Understanding Risk Assessment

When people dis­cuss ‘Risk’ there are a lot of dif­fer­ent assump­tions made about what that means. For me, the study of risk and risk assess­ment tech­niques star­ted in 1995. As a tech­no­lo­gist and con­trols design­er, I had to some­how wrap my head around the whole concept in ways I’d nev­er con­sidered. If you’re try­ing to fig­ure out risk and risk assess­ment this is a good place to get star­ted!

What is risk?

From a machinery per­spect­ive, ISO 12100:2010 defines risk as:

com­bin­a­tion of the prob­ab­il­ity of occur­rence of harm and the sever­ity of that harm”

Risk can have pos­it­ive or neg­at­ive out­comes, but when con­sid­er­ing safety, we only con­sider neg­at­ive risk, or events that res­ult in neg­at­ive health effects for the people exposed.

The risk rela­tion­ship is illus­trated in ISO 12100:2010 Figure 3:


ISO 12100-2010 Figure 3
ISO 12100 – 2010 Figure 3


Where

R = Risk

S = Severity of Harm

P = Probability of Occurrence of Harm

The Probability of Occurrence of Harm factor is often fur­ther broken down into three sub-​factors:

  • Probability of Exposure to the haz­ard
  • Probability of Occurrence of the Hazardous Event
  • Probability of Limiting or Avoiding the Harm

How is risk measured?

In order to estim­ate risk a scor­ing tool is needed. There is no one ‘cor­rect’ scor­ing tool, and there are flaws in most scales that can res­ult in blind-​spots where risks may be over or under-​estimated.

At the simplest level are ‘screen­ing’ tools. These tools use very simple scales like ‘High, Medium, Low’, or ‘A, B, C’. These tools are often used when doing a shop-​floor inspec­tion and are inten­ded to provide a quick meth­od of cap­tur­ing obser­va­tions and giv­ing a gut-​feel assess­ment of the risk involved. These tools should be used as a way to identi­fy risks that need addi­tion­al, detailed assess­ment. To get an idea of what a good screen­ing tool can look like, have a look at the SOBANE Déparis sys­tem.

Every scor­ing tool requires a scale for each risk para­met­er included in the tool. For instance, con­sider the CSA tool described in CSA Z434:

CSA Z434-03 Table 1As you can see, each para­met­er (Severity, Exposure and Avoidance) has a scale, with two pos­sible selec­tions for each para­met­er.

When con­sid­er­ing selec­tion of a scor­ing tool, it’s import­ant to take some time to really exam­ine the scales for each factor. The scale shown above has a glar­ing hole in one scale. See if you can spot it and I’ll tell you what I think a bit later in this post.

There are more than 350 dif­fer­ent scales and meth­od­o­lo­gies avail­able for assess­ing risk. You can find a good review of some of them in Bruce Main’s text­book “Risk Assessment: Basics and Benchmarks” avail­able from DSE online.

A sim­il­ar, although dif­fer­ent, tool is found in Annex 1 of ISO 13849 – 1. Note that this tool is provided in an Informative Annex. This means that it is not part of the body of the stand­ard and is NOT man­dat­ory. In fact, this tool was provided as an example of how a user could link the out­put of a risk assess­ment tool to the Performance Levels described in the norm­at­ive text (the man­dat­ory part) of the stand­ard.

Consider cre­at­ing your own scales. There is noth­ing wrong with determ­in­ing what char­ac­ter­ist­ics (para­met­ers) you want to include in your risk assess­ment, and then assign­ing each para­met­er a numer­ic scale that you think is suit­able; 1 – 10, 0 – 5, etc. Some scales may be inver­ted to oth­ers, for example: If the Severity scale runs from 0 – 10, the Avoidability scale might run from 10 – 0 (Unavoidable to Entirely Avoidable).

Once the scales in your tool have been defined, doc­u­ment the defin­i­tions as part of your assess­ment.

Who should conduct risk assessments?

Lake YogaIn many organ­iz­a­tions, I find that risk assess­ment has been del­eg­ated to one per­son. This is a major mis­take for a num­ber of reas­ons. Risk assess­ment is not a solo activ­ity for a ‘guru’ in a lonely office some­where!

Risk assess­ment is not a lot of fun to do, and since risk assess­ments can get to be quite involved, it rep­res­ents a sig­ni­fic­ant amount of work to put on one per­son. Also, leav­ing it to one per­son means that the assess­ment will neces­sar­ily be biased to what that per­son knows, and may miss sig­ni­fic­ant haz­ards because the assessor doesn’t know enough about that haz­ard to spot it and assess it prop­erly.

Risk assess­ment requires mul­tiple view­points from par­ti­cipants with var­ied expert­ise. This includes users, design­ers, engin­eers, law­yers and those who may have spe­cial­ized know­ledge of a par­tic­u­lar haz­ard, like a Laser Safety Officer or a Radiation Safety Officer. The var­ied expert­ise of the people involved will allow the com­mit­tee to bal­ance the opin­ion of each haz­ard, and devel­op a more reasoned assess­ment of the risk.

I recom­mend that risk assess­ment com­mit­tees nev­er be less than three mem­bers. Five is fre­quently a good num­ber. Once you get bey­ond five, it becomes increas­ingly dif­fi­cult to obtain con­sensus on each haz­ard. Also, con­sider the cost. As each com­mit­tee mem­ber is added to the team, the cost of the assess­ment can escal­ate expo­nen­tially.

Training in risk assess­ment is cru­cial to suc­cess. Ensure that the indi­vidu­als involved are trained, and that at least one has some pre­vi­ous exper­i­ence in the prac­tice so that they may guide the com­mit­tee as needed.

When should a risk assessment be conducted?


Risk Assessment Lifetime Flow Chart
Risk Assessment in the Lifetime of a Product


Risk assess­ment should begin at the begin­ning of a pro­ject, wheth­er it’s the design of a product, the devel­op­ment of a pro­cess or ser­vice, or the design of a new build­ing. Understanding risk is crit­ic­al to the design pro­cess. Cost for changes made at the begin­ning of a pro­ject are min­im­al com­pared to those that will be incurred to cor­rect prob­lems that might have been fore­seen at the start. Risk assess­ment should start at the concept stage and be included at each sub­sequent stage in the devel­op­ment pro­cess. The accom­pa­ny­ing graph­ic illus­trates this idea.

Essentially, risk assess­ment is nev­er fin­ished until the product, pro­cess or ser­vice ceases to exist.

What tools are available?

As men­tioned earli­er in this post, the book ‘Risk Assessment: Basics and Benchmarks” provides an over­view of roughly 350 dif­fer­ent scor­ing tools. You can search the Internet and turn up quite a few as well. The key thing with all of these sys­tems is that you will need to devel­op any soft­ware based tools your­self. Depending on your com­fort with soft­ware, this might be a spread­sheet format, a word pro­cessing doc­u­ment a data­base, or some oth­er format that works for your applic­a­tion.

There are a num­ber of risk assess­ment soft­ware tools avail­able as well, includ­ing ISI’s CIRSMA and DSE’s DesignSafe. As with the scor­ing tools, you need to be care­ful when eval­u­at­ing tools. Some have sig­ni­fic­ant blind spots that may trip you up if you are not aware of their lim­it­a­tions.

Remember too that the out­put from the soft­ware can only be as good as the input data. The old saw “Garbage In, Garbage Out” holds true with risk assess­ment.

Where can you get training?

There are a few places to get train­ing. Compliance InSight Consulting provides train­ing to cor­por­ate cli­ents and will be launch­ing a series of web-​based train­ing ser­vices in 2011 that will allow indi­vidu­al learners to get train­ing too.

The IEEE PSES oper­ates a Risk Assessment Technical Committee that is open to the pub­lic as well. See the RATC web site.

The Answer to the Scale Question

The Exposure Scale in the CSA tool has a gap between E1 and E2. Looking at the defin­i­tions for each choice, notice that E1 is less than once per day or shift, while E2 is more than once per hour. Exposures that occur once per hour or less, but more than once per day can­not be scored effect­ively using this scale.

Also, notice the Severity scale: S1 encom­passes injur­ies requir­ing not more than basic first aid. One com­mon ques­tion I get is “Does that include CPR*?”. This ques­tion comes up because most basic first aid courses taught in Canada include CPR as part of the course. There is no clear answer for this in the stand­ard. The S2 factor extends from injur­ies requir­ing more than basic first aid, like a broken fin­ger for instance, all the way to a fatal­ity. Does it make sense to group this broad range of injur­ies togeth­er? This defin­i­tion doesn’t quite match with the Province of Ontario’s defin­i­tion of a Critical Injury found in Regulation 834 either.

All of this points to the need to care­fully assess the scales that you choose before you start the pro­cess. Choosing the wrong tool can skew your res­ults in ways that you may not be very happy about.

*Cardio-​Pulmonary Resuscitation

Author: Doug Nix

+DougNix is Managing Director and Principal Consultant at Compliance InSight Consulting, Inc. (http://www.complianceinsight.ca) in Kitchener, Ontario, and is Lead Author and Managing Editor of the Machinery Safety 101 blog.

Doug's work includes teaching machinery risk assessment techniques privately and through Conestoga College Institute of Technology and Advanced Learning in Kitchener, Ontario, as well as providing technical services and training programs to clients related to risk assessment, industrial machinery safety, safety-related control system integration and reliability, laser safety and regulatory conformity.

Follow me on Academia.edu//a.academia-assets.com/javascripts/social.js

  • Pingback: Emergency Stop – What’s so confusing about that? | Machinery Safety 101()

  • Hi Doug,
    Very good art­icle on a sub­ject that is as far reach­ing as it is broad. It is also one that for a com­pany ini­tailly start­ing out on this task is very daunt­ing. Not only where does one start, but then where does one end. All of the stand­ards men­tioned help in this pro­cess, but at the end the answers tend to be sub­ject­ive in nature and are based on the know­ledge of the per­son or induvidu­als involved in the asse­ment itself.
    At the machinery man­u­fac­tur­ing com­pany I worked for as the Corporate Product Safety Manager for 25 years, I had the lead Mechanical Engineer, lead Electrical Engineer, the lead Hydraulic/​Pneumatic Engineer and the lead Technical Writer involved with the risk assess­ments for each par­tic­u­lar job from the begin­ning. As each machine pro­gressed from the design phase to the assembly and test­ing phases, Service Technicians and Operators were also involved as now, what was designed and man­u­fac­tured, was actu­ally put to test. Machinery man­u­fac­tur­ers are not neces­sar­ily “Process people” and most times the machines, once in the field, are changed and oper­ated in dif­fer­ent fash­ions than what was ori­gin­ally designed or inten­ded. This in itself makes the risk assess­ment pro­cess more daunt­ing as one looks into the fore­see­ab­il­ity of some­thing adverse hap­pen­ing. There are simply times where an incid­ent “unfore­seen” to the man­u­fac­turer hap­pens. At that point it is time to ree­valu­ate your risk assess­ment for that par­tic­u­lar machine or at least that seg­ment of your par­tic­u­lar machine. That may point out that your machine is fine from a safety or risk stand­point, but that an oper­a­tion­al or main­ten­ance task needs to be addressed. Again, my feel­ing is that with most aspects of risk assess­ments being “sub­ject­ive” in nature’ it behooves the per­son­nel doing the assess­ments to be well trained and versed on the machines them­selves and the tasks required to oper­ate and main­tain them. And as with any­thing else, once you have a few risk assess­ments “under your belt” they become easi­er to do. I also agree with some of the com­ments you have received already and your responses to them. I can guar­an­tee you that to some people break­ing a fin­ger or los­ing a fin­ger­nail may not be very sig­ni­fic­ant, where­as to someone else it may be cata­stroph­ic. “Subjectivity” lures its ugly head again.

    • Mike, thanks for the kind words!

      You are abso­lutely right about how daunt­ing get­ting star­ted can be. I know that’s how I felt when I first heard about risk assess­ment. There are so many more resources avail­able now than there were when I got star­ted in the mid-90’s. 🙂

      I think that the key is in defin­ing the inten­ded use and the fore­see­able mis­uses of the product. This allows the man­u­fac­turer to deal with what they know, and pre­vents them from hav­ing to try to ‘blue sky’ every pos­sible crazy thing that someone might try to do. I think that products in the indus­tri­al mar­ket­place are much more sub­ject to unanti­cip­ated modi­fic­a­tions and mis­uses than in the con­sumer mar­ket. This is because most plants have people on staff that can make changes, some­times major changes, to machines in the work­place. These modi­fic­a­tions often hap­pen with a min­im­um of plan­ning, and some­times ‘on-​the-​fly’, bypassing the risk assess­ment and safety man­age­ment pro­cesses alto­geth­er. In the con­sumer mar­ket­place people some­times do odd things with products, but rarely do they make the major changes that you see in industry. The oth­er big issue is that machinery is often kept in ser­vice for long peri­ods of time. 20 – 30 years is not unheard of for heavy machinery. A few years ago I had a cli­ent ask me to do a safety review on an 1100 ton power press that was built in 1932 and was still in ser­vice in 2005! In the con­sumer mar­ket, few products last bey­ond 15 years, so hav­ing very old products still in ser­vice is much less likely to occur.

      Risk assess­ment is inher­ently sub­ject­ive. Even when there is hard data avail­able, the final decisions are usu­ally made with a degree of sub­jectiv­ity. A judge­ment must be made, and judge­ments are sub­ject­ive. The big chal­lenge is that most of the time we have no hard data. Understanding the level of uncer­tainty in each assess­ment is import­ant and dif­fi­cult. The less hard data we have, the great­er the uncer­tainty. Consequently, the out­come of much of the risk assess­ment work that is done is uncer­tain. When unfore­seen things go wrong, it’s really easy to point a fin­ger at the risk assess­ment team and assume that they weren’t com­pet­ent because they didn’t fore­see whatever it was. Some incid­ents can­not be eas­ily fore­seen because they are only pos­sible is cer­tain, very rare cir­cum­stances, but they will still occur.

      Risk assess­ment gives us a chance to head off the fore­see­able, and even some of the less-​easily-​foreseen injur­ies and incid­ents. That alone makes it worth­while.

  • Frank Schrever

    Great sum­mary Doug, spe­cially the point about hav­ing a num­ber of affected parties involved to min­im­ise indi­vidu­al bias. I am always harp­ing on this top­ic in my train­ing courses. Most people are con­fused about risk assess­ment, any won­der! Another key point we have to get across i think, is that risk assess­ment is not just risk estim­a­tion, but also requires determ­in­ing wheth­er the risk has been con­trolled so far as is prac­tic­able or if oth­er con­trol meas­ures are required. This implies that the risk assessor knows what is pos­sible to min­im­ise risk (by design, not by human beha­viour) We are run­ning a series of half day work­shops on risk assess­ment around Oz this year with the IICA (our equi­val­ent of the US ISA)and i will ref­er­ence your mater­i­al if that is OK Doug, cheers Frank

    • Thanks Frank! I’d be pleased to have you ref­er­ence my mater­i­al! Drop me an email off­line, or call me when it’s con­veni­ent!

  • Roberta Nelson Shea

    The met­ric shown from CSA Z434 is one that offers the greatest sim­pli­city as it is essen­tially “yes, no”, without offer­ing shades of gray. The issue of first aid was cla­ri­fied in ANSI RIA R15.06 to mean that the dis­tinc­tion is based on what our OSHA clas­si­fies as being first aid versus a report­able. This was done, again, for the pur­pose of clar­ity and ease. CSA Z434 is based on ANSI RIA R15.06, hence the sim­il­ar­ity.

    Once people become more famil­i­ar with risk assess­ment, they feel com­fort­able using mod­els with shades of gray. One can use any met­ric, so long as at the end, the stand­ard and leg­al require­ments are ful­filled. The grand-​daddy of risk assess­ment is a MIL stand­ard, which is still used today. It uses a scale of 4 for sever­ity and a scale of 5 for prob­ab­il­ity (expos­ure and abil­ity to avoid com­bined), to come to risk scores which are then equated with actions required and man­age­ment author­ity require­ments. For sever­ity, the “injury” poten­tial lis­ted (4 grades) as well as prop­erty dam­age poten­tial, envir­on­ment­al dam­age, and repu­ta­tion dam­age. So that it is under­stood that there are mul­tiple reas­ons for risk to an employ­er: employ­ee injury, dam­ages costs, envir­on­ment­al dam­age, and repu­ta­tion dam­age. Any one of these trig­gers a cer­tain reac­tion depend­ing on the prob­ab­il­ity. There are a num­ber of very good books on the top­ic of risk assess­ment.

    Both the ANSI RIA R15.06 and CSA Z434 risk assess­ment mod­els are being updated to cor­rel­ate with ISO 13849 – 1.

    Roberta

    • Thanks for your com­ments, Roberta! It’s always good to hear your thoughts, par­tic­u­larly with your deep involve­ment with the RIA 15.06 stand­ard.

      While I can appre­ci­ate the idea that the scales were developed for sim­pli­city of use, the gap in the Exposure scale is one that many of my cli­ents have found to be a prob­lem. Hazards with expos­ure fre­quen­cies fall­ing in between the two factors in the scale can be very dif­fi­cult to score, and the gap in the scale tends to add more uncer­tainty scor­ing, lead­ing to a pos­sible loss of cred­ib­il­ity for the out­put of the tool. I believe that we need to elim­in­ate these gaps to make the tool use­ful, and to make the applic­a­tion of the tool more straight­for­ward for the novice.

      Regarding the inclu­sion of CPR in the sever­ity assess­ment, while RIA may have been able to cla­ri­fy the require­ment in the US based on OSHA’s defin­i­tion of what con­sti­tutes an report­able injury, this is not the case in Canada. Ontario’s defin­i­tion of a Critical Injury is dif­fer­ent than many of the oth­er Provinces and Territories, and none of these deal spe­cific­ally with inclu­sion of CPR. In Ontario, a loss of con­scious­ness will res­ult in the acci­dent being report­able (fol­low the link in the post to Regulation 834), but this could occur with or without the person’s heart or breath­ing stop­ping. This would tend to show that cases that require CPR are NOT included in ‘Basic First Aid’ type injur­ies. Also, the loss of a single fin­ger or toe is NOT REPORTABLE in Ontario (!!) while it is in oth­er jur­is­dic­tions. That might indic­ate that this type of injury should be con­sidered to be a ‘Basic First Aid’ type of sever­ity!! I don’t know about you, but I f I lose a fin­ger or a toe at work you can bet that I’ll be head­ing to the ER, and that will make the injury report­able in any case. 

      I think the ques­tion of wheth­er an injury is report­able or not is primar­ily a bur­eau­crat­ic one, while the issues of how to clas­si­fy the sever­ity of injury are not. I believe that the two need to be kept sep­ar­ate and apart. While I would like it to be as clear cut as what you indic­ate it is in the USA, that is not the case here.

      Thanks again for your com­ments! I really appre­ci­ate hear­ing from my read­ers!

  • Pingback: Sicurezzaonline()

  • Pingback: Peter Merguerian()

  • Pingback: Sicurezzaonline()