1 / 23

Risk Assessment and Management

Risk Assessment and Management. Getting the Measure of Risk. Having understood the potential accident sequences associated with a hazard (e.g. using ETA) … Next step is to determine the severity of the credible accidents identified

daniel-kelley
Download Presentation

Risk Assessment and Management

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Risk Assessment and Management

  2. Getting the Measure of Risk • Having understood the potential accident sequences associated with a hazard (e.g. using ETA) … • Next step is to determine the severity of the credible accidents identified • Remember risk is the product of severity and probability of an accident • Two different approaches: • Estimate probability of accident, and hence get a measure of accident risk… then decide whether estimated risk is acceptable • Used in many domains, including rail, military aerospace • Will discuss this approach first, using rail standards as example • Establish acceptable risk, and set probability targets • Civil aerospace approach (ARPs etc.) • Will discuss this approach later

  3. Accident Severity • Accident Severity Categories are qualitative descriptions of consequences of failure conditions (hazards) • considering likely impact EN 50126

  4. Accident Probability Next, estimate (predict) accident probability • Use historical results, analysis, and engineering judgment to determine appropriate qualitative probability category • Note we may have to consider both • how likely hazard is to arise • how likely hazard is to develop into accident EN 50126

  5. Classifying Risk • Having assigned severity and probability associated with hazard consequences … • Next step is to use a Hazard Risk Matrix to classify the the risk EN 50126

  6. Accepting Risk Reasoning about risk • Using HRI now possible to say, e.g. Risk(Hazard H1) > Risk(Hazard H2) • In order to say what is acceptable / unacceptable, must provide an interpretation, e.g. EN 50126

  7. Managing Risk Risk Resolution • Can associate objectives or actions with risk class, e.g. • technologies used • development processes • assessment criteria • Example, for “undesirable” risk, might decide • no single point of failure shall lead to system accident • probability of fatality must be < 1x10-8 per hour • failure behaviour over time (lifetime of system) must be estimated using accepted engineering mathematics and models

  8. Determining Risk - Civil Aerospace Style 1 Start with determination of severity • very similar to rail categories ARP 4761

  9. Determining Risk - Civil Aerospace Style 2 • When severity has been determined, can set objectives (requirements) for risk control • primarily boundaries on acceptable probability of failure condition (hazard) Adapted from ARP 4761

  10. Determining Risk - Civil Aerospace Style 3 For civil aerospace, severity-related objectives are set in standards • easy to work with • unambiguous • provided you can agree on standardised and objective measures of severity! BUT • Need to understand that direct mapping from severity to probability objectives is based on important assumption: Acceptable Risk is fixed and predetermined

  11. Determining Risk - Civil Aerospace Style 4 Where does acceptable risk come from? • in principle, requirements reflect “what risk the public is willing to accept” • risk (A) = probability (A) * severity (A) • level of acceptable risk hard to determine, and subjective • in practice, certification bodies (airworthiness authorities) act as surrogates for the public • “bottom line” is hull loss rate • civil aviation hull loss rate target is currently 10-7 per flying hour • for comparison, military aviation (UK) hull loss rate target is 10-6 per flying hour

  12. Determining Risk - Civil Aerospace Style 5 • Has further implications: • implicit assumption about number of catastrophic failure conditions on an aircraft • also implicit assumption about how probable failure condition is to actually develop into an accident • Example: • probability objective (target) for catastrophic failure condition is < 10-9 per flight hour • target hull loss rate is < 10-7 per flight hour • implies either a maximum of 100 catastrophic failure conditions on an aircraft, assuming all occurrences of catastrophic failure conditions will develop into hull loss accident • or if more than 100, must be assumption that not all occurrences will result in loss of aircraft

  13. Determining Risk - Civil Aerospace Style 6 • Note that objective of probability per flying hour has its problems… • Consider: • histogram shows accidents / time • 1.8% of accidents occur in load / taxi / unload

  14. The ALARP Principle 1 ALARP = As Low As Reasonably Practicable

  15. The ALARP Principle 2 • Provides an interpretation of identified risks • Pragmatic – although you can always spend more money to improve safety, it is not always cost-effective • However, “cost-effectiveness” introduces ambiguity • Regions of tolerability defined by regulatory domain and customer • Approach is often implicit in the management of safety-critical projects anyway • Helps focus attention on most critical hazards

  16. Risk Reduction Flowchart 1 • Identify and determine risk associated with identified hazards

  17. Risk Reduction Flowchart 2

  18. Risk Reduction Flowchart 3

  19. Precedence in Risk Reduction 1 • Redesign to eliminate risk • Best where practical • Change in operational role, or removal of hazardous material • Redesign to reduce hazard likelihood • Select architecture or components • Duplex or triplex or … • Higher integrity components, with lower failure rates • Incorporate mitigation to reduce impact of failures • Automated protection, e.g. pressure relief valves • Where incorporated, need to check periodically • To avoid dormant failures

  20. Precedence in Risk Reduction 2 • Provide warning devices • Detect the hazardous condition and warn operators • e.g. indicate that landing gear has not fully deployed • e.g. to evacuate building due to fire or fumes • Provide procedures and training • Reduce likelihood of hazard, or mitigate • may involve use of personal protective equipment • Do not assume procedures are enough by themselves • consider evolution of power guillotine regulations • Precedence order • Elimination is enough by itself • Others used in combination, typically emphasising automation

  21. Residual Risk - 1 • Residual Risks are those that cannot be ‘designed out’ • risks inherent to design, where benefit is desirable • Significant residual risks must be formally accepted by the appropriate authority (typically customer / operator) • Can use Decision Authority Matrix, e.g. (MIL-STD-882C)

  22. Residual Risk 2 Appropriate Decision Authority (From MIL-STD-882C) • HIGH – Service Acquisition Executive • e.g. no ground collision avoidance on F22 – signed off by4-star Air Force General • MEDIUM – Program Executive Officer • LOW – Program Manager • Usually a requirement to document all actions taken to resolve risk within terms of contract • Customer authority can then decide whether to attempt to apply additional resources to resolve risk or forward decision to higher authority

  23. Summary • Risk Assessment is the process of identifying the risk associated with system hazards • Approach in many sectors (military, rail…) is to use Hazard Risk Matrix to determine the risk associated with a hazard from severity and probability estimates • then decide on acceptability of risk • Alternative approach (Civil Aerospace) is based around severity • assumption of fixed level of acceptable risk... • … so can derive objectives, including probability, from severity • Both approaches can be used to define how risks should then be tackled in system development

More Related