Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

The risk management cycle


Published on

  • Be the first to comment

The risk management cycle

  1. 1. The Risk Management Cycle07 November 2012Andrew PilgrimZurich Risk EngineeringGlobal CorporateINTERNAL USE ONLY
  2. 2. If you think safety is expensive – Try having an Accident Dr Trevor Kletz (ICI)INTERNAL USE ONLY 2
  3. 3. Andrew Pilgrim• Graduated from University of Leeds (Master of Engineering)• Hands on experience with major Petrochemical Company in UK – Design, Operations, Product Development, Customer Support, Process Safety. Global Production and Assets Technical Support – Qualified Hazard Study Leader• Insurance Risk Engineer since 2005 and relocated to Bahrain• Joined Zurich March 2011• Fellow of the Institution of Chemical Engineers (FIChemE)INTERNAL USE ONLY 3
  4. 4. Zurich Risk Engineering Services 1,000 Risk Specialists 63,000 Site Assessments 138,000 Risk Assessments 680 International Programmes Local Zurich staff representation Serviced by Cooperative PartnersINTERNAL USE ONLY 4
  5. 5. The Middle East Zurich Risk EngineeringTeam: – Dubai Based • Glenn Doan – Risk Engineering Manager • Santosh Cletus – Risk Engineer - Property – Bahrain Based • Andrew Pilgrim – Senior Risk Engineer Energy and Special Chemical Risks • Dean Pola – Senior Risk Engineer - Construction and PropertyINTERNAL USE ONLY 5
  6. 6. Agenda• Definition of Risk• What I am not going to talk about• A Historical Perspective• Risk Management – Project / Operational• Industry forums in the Middle East• Q&AINTERNAL USE ONLY 6
  7. 7. Definition of Risk• Risk is the possibility of incurring misfortune or loss (Collins English Dictionary).• Risk is the chance, great or small, that damage or an adverse outcome of some sort will occur as a result of a particular hazard (Accounts Commission – Scotland).• Risk is any unintended or unexpected outcome of a decision or course of action (F. Wharton).• Risk is the chance of something happening that will have an impact on objectives (Australian Standard AS/NZS 4360:1999).• Risk is the possibility that an event will occur and adversely affect the achievement of objectives (COSO).• Risk is the impact of uncertainty on objectives (ISO31000)• But it‟s also about the failure to take advantage of opportunities to enable the organisation to best achieve objectives.INTERNAL USE ONLY 7
  8. 8. What I am not going to talk about• Personnel safety – Slips, Trips and Falls – Motor Vehicle Accidents (MVAs) – Cuts and BruisesINTERNAL USE ONLY 8
  9. 9. Personal Safety / Life focussedINTERNAL USE ONLY 9
  10. 10. What we are interested in….Top of the PyramidINTERNAL USE ONLY 10
  11. 11. Historical Perspective - IncidentTimelineINTERNAL USE ONLY 11
  12. 12. A Historical Perspective• Texas City – 2005• Longford Gas plant - 1998• Flixborough - 1974INTERNAL USE ONLY 12
  13. 13. Example 1 - 2005INTERNAL USE ONLY 13
  14. 14. VCE – Texas City• Date 23 March 2005• Plant: Refinery• Material: Naphtha• Human Cost: 15 dead (Initial incident) + 170 injured• Financial Cost: Unknown.• Cause: Plant Design, Poor Operating Practice, Poor Application of MOC, Emergency Response.INTERNAL USE ONLY 14
  15. 15. Example 2 - 1998INTERNAL USE ONLY 15
  16. 16. VCE / Fire – Longford Gas Plant• Date: 25 September 1998• Plant: Gas Plant• Material: Condensate / gas• Human Cost: 2 dead and 8 injured• Financial Cost: USD 590 MM + fines + lawsuit• Third Party: Significant impact on Victoria gas supply, 1.4 million users interrupted• Cause: Poor Safety Management Systems, Poor Operating Practice, Poor Plant KnowledgeINTERNAL USE ONLY 16
  17. 17. Example 3 - 1974INTERNAL USE ONLY 17
  18. 18. VCE / Fire - Flixborough• Date: 01 June 1974• Plant: Petrochemical• Material: Cyclo - Hexane• Human Cost: 28 employees killed, and 36 injured• 53 recorded casualties outside plant, many minor injuries• Financial Cost: Site damage USD250 million at 2009 values• Cause: No Management of Change process, Large inventories of hydrocarbon, No Responsible Engineer “What you don‟t have, can‟t Leak” - Trevor Kletz 1980INTERNAL USE ONLY 18
  19. 19. In theory there is no difference betweentheory and practice. In practice there is.INTERNAL USE ONLY 19
  20. 20. Where does Project Risk Management Start?Feasibility Study 1 FEED 2 3 Contractor Selection 4 Engineering 5 Procurement 5 Construction Venture kick-off 5 6 Commissionin g 7 EPC Contract Operation Commercial operation 0 24 60 months INTERNAL USE ONLY 20
  21. 21. PRM continued• Starts at the beginning of the project – Time Zero – Different technique for assessing the risk – 1 Concept stage Hazard Review – 2 FEED / process definition – 3 Detail engineering design – 4 Construction / design verification – 5 On going Risk Assessments – 6 Pre-commissioning safety review – 7 Post start up review• Different teams involved, different techniques e.g. HACCP, HAZOP, What if, Inherent Safety etc – Depends on the industry / ProductINTERNAL USE ONLY 21
  22. 22. Time Zero – Risk ManagementQuestions to be answered• Where do the risks come from?• How big are they?• What are the major contributors? (Time, Cost etc)• What are the risks sensitive to, and how can they be changed?• What level of risk does the company find intolerable, what is considered trivial?• What is it worth doing to reduce the risk?• Fundamental First stepsINTERNAL USE ONLY 22
  23. 23. Time Zero - Understand the Business?• What is the business?• What is the industry?• What is the strategic plan? – NOW, WHERE, HOW• Who owns the business?• Who runs the business?• How will risk management „fit‟?• What is the Risk Appetite for the company or ProjectINTERNAL USE ONLY 23
  24. 24. Layers of ProtectionUse the opportunity to remove hazards and reduce risk!• Inherent Safety – Removal or reduction of a hazard at source• Prevention Measures – Prevent initiation of a sequence of events• Control Measures – Prevent a hazardous event escalating into a major accident• Limitation Measures – Taken to reduce the consequences of a major incident Control Measures• COSTS LESSINTERNAL USE ONLY 24
  25. 25. Some examples• Inherent Safety• SubstituteINTERNAL USE ONLY 25
  26. 26. Inherent Safety• The best defence against the atom bomb is not to be there when it goes off (British Army Journal)• Or our Process safety approach• If it is not there – it can not leak – For example Volume of LPG 80% Damage Circle (Diameter) 1 70 m 10 150 m 25 204 mINTERNAL USE ONLY 26
  27. 27. Substitute• Alternative Chemical Route – Avoid storage of toxic or flammable materials – E.g. Production of Pesticide via Methyl Iso Cyanate (MIC) at Bhopal – Storage of 180 m3 on site, runaway reaction leads to release – Safer alternative to make in situINTERNAL USE ONLY 27
  28. 28. INTERNAL USE ONLY 28
  29. 29. BUT – not at any price• “Safety, like everything else can be bought at a price. The more we spend on safety the less we have to fight poverty and disease or to spend on those goods and services which make life worth living, for ourselves and others. Whatever money we make available we should spend in such a way that it produces the maximum benefit. There is nothing humanitarian in spending lavishly to reduce a particular hazard which has been brought to our attention and ignoring the others.”• Trevor Kletz, 1986INTERNAL USE ONLY 29
  30. 30. Managing Projects – The Dilbert WayINTERNAL USE ONLY 30
  31. 31. (Operational) Risk Management CycleIs it so different? Implementation Training, Supervision, Selection, Manning Interpretation Measurement Procedures, Methods, Job Audit, Monitoring, Sampling, Description, Responsibility Inspection, Checking, Identification Policy Making Feedback Policy Statements, Analysis, Trends, Evaluation,Corporate Goals, Standards Actions External Influence Laws, Industry Standards, Stake Holder Pressure, Public Concern, Company ImageINTERNAL USE ONLY 31
  32. 32. Risk Management Maxims• “What we learn from history is that people don‟t learn from History” – Warren Buffet• “The first duty of business is to survive and the guiding principle of business economics is not the maximization of profit -it is the avoidance of loss” - Peter Drucker (The Drucker Institute)• The first step in the risk management process is to acknowledge the reality of risk. Denial is a common tactic that substitutes deliberate ignorance for thoughtful planning – Charles Tremper (Centre for Digital Innovation)INTERNAL USE ONLY 32
  33. 33. Insurance Industry NetworksMiddle East focus• Middle East Risk Engineers (MERE) – OGP Focus –• Property and Construction Insurance Risk Engineering Forum – Hermann.frankfurth@axa-gulf.comINTERNAL USE ONLY 33
  34. 34. Summary - Risk Management Process Benefits ? ? × Engineered QUALITATIVE Decisions System ANALYSIS ? ? ? 1. ______ Judgement 2. ______   ? 3. ______ .. HAZID QUANTITATIVE .. ANALYSIS .. ALARP .. FTA ETA Costs Criteria RISK ANALYSIS RISK ASSESSMENT RISK MANAGEMENTINTERNAL USE ONLY 34
  35. 35. It is a Journey – not a destination (Project) Risk Management is an ongoing process!INTERNAL USE ONLY 35
  36. 36. What has not been identified can neither be assessed nor mitigated…?”Thank youZurich Risk Engineeringzurich.comINTERNAL USE ONLY
  37. 37. Back up slidesINTERNAL USE ONLY 37
  38. 38. 10 Important Rules for PRM(In no particular Order)INTERNAL USE ONLY 38
  39. 39. Top Tips1. Plan for risk management in your projects Decide how to approach and plan the risk management activities for your project2. Identify risks throughout the project Determine which risks are likely to affect the project and document the characteristics of eachINTERNAL USE ONLY 39
  40. 40. 3 Analyse the RiskMake use of any available data to enable a thorough understanding of the risk• Understanding the nature of a risk is a precondition for a good response• It is useful to categorise risks to reflect common sources and interdependencies• Questions to ask include: – what is the cause / source of the risk? – What is the background to the risk? – What are the potential effects of this risk? – Has this risk occurred before? Is there any data?• Investigate the current controls of the risk• Obtain as much information on the risk as possible and detail the causes and the possible consequences in order to help with the risk mitigation processINTERNAL USE ONLY 40
  41. 41. Example Risk Categories Risk category Description Risks that relate to the organisation’s logo or image, or which may cause embarrassment to the Reputation organisation and adversely affect ‘Public Confidence’ in the organisation. Risks that relate to the loss or inaccuracy of data, systems, and the timeliness of reported Information information. Financial Risks that relate to losing monetary resources or incurring unacceptable liabilities. People The risks associated with employees and management, e.g. retention/recruitment, turnover. Professional Those risks associated with the particular nature of a profession. The risks related to the regulatory environment such as Financial Regulations, Corporate Regulatory Governance, Health & Safety and legislation. Physical Risks related to fire, security, accident prevention and health & safety. Risks associated with the continuation of the service in the event of disaster, reliance on operationalBusiness Continuity equipment, or loss of funding/contract, poor performance measures. Risks associated with the failure of contractors to deliver services or products to the agreed cost and Contractual specification. Those risks relating to pollution, noise, or the ongoing energy efficiency of ongoing service Environmental operations. Risks associated with partnerships/relationships with other organisations such as other public Partnership authorities or voluntary organisations. Economic Risks associated with the inefficient operation of systems, and the duplication of effort.INTERNAL USE ONLY 41
  42. 42. Top Tips continued4. Consider both threats and opportunities Make some time to think about the upside of risk and any potential opportunities within your project – you could be rewarded!5. Prioritise risks Get an understanding of which risks need immediate attention so that appropriate resources can be allocatedINTERNAL USE ONLY 42
  43. 43. Impact CriteriaThe potential impact is expressed in terms of severity ofthe consequences should a risk occur. Many differentimpact criteria can be used. Project Cost Schedule Service Stakeholders Additional expenditure / More than one year delayed e.g. catastrophic fall in e.g. affects all major Loss of service income service levels, failure of stakeholders with long-term 4 inc. associated costs of major impact on public memory Severe > 10m partnership, complete causing damage to failure in service reputation standards Additional expenditure / 6months – 1 year delay e.g. significant fall in e.g. affects more than one Loss of service income service levels, project group of stakeholders with 3 inc. associated costs of deadlines not widespread medium-term Significant between 5m < 10m achieved, serious impact on reputation disruption in service standards Additional expenditure / 1 - 6 months delays e.g. moderate fall in e.g. affects more than one Loss of service income service levels, major group of stakeholders but 2 inc. associated costs of partnership relationships only short-term impact on Moderate between 2m < 5m strained reputation Additional expenditure / Delayed by less than 1 month e.g. small fall in service e.g. affects only one group Loss of service income levels, some minor quality of stakeholders with 1 inc. associated costs of standards are not met minimum impact on Minor < 2m performanceINTERNAL USE ONLY 43
  44. 44. Likelihood CriteriaThe likelihood of an event can be described as thepotential of a risk occurring Degree of Score Likelihood definition likelihood 4 Very high 75 – 100% chance of occurring – very likely 3 High 50 – 75% chance of occurring - likely 2 Medium 25 – 50% chance of occurring - unlikely 1 Low 0 – 25% chance of occurring – Extremely likelyINTERNAL USE ONLY 44
  45. 45. Top tips continued6. Document risks in a register Maintain a risk log to enable you to capture all the risks as well as view progress.7. Plan and implement risk responses Develop options and determine actions to enhance opportunities and reduce threats to the projects objectives There are a number of options for treating risks: – Risk transfer – Risk retention – Risk control – Organisational changeINTERNAL USE ONLY 45
  46. 46. Top tips continued8. Appoint risk owners Assign a risk owner for each risk - it is important to allocate responsibility9. Monitor and report risks and associated tasks Keep track of the identified risk, monitoring residual risks and identifying new risks, ensure the execution of risk mitigation plansINTERNAL USE ONLY 46
  47. 47. 10 Communicate about risksConsistently include risk communication in the tasks you carry out• Make risk management a part of day to day project activity• Include risk management in: – project policies and procedures – project planning – project meeting agendas – training of staff – personal objectives and appraisals• Talk about risk management successes and challenges in the project and lessons learned from previous projects• All project team members have a responsibility for risk and communication about risk should reach all project team membersINTERNAL USE ONLY 47
  48. 48. Layers of ProtectionINTERNAL USE ONLY 48