ISO 31000 blog series – Risk evaluation

^{Figure 1: LOPA example, click here for full image}

Heavy rain occurs every 2 times we drive a car. As we are not good at defensive driving we fail in doing so during heavy rain every second time (1/2=0.5). This would result in us losing control over the car every 0.5 x 0.5 times which equals 0.25, or every 4 times (the current top event frequency). However, we consider it acceptable only if we lose control every 5 times. Because we don’t meet this condition the criticality for the top event has not been met. If we calculate further and we know that we forget to wear the seatbelt once every 10 times, it would result in a probability of failure on demand of 0.1. If we now multiply the current frequency of the top event (0.25) with the PFD of this specific barrier (0.1) we would get a consequence frequency of 0.025. Or in other words, we would hit the internal of the car every 40 times we drive a car. However, we accept this consequence if it occurs every 0.05 times, in other words, every 20 times (1/0.05 = 20). Thus, because of the current frequency is lower than the acceptable frequency we have met the criticality and accept the risk.

Learn how to do this, while using our lOPA plugin? Hit the button below.

The qualitative approach

Besides the quantitative ways, there are also qualitative ways of assessing the risks. Some of those are ALARP thinking (elaborated on in our guest blog by Risktec) or the use of risk matrices which is most common. Within the bowtie, a set of risk matrices (figure 2) can be assigned to both the hazard (entire bowtie) as well as every consequence (unwanted outcome of the individual scenarios). The risk matrix helps to categorize the outcomes without assigning very specific values. Usually, this is a 4×5, 5×5 or 6×5 matrix with a severity and a frequency axis. Assessing both individually for the entire hazard or individual scenario would result in a specific risk matrix value.

^{Figure 2: Risk matrix, click here for full image}

Those values can be divided over different categories, for example, impact on people, assets, environment and reputation. Hitting the internal of the car might have a less acceptable matrix value in regards to people than it has in regards to reputation or environment (figure 3).

^{Figure 3: Impact displayed on a consequence of a bowtie}

Using the same approach the risk matrix can also be used to assess the inherent risk (situation without implemented controls or barriers) and residual risk (situation after barriers or controls are implemented). This is displayed in figure 4. The difference between both indicates that effect of the controls or measures in place.

^{Figure 4: The inherent risk is D3 which equals likely resulting in major injury. But the residual risk is assessed at B1 which equals unlikely and only resulting in slight injury. The risk therefore is significantly decreased by the implemented barriers.}

The use of risk matrices can be customized to any organization and can also be very thought out. Our partner Emily Harbottle wrote a great guest blog a while ago explaining this in the finest detail.

What do you do when your risk is not ALARP? You’ll find that out in one of our next method blogs about risk treatment. But first, we dive into the software in the risk evaluation phase. Stay tuned for the next part of this blog series, risk evaluation with BowTieXP.