.

Table 8 explains the main deviations associated with each guideword,

while Figure 30 shows the flow chart of the method in general.

The guides word OTHER THAN is applied after all other guide words and it
means other types of problems that could arise in mind and hasn't been
mentioned by any other guide word. In general, it’s the other causes of
hazards that haven’t been mentioned yet.
Figure 30: Flow chart of the method HAZOP
3.3.2 When is a HAZOP Carried Out?

A HAZOP cannot be carried out before the line diagram of the process is
completed (process and instrumentation flow diagram). It should be carried
out as soon as possible thereafter. If an existing plant is being studied, the
first step is to bring the line diagram up-to-date or checks that it is up-to-
date. Carrying out a HAZOP on an incorrect line diagram is useless.

The HAZOP on a large project may take several months even with 2 or 3
teams working in parallel on different sections of the plant. It is thus
necessary to either:

 Hold up detailed design and construction until the HAZOP is

complete or,
 Allow detailed design and construction to go ahead and having the
risk of modifying the detailed design or even alter the plant when the
results of the HAZOP are known.

3.3.3 Some Points to Watch during HAZOP

It is possible for a team to get carried away by enthusiasm and install

expensive equipment to guard against unlikely hazards. The team leader
can counter this by asking how often the hazard will occur and how serious
the consequences will be. Sometimes he may suggest a full hazard
analysis, but more often he can bring a problem into perspective by just
quoting a few figures or asking a team member to do so.

The team consists mainly of engineers, they like hardware solutions, but
sometimes a hardware solution is impossible or too expensive and we have
to make a change in methods or improve the training of the operators. So
solutions are mostly like to be through either hardware changes, or
software changes, which is usually less expensive.
In many plants, the HAZOP is considered unsuitable for small
modifications. It is difficult to assemble a HAZOP team for every change of
a valve. However, many accidents have occurred because small
modifications had unforeseen side effects. They should be thoroughly
probed before they are authorized. Many types of guide sheets are
available for helping people to do so.

A HAZOP is not a substitute for knowledge and experience. It is not an

oven that consumes line diagrams and produces lists of modifications. It is
merely harnesses the knowledge and experience of the team in a
systematic and concerted way. Because the designs are so complicated,
the team cannot apply their knowledge and experience without this scratch
for their thinking. If the team lacks knowledge and experience, the HAZOP
will produce nothing worthwhile. Table 9 shows a small example of the
application of HAZOP through a checklist.

Table 9: HAZOP

Element Element Dangerous Possible Consequences Method of Corrective Observation

Name Function Deviation Cause Detection Action

Oven Cooking High Defected Fire Alarm Stop and

Temperature thermostat reparation
Person

3.4 What is Risk Assessment?

A risk assessment is nothing more than a careful examination of what, in

your work, could cause harm to people, so that you can weigh up whether
you have taken enough precautions or should do more to prevent harm.
The aim is to make sure that no one gets hurt or becomes ill. Accidents and
ill health can ruin lives, and affect your business too if output is lost,
machinery is damaged, insurance costs increase, or you have to go to
court. You are legally required to assess the risks. The important things are
whether a hazard is significant, and whether you have it covered by
satisfactory precautions so that the risk is small. You need to check this
when you assess the risks. For instance, electricity can kill but the risk of it
doing so in an office environment is remote, provided that ‘live’ components
are insulated and metal casings properly earthed

Risk assessment is the process of evaluating a hazard to determine the

level of action required to reduce a risk to an acceptable level. When
evaluating the risks imposed by a hazard one should consider both the
likelihood and consequences of the event happing. Judging how likely it is
that something will happen or what its potential consequences might be is
like predicting the future. You cannot be rally sure; you can make a "best
estimate" on the basis of the information available. Because it is so
unpredictable it is better to be conservative in your judgment.

3.4.1 Likelihood

This is defined as the chance of an event actually occurring. In the context

of risk management the event referred to is any event, which may cause
injury or harm to a person. When making an assessment of likelihood, you
must establish which of the following categories most closely describes the
likelihood of the hazardous event occurring.

 Very likely could happen frequently

 Likely could happen occasionally
 Unlikely could happen, but only rarely
 Highly unlikely could happen but probably never will

When evaluating the likelihood of an accident, a factor that will modify the
likelihood category, is exposure. Exposure is a measure of how often or
how long a person is actually exposed to a hazard. Some examples are:
  Very rare one per year or less
 Rare a few times per year
 Unusual one per month
 Occasional once per week
 Frequent daily
 Continuous constant

It is a common mistake to place too much emphasis on the mitigating

effects of a low exposure level. Just because a person is not exposed to a
hazard very often, does not always mean we can take fewer precautions.
The certainty or likelihood of an accident happening is more important than
how often a person is expected to a hazard. Figures 31 and 32 show the
degree of two types of probability scales used in risk assessment

Example

A power press is a common machine in a workshop. In essence the stored

energy in a rotating flywheel is instantaneously connected to a crankshaft,
via a key. The crankshaft drives a ram from its resting position at the top of
its stroke, down to the bottom of its stroke, where it punches a hole in a
piece of metal called a blank. When the ram has completed its punching
operation on the blank, it returns to its resting-place at the top of the stroke.
The operator removes the blank and replaces it with a new blank.

Description Likelihood

Certain 5

Very Likely 4

Likely 3

May Happen 2

Unlikely 1
 Figure 31: Five degree probability (likelihood) scale

Description Likelihood

Certain 4

Likely 3

May Happen 2

Unlikely 1

Figure 32: Four degree probability (likelihood) scale

The design of the machine is such that if a fault develops in the key, the
press will unexpectedly operate and complete a stroke. If at this point in
time the operator has his fingers under the ram whilst changing the blank,
the normal result is a serve crush or amputation injury. The operator would
expect to have his fingers in the danger zone for only a split second each
time the press cycles. There are no guards or devices that can prevent the
machine from cycling once a key fault has developed. Good maintenance
will reduce the number of key faults happening but they can never eliminate
them totally. For this example let’s assume that maintenance has reduced
the risk of the press malfunctioning to once in 5 million operations.

At first glance it seems we need to do nothing further to reduce the risk.

Closer examination will reveal that operators of presses often exceed 60
operations per minute. Using 60 operations per minute for this example and
1 fault every 5 million operations we fined that:
  60 operation/min x 60 min/hour x 8 hrs/day x 5 days/week x 34.72
weeks = 5 million operations.

This indicates that a press operator is at risk of having an accident every

34.72 weeks. The exposure to risk is "very rare" however the "likelihood" of
the accident happening is almost certain if a key fault develops.

Control measures must be put in place to reduce the likelihood of this

accident occurring because it is unacceptable for an organization to have a
serious accident every 34 weeks.

The location of a hazard can affect the likelihood of the accident

happening. For example, an exposed V belt drive located adjacent to a
walkway where persons could easily come into contact with the nip points
would have a higher likelihood rating than if the same drive arrangement
were located in a position form which persons were located in a position
from which persons were excluded.

When we assess "likelihood" it should be remembered we are only

assessing the possibility of an accident happening. As part of our
assessment of likelihood we must take into consideration how often and for
how long the person is at risk, however this is of lesser importance than the
certainty of an accident occurring.

3.4.2 Consequences

Consequences is a measure of the expected severity should an accident

occur. When assessing the consequences of an accident, the most severe
category one could reasonably expect to result from that accident should
be selected.

The consequences of an event can be categorized as follows:

Fatal death

Major Injuries normally irreversible injury of damage to health requiring

extended time off work to effect best recovery.

Minor typically a reversible injury or damage to health needing several days

away from work to recover. Recovery would be full
and permanent.

Negligible injuries would require first aid and may need the emained of the
work period or shift off before being able to return
to work.

Figure 33 below shows the consequences rating for: injury, asset damage
and environmental damage

Consequence
Environmental Rating
Injury Asset Damage
Damage
Extensive damage,
Massive leak/spill,
Multiple fatalities shut down, or loss of 5
public concern
plant
Single fatality, or Major damage, or Nonconformance
4
permanent disability partial shutdown with regulations
Localized damage, or Localized leak/spill,
Serious injury 3
partial shutdown or partial shutdown
Minor damage, or Public concern with
Minor injury 2
parts replacement no lasting effect
Slight damage, no Effect contained
Slight injury 1
lost time locally

Figure 33: Five degree consequences (severity) scale

If the position of the danger to the consequences in the event of an
accident happening then the added consequences must be taken into
consideration and the consequence rating increased.

When making a risk assessment all aspects of likelihood and

consequences should be taken into consideration. The interrelated
parameters of likelihood and consequences can easily be presented on the
simple matrix shown below.

Consequences
Rating
Environmental
Personnel Property Damage
Damage

Fatalities Extensive Massive 4

Beyond
Serious Major 3
regulations

Minor Minor No lasting effect 2

Consequences
Rating
Environmental
Personnel Property Damage
Damage

Fatalities Extensive Massive 4

Beyond
Serious Major 3
regulations

Minor Minor No lasting effect 2

 Slight Slight Contained locally 1

Figure 34: Four degree consequences (severity) scale

3.4.3 Risk matrix

If we consider the likelihood of an accident whilst driving a car and the

consequences, statistically it is highly unlikely that we will have an accident
and the worst consequence would be a fatality. From the matrix below we
can see that the risk is in the medium range which means that we make
efforts to reduce the risk of an accident by such means as driver training,
road management and vehicle design.

Table 10: Risk matrix based on consequences and likelihood

Likelihood
Consequences
Very likely Likely Unlikely Highly unlikely

Fatality High High High Medium

Major injuries High High Medium Medium

Minor injuries High Medium Medium Low

Negligible Medium Medium Low Low

injuries

Events or situations assessed as very likely with fatal consequences are

most serious (high risk); those assessed as highly unlikely with negligible
injuries are the least serious (low risk).
When developing risk control strategies any item with a high rating should
be addressed first.

Using the above matrix it would be normal to develop a list of hazards with
highly rated risk at the top of the list. Management would then be expected
to determine at what point it would be reasonable to take no further action.

Figure 35: 9X9 risk matrix

3.4.5 Risk management worksheets

There are no standard formats used to record the data in connection with
risk management assessments. The examples given are only for reference
 and may need modification to suit the nature of individual projects. Always
use a Risk management worksheet for systematic recording. An example
of risk management worksheet is shown in table 11.

Table 11: Example of risk management worksheet

Plant risk

Management worksheet

Company: Site/ location: paper store / 5 Jones St. Date: 02/01/95

JHT printing

Hazard Likelihood Consequence Risk rating Control action

identification
1. Initiated
2. Implemented
Very likely Fatality High 3. Reviewed

Likely Major injuries Medium

Unlikely Minor injuries Low 1. 2. 3.

Highly Negligible
unlikely injuries

Crush from Very likely Major injury High XX

guillotine paper
holding bar

Amputation from
guillotine blade due
to:

Electrocution Unlikely Fatality High XXX

hazard from knife

Electrocution Unlikely Fatality High XXX

hazard from meat
slicer

Cutting hazard from Likely Minor injury Medium X

meat slicer

3.5 Risk Control

Control means the measures to be taken to eliminate or reduce the risk to

an acceptable level.

When a risk assessment has identified a hazard as having unacceptable

risks we have to put in place control measures to eliminate the risk or
reduce the risk to an acceptable level.

Figure 36: Risk matrix after applying preventive measures

3.5.1 Hierarchy of control

Hierarchy of control means the order in which controls should be
considered when selecting methods of controlling a risk. Control measures
can be sorted into a number of categories with the most effective listed at
the top. The list of categories is collectively known as a "hierarchy of
control".

When selecting appropriate measures to control a risk we should select a

control measure from as high on the hierarchy of control list as practicable.
The hierarchy of control list usually comprises:

 Elimination
 Substitution
 Isolation
 Engineering Controls
 Administrative controls
 Provide personal protective equipment (PPE)

3.5.2 Elimination

The most satisfactory method of dealing with a hazard is to eliminate it.

Once the hazard has been eliminated the potential for harm has gone.

Example

The dangers associated with transporting of an explosive material called

ammonium nitrate fuel oil (Anfo) are known and documented. Anfo is made
by simply mixing ammonium nitrate with fuel oil (diesel). Both constituents
are safe in isolation but when mixed they become unstable. The dangers of
long distance transport can be removed by not mixing the component parts
until they are on site. By this simple expedient we have eliminated the
hazard.
3.5.3 Substitution

This involves substituting a dangerous process or substance with one that

is not as dangerous. This may not be as satisfactory as elimination as there
may still be a risk (even if it is reduced).

Example

Many chemicals can be substituted for other safer chemicals, which

perform in the same manner but do not have the same dangers e.g. water
based paints rather than those that contain lead.

3.5.4 Separation

This means separate or isolate the hazard from people. This method has
its problem in that the hazard has not been removed. The guard or
separation device is always at risk of being removed or circumvented.

Example

A guard is placed over a piece of moving machinery. If the guard is

removed for maintenance and not replaced people are again at risk.

3.5.5 Administration

Administrative solutions usually involve modification of the likelihood of an

accident happening. Reducing the number of people exposed to the danger
and providing training to those who are exposed to the hazard can do this.
Example

The dangers of electricity are well known and only trained and licensed
people are allowed to work on electrical equipment. We can appreciate that
the electrician is still at risk, but there training is such that the risk are
reduced to an acceptable level.

Administrative solutions also include danger signs and written systems of

work such as those for working in confined spaces and lock out spaces and
lock out procedures.

3.5.6 Personal protective equipment (PPE)

Provision of personal protective equipment should only be considered

when all other control methods are impractical, or to increase control when
used with another method higher up in the hierarchy of control.

Example

To remove the possibility of a person dropping something on their foot in a

workshop situation would be impracticable, as it would involve securing
every movable object large enough to do damage if it fell on a person's
foot. The practicable solution is to provide every person at risk with safety
footwear.

Control are not mutually exclusive, several in the hierarchy may be needed
to obtain the level of control necessary.

Table 12: Protective requirement for eye, head, and foot/toe

WHERE
Eye Head Foot/Toe
NEEDED
Where machines or Where there is In areas where
operations present danger from impact there is a potential
a danger from flung and penetration for foot or toe
objects, direct or from falling or flying injuries.
reflected brightness, objects or from
hazardous liquids, limited electric
or injurious shock.
radiation.
TYPES OF Goggles, full face Safety hats full Impact and
PRO- shields, safety brim, brimless, compression
glasses, side- limited voltage resistance,
TECTION
shields, welders’ protection, no metatarsal
lenses (should meet voltage protection, protection,
standards). (should meet puncture
standards). resistance,
electrical hazard
resistance,
conductive (should
meet standards).
FITTING Comfortable fit (not Comfortable, Proper fit.
interfere with proper fit.
REQUIRE- movement).
MENTS

SUGGESTED Date issued, Date issued, type Date issued,

reissued, type issued, instructions amount
RECORDS issued, instructions given (need to reimbursed,
given wear, maintenance, instructions given
disciplinary action). (need to wear,
(need to wear, maintenance,
cleaning needs, disciplinary action).
maintenance,
conservation,
disciplinary action,
fitting).
EXAMINA- Visual acuity, depth
TIONS perception.
NEEDED
 Table 13: Protective requirement for hand, hearing and respiratory

WHERE
Hand Hearing Respiratory
NEEDED
Danger of cuts, or Noise exposure that In areas that present
from handling equals or exceeds 85 a limited breathable
corrosives, solvents, dBA in an 8-hour environment or the
or other chemicals. time-weighted period. possibility of an
oxygen-deficient
environment or air
contamination.

TYPES OF Cotton/leather gloves; Full muffs, Air-purifying

gauntlets; heat- disposable plugs, respirators, chemical
PROTECTION resistant gloves; Swedish wool, non- cartridge respirators,
barrier creams; chain disposable plugs. air-supplied
mail gloves; haly- (Should meet respirators,
gloves; rubber gloves. standards). combination
(Should meet respirators, self
standards). contained breathing
devices. (Should
meet standards).

FITTING Proper fit. Proper fit, correct Significant fitting

type for noise requirements.
REQUIRE- exposure.
MENTS

SUGGESTED Date issued, reissued, Audiometric exam, Date issued,

type issued, date issued, reissued, type
RECORDS instructions given, instructions given issued, instructions
(need to wear, (need to wear, given (respiratory
maintenance, effects of noise, hazards present;
conservation, cleaning, functions; fit testing;
disciplinary action.) conservation, fitting, proper utilisation,
disciplinary action.) cleaning and
maintenance;
conservation,
disciplinary action).
EXAMINA- Audiometric Pulmonary function.
TIONS
(baseline and
NEEDED annual).

3.6 Apply Hierarchy of Control

It is crucial to apply the control measure from as high on the hierarchy of

control list as practicable. If we go back to the power press example in
"Risk assessment" mentioned earlier we could examine the steps we
should take to control the risk of an operator having an accident whilst
loading the press.

The contribution to industry of the power press is so great that to eliminate

them completely from the working environment would not be practicable.
Since power presses were first invented in the early part of this century,
designers have not been able to eliminate the hazard of an unexpected
stroke. Based on the evidence and current knowledge, elimination of the
hazard is not practicable.

We could then look to substitution to reduce the risk. We could substitute a

power press for a hydraulic press or a drilling machine. Both of these
alternatives are too slow to be viable alternatives in most cases.

Separating the operator and the hazard is possible in most cases if we use
an automatic feed and a guard to eliminate persons from the danger area.
This method is effective, but will not applicable to all cases.

Administration should be our next alternative. This would involve training

the operator to remove the work-piece and place a new blank in the
machine without putting their fingers in a position where they could be
crushed in the event of a malfunction of the press e.g. By using a push
stick or similar.
Personal protective equipment may not always be applicable. In fact it
should be the aim of the organization to remove the necessity for personal
protective equipment.

Accepting a solution too low on the hierarchy of control list is a common

failing, which must be avoided.

3.7 Monitoring and Review

Review is an important aspect of any risk management process. It is

essential to review what has been done to ensure that the controls put in
place are effective and that they have not introduced new hazards.

Example

An agricultural machine was found to be hazardous and a guard was

subsequently fitted round the moving parts. This guard excluded persons
from the danger area; however, due to the nature of the environment it was
found that chaff built up behind the guard. If a review had not been carried
out of the new guard after it had been in service for a short while, the chaff
in conjunction with the moving parts may have caused a fire.

The lesson to be learnt here is that however the initial risk management
process was done, there is always the possibility that something will be
overlooked and not addressed in the initial stages. The review system
allows further modifications to be carried out.

3.8 Conclusion
Hazard identification, risk assessment, control and review are not a task
that is completed and then forgotten about. Hazard identification should be
properly documented even in the simplest of situations. Sample work
sheets to assist in this process are very useful. Risk assessment should
include a careful assessment of both likelihood and consequence. Control
measures should conform to the recommendations of the hierarchy of
control. The risk management process is an on going activity which should
include regular reviews of all aspects of organizations activities including
the purchase of new plant and consumables, safety existing plant, systems
of work including administrative initiatives such as evacuation, fire and
violence in the workplace strategies.
 Chapter 4 Methods of System Analysis

4.1 Introduction
As long as we identified the Danger(s), concerning a specific system, it
would be necessary to start analyzing the system with these danger(s) in
order to find out the probable Risk(s) associated and to try to reduce it or to
eliminate it -if it is possible-.

Several methods exist for the analysis of systems, each have advantages
and disadvantages, although we tried to cover up all available methods,
some other methods are beyond this course, such as the method of Fuzzy
Sets for the analysis of systems which resembles to small extents the
method of Monte Carlo simulation, but based on another mathematical
base and not based on statistical data.

Each of the method has more or less frequent application in some fields of
the Security of functions. In order to satisfy the needs of any system, one
method or more should be used to reach out for a complete risk analysis
study.

4.2 Markov Chains

The fundamental characteristic of a Markov chain is that the system of

interest is conditional only on its current situation. Since pure static systems
rarely exist, the Markov chains are used to present dynamic systems
observing its stochastic states, Figure 37.
 Figure 37: Stochastic Processes

The Markov chains is based on the graphical representation of the studied

process, so in order to explain the different steps of the study, we will
consider a system of two parallel components, Figure 38.

Figure 38: Parallel system of two components

4.2.1 Presentation of the Process

The constructor of the system stated that in this system, any one of the two
components could supply the full demand at the exist; with priority that C2
is the firstly repaired. The analysis of this system with the Markovian
processes consists of identifying the different states of the system during its
exploitation. These different states are listed in Table 14.

Table 14: Different states of the system.

The construction of the graphical representation of the system starts with

the presentation of each state of the system with a circle, Figure 39. The
next step is to find out the behavior of the system from one state to
another:

 The state of perfect working E1 may be transferred to the state E2 or

E3 with the error C2 or C1 respectively.
 The state E2 may be transferred to the state of complete failure E4
through the error C1 or through the reparation C2.
 The state E3 could also be transformed into total failure through P1
or reparation E1 through C1.
 Finally, the state E4 is transferred to E3 through reparation C2 that is
the priority of reparation.
Each of these transformations listed above is called transition, which is
represented graphically with an arrow from the state of departure to the
state of arriving, Figure 39. For each transition of the state Ei to the state Ej,
we will associate it with an index of transition Lij, which is defined as the
probability of the transition from state Ei to state Ej during the period
between t and t+Δt, assuming that we are now at time t.

Figure 39: Graphical Presentation of the System

For any process, it doesn't exist in a simple equation to estimate the

transformation and only the simulation through Monte Carlo techniques is
feasible. Also, because the process is Markovian, all the indexes of
transition are constants and the analytical treatment is relatively simple.
The constancy of the index of transition applies to all the phenomena,
which have an exponential nature.

The Markovian processes proceed in a certain manner that needs no

memory: the probability of the transformation of Ei to Ej, doesn't depend on
time but only on the presence of the state Ei. This property is fundamental
for the Markovian processes.
Only in the case of very small graphs, the utilization of specific software is
available for the evaluation and the analysis of the Markovian state and the
reliability of the system.

4.3 PETRI Network

The Petri Networks are graphical oriented, which makes the core of a
highly advanced mathematics. The Network is constructed of Places,
Transitions and Arcs, Figure 40. Places are represented graphically with
circles; the places could be marked by one or more small coins.

Transitions are represented graphically with right segments, so the

transitions have two possible states (valid or not valid). The Arcs are
represented by arrows; the arcs are of two types either being the link
between a place and a transition (arc upstream), or being the link between
a transition and a place (arc downstream).

Figure 40: PETRI networks

These entities represent graphically the state of the network. In order to
simulate the behavior of the system, the static representation of the system
changes as the evolution of the system goes on. This action is reserved for
the marking of the system with the coins, as the coins are moved from one
place to another, this represent the changes in the system. In order to find
a valid state of the system, any transition must have at least one coin in
each of its amount places. Therefore, it might be drew, and this drew
consists of drawing a coin in each of its amount places and putting one in
its avail places. The result will be a new marking of the network that
represents a new state of the system.

According to their origin, the Petri networks follow sequentially the different
states of the system under consideration, and so we can have the following
results of such analysis:

 Detailed analysis of the behavior of the system.

 Identification of the states from a graphical point of view.
 Identifying the non-accessible states.
 Identifying the blocking, causes of delay, etc.
 Identifying the conflicts between different states.

The utilization of the Petri networks for the identification of different states
of the system in order to generate the equivalent Markov processes is one
of the very common methods of system analysis in the field of Security of
Function.

4.4 Simulation, (The Monte Carlo Technique)

Within operations research, simulation typically involves the construction of

a mathematical model. Rather than directly describing the overall behavior
of the system, the simulation model describes the operation of the system
in terms of individual events of the individual components of the system. In
particular, the system is divided into elements whose behavior could be
predicted. The interrelationship between elements is also built into the
model. After constructing the model, it is then activated (by generating input
data) to simulate the actual operation of the system over time and record its
behavior. By repeating this for the various alternative design configurations
and comparing their performances, the most promising configuration can
be identified.

Simulation models are often used to analyze a decision under uncertainty

that is a problem in which the behavior of one or more element of the
model can be represented by a probability distribution. This type of
simulation is called Monte Carlo Method. Because of statistical errors, it is
impossible to reach optimum with a simulation of Monte Carlo, but it should
be at least expected to be close to optimal if the simulated experiment is
built properly.

If the behavior of an element cannot be predicted exactly, given the state of

the system, it is better to take random observations from the probability
distribution functions involved than to use averages to simulate this
performance. To choose a probability distribution function that represents
the data, it is rather recommended to use a probability distribution function
that best fits the model rather than using histograms of the data collected in
the past. This is usually preferable because it would seem to come closer
to the prediction of future behavior of the data rather than reproducing a
certain behavior over a certain period in the past.

4.5 Fault Trees

The method of Fault Trees for the system analysis is the method highly
recommended in static -or semi static- systems. The method is also
grouped under the name of the defaults tree or the cause's tree. The
causes-tree is the tree more and more correctly applied in terms of
mathematics and correspond more to the diagram of causes-
consequences.

This method is a deductive method, which means that it starts with an

effect and tries to find its causes, or its elements, and this might be, the
reason for its high popularity.

4.5.1 The construction of the tree.

The beginning of the construction is by indicating the error that could

happen; this error will be the head of the tree. It is worth mentioning that
the choice of the error depends largely on the analysis of the system and
the study of its components.

The construction of the tree could be thought of as a task consisting of

different steps:

1. Decomposition of System; the decomposition is the physical analysis

of the system. Although the used criterion varies from one system to
another, the used criteria could be one of the following:

 Technological Criteria, for example an automatic alarm is installed in

the system
 Maintenance Criteria, for example a part of the system is replaced
systematically.

2. Identifications of Components; It is necessary to identify each

component of the system, its operation and its modes of failure.
 3. Reconstitution of the system with its components; which means the
composition of the system in good function with the defined
components.
4. Phases; the so-called phases are the modes of operation of the
system, for example, for a plane; the modes of operation are Taking-
off, Flying, and Landing.
5. Boundary Conditions; System’s boundaries have to be well defined in
relation with its surrounding environment.
6. Hypothesis; what kind of hypothesis is applied on the system and its
operations.
7. Initial Conditions; with the mentioned hypothesis, it is the state in
which we will start to study the system.
8. Definition of Undesired Error (Event)
9. Decomposition of the Events; this is done by simply asking the
question, what are the past events that could lead to the current?
10. Finishing the Construction; it is important to mention that at such a
moment, it is important to consider the current components as
elementary ones, as we can still decompose each element to its
components indefinitely.

4.6 Critical Analysis of System (Simulation)

4.6.1 Example 1: simulation of a CPM network

In order to illustrate the method of Monte Carlo for the simulation of

Uncertain Network times, a small project has been studied carefully, and an
identification of its network has been drawn, Figure 41, the network
consists of 10 activities, Act.1 ... act.10, the activities relationships are
illustrated according to logical relations between each node and the other.
Directions of arrows indicate the logical path of flow between nodes while
the relative length of arrows has no actual implications on the period of
each activity.
 Figure 41: Network model of the Project

The activities of the network are known to have a random distribution which
is bounded between two definite times, a minimum time and a maximum
time. In order to simulate this network and to find the Critical Path of the
project, which is the path of activities that should gain maximum attention to
the manager and that the delay in that path could delay the whole project,
the Bounded Monte Carlo Simulation is used as follows:

 The activities are arranged in a table with its minimum and maximum
time, Table 15.
 Random observations are sampled according to the following
approach

Sample time = minimum time + rand (max time- min time)

  100 samples for each activity are done (presented here are only 10 samples).
 For each one of the 100 samples, a different network is constructed
with the sampled times.
 For the 100 generated networks, the Critical Path has been
calculated and identified.
 Finally, the critical indexes of each activity are calculated as the ratio
between the number of ten on the critical path and the total number
of samples (100 samples). Table 16.

Table 15: Random observations

Act. Min Max s1 s2 s3 s4 s5 s6 s7 s8 s9 s10 Mean STD

1-2 8 10 9,5 8,6 8,1 8,3 8,4 8,9 8,0 9,5 9,7 8,5 8,8 0,60
1-3 5 7 6,3 5,1 7,0 5,5 6,4 5,2 5,7 6,5 6,5 5,0 5,9 0,71
1-4 7 9 8,4 8,1 8,3 7,7 8,2 7,5 7,4 7,1 7,5 7,5 7,8 0,45
2-5 5 7 6,7 5,1 5,3 5,7 6,9 5,3 6,1 5,6 5,9 5,8 5,9 0,58
3-6 4 6 4,9 4,2 4,3 5,7 5,5 5,1 5,3 5,4 5,3 4,3 5,0 0,54
3-5 8 10 9,0 9,9 9,9 9,1 8,4 9,3 8,7 8,3 9,1 9,8 9,2 0,60
3-7 11 13 11,4 12,8 12,9 11,6 12,9 12,5 12,8 12,6 11,5 11,6 12,3 0,64
4-7 10 12 10,8 11,3 10,2 10,2 10,8 11,1 10,2 10,3 11,2 11,8 10,8 0,57
5-8 6 8 6,1 6,4 7,1 6,5 6,4 7,0 6,9 7,0 7,9 6,8 6,8 0,50
5-9 6 8 7,4 6,4 7,1 7,8 8,0 6,9 6,7 6,5 6,1 6,3 6,9 0,65
6-8 2 4 2,4 2,1 2,5 2,3 2,8 3,3 2,9 2,4 2,5 2,6 2,6 0,36
7-8 0 2 1,9 0,5 1,6 1,7 0,5 0,4 0,6 1,2 0,2 1,0 1,0 0,61
7-10 3 5 4,6 3,5 3,7 3,7 4,8 4,0 4,2 4,3 3,0 3,1 3,9 0,60
8-10 2 4 2,6 3,6 2,2 3,9 3,6 2,5 2,2 3,0 2,2 3,5 2,9 0,69
9-10 0 3 0,3 0,6 2,7 2,2 2,5 2,8 1,5 1,2 0,7 1,8 1,6 0,92
Total 72 96 82,8
 Table 16: Critical Index of activities (activities with * means that it was on the
Critical Path in this sample).

Act. Min Max s1 s2 s3 s4 s5 s6 s7 s8 s9 s10 Critical

Index

1-2 8 10 * * * * 40%
1-3 5 7 * * * * * * * 70%
1-4 7 9 0%
2-5 5 7 * * * * 40%
3-6 4 6 0%
3-5 8 10 * * * * * * * 70%
3-7 11 13 0%
4-7 10 12 0%
5-8 6 8 * * * * * * * 70%
5-9 6 8 * * * 30%
6-8 2 4 0%
7-8 0 2 0%
7-10 3 5 0%
8-10 2 4 * * * * * * * 70%
9-10 0 3 * * * 30%

4.6.2 Results

According to the critical indexes listed in Table 16, we can identify two
probable critical Paths, (1-3-5-8-10), with a probability of 70%, and another
(1-2-5-9-10) with a probability ranges between 30% and 40% in some
activities. So the final Network with the most probable Critical Path is
illustrated in Figure 42.
Figure 42: Final critical paths for the network
 Chapter 5: The Process of Fire Risk Management

The process of risk management involves the four steps shown in the
following diagram, Figure 43 – the four steps are undertaken in a cycle until
an acceptable level of risk is achieved.

Figure 43: Hazard identification

An industrial fire or explosion can be defined as a characteristic of a system
plant or process that represents a potential for unplanned event leading to
undesirable loss consequences. The keywords in this definition are
undesirable consequences "hazard identification" is the process of
recognizing hazards that can pose significant undesirable l

oss consequences. Hazard identification should be a continuous activity in

the evaluation of new materials, plant additions, and production
modifications.

5.1 Methodology of Hazard Identification

1. Engineering checklist.
2. Hazard indices.
3. Hazard and operability study Hazop.
4. Preliminary hazard analysis PHA.
5. Failure mode and effect analysis FEMA.
6. Fault tree analysis FTA.
7. Event tree analysis ETA.
8. Cause consequence analysis.
9. Reliability analysis.

5.2 Fire Risk Assessment

5.2.1 The primary steps in fire risk assessment include:

 Identifying the event sequence that could lead to significant loss.

 Quantification of the fire risk (i.e probability of fire event occurrences
and loss consequences).
 Development and evaluation of alternative fire prevention and/or fire
protection strategies (i.e recommendation) to reduce fire risk.
 Quantified measurement of the change of fire risk (i.e. differences in
probability and/or consequences).
Fire Risk = probability of occurrence x loss consequences

Methods of assessing the probability value of fire event occurrence:

1- Objective estimation:

Valid and applicable data on loss event frequencies then the probabilities
can be extracted from that source. But due to complexity and Varity of
heavy industries valid and applicable data are scare.

2- Subjective estimation:

Available loss trending information

 Equipment failure.
 Human error.
 Ignition source.
 Loss control elements.
 Damage ability factor.

The physical intensity of fire-explosion loss scenarios are quantified in

terms of the expected energy released.

1. Heat exposures.
2. Smoke and /or corrosive gas contamination
3. Explosion blast over pressure – etc.
4. Area involved
5. Duration.

Direct loss of fire event

1. Damage to building
2. Damage to equipment.
 3. Damage to products.
4. Etc.

Direct loss of fire event

1. Business interoperations.
2. Liability for injury or death.
3. Environmental contamination.
4. Damage to company image.
5. Etc.

5.2.2 Type of risk assessment

Depends on:

1. Complexity of the operation.

2. Time and cost limitation.
o Routine code compliance can be conducted by using simple
checklist.
o New technologies or high hazard operations require application
of more detailed risk assessment and decision analysis
methods.

5.2.3 Risk management

RM means:

1. Establishing acceptable level of risk.

2. Method of handling identified risks.
Risk decision – making process based on

1. Profit (competitive market position).

2. Protection of company assets (major loss exp.)
3. Continued company operation (business interruption).
4. Community good well (embarrassment).
5. Legal requirements (liability, building code, etc).
6. Insurance company requirements.
7. Environmental concerns.
8. Continued growth (expansion).

If the risk is acceptable is acceptable, no immediate action is required, but

monitoring for changes which could increase the risk must be done.

If the risk is unacceptable then decision must be made about how to deal
with the risk.

5.2.4 Risk management for handling fire risk exposure

1. Risk avoidance by non-participation of risky operation.

2. Risk transfer by purchasing insurance to cover potential loss.
3. Risk financing self-insurance. Alternate risk transfer arrangement.
4. Risk reducing by providing loss control improvement.
5. Risk management program that includes combination of the above.

5.2.5 Cost /benefit analysis

Evaluate the cost of fire prevention and protection alternative which include

1. Design
2. Installation.
3. System maintenance
4. Training expenses.
5.2.6 Development and monitoring of loss control program

Loss control improvements at industrial facilities include the development

and monitoring of comprehensive loss control programs. Written
documentation should be provided for these programs and up dated
periodically.

The fire loss control program should define specific objectives

regarding:

1. Personnel safety.
2. Property conservation.
3. Environmental impact.
4. Minimizing interrupt to plant production.

Loss control program documentation should include a through

description of:

1. Engineering design.
2. Applied engineering standards.
3. Administrative control.

5.2.7 Fire prevention

There are several methods to be employed through design, operational

controls, operator training, and maintenance to prevent fire from starting.

5.2.7.1 Automatic fire detection and suppression

Fixed fire protection systems and equipment installed that rapid ally detect,
suppress and control fires that do occur.

5.2.7.2 Protection for structures and equipment

Fire protection standard for passive and active measures which will be
used to protect operations, structures and equipment in the event that fire
is not rapid ally extinguished.

5.2.7.3 Manual protection

Provision of manual fire fighting capabilities is as a back up to active and

passive fixed protection system including fire department, pre-fire planning,
and periodical emergency drills.

5.2.7.3 Audit program

Description of the loss prevention and auditing procedures for new facility
processes, plant modifications, self-inspection and maintenance activities.

An effective fire protection program must include all major engineering

disciplines as well as risk management, safety, security production,
maintenance.
 Chapter 6: Summary of Risk Assessment Steps in
Workplace

STEP 1: Look for the hazards

STEP 2: Decide who might be harmed and how

STEP 3: Evaluate the risks and decide whether the existing precautions are
adequate or whether more should be done

STEP 4: Record your findings

STEP 5: Review your assessment and revise it if necessary

Don’t be overcomplicated. In most firms in the commercial, service and

light industrial sectors, the hazards are few and simple. Checking them is
common sense, but necessary. You probably already know whether, for
example, you have machinery that could cause harm, or if there is an
awkward entrance or stair where someone could be hurt. If so, check that
you have taken what reasonable precautions you can to avoid injury. If you
are a small firm and you are confident you understand what’s involved, you
can do the assessment yourself (you don’t have to be a health and safety
expert!). If you are a larger firm, you could ask a responsible employee,
safety representative or safety officer to help you. If you are not confident,
get help from a competent source. But remember - you are responsible for
seeing it is adequately done.

Hazard and Risk - don’t let words in this guide put you off! Hazard means
anything that can cause harm (e.g. chemicals, electricity, working from
ladders, etc) risk is the chance, high or low, that somebody will be harmed
by the hazard.

6.1 Step 1: Look for the Hazards

If you are doing the assessment yourself, walk around your workplace and
look afresh at what could reasonably be expected to cause harm. Ignore
the trivial and concentrate on significant hazards, which could result in
serious harm or affect several people.

Ask your employees or their representatives what they think. They may have
noticed things, which are not immediately obvious. Manufacturers’ instructions or
data sheets can also help you spot hazards and put risks in their true perspective.
So can accident and ill-health records.

6.2 Step 2: Decide Who Might Be Harmed, and How

Don’t forget:

 Young workers, trainees, new and expectant mothers, etc who may
be at particular risk
  Cleaners, visitors, contractors, maintenance workers, etc who may
not be in the workplace all the time
 Members of the public, or people you share your workplace with, if
there is a chance they could be hurt by your activities.

6.3 Step 3: Evaluate The Risks And Decide Whether

Existing Precautions Are Adequate or More Should Be
Done.

Consider how likely it is that each hazard could cause harm. This will
determine whether or not you need to do more to reduce the risk. Even
after all precautions have been taken, some risk usually remains. What you
have to decide for each significant hazard is whether this remaining risk is
high, medium or low.

First, ask yourself whether you have done all the things that the law says
you have got to do. For example, there are legal requirements on
prevention of access to dangerous parts of machinery. Then ask yourself
whether generally accepted industry standards are in place. But don’t stop
there - think for yourself, because the law also says that you must do what
is reasonably practicable to keep your workplace safe. Your real aim is to
make all risks small by adding to your precautions as necessary. If you find
that something needs to be done, draw up an ‘action list’ and give priority to
any remaining risks which are high and/or those which could affect most
people. In taking action ask yourself:

1. Can I get rid of the hazard altogether?

2. If not, how can I control the risks so that harm is unlikely?

In controlling risks apply the principles below, if possible in the following

order:

 Try a less risky option

 Prevent access to the hazard (e.g. by guarding)
 Organize work to reduce exposure to the hazard
  Issue personal protective equipment
 Provide welfare facilities (e.g. washing facilities for removal of
contamination and first aid)

Improving health and safety need not cost a lot. For instance, placing a mirror on a
dangerous blind corner to help prevent vehicle accidents, or putting some non-slip
material on slippery steps, are inexpensive precautions considering the risks. And
failure to take simple precautions can cost you a lot more if an accident does
happen.

But what if the work you do tends to vary a lot, or you or your employees
move from one site to another? Identify the hazards you can reasonably
expect and assess the risks from them. After that, if you spot any additional
hazards when you get to a site, get information from others on site, and
take what action seems necessary. But what if you share a workplace?

Tell the other employers and self-employed people there about any risks
your work could cause them, and what precautions you are taking. Also,
think about the risks to your own workforce from those who share your
workplace. But what if you have already assessed some of the risks? If, for
example, you use hazardous chemicals and you have already assessed
the risks to health and the precautions you need to take under the Control
of Substances Hazardous to Health Regulations (COSHH), you can
consider them ‘checked’ and move on.

6.4 Step 4: Record Your Findings

If you have fewer than five employees you do not need to write anything
down, though it is useful to keep a written record of what you have done.
But if you employ five or more people you must record the significant
findings of your assessment. This means writing down the significant
hazards and conclusions. Examples might be ‘Electrical installations:
insulation and earthing checked and found sound’ or ‘Fume from welding:
local exhaust ventilation provided and regularly checked’. You must also
tell your employees about your findings.

Suitable and sufficient - not perfect!

Risk assessments must be suitable and sufficient. You need to be able to

show that:

 A proper check was made

 You asked who might be affected
 You dealt with all the obvious significant hazards, taking into account
the number of people who could be involved
 The precautions are reasonable, and
 The remaining risk is low.

Keep the written record for future reference or use; it can help you if an
inspector asks what precautions you have taken, or if you become involved
in any action for civil liability. It can also remind you to keep an eye on
particular hazards and precautions. And it helps to show that you have
done what the law requires.

There is an example at the end of this guide, which you may find helpful to refer
to, but you can make up your own form if you prefer. To make things simpler, you
can refer to other documents, such as manuals, the arrangements in your health and
safety policy statement, company rules, manufacturers’ instructions, your health
and safety procedures and your arrangements for general fire safety. These may
already list hazards and precautions. You don’t need to repeat all that, and it is up
to you whether you combine all the documents, or keep them separately.

6.5 Step 5: Review Your Assessment and Revise It If

Necessary

Sooner or later you will bring in new machines, substances and procedures
that could lead to new hazards. If there is any significant change, add to the
assessment to take account of the new hazard. Don’t amend your
assessment for every trivial change, or still more, for each new job, but if a
new job introduces significant new hazards of its own, you will want to
consider them in their own right and do whatever you need to keep the
risks down. In any case, it is good practice to review your assessment from
time to time to make sure that the precautions are still working effectively.

Acronyms

ACOP = Approved Codes of Practice

ARARs = Applicable or Relevant and Appropriate Requirements

BHHRA = Baseline Human Health Risk Assessment

BHHRA = Baseline Human Health Risk Assessment

CERCLA = Comprehensive Environmental Response, Compensation, and

Liability Act

CERCLA = Comprehensive Environmental Response, Compensation, and

Liability Act

CMT = Corrosion Management Technology

COC = Chemical of Concern

COPC = Chemical of Potential Concern

COPC = Chemical of Potential Concern

COSHH = Control of Substances Hazardous to Health Regulations

CRE = Center for Risk Excellence

CROET = Community Reuse Organization of East Tennessee

D&D = Decontamination and Decommissioning

DOE U.S. = Department of Energy

DSEAR = Dangerous Substances Explosive Atmosphere Regulation

EE/CA = Engineering Evaluation/Cost Analysis

ELCR = Excess Lifetime Cancer Risk

EM = Environmental Management

EPA U.S. = Environmental Protection Agency

ES&H = Environmental Safety and Health

ETTP = East Tennessee Technology Park

EUWG = End Use Working Group

FFA = Federal Facilities Agreement

HAZAN = Hazard Analysis

HAZOP = Hazard Operability

HEAST = Health Effects Assessment Summary Table

HI = Hazard Index
HS&E = Health, Safety and Environment

IAMS = Integrated Asset Management System

IRIS = Integrated Risk Information System

LMES = Lockheed Martin Energy Systems, Inc.

M&I = Management and Integration

MHO = Manual Handling Operations

NPL = National Priorities List

OSP = Operation System Performance

PPE = Personal Protective Equipment at Work

PRG = Preliminary Remediation Goal

RAB = Risk Advisory Board

RAGS = Risk Assessment Guidance for Superfund

RAIS = Risk Assessment Information System

RATL = Risk Assessment Technical Lead

RCRA = Resource Conservation and Recovery Act

RFI RCRA = Facility Investigation

RGO = Remedial Goal Option

RI/FS = Remedial Investigation/Feasibility Study

RMA = Risk Management Analysis

ROD = Record of Decision

SOP = Standard Operating Procedure

TDEC = Tennessee Department of Environment and Conservation

TQM = Total Quality Management

Appendices

Appendix 1: Some Important Pieces of Health and Safety

Legislation

A.1.1 Besides the Health and Safety at Work Act itself, the following apply across
the full range of workplaces:

1. Management of Health and Safety at Work Regulations 1999: require

employers to carry out risk assessments, make arrangements to
implement necessary measures, appoint competent people and
arrange for appropriate information and training.

2. Workplace (Health, Safety and Welfare) Regulations 1992: cover a

wide range of basic health, safety and welfare issues such as
ventilation, heating, lighting, workstations, seating and welfare
facilities.

3. Health and Safety (Display Screen Equipment) Regulations 1992: set

out requirements for work with Visual Display Units (VDUs).
4. Personal Protective Equipment at Work Regulations 1992: require
employers to provide appropriate protective clothing and equipment
for their employees.

5. Provision and Use of Work Equipment Regulations 1998: require that

equipment provided for use at work, including machinery, is safe.

6. Manual Handling Operations Regulations 1992: cover the moving of

objects by hand or bodily force.

7. Health and Safety (First Aid) Regulations 1981: cover requirements

for first aid.

8. The Health and Safety Information for Employees Regulations 1989:

require employers to display a poster telling employees what they
need to know about health and safety.

9. Employers’ Liability (Compulsory Insurance) Act 1969: require

employers to take out insurance against accidents and ill health to
their employees.

Some important pieces of health and safety legislation

10. Reporting of Injuries, Diseases and Dangerous Occurrences

Regulations 1995 (RIDDOR): require employers to notify certain
occupational injuries, diseases and dangerous events.

11. Noise at Work Regulations 1989: require employers to take action to

protect employees from hearing damage.
 12. Electricity at Work Regulations 1989: require people in control of
electrical systems to ensure they are safe to use and maintained in a
safe condition.

13. Control of Substances Hazardous to Health Regulations 2002

(COSHH): require employers to assess the risks from hazardous
substances and take appropriate precautions.

A.1.2 specific regulations cover particular areas, as asbestos and lead,

14. Chemicals (Hazard Information and Packaging for Supply)

Regulations 2002: require suppliers to classify, label and package
dangerous chemicals and provide safety data sheets for them.

15. Construction (Design and Management) Regulations 1994: cover

safe systems of work on construction sites.

16. Gas Safety (Installation and Use) Regulations 1994: cover safe
installation, maintenance and use of gas systems and appliances in
domestic and commercial premises.

17. Control of Major Accident Hazards Regulations 1999: require those

who manufacture, store or transport dangerous chemicals or
explosives in certain quantities to notify the relevant authority.

18. Dangerous Substances and Explosive Atmospheres Regulations

2002: require employers and the self-employed to carry out a risk
assessment of work activities involving dangerous substances.
Glossary of Risk Terms

Risk Management Vocabulary

Guidelines for Use in Standards

(adapted form IEC, International Electrochemical Commission)

Introduction

All types of undertaking are faced with situations (or events) that constitute
opportunities for benefit or threats to their success. Opportunities may be realized or
threats averted by effective management. In certain fields, fluctuation as
representing opportunity for gain as well as potential for loss. Consequently, the risk
management process is increasingly recognized as being concerned with both the
positive as well as the negative aspects of these uncertainties. This Guide deals with
risk management from both the positive and negative perspectives.

In the preparation or revision of a standard that includes risk management aspects;

first considerations should be given to the definitions within this Guide. It aims to
provide basic vocabulary to develop common understanding among organizations
across countries. However, it may be necessary to deviate from the exact wording to
meet the needs of a specific domain. In this case, the rationale for deviation should
be made clear to the reader.

In the safety field, risk management is focused on prevention and mitigation of harm.
This Guide is generic and is compiled to encompass the general field of risk
management. The terms are arranged in the following order.

a) Basic terms

- risk
- consequence

- probability

- event

- source

- risk criteria

- risk management

- risk management system

b) Terms related to people or organizations affected by risk

- stakeholder

- interested party

- risk perception

- risk communication

c) Terms related to risk assessment

- risk assessment

- risk analysis

- risk identification

- source identification

- risk estimation

- risk evaluation

d) Terms related to risk treatment and control

- risk treatment

- risk control
- risk optimization

- risk reduction

- mitigation

- risk avoidance

- risk transfer

- risk financing

- risk retention

- risk acceptance

This Guide provides standards writers with generic definitions of risk management terms. It
is intended as a top-level generic document in the preparation or revision of standards that
include aspects of risk management. The aim is to promote a coherent approach to the
description of risk management activities and the use of risk management terminology. Its
purpose is to contribute towards mutual understanding risk management practice.

Overview of risk management terms and definitions

The relationships between the terms and definitions for risk management are shown in

Figures 1 to 3.

Risk management is part of the broader management processes of organizations. Risk

management depends on the context in which it is used. The words used in each context
may vary.

Where risk-management-related terms are used in a standard, it is imperative that their

intended meanings within the context of the standard are not misinterpreted or
misunderstood. Accordingly, this Guide provides definitions for the various meanings that
each term is likely to have without giving definitions that may contradict each other.
Increasingly, organizations utilize risk management processes in order to optimize the
management of potential opportunities. This differs from the risk assessment process, where
risk is taken as producing only negative consequences. However, since the business
community increasingly adopts the broader approach to risk, this Guide seeks to address
both situations.
The definitions in this Guide are broader in concept than those in given in Annex A.

Terms and Definitions

3.1 Basic terms

3.1.1

risk

combination of the probability (3.1.3) of an event (3.1.4) and its consequence (3.1.2)

NOTE 1 The term”risk” is generally used only when there is at least possibility of negative consequences.

NOTE 2 In some situations, risk arises from the possibility of deviation from the expected outcome or event.

3.1.2

consequence

outcome of an event (3.1.4)

NOTE 1 There can be more than one consequence from one event.

NOTE 2 Consequences can range from positive to negative. However, consequences are always negative for
safety aspects.

NOTE 3 Consequences can be expressed qualitatively or quantitatively.

3.1.3

probability

extent to which an event (3.1.4) is likely to occur

The mathematical definition of probability is “a real number in the scale 0 to 1 attached to a random event. It can
be related to a long-run relative frequency of occurrence or to a degree of belief that an event will occur. For a
high degree of belief, the probability is near 1.”

NOTE 2 Frequency rather than probability may be used in describing risk.

NOTE 3 Degrees of belief about probability can be chosen as classes or ranks such as
— rare/unlikely/moderate/likely/almost certain, or

— incredible/improbable/remote/occasional/probable/frequent.

3.1.4

event

occurrence of a particular set of circumstances

NOTE 1 The event can be certain or uncertain.

NOTE 2 The event can be a single occurrence or a series of occurrences.

NOTE 3 The probability associated with the event can be estimated for a given period of time.

3.1.5

source

item or activity having a potential for a consequence (3.1.2)

NOTE In the context of safety, source is a hazard (refer to annex A).

3.1.6

risk criteria

terms of reference by which the significance of risk (3.1.1) is assessed

NOTE Risk criteria can include associated cost and benefits, legal and statutory requirements, socio-economic
and environmental aspects, the concerns of stakeholders, priorities and other inputs to the assessment.

3.1.7

risk management

coordinated activities to direct and control an organization with regard to risk (3.1.1)

NOTE Risk management generally includes risk assessment, risk treatment, risk acceptance, and risk

communication.

3.1.8
risk management system

set of elements of an organization’s management system concerned with managing risk (3.1.1)

NOTE 1 Management system elements can include strategic planning, decision making, and other processes for
dealing with risk.

NOTE 2 The culture of an organization is reflected in its risk management system.

3.2 Terms related to people or organizations affected by risk

stakeholder

any individual, group or organization that may affect, be affected by, or perceive itself to be affected
by, a risk (3.1.1)

NOTE 1 The decision-maker is also a stakeholder.

NOTE 2 Stakeholder includes but has a broader meaning than interested party.

3.2.2

interested party

person or group having an interest in the performance or success of an organization

EXAMPLES Customers, owners, people in an organization, suppliers, bankers, unions, partners, or society.

NOTE A group can comprise an organization, a part thereof, or more than one organization.

3.2.3

risk perception

way in which a stakeholder (3.2.1) views a risk (3.1.1), based on a set of values or concerns

NOTE 1 Risk perception depends on the stakeholder’s needs, issues, and knowledge.

NOTE 2 Risk perception can differ from objective data.

3.2.4

risk communication

exchange or sharing of information about risk (3.1.1) between the decision-maker and other
stakeholders (3.2.1)

NOTE The information can relate to the existence, nature, form, probability, severity, acceptability, treatment, or
other aspects of risk.

3.3 Terms related to risk assessment

3.3.1

risk assessment

overall process of risk analysis (3.3.2) and risk evaluation (3.3.6)

3.3.2

risk analysis

systematic use of information to identify sources (3.1.5) and to estimate the risk (3.1.1)

NOTE 1 Risk analysis provides a basis for risk evaluation, risk treatment, and risk acceptance.

NOTE 2 Information can include historical data, theoretical analysis, informed opinions, and the concerns of

stakeholders.

3.3.3

risk identification

process to find, list and characterize elements of risk (3.1.1)

NOTE 1 Elements can include source or hazard, event, consequence and probability.

NOTE 2 Risk identification can also reflect the concerns of stakeholders.

3.3.4

source identification

process to find, list and characterize sources (3.1.5)

NOTE In the context of safety, source identification is called hazard identification.

3.3.5

risk estimation

process used to assign values to the probability (3.1.3) and consequences (3.1.2) of a risk (3.1.1)

NOTE Risk estimation can consider cost, benefits, the concerns of stakeholders, and other variables, as
appropriate for risk evaluation.
3.3.6

risk evaluation

process of comparing the estimated risk (3.1.1) against given risk criteria (3.1.6) to determine the
significance of the risk

NOTE 1 Risk evaluation may be used to assist in the decision to accept or to treat a risk.

3.4 Terms related to risk treatment and control

3.4.1

risk treatment

process of selection and implementation of measures to modify risk (3.1.1)

NOTE 1 The term risk treatment is sometimes used for the measures themselves.

NOTE 2 Risk treatment measures can include avoiding, optimizing, transferring or retaining risk.

3.4.2

risk control

actions implementing risk management (3.1.7) decisions

NOTE Risk control may involve monitoring, reevaluation, and compliance with decisions.

3.4.3

risk optimization

process, related to a risk (3.1.1), to minimize the negative and to maximize the positive
consequences (3.1.2) and their respective probabilities (3.1.3)

NOTE 1 In the context of safety, risk optimization is focused on reducing the risk.

NOTE 2 Risk optimization depends upon risk criteria, including costs and legal requirements.
NOTE 3 Risks associated with risk control can be considered.

3.4.4

risk reduction

actions taken to lessen the probability (3.1.3), negative consequences (3.1.2), or both, associated
with a risk (3.1.1)

3.4.5

mitigation

limitation of any negative consequence (3.1.2) of a particular event (3.1.4)

3.4.6

risk avoidance

decision not to become involved in, or action to withdraw from, a risk situation

NOTE The decision may be taken based on the result

3.4.7

risk transfer

sharing with another party the burden of loss or benefit of gain, for a risk (3.1.1)

NOTE 1 Legal or statutory requirements can limit, prohibit, or mandate the transfer of certain risk.

NOTE 2 Risk transfer can be carried out through insurance or other agreements.

NOTE 3 Risk transfer can create new risks or modify existing risk.

NOTE 4 Relocation of the source is not risk transfer.

3.4.8

risk financing

provision of funds to meet the cost of implementing risk treatment (3.4.1) and related costs

NOTE In some industries, risk financing refers to funding only the financial consequences related to the risk.
3.4.9

risk retention

acceptance of the burden of loss, or benefit of gain, from a particular risk (3.1.1)

NOTE 1 Risk retention includes the acceptance of risks that have not been identified.

NOTE 2 Risk retention does not include treatments involving insurance, or transfer by other means.

NOTE 3 There can be variability in the degree of acceptance and dependence on risk criteria.

3.4.10

risk acceptance

decision to accept a risk (3.1.1)

NOTE 1 The verb “to accept” is chosen to convey the idea that acceptance has its basic dictionary meaning.

NOTE 2 Risk acceptance depends on risk criteria.

3.4.11

residual risk

risk (3.1.1) remaining after risk treatment (3.4.1)

--------------------------------------------

Figure 1 — Relationship between terms, based on their definitions regarding “Risk”

Risk (3.1.1)

Probability (3.1.3)

Event (3.1.4)

Consequence (3.1.2)
Figure 2 — Relationship between terms, based on their definitions regarding “Risk
Management”

Risk management ( 3.1.7)

Risk assessment (3.3.1)

Risk analysis (3.3.2)

Source identification (3.3.4)

Risk estimation (3.3.5)

Risk evaluation (3.3.6)

Risk treatment (3.4.1)

Risk avoidance (3.4.6)

Risk optimization (3.4.3)

Risk transfer (3.4.7)

Risk retention (3.4.9)

Risk communication (3.2.4)

Risk acceptance (3.4.10)

Figure 3 — Relationship between terms, based on their definitions regarding “Stakeholder”

Stakeholder (3.2.1)

Interested party (3.2.2)

Key for Figures 1, 2 & 3

 A

The terms B and C are used in the definition of the term A or the notes to definition A.
 Annex A

Terms and definitions Applied to safety-related risk management.

A.1. safety. freedom from unacceptable risk

A.2. risk. combination of the probability of occurrence of harm and the severity of that harm

A.3. harm. physical injury or damage to the health of people, or damage to property or the
environment

A.4. harmful event. occurrence in which a hazardous situation results in harm

A.5. hazard. potential source of harm. NOTE The term hazard can be qualified in order to define its origin or
the nature of the expected harm (e.g. electric shock hazard, crushing hazard, cutting hazard, toxic hazard,
fire hazard, drowning hazard).

A.6. hazardous situation. circumstance in which people, property or the environment are exposed to
one or more hazards

A.7. tolerable risk. risk which is accepted in a given context based on the current values of society

A.8. protective measure. means used to reduce risk. NOTE Protective measures include risk reduction by
inherently safe design, protective devices, and personal protective equipment, information for use and
installation, and training.

A.9. residual risk. risks remaining after protective measures have been taken

A.10. risk analysis. systematic use of available information to identify hazards and to estimate the
risk
A.11. risk evaluation. procedure based on the risk analysis to determine whether the tolerable risk
has been achieved

A.12. risk assessment. overall process comprising a risk analysis and a risk evaluation

A.13. intended use. use of a product, process, or service in accordance with information provided by
the supplier

A.14. reasonably foreseeable misuse. use of a product, process, or service in a way not intended
by the supplier, but this way may result from readily predictable human behavior.

---------------------------

Bibliography

International standards

[1] ISO 704:2000, Terminology work — Principles and methods.

[2] ISO 860:1996, Terminology work —Harmonization of concepts and terms.

[3] ISO 3534-1:1993, Statistics — Vocabulary and symbols — Part 1: Probability and general

statistical terms.

[4] ISO 9000:2000, Quality management systems — Fundamentals and vocabulary.

[5] ISO 10241:1992, International terminology standards — Preparation and layout.

[6] IEC 60050 (191):1990, International Electrotechnical Vocabulary — Chapter 191: Dependability
and quality of service.

ISO/IEC Guides

[7] ISO/IEC Guide 2:1996, Standardization and related activities — General vocabulary.

[8] ISO/IEC Guide 51:1999, Safety aspects — Guidelines for their inclusion in standards.

----------------------
References

References

Risk General

1. HSE (1997), Successful Health and Safety Management, HS(G)65, 2nd

Edition, HSE Books Harms- Glendon AI & McKenna EF (1995), Human
Safety and Risk Management, Chapman & Hall.
2. Bird FE & Germain GL (1985), Practical Loss Control Leadership,
International Loss Control Institute, Institute Publishing, Loganville,
Georgia.
3. Harms-Ringdahl, L. (1993), Safety Analysis – Principals & Practices in
Occupational Safety, Elsevier
4. Hoyos, C.G & Zimolong, B (1988), Occupational Safety & Accident
Prevention, Elsevier
5. HSE (1997), The Cost of Accidents at Work, HS(G)96, 2nd Edition, HSE
Books.
6. Ringdahl, L. (1993), Safety Analysis – Principals & Practices in
Occupational Safety, Elsevier
7. Hoyos, C.G & Zimolong, B (1988), Occupational Safety & Accident
Prevention, Elsevier
8. HSE (1999) The Costs to Britain of Workplace Accidents and Work Related
Ill Health in 1995/96, HSE Books.
9. Baker G (2000) Hard Targets, Paper presented to the Quarries National Joint
Advisory Committee, March.
10. Scott A (1995), Killing Off Errors, Mine & Quarry, May.
11. ASCNI Human Factors Study Group (1993): 3rd Report- Organising for
Safety, HSE Books.
12. Ridley J, Channing J (ed) (1999) Safety At Work, 5th Edition, Butterworth
Heinemann
13. HSE (1992), Dangerous Maintenance: A Study of Maintenance accidents
and how to prevent them, HMSO.
14. HSE (1997), Successful Health & Safety Management, HS(g) 65, HSE
Books.
Accident theory

15. Heinrich HW, Peterson D & Roos N (1980), Industrial Accident Prevention,
5th Edition, Mcgraw Hill, New York
16. Bird FE & Germain GL (1986), Practical Loss Control Leadership,
International Loss Control Institute, Loganville, Georgia.
17. Peterson D (1978), Techniques of Safety Management, 2nd Edition,
Mcgraw Hill
18. Rimmington J (1993), Does Health and Safety Pay? Safety Management,
September, p39-62
19. HSE (1999), Reducing Error and Influencing Behaviour, HS(G)48, HSE
Books
20. HSC (1993) Organising for Safety, 3rd Report of the Human Factors Study
Group of the Advisory Committee on the Safety of Nuclear Installations,
HSE Books.
21. Department of Transport (1988), Investigation into the Kings Cross
Underground Fire, London:HMSO
22. Department of Transport (1987) The Herald of Free Enterprise Formal
Report, London:HMSO
23. Department of Transport (1988) Investigation into the Clapham Junction
Railway Accident, London:HMSO
24. Department of Energy (1990) The Public Inquiry into the Piper Alpha
Disaster, (2 vol), London:HMSO

Human Factors

25. Reason J (1990) Human Error, Cambridge University Press

26. HSE (1999), Reducing Error and Influencing Behaviour, HS(G)48, HSE
Books
27. HSE (1997) Successful Health and Safety Management, HSG65, HSE
Books.
28. Dairymple at al (1998), Occupational Health & Safety Management
Systems: Review and Analysis of International, national and regional
systems and proposals for a new international document, Report prepared by
International Occupational Hygiene Association for the International Labour
Office
29. BSI (1996): BS8800: Guide to Occupational Health and Safety Management
Systems.
 30. BSI (1999): OHSAS 18001: Occupational Health and Safety Management
Systems – Specification.

Risk Assessment and Risk Management

31. From Cox S.J. & Tait R.S. (1991) Reliability, Safety and Risk Management.
Butterworth Heinemann
32. HSE (1997), Successful Health & Safety Management, HS(G)65, HSE
Books.
33. Bamber L (1999), Principals of the Management of Risk, in Ridley J &
Channing J (ed) Safety at Work,5th Edition, Butterworth Heinmann
34. HSE (1988) The Tolerability of Risk from Nuclear Power Stations, HMSO.
35. IChemE (1992) Nomonclature on Risk Assessment in the Process
Industries, IChemE, Rugby, UK
36. Nussey C (1995) Accidents Happen – How they can be avioded and the
risks assessed. In proceedings of the IBC Conference on Preventing &
Managing Emergencies, London: IBC Technical Services Ltd.
37. Harms Ringdahl L (1995), Safety Analysis: Principals and Practice in
Occupational Safety, Elsevier Applied Science.
38. Cole RJ (1996) HSE Strategy for Improved Health in the Mining Industry.
In proceedings of the IMM Conference on Health & Safety in Mining &
Metallurgy. London: Institute of Mining & Metallurgy.
39. Bailey SR (1995), The Management of Occupational Hygiene, Occupational
Health & Safety Training Unit, University of Portsmouth
40. Glendon AI & McKenna EF (1995), Human Safety & Risk Management,
Chapman & Hall, UK
41. Peterson D. (1978) Techniques of Safety Management, 2nd Edition,
McGraw Hill, New York
42. Ferry T. (1988) Modern Accident Investigation and Analysis, John Wiley &
Sons, Canada.
43. HSE (1997), Managing Contractors – A Guide for Employers, HSE Books.
44. Crawshaw A (2000) Contractors Safety Passport Scheme, in Proceedings of
the Quarry 2000 Millennium Conference, Bristol, October. Institute of
Quarrying, UK.
45. Yasser El Shayeb: Risk Analysis in Mining: an Economical Aspect of
Network Simulation, M.Sc. Thesis, Faculty of Engineering, Cairo U., 1996
 Alphabetical index

consequence 3.1.2

event 3.1.4

interested party 3.2.2

mitigation 3.4.5

probability 3.1.3

residual risk 3.4.11

risk 3.1.1

risk acceptance 3.4.10

risk analysis 3.3.2

risk assessment 3.3.1

risk avoidance 3.4.6

risk communication 3.2.4

risk control 3.4.2

risk criteria 3.1.6

risk estimation 3.3.5

risk evaluation 3.3.6

risk financing 3.4.8

risk identification 3.3.3

risk management 3.1.7

risk management system 3.1.8

risk optimization 3.4.3

risk perception 3.2.3

risk reduction 3.4.4

risk retention 3.4.9

risk transfer 3.4.7

risk treatment 3.4.1

source 3.1.5

source identification 3.3.4

stakeholder 3.2.1

117