Five Steps Take the “Risk” Out of Risk Assessment and Management
Whether you are the CEO, an administrative assistant or a plant manager, you are constantly engaging in risk assessment and management. Sometimes the consequences of being wrong are trivial. However, being wrong can sometimes be devastating, with money lost and safety compromised.
That's the situation confronting those involved in the design, implementation or assurance of machine safety. Assessing risk—and doing something about it—can seem daunting. Bruce Main, president of the risk assessment firm Design Safety Engineering Inc., is aware of how most feel about the task. He has some reassuring words.
"People tend to think it's more complex than it really is. There are really just five steps that need to be completed," he says. Main lists these as:
1. Identifying the hazard,
2. Assessing the risk,
3. Reducing it to an acceptable level,
4. Documenting what was done, and
5. Following up.
These steps assess risk and mitigate it. They also capture information and expertise before either evaporates.
While simple in concept, conducting risk assessment and management does have some pitfalls. There are actions to avoid, as well as others to emphasize. A look at each of the steps shows what should—and should not—be done.
There are scores of different ways to identify hazards. Two of the most familiar and widely used are task-based and hazard-based methods. The first arose out of work by automobile manufacturers, says Main. He notes that a tasked-based risk identification method is often the most effective, but both are necessary. To explain why, he describes his experience with talking to university students in design classes. These students will be designing machinery and systems with pumps and motors within a few months. Main will often ask how many have ever changed a pump or motor on anything.
"Typically 10% of the students raise their hands. So maybe in a class of 120, you get a show of 12 hands. So, 90% of them have never done the task." Consequently, he says, they don't know all of the sub-tasks involved, and they have no way to identify the accompanying hazards.
Thus, a task-based approach can reveal dangers that wouldn't otherwise be considered, Main says. A task-based method can also uncover other risks, such as cases where safety guards are circumvented because the guarding makes performing the task effectively impossible.
A task-based assessment doesn't provide a complete picture, however. Consider a motorized rotating shaft. No task is involved, but there is still a hazard: The shaft can break, for example. Besides component failure, examples of other non-task-based dangers include seismic activity or snow loads on a roof. For such vulnerabilities, hazard-based identification is best. What's more, doing both task- and hazard-based evaluations often yields better results than using either alone.
As for assessing risk once a hazard is known, that is typically done with a scoring system. There are dozens of different methods to choose from. All have a common underlying goal, notes Main. "Fundamentally, it's how you work this hazard into three buckets: high, medium, and low risk."
Risk scoring attracts considerable attention. It's typically the subject of industry consensus standards.
Putting risk on a diet
Main says that identifying and reducing risk are the most important steps out of the five. Engineers in particular are comfortable with and often successful at risk reduction. They are successful, in part, because there's a flow, a recipe, to follow: the hazard or safety control hierarchy.
The risk reduction process goes through a series of stages. The first asks if the problem can be acceptably eliminated by design. If the answer is yes, then a design change is made.
If the answer is no, then engineering controls are deployed. Switches, interlocking barriers, guarding barriers, adjustable enclosures, and other techniques could be used, with the choice dependent on the situation.
If controls aren't sufficient, then warnings might be posted, and additional operator training may be performed to further minimize risk. The final stage involves personal protective equipment (PPE) designed to minimize whatever hazard remains.
Typically, after risk reduction plans are in place, another round of risk assessment is done to determine if what remains is tolerable. Judging that, Main admits, gets somewhat tricky.
"There is no clear definitive guideline about what is acceptable," he observes. Often that assessment is made implicitly, without a formal declaration: When product starts shipping out the door, the decision has been made that the risk is acceptable.
Document and follow-up
Like the question of acceptably low risk, documentation is a murky area. On one hand, putting everything down in writing can present legal hazards. Risk assessment and management involves subjective evaluations, so everything is open to reinterpretation later by third parties. On the other hand, good documentation is a quality standard.
The question about how much to document may well vary. However, a benefit of documentation is that it ensures expertise and knowledge are captured before people move on to other projects, or leave the company.
The final step, follow up, isn't complex but it is necessary. In this step, after all assessment and mitigation steps have been taken, the reality of the situation is compared to what was supposed to have been done. Several reasons point to the need for this last step, says Main.
For one thing, a lack of follow up can be the smoking gun in the case of litigation. For another, the final step helps make sure that the overall goal of the process is achieved. "You just want to keep people from getting hurt—and that's ensured with the follow up," sums up Main.