Marvin Rausand - Risk Assessment

In what format should the results be presented? Only in a technical report or also in other formats (summary report, presentation, brochure)?

What level of detail should be used when presenting the results? This ties in with the decision and also the users.

Are there several stakeholders with different backgrounds that require different types of information?

Most important always is to keep the decision in mind and ask ourselves whether what we are planning to present will help the decision‐maker to make the best decision with regard to risk.

The decision alternatives and the decision criteria determine the scope and objectives of the study. The objectives can often be derived directly from the decisions that the analysis is supporting and this in turn also determines the scope of the study. The objective may be to

verify that the risk is acceptable,

choose between two alternative designs,

identify potential improvements in an existing design,

a combination of these,

…and several more.

When the objectives are defined, the scope may be set up. The scope describes the work to be done and specific tasks that need to be performed. At this stage, it is possible to specify more clearly what resources and competences are required to perform the risk assessment.

The risk assessment is usually carried out by a study team that is led by a team leader. The team members should together meet the following requirements:

Have competence relevant to the study object. Including team members from sectors with similar problems may also be useful.

Have necessary knowledge of the study object, how it is operated, and how safety is managed and maintained.

Have competence in risk assessment in general and risk analysis methods in particular.

Come from different levels of the organization. The purpose of this is to better reflect the priorities, attitudes, and knowledge of different organizational levels in the analysis.

The last item may seem unnecessary because as long as the analysis is done in an objective manner, based on the available information, should we not arrive at the same results regardless of who is involved? This is an important issue for any risk assessment and should always be kept in mind. A risk analysis predicts what may happen in the future. Because we are never able to know exactly what will happen, the analysis is always based both on facts and judgments. Different people may judge the situation differently and may thus arrive at different conclusions. A risk analysis should therefore never be seen as a completely objective study, but a reflection of the available data and the knowledge of the participants in the study, including their values, attitudes, and priorities.

The number of persons taking part in the study may vary depending on the scope of the risk assessment and how complicated the study object is. In some cases, it may be relevant to contract a consulting company to carry out the risk assessment. If the risk assessment is done by external consultants, it is important that in‐house personnel carefully follow the assessment process to ensure that the company accepts ownership of the results. The competence and experience of each member of the study team should be documented, along with their respective roles in the team. In cases where external stakeholders are exposed to risk, it should be considered if, and to what degree, these should be involved in the risk assessment.

For the results from the risk assessment to be used as the basis for a decision, it is of paramount importance that the assessment process be planned such that the results are available in a timely manner. The study team should, in cooperation with the decision‐makers decide on a time schedule and estimate the resources that are required to do the risk assessment. The extent of the assessment depends on how complicated the study object is, the risk level, the competence of the study team, how important the decision is, the time available for the study, access to data, and so on. The level of detail in the study should be agreed upon as part of the planning.

Most study objects have to comply with a number of laws and regulations. Many of these give requirements related to health and safety, and some of them require that risk assessments be performed. It is important that the study team is familiar with these laws and regulations, such that the requirements are taken into account in the risk assessment.

Risk assessment standards and/or guidelines have been developed for many types of study objects and application areas (see Chapter 20). Internal requirements and guidelines given by the organization that performs the risk assessment may also need to be adhered to. The study team must be familiar with these standards and guidelines.

The number of documents required to support a risk assessment may be substantial. A document control system should therefore be established to manage the various documents and other information sources. This system must control the updating, revision, issue, or removal of reports in accordance with the quality assurance program to ensure that the information remains up to date.

The structure of step 2 is shown in Figure 3.5.

Figure 3.5Step 2: Define the study.

The study object must be defined precisely. When the risk assessment is initiated at an early stage of a system development project, we have to suffice with a preliminary system definition and delimitation on a high level, leaving a more detailed description to a later stage. Aspects of the study object that need to be considered include the following:

The boundaries and interfaces with related systems, both physical and functional.

Interactions and constraints with respect to factors outside the boundary of the study object.

Technical, human, and organizational aspects that are relevant.

The environmental conditions.

The energy, materials, and information flowing across boundaries (input to and output from the study object).

The functions that are performed by the study object.

The operating conditions to be covered by the risk assessment and any relevant limitations.

In many risk assessments, it is difficult to delimit the study object and to decide which assumptions and conditions that apply. What should be covered in the risk assessment, and what can be disregarded? In the first steps of a risk assessment, the objective should be to establish a picture of the most important risk issues related to the study object. Later on, the risk assessment may be extended to cover specific parts of the study object under special conditions.

In most cases, the study object must be divided into reasonable parts for analysis. Depending on how complicated the study object is, these parts may be subsystems, assemblies, subassemblies, and components. A numerical coding system corresponding to the system breakdown should be established, such that each part is given a unique number. In the offshore oil and gas industry, this system is usually called the tag number system .

Several methods are available for system breakdown. It is most common to use some sort of hierarchical structure. In some cases, it is most relevant to focus on functions or processes, whereas in others, the focus is on the physical elements of the system. System breakdown methods are discussed further in Chapter 11and onwards when different methods are discussed. The study object is studied further in Chapter 4.