Practical Application of System Safety Practical Application of System Safety for Performance Improvementfor Performance Improvement

TCC / ACIT EHS SeminarTCC / ACIT EHS Seminar

Galveston – Moody GardensGalveston – Moody Gardens

June 8, 2011June 8, 2011

Albert V. Condello III

Professor – Safety Mgmt & Fire Protection Engineering

ObjectivesObjectives

To successfully complete this module, you must study the text and master the following objectives:

1. List the steps that effective leaders use to develop safe and effective operational plans.

2. List the three elements of the SPE (Severity, Probability, and Exposure) risk assessment model and state what it is used to evaluate.

3. List the six elements of the GAR (Green, Amber, Red) risk assessment model.

4. List the steps of the risk management process.

ObjectivesObjectives

5. Introduce one of 31 tools mentioned in ISO 31010 for risk assessment.

6. List the Strengths/Weaknesses of Consequence/Probability Matrices

7. Explain the use and benefits derived from hazard risk matrix.

8. Cite how the hazard risk matrix can be used for this purpose since it provides both severity and probability rankings for a given hazardous situation.

Pertinent DefinitionsPertinent Definitions

From ASME B31.8S 2004: Managing System Integrity of Gas Pipelines

Risk: A measure of potential loss in terms of both the incident probability (likelihood) of occurrence and the magnitude of the consequences.

Risk Assessment: A systematic process in which potential hazards from facility operation are identified, and the likelihood and consequences of potential adverse events are estimated. Risk assessments can have varying scopes, and be performed at varying level of detail depending on the operator’s objectives.

Risk Management: An overall program consisting of identifying potential threats to an area or equipment; assessing the risk associated with those threats in terms of incident likelihood and consequences; mitigating risk by reducing the likelihood, the consequences, or both; and measuring the risk reduction results achieved.

Types of RiskTypes of Risk

Principles of System SafetyPrinciples of System Safety

Specialty within system engineering that supports a program of risk mgmt.

Goal to optimize safety, performance, and cost efficiency by Identification of safety related risks over the life cycle.

Not to require unreasonable and/or unnecessary safety requirements.

Correct balance – acceptable vs. unacceptable conditions established early for optimum design solution.

System safety requirements must be consistent with other program i.e. QA/EHS requirements.

Elements of the system safety processElements of the system safety process

Source: Stephenson (1991)

How to Develop Safe & Effective Operational PlansHow to Develop Safe & Effective Operational Plans

Mission Analysis is the process by which the operating plan and contingency plans are developed.

It includes organizing the team to meet the mission objectives, allocating resources to perform the critical tasks, and monitoring the team and the environment to adjust resources as necessary

Principles of Operational Risk Principles of Operational Risk Management (ORM)Management (ORM)

These basic decision-making principles must be applied before any anticipated job, task, or mission is performed:

– Accept no unnecessary risk. – Make risk decisions at the appropriate level. – Accept risk when benefits outweigh the costs. – Integrate ORM into your refinery or petrochemical

plant’s doctrine and planning at all levels.

RoadmapRoadmap

Contribution of risk assessment to the risk management process

Risk assessment may require a multidisciplinary approach since risks may cover a wide range of causes and consequences.

Overview – ISO 31000 ProcessOverview – ISO 31000 Process

System Safety PrecedenceSystem Safety Precedence

The order of precedence for satisfying system safety requirements and resolving identified hazards is not unlike that which applies to general industrial safety considerations.

There are five basic steps, as follows:

1. Design for minimum risk2. Incorporate safety devices3. Provide warning devices4. Develop procedures and training5. Acceptance of residual/remaining risk

Consequence/probability matrixConsequence/probability matrix

Overview

- one of 8 tools per ISO 31010 (I.e. HAZOP & FMECA)

The consequence/probability matrix is a means of combining qualitative or semi-quantitative ratings of consequence and probability to produce a level of risk or risk rating.

The format of the matrix and the definitions applied to it depend on the context in which it is used and it is important that an appropriate design is used for the circumstances.

To be effective we must:To be effective we must:

1. Define tasks based on mission requirements.2. Question data or ideas as they relate to mission

accomplishment.3. Discuss long and short term plans for the mission.4. Identify the impact of potential hazards and

unplanned events on the mission.5. Structure tasks, plans, and objectives related to the

mission.6. Thoroughly critique existing plans for potential

problems.

Risk Management StepsRisk Management Steps

USMC & US NavyUSMC & US Navy

Define Required TasksDefine Required Tasks

A task analysis based on anticipated mission requirements is the first step in developing an operating plan.

Verify Data, Double Check the WorkVerify Data, Double Check the Work

• Plans developed around incorrect information put the team at a disadvantage.

• Double check data, in particular environmental conditions and external control systems (e.g. traffic schemes and communications plans), before beginning a plan.

• Double checks must be independent computations that arrive at the same conclusion. Ineffective double checks contribute to mishaps.

Discuss ObjectivesDiscuss Objectives

• All team members need to understand the mission in terms of both the short term and long term objectives.

• By outlining all objectives the team can provide better input on how to best achieve them.

Assess RiskAssess Risk

• This requires two steps:

Safety risk identification and evaluation of the loss potential (e.g. catastrophic to minor).

• Risk assessment is a key part of the risk management process, which is discussed later in this presentation/lecture.

Assemble the PlanAssemble the Plan

• The mission needs, resources, and assessed risks are then assembled into a plan.

• Safety risks that are unacceptable to your refinery or petrochemical plant, the unit, or the team are managed in the plan.

Critique the PlanCritique the Plan

• All team members should be empowered to question and provide feedback on the plan.

• No plan is perfect or can be designed to meet all contingencies.

Consequence/probability matrixConsequence/probability matrix

Use

A consequence/probability matrix is used to rank risks, sources of risk or risk treatments on the basis of the level of risk.

– It is commonly used as a screening tool when many risks have been identified, for example to define which risks need further or more detailed analysis, which risks need treatment first, or which need to be referred to a higher level of management.

– It may also be used to select which risks need not be considered further at this time.

– This kind of risk matrix is also widely used to determine if a given risk is broadly acceptable, or not acceptable according to the zone where it is located on the matrix.

Consequence/probability matrixConsequence/probability matrix

Use - Continued

The consequence/probability matrix may also be used to help communicate a common understanding for qualitative levels of risks across the organization.

The way risk levels are set and decision rules assigned to them should be aligned with the organization’s risk appetite.

A form of consequence/probability matrix is used for criticality analysis in FMECA or to set priorities following HAZOP.

It may also be used in situations where there is insufficient data for detailed analysis or the situation does not warrant the time and effort for a more quantitative analysis

SPE MODELSPE MODEL

Risk for a specific hazard can be assessed using the SPE Model, computed as:

Risk = Severity X Probability X Exposure

Hazard risk matrix, will assist the analyst in determining the appropriate risk assessment code (RAC) to assign to a particular hazard risk.

The RAC will prioritize for management the specific level of risk associated with a specific, identified hazard concern.

Input -> Process -> OutputInput -> Process -> Output

OutputThe output is a rating for each risk or a ranked list of risk with

significance levels defined.

Input

The Inputs to the process are customized scales for consequence and probability and a matrix which combines the two.

Process

To rank risks, the user first finds the consequence descriptor that best fits the situation then defines the probability with which those consequences will occur. The level of risk is then read off from the matrix.

Example - Risk Ranking MatrixExample - Risk Ranking Matrix

Hazard SeverityHazard Severity

MIL-STD-882 establishes system safety criteria guidelines to assist in the determination of hazard severity.

Source: MIL-STD-882.

Hazard ProbabilityHazard Probability

Source: MIL-STD-882.

Hazard Risk MatrixHazard Risk Matrix

• Incorporates elements of hazard severity table and the hazard probability table to provide an effective tool for approximating acceptable and unacceptable levels or degrees of risk.

• By establishing an alphanumeric weighting system for risk occurrence in each severity category and level of probability, one can further classify and assess risk by degree of acceptance.

• Obviously, from a systems standpoint, use of such a matrix facilitates the risk assessment process.

Risk Assessment MatrixRisk Assessment Matrix

US NAVY ORMUS NAVY ORM

SPE RISK ASSESSMENT MODELSPE RISK ASSESSMENT MODEL

SEVERITYWHAT ARE THE

POTENTIAL LOSSES?

WHAT IS INVOLVED INACCOMPLISHING THE TASK?

WHAT ARE THE HAZARDS ASSOCIATEDWITH THE ELEMENTS REQUIRED FOR

TASK ACCOMPLISHMENT?

PROBABILITYWHAT IS THE PROBABILITYOF A MISHAP OCCURRING?

EXPOSUREHOW MUCH ARE

RESOURCES EXPOSED?

IS THIS LEVEL OF RISKMANAGEABLE BY THE UNIT?

WHAT IS THE LEVEL OF RISK?

NO

COMMUNICATE WITHMISSION

COORDINATOR

MONITOR THESITUATION

PERFORM ASDIRECTED

YES

PERFORMMISSION

CONTROL RISK• PERSONAL PROTECTIVE EQUIPMENT• ENGINEERING CONTROLS• TRAINING & AWARENESS• LIMIT NUMBER OF EVENTS

Wallet Risk Card - BackWallet Risk Card - Back

GAR MODEL ELEMENTSGAR MODEL ELEMENTS

GREENGREEN AMBERAMBER REDRED

(Low Risk) (Moderate) (ImplementMeasures)

0 35 60 80

Contingency Resources: ____ Environment: ____

Supervision: ____ Team Selection: ____

Planning: ____ Team Fitness: ____

Communication: ____ Incident Complexity ____

Total Score: _____

GREENGREEN AMBERAMBER REDRED

(Low Risk) (Moderate) (ImplementMeasures)

0 35 60 80

Contingency Resources: ____ Environment: ____

Supervision: ____ Team Selection: ____

Planning: ____ Team Fitness: ____

Communication: ____ Incident Complexity ____

Total Score: _____

GAR MODELGAR MODEL More general risk concerns that involve operations planning or

reassessing risks as milestones are achieved can be addressed using the GAR Model.

A survey of Refineries and Petrochemical Plant accidents identified 8 elements that affect risk in operations.

• Supervision.• Planning.• Team Selection.• Team Fitness.• Communication• Contingency Resources• Environment.• Event or Evolution Complexity.

These elements are incorporated into the GAR (Green, Amber, Red) Risk Assessment Model.

This model provides the team with another way of assessing risk and may be used as an alternative to the SPE Model

Wallet Risk Card - FrontWallet Risk Card - Front

Consequence/probability matrixConsequence/probability matrix

Strengths:

Relatively easy to use;

Provides a rapid ranking of risks into different significance levels.

Limitations:

A matrix should be designed to be appropriate for the circumstances so it may be difficult to have a common system applying across a range of circumstances relevant to an organization;

It is difficult to define the scales unambiguously;

Use is very subjective and there tends to be significant variation between raters;

Risks cannot be aggregated (i.e. one cannot define that a particular number of low risks or a low risk identified a particular number of times is equivalent to a medium risk);

It is difficult to combine or compare the level of risk for different categories of consequences.

PEACE ModelPEACE Model Potential failures (things that can go wrong) can be equipment or operational in nature and can be

both internal and external to the team.

Examining each element of the “PEACE” Model

(Planning, Event Complexity, Asset Selection, Communication, Supervision & Environmental Conditions)

Will ensure effective hazard identification in each of the following three main categories:

Equipment: Is the equipment functioning properly and can it be expected to function properly

throughout the planned task or evolution?

Environment: How will the weather, sea conditions, proximity to shoals, vessel traffic, and available light affect the task or event?

Personnel: Is the team properly trained and capable of handling the demands of the mission? Are they fatigued, complacent, or suffering from the affects of physical or mental stress?

SupervisionSupervision Supervisory Control considers how qualified the supervisor is and whether

effective supervision is taking place.

Even if a person is qualified to perform a task, supervision acts as a control to minimize risk.

This may simply be someone checking what is being done to ensure it is being done correctly.

The higher the risk, the more the supervisor needs to be focused on observing and checking.

A supervisor who is actively involved in a task (doing something) is easily distracted and should not be considered an effective safety observer in moderate to high-risk conditions.

PlanningPlanning

• Planning and preparation should consider how much information you have, how clear it is, and how much time you have to plan the evolution or evaluate the situation.

Contingency ResourcesContingency Resources

• Contingency resources should consider resources that are not necessary as an immediate part of the operation, but would be needed should conditions change or an emergency occur.

• You should consider whether you have the ability to activate the resources, whether they will respond in the expected timeframe, and whether there are pre-plans in place for those resources.

CommunicationCommunication

• Communication should consider radio/cellular capability, dispatching and overall infrastructure and operational reliability.

• In addition to the technical means to communicate you should also consider the communication culture.

Team SelectionTeam Selection

Team selection should consider the qualifications and experience level of the individuals used for the specific event/evolution.

Individuals may need to be replaced during the event/evolution and the experience level of the new team members should be assessed.

Team FitnessTeam Fitness

Team fitness should consider the physical and mental state of the crew. This is a function of the amount and quality of rest a crewmember has had.

Fatigue normally becomes a factor after 18 hours without rest; however, lack of quality sleep builds a deficit that worsens the effects of fatigue.

EnvironmentEnvironment

Environment should consider factors affecting personnel performance as well as the performance of the asset or resource.

This includes, but is not limited to, time of day, workplace violence, temperature, humidity, precipitation, wind and sea conditions, proximity of aerial/navigational hazards and other exposures (e.g., oxygen deficiency, toxic chemicals, and/or injury from falls and sharp objects).

Incident ComplexityIncident Complexity

Event/Incident complexity should consider both the required time and the situation.

Generally, the longer one is exposed to a hazard, the greater are the risks.

However, each circumstance is unique.

For example, more iterations of an evolution can increase the opportunity for a loss to occur, but may have the positive effect of improving the proficiency of the team, thus possibly decreasing the chance of error.

This would depend upon the experience level of the team.

The situation includes considering how long the environmental conditions will remain stable and the complexity of the work.

Risk Assessment Questioning Risk Assessment Questioning TechniquesTechniques

This simple technique employs the use of five questions that may be asked by anyone, anywhere, anytime.

No documentation is required and this method can be applied quickly and easily. Use it to reduce risk in everything that you do.

The five questions are:1. Why am I doing it at all?2. What could go wrong?3. How will it affect others or me?4. How likely is it to happen to me?5. What can I do about it?

Lead By ExampleLead By Example

You can promote this technique and encourage all employees to be aware of risk by distributing and wearing in the workplace tags inscribed with these five basic questions.

It serves as a reminder to assess risk in all of our daily activities.

BriefingsBriefings

The briefing includes not only what you will be doing, but also how it will be done.

The success of the plan is often determined by the quality of the briefing process.

Briefings fall into two categories: Brief and Debrief.

Tailgate Safety BriefingTailgate Safety Briefing

The Brief sets the stage for what is to follow. It clarifies expectations for team members and establishes the ground rules for the task.

Make the following process part of your routine Brief:• Specify desired results.• Set expectations. • Clarify responsibilities. • Identify available resources.• Establish a climate for learning.• Accept/encourage input from team members. • Maintain a positive attitude. • Define accountability.

Debriefing / After Action ReportDebriefing / After Action Report

The Debrief provides an opportunity to evaluate and recognize teams or individuals for their performance.

This includes identifying areas where performance needs improvement. It is a feedback session.

Make the following behaviors part of your routine Debrief:– Conduct self-critique.– Accept/encourage feedback and suggestions.– Focus on process. – Demonstrate consistency.

SummarySummary

We have discuss the steps that effective leaders use to develop safe and effective operational plans.

The three elements of the SPE Model are (Severity, Probability, and Exposure) are used to calculate risk.

Six elements of the GAR risk assessment model: Define tasks required, verify data – double check work, discuss objectives w team, assess risk-a two step process, assemble the plan, and critique the plan.

We also introduced you to some of the principles of operational risk management as applied before any job, task, or mission is performed.

SummarySummary

• Results will depend of the level of detail of the analysis, i.e. the more detailed the analysis, the higher the number of scenarios, each with a lower probability.

• This will underestimate the actual level of risk. The way in which scenarios are grouped together in describing risk should be consistent and defined at the start of the study.

ReferencesReferencesVincoli, Jeffrey W. (2006) Basic Guide to System Safety, 2/E Wiley-Interscience ISBN 0-471-

72241-3.

Manuele, Fred A. (2008) Advanced Safety Management: Focusing on Z10 and Serious Injury Prevention Wiley-Interscience ISBN 978-0-470-10953-3

Roland, Harold E. & Moriety, (1990) System Safety Engineering and Management, 2/E John Wiley & Sons ISBN 0-471-61816-0

Alvarado, Michael J. (1998) US DOT USCG Team Coordination Training (TCT) Instructor Guide Pamphlet No. G65301, Chapter 3 – Effective Mission Analysis.

ISO/IEC/FDIS International Standard Risk Management – Risk Assessment Techniques. Ref No. 31010:2009(E)

ANSI/ASSE Z690.2 2011 ISO 31000:2009 – Risk Mgmt Principles and Guidelines

ANSI/ASSE Z690.3 2011 ISO 31010:2009 – Risk Assessment Techniques

ITRC (Interstate Technology & Regulatory Council). 2011. Project Risk Management for Site Remediation. RRM-1. Washington, D.C.: Interstate Technology & Regulatory Council, Remediation Risk Management Team. www.itrcweb.org.

Appendix A – Applicable Tools Appendix A – Applicable Tools Used for Risk AssessmentUsed for Risk Assessment

Appendix B - Attributes Risk Appendix B - Attributes Risk Assessment ToolsAssessment Tools

Appendix C – Project Risk MgmtAppendix C – Project Risk Mgmt

Appendix D - Categories/Examples of

Environmental Remediation Project Risks

For Further InformationFor Further InformationPlease feel free to contact either;

Albert Condello at University of Houston DowntownCollege of Sciences and Technology

One Main Street, Suite N-705Houston, Texas 77002-1001

Cell Ph 979-412-2219Office Ph 713-221-8016

Email: Condelloa@uhd.edu

FIRST Roy Creager - Presidentroy@firstcallfirst.com

1010 Center StreetDeer Park, Texas 77536

O: (281) 930-7686 F: (713) 493-2949

http://www.firstcallfirst.com/contact-us