Risk Assessment

Previous

Up

Next

  Download Adobe Acrobat file.

Introduction to risk assessment

Risk assessment is a process of logically assessing the risks involved in a process to determine the actions necessary to reduce or control the risks.

The process of risk assessment is carried out in many areas of industry such as:

Risk assessment can be carried out in a variety of ways but the method to be discussed here is based on the methods developed for FMEA or Failure Modes Effects Analysis. This is a rigorous technique developed for use in the automotive industry to assess both the design and development risks and the process risks. In the automotive industry the type of FMEA used has been strictly differentiated between Design and Process and the two tools are referred to as Design FMEA and Process FMEA. Despite this the basic technique is very similar and the fundamentals remain the same. The FMEA method is well documented for Design and Process and it is not intended to repeat this information. This document concentrates on the use of FMEA in Health and Safety (for HASAWA Risk Assessments) and in Environmental Management (for ISO 14000 and similar compliance).

The FMEA is a proven methodology for the reduction of risk in many areas and is widely used throughout industry.

Risk assessment through a formal FMEA type of procedure enables:

The Process

Assessing risk using the FMEA method involves assessing three or more factors (for most applications the number of factors assessed is 3 but for environmental assessment it is more usual to assess 4 factors). The number of factors assessed is discussed in more detail in the examples for each application.

The individual assessment of each factor is then combined to provide an overall assessment of the risk or Risk Priority Number (RPN) to allow targeted actions and risk reduction.

Assessment of individual areas.

For a typical assessment the three factors to be assessed are:

Severity: What is the severity of the effect? A failure inevitably creates an effect and the severity of the effect is judged on a scale of 1 to 10. A rating of 1 indicates a low severity of effect should a failure occur and a rating of 10 indicates a very high severity of effect should a failure occur.

Probability: What is the probability of the failure occurring? A failure can be likely to unlikely and the probability of failure occurring is judged on a scale of 1 to 10. A rating of 1 indicates a low probability that a failure will occur and a rating of 10 indicates a very high probability that a failure will occur.

Detection: What is the likelihood that a failure will be detected before it becomes critical? A potential failure may be easily detected and avoided or very difficult to detect and avoid. A rating of 1 indicates a high probability of detection and avoidance before failure and a rating of 10 indicates a very low probability of detection and avoidance before failure.

Each factor is assessed individually to allow a considered judgement on the basis of the individual factors. The separation of the severity, probability and detection factors makes assessment of the overall risk easier and less judgemental than attempting to assign a single risk number. Another advantage is that the separation also provides an insight into areas that require improvement and preventative measures.

When assessing significance:

Creating the RPN

The overall Risk Priority Number (RPN) is simply the product of the ratings for the factors:

RPN = Severity Factor x Probability Factor x Detection Factor

This gives a simple and single number to assess the overall risk associated with the design feature, process event, activity or environmental aspect.

Example:

Assume that a designer is producing a design FMEA for a braking system in a car. The process (for this single factor) would be as follows:

Severity Factor: Assessed as a value of 10, i.e. Brake failure is a severe effect and the severity would be high.

Probability Factor: Assessed as a value of 3, i.e. Brake failure is not likely to occur given the robust design of the braking system.

Detection Factor: Assessed as a value of 3, i.e. Braking system has detectors to indicate possible failure and wear.

The overall RPN for this factor would then be:

RPN = 10 x 3 x 3 = 90

Note: The absolute RPN is not in itself a meaningful number. It is only meaningful when compared to other RPN numbers to allow assessment of the risk and actions to be taken to reduce the risk.

The individual areas of concern are assessed (preferably by a team or group of people to allow discussion and to prevent personal bias) and RPNs assigned to the various factors.

The RPNs can then be prioritised (highest first) to have corrective action to reduce the RPN. The individual RPN factors provide strong guidance on the actions to take to reduce the RPN.

For the example above an obvious area for action would be the severity factor. Reducing the severity factor would greatly reduce the RPN. Actions to take might include:

Taking these actions could reduce the severity factor to 7 and reduce the overall RPN to 63. This is a considerable reduction in the RPN and would increase the chances of survival in the event of a failure of the brake system.

The essential point about an RPN is not the absolute number generated. It is the RPN of a given factor or feature relative to other factors and features.

Setting the RPN limits

A company or person must act to reduce the most significant risks and the RPN allows an easy method to prioritise the risks. One question that is always asked is ‘What is the threshold for action?’ This assumes that there is some magic RPN number above which action must be taken.

The setting of the RPN limits for action is an entirely judgemental decision. Each assessor will evaluate each factor differently but the end result of the judgement will be a set of RPNs that prioritise the criticality of each risk.

The reality is that the assessor or management sets the RPN threshold for action. The only critical factor is that the assessor or management must be prepared to justify their actions in the setting of the RPN threshold. This is made easier using an RPN than with many other broader judgemental methods. The logic of the RPN makes decisions on thresholds easier to make and justify.

Experience and RPN

Where there is experience of failures, risks or emissions then the actual historical records can be used to build the RPN factors and to justify the values used or set for RPN. When this is the case the standard methods such as Pareto Analysis can be used to identify the critical factors and then to take the relevant corrective or preventive action.

Assessment of the relative factors can be based on:

The amount of previous information available is almost always underestimated and the initial work should always be to survey the existing warranty, claims or experience data to provide a well-reasoned judgement for the allocation of values to the individual factors. The use of historical data improves the decision-making and also makes subsequent justification of the allocated value easier should this be necessary.

Using the factors for improvement

The clarity of the decision-making in assessing the various RPN factors also allows clarity in assessing the benefits of improvements (both theoretical and practical). Any proposed improvement can be assessed in terms of the RPN factors and a quick assessment of the likelihood and magnitude of the improvement made. The RPN spreadsheets provided below for the assessment of risk include sections for the assessment of improvements where these are thought to be necessary.

The living document

A risk assessment is not a static document that is produced and then forgotten. The whole of the FMEA ethos is that the document is a ‘living document’, the initial focus will be on reducing the highest RPN factors in the document but this will simply mean that other (and lower RPN factors) will become top of the list. These ‘top of the list’ factors are then subject to analysis and improvement to lower the overall risk profile. This is part of the reason for avoiding an absolute RPN threshold. The tasks to work on are always those at the top of the list and reducing these will reduce the risk profile of the process or task.

A risk assessment should always be under continuous review but at the very minimum should have a specified review date. Risk assessments should be reviewed with any significant change in circumstances.

Applications

This document is not designed to cover the whole range of risk assessment; there are other far more adequate texts that cover this area. A search of the Internet will provide a range of material covering Design and Process FMEA.

This document is to act as a primer for the use of the FMEA methodology for improved risk assessment in the areas of Health and Safety and Environmental Management risk management.

Each application is only covered briefly with an example spreadsheet for further work. The spreadsheets are not protected and can be freely downloaded and modified as necessary. The examples are for guidance only and carry no guarantee in any form.

Quality improvement

Risk assessment of possible events is an essential in quality management. An assessment of the potential effect of process and design failures is necessary to implement the relevant controls to prevent failures.

ISO 9000: 200 explicitly requires preventive action for quality improvement (Clause 8.5.3) and risk assessment using the RPN method is an excellent method for defining preventive action to meet the requirements of this clause.

The process and design are investigated to assess potential areas where failure will impact on the product quality or safety and each potential risk is assigned a rating after considering the following:

  • Severity (S) - 1 is low severity and 10 is high severity. A typical ranking matrix is shown below:

Severity of event (S)

Ranking

Hazardous without warning

10

Hazardous with warning

9

Very High

8

High

7

Moderate

6

Low

5

Very low

4

Minor

3

Very minor

2

None

1

  • Probability (P) - 1 is low probability and 10 is high probability. A typical ranking matrix is shown below:

Probability of event (P)

Ranking

Very High:  event is almost inevitable

10

 

9

High:  Repeated events

8

 

7

Moderate:  Occasional events

6

 

5

 

4

Low:  Relatively few events

3

 

2

Remote:  Event is unlikely

1

  • Current controls (C) - 1 is high current controls and 10 is low current controls.  A typical ranking matrix is shown below:

Current controls (C)

Ranking

Absolute uncertainty

10

Very remote

9

Remote

8

Very low

7

Low

6

Moderate

5

Moderately high

4

High

3

Very high

2

Almost certain

1

For each risk, the individual factors are rated to produce a composite RPN (S x P x C) and a total risk assessment for the risk.

As with all risk assessments it is necessary to review and revise the risk assessments with the passage of time (‘living document’) to reflect new equipment, processes, substances and procedures.

Health and Safety risk assessment

Risk assessment is a vital tool in Health and Safety and risk assessments must be carried out to comply with HASAWA requirements.

Each potential risk is assigned a rating after considering the following:

Severity of event (S)

Ranking

Hazardous without warning

10

Hazardous with warning

9

Very High

8

High

7

Moderate

6

Low

5

Very low

4

Minor

3

Very minor

2

None

1

Probability of event (P)

Ranking

Very High:  event is almost inevitable

10

 

9

High:  Repeated events

8

 

7

Moderate:  Occasional events

6

 

5

 

4

Low:  Relatively few events

3

 

2

Remote:  Event is unlikely

1

Current controls (C)

Ranking

Absolute uncertainty

10

Very remote

9

Remote

8

Very low

7

Low

6

Moderate

5

Moderately high

4

High

3

Very high

2

Almost certain

1

For each risk, the individual factors are rated to produce a composite RPN (S x P x C) and a total risk assessment for the risk.

Risk assessment for Health and Safety is simply an assessment of what could cause harm to people and what precautions are being taken or can be taken to minimise the risk. The important decisions are what hazards are significant and what precautions have been taken to minimise the risk. The FMEA approach documents these decisions regarding evaluating the risks and assessing the current precautions. In assessing the risks the assessments and controls must be ‘suitable and sufficient’ this is not necessarily the same thing as perfect! It is suitable and sufficient if reasonable precautions are taken so that the remaining risk is low. The use of RPN can document these actions and the residual risk.

When evaluating Health and Safety risks do not forget to include the risks to the general public, visitors to the site and contractors as well as the risks to employees in the site. All are covered under HASAWA.

As with all risk assessments it is necessary to review and revise the risk assessments with the passage of time (‘living document’) to reflect new equipment, processes, substances and procedures.

Environmental risk assessment

Assessing the significance of environmental aspects is a key requirement of ISO 14001.

Section 4.3.1 of ISO 14001 requires identification of significant aspects (those that have a significant impact on the environment) using a formal procedure. ISO 14001 does not specify a set method for assessing the significance of environmental aspects. However, the procedure used to assess significance should be recorded in a systematic manner for future reference.

Environmental aspects that are judged to be significant are the ones that will be managed by the Environmental Management System. As part of the preparation for ISO 14001 an ‘Initial Review’ is recommended to reveal which activities are covered by legislation and/or have a high cost. These will be areas where improvement activities will have a high beneficial environmental impact and significantly reduce costs.

Each potential impact is assigned a rating to after considering the following:

Hazardous properties (H)

Ranking

Major hazard

10

Extremely high hazard

9

Very high hazard

8

High hazard

7

Moderate hazard

6

Low hazard

5

Very low hazard

4

Minor hazard

3

Very minor hazard

2

Non hazardous

1

Size of event (S)

Ranking

Very large

10

Large

9

Very high

8

High

7

Moderate

6

Low

5

Minor

4

Very minor

3

Small

2

Very small

1

Frequency of event (F)

Ranking

Repetitive

10

Extremely high

9

Very high

8

High

7

Moderate

6

Low

5

Very low

4

Minor

3

Very minor

2

None

1

Environmental receptors (R)

Ranking

Major environmental receptors

10

Extremely high environmental receptors

9

Very high environmental receptors

8

High environmental receptors

7

Moderate environmental receptors

6

Low environmental receptors

5

Very low environmental receptors

4

Minor environmental receptors

3

Very minor environmental receptors

2

No environmental receptors

1

Environmental controls (C)

Ranking

Absolute uncertainty

10

Very remote

9

Remote

8

Very low

7

Low

6

Moderate

5

Moderately high

4

High

3

Very high

2

Almost certain

1

For each impact, the individual factors are rated to produce a composite RPN (H x S x F x R x C) and a total risk assessment for the impact.

 

Last edited: 17/02/15

© Tangram Technology Ltd. 2004

Our standard disclaimer regarding Internet data applies.