Undesirable event with potential for harm or damage Justification of risk-taking reasoning, reasonableness practicability Des Hartford: Scientific Advisor; Safety & Risk Assessment
Undesirable event with potential for harm or damage
Justification of risk-taking
reasoning, reasonableness practicability
Des Hartford: Scientific Advisor; Safety & Risk Assessment
Safety, Health and EnvironmentProtecting People, Property and the Environment for Generations
2
Catastrophic loss societal risk - dams
Safety, Health and EnvironmentProtecting People, Property and the Environment for Generations
3
Technocratic view of “safe”
H hw
G
UF
P
B
hs
Zsliding < 0 (F-P < 0)P = ½ wg(hw)2
F = (G-U)tan
b
G = cg(bH + ½(B-b)hs) U = ½ wghwB
Cumulative Frequency - Consequences (F-N)
1.E-07
1.E-06
1.E-05
1.E-04
1.E-03
1 10 100 1000
Unsafe
Safe
Fault tree analysis Event tree analysis
Failu
re M
odes
Safety, Health and EnvironmentProtecting People, Property and the Environment for Generations
4
Some government’s view of safety
Netherlands (Installations)
Freq
uenc
y of
N o
r mor
e fa
talit
ies
UK (Transport - scrutiny)
Hong Kong (Unacceptable)
Hong Kong (Acceptable)
Netherlands
(transport)
UK (Transport -
negligible)
Apparently very similarActually very different
Safety, Health and EnvironmentProtecting People, Property and the Environment for Generations
5
Similar but starkly different frameworksNetherlandsThe (marginal) costs of safety improvements should balance the benefits in terms of lives and property saved
“ALARA” is a token statement
United KingdomThe (marginal) costs of safety improvements should grossly outweigh the benefits in terms of lives and property saved
“ALARP” is a requirement
Safety, Health and EnvironmentProtecting People, Property and the Environment for Generations
6
Implications… (Ale, 2005)
• Common law system, > what is not explicitly allowed is forbidden, unless it can be justified,
where necessary in court; • Roman/Napoleonic system,
> everything that is not explicitly forbidden is allowed. • Leads to completely different interpretations of the
meaning of “As Low As Reasonably Practicable” under the different legal systems. > These differences of legal definition mean that “seemingly different”
or “seemingly similar” measures or metrics can lead to completely different conclusions
Safety, Health and EnvironmentProtecting People, Property and the Environment for Generations
7
Acceptable or tolerable
• Roman/Napoleonic system, > notion of tolerability of risk does not really apply
• the legally enshrined “decision rule” constitutes the political acceptability of the risk.
– Courts invariably state that, should the government want more safety, it should put stricter levels in the law”
» except when politics overrides the rule”
• Common law system> risks are only tolerable if there are no reasonable opportunities to
implement further risk reduction measures.• in the United Kingdom there is no way of being sure in advance if the
ALARP demonstration is sustainable in court
Safety, Health and EnvironmentProtecting People, Property and the Environment for Generations
8
Politics of risk acceptance criteria
Safety, Health and EnvironmentProtecting People, Property and the Environment for Generations
9
Societal risk regulation – common law
• “Risk-regulation is about making trade-offs. > Trade-offs between different risks;
• between risks to some individuals or groups, and risks to others; • between costs and benefits.
> It is the nature of risk that, frequently, those who create the risk do not bear its consequences nor its wider costs.
• So the market does not function properly as a distributive mechanism. The State must intervene to regulate risk.”
– UK Health and Safety Executive (Bacon, 1997)
Safety, Health and EnvironmentProtecting People, Property and the Environment for Generations
10
The State's regulator has to• confront some basic issues:
> the need for economic, social and technological progress compared with "zero risk" or “guaranteed safety".
• assert the propositions that > risk is a necessary part of the human condition; > progress often depends both on incurring risk and on learning from
failures (that is, accidents); > risks must be controlled but cannot in most circumstances be
eliminated;> control of risks must move public opinion from focussing on what is
acceptable to what is tolerable; • that 'safe enough' is the goal to be striven for in design, engineering and
risk management”
Safety, Health and EnvironmentProtecting People, Property and the Environment for Generations
11
Setting the decision context (UKOOA)
Codes &
standard
s
Good practice
Engineering judgment
Risk-based analysis
(e.g. QRA, CBA)
Company values
Societal
values
Codes & standards
Verification
Peer Review
Benchmarking
Internal Stakeholder ConsultationExternal Stakeholder Consultation
Means of Calibration Decision Context Type
Nothing new or unusualWell understood risksEstablished practiceNo major stakeholder implications
Lifecycle implicationsSome risk trade-offs/transfersSome uncertainty or deviation from standard or best practiceSignificant economic implications
Very novel or challengingStrong stakeholder views & perceptionsSignificant risk trade-offs or risk transferLarge uncertaintiesPerceived lowering of safety standards
Significance to Decision-making Process
Dams!
Safety, Health and EnvironmentProtecting People, Property and the Environment for Generations
12
Quantified risk context
1.e-9
1.e-5
1.e-3
1.e-2
1.e-6
1.e-7
1.e-8
1.e-4
1 10 100 10000.1Consequences
Risks that one cannot afford to take too often
Risks that one cannot afford to
take at all
Limit of tolerability
Risk profile
10E5 10E6 10E7 10E8 10E9 10E10
Monetary Units (e.g. US$)
10E11
Risk carried by the owner
Limit of global insurance market
Risk carried by 'insurance'
Risk increasingly carried and managed by
'Society
Risk carried and managed by 'Society'
Envelope of applicability of business risk concepts
BUSINESS RISK
SOCIETAL RISK
Safety, Health and EnvironmentProtecting People, Property and the Environment for Generations
13
Risk analysis …. the unifying link
EVENTS, CIRCUMSTANCES AND SCENARIOS
Accident/Incident
Harm to people and damage to assets and/or environment
Fault tree analysis Event tree analysis
Failu
re M
odes
Safety, Health and EnvironmentProtecting People, Property and the Environment for Generations
14
Engineered safeguards
Undesirable event with the potential for
harm or damage
Harm to people and damage to assets and/or environment
EVENTS, CIRCUMSTANCES AND SCENARIOS
Safety, Health and EnvironmentProtecting People, Property and the Environment for Generations
15
Maintenance safeguards
Safety, Health and EnvironmentProtecting People, Property and the Environment for Generations
16
Operational safeguards
Undesirable event with the potential for
harm or damage
Harm to people and damage to assets and/or environment
EVENTS, CIRCUMSTANCES AND SCENARIOS
Safety, Health and EnvironmentProtecting People, Property and the Environment for Generations
17
Defence in depth & strategic risk
Political, Regulatory and Owner hazards and failure modes!
Undesirable event with the potential for
harm or damage
Harm to people and damage to assets and/or environment
EVENTS, CIRCUMSTANCES AND SCENARIOS
CO
NSE
QU
ENC
ES
HA
ZAR
DS
Failu
re M
odes
Barriers
Safety, Health and EnvironmentProtecting People, Property and the Environment for Generations
18
Risk informed decisions Harm to people and damage to assets and/or environment
EVENTS, CIRCUMSTANCES AND SCENARIOS
CO
NSE
QU
ENC
ES
HA
ZAR
DS
Failu
re
Mod
es
BARRIERS
Undesirable events with the potential for
harm or damage
freq
uenc
y /y
r
1.e-9
1.e-5
1.e-3
1.e-2
1.e-6
1.e-7
1.e-8
1.e-4
1 10 100 10000.1Consequences
Limit of tolerability
Risk profile
Cost 1 Cost 2