Session 02 Risk Assessment Program for YSP_The Risk Assessment Process

Risk Assessment Program
Trainer: Mr. Muizz Anibire, MSc
Tel: +966501296203, Email: muizzanibire10@gmail.com

The Risk Assessment Process
The ISO 31000 Risk Management
Process

Establishing the context
(5.3)
Risk identification (5.4.2)
Risk analysis (5.4.3)
Risk evaluation (5.4.4)
Risk treatment (5.5)
Communicationandconsultation(5.2)
Monitoringandreview(5.6)
Process (clause 5)
Risk Communication
 Plan-Do-Check-Act Model
 Risk-based Decision Making
 Risk Assessment Triggers
Establishing Context
 Risk Criteria
 Risk Scoring System
 Pareto Analysis
 Risk Assessment Matrix
Risk Identification
 Brainstorming
 Checklists
 DelphiTechnique
 Design Safety Review
 Hazard Identification (HAZID)
 Nominal Group Technique
Risk Analysis
 Bow Tie Analysis
 Event tree
 Fault tree
 Failure Mode and Effects Analysis
(FMEA)
 Hazard and Operability Study
(HAZOP)
 Job Risk Assessment (JRA)
 Layers ofProtection Analysis
(LOPA)
 Preliminary Hazard Analysis
 Striped Bow TieRisk Assessment
 Structured What-if Technique
(SWIFT)
Risk Evaluation
 As Low As Reasonable Practicable
(ALARP)
 Risk Heat Map
 Risk Indices
Risk Treatment
 Business Impact Analysis
 Cost/Benefit Analysis
 Nonfinancial Benefits Analysis
 Hierarchy of Controls
 Multi-Criteria Analysis
Monitoring and Review
 Key Performance Indicators (KPI)
 Key Risk Indicators (KRI)
 Risk Treatment Tracking
 Risk PerformanceMeasurement
 Risk Register
The ISO 31000 Risk Management Process with associated tools

Hazard Analysis & Risk Assessment Process from ANSI/ASSE Z590.3-2011
1) Data gathering –
Injury and protective data
2) Set scope or Limits of Assessment
3) Develop and charter risk reduction team
4) Identify task and hazards
5) Assess risk – Initial risk scoring system
6) Reduce risk – Hazard control hierarchy
7) Assess Risk – residual risk scoring system
Identify current
controls
Test/verify
current controls
Identify new
controls
Residual risk
acceptable?
8) Results/Documentation
Evaluation complete
9) Controls measurement system
Yes
10) New hazard
ID
Reevaluate
tasks and
hazards
No

 The purpose of the risk assessment matrix is to provide “a method to
categorize combinations of probability of occurrence and severity of harm,
thus establishing risk levels.” (ANSI/ASSE Z590.3-2011)
 It is important that the risk rating criteria and matrix used by an organization
are consistent.
 When developing or selecting a risk assessment matrix which expresses
numerical values, rating criteria should be standardized so that a lower risk
score or risk priority number (RPN) value indicates a lower risk level.
 Thus, on a 10 point risk scale, a risk score of 1 is considered the lowest level, while a 10
is considered the highest risk.
Select Risk
Assessment Matrix

Risk Matrix Examples
Select Risk
Assessment Matrix
 Severity of Injury or Illness Consequence 
Likelihood of
Occurrence or
Exposure for
select unit of Time
or Activity
Negligible Marginal Critical Catastrophic
Frequent Medium Serious High High
Probable Medium Serious High High
Occasional Low Medium Serious High
Remote Low Medium Medium Serious
Improbable Low Low Low Medium

Select Risk
Assessment Matrix

Select Risk
Assessment Matrix
Numerical Scoring Risk Matrix (5x5) Example from
ANSI/ASSE Z590.3-2011 (R2016)
Qualitative Risk Matrix (5x4) Example from
MIL-STD 882E
Semi-quantitative Risk Matrix (5x6) Example
from ANSI/ASSE Z690.3-2011
Category Risk Score Action
Very High Risk 15 or greater Operation not permissible. Immediate action necessary.
High Risk 10 to 14 Remedial actions to be given high priority.
Moderate Risk 6 to 9 Remedial action to be taken at appropriate time.
Low Risk 1 to 5 Remedial action discretionary.
Risk Scoring Levels and Action Required example
from ANSI/ASSE Z590.3-2011

Establish Context
1. Define the purpose and scope of the risk assessment.
2. Set the boundaries for the assessment with internal (resources, knowledge,
culture and values among others) and external (legal, regulatory, economy,
perceptions of external stakeholders, etc.) parameters in mind.
3. Should be clear, concise and well understood by all stakeholders.
4. Clearly define and communicate the risk criteria and ‘acceptable risk’ level.

Assemble Team
1. Context of the risk assessment assignment will determine the size and makeup
of the team.
2. Cross-functional group of individuals who are familiar and knowledgeable with
the hazards and operations.
3. May require outside expertise in more complex situations.
4. Good communication and skills are essential.

Identify Hazards
and Risks
 Hazards are the source of risk. Thus, if risks are to be assessed, hazards must
first be identified.
 Risk identification is defined as the process of finding, recognizing and
recording risks
 Key components of risk identification are the identification of the causes and
source of the risk (hazard in the context of physical harm), events, situations or
circumstances which could have a material impact upon objectives and the
nature of that impact. Once identified, existing controls for the risk should also
be identified. (ANSI Z690.3-2011)

Analyze Risks
 Risk analysis involves developing an ‘understanding’ of the risk. (ISO
31010/ANSI Z690.3)
 The analysis of each hazard/risk includes:
 determining the severity of consequences
 estimating the likelihood of occurrence
 assessment of the effectiveness of existing controls
 an estimation of the risk level

Evaluate Risks
 Risk evaluation involves comparing the estimated risk levels with the defined risk
criteria to determine the significance of the level and type of risk.
 It is based on the combination of estimated consequences and likelihood and
uses information from the hazard/risk identification and risk analysis phases to
make recommendations for decision makers.

Treat Risks
 Risks that are judged unacceptable must be ‘treated’ to reduce risk.
 The risk treatment process involves:
 the assessment of a risk treatment;
 determining if residual risk levels are tolerable;
 selecting new risk treatments for those residual risks that are not
acceptable;
 and assessing the effectiveness of any new control measure.
 Risk treatment involves the selection and implementation of one or more risk
control measures or enhancements to existing controls. Treatment options
include:
1. avoiding the risk by deciding not to start or continue with the activity
that gives rise to the risk;
2. removing the risk source;
3. changing the likelihood;
4. changing the consequences;
5. sharing the risk with another party such as insurance contracts and
risk financing; and
6. retaining the risk by informed decision.

Document
 Successful risk assessment processes are dependent on effective communication
among stakeholders prior to, during and after the process.
 Virtually all aspects of the risk assessment process should be documented
 Selecting the risk assessment matrix
 Determining the purpose and scope (context)
 Selecting the team
 Identifying the hazards or operations to be assessed
 Hazard/risk identification
 Risk analysis
 Risk evaluation
 Communication and documentation
 Monitoring and continuous improvement

Monitor and Review
 Hazards and operations continuously change and with these changes come new
and different risks.
 Examples of these might include different equipment, processes, operating
environments, production rates, etc. Each of these changes could have an effect
on the existing controls and their effectiveness.
 Thus, it may be appropriate to update risk assessments to consider these
possible changes.

Session 02 Risk Assessment Program for YSP_The Risk Assessment Process

Session 02 Risk Assessment Program for YSP_The Risk Assessment Process

More Related Content

What's hot

Similar to Session 02 Risk Assessment Program for YSP_The Risk Assessment Process

More from Muizz Anibire

Recently uploaded

Session 02 Risk Assessment Program for YSP_The Risk Assessment Process