Developing and Using a Risk Assessment Model

Consistency in evaluating and quantifying risk begins with documented definitions.

01/01/2000


U ntil senior management of manufacturing facilities formally access and document acceptable safety, health, environmental, and liability risk the entire company risks messy public relations and possible legal action from the public, workers, local and national regulators, and insurance providers.

Development of a risk assessment model requires addressing event severity in key domains and quantifying event likelihood.

For example, key domains frequently included are:

  • Public safety and health;

  • Site safety and health;

  • Environmental impact;

  • Liability costs;

  • Production interruptions and quality issues; and

  • Equipment damage and repair costs.

Each domain is evaluated and event definitions and guidelines are documented from minor to severe and/or life-threatening events.

Sample - Domain Impact Risk Assessment Matrix

Less severe to highly severe

Public safety and health

Site safety and health

Environmental impact

Liability costs

Business interruptions and quality issues

Equipment damage and repair costs

10

Fatality or permanent health effect

Multiple fatalities

Widespread offsite and long-term or permanent damage

> $100 million

> $10 million

> $10 million

9

Fatality or permanent health effect

8

One severe or multiple injuries

Localized offsite long-term damage

> $1 million

7

One severe or multiple injuries

> $10 million

> $1 million

6

Injury or hospital-ization

Major release violation or short-term damage

> $250 thousand

5

Injury or hospital-ization

> $1 million

> $250 thousand

4

Exposure above limits

Significant release violation

> $10 thousand

3

Exposure above limits

> $10 thousand

> $10 thousand

2

Exposure

Minor release

Source: Control Engineering

Events, when they happen, may be very severe, but their likelihood of occurrence may be infrequent.

Definitions for event likelihood must be developed in addition to event severity.

Sample - Event Likelihood Risk Assessment Matrix

Unlikely to highly likely

Event likelihood or frequency
(f = frequency of hazardous event, events per year)

10

A failure that can reasonably be expected to occur within the expected lifetime of the facility.
Examples: Process leaks; single instrument or valve failures; or human errors that could result in material release.
10-2& f, per year

9

8

7

A failure or series of failures with a low probability of occurence within the expected lifetime of the facility.
Examples: Dual instrument or valve failures; combination of instrument failures and operator errors; or single failures of small process lines or fittings.
10-4& f & 10-2, per year

6

5

4

A failure or series of failures with a very low probability of occurrence within the expected lifetime of the facility.
Examples: Three or more simultaneous instrument, valve, or human failures; or spontaneous failure of single tanks or process vessels.
f & 10-4, per year

3

2

Source: Control Engineering with data from Arthur D. Little Inc.

Once each event has been quantified for severity and likelihood, quantitative information can be used to determine the overall risk associated with an identified hazardous event.


Many people believe conducting risk assessments is reserved for formalized meetings where entire processes are dissected, analyzed, and risks are documented. Conducting formalized hazard analysis and operability (HAZOP) studies is important, and may be required by law, but most processes undergo regular changes. With few exceptions changes to manufacturing processes require some form of approval and sign-off. A part of the approval and sign-off procedures should include a mini-HAZOP of the change being proposed and approved. The mini-HAZOP review may be as simple as a couple of knowledgeable people sitting down and examining how the proposed change impacts the key domains and the likelihood of an unexpected event occurring as a result of the proposed change.

Putting it all together
Control Engineering has developed a sample risk assessment model consisting of three matrices to illustrate how identified events are assessed and ranked.

Assume a key product quality parameter (i.e., color) has only been successfully measured using laboratory equipment, but process engineering has determined that a virtual sensor could be developed using neural network technology and a model-based controller could be deployed to reduce product color variations.

The existing control system is not capable of hosting the neural network calculations or model-based controller. A personal computer (PC) based 'soft-controller' exclusively running a well-known vendor's neural network and model-based software is being proposed.

Among the unexpected risks identified for the proposed change are:

  • Loss of control would produce off-spec product;

  • Use of standard PC and operating system software; and

  • First deployment (by customer) of neural network and model-based control.

Using the three matrixes that make up the risk assessment model, each risk is evaluated, and ranked. The following is a representative sample of several (but not all) of the evaluation findings.


Identified risk


Domain examined


Findings and valuations


Loss of control would produce off-spec product.


Public safety and health


No risk identified. Zero severity value is assigned.


Site safety and health


The facility has limited off-spec storage capacity. Large quantities of off-spec material require workers to divert material into portable bulk-packs. Setting up empty bulk-packs and diverting product is a manual effort and has only been necessary once in the past two years. The presence of the bulk-packs adds congestion to the plant floor. Both situations increase the possibility of severely injuring a worker. A severity value of six is assigned.


Environmental impact


No risk identified. Zero severity value is assigned.


Liability costs


Injuries frequently occur when workers perform non-normal duties. Worker injury could increase liability, but the company provides very good insurance and no one can remember an injured worker suing the company. A severity risk of two is assigned. Note : After considering customer impact of lost production the severity risk value is changed to five.


Business interruptions and quality issues.


Production is sold out so any unplanned interruptions would impact meeting customer delivery commitments. Because of contractual customer delivery commitments liability issues could be as much as $1,000,000. A severity value of five is assigned. Note : Based on this conversation, it is decided to revisit the liability costs domain.


Equipment damage and repair costs.


Beyond the cost of the PC, no risk is identified. A severity value of three is assigned.


Note : This list is intended to be a representative example, not an entire review of all identified risk.

After each remaining risk (i.e., use of standard PC and operating system software, and first deployment (by customer) of neural network and model-based control) has been examined and documented for each domain each risk is reassessed for the likelihood the event and domain risk will actually happen.


Domain examined


Findings and valuations


Likelihood and valuations


Public safety and health


No risk identified. Zero severity value is assigned.


No risk identified. Zero likelihood value was assigned.


Site safety and health


The facility has limited off-spec storage capacity. Large quantities of off-spec material require workers to divert material into portable bulk-packs. Setting up empty bulk-packs and diverting product is a manual effort and has only been necessary once in the past two years. The presence of the bulk-packs adds congestion to the plant floor. Both situations increase the possibility of severely injuring a worker. A severity value of six is assigned.


Until the new controller is proven and operators are comfortable using it, the likelihood of creating off-spec product is fairly high. A likelihood value of seven is assigned.


Environmental


No risk identified. Zero severity value is assigned.


No risk identified. Zero likelihood value is assigned.


Liability


Injuries frequently occur when workers perform non-normal duties. Worker injury could increase liability, but the company provides very good insurance and no one can remember an injured worker suing the company. A severity risk of two is assigned. Note : After considering customer impact of lost production the severity risk value is changed to five.


A worker or customer suing is considered not very likely. A likelihood value of two is assigned.


Business interruptions and quality issues.


Production is sold out so any unplanned interruptions would impact meeting customer delivery commitments. Because of contractual customer delivery commitments liability issues could be as much as $1,000,000. A severity value of five is assigned. Note : Based on this conversation, it is decided to revisit the liability costs domain.


A likelihood value of six is assigned.


Equipment damage and repair costs.


Beyond the cost of the PC, no risk is identified. A severity value of three is assigned.


A likelihood value of two was assigned.


Note: This list is intended to be a representative example, not an entire review of all identified risk.

Different risk assessment methods use quantitative values differently. For purposes of this abbreviated example, risk ranking is completed for each domain using the risk-ranking matrix. The results are:


Domain examined


Severity ranking assigned


Likelihood ranking assigned


Risk ranking


Public safety and health


0


0


Low risk


Site safety and health


6


7


Moderate risk


Environmental impact


0


0


Low risk


Liability costs


2


2


Low risk


Business interruptions and quality issues


5


6


Moderate risk


Equipment damage and repair costs


3


2


Low risk

The rankings are subjective and disagreement over numerical values is not uncommon. The important thing is to complete the analysis as thoroughly as possible and negotiate the numerical values if necessary, always erring on the high side.

For our example worst case risk appears in the area of worker injury and business interruptions. Both rank a loss of production risk in the moderate category.

Not captured here, but always an intangible benefit of conducting any risk assessment, is the sharing of ideas and concerns that occur and which are useful in making more informed decisions.

For those curious about the proposal to use a PC based controller to virtually measure and control product color, stay tuned. Our example project is still under management advisement, but approval is expected in time for the February issue of Control Engineering .

In the meantime, start thinking about incorporating a formalized risk assessment model into your manufacturing process. The benefits might surprise you.




Comments?
E-mail dharrold@cahners.com





No comments
The Engineers' Choice Awards highlight some of the best new control, instrumentation and automation products as chosen by...
The System Integrator Giants program lists the top 100 system integrators among companies listed in CFE Media's Global System Integrator Database.
The Engineering Leaders Under 40 program identifies and gives recognition to young engineers who...
This eGuide illustrates solutions, applications and benefits of machine vision systems.
Learn how to increase device reliability in harsh environments and decrease unplanned system downtime.
This eGuide contains a series of articles and videos that considers theoretical and practical; immediate needs and a look into the future.
Mobile HMI; PID tuning tips; Mechatronics; Intelligent project management; Cybersecurity in Russia; Engineering education; Road to IANA
Save energy with automation; Process control system upgrades; Dispelling controll myths; Time-sensitive networking; Control system integration; Road to IANA
Additive manufacturing advancements; Machine vision enhances robotics; Fieldbus evolution; Process safety; Advice from System Integrators of the Year; Road to IANA
This article collection contains several articles on the Industrial Internet of Things (IIoT) and how it is transforming manufacturing.

Find and connect with the most suitable service provider for your unique application. Start searching the Global System Integrator Database Now!

Flexible offshore fire protection; Big Data's impact on operations; Bridging the skills gap; Identifying security risks
The digital oilfield: Utilizing Big Data can yield big savings; Virtualization a real solution; Tracking SIS performance
Getting to the bottom of subsea repairs: Older pipelines need more attention, and operators need a repair strategy; OTC preview; Offshore production difficult - and crucial
click me