safety and security risk management

semester 1 – mid-terms

concepts
risk criteria
- Organizations should specify acceptable types and levels of risk based on
their objectives. risk criteria must align with the risk management
framework, reflect organizational values, and consider stakeholder views.
- These criteria should be established early in the risk assessment process
and regularly reviewed. key considerations include:
o Types of uncertainties.

o Definitions of consequences and likelihood.

o Time factors.

o Measurement consistency.

o Determining risk levels.

o Combinations of risks.

o Organizational capacity.

 Risk appetite  how much risk do we like?

 Risk tolerance  how much risk can we handle?
 Risk capacity  how much risk is too much?

Risk treatment decision

High probability

Low impact High impact

Low probability
Hierarchy of controls (from the highest level of protection
to the lowest)

eliminate

substitute

isolate

engineering

admin

PPE

1. Elimination, which is the most effective way to control a hazard. You

get rid of the hazard entirely.
2. Substitution: we replace the hazard with something less hazardous.
3. Engineering controls; redesigning the workplace or the process itself
to minimise the hazard.
4. Administrative controls: changing the way people work to reduce
risk.
5. Personal protective equipment; helmets, gloves, safety glasses.
Always be a last resort.

the 8 principles for effective risk management

1. Integrated.
- Weaving risk management in the fabric of your business. Thinking about
potential risks from the start.
2. Structured and comprehensive
- Emphasizes the importance of a system. A methodical approach to
managing risks. Written procedures for different events or accidents.
3. Customized
- Tailer your risk management approach to fit your specific needs and
context.
4. Inclusive
 - You don’t have all the answers. Therefore, you need to involve others in
the process. Employees, customers, neighbors, etc. from getting
perspectives from others, you can identify risk that you may have missed
on your own and create as safer environment for everyone.
5. Dynamic
- Recognizing that risks are constantly evolving, there not static. You have
to constantly reevaluate and adjust. Update your procedures.
6. Best available information;
- Basing your decisions on the most accurate and up-to-date information
you can get your hands on. Be critical, evaluate your sources carefully, and
try to make the most inform decisions you can. Networking.
7. Human and cultural factors
- This is recognizing that people are huge part of the risk management
occasion, because people are unpredictable. Their behaviors, attitudes,
and their beliefs all these things shape risk.
8. Continual improvement
- Acknowledging that risk management is not a one-time thing, it’s a
continuous process of learning and adapting. Constantly evaluate it and
look to improve it and learn from your mistakes.

risk management process – often referred to as HIRAC

- Hazard Identification (risk source).
- Risk (likelihood & consequence).
- Assessment.
- Control.

The main ‘formula’ of risk:

Risk (source, event) = consequence x likelihood

Swiss cheese model  a model to explain accident causation and accident

barriers in systems
Common cause failure  holes in two or more
barriers in the same place
- Each slice of cheese  barriers.
- Each hole  weaknesses in the barrier.
- Barriers should be independent.
Each slice represents a layer of defence, a control measurement in our safety
control system and those holes they represent weaknesses, gaps. The more
holes, the weaker the protection
Dutch laws & standards
- Besluit externe veiligheid inrichtingen (BEVI)/ decree on external safety of
installations – “10-6 norm”
o Dutch law requires distances around activities with dangerous goods
so that in any single location, the probability of dying in an accident
is one in a million per year. (if you’re constantly there)

definitions
- Risk  the measure of the probability and severity of a loss/hazardous
event taking place.
- Risk driver  any factor, condition, or event that increases the likelihood
or impact of a potential risk.
- Risk management  the process of identifying, assessing, and mitigating
risks to protect people, assets, and operations from harm or loss.
- Risk governance  the system for making decisions about managing
risks, ensuring clear responsibility and oversight within an organization.
- Uncertainty  the lack of complete knowledge about potential risks,
making it difficult to predict outcomes or impacts accurately.
- Likelihood  the probability or chance of a risk event occurring.
- Probability  the numerical measure of the chance that a specific risk
event will occur, usually expressed as a fraction, percentage, or ratio.
o A way of expressing likelihood on a scale of zero to one. Zero means
it’s impossible, and one means its certain. So, the closer the
probability is to One, the more likely it is that the event will happen.
o A Micromort; quantifying mortality risk of death. One micromort
represents a one-in-a-million chance of dying (a standardized unit of
risk). It allows you to compare the relative risks of different
activities. So, like skydiving vs. driving a car.
- Opportunity  a favourable circumstance or set of conditions that can be
leveraged to achieve benefits, improve performance, or enhance safety
and security outcomes.
- Risk assessment  overall process that identifies hazards, estimates the
potential severity of injury or damage to health, estimates the likelihood of
occurrence of injury or damage to health, and determines if protective
measures are required.
 - Hazard identification  the act of anticipating and recognising existing
and potential hazards and their characteristics.
- Risk identification  process of finding, recognizing, and describing risks.
- Risk analysis  process to comprehend the nature of risk and to
determine the level of risk.
- Risk evaluation  process of comparing the results of risk analysis with
risk criteria to determine whether the risk and/or its magnitude is
acceptable or tolerable.
- Risk treatment  the process of selecting and implementing options for
addressing risk. within occupational health and safety (OHS) these options
are called control measures or simply controls.

types of failures:
“Understanding how things can go wrong is the key
to preventing them from happening”
independent failures  a failure of one or more
components that happens independently of failures
of other components
Solo acts. One component fails on its own, totally
unrelated to the system.
- A string of Christmas lights where one bulb
dies out. It doesn’t affect any other lights, because the others still work.
- Attendance at a lecture; if a few people don’t show up, that’s likely an
independent failure, because their reasons for not coming are probably
unrelated.

dependent failures  a failure of one or more components that happens due to

some relationship between the components or their cause of failure.

One component fails and it sets of a chain reaction, causing other components to
fail as well. Like domino’s falling.
A water main break: the water mane ruptures and that could lead to failures at
pumping stations that rely on that waterline even if the pumping stations
themselves are perfectly fine. So, the initial failure the water mane break triggers
these other failures. A ripple effect.

cascading failures  dependent failure that occurs because of the failure of

another component
o example: power outages

Cascading failures are basically dependent failures, but

on a much larger scale. That domino effect spreading
throughout an entire system, causing widespread
disruptions.
- A power grid failure: a problem in one part of the grid
maybe caused by storm could overload another part
causing that to fail too and then that failure triggers
even more failures and boom you got a massive
blackout.

common cause failure (CCF)  an event where multiple failures occur due to a
shared cause
These are situations where you have multiple
failures happening because of a single underlying
cause. One thing goes wrong, and it sets of other
problems.
- A software bug that affects all computers
running that program.
- A power search that fries multiple devices
plugged in to the same outlet

common mode failure (CMF)  an event where multiple failures occur due to a
shared failure mode
These are situations where you have multiple
failures happening because of a single underlying
cause. One thing goes wrong, and it sets of other
problems.
systematic failures  failure of a whole system, e.g. due to a lack of
redundancy
o example: economy due to power-out

single point failures (SPF)  component failure that will lead to the failure of a
whole system

Techniques for eliciting views from stakeholders and

experts
brainstorming: generate a wide range of ideas about potential risks without
criticism or judgment
pros: easy to organize, stimulates creativity, useful for initial risk
identification
cons: can be dominated by louder voices, can go wild: be unproductive

Delphi technique: iterative, structured approach with a panel of (anonymous)

experts providing answers and insights on multiple rounds
pros: less groupthink and bias, consensus among experts for complex
issues, can be done remotely and globally
cons: time-consuming, needs effort to reach real consensus
o It’s like tapping into the collective wisdom of a group of experts. Instead
relying on a single opinion, you are getting multiple perspectives. It’s not a
one-time thing.

nominal group (NGT): structured method for generating and prioritizing risks
by having participants individually suggest risks and rank them
 o It’s a structured approach to brainstorming and reaching consensus in a
group.
(semi) structured interviews: 1-on-1 questions and answers used to gather in-
depth insights from individuals
surveys: collect information from a large group of stakeholders or participants
through structured questionnaires

Techniques for identifying risks

Checklists, classifications, and taxonomies: systematically reviewing a
predefined list of potential risks or factors
pros: simple and easy to use (even for non-experts), ensures common risks
are not overlooked
cons: may miss unique or emerging risks (new tech), can encourage a
checkbox mentality, where deeper analysis is bypassed
o Pre-made frameworks for identifying and categorising potential risks.
Provide a starting point for an analysis. Helping to ensure all the relevant
factors. PESTLE.

Failure modes and effects analysis (FMEA): identify and evaluate failure
modes (what could go wrong at each step or component?) in a system, product,
or process and assess impact
pros: detailed and structured analysis of potential failures, prioritises risks
based on objective criteria (RPN), widely applicable in design,
manufacturing, and process improvement
cons: requires detailed system knowledge, subjective risk scoring can lead
to inconsistencies, may overlook complex interactions (only single failure
modes)
o It’s like a pre-empted strike against failure. Its all about identifying
potential weaknesses in a system, a product, a process, whilst whatever it
might be before they can cause any trouble. Getting ahead of the
problems.
o A car braking system: the first step is to identify all the key components.
Then, for each component you brainstorm all the ways it could fail. Next,
you analyse them, assess the likelihood of each failure mode happening,
potential effects, and how severe those effects might be. Important is
consider controls; controls are measures that put in place either to prevent
the failure from happening or detect early or reduce its impact if it does
happen. Final step is to assign a risk priority number (RNP) to each failure
mode; it’s a number that you calculate by multiplying the likelihood of the
 failure occurring, the severity of the consequences and the detectability of
the failure (how easy is it to spot that this failure is happening).

HAZOP – hazard and operability analysing: analysing deviations from the

design or operational intent of a system or process
pros: detailed and thorough, good for accounting human error, generates
suggestions for solutions, multidisciplinary, multistage
cons: needs lots of information, extensive knowledge, can produce a lot of
data > fundamentals lost
o A way to systematically examine a system like a process or a piece of an
equipment and identify any potential deviations from how it’s supposed to
work. It’s like comparing the blueprint to the actual building.
o Can help uncover a lot of different issues, including human errors.

Scenario analysis: developing and analysing a range of possible future events

or conditions to understand how they might impact risks
pros: prepare for the unexpected, promotes long-term thinking, visualises
multiple outcomes
cons: can be speculative, need experts, time-consuming in complex
situations

SWIFT – structured ‘what if’: structured brainstorming technique used to

identify risks by posing “what if” questions about a process, system, or project
pros: flexible, minimal preparation, more time efficient than scenario
cons: can be speculated, need experts, might miss certain risks

Techniques for determining sources, causes and drivers

Cindynic approach “science of danger”: interdisciplinary approach that
focuses on identifying, analysing, and managing dangers through a combination
of sociology, psychology, and engineering perspectives
Ishiwaka (fishbone) method: identify potential (root) causes by analysing
deviations from the design or operational intent of a system or process
pros: intuitive visual tool for root cause analysis, encourages team
collaboration, helps identify multiple causes (not just the obvious ones)
 cons: can’t prioritise causes (making it hard to focus on key issues),
requires experienced facilitation to ensure thoroughness

o It’s a way of mapping out all the different factors that can contribute
to a particular problem. Picture a fish skeleton, the problems your
analysing is at the head of the fish and the potential causes are all
those bones branching out. The bones are different categories of
causes. Common categories include people, methods, machines,
materials, measurements and the environment.

Techniques for analysing controls

Bowtie – causes, consequences, and controls: link potential causes of an
event to its consequences and identify preventive and mitigation controls in a
bowtie-shaped diagram
pros: easy to understand and communicate, see gaps, applicable on whole
risk assessment
cons: oversimplifies complex systems, time-consuming for complex risk
HACCP – hazard and critical control points: systematic preventive approach
to (food) safety that identifies potential hazards (HA) and implements ‘critical
control points’ (CCP)

LOPA – layers of protection analysis: semi-quantitative risk assessment

technique used to assess the adequacy of existing safeguards in preventing or
mitigating hazardous events by analysing independent layers of protection
pros: balances qualitative and detailed quantitative methods, ensures each
layer of protection is independent and reliable, helps prioritise
cons: requires reliable failure data, limited to scenarios, less useful for
innovations, may overlook human factors

Techniques for understanding consequences and

likelihood
Bayesian / belief networks: probabilistic techniques used to model
uncertainty, update beliefs with new evidence, and quantify the likelihood of
different outcomes

Business impact analysis (BIA): systematic process used to assess the

potential consequences of disruptions to business operations and determine the
critical functions and resources required to maintain continuity
pros: focuses on business continuity, holistic: considers financial,
reputational, and operational risks, supports effective disaster recovery
and continuity plans
cons: requires significant time and effort from various departments, can be
difficult to gather accurate data, incorrect assumptions about the severity
of impacts may lead to inadequate or excessive mitigation strategies

Cause-consequence analysis (CCA): combines fault tree and event tree

analysis to explore the potential causes of an event and the consequences that
follow
pros: combines both cause and consequence analysis in one model, visual
approach aids understanding of risk pathways, effective for analysing
complex systems with many variables
cons: can become complex and difficult to manage, requires detailed data
for both causes and consequences, time-consuming to construct for large
systems
 o you get a comprehensive view of the risks. You see the potential
causes of an event and the potential consequences all laid out in
one diagram. It’s like a risk management flow chart. Focus on the
key events.
event tree analysis (ETA): a forward-looking, graphical method used to model
the potential outcomes of an initiating event and the effectiveness of various
controls
pros: visualises the progression of events from a single initiating incident,
helps assess the effectiveness of safety barriers, easy to understand and
communicate
cons: limited to predefined events and controls, can become complex with
many branching paths, requires data to quantify probabilities effectively
 o It’s the flipside of FTA. Instead of working backwards from a failure,
you are looking forward from a potential initiating event. You are
exploring all the possible consequences of an initiating event. It’s
like chess player predicting its components next moves. Thinking
ahead and anticipating the ripple effect.
fault tree analysis (FTA): a top-down, deductive method used to analyse the
potential causes of system failures by identifying and linking contributing events
pros: provides clear,
structured way to identify
failure causes, helps
pinpoint critical system
vulnerabilities, supports
quantitative risk
assessments with
probability data
cons: requires detailed
system knowledge and
data, can become difficult
to manage for large
systems, focuses only on
failures, not successful
outcomes or mitigations
oa detective
working
backwards on
a scene. You
start with a
specific event, something you don’t want to happen, and then you
work your way down identifying all the potential causes and how
they are connected. Its creating a family tree.

Human reliability analysis: evaluates the likelihood of human errors and their
impact on system performance to assess and mitigate risks associated with
human factors
Markov analysis: a probabilistic technique used to model the transitions
between different systems states over time, allowing for the assessment of
system reliability and availability
Monte Carlo simulation: a quantitative risks analysis technique that uses
random sampling and statistical modelling to estimate the probability of different
outcomes
(data) privacy impact analysis: a structured process to assess the risks to
individuals’ privacy when handling personal data, identifying impacts and
controls
Techniques for analysing dependencies and interactions
causal mapping: a qualitative technique used to visually represent the
relationships between causes and effects, helping to explore and understand the
underlying factors contributing to risks
pros: helps clarify complex relationships, encourages team collaboration
and brainstorming, provides a visual tool that can aid in decision-making
cons: difficult to interpret with complex systems, may be subjective, lacks
quantitative risk estimates
cross impact analysis (CIA): a method used to assess the interactions between
different events or factors, identifying how the occurrence of one event may
influence the likelihood or impact of others

Techniques that provide a measure of risk

toxicological risk assessment (TRA): evaluates the potential risks posed by
chemical substances to human health and the environment by determining
exposure levels and toxicological effects
pros: scientifically grounded, quantitative data, widely applicable
cons: requires specialised knowledge, can be time-consuming and
expensive
value at risk (Var): a quantitative financial risk assessment method used to
estimate the maximum potential loss of an investment or portfolio over a given
time period at a specified confidence level

Techniques for evaluating the significance of risk

ALARP (as low as reasonably practicable), ALARA, and SFAIRP: a principle
used in risk management to reduce risks to a level that is as low as reasonably
practicable, balancing risk reduction with the cost and feasibility of further
measures
pros: balanced approach between safety and expenses, widely accepted in
industries, promotes continuous improvement
cons: “reasonably practicable” can be subjective and open to
interpretation, may not be suitable for high-stake situations where even
minimal risks are unacceptable, requires documentation and justification
Frequency-number (F-N) diagrams: graphical tools used in risk assessment to
plot the relationship between the frequency of hazardous events and the number
of people affected, helping to evaluate large-scale societal risks (e.g., industrial
accidents, natural disasters)
Pareto charts (20%-80% rule): graphical tools used to identify and prioritise
the most significant factors contributing to a problem, based on the principle
(assumption) that a small number of causes (20%) often account for the majority
of the effects (80%)
Reliability centred maintenance (control management): a systematic
approach to developing a maintenance strategy focused on ensuring that
systems continue to perform their intended functions by addressing the most
critical failures
Risk indices: numerical measures used to prioritise and compare risks by
assigning scores based on factors like likelihood, severity, and exposure, helping
organisations rank risks and make informed decisions
pros: simplifies complex risks into manageable & comparable scores,
useful for prioritising risks and guiding resource allocation, easy to
understand and apply, great for communication
cons: can oversimplify risks, requires clear criteria for scoring, may not
capture interdependencies or cascading effects between risks

Techniques for selecting between options

Cost/benefit analysis: a decision-making tool used to compare the costs of
implementing a risk control measure against the expected benefits, helping to
determine if the benefits outweigh the costs
pros: provides a clear framework for making economic decisions, helps
justify investments in risk mitigation measures, quantifies benefits & costs
for data-driven decision-making
cons: may oversimplify complex risk factors that are difficult to quantify,
highly dependent on the accuracy of cost and benefit estimates
Decision tree analysis: a visual tool used to map out possible decision paths,
associated risks, and outcomes, helping to evaluate and compare options based
on expected results

Game theory: a mathematical approach used to analyse competitive situations

where the outcomes for each participant depend on the strategies chosen by
others, helping to assess risks and make strategic decisions

Multi-criteria analysis (MCA): a decision-making tool used to evaluate

multiple factors by assigning weights and scores to each criterion, helping to
compare and rank options based on various objectives and priorities

Techniques for recording and reporting

Risk registers: documentation tool providing a structured approach to
managing, communicating, and tracking risks and mitigations throughout a
project or organisation
pros: centralized document for managing and tracking risks, facilitates
proactive risk management by assigning ownership and monitoring,
promotes accountability and communication across teams
cons: can become cumbersome if overloaded with too many details, may
not capture interdependencies between risks, requires ongoing
maintenance

Consequence/likelihood matrix: a graphical tool that helps assess and

prioritise risks by evaluating their likelihood and potential impact
pros: simple, easy to use, and widely understood across industries,
provides a quick overview for decision-makers, useful for comparing
multiple risks side by side
cons: time-consuming
for complex risks

s-curves: graphical tools used in project and risk management to visualise

progress, costs, or performance over time, helping to track and forecast project
performance or identify risks in growth or change