650 likes | 838 Views
Risk assessment. Tor Stålhane NTNU / IDI. What is risk - 1. Risks are characterized by three factors: They are concerned with events that may – or may not – happen in the future. The events are identifiable but their effect and probability are uncertain.
E N D
Risk assessment Tor Stålhane NTNU / IDI
What is risk - 1 Risks are characterized by three factors: • They are concerned with events that may – or may not – happen in the future. • The events are identifiable but their effect and probability are uncertain. • The outcome of the events can be influenced by our actions
What is risk - 2 A risk is something that can be a problem in the future. It is defined by two parameters • The probability - p. What is the probability that the risk will become a problem? • The consequences - C. What will happen if the risk becomes a problem? The risk – R – is defined as R = C*p
How large is the risk - 1 In order to find the size of a risk, we need values for p and C. In some cases we can estimate these values from historical data but in most cases we will have to use expert opinions or other subjective data sources. It is not always possible – or meaningful – to assign a numerical value to a consequence, e.g. loss of lives.
How large is the risk - 2 Even though assessment is a subjective activity it is not about throwing out any number that you like. To be useful, an assessment must be • Based on relevant experience. • Anchored in real world data, e.g. “How bad can it get?” • The result of a documented and agreed-upon process. Having a process makes it possible to later improve the process based on experiences.
Assessing risk The quality of an assessment increases when the background info gets more specific. Don’t ask: “What is the consequence of X?” or “What is the probability of Y?” It is better to ask: “What is the consequence of X in scenario S?” or “What is the probability of Y in scenario S?”
Assessment and scenarios - 1 If the probability of scenario Si is p(Si), and pi and Ci are the probability and consequence of an accident in scenario Si, we have that: • The method is critically dependent on the • Quality of the scenario descriptions • Independence of the scenarios
Assessment and scenarios - 2 We can improve our assessments even more if we do not ask for consequences in general but for consequences for one particular asset. Thus, in scenario i we have consequence Cj,i for asset j.
Assessing C and p We can assess consequences and probabilities in several ways: • Textual categories – e.g. High, Medium, Low. • Numerical categories – e.g. values from 1 to 10. • Value intervals. • Statistical distributions.
Textual categories – 1 When using categories, it is important to give a short description as to what each category implies. E.g. it is not enough to say “High consequences”. We must relate it to something already known, e.g. • Project size • Company turn-over • Company profit
Textual categories – 2 Two simple examples: • Consequences: we will use the category “High” if the consequence will gravely endanger the profitability of the project. • Probability: we will use the category “Low” if the event can occur but only in extreme cases.
Consequence and probability - 2 The multiplication table is used to rank risks. It can not tell us how large they are. We should only use resources on risk that are above a certain, predefined level.
Numerical categories -1 We can use numbers instead of names. This does not make the assessment more precise but will free us from the need to define a multiplication table in order to identify risks. In principle we can use any numbers. The best solution is, however, to just assign number to the three aforementioned categories
Numerical categories – 2 The following values are often used in practice, both for consequences, benefits and probabilities: • 10 – high • 4 – medium • 1 – low Thus, a medium consequence and a low probability will give a risk of 4*1 = 4.
Value intervals If we have more info available we can give better estimates. Even though we cannot give exact values, we can give our assessments as intervals. An interval has a start and an end value – denoted a and b. We denote the interval I as I = [a, b] In our case, the width of the interval is a measure of our uncertainty.
Simple interval arithmetic As long as all interval limits are positive, we can write: • I = I1 * I2, I = [a1*a2, b1*b2] • I = I1 + I2, I = [a1 + a2, b1 +b2] • I = I1 - I2, I = [a1 -a2, b1 -b2] • I = I1 / I2, I = [a1*b2, b1/a2] If we use intervals for consequence (C) and probability (p) we get R = [C1*p1,C2*p2]
Statistical distributions - 1 We can use statistical distribution for C and p. In this case, the distributions are used to show our uncertainty. Practical solutions could be: • Beta distribution for p • Gamma distribution for C
Statistical distributions - 2 Based on the distributions of p and C, we can compute the distribution of the risk in three ways: • Mellin transforms • Monte Carlo simulation • Approximation methods We will only look at the third alternative.
Statistical distributions - 3 The following approximation holds:
Risk approximation Using the expressions from the previous slide we get the following approximations: It is now straight forward to find the expected value and variance for R
Simple risk assessment In order to a simple risk assessment we need to identify: • Dangerous events • Each event’s • consequence – C • probability – p • Possible barriers – changes or controls • Person responsible for each risk - Resp.
Events We start by identifying dangerous events. The simple way to do this is to use brainstorming – just sit down and envisage your worst nightmares related to the activities under consideration. Be realistic – only consider things that you believe can happen.
Barriers Barriers can be realized through: • Prevention – we change the system so that the event cannot occur. • Mitigation – we can • change the system in order to reduce the event’s probability or consequences. • define activities that will reduce the problems if the event occurs.
Prevention barriers Prevent risk from becoming a problem Handling barriers Prevent event from having bad consequences Barrier 6 Barrier 1 Barrier 2 Barrier 3 Barrier 5 Barrier 4 Risk Prob. Event Reduction barriers Reduce effect of event
Benefits It is important to bear in mind that: • We usually expect to gain something through change – new products, new ways to work etc. • Risks stem from changes. • Reducing risk is a cost factor We need to look at the total picture.
The total picture - 1 The total picture of the situation shows the risks and the benefits that stem from a planned change. This is not a mechanism that can be used to identify the best solution. It is, however, an important input when we want to make a decision.
The total picture - 2 The total picture shows risks and benefits. Risk can be shown in two ways: • Unmitigated risks • Mitigated risks – include the effect of risk reduction activities, e.g. barriers. This can be done by • Modifying the risk assessment • Indicate how the risk will move in the diagram
1 2 The mitigation effect
1 2 Including benefits
Benefit p Consequence C and p as intervals - 1
Benefit Increased value or probability p Mitigation effect Cost of mitigationand benefits’ value and probability Consequence C and p as intervals - 2
The tyranny of “either – or” All too often we are confronted by the statement that we can get only get X if we are willing to suffer Y. This is the wrong attitude. The right attitude is that we will • Do what is needed to get X • Perform activities that will remove or reduce the bad effects of Y.
Leverage Leverage is a prioritizing mechanism: Leverage = (Benefit – Cost) / Cost Leverage will prioritize activities with • Large net benefits • Small costs
Extended risk table -1 We can use cause – consequence chains or event trees for a risk to identify the best place to insert a barrier. For each barrier, we need to assess: • Cost - the cost of implementing it. We will use the scale H = 10, M = 3 and L = 1. • E – how effective is the barrier? We will use the scale h = 1.0, m = 0.5 and l = 0.2
Barrier leverage Leverage = (C*p*E – Cost) / Cost The leverage will prioritize barriers which: • Have low costs – Cost is small • Have high efficiency – E is large • Attack important risks – C*p is high
Some comments on barriers It is important to remember that: • Each risk will usually need a different barrier – a barrier that works against one risk can be valueless against another risk. • It is important to consider the three main barrier strategies: • Prevent the risk from becoming a problem • Control the problem to avoid the consequences • Reduce the consequences
ALARP and GALE There are two competing principles in the assessment of risk: • ALARP – As Low As Reasonably Possible- We have done all that is reasonable to prevent problems and dangers. • GALE – Globally At Least Equivalent. E.g. introducing a new process will not increase the risks compared to what it is today.
ALARP ALARP requires that we analyze each risk separately and then implement mitigation activities. A reasonable goal is to reduce each risk until the extra mitigation costs exceed the value of the risk reduction achieved. All that we have seen up till now fits into an ALARP policy .
GALE GALE requires us to look at the total risk of a change. In this way we can start by attacking the cheapest risk or the risk with the largest leverage. The problem with the GALE principle is that we need to perform arithmetic on risks. E.g. we need to decide how many medium risks we need before we have a large risk
ALARP vs. GALE The one important thing with using the GALE principle is that it forces us to ask “What is the current risk level?” All too often we act as it the current way of doing things is risk free and all risk stems from changes. This stance is enforced by the human tendency to underestimate the risk of status quo.
Using GALE Important points • GALE is a method for risk analysis. Benefits must be included elsewhere • We need to look at both our current risk and the risk resulting from the proposed changes. • Always perform a sensitivity analyses.