Risk rating approaches- Page 2

Welcome Guest! The IOSH forums are a free resource to both members and non-members. Login or register to use them

Postings made by forum users are personal opinions. IOSH is not responsible for the content or accuracy of any of the information contained in forum postings. Please carefully consider any advice you receive.

Notification

Error

2 Pages<12

Risk rating approaches

Options

Previous Topic Next Topic

Admin		#41 Posted : 28 February 2008 07:42:00(UTC)
Rank: Guest		Posted By Adrian Watson Dear Barry, So is 1 mV a hazard? What about 1.5 v, 9 v 110 v, etc? The point is not that the electricity is a hazard, but when and where the electricity is, i.e. the context. Jason, Risk is never, ever ... not ever probability x severity; if so, something that may occur often but has very minor consequences is equal to something that is unlikey but has serious consequences. I don't think so! Risk is definitely a combination of probability and severity, but not in the way that many people think. It is the possibility (likelihood, probability) of the consequences. Sorry to be a pedant but meanings are important if we are to talk in the same language. Tony, Having read the documents you referred to, the definitions "hazard - source of harm" is so abstract as to be meaningless. Is god or the universe, depending on your belief system, the source of all harm; if not at what point does the hazard occur? I believe that point to be when there is a situation with the potential to cause harm. likewise risk is defined as a combination of probability and severity. State the obvious. These are committee definitions if anything! They mean something to everybody, not do not mean the same to two people. Regards Adrian


User Profile View All Posts by User View Thanks

Admin		#42 Posted : 28 February 2008 08:29:00(UTC)
Rank: Guest		Posted By Andy Brazier I think the problem here is that risk is only an abstract concept rather than the tangible result of an equation. The idea that risk = severity x likelihood (or any other equation) helps us understand what it means, but it can't actually be calculated. A risk assessment is only a means to an end, and not an end itself. Unfortunately people tend to dive into doing a risk assessment and fail to see the bigger picture. Actually assessment is part of risk management, and if you follow it through properly it is actually only a small part of the program. Managing risks involves: 1. Identifying hazards - people often fail to list all the hazards, and so their assessments will inevitably be flawed. 2. Identifying risk controls 3. Assessing risks - people often assess risks associated with individual hazards which is fine, but you also need to assess the overall risk - a simple rating is usually more than enough 4. Considering whether the risks are as low as reasonably practicable (ALARP) 5. Specifying additional controls if required 6. Implementation of the risk management program In my opinion step 4 is the critical one. It is achieved by answering two questions: a) What additional controls could be put in place to reduce the risk? b) For those additional controls that you are planning to NOT implement, why? This argument will either be that the risk reduction is minimal, it will result in an unacceptable transfer of risk or the cost is grossly disproportionate To answer these questions we need to consider the hierarchy of control because this tells us how reliable controls are likely to be. So my opinion is that how you rate risks is relatively unimportant as long as you are consistent. As long as you can demonstrate you know what your highest risks are and that you are doing something about them is enough.


User Profile View All Posts by User View Thanks

Admin		#43 Posted : 28 February 2008 09:00:00(UTC)
Rank: Guest		Posted By JasonGould Sorry Adrian you have lost me with this talking the same language part. The frequency x Severity came from my dip2 study notes as a valid method for measurement. Anyway, My conclusion is as follows Hazard = potential of harm Risk = Likelihood of harm Likelihood is a measurement based on frequency probability and severity. You may indeed reduce the severity by a control measure such as a guard/seat belt etc But at the end of it you are still only reducing the likelihood of harm as per the definition of risk. Control measures can have a probabilistic value to assign some assurance in the control measure. Either way it is probabilistic thus a element of failure or risk will always be in place which in turn can either bring the severity of the hazard up to its original level or even worse increase it. That's why we always aim to eliminate the hazard all together then try to reduce the likelihood of any residual risk. Man that was a refresher session for me and I am still open to being corrected as I am rushing this post. so going back to the original argument I was involved in. We are all wrong or actual failed to discuss this properly which was the reason why I wanted to let it lie and agree to disagree until checking out in detail. I was not being rail rolled in the fact that we Finnish a risk assessment showing a reduced severity of risk. I can however accept a reduced likelihood. There is a reduction in severity hence the HSE has thousands of sentences that suggests so. We all know that and have to implement things that can reduce severity. Agree/Disagree? But as far as risk rating is concerned, this reduction in severity is in the true definition of the word only a reduction in the likelihood of risk as it forms part of a number of other factors. Agree/Disagree? There has to be a consensus on this otherwise we will truly miss the importance of the message in the new CDM and Hierarchy of controls which is eliminate the hazard. Tolerably of Risk is another subject all together and too long to go into.


User Profile View All Posts by User View Thanks

Admin		#44 Posted : 28 February 2008 09:05:00(UTC)
Rank: Guest		Posted By JasonGould Andy, absolutely correct P.s. No, I am not going into the just get rid of the hazard conkers bonkers frame of mind as some risk will always have to be MANAGED. That what we do. Regards Jason


User Profile View All Posts by User View Thanks

Admin		#45 Posted : 28 February 2008 09:28:00(UTC)
Rank: Guest		Posted By Chris Jerman Great post Hilal. You are quite right. Where I see most people going down the wrong path is that they define likelihood (call it what you will) as the chances of THAT or SOME harm occurring. It is not. It is the chances of an EVENT that MAY lead to harm - through some failure or lack of control. Harm is not certain. Many people are involved in unfortunate events that result in NO injury. (We tend to call them near misses?)Where I see many assessments being flawed is in their failure to describe the event and how it could be caused. This often comes from the use of language. Falling off a ladder? Not a hazard, it's an event due to ... overreaching, not placing ladder correctly etc. The hazard is height. Electricity, hazard. Yes at any voltage, debatable - but we are allowed to filter out the nonsense by using significance. What is the reasonably foreseeable event? Contact with exposed conductors. Why? Failure to isolate? What's the RFWCI? I don't know, what's the voltage? 430v 60 amps (current?)Electrocution then in this case. 2.0v and 0.4mA? err, no significant findings. So it may be a hazard but one I'm not going to record. So, having a car crash at speed on a motorway, could reasonably result in a fatality. But likelihood isn't the chances of dying is it? because that's actually pretty small given the number of crashes that don't result in death. No, it's the likelihood of being in the position that you might crash. Or, the likelihood of failure of your controls.eg using mobiles, not maintaining vehicle, excessive speed . These are not hazards, they're likelihood factors; failing controls. So if wearing a fall restraint that wouldn't fail (best that money could buy so failure is an unreasonable expectation) is an absolute guarantee - then the person could not fall in the first place. If wearing fall arrest, the likelihood of falling off the roof is exactly the same as if you weren't wearing it. Falling off is the event, due to failure of controls. The arrest harness is not a likelihood control in this case. However, the prediction of the reasonably foreseeable event ie hitting the ground won't now happen. But that is not what the assessment should be predicting. It's falling and being suspended. But what is the reasonably foreseeable worst case injury from suspension in fall arrest? Well we're back to something pretty major again. So it matters little. It doesn't alter the severity of the injury - it alters the event leading to the injury and therefore you're predicting a different severity 'scenario' to the one of hitting the ground if not wearing the harness. What ever your descriptors, likelihood, consequence, outcome, probability etc that you use, I'm no mathematician, but a matrix (basically a graph) is based around the notion of two INDEPENDENT variables. You cannot therefore have one axis being the likelihood of the other axis. Number of cars coming past and numbers that are blue red green etc are independent. Reasonable worst severity of an injury due to failure of the controls and exposure to a hazard X the potential for those controls to fail given what we know about their frailty, are not connected. Likelihood is related to the robustness of the controls NOT anything to do with injury. Chris Jerman


User Profile View All Posts by User View Thanks

Admin		#46 Posted : 28 February 2008 10:21:00(UTC)
Rank: Guest		Posted By Hilal KINLI Andy, I think firstly we need to agree in the terminology of hazard and risk. As you now, there are many definitions in many literature. I think we may select OHSAS 18001:2007 definitions which is an international standard as an example for discussion. In that standard, hazard is defined as: Source, situation, or act with a potential for harm in terms of human injury or ill health or a combination of these I agree with this definition. But I also prefer to identify "potential for harm" as "potential for risk". (I will explain the reason below) Risk is defined as; Combination of likelihood of an occurrence of a hazardous event or exposure(s) and the severity of injury or ill health that can be caused by the event or exposure. I do not agree partly with this definition. In my view, "risk is probable outcome (s) of a hazard which could lead directly or after a sequential events to an injury or ilness." Forexample, if somebody is working at height, working at height should be defined as hazard, because there is a probable outcome as fall risk. This is primary level of risk. If a person falls, then there is a probable outcome of this primary level risk as injury or death which I call as secondary level risk. This was an example what I mean from sequential effects. We can increase the examples for many situations. In my view, after identifying the risk as probable outcome (s) of a hazard, we may say that magnitude or significance level of the risk depends on likelihood, severity, frequency, etc.etc. depending on the risk ratiing methodology used. (Risk rating methodologies are another subject for discussion.) If we identify risk as, just as combination of likelihood and severity of a probable outcome, it is just flying object for me. No meaning. Because in many literature and in our daily life, we use risk terminology for a probable outcome of an hazard. e.g. fall risk, exposure risk, electrocution risk, radiation risk, back injury risk, etc. What I mean is that, risk has a name in our daily life and in our literature. Risk terminology is not used just as a number, or magnitude, or a significance level. So, why don't we prefer to use that conventional name for risk and then define the magnitude of that risk, instead of identifying the risk as a flying object? Agree or not? Best wishes Hilal think the problem here is that risk is only an abstract concept rather than the tangible result of an equation. The idea that risk = severity x likelihood (or any other equation) helps us understand what it means, but it can't actually be calculated. A risk assessment is only a means to an end, and not an end itself. Unfortunately people tend to dive into doing a risk assessment and fail to see the bigger picture. Actually assessment is part of risk management, and if you follow it through properly it is actually only a small part of the program. Managing risks involves: 1. Identifying hazards - people often fail to list all the hazards, and so their assessments will inevitably be flawed. 2. Identifying risk controls 3. Assessing risks - people often assess risks associated with individual hazards which is fine, but you also need to assess the overall risk - a simple rating is usually more than enough 4. Considering whether the risks are as low as reasonably practicable (ALARP) 5. Specifying additional controls if required 6. Implementation of the risk management program In my opinion step 4 is the critical one. It is achieved by answering two questions: a) What additional controls could be put in place to reduce the risk? b) For those additional controls that you are planning to NOT implement, why? This argument will either be that the risk reduction is minimal, it will result in an unacceptable transfer of risk or the cost is grossly disproportionate To answer these questions we need to consider the hierarchy of control because this tells us how reliable controls are likely to be. So my opinion is that how you rate risks is relatively unimportant as long as you are consistent. As long as you can demonstrate you know what your highest risks are and that you are doing something about them is enough


User Profile View All Posts by User View Thanks

Admin		#47 Posted : 28 February 2008 11:58:00(UTC)
Rank: Guest		Posted By Andy Brazier Hilal I personally don't see the need to debate definitions. Those in OHSAS18001 work OK for me. If you use them consistently you will be able to determine which or your risks are of greatest concern. I agree there may be problems if you are trying to compare your risks with others, as there may be inconsistencies in definitions used. Personally I doubt there is much to be gained in just looking at how someone else has rated a risk. Instead, have they identified different hazards to you, and if so why? Also, have the implemented different controls to you, and again why? That is where you will learn most in my opinion.


User Profile View All Posts by User View Thanks

Admin		#48 Posted : 28 February 2008 14:39:00(UTC)
Rank: Guest		Posted By GeoffB4 Andy - your posts have been spot on. Risk assessment should be a process that, depending on the hazards/level of risk, can generally be easily carried out with a minimum of training by people at work. The more difficult we make this process the less likely the assessments will be carried out or to a similar standard. A number of responses to this thread are indicating a level of proficiency way above what is generally needed - in fact it's as though it is a process that only specialists should be involved in. Ring any bells? Risk assessment is not a complicated process so let's stop quibbling over the meaning of individual words and work together to make the whole process less of a black art and more like it was intended to be.


User Profile View All Posts by User View Thanks

Admin		#49 Posted : 28 February 2008 15:33:00(UTC)
Rank: Guest		Posted By Hilal KINLI Andy, I think it seems to be easiest way to accept a hazard and a risk definition in a standard or in another document even you do not agree with that definition. Already many people is doing the same thing without doing any interpretation on them. I dont say that doing it in this way is wrong. But I do not prefer to use this approach in some issues that there is no common approach. Because in those cases, firstly I need to believe one of those approaches. Risk assessment as a complete process is an example of this. As far as I see, there is no consensus in all of the following steps of risk assessment around the world: 1. Hazard and risk definitions (No consensus) 2. Identification of risks in a workplace (As far as I see, there is no method developed yet that can be used for a complete identification of the risks in a workplace. As you know, FEMA, HAZOP, What if, Job safety Analysis, Process safety analysis, etc. methods can be used only for a part of the risk analysis, not complete one. So in practice, you can see from very simple to complicated approaches used for identification of the risks.) 3. Rating the identifed risks to find magnitude or significance level of the risk. (Many people are using many different methods and also when rating the risks some people is considering risk control measures, the others not (This part was our main subject of discussion.)) 4. Evaluation of the existing risk control measures against magnitude of the risk. If there is a gap, then planning of additional control measures. ( (This part of risk assessment is also problem. Because many people do not think according to risk management approach to find the gaps. They think risk control measures just as simple as, e.g.only provision of PPE to worker. This problem is also problem in risk ratings considering existing control measures. If they have provided to workers only e.g. a PPE then they assume that they have lowered the likelihood of the risk. But as you know there are many components of risk control measures. I have given an example of components for fall risk control measures in my previous messages). As far as I understood from you message, you say that there will be no benefit for focusing so much on risk ratings, we need to focus on identification of hazards and planning for risk control measure. If so, sorry, I do not agree. I think we need to discuss and make interpretations on every step of risk assessment I have mentioned above including risk rating approaches to agree on a common approach. Otherwise, in practice, you may see different risk ratings even for the same kind of risks in the same workplace (for example if they are considering risk control measures in their ratings, they may not have same control measures for those kinds of risks in every part of the workplace. So they will assume different likelihoods for the same kind of risks. Best wishes Hilal KINLI


User Profile View All Posts by User View Thanks

Admin		#50 Posted : 28 February 2008 16:26:00(UTC)
Rank: Guest		Posted By Chris Jerman Dear Geoff, if you knew me personally you'd understand that making risk assessment simple - but effective has been my life's work. (I wrote and presented 3 of the IOSH certificated risk courses for 4 years) Performing a risk assessment in my organisation is dead easy, the people who completed them did so with a minimum of instruction and no training per se at all. I did not conduct them (especially dressed in a wizard's outfit using potions and spells I can assure you) Within a year of joining my current employer, we went from having barely anything to a comprehensive set of assessments delivering value right the way up to the Board in a year. (29,000 employees) I'm perfectly happy with our methodology because we're done and dusted like everyone else should have been about 15 years ago (please anyone, no need to have the discussion "you're never finished risk assessing", it's a turn of phrase but we know which we have and which we haven't, got) The trick is in getting the right people to contribute the right information. My assessments are literally two minute jobs to complete. However, the concepts that sit behind risk assessment, such as 'is PPE a risk control or a safety measure, does a safety harness alter the reasonably foreseeable worst case injury' are more complex. (that's complex, not complicated). These discussion are the province of the safety professional and it may be that this thread has been mistaken for a guide on to how to conduct risk assessments. It isn't it's a philosophical debate of the finer points of language. IF you read many of the posts here, you will see that people use the same words differently in their own posts! Now if you use it differently to me - that's fine, I guess. But if you use it differently yourself, I have to question how clear one's instruction would be those trying to perform the assessments. So if you define something, stick to your own definition at least. Sorry Geoff, I'm not meaning to be personal here, but this is a productive thread by a group of interested parties and simply saying stop making it complicated is not a helpful contribution to the debate. Someone has to design the process and to do that it needs to be structured, systematic and well thought through. We get our fair share of enforcement visits and the initial reaction is often one of surprise at our assessments. Many an 'officer' has gone away wondering why everyone else doesn't make it look this easy - that's because we are very clear on what we're doing. Wandering around aimlessly with a clipboard simply spotting hazards in a company of our size and complexity would not be effective and would certainly never produce the assurances that the Board needs. However, regardless of the size of the company, I think that we need a clear picture. If you take 5 steps, MOHSAW and the latest guide assessments from the HSE, couple that to HSG 245 and it's a wonder that anyone knows what they're doing. You could drive a coach and horses through it. So I absolutely agree with you that it needs to simple and let's get on with it - but it also needs to be clear too. And at present for a great many people, it isn't. Just read these pages every day! I didn't take your post personally by the way, and I hope that you feel the same. The point of these pages is precisely for thrashing these things out, and this one certainly has had a good thrashing! Best wishes Chris Jerman


User Profile View All Posts by User View Thanks

Admin		#51 Posted : 28 February 2008 16:32:00(UTC)
Rank: Guest		Posted By Andy Brazier I would not say there is no benefit in getting more consensus on the specifics you mention, but I do think there are diminishing returns. I'd rather have an 80% solution that is being used and working, than wait for the 100% solution to be developed. Also, I am not a great believer in having everyone use the same techniques and methods. In my opinion it means we all start looking at things the same way. Whilst this sounds good, the 'one size fits all' approach is rarely the best approach for a specific situation and tends to stifle innovation. I am not disagreeing with what is being said but it is starting to sound a bit academic to me; and I have a PhD!


User Profile View All Posts by User View Thanks

Admin		#52 Posted : 28 February 2008 17:19:00(UTC)
Rank: Guest		Posted By Chris Jerman Andy, I couldn't agree more my learned friend. However, as I said, I'm not sure that this is a debate about method as much as a debate over concepts and principles. I'm all for different methodologies, but I simply disagree with anyone who says that working up a ladder is a hazard. It's a task. There's a verb in it. Probability and possibility are two utterly different concepts. And yet we seem to use them interchangeably. I have trained thousands of people all over the World in this thinking and the results have been quite astounding. I took a team of 7 safety managers through it once, the transformation was incredible. For the first time, they told me, this actually made sense. I'll concede that it really may not matter at all to anyone else. But it does to me. I'll have to live with that. I am in a position where I have seen this work and I have seen it fail and I know where I sit. I can see why people get in a fix and end up with pointless thousands of risk assessments, all I wish to do is share my lessons of making it work across huge and widespread multi-national companies and local corner shops. There's more than one way to skin a cat. But if we disagree over what a cat looks like ..... Is it time for a beer yet? CJ


User Profile View All Posts by User View Thanks

Admin		#53 Posted : 28 February 2008 19:08:00(UTC)
Rank: Guest		Posted By GeoffB4 As I said Chris, risk assessments should be capable of being carried out by the masses, not just the expert few. You must surely agree that a number of contributors are advocating the black art approach. Like you I strive to make the process as simple as possible and I also design and present risk assessment courses to a number of blue chip clients - but I'm not sure how much that last bit is relevant to this discussion? By the way, I don't classify working on a ladder as a hazard, I see the hazard as 'working at height'. Which shows, even us professionals can disagree! As an aside, it amazes me on these discussions how fixed we can be in our attitudes (and I don't discount myself in this) and how we can often reject the simpler answers - even though it might be for the common good.


User Profile View All Posts by User View Thanks

Admin		#54 Posted : 29 February 2008 08:42:00(UTC)
Rank: Guest		Posted By Adrian Watson Was in not Albert Einstein who said "make it as simple as it needs to be, but no simpler." I agree much of what has been said said about risk assessment of being a means to an end and not the end in itself. The simplest risk assessment is "Can it hurt me; if so, how do I keep myself safe?" The reason I have a bee in my bonnet about the meanings of words is that the meanings frame how people think about things. If people understand that a hazard is "something" then taking working on a ladder as an example, the ladder, becomes the problem not the fall from height because of over-reaching, falling because the ladder is on unstable ground, electrocution from touching live wires when on a metal ladder, etc. The real issue with risk is in risk prioritisation to decide what needs to be done first. In respect of possibility, likelihood and probability, they are all related, but different. I put possibility at a higher level of abstraction; with likelihood being related to qualified risk assessment and probability to quantified risk assessment. Regards Adrian


User Profile View All Posts by User View Thanks

Admin		#55 Posted : 29 February 2008 09:00:00(UTC)
Rank: Guest		Posted By GeoffB4 Quote: In respect of possibility, likelihood and probability, they are all related, but different. I put possibility at a higher level of abstraction; with likelihood being related to qualified risk assessment and probability to quantified risk assessment. But Adrian, how many people carrying out risk assessments would understand that, or even care? Sure, have a high level discussion on the meaning of a 'word' but for goodness sake, don't let any of us expect this to be transferred to those on the shop floor - where it matters. Life is complicated enough. It reminds me of a company who carried out comprehensive risk assessments using a consultant and a year later they were still in the managers bookcase - he thought the RAs were for him not the employees on the shop floor, because they wouldn't understand them!


User Profile View All Posts by User View Thanks

Users browsing this topic
Guest

2 Pages<12

You cannot post new topics in this forum.
You cannot reply to topics in this forum.
You cannot delete your posts in this forum.
You cannot edit your posts in this forum.
You cannot create polls in this forum.
You cannot vote in polls in this forum.