Asset Management - does a safety incident fit into your asset risk management system?
1. UMS Group | Europe region
London, March 2015
Jan Schipper
Does a safety incident fit into your Asset
Risk Management system?
2. Founded in 1989, UMS Group is an International Management Consulting
firm specializing in solutions for the Global Energy and Utility Industries
UMS Group | Line of sigth in risk management
3. Suppose this incident would happen and you start wondering, what if
somebody happened to walk here!
It could be that this incident will be registered as a near accident in your safety management
system and then what would happen…
4. The near incident would be evaluated within the Safety Management
System and might be seen as a high risk, so …
… the Safety Manager would start discussing with the Asset Manager to create budget room to
fund mitigating actions!
Safety Risk Matrix
5. But what if the Asset Manager has a budget constraint and has to deal
with many other competing risks!!
Business Risks > Safety Risks
… it could easily escalate to a board issue, how much value has a mans life!
6. However at board level you would never get a straight answer on the
question how much a persons life is worth..
Incident
Portfolio of Projects
Asset Operations
Asset Management
Corporate Centre
Asset Policy
&
Strategies
.. the best answer you would get is that all efforts need to be done in terms of Policy and
Strategies to prevent deadly incidents from happening!! So,…
Safety Risks
Enterprise Risks
Escalation!
7. There is a fundamental difference between Risks related to the
Ownership of Assets and Risks in activities related to the Assets
“line of sight”
Risk Policy &
Strategy
Portfolio Projects
Asset Management:
Management of all risks
directly related to owning
and managing an asset
base
Project management:
Management of Projects
Risk
Interpretation of risks within ISO55000
Issues
.. Risks directly related to the Assets exist over the complete Asset Life Time, while Project
Risks disappear at the end of a Project.
8. All major threats (Risks) need to be identified, then mitigated (Policy and
Strategies) resulting in a Portfolio of projects.
Risks
Policy&
Strategies
Portfolio
.. The Portfolio needs to be connected to the Risks. In case of constraints (e.g. budget) you
need to know the consequence of the constraint in terms of Risk Exposure…
Risk analysis
9. The near safety incident would be an “early warning” of a unwanted Risk
(orange) and controled mitigation should reduce the Risk level!
Risks
Policy &
Strategies
Portfolio
A guiding Risk Matrix including Risk tolerance principals guide proper actions!
Not acceptable action now
Not acceptable plan action
Unwanted, controled mitigation
Unwanted, action ALARA
Acceptable, observe
10. In Portfolio Management the blend of all mitigating defence actions come
together. Advanced decision support is needed to be able to optimize
within given constraints..
Risks
Policy &
Strategies
Portfolio
In case Projects are deferred, the impact on the Risk Exposure should be reported!
11. To ensure that the Risk Management system functions well, it needs to be
connected with the different Asset Operations systems..
Risks Portfolio
MC PS
Policy &
Strategies
incidents
Early Warnings
License to OperateAsset Management
Corporate Centre
Asset Operations C = Compliancy
M = Maintenance Management
S = Safety, Health, Environment
P = Project
To complete the Risk Management system it needs to be connected with the Enterprise Risk
Management system by building a filter function!
12. The Safety incident as mentioned in the beginning, just flows through the
system. It will not be an escalation point to the Board with….
Risks Portfolio
MC PS
Policy &
Strategies
incidents
Early Warnings
License to OperateAsset Management
Corporate Centre
Asset Operations C = Compliancy
M = Maintenance Management
S = Safety, Health, Environment
P = Project
Still be interesting to see what defence mechanism are most effective…
13. To be able to manage the competing Projects in the Portfolio, a guiding
Business Value Framework and advanced tools are needed
The Safety incident fits into the Risk Management system, however is not a board issue topic !
14. So how much value does a persons life have?
It is the wrong question!
The effectivity of the solutions in your portfolio can be evaluated!
X
RiskValue
Portfolio of projects
Risks
15. But you should question whether changing the risk
tolerance for high impact low frequency, is acceptable!
Because this is what happens whitout structured Risk Management!
Suppose there would be an incident like this one. Imagine that someone would have walked at the pavement and would have been injured or even worse he died! Good thing is that that didn’t occur, but in many companies you would see that an incident like this would be registered as a near safety incident. It would be entered in the safety incident register and with the safety management process this incident would be reviewed to see whether this is a risk or not and whether actions are needed.
It migth just be that the incident would be evaluated with the safety risk matrix and it could just be that this would be seen as a high risk! Then what…. Normal procedure would be to look for proper mitigation actions. This could be an adjustment in procedures, but it also could be that additional research is needed because the incident migth be related to aging assets or asset where there is a lack of maintenance discipline or else. The safety manager would go to the asset manager and discuss and request funding in case he doesn’t have an own budget. And the latter is quite common.
But would it be acceptable when the Asset Manager would respond that this risk is competing with other risks for the limited funds and so this risk has to be accepted since other competing risks are higher in priority? In other words you could ask the question how much value does the risk of a mans life have? This is not a theorethetical case, it happens all the time at utilities especially in regulated business with tight budget and other constraints.
When the Safety Manager and the Asset Manager would not come to a consensus, the chance is there that the Safety manager will directly escalate to the board. The board will take this seriously since this is sensitive. It might be an issue that could damage reputation and so the licence to operate. They will probably respond in terms like “we don’t want any casualities in our business and policies and strategies should be in place to minimize the risk. This would not be an answer that would be very helpful in solving the conflict between the Asset Manager and the Safety Manager.
There are some interesting questions to be asked first. E.g. is this operational incident something that should end in the enterprise risk register? And should the board worry about these operational issues? When an icident like this happens does that necessarily mean that the Asset Policy and Strategies are wrong? How to deal with competing risks when budgets are constraint?
Moreover interesting to see is that at least at three area’s in the organisation people worry about risks, however they don’t seem to be aligned. Or is something missing in the Risk Management System? Let us go back to the basics.
The ISO55000 gives a good reference to learn about the basics of Risk Management. It starts describing that Risks should be derived from stakeholder needs. Indicating that Risks are something else then asset failures! What the ISO55000 does not articulate though, but what is relevant in this case is the fundamental difference between an asset risk and a project risk. Asset Risks are those threats that could happen due to the fact that the asset exists, often in a public environment. That is why these Risks often are strongly related to Safety. The character of these Asset Risks is that they are there from the creation of the Asset till the Asset reaches end of life. The fundamental difference with a project Risk is that these are related to the activities related to a project. These disappear at the end of the project!.
So the Asset Manager needs to understand all inherent Risks related to the Asset base that he is managing. He needs to build a management system around it to control these Risks over the complete Asset life cycle. But how do you find these risks and how do you controle them?
What first needs to be done is understanding and capturing all Risks. This can be done by capturing all major threats that you don’t want to happen. When you have captured all of these, they can be weighted with the risk matrix. Now all business related threats are captured in a asset risk register. Then all defence mechanism that are already in place need to be captured. Defence mechanism are design philosophy, stadarization of materials, mainteance strategies, replacement strategies etc. Further all recovery plans need to be captured in case the unwanted threat still would happen despite all defence mechanisms. These recovery plans would be: insurance plan, communication plans, emergency plans, corrective maintenance, fire and safety practices etc.
A very good method to capture all the preventing defence mechanism and recovery plans is the BowTie analysis. When the asset life cycle steps are aligned with the defence mechanisms in the BowTie analysis it becomes a very strong risk analysis instrument within the risk management system. After capturing all mitigating plans the actual risk positions need to be updated and evaluated whether these are within acceptable limits. In case no additional defence strategies need to be developed (e.g workinstructions), the sum of all defence mechanism result in asset plan and project in your portfolio.
What happens when you have a constraint!
Constraints will only have an impact on the amount of projects that can be executed! Meaning that it doesn’t impact the evaluation of a threat in terms of the height of the risk. That is not negotiable! What is really important to have as a company is a business value framework that is derived from stakeholder analysis. The end result should be a risk matrix and guiding risk tolerance principals. The principals should be traeted as an internal law. No negotiation possible. It guides the mitigatin actions to be taken.
In this the incident mentioned was evaluated as a high (orange) risk. In the risk tolerance in the business value framework an orange risk means that we have to deal with an unwanted potential threat. Controled action should be taken to mitigate the risk back to acceptable level. Controlled action means that new or additional mitigating strategies need to be developed or improved recovery instructions need to be added to the already existing mitigation strategies till the risk is at an acceptable level.
So in the risk evaluation no discussion should be possible whether a risk is acceptable or not! The risk tolerance as defined should guide where to go. However in the portfolio there is room for decision making. Well that depends of course. The projects in the portfolio will be filled partly with projects that have been labelled mandatory since they are related to unacceptable risks so direct action is needed.
However there are also categories of projects that have been the result of the development of asset strategies to manage the risks down in a controlled way. Here we know that defering projects would mean a risk position would be longer above the wanted risk tolerance level however room is available for decision making although it will have additional risk exposure! And there are projects that are important but don’t have a direct impact on the overall risk position. Here we also have room for decision making.
Besides the relation to the risk position, projects can also be related to each other. There are clusters of projects that belong to one risk, there are projects that have a logical order, so first P1 needs to be done before P2 or there are projects where you choose between two projects. So if P2 than not P1. To be able to select the optimal portfolio, more advanced decision making tools are needed. The two most extreme scenarios are: maximizing the value and minimizing the risk exposure. All other scenarios will be positioned in between.
This shows that in a company that has to deal with constraints that are multiple and complex, a need will be developed to build a advanced skill in portfolio optimisation methods and technologies.
The question will be raised how you can be sure that you have captured all risks and how sure you are that the captured risks have been evaluated correctly? Last but not least, how do you know that all the defence mechanism work as they are supposed to work? These are all very valid questions?
By having established this line of sight between business risks, Asset Policy and Strategy and Portfolio it doesn’t mean that the system is complete. After the portfolio is optimized, it results in a workflow of projects. All these projects contribute as part of the defence mechanism against potential Risks. In the Asset operation there will be several subsystems of which the most relevant systems are the manintenance management system, the Health , Safety and Environment system and the Projects system. In these subsystems all activities that are done are evaluated. These systems at operational level have their own plan to check act loops. What needs to be done to complete the Risk Management system is that the underlying operational management systems are connected to the Asset Risk Management. This connection should be a connection that detects early warnings. And with this early warning it should escalate signals that indicate a disfunctioning of a risk defence mechanism or it should give a early warning escalation of a potential threat that has not been captured yet in the system.
As an example. Many companies have maintenance management systems in place. In these systems they have implemented a process where a group of responsible operational staff evaluates the results of maintenance inspections and failures. Normally this leads to several improvement actions. However there will always be this handful of issues that keep on coming back or there will be a few difficult issues that stay for a long time on the action list because nobody’s really understands them. These incidents should be escalated to the Asset risk register. Why? Because it might be that the defence mechanism in which they try to solve it is the wrong defence e.g. more maintenance will not solve the issue, it is a wrong choice of material so the material standard should be changed. Or it is an indication of a potential threat that was not discovered yet. A new risk needs to be added to the Risk register and it should be evaluated whether the active defence mechanism are sufficient or maybe new need to be developed.
As a last step to complete the risk management system a connection can be made from the Asset Risk Register to the Corporate Risk register. This can be done by creating a filter. Only those risks in the Asset Risk Register that are not acceptable and that cannot be mitigated with the normal defence mechanism will be filterred out and reported to corporate level. These are the risks that are a threath for the licence to operate. The company needs proper insurrances and probably emergence plans and parctices. Since these cannot be solved in the “business as usual”they need to be captured as a corpoarte risk. All the others are at board level seen as technical probelems and the asset manager is paid to solve these!
To come back on the safety incident registrated in the HSE register. It would be evaluated as a potential early warning. From the HSE system it would be escalated to the Asset Risk register. Within Asset Management it would be checked. Is it a known threat? What mechanism are already in place. Are these effective or do we need to find additional strategies? In case yes, then it would result in an improvement project in the portfolio. In the quarterly update of the portfolio this initiative would be funded or not yet, depending on the mix of other projects that need funding. In the meantime in the HSE the number of near incidents is still monitored and warnings would be given in case a trend of more near incidents would be visible.
Now it is clear how such a safety incident would fit into the risk management system it also is clear that an safety incident like this would not become a board issue topic. The direction how to deal with potential threat is given. It could lead to a project in the overall project portfolio. In case of constraints the projects in the portfolio could become competing projects to each other. What then needs to be solved are the guiding principals for decision making and advanced tools to calculate through what the best possible scenarios are.
So would the safety incident lead to a project? Maybe, but it might also be that all defence mechanism in place are already sufficient. Would it be possible that an project resulting from the adjustement of the strategy will compete with other solutions for funding or resources. Yes it is possible. Are you comparing a casuality leading to death with a technical problem. No surely not. It is comparing apples to peers when comparing a deadly incident with the value of a technical project. However it is possible to compare added value or risk of deferal of 1 project compared to another project!
Summarry:
So how much value does a mans life have? This is the wrong question. You cannot compare apples with peers.
An incident is not the same as a Risk (potential threat)
An incident could be an early warning of a Risk
Potential Risk of your Assets need to be captured in an Risk Register
Asset Policy and Strategies have the function to mitigate these Asset Risks
Asset Risk don’t vaporize over time they stay till end of life cycle
You cannot compare risks with mitigating actions in your portfolio!
You can compare mitigation actions with other mitigating actions.
When constrains are tight these mitigating actions might be competing for scarce funds
What can be evaluated is the effectivity of all mitigating solutions in your portfolio.
Compare peers with peers!