SMRK5103 Risk Management Full Version Study Guide

STUDY GUIDE SMRK5103 Risk Management

1

CENTRE FOR GRADUATE STUDIES

STUDY GUIDE

SMRK5103 Risk Management Writer: Dr Mohd Rafee Baharudin Open University Malaysia Developed by: Centre for Instructional Design and Technology Open University Malaysia

First Edition, August 2012 Copyright © Open University Malaysia (OUM), August 2012, SMRK5103 All rights reserved. No part of this work may be reproduced in any form or by any means without the written permission of the President, Open University Malaysia.


2


3

Contents Course Introduction ....................................................................................... 5 Course Synopsis .................................................................................. 5 Course Aims ......................................................................................... 5 Course Outcomes ................................................................................ 6 Course Load ......................................................................................... 6 Course Resources and Requirements ......................................................... 8 Set Textbook(s) .................................................................................... 8 Essential References ........................................................................... 8 Additional Recommended Readings .................................................... 9 My Virtual Learning Environment (myVLE) .......................................... 9 OUM Digital Library Resources ............................................................ 9 Assessment .................................................................................................. 10 Assessment Format ........................................................................... 10 Late Submission of Assignment(s) ..................................................... 10 Topics ........................................................................................................... 11 Topic 1 Introduction to Risk Management ....................................... 11 Topic 2 Risk Strategy ...................................................................... 14 Topic 3 Risk Assessment ................................................................ 17 Topic 4 Risk and Organisations ...................................................... 20 Topic 5 Risk Response ................................................................... 23 Topic 6 Risk Assurance and Reporting ........................................... 26 Topic 7 The Cost of Human Error ................................................... 29 Assessment Guide ....................................................................................... 31 Assignment .............................................................................................. 31 Do Not Plagiarise ..................................................................................... 32 Avoid Plagiarism ...................................................................................... 32 Documenting Sources .............................................................................. 33 Referencing .............................................................................................. 33 Appendix A ................................................................................................... 35 Sample Assignment ................................................................................ 35 Appendix B ................................................................................................... 36 Learning Support ..................................................................................... 36 Appendix C ................................................................................................... 37 Study Paths for Success in the Course ............................................... 37


4


5

COURSE INTRODUCTION

Study Guide

The course SMRK5103 Risk Management is one of the required courses for the OUM Master of OSH Risk Management (MOSHRM) programme. The course assumes some prior knowledge and experience of face-to-face teaching in a classroom and of curricular aspects of courses you have taught. For this reason, you are encouraged to read widely and to tap into your work experience to get the most out of the course.

Course Synopsis

The course introduces the subject of risk assessment and control with a comprehensive perspective on risk concepts, tools and techniques. It demonstrates critical understanding of the principles and practices of risk assessment and control.

Course Aims

The course aims to equip students with advanced knowledge and skills in assessing and managing the risks involved in an industry towards creating a specialised workforce.

Course Outcomes

By the end of this course, you should be able to:

1. Describe the concept of risk management;

2. Discuss the steps involved in conducting risk assessment;

3. Critically assess risk using different types of tools in evaluating risks; and

4. Conduct risk assessment and control in various industries.


6

Course Load

It is a standard OUM practice that learners accumulate 40 study hours for every credit hour. As such, for a three-credit hour course, you are expected to spend at least 120 hours of learning. Table 1 gives an estimation of how the 120 hours can be accumulated.

Table 1: Allocation of Study Hours

Activities No of Hours

Reading the course guide and completing the exercises 60

Attending 5 seminar sessions (3 hours for each session) 15

Engage in online discussion 10

Completing assignment 20

Revision 15

Total 120

It is important to know that this STUDY GUIDE is organised around a number of TOPICS, LEARNING OUTCOMES, FOCUS AREAS and ASSIGNED READINGS. This is illustrated in the figure below.

TOPICS

LEARNING OUTCOMES

FOCUS AREAS

ASSIGNED READINGS

STUDY GUIDE

Figure 1: Organisation of the Study Guide

To achieve the learning outcomes for the course, five TOPICS are included in the Study Guide. Each of these topics is to be covered in depth, based on readings from the assigned textbook and supplementary materials for the course. You are expected to spend about 12 hours of learning time on each topic. Ideally, a topic should be covered during each seminar.


7

Secondly, each topic comprises a number of LEARNING OUTCOMES, FOCUS AREAS and ASSIGNED READINGS. Each topic is guided by topic-related learning outcomes which essentially tell you what ought to be achieved at the end of a topic. The focus areas demonstrate sub-topics that are to be learnt, understood, applied and evaluated through deliberation. In addition, these focus areas will be covered in the assignment and the examination for the course. Finally, assigned readings cover the core content for each topic. You will have to read all of what is assigned. An important point to be raised here is that while the selected topics for the course SMRK5103 cover a substantial amount of information, your readings and deliberations should not be limited to these topics or to the assigned readings. The assigned readings and the focus areas merely tell you about core content, representing the minimum amount of information to cover. As in all graduate courses, a wide selection of readings is recommended for full understanding of the area, which in this case, includes models and strategies of instruction used by teachers all over the world. It would be worth your while to read the recommended texts and to search OUM’s digital library for other books and articles related to the course. The pages that follow outline a list of topics and related learning outcomes, focus areas as well as assigned readings for the course. Throughout the duration of the course, your course facilitator will use these topics as a guide for all face-to-face interaction, class participation and group or online discussion. At the end of the course, your knowledge and comprehension of the areas under these topics will be assessed.


8

COURSE RESOURCES AND REQUIREMENTS

Set Textbook(s)

Hopkin, P. (2010). Fundamentals of risk management: Understanding, evaluating and implementing effective risk management. United States: Kogan Page Limited.

Essential References

Bartlett, J. (2004). Project risk analysis and management guide. United Kingdom: APM Publishing.

British Standard Institute. (2008). BS31100:2008, Principle of risk management. United Kingdom: British Standard Institute (BSI).

DOSH. (2008). Guidelines for hazard identification, risk assessment and risk control (HIRARC). Retrieved from http://www.dosh.gov.my/doshv2/ phocadownload/guidelines/ve_gl_hirarc.pdf

Goetsch. (2011). Occupational Safety and Health for Technologies, Engineers and Managers (7th ed.). Pearson. Pg. 3 – 9.

HM Treasury. (2004). The orange book: Management of risk – principles and concepts. Retrieved from http://www.hmtreasury.gov.uk/d/orange_ book.pdf

International Standard IES/FDIS 21010. (2009). Risk management – Risk assessment techniques. Retrieved from www.iso.org

IRM. (2002). A risk management standard. Retrieved from http://www.theirm. org/publications/documents/Risk_Management_Standard_030820.pdf

ISO. (2009). ISO 31000: 2009 Risk management – principles and guidelines. Retrieved from http://www.iso.org/iso/catalogue_detail?csnumber= 43170

The Institute of Internal Auditors. (2004). The role of internal auditing in enterprise – wide risk management. Retrieved from www.theiia.org.

Vance, B., & Makomaski, J. (2007). Enterprise risk management for dummies. New Jersey: Wiley Publishing.


9

Additional Recommended Readings

Association of Insurance and Risk Managers. (2006). Insurance buyers guide. Retrieved from www.airmic.com

COSO. (2004). Enterprise risk management – integrated framework: Executive summary. Retrieved from www.coso.org

Ericson, C. A. (2005). Hazard analysis techniques for system safety (2nd ed.). Wiley-Interscience.

Health and Safety Executive. (2005). A review of safety culture and safety climate literature for the development of the safety culture: Inspection toolkit research report 367. Retrieved from http://www.hse.gov. uk/research/rrpdf/rr367.pdf

Occupational Safety and Health Master Plan for Malaysia 2015 by Ministry of Human Resources Malaysia.

United States Government. (2004). Every business should have a plan. Retrieved from www.ready.gov

My Virtual Learning Environment (myVLE)

Online Discussion

Learners are required to participate in online discussions.

Assignment

Learners are required to surf the Internet, visit OUM digital library resources, and read the recommended textbooks and journals to complete the assignments.

OUM Digital Library Resources

For the purpose of referencing materials and doing library-based research, OUM has a comprehensive digital library. For this course, you may use the following databases: ProQuest, CINAHL Plus, Springer Link and InfoSci Books. From time to time, materials from these databases will be assigned for additional reading and activities.


10

ASSESSMENT

Assessment Format

Refer to myVLE.

Late Submission of Assignment(s)

Failure to submit an assignment by the due date without the granting of an official extension of time by your course tutor will incur a penalty.


11

Topics

Topic 1: Introduction to Risk Management Learning Outcomes

By the end of this topic, you should be able to:

1. Describe a range of definitions of risk and risk management, and the usefulness of the various definitions;

2. List the characteristics of a risk that need to be identified in order to provide a full risk description;

3. Describe options for classifying risks according to the nature, source and timescale impact;

4. Outline the options for the attachment of risks to various attributes of an organisation and the advantages of each approach;

5. Use a risk matrix to represent the likely impact of risk materialising in terms of likelihood and magnitude;

6. Outline the principles (PACED) and aims of risk management and its importance to operations, projects and strategy;

7. Describe the nature of hazard, control and opportunity risks and how organisations should respond to each type;

8. Outline the development of the discipline of risk management, including the various specialist areas and approaches;

9. Describe the key benefits of risk management in terms of compliance, assurance, decisions and efficiency/efficacy (CADE3);

10. Describe the key stages in the risk management process and the main components of a risk management framework; and

11. Describe the key features of the best-established risk management standards and frameworks.


12

Focus Areas Assigned Readings

1.1 Approaches to Defining Risk

1.2 Impact of Risk Organisations

1.3 Types of Risks 1.4 Development of Risk

Management

Hopkin, P. (2010). Fundamentals of risk management: Understanding, evaluating and implementing effective risk management. United States: Kogan Page Limited. Chapter 1 – Approaches to Defining Risk

Definitions of risk. Types of risks. Risk description. Inherent level of risk. Risk classification systems. Risk likelihood and magnitude.

Chapter 2 – Impact of Risk on Organisations Risk importance. Impact of hazard risks. Attachment of risks. Risk and reward. Risk and uncertainty. Attitude to risk.

Chapter 3 – Types of Risks

Timescale of risk impact. Hazard, control and opportunity risks. Hazard tolerance. Management of hazard risks. Uncertainty acceptance. Opportunity investment.

Chapter 4 – Development of Risk Management

Origins of risk management. Insurance origins of risk management. Specialist areas of risk management. Enterprise risk management. Levels of risk management

sophistication. Risk maturity models.


13

1.5 Principles and Aims of

Risk Management

1.6 Risk Management Standards

Chapter 5 – Principles and Aims of Risk Management

Principles of risk management. Importance of risk management. Risk management activities. Efficient, effective and efficacious. Perspective of risk management. Implementing risk management.

Chapter 6 – Risk Management Standards

Scopes of risk management standards. Risk management process. Risk management framework. COSO ERM cube. Features of risk management standards. Control environment approach.

Guidelines for Hazard Identification, Risk Assessment and Risk Control (HIRARC) by DOSH Malaysia, Ministry of Human Resources Malaysia 2008. Pg. 5 – 16. Risk Management Concept in Malaysia

Basic Concepts Planning and Conducting of HIRARC Control

Study Questions

1. Discuss the PACED concept.

2. Discuss the options of classifying risks according to the nature, source and timescale impact.

3. Discuss the nature of hazard, control and opportunity risks and how organisations should respond to each type.


14

Topic 2: Risk Strategy

Learning Outcomes


1. Describe the main parts of risk management policy and the importance of each part;

2. Explain the key components of the risk architecture, strategy and protocols (RASP) for an organisation and how these fit together;

3. Describe the range of risk documentation and records that could be required and the function of each different type;

4. Describe the nature, content and use of a risk register, citing examples;

5. Outline the key roles and responsibilities of risk management in relation to job roles and key departments, including the role of CRO;

6. Describe suitable risk architecture for a range of organisations, including the importance of risk committees and risk communication;

7. Describe the key features of a risk-aware culture (LILAC) and how the key components can be measured;

8. Describe the components of evaluating risk maturity of an organisation (4Ns) and the benefits associated with greater risk maturity; and

9. Outline the importance of risk training and risk communication, including the use of a risk management information system (RMIS).


2.1 Risk Management Policy

Hopkin, P. (2010). Fundamentals of risk management: Understanding, evaluating and implementing effective risk management. United States: Kogan Page Limited. Chapter 7 – Risk Management Policy

Risk architecture, strategy and protocols.

Risk management policy. Risk management

architecture. Risk management strategy.


15

2.2 Risk Management Documentation

2.3 Risk Management Responsibilities

2.4 Risk Architecture and Structure

Risk management protocols. Risk management

guidelines.

Chapter 8 – Risk Management Documentation

Record of risk management activities.

Risk response and improvement plans.

Event reports and recommendations.

Risk performance and certification reports.

Designing a risk register. Using a risk register.

Documenting HIRARC

Responsibility and Accountability Documenting Process

Guidelines for Hazard Identification, Risk Assessment and Risk Control (HIRARC) by DOSH Malaysia, Ministry of Human Resources Malaysia 2008.

Pg. 16 – 17. Chapter 9 – Risk Management Responsibilities

Allocation of responsibilities. Risk management and

internal audit. Range of responsibilities. Statutory responsibilities of

management. Role of risk manager. Chief Risk Officer (CRO).

Chapter 10 – Risk Architecture and Structure Risk architecture. Corporate structure. Risk committees.


16

2.5 Risk-Aware Culture

2.6 Risk Training and

Communication

Risk communications. Risk maturity. Alignment of activities.

Chapter 11 – Risk Aware Culture Styles of risk management. Defining risk culture. Components of a risk-aware

culture. Measuring risk culture. Risk culture and risk

steategy. Establishing the context.

Chapter 12 – Risk Training and Communication

Risk training and risk culture. Risk information and

communication. Shared risk vocabulary. Risk information on an

intranet. Risk Management

Information System (RMIS). Consistent response to risk.

Study Questions

1. Discuss the key features of a risk-aware culture (LILAC) and how the key components can be measured.

2. Discuss the main parts of a risk management policy and the importance of each part.


17

Topic 3: Risk Assessment

Learning Outcomes


1. Describe the importance of risk assessment as a critically important stage in the risk management process;

2. Outline the range of risk assessment techniques that are available and the advantages/disadvantages of each technique;

3. Describe the importance of risk classification systems and the key features of the best-established systems;

4. Provide examples of the use of a risk matrix, including using it to indicate the dominant risk response in each quadrant;

5. Use a risk matrix to indicate the risk appetite of an organisation and whether the organisation is risk averse or risk aggressive;

6. Describe the main components of loss control as loss prevention, damage limitation and cost containment and provide practical examples;

7. Demonstrate the use of loss-control actions to reduce the impact of an event that has a large magnitude before mitigation;

8. Outline the alternative approaches to define the upside of risk and the practical application of these approaches for strategy, projects and operations;

9. Outline the importance of business continuity planning and disaster recovery planning and provide practical examples;

10. Describe the approach taken during a business impact analysis and how the analysis supports business continuity planning; and

11. Describe the key features of a business continuity plan, as set out in established business continuity standards, such as BS 25999.


18


3.1 Risk Assessment Considerations

3.2 Risk Classification Systems

3.3 Risk Likelihood and Impact

Hopkin, P. (2010). Fundamentals of risk management: Understanding, evaluating and implementing effective risk management. United States: Kogan Page Limited. Chapter 13 – Risk Assessment Considerations

Importance of risk assessment.

Approaches to risk assessment.

Risk assessment techniques.

Risk matrix. Risk perception. Risk appetite.

Chapter 14 – Risk Classification Systems Short, medium and long-

term risks. Purpose of risk classification

systems. Examples of risk

classification systems. FIRM risk scorecard. PESTLE risk classification

system. Hazard, control and

opportunity risks.

Chapter 15 – Risk Likelihood and Impact

Application of a risk matrix. Inherent and current level of

risk. Control confidence. 4Ts of risk response. Risk significance. Risk capacity.


19

3.4 Loss Control

3.5 Defining the Upside Of Risk

3.6 Business Continuity Planning

Chapter 16 – Loss Control

Risk likelihood. Risk magnitude. Hazard risks. Loss prevention.

Damage limitation. Cost containment.

Chapter 17 – Defining the Upside of Risk

Upside of risk. Opportunity assessment. Riskiness index. Upside in strategy. Upside in projects. Upside in operations.

Chapter 18 – Business Continuity Planning

Importance of BCP and DRP.

Business continuity standards.

Successful BCP and DRP. Business impact analysis

(BIA). BCP and ERM. Civil emergencies.

Study Questions

1. Discuss the range of risk assessment techniques that are available as well as the advantages and disadvantages of each technique.

2. Discuss the key features of a business continuity plan.


20

Topic 4: Risk and Organisations

Learning Outcomes


1. Describe the key features of a corporate governance model and the links to risk management in different types of organisations;

2. Describe the different types of stakeholders of a typical organisation and the influence of these stakeholders on risk management;

3. Describe a simplified business model and the different types of core processes that need to take place in an organisation;

4. Provide a brief description of the project life cycle and the importance of risk management at each stage, using the 4As approach;

5. Describe the key features of a project risk management system, such as the Project Risk Analysis and Management (PRAM) approach;

6. Outline the key features of operational risk as practised in financial institutions, such as banks and insurance companies;

7. Describe the key sources of operational risk in financial institutions and provide examples of how these risks are managed;

8. Describe the importance of the supply chain and the contribution of supply chain risk management to the success of the organisation; and

9. Give examples of the risks associated with outsourcing and how these risks can be successfully managed.


4.1 Corporate Governance Model

Hopkin, P. (2010). Fundamentals of risk management: Understanding, evaluating and implementing effective risk management. United States: Kogan Page Limited. Chapter 19 – Corporate Governance Model

Corporate governance. OECD principles of

corporate governance. LSE corporate governance

framework.


21

4.2 Stakeholder Expectations

4.3 Analysis of the Business

Model

4.4 Project Risk Management 4.5 Operational Risk Management

Corporate governance for a

bank. Corporate governance for a

government agency. Evaluation of board

performance.

Chapter 20 – Stakeholder Expectations Range of stakeholders. Stakeholder dialogue. Stakeholders and core

processes. Stakeholders and strategy. Stakeholders and tactics. Stakeholders and

operations.

Chapter 21 – Analysis of the Business Model

Simplified business model. Core business processes. Efficacious strategy. Effective processes. Efficient operations. Reporting performance.

Chapter 22 – Project Risk Management Introduction to project risk

management. Development of project risk

management. Uncertainty in projects. Project life cycle. Opportunity in projects. Project risk analysis and

management.

Chapter 23 – Operational Risk Management Operational risk. Definition of operational

risk.


22

4.6 Supply Chain Management

Basel II. Measurement of operational

risk. Difficulties of measurement. Development in operational

risk.

Chapter 24 – Supply Chain Management Importance of the supply

chain. Scope of the supply chain. Strategic partnerships. Joint ventures. Outsourcing of operations. Risk and contracts.

Study Questions

1. Discuss the project life cycle and the importance of risk management at each stage, using the 4As approach.

2. Discuss the key features of a project risk management system, such as the PRAM approach.


23

Topic 5: Risk Response

Learning Outcomes


1. Provide alternative definitions of Enterprise Risk Management (ERM);

2. Identify the key features of an enterprise-wise approach;

3. Describe the ten steps in the implementation of a successful ERM initiative;

4. Outline the importance of risk appetite as a planning tool in the implementation of a risk management initiative;

5. Describe the relationship between risk appetite, risk exposure and risk capacity and the interface with operations, projects and strategy;

6. Describe risk response options in terms of tolerate, treat, transfer and terminate, and how these can be shown on a risk matrix;

7. Describe the types of controls that are available, in terms of Preventive, Corrective, Directive and Detective (PCDD) controls;

8. Explain how to determine whether controls are cost effective, how controls change loss expectancy and how to learn from controls;

9. Provide practical examples of the control of selected hazard risks, including risks to finances, infrastructure, reputation and marketplace;

10. Describe the importance of insurance and the circumstances in which insurance is purchased, including the involvement of a captive insurance company; and

11. Explain the importance of the insurance purchasing process of cost, coverage, capacity, capabilities, claims and compliance.


24


5.1 Enterprise Risk Management

5.2 Importance of Risk Appetite

5.3 Tolerate, Treat, Transfer and Terminate

5.4 Risk Control Techniques

Hopkin, P. (2010). Fundamentals of risk management: Understanding, evaluating and implementing effective risk management. United States: Kogan Page Limited. Chapter 25 – Enterprise Risk Management

Enterprise-wide approach. Definitions of ERM. ERM in practice. ERM and business

continuity. ERM in energy and finance. Future development of

ERM.

Chapter 26 – Importance of Risk Appetite

Risk capacity. Risk exposure. Nature of risk appetite. Cost of risk controls. Risk management and

uncertainty. Risk appetite and lifestyle

decisions.

Chapter 27 – Tolerate, Treat, Transfer and Terminate

The 4Ts of hazard response.

Risk tolerance. Risk treatment. Risk transfer. Risk termination. Project and strategic

response.

Chapter 28 – Risk Control Techniques Hazard risk zones. Types of controls.


25

5.5 Control of Selected Hazard

Risks

5.6 Insurance and Risk Transfer

Preventive controls. Corrective controls. Directive controls. Detective controls.

Chapter 29 – Control of Selected Hazard Risks Risk control. Control of financial risks. Control of infrastructure

risks. Control of reputational

risks. Control of marketplace

risks. Learning from controls.

Chapter 30 – Insurance and Risk Transfer Importance of risk transfer. History of insurance. Type of insurance cover. Evaluation of insurance

needs. Purchase of insurance. Captive insurance

companies.

Study Questions

1. Discuss the importance of risk appetite in an organisation.

2. Discuss the applications of PCDD control measures in managing risks.


26

Topic 6: Risk Assurance and Reporting

Learning Outcomes


1. Describe the purpose and nature of internal control and the contribution that internal control makes to risk management;

2. Outline the importance of the control environment in an organisation and provide a structure of evaluating the control environment (CoCo);

3. Describe the activities of a typical internal audit function and the relationship between internal audit and risk management;

4. Describe the activities involved in the ERM initiative and how these can be allocated to internal audit, risk management and line management;

5. Outline the importance of risk assurance and identify the sources of risk assurance that are available to the board/audit committee;

6. Discuss the importance of risk reporting and the range of risk reporting obligations placed on companies, including Sarbanes-Oxley;

7. Provide examples of risk reporting approaches adopted by different types of organisations, including companies, charities and government agencies;

8. Describe the importance of corporate social responsibility as a component of corporate governance and outline the range of topics covered; and

9. Describe the steps involved in the successful implementation of a risk management initiative, together with the barriers and actions.


27


6.1 Evaluation of the Control

Environment

6.2 Activities of the Internal Audit Function

6.3 Risk Assurance Techniques

6.4 Reporting on Risk Management

Hopkin, P. (2010). Fundamentals of risk management: Understanding, evaluating and implementing effective risk management. United States: Kogan Page Limited. Chapter 31 – Evaluation of the Control

Environment Nature of internal control. Purpose of internal control. Control environment. Features olf the control

environment. CoCo framework of internal

control. Risk aware culture.

Chapter 32 – Activities of the Internal Audit Function Scope of internal audit. Financial assertions. Risk management and

internal audit. Risk management outputs. Role of internal audit. Management

responsibilities.

Chapter 33 – Risk Assurance Techniques Audit committees. Role of risk management. Risk assurance. Hazard, control and

opportunity risks. Control of risk self-

assessment. Benefits of risk assurance.

Chapter 34 – Reporting on Risk Management Risk documentation.


28

6.5 Corporate Social

Responsibilities

6.6 Future of Risk Management

Sarbanes-Oxley Act of

2002. Risks reported by US

companies. Charities risk reporting. Public sector risk reporting. Government report on

National Security.

Chapter 35 – Corporate Social Responsibilities CSR and corporate

governance. CSR and risk management. CSR and reputational risk. CSR and stakeholder

expectations. Supply chain and ethical

trading. CSR reporting.

Chapter 36 – Future of Risk Management

Review of benefits of risk management.

Steps to successful risk management.

Changing fact of risk management.

Concept of risk appetite. Concept of upside of risk. Future developments.

Study Questions

1. Discuss the activities of a typical internal audit function and the relationship between internal audit and risk management.

2. Discuss the steps involved in the successful implementation of a risk management initiative, together with the barriers and actions.


29

Topic 7: The Cost of Human Error Learning outcomes


1. Describe the key features of a risk-aware culture (LILAC); and

2. Explain how the key components can be measured.

Focus Area Assigned Readings

7.1 Learning from the Past 7.2 The Need for Safety 7.3 Safety Culture

Goetsch. (2011). Occupational Safety and Health for Technologists, Engineers and Managers (7th ed.). Pearson. Pg. 3 – 9. Safety and Health Movement, Then and Now Developments Before the Industrial

Revolution Milestones in the Safety Movement Tragedies that have Changed the Safety

Movement OSH Current Situation Rates of Occurrence of Occupational

Accidents and Fatalities Comparison of OSH Performance Profiles

between Malaysia and Other Countries in East Asia

National Competitiveness Index Versus National Occupational Fatality Occurrence Rate

OSH Contribution to the Malaysian Quality of Life

OSH Culture Establishment Long Term Vision for OSH in Malaysia Safety Culture – A Tool in Sustaining

Productive Human Capital Occupational Safety and Health Master Plan for Malaysia 2015 by Ministry of Human Resources Malaysia.


30

7.4 Understanding Human

Error

Goetsch. (2007). Occupational safety and health for technologists, engineers and managers (7th ed.). Pearson. Pg. 34 – 36.

Human Factors Theory of Accident Causation Overload Inappropriate Response and Incompatibility Inappropriate Activities Huma Factors Theory in Practice

Study Questions

1. Explain how workplace tragedies have affected the safety movement. Give examples.

2. Discuss the importance for organisations to establish safety culture. 3. Using your organisation as an example, explain how it is able to realise

OSH-MP15.


31

Assessment Guide

Refer to myVLE.

Assignments

There is one assignment in this course. Commonly, the assignment will be focusing on the application of OSH legal requirements for the purpose of an organisation’s relevant legal compliance. The assignment questions will be assessed from OUM`s Virtual Learning Environment (myVLE). It is your responsibility to make sure that your assignment reaches the course coordinator within the time frame.

The objective of the assignment is mainly to give you an opportunity to explore and analyse OSH legal requirements in depth. You are encouraged to use critical thinking in your assignment especially for the application of theories into practice. The assignment is guided by the contents of the recommended textbook and recent journals.

As mentioned earlier, graduate students must demonstrate that they have read widely and researched their topic well. It is NOT sufficient to rely on information in the assigned textbook or in the Course Guide to complete your assignment. Using a variety of references will give you a broader perspective on the various topics and will provide a deeper understanding of the subject.

The criteria for the assessment of this assignment cover content, structure and thinking skills. In general, you are required to write clearly, using correct spelling and grammar. You also have to submit a paper that shows evidence of the following:

(a) Reflection: Reflect critically on issues raised in the course.

(b) Deliberation: Consider and appreciate a range of points of view, including those included in the course material.

(c) Application: Develop your own view with regard to application of the concepts and focus areas covered in the course.

(d) Argument: State your argument clearly with supporting evidence from related research and demonstrate appropriate referencing of sources.


32

(e) Integration: Draw on your own experiences and integrate the information in the course assignment.

Do Not Plagiarise

As a graduate student, remember that your own thinking and the knowledge you construct as a participant in a course are integral to learning. To succeed in the course, you should never resort to plagiarism or copying at any level whatsoever. Plagiarism refers to any form of deception in a written paper (such as assignments or essays) by a student. It is intended to deceive the instructor about the student’s abilities or knowledge or the amount of work that is actually contributed by the student. Here are some examples sourced from a local site (www.ppl.upm.edu.my).

1. Copying large sections of a paper from the Internet or print sources and not acknowledging these sections as quotations.

2. Paraphrasing or restating someone’s argument without acknowledging the author. Remember that detailed arguments from clearly identifiable sources must always be acknowledged.

3. Purchasing or buying essays or papers written by other students.

4. Taking credit for work produced by someone else. This includes photographs, charts, graphs, drawings, statistics, video clips, audio clips, verbal exchanges such as interviews or lectures, performances on television and texts printed on the web.

5. Taking double credit by submitting the same essay for two or more courses.

Avoiding Plagiarism

Here are some ideas from www.ppl.upm.edu.my for avoiding plagiarism in your assignments and essays.

1. Insert quotation marks around "copy and paste" clauses, phrases, sentences or paragraphs and cite the original source.

2. Paraphrase clauses, phrases, sentences or paragraphs in your own words and cite your source.

3. Adhere to the American Psychological Association (APA) stylistic format, when citing a source and when writing out the bibliography or reference page.

4. Write independently without being overly dependent on information from others.


33

5. Original work. Read a text, put it away and then write about what your have read in your own words.

6. Educate yourself on what may be considered common knowledge (no copyright necessary), public domain (copyright has expired or not protected under copyright law), or copyright (legally protected).

Documenting Sources

Remember that when you quote, paraphrase, summarise or refer to someone’s work you are required to cite the source. Here are some of the most commonly cited forms of material (See www.jfklibrary.org, library.duke.edu/research/citing and www.ppl. upm.edu.my).

Direct citation using quotation marks

Simply having a list of thinking skills is no assurance that children will use it. In order for such skills to become part of day-to-day behaviour, they must be cultivated in an environment that values and sustains them. “Just as children’s musical skills will likely lay fallow in an environment that doesn’t encourage music, learner’s thinking skills tend to languish in a culture that doesn’t encourage thinking” (Tishman, Perkins and Jay, 1995, p.5).

Indirect Citation using referential

According to Wurman (1988), the new disease of the 21st century will be information anxiety, which has been defined as the ever-widening gap between what one understands and what one thinks one should understand.

Referencing

All sources that you cite in your paper should be listed in the REFERENCE section at the end of your paper. Below are some suggestions, as listed in library.fayschool.org/ Pages/Citation_Guide.htm

From a Journal Brown, E. (1996). The lake of seduction: Silence, hysteria, and the space of feminist theatre. JTD: Journal of Theatre and Drama, 2, 175-200.

From an Online Journal

Evnine, S. J. (2001). The universality of logic: On the connection between rationality and logical ability [Electronic version]. Mind, 110, 335-367.


34

Retrieved January 12, 2008, from PsyCARTICLES database.

From a Webpage

National Park Service. (2003, February 11). Abraham Lincoln Birthplace National Historic Site. Retrieved February 13, 2003, from http://www.nps.gov/abli/

From a Book Fleming, T. (1997). Liberty! The American Revolution.

New York: Viking.

From an Article in a Book

Cassel, J., & Zambella, B. (1996). Without a net: Supporting ourselves in a tremulous atmosphere. In T. W. Leonhardt (Ed.), "LOEX" of the West: Teaching and learning in a climate of constant change (pp. 75-92). Greenwich, CT: JAI Press Inc.

From a Printed Newspaper

Holden, S. (1998, May 16). Frank Sinatra dies at 82: Matchless stylist of pop. The New York Times, pp. A1, A22-A23.


35

Appendix A Assignment

SMRK5103 RISK MANAGEMENT

Objective:

The purpose of this assignment is to analyse organisational risks based on different RAM.

The task

You are given TWO articles entitled: 1. A semi-quantitative assessment of occupational risks using bow-tie

representation. 2. Appraisal of a new assessment model for SME. Read the articles given and answer the following questions. For each article, DISCUSS the methodology used in assessing risks. Your discussion should include but is not limited to:

(i) The suitability of the method in assessing risks;

(ii) Coverage or scope of risks;

(iii) The advantage of the Risk Assessment Matrix (RAM) used;

(iv) The limitation of the RAM used; and

(v) Suggestions to further improve the risks assessment methodology.

(60 marks)


36

Appendix B Learning Support

SMRK5103 RISK MANAGEMENT

Seminars

There are 15 hours of face-to-face facilitation provided for the course. There will be FIVE seminars of three hours each. You will be notified of the dates, times and location of these seminars, together with the name and e-mail address of your facilitator, as soon as you are allocated a group.

Discussion and Participation

Besides the face-to-face seminars, you have the support of online discussions in myVLE with your facilitator and your coursemates. Your contributions to the online discussion will greatly enhance your understanding of course content, and help you do the assignment and prepare for the examination.

Feedback and Input from Facilitator

As you work on the activities and the assigned text, your course facilitator will provide assistance to you throughout the duration of the course. The facilitator will also mark your assignment and give you feedback on your performance. At any time that you need assistance, do not hesitate to discuss your problems with your facilitator. The seminars and the online forum can also be used for any of the following situations:

When you have difficulty with the contents of the textbook or if you do not understand the assigned readings.

When you have a question or problem with the assignment.

Bear in mind that communication is important for you to be able to get the most out of this course. Therefore you should, at all times, be in touch with your facilitator and coursemates, and be aware of all the requirements for successful completion of a course.


37

Appendix C Study Paths for Success

Time Commitments for Study

You should plan to spend about six hours of study time on each topic, which includes the time spent doing all assigned readings and activities. You must schedule your time to discuss the work online and spend enough time on each topic for this course. It is often more effective to distribute the study hours over a number of days rather than spending the whole day studying one topic. You have some flexibility as there are 10 topics spread over a period of 15 weeks.

Study Strategy

The following is a proposed strategy for working through the course. If you have difficulty following the strategy, discuss your problems with your facilitator either through the online forum or during the seminars.

(i) The most important step is to read the contents of this Course Guide thoroughly.

(ii) Organise a study schedule. Take note of the amount of time you spend on each topic, as well as the dates for submission of the assignments and seminars.

(iii) Once you have created a study schedule, make every effort to stick to it. One reason students are unable to cope with postgraduate courses is that they delay their course work.

(iv) To understand the various dimensions of the course, do the following:

Study the Course Overview and the entire list of topics. Then examine the relationship of a topic to other topics.

Complete all assigned readings and go through the supplementary texts to get a broad understanding of course content.

Do all activities and read the Scenarios in the assigned textbook to understand the various concepts and facts presented in a topic.


38

Draw ideas from a large number of readings as you prepare for the assignment. Work on the assignment as the semester progresses so that you are able to systematically produce a commendable portfolio or paper.

(v) When you have completed a topic, review the Learning Outcomes for the topic to confirm that you have achieved them and are able to do what is required.

(vi) After completing all topics, review the course content to prepare for the final examination. Review the Learning Outcomes of the course to see if you have covered all the relevant parts of the course.

Safety Science 48 (2010) 1361–1368

Contents lists available at ScienceDirect

Safety Science

journal homepage: www.elsevier .com/locate /ssc i

Appraisal of a new risk assessment model for SME

M. Fera, R. Macchiaroli *

Dipartimento di Ingegneria Aerospaziale e Meccanica, Seconda Università di Napoli, Real Casa dell’Annunziata, Via Roma, 29, 81041 Aversa (CE), Italy

a r t i c l e i n f o

Article history:Received 9 November 2009Received in revised form 21 April 2010Accepted 14 May 2010

Keywords:Risk assessmentSafety at workFMECASCEBRAAHP

0925-7535/$ - see front matter � 2010 Elsevier Ltd. Adoi:10.1016/j.ssci.2010.05.009

* Corresponding author. Tel.: +39 0815010339; faxE-mail address: [email protected] (R.

a b s t r a c t

The identification, assessment and reduction of the risks is among of the most important issues of thesafety at work. This paper’s goal is to demonstrate the effectiveness of a new risk assessment method pro-posed by the authors and presented in the past (Fera and Macchiaroli, 2009). In general, one can deal withrisk assessment using different methods: quantitative, qualitative or a mix; however, the typical modelsproposed in the literature are difficult to implement in SMEs. The method proposed in this paper is amixed one whose effectiveness is demonstrated through an application study carried out in differentindustrial systems, like a steel industry or a logistic services provider.

� 2010 Elsevier Ltd. All rights reserved.

1. Introduction

The injuries statistics (Table 1) released by the InternationalLabour Organization (ILO) for 2007 are very significant.

They show how health and safety problems are very far frombeing solved. It is well known that an effective approach to healthand safety at work needs a suitable risk assessment phase, theadoption of prevention and protection actions and the implemen-tation of a severe ‘‘safety audit” phase. However, less attention hasbeen paid to these phases in the practice, using non-appropriatetools and methodologies which are either too complex to manageor too simple and subjective, thus not suitable to recognize hazardsand reduce the corresponding risks.

The aim of this paper is to assess the effectiveness of a new andreliable assessment model presented in Fera and Macchiaroli(2009), able to face the aforesaid applicability difficulties of themodels developed so far and to show, through its application toseveral industrial plants, how an improvement in safety conditioncan actually be achieved. The proposed model is based on knowntechniques, such as Failure Modes and Effects Criticality Analysis(FMECA), Scenario Based Risk Assessment (SceBRA) and Italianstandard UNI 7249:2007. These techniques are integrated withina procedure composed by seven steps, some quantitative and somequalitative. This model also includes the Analytic Hierarchy Pro-cess (AHP) decision making technique, which – as well known –is useful to minimize inconsistencies in experts’ judgments, withinthe subjective phases of risk assessment.

ll rights reserved.

: +39 0815010204.Macchiaroli).

The paper is organized as follows. After discussing the main fea-tures of relevant models presented in the literature and the open is-sues in risk assessment, Section 3 contains a brief overview of theAHP technique in order to underline its importance in the proposedmodel. Afterwards, the proposed model is described in detail,including a discussion about its main features and advantages. Be-fore concluding, we also report the results from an experimentalcampaign carried in three manufacturing and services firms.

2. Literature review and open issues

The identification and choice of a suitable risk assessment mod-el has been felt as a crucial issue for decades. So far, models used inthe practice were developed for different applications and adaptedfor health and safety at work. A possible classification is presentedin Table 2.

Please note that qualifying methods as ‘‘quantitative” or ‘‘qual-itative” does not mean they are objective or subjective. So, in thispaper we refer to quantitative or qualitative to indicate whethera method makes use of numerical data or not, while we refer toa subjective method when it mainly relies on experts’ judgment.Since the judgment, in turn, can be qualitative or quantitative, inthe last case we also refer to the corresponding method as quali-quantitative.

Thus, subjective methods are focused on the experts’ contribu-tion. Experts are responsible to predict the possible interactionsbetween workers, machines and work environment. Subjectivemodels cannot be implemented in all kind of firms, because of theirintrinsic uncertainty which makes them not suitable for severalapplications; think, in example, to risk assessment in the chemical

http://dx.doi.org/10.1016/j.ssci.2010.05.009

mailto:[email protected]

http://www.sciencedirect.com/science/journal/09257535

http://www.elsevier.com/locate/ssci

Table 1Worldwide 2007 injuries and deaths.

Type of injury Number of injuries

Workplace injury 250.000.000 inj/year8 inj/s

Children workplace injuries 12.000.000 inj/yearDeaths 1.300.000 death/year

Table 2Methods for the health and safety risk assessment.

Qualitative‘‘What if?” analysisSafety reviewCheck lists

QuantitativeFault tree analysisEvents treeBow-Tie model

Quali-QuantitativeHazards and Operability Study (HAZOP)Failure Methods and Critical Analysis (FMECA)Formal Safety Assessment (FSA)

1362 M. Fera, R. Macchiaroli / Safety Science 48 (2010) 1361–1368

or oil & gas industry, where generally sophisticated reliabilitymodels can and must be applied, and normally lead to a wide ex-tent of success. Instead, subjective models can be used with goodresults in the non industrial environments. In the international lit-erature there are some contributions about risk assessment forfishing vessels (Piniella et al., 2009), using a check-lists method,or for large transport networks and urban systems (Chen et al.,2009). Other authors (Van Duijne et al., 2008) developed a subjec-tive assessment model based on the European guidelines RAPEX,used for food quality and safety assurance. Another subjectivemethod example is the DELPHI analysis, which is a structuredmethod that gives a hierarchy of the decisions to be evaluatedand achieves a final decision through verbal experts judgements.These models are often used in SMEs due to their simplicity,although in some cases their application can be misleading, asunderlined by many authors (Hetherington et al., 2006; Wirthet al., 2008; Lingard et al., 1997).

Quantitative models, both objective and subjective, are widelyused in many fields, like in large industrial firms or in the oil andgas industries. These models make an extensive use of reliabilityanalysis and, thus, are based on process decomposition techniquesand failures likelihoods knowledge. Indeed, several works arebased on the Bayesian approach for fault tree analysis or for eventtrees analysis (Martìn et al., 2009; Doytchev et al., 2008). The sta-tistical approach is also used for other types of risk assessmentmodels, as for the Bow-Tie ones (Ale et al., 2008). The Bow-Tiemodels are based on the identification of a link between causesand effects of events, and identify a direct quantitative relation be-tween risk sources and risk consequences. A likelihood is associ-ated to all possible paths from a cause to an effect, that is, anexpression of the relative importance of a specific risk as connectedto a risk source. Objective methods are used to assess risks in thechemical industry (Glickman et al., 2007; Brito et al., 2009) or inthe coal mines (Sari et al., 2009); in these sectors safety is often re-lated to specific possible accidents, whose severity justifies theadoption of quantitative evaluation techniques.

Existing literature reports some works using mixed quali-quan-titative methods. Some authors apply typical techniques of knowl-edge analysis, as fuzzy theory (Grassi et al., 2009), trying toformalize and quantify subjective aspects, treated as fuzzy vari-ables. Other contributions on this issue are given by the application

of techniques such as the well known HAZOP method and the FSA,that was developed and suggested to be applied in the maritimefield by International Maritime Organization (IMO) (IMO, 2002).The FSA is a structured and systematic approach to assess complexsituations. Examples of its application are reported in the literature(Hu et al., 2007; Wang, 2002; Ventikos and Psaraftis, 2004). TheFSA method is a structured and costly method, therefore – asunderlined by several authors – it was mainly used in the maritimesector, but its application to other, less capital intensive sectors, isnot easily justifiable. Among the works appeared in the literature,it is worth to mention the contribution by Hu et al. on 2007, whopropose an integration between the FSA and fuzzy methods.

Starting from our first need, i.e., to create a model suitable andeffective for SMEs, that goes beyond the objective and quantitativemodels complexity and the non-effectiveness of subjective models,we explored the possibility to create a model for this kind of firmsbased on an approach which represents a compromise between thedifferent models. The absence in the existing literature of a such amodel and the need for an improvement in existing safety assess-ment tools for SMEs, convinced us that there is space for workingon mixed quali-quantitative methods. The lack of such approachescan be due, in our opinion, to the little attention paid so far tosafety in the small and medium enterprises (SMEs) by researchersand practitioners. This fact, in turn, might be due to the higherinterest paid by them to larger industrial firms, which – in a firstanalysis – could be identified as a major risk source, while all sta-tistics show, instead, that most part of injuries and deaths are morelikely to occur in SMEs. For all the reasons mentioned so far, thepurpose of this work is to propose a mixed risk assessment meth-od, able to overcome the practical difficulties generally found bySMEs in the application of objective and quantitative techniques(also due to the higher skills required to this aim) and to fill thegap between the results obtained by the application of subjectiveapproaches, generally employed, and the need for a reliable riskassessment.

One of the foreseen advantages of the proposed method is that,without using costly objective or mixed methods, it allows toachieve a good match between the results of the risk assessmentand actual risk relevance. In other words, this means that the pro-posed method achieves better results using similar resources.

3. The Analytic Hierarchy Process (AHP) framework

The AHP (Saaty, 2000) is a technique used in decision making.Based on the contribution of different experts, it aims at the crea-tion of a unique priority index for each possible decision, that sum-marises all expert’s judgments, minimizing their inconsistency. Ingeneral, the procedure, given an objective and given a set of possi-ble choices and/or decisions to achieve that goal, calls the expertsto express a relative judgment of relevance of each choice, whencompared to all the others.

The main difference between AHP and the DELPHI method,mentioned before, is that the AHP technique is not simply basedon verbal judgements but also makes use of quantitativeevaluations.

So, given a set of possible decisions, D = [D1, D2, . . . , Dn], the ex-pert has to indicate a relevance judgment of each decision com-pared with all the others, examined one by one. Each expertgives a relevance judgment, that could be named jkil, where k andi are the counter of all the decisions belonging to the set D and lis the counter of the lth expert. All judgments for each couple ofdecisions (Dk, Dj), will be synthesized using a geometrical meanthrough (1).

jki ¼ffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffijki1 � jki2 � . . . � jkin

nq

ð1Þ

Table 3Methods used for each step.

Phase Step Description Method

1 1 Team work identification SceBRA2 Major events identification SceBRA–AHP

2 3 Frequencies calculation FMECA–UNI 72494 Consequences calculation FMECA–UNI72495 Criticality calculation FMECA

3 6 Improvement actions priorization AHP7 Improvement action verifying Mixed techniques

M. Fera, R. Macchiaroli / Safety Science 48 (2010) 1361–1368 1363

The use of the geometrical mean for the collection of differentjudgments is fundamental, because it has been demonstrated(IMO, 2002) that its use minimizes the inconsistency of the com-parison matrix C (see forward), for the reason that the unanimityand homogeneity properties are respected. The unanimity prop-erty states that, when all the experts give the same judgment x,the resulting overall judgment should be x. The homogeneity prop-erty states that when individuals give a judgement u times largerthan another, the resulting overall judgment should be u times lar-ger too. A mathematical formulation of the unanimity and homo-geneity properties is reported in (2) and (3)

f ðx; x; . . . ; xÞ ¼ x 8 x 2 X ð2Þ

f ðux1;ux2; . . . ;uxnÞ ¼ uf ðx1; x2; . . . ; xnÞ 8 x; ux 2 X; u 2 R ð3Þ

Once the resulting overall judgments are computed, through Eq.(1), they are inserted into a square matrix (nxn), named compari-son matrix, C.

C ¼ D1 D2 . . . . . . Dn

D1

D2

. . .

. . .

Dn

j11 j12 . . . . . . j1n

j21 j22 . . . . . . j2n

. . . . . . . . . . . . . . .

. . . . . . . . . . . . . . .

jn1 jn2 . . . . . . jnn

0BBBBBB@

1CCCCCCA

A fundamental condition to be respected for the applicability ofthe AHP methodology is that the comparison matrix C is consis-tent. We say that a matrix A = (aij) is consistent if the transitivityand symmetric properties are satisfied, as expressed in (4) and (5).

aij � ajk ¼ aik where i; j; k ¼ 1;2; . . . ; n ð4Þ

aij � aji ¼ 1 where i; j ¼ 1;2; . . . ;n ð5Þ

To maximize the consistency index of matrix C, besides the factthat elements with k = i always equal 1, the elements with k – ishould respect the condition reported in (6).

jik ¼1jki

ð6Þ

In real applications, however, it is possible that relation (6) isnot satisfied. This implies that an inconsistency may occur. Forthe correct applicability of the AHP methodology, it is importantthat the inconsistency of the comparison matrix C is less than10%, i.e., the number of times in which relations (4) are not verifiedhas to be less than 10%.

The ranking of the possible decisions Di, as stemming from thejudgments of experts, can be computed from the entries jik of thecomparison matrix C. To each row, corresponding to a decisionDi, is assigned a priority index pi, computed as the ratio betweenthe sum of the entries of that row (

Pkj�ki) divided by the sum of

all entries in C (P

k

Pijki), as reported in (7).

pi ¼X

k

j�ki

,Xk

Xi

jki ð7Þ

4. The proposed risk assessment model

The proposed model is divided in three phases and each phaseis divided into steps, that involve, alternatively, methods like FME-CA, SCEBRA, standard UNI 7249:2007 and AHP. In Table 3, we re-port the methods used for each step.

The first aims at the creation of the work team and the classifi-cation of major risks; this is achieved using the SceBRA and theAHP techniques. In the second phase the risk assessment is focused

on the risk criticality calculation, and this is achieved using theItalian UNI standard and the FMECA technique. The last phasedeals with the identification and classification of preventive andprotective actions to minimize the risks; this task is achieved usingagain the AHP and some safety economic measurement tech-niques. Refer to Fig. 1 for a schematic sketch of the proposedmodel.

The SceBRA technique is mostly used in the management field,especially when an analysis of different development scenarios isneeded. Just in a few cases SceBRA has been used for the safetyrisks analysis. In our model, it is used to overcome the problemof the risks identification.

The literature reports some contributions that use FMECA to as-sess safety problems. Indeed, in practice it is quite easy to find inthe FMECA modules columns reserved to the maintenance activi-ties safety. In turn, in our model the FMECA is just used as a refer-ence to evaluate the criticality of each risk.

UNI 7249:2007 is an Italian standard that illustrates the calcu-lation methods for the frequency and consequence indexes, start-ing from the injuries data available in each firm.

AHP has been selected to reduce the subjectivity of steps 2 and6. AHP permits to give relative judgements of relevance among dif-ferent risks, not just using numerical values, but also with verbalstatements (indeed, a translation table from verbal statements tonumerical values is also present). Refer to former Section 3 for adeeper introduction to that technique. It is important to note thatthe choice of the AHP, instead of other structured methods such asthe DELPHI one, was due to the more reliable analysis of the AHP,that is conducted using mathematical tools.

In the following part of the paper we analyse and describe inbetter detail the seven steps of the model used to perform riskassessment.

4.1. Phase 1 – major risk identification

The first step, i.e., team building, is very important, because it isthe main element to ensure an adequate reliability of the assess-ment. Team composition could be deduced from the safety firmorganization, that is imposed, largely, by national safety laws.Our will is to build a new assessment model, also respectful tosafety laws in force. The minimal team composition should be:(i) the safety responsible, (ii) a work medicine expert and (iii) aproduction worker expert.

The second step, i.e., risk identification, is carried out with theapplication of the AHP technique. For each couple of risks, expertswill give a judgement of relative importance. Each risk is assessedcomparing itself with all the others; in other words, experts mustspecify how much the analysed risk is relevant compared with allthe others. The relative importance judgement given by experts foreach risks’ couple are collected in a geometrical mean, which be-comes an element of the general comparison matrix, used to quan-tify priorities between all risks. The hierarchy used to determinepriorities between all possible firm’s risks is reported in Fig. 2.

1)Team work identification

2) Major events identification

SCEBRA

3) Frequencies calculation

4) Consequences calculation

5) Criticality calculation

FMECA-UNI

FMECA

SCEBRA-AHP

6) Improvement actions priorization

AHP

7) Improvement action verifying

MIX

Phase 1 Phase 3Phase 2

Fig. 1. Assessment model.

Fig. 2. Risk’s hierarchy.


4.2. Phase 2 – risk assessment

Once the results of the second step, i.e., the risks’ priority, areobtained, it is possible to proceed to the third and fourth steps.Here the model proposes the calculation of the frequency and con-sequence indexes, which are computed referring to Italian nationalstandard, UNI 7249:2007 (this standard is available also in Englishas ‘‘Statistics on occupational injuries”). The equations used to cal-culate both of them are reported in (8) and (9).

F ¼ IAþ ImEh

� 106 ð8Þ

C ¼ IGT þ IGP þ IGM

E� 103

¼IGT þ 7500 �

Pg

100

� �þ 7500 �m

E� 103 ð9Þ

In (8), IA is the number of injuries causing an inability lastingmore than a day, Im is the number of deaths and Eh is the workedhours. In (9), IGT, IGP, IGM are respectively the off-work days due to(i) a temporary injury, (ii) to an injury with permanent conse-quences and (iii) to a death injury, and E is (iv) the total numberof workers employed in the specific work sector. All these dataare, normally, available in the firm’s injury registration book.

Please note that in the proposed procedure F and C are not anestimate, possibly given by the risk auditor, of, respectively, theprobability of occurrence of the dangerous event and of the impor-tance of the damage caused, as it usually occurs in typical riskassessment procedures. In the proposed model F and C are simplycomputed using historical data.

After this step, the procedure starts to implement the fifth step,i.e., the calculation of the general criticality index that integratesthe results obtained in previous steps. The equation used to calcu-late the evaluation index is reported in (10).

Ik ¼ Fk � Ck þ pk � DðF � CÞ¼ Fk � Ck þ pk � ½ðF � CÞmax � ðF � CÞmin� ð10Þ

In (10), Fk and Ck are, respectively, the frequency and the conse-quence indexes for the kth risk analysed, as computed in steps 3and 4, and pk is the priority index, as computed in step 2. So, again,Ik accounts for the importance of the kth risk, as it results from thefirm’s ‘‘history”. The second term of the sum has been introducedto assess all risks that do not have a history, i.e., for those risksfor which it is impossible to determine the frequency and the con-sequence indexes. It is important to notice how the second termgives a more specific evaluation of the typical risks of a firm; infact, the pk index is calculated comparing each risk with the othersin specific working environment, while the difference D(F � C) canbe seen as a reference scale, that gives an idea of the overall risklevel of a firm.

Willing to explain why the method proposes to evaluate the in-dex Ik as in expression (10), we could say that the attempt was tointroduce an evaluation method able to take into account, from onehand, the history of a firm, thus accounting not only for occurredinjuries (through the evaluation of C) but also for not occurred ones(if F has a low value, that could mean also that prevention and pro-tection measures in place might have been effective, despite of thepossible severity of the damage), from the other hand, the judg-ments of experts, filtered through a method as AHP, as in tradi-tional risk assessment schemes. In other words, we recognizedthat relying only on experts traditional assessment methods couldlead to relying too much on their experience and not to pay enoughattention to the specific firm point of view, thus leading to empha-size too much the consequences of an accidents and to underesti-mate both the probability of occurrence and the prevention andprotection measures already in place.

Let us give an example. In real cases it could happen that a spe-cific hazard has never lead to the occurrence of an accident: think,

Fig. 3. Improving action’s hierarchy.


in example, to a fire in a paper mill plant. When evaluating the firerisk using our method, since the product F � C equals 0, it mighthappen that the proposed method evaluates it as less relevantcompared to other risks; an expert, instead, could see the fire riskas the most relevant risk, simply because of the serious conse-quences of fire accident occurrence. So, which is the right way towatch to the problem? In our opinion, clearly, the right way to as-sess the risk is the one proposed here. In fact, the gravity of the firerisk is accounted for with the second term of Eq. (10), while, if noaccident happened in the history of a firm, this means that the cor-responding safety level is acceptable and, specifically, the preven-tion actions in place are effective. A conclusion which we mightdraw from this example is that, if the prevention and protectionmeasure in place in a firm produced a history with no accidents,this has to force the attention of the auditor not only towards riskswith major consequences but also towards other risks, more rele-vant in that firm and, as retrievable from the firm’s safety history,not properly managed in the past.

Another example, quite different, regards a risk that occurred inone of the test cases presented afterwards in this paper. Let us con-sider the risk stemming from the exposure to severe indoor climateconditions in a service company dealing with logistics of flowers. Atraditional approach could lead to underestimate indoor climaterisk when compared with other risk, like in example mechanicalrisk, possibly because of their higher consequences. With our ap-proach, the importance of the consequences of such risks is takeninto account through the second term of Eq. (5), but meanwhilethe analysis of the firm’s history leads to a relevant value of factorF for the indoor climate risk (if that risk factor actually caused trou-bles to employee’s health) in the first term of the equation, thusallowing to balance different factors and to assess that risk prop-erly. In other words, in this case, what the proposed method is ableto stress and take account for is the actual occurrence of a damageand/or an injury and not only its probability, as estimated by anexpert.

Willing to draw up some conclusions, we might say that theproposed method defines a procedure to reduce the impact of awrong risk perception by experts. In particular:

– the criticality index for a risk that has never been happened,is composed by a term that is zero (i.e., the first term in Eq.(10)) and by a term composed by the relevance judgementof the experts, derived by the AHP method application(i.e., pk) and by an index that is specific to the firm analysedin the assessment (i.e., D(F � C)); the result is a mitigation ofthe possible overemphasis resulting from a too high estima-tion of the risk’s consequences that also takes into accountprevention and protection measures in place, and

– the criticality index for a risk that occurred often is com-posed by a term that properly takes into account the fre-quency of occurrence (i.e., factor F in the first term of Eq.(10)) and by a term composed by the relevance judgementof the experts, as before; the result is a mitigation of thepossible underestimation of the risk, that takes into accountthe actual occurrence frequency of the corresponding dam-ages and/or injuries.

Finally, let us propose a comment on how to apply the methodwhen the safety auditor is analysing a start-up company; in thiscase the first term of Eq. (10) is equal to zero, not because the spe-cific risk never lead to accidents, but because the firm has not got ahistory. This problem could be overcome using external statisticsreferred to the specific sector of the start-up firm. For example,in Italy the public work injuries insurance agency (INAIL) producesthe summary of the frequencies and consequence for the differentoperative sectors each year. So, using these statistics, the method

could be used also for the start-up firms. It must be claimed, how-ever, that the best performance of the proposed method is actuallyachieved in firms with a safety history.

4.3. Phase 3 – improvement actions

Once a criticality has been defined for all risks, the model pro-ceeds with the sixth step, i.e., the identification of preventive andprotective measures used, respectively, to reduce the frequencyof occurrence and the consequences of the dangerous event. Thisstep is implemented through a team meeting, as defined in step1, and trough a new application of AHP. For each risk, the expertswill define some actions, and afterwards they will express their rel-ative judgements between the proposed actions. The calculationprocedure to obtain the actions’ priorities is the same of step 2.The improving actions hierarchy is shown in Fig. 3.

The innovation of the method for the identification of preven-tion and protection actions is centered on the use of AHP, that per-mits to reduce inconsistencies of the decisions regardingimplementation priorities for the different corrective actionsdecided for each risks. In other words, when defining prioritiesamong corrective actions, it may happen that some inconsistencyoccurs or, more simply, that their scheduling does not respondeffectively to actual needs. The application of AHP allows to reducethis circumstance, simply because the AHP mathematical approachis able to minimize inconsistencies among relative priority judg-ments given by experts to corrective actions.

Once prevention and protection actions, as defined in step 6, areimplemented, it is necessary to evaluate their effectiveness. This isthe goal of step 7. To this aim we propose the use of an indexnamed DOE, which has been created by the US Department Of En-ergy, and whose definition is reported in (11).

DOE¼102 �ð106 �Dþ5�105 �Tþ2�103 �LWCþ103 �WDLþ4�102 �WDLRþ2�103 �NFCÞEh

ð11Þ

In (11), D is the number of deaths, T is the number of injurieswith total disability, LWC is the number of accidents with an injury,WDL is the number of work absence days, WDLR is the number ofdays in which a production sector has to work in a limited mode,NFC is the number of near miss and Eh is the number of total work-ing hours. Using this index over an appropriate time horizon, it ispossible to measure the safety system improvement. If the indexshows an increase from a period to another, i.e., the difference ofthe values it assumes over two periods is positive or equals zero,

Fig. 4. The Deming wheel.

Table 4Criticality index for the risks in the assembly line analysed.

Risk Criticality indexes

Mechanical 33,64Knife parts contact 10,14Material in movement contact 6,69Electric 6,38Noise 4,24Fire 1,32Vibrations 1,11

Table 6Reliability indexes for the assessment method analysed.

Distances New assessmentmethod

Old assessmentmethod

Compared to specific firmstatics

4 21

Compared to nationalstatistics

12 25

Table 7Criticality indexes for the second experiment.

Risks Criticality indexes

Mechanical 25.12Manual handling contact 6.79Knife contacts 3.90Noise 2.44Electrical 1.76Fire 1.03Mechanical handling contact 0.74Vibrations 0.62Chemical 0.39Micro-climate 0.31Explosions 0.27


it means that the assessment and the improvement actions werenot adequate, thus another implementation of the procedure isrequired.

Notice how the application of the method finds its natural bestperformance when it is applied in a continuous improvementframework, such as the Deming wheel (Fig. 4), i.e., where there isa continuous improvement led by the cyclic application of phases:(i) plan, (ii) do, (iii) check, (iv) act. This is typical of all ManagementSystems that pursue continuous improvement strategies, likeQuality or Safety Management Systems planned as in ISO EN9001:2008 or OSHAS 18000.

5. The experimental campaign

To test the performance of the proposed method and its abilityto easily and properly assess risks and, consequently, to identifyeffective prevention and protection measures, an experimentalcampaign was performed in three enterprises classified as SMEs.The enterprises belong to two different sectors, the steel workindustry and the logistic services; in particular, two belong to thefirst sector and one to the other one.

Before describing and commenting the results, let us explainthe method we used to validate the proposed model. The resultsof the experiments, as stemming from the application of the pro-posed method to the three firms, were compared with:

� the results of traditional methods used to assess safety at workin these firms and� the risk classification, as calculated from the injuries statistics

available for the industrial sector who they belong to.

Table 5Old and new assessment model risk prioritization compared with real data for first exper

New assessment method Specific firm statistics

Mechanical MechanicalKnife parts contact Knife parts contactMaterial in movement contact Material in movement contactElectric ElectricNoise VibrationsFire FireVibrations NoiseChemical Chemical

The reason for not relying solely on firm’s available data is thatthey could suffer from underreporting (think about missed acci-dents) and limited exposure (so that real hazards may not havematerialized yet and hence not being represented in the statistics,but may still pose a significant risk). The use aggregated data, spe-cific of an industrial sector, rather than data for individual firms,can possibly give a better, or at least a wider, picture of the riskthan company-specific data. Still, the use of company-specific datahelps in analysing and underlining special features which might bepresent within particular firms.

The effectiveness of the proposed method was assessed throughan index named ‘‘reliability index” computed as the distance be-tween the ranking of each risk, available from the injuries registryand from the national statistics for the sector, and the rankingresulting from the application of the old and new methods; eachposition in the ranking equals one distance unit; so, the best per-formance is achieved if the distance index equals zero, while themore the index grows, the more we can say that the proposedmethod achieves misleading results compared to the actual riskclassification.

The first experiment was conducted in a steel working factory.It is an assembly line, operating on 3 shifts for 24 h. The workingactivities include machines set-up, feeding of material to the ma-chines and machine control. In the production line workers alsomanipulate chemical products, as flammable or noxioussubstances.

All the risks were identified and assessed using the new meth-od. The criticality indexes, for the production line analysed, areshown in Table 4.

iment.

Industrial sector national statistics Old assessment method

Material in movement contact NoiseKnife parts contact FireMechanical MechanicalVibrations ElectricNoise VibrationsFire Material in movement contactsChemical Knife parts contactElectric Chemical

Table 8Old and new assessment model risk prioritization compared with real data for second experiment.

New assessment method Specific firm statistics Industrial sector national statistics Old assessment method

Mechanical Mechanical Manual handling contact MechanicalManual handling contact Manual handling contact Knife parts contact NoiseKnife contacts Knife contacts Mechanical Knife contactsNoise Mechanical handling contact Vibrations ChemicalElectric Electrical Electric Manual handling contactFire Fire Noise Mechanical handling contactMechanical handling contact Noise Fire ElectricVibrations Vibrations Mechanical handling contact VibrationsChemical Chemical Chemical FireMicro-climate Micro-climate Micro-climate Micro-climateExplosions Explosions Explosions Explosions




Compared to specific firmstatistics

6 20

Compared to national sectorstatistics

12 26

Table 10Criticality indexes for the third experiment.

Risks Criticality indexes

Micro-climate 10Manual handling 7.5Mechanical handling 1.7Mechanical 0.62Chemical 0.47Noise 0.43Electrical 0.39Fire 0.24




Compared to specific firmstatistics

0 5

Compared to national sectorstatistics

10 12


Table 5 reports the risk priority ranking for respectively, theproposed assessment model, the actual data available in the spe-cific firm, the statistics data from the industrial sector as reportedby the Italian Health and Safety Insurance Institute (INAIL) and thetraditional assessment model used in the firm so far. As shown, thenew model matches actual data more often than the old assess-ment model. In Table 6, the reliability indexes are reported.

The second experiment was conducted in another steel workingfactory, whose typical operations are quite different from the firstexample, in the sense that there are no continuous operations on a24 h time basis. Operations include cutting, welding and hot-work-ing on metal sheets. So the job exposes the workers to several riskssuch mechanical, chemical, noise, etc.

As in the previous test case, Table 7 reports the criticality in-dexes as calculated with the proposed method, Table 8 compares

Table 11Old and new assessment model risk prioritization compared with real data for third expe

New assessment method Specific firm statistics

Micro-climate Micro-climateManual handling Manual handlingMechanical handling Mechanical handlingMechanical MechanicalChemical ChemicalNoise NoiseElectrical ElectricalFire Fire

the risk priority ranking in the four possible cases, while Table 9 re-ports the reliability indexes for the two methods.

The third application of the proposed method occurred in a lo-gistic services firm, a flower logistic operator. The process includesreceiving, storing and expediting flower batches. Workers are ex-posed to risks like micro-climate, ergonomic, mechanical move-ment, etc. The exposure to the micro-climate risks is due to thefact that the flowers need to be stored in a cold-store, where allhandling operations are performed.

As in previous cases Tables 10–12 report, respectively, the crit-icality indexes, the risk priorities and the reliability indexes for thislast experiment.

As a general comment, the proposed model actually shows aremarkable improvement in terms of what we defined ‘‘reliability”of the safety assessment method. The model achieves a reliabilityvalue considerably better than traditional methods when the indexis compared with the data from the statistics of the specific firm.On the other hand, when we compare the results with the nationalstatistics for the specific sector to which the enterprises belong, themethods improvement, on average, is less than 50% of the firstresult.

The high correspondence between risk priorities as identified bythe proposed method and as retrievable by the actual injuries sta-tistics for the specific firms, is due, possibly, to the fact that theproposed method is combining some subjective elements, as theexperts’ contribution, to objective elements, as the UNI 7249,which is based on the same framework used for the injuries realstatistics calculation. This element is very important to understand

riment.

Industrial sector national statistics Old assessment method

Mechanical handling MechanicalMicro-climate Micro-climateManual handling Manual handlingNoise Mechanical handlingMechanical ChemicalChemical NoiseFire ElectricalElectrical Fire

Table 13Improvements of the new method.

Experiments Distances national sectorstatistics improvement (%)

Distances specific firmimprovement (%)

1 52 812 54 703 17 100

Mean 41 84


how much the new method tries to create a more realistic analysisof the safety condition, without neglecting the experts’ point ofview, and thus giving the possibility to assess also the elementsnot otherwise classifiable with objective methods.

In Table 13, we report a summary of the performance indexes inthe experiments. It is possible to notice how the model’s perfor-mance in terms of reliability shows an average increase of 84% ifits reliability is compared with the specific firm ranking and of41% if it is compared with the national statistics. It is also worthto note how in the third experiment the improvement shown byour method in the second comparison decreases. The closest indus-trial sector found for this experiment was the whole logistic andtransportation one, whose scope is very wide and who, thus, hasa very large number of job types; accordingly – in our opinion –this sector is not exactly reflecting the risk characteristics of theanalysed firm.

6. Conclusions

Starting from the awful statistics of the safety at work, as theyresult in the EU and worldwide, in this paper we analysed the stateof the art in risk assessment methods applied in small and mediumenterprises (SMEs) and we found a lack of models applying bothquantitative and qualitative methods. So, the attempt was to de-velop a model able to reduce the uncertainty that subjective mod-els typically offer and the computational complexity that objectiveand quantitative models normally include (with the related costsand time consumption), thus representing a method that, makinguse of the same amount of effort, is able to achieve better and morereliable results. The proposed model therefore merged knownquantitative models, like the ones using frequency and conse-quence indexes, with typical subjective models, such as the AHPmodels. The proposed approach, through the use of AHP, allowsto assess also risks related to aspects and dangers which have nohistory, and for which necessarily a subjective approach applies.

The application of the proposed model has shown a good per-formance in terms of risk assessment ‘‘reliability”: by this we mean

that the risk prioritization resulting from the proposed risk assess-ment model is better than the one resulting from traditional meth-ods, when compared with statistic data from the specific firm, asretrieved from the injuries and accident register book, and withthe national industrial sector, as retrieved from the national indus-trial sector statistic survey on injuries and accidents in the Italianfirms performed by INAIL.

Next steps in the research will deal with the validation of themethod for the identification and prioritization of the improve-ment actions and the application and validation of the model inother industry sectors.

References

Ale et al., 2008. Quantifying occupational risk: the development of an occupationalrisk model. Safety Science 46, 176–185.

Brito et al., 2009. Multi-attribute risk assessment for risk ranking of natural gaspipelines. Reliability Engineering and System Safety 94, 187–198.

Chen et al., 2009. Study on the methodology for evaluating urban and regionaldisaster carrying capacity and its application. Safety Science 47 (1), 50–58.

Doytchev et al., 2008. Combining task analysis and fault tree analysis for accidentand incident analysis: a case study from Bulgaria. Accident Analysis andPrevention. doi:10.1016/j.aap.2008.07.014.

Fera, Macchiaroli, 2009. Proposal of a quali-quantitative assessment model for theSMEs health and safety. Safety and Security Engineering 3, 117–126.

Glickman et al., 2007. Assessment of hazardous material risks for rail yard safety.Safety Science 45, 813–822.

Grassi et al., 2009. A fuzzy multi-attribute model for risk evaluation in workplaces.Safety Science 47 (5), 707–716.

Hetherington et al., 2006. Safety in shipping: the human element. Journal of SafetyResearch 37, 401–411.

Hu et al., 2007. Formal safety assessment based on relative risks model in shipnavigation. Reliability Engineering and System Safety 92, 369–377.

IMO, 2002. Guidelines for formal safety assessment (FSA) for use in the IMO rule-making process, MSC/Circ. 1023.

Lingard et al., 1997. Behavior-based in Hong Kong’s safety managementconstruction industry. Journal of Safety Research 28 (4), 243–256.

Martìn et al., 2009. A Bayesian network analysis of workplace accidents caused byfalls from a height. Safety Science 47, 206–214.

Piniella et al., 2009. Towards system for the management of safety on boardartisanal fishing vessels: proposal for check-lists and their application. SafetyScience 47, 265–276.

Saaty, T.L., 2000. Fundamentals of Decision Making and Priority Theory with theAnalytic Hierarchy Process. RWS Publications, Pittsburgh, PA.

Sari et al., 2009. Stochastic modeling of accident risks associated with anunderground coal mine in Turkey. Safety Science 47, 78–87.

Van Duijne et al., 2008. Considerations in developing complete and quantifiedmethods for risk assessment. Safety Science 46, 245–254.

Ventikos, Psaraftis, 2004. Spill accident modeling: a critical survey of the event-decision network in the context of IMO’s formal safety assessment. Journal ofHazardous Materials 107, 59–66.

Wang, J., 2002. Offshore safety case approach and formal safety assessment of ships.Journal of Safety Research 33, 81–115.

Wirth et al., 2008. When workplace safety depends on behavior change: topics forbehavioral safety research. Journal of Safety Research 39, 589–598.

http://dx.doi.org/10.1016/j.aap.2008.07.014

Safety Science 48 (2010) 973–979

Contents lists available at ScienceDirect

Safety Science

journal homepage: www.elsevier .com/locate /ssc i

A semi-quantitative assessment of occupational risks using bow-tie representation

Celeste Jacinto a,b,*, Cristina Silva c

a Department of Mechanical and Industrial Engineering, Faculty of Science and Technology, Universidade Nova de, Lisboa, Campus de Caparica, 2829-516 Caparica, Portugalb Safety, Reliability and Maintenance Group of CENTEC, Technical University of Lisbon, Instituto Superior Técnico, Av. Rovisco Pais, 1049-001 Lisboa, Portugalc Arsenal do Alfeite, Alfeite, 2810-001 Almada, Portugal

a r t i c l e i n f o

Article history:Received 16 January 2009Received in revised form 3 August 2009Accepted 30 August 2009

Keywords:Safety at workRisk assessment methodsBow-tie diagramsOccupational safetyEurostat variables

0925-7535/$ - see front matter � 2009 Elsevier Ltd. Adoi:10.1016/j.ssci.2009.08.008

* Corresponding author. Address: Department ofEngineering, Faculty of Science and Technology, FC2829-516 Caparica, Portugal. Tel.: +351 21 294 8567;

E-mail addresses: [email protected] (C. Jacinto), crist(C. Silva).

a b s t r a c t

This work proposes a semi-quantitative risk assessment methodology, which was applied and tested inthe Ship Building Industry. It covers a wide range of risks related to occupational accidents in a shipbuild-ing yard environment, more specifically at Arsenal do Alfeite, a large shipyard in Portugal. The initialqualitative analysis focuses on the bow-tie diagram technique but it also integrates concepts and classi-fications schemes defined by the Eurostat within the European Statistics on Accidents at Work (ESAW)Project. The structure of the diagram enables the identification of the relevant accident’s causal pathwaysand their consequences at the same time as it identifies the existing or needed safety barriers. In whatconcerns the semi-quantitative assessment, the accident risk level and acceptance criteria were estab-lished through a scoring system, using national data on accident statistics for the sub-sector: Ship Building& Repairing (code NACE 35.1). The statistical data was supplied by GEP (the Office of Strategy & Planningof the Portuguese Ministry of Labour & Social Solidarity). The authors present and discuss a specific casestudy, in the shipyard’s technological area of surface treatment and protection, to demonstrate the meth-od’s applicability and usefulness.

� 2009 Elsevier Ltd. All rights reserved.

1. Introduction protective barriers. The latter characteristic is of great value to sup-

The original bow-tie model was developed for application in hi-tech industries, for the probabilistic assessment of risks of majorindustrial accidents. However, as with many other assessmenttechniques, its use is quickly spreading to the field of occupationalsafety. A recent special issue of Safety Science (Goossens et al.,2008), for instance, gives full evidence of this trend and providesinsight in the development of an Occupational Risk Model (ORM),launched under the auspices of the Dutch Authorities.

Despite this breakthrough in the quantitative assessment ofoccupational risks, the bow-tie probabilistic feature is less likelyapplicable or viable in individual organisations, in which the his-toric accident information is not enough to derive data for theprobabilistic assessments. On the other hand, the diagram itself –and the philosophy behind its configuration – appears to be anattractive tool for risk identification and qualitative analysis: notonly the diagram depicts the possible pathways between the haz-ards and the accident (the central critical event), but also it com-pels the analyst to differentiate clearly between preventive and

ll rights reserved.

Mechanical and IndustrialT/UNL, Campus de Caparica,

fax: +351 21 294 [email protected]

port decision-making, since it helps prioritising safety measures.A way out from the lack of probabilistic data is to combine the

qualitative feature of the diagram with an (also qualitative) assess-ment of risk through a classical risk-matrix approach. This is a fea-sible solution already offered in commercially available softwarepackages (e.g.: BAT�, Risk Shield� or BowTie Pro�). However, inmost applications, the problem of inherent subjectivity of the ma-trix remains. The aim of this research work, though, is twofold: (1)to ascertain to what extent the bow-tie diagram would be success-fully applied to occupational risks, in individual organisations, bytheir own people and (2) to explore a semi-quantitative methodol-ogy for grading the risks and establishing the risk level. The secondissue, in particular, constitutes the innovating contribution of thiswork, as it gives a simpler alternative to the probabilistic approachwhilst still keeping the virtue of being based on real accident fre-quency data and objective criteria.

To demonstrate the proposed methodology, this paper de-scribes an application case in a large shipyard, called Arsenal doAlfeite (AA), whose main activity is to build and repair ships,mainly for the Portuguese Navy. From now on, this organisationwill simply be referred to as AA Shipyard.

2. Background literature on the bow-tie model

Although the majority of risk assessment techniques have beendesigned for risks arising from high-tech systems, Harms-Ringdahl

http://dx.doi.org/10.1016/j.ssci.2009.08.008



http://www.sciencedirect.com/science/journal/09257535

http://www.elsevier.com/locate/ssci

974 C. Jacinto, C. Silva / Safety Science 48 (2010) 973–979

(2001) demonstrates that some of these methods have proven tobe useful and adequate to assess all kinds of risk, including thoseassociated with occupational hazards. This seems to be the casewith the so-called bow-tie approach as well.

On the turn of the millennium, the Shell’s Group developed anew approach under the name of Hazard, Effect and ManagementProcess (HEMP); this was known internally as the ‘bow-tie dia-gram’ (Zuijderduijn, 1999). This concept gained popularity, as it of-fers a good overview of the different accident scenarios underanalysis. Basically, the bow-tie can be considered as an approachthat has both proactive and reactive elements and that systemati-cally works through the hazard and its management. Indeed, allthe causes and consequences of an accident are clearly depictedin the diagrams. Moreover, the bow-tie seems particularly usefulto represent the influence of safety systems (and barriers) on theprogression of accident scenarios. Safety systems, either technicalor organizational elements, can be placed in the two mainbranches of the diagram. The bow-tie model is essentially a prob-abilistic technique, but in time it has developed in different ver-sions, depending on the system under analysis. A well-knownsimplified representation is that in Fig. 1.

In its traditional representation the left-hand side includes a listof potential hazards leading, through different pathways, to a spe-cific ‘‘top critical event’’ or accident type, whilst the right-hand sideincludes the different consequences of such event. The left side caninclude a formal fault tree in which the different branches identifythe possible causes of the critical event (i.e., all the possible linksbetween the hazards and the accident type).

The right side of the diagram, on the other hand, uses the eventtree philosophy to identify the possible consequences. Between thehazards and the top event, and between the latter and the finalconsequences, the safety barriers in place are also taken into ac-count. An evaluation of barrier performance (e.g.: response time,efficiency, and level of confidence) can be achieved with this ap-proach. An important and useful feature is that this barrier analysishelps to identify missing or ill-designed barriers, which is a key-is-sue in risk management. The work of Trbojevic (2001), Delvosalleet al. (2003) and Kurowicka et al. (2006), for instance, give a de-tailed account of the bow-tie structure and the barrier functionsassociated with it.

On the other hand, Delvosalle et al. (2003) and Salvi and Deb-ray (2006), provide evidence of another noteworthy developmentaround 2002, within the Accidental Risk Assessment Methodol-ogy for Industries in the framework of Seveso-II Directive (ARA-MIS) Project . A new integrated risk assessment methodologywas created (Delvosalle et al., 2006; Dianous and Fiévez, 2006),by combining the strengths of different methods currently used

H A Z A R D S

CONSEQUÊNCIAS

Barreiras de segurança

Evento

Safety Barriers

CRITICALEVENT

Fault Tree Event Tree

CONSEQUENCES

Fig. 1. A simplified bow-tie representation (Dianous and Fiévez, 2006, p. 221;Delvosalle et al., 2006, p. 201).

in the European Countries. This new methodology, under thename of Methodology for the Identification of Major AccidentHazards (MIMAH), is supported by the bow-tie approach andthe assessment of safety barriers. However, this integrated ap-proach focuses on industries within the framework of Seveso-IIdirective, i.e., on major industrial accidents, leaving aside theoccupational accidents.

More recently, however, the bow-tie model has entered thefield of occupational safety, through the European Workgroup fordevelopment of the Occupational Risk Model (WORM), whichstarted with the aim of decreasing by 10–15% the occupationalaccident rate in the Netherlands (Hale et al., 2005). This researchworkgroup uses the bow-tie approach to quantify risks of occupa-tional accidents with the purpose of introducing a risk-basedthinking into occupational safety and by simulating scenarios fora wide variety of common accidents, allowing the prioritisationof preventive strategies. The WORM Project is still ongoing but ithas already produced ample evidence of progress by the work of,for instance, Papazoglou and Ale (2007); Ale et al. (2008); Aneziriset al. (2008) and Bellamy et al. (2008).

The quantification of the bow-tie diagram is a complex task: itnot only requires reliable data on the frequency of all events, butthe failure probabilities of the barriers need to be known as well.This type of assessment also calls for the involvement of highlyspecialised people from different expertise areas. For all these rea-sons, it is unlikely that individual enterprises will be able to applythe model in this way. Despite this, the diagram, per se, constitutesan attractive basis to support qualitative analysis.

From all the above it becomes apparent that the bow-tie ap-proach represents a step forward in the current state of the art con-cerning the management of risks, including those associated withoccupational safety. This is the context in which the authors equa-ted the use of the (qualitative) bow-tie diagram in combinationwith a matrix approach, based on accident statistics of the activityunder analysis.

3. The methodology applied in the AA Shipyard

The methodology described here uses accident data of the Ship-building Industry and it will be demonstrated through an applica-tion case in this particular activity sector.

3.1. The working context and the organisation’s main features

Since the historical accident data in the AA Shipyard is not suf-ficient to allow probabilistic assessments, the quantification fea-ture of the original bow-tie model is not used in this work. Inthis case the aim was to explore the applicability of the diagramin critical activities in this large shipbuilding yard, within a semi-quantitative assessment adapted to their own reality.

The AA Shipyard employs around 1200 workers and its mainactivity consists of repair works and maintenance of ships for thePortuguese Navy, although they also have non-military clients.The organisation holds a Quality Management System certifiedISO 9001:2000 and a structure of Internal H&S Services; the lattercomprises two main branches: the Occupational Medicine Serviceand the Division of Safety & Health. The organisation’s safety reg-ulations and procedures are compiled and published in the ‘‘Arse-nal Safety Book – Safe Work’’ (Arsenal do Alfeite, 2003), which isalso available through their own intra-network. The risk assess-ment procedure currently in use for occupational risks is a classicalall-embracing approach, which combines Energy Analysis withTask Analysis, and uses a risk-matrix for grading the risks. The cri-teria in the matrix, however, are rather vague and subjective.

Collect information on site

Scope definition: TPS-Area

Qualitative analysisMapping the accident scenarios

1 task = 8 diagrams

Barreirasdeseguran ça

Evento

Barriers

CRITICAL

EVENT

Risk Evaluation / Risk Level

•Matrix approach

•Criteria for likelihood & seriousness

Likelihood of critical event

•Frequency distribution of variable Contact

Severity of Harm

•8 Accident pyramids –to score the potential for serious injuries (days lost)

Accident typology

•AA-TPS (data 2001-2006, N=52)

•Sub-Sector 35.1 (national data 2005, N=1078)

O

U

T

C

O

M

E

H

A

Z

A

R

D

S

Collect information on site

Scope definition: TPS-Area

Qualitative analysisMapping the accident scenarios

1 task = 8 diagrams

Barreirasdeseguran ça

Evento

Barriers

CRITICAL

EVENT

Risk Evaluation / Risk Level

•Matrix approach

•Criteria for likelihood & seriousness

Likelihood of critical event

•Frequency distribution of variable Contact

Severity of Harm

•8 Accident pyramids –to score the potential for serious injuries (days lost)

Accident typology

•AA-TPS (data 2001-2006, N=52)

•Sub-Sector 35.1 (national data 2005, N=1078)

O

U

T

C

O

M

E

H

A

Z

A

R

D

S

Fig. 2. Overview of the SQ-BAT methodology.

C. Jacinto, C. Silva / Safety Science 48 (2010) 973–979 975

3.2. The methodology – semi-quantitative bow-tie for accidents atwork (SQ-BAT)

The acronym SQ-BAT was established at a certain point, to dif-ferentiate this new method under trial from the current procedurein AA Shipyard, which does not have a specific name. Overall, themethodology applied can be described in a two-step process, as de-picted in Fig. 2.1

3.2.1. Qualitative analysis – first stepThis first step uses the bow-tie diagram as a qualitative tool for

identifying the pertinent causes and consequences of the accidenttype under analysis; it also pinpoints the relevant prevention andprotection barriers for eliminating, reducing or attenuating theeffects of such accident risk. Before initiating the diagrams, the fol-lowing preliminary tasks were carried out to collect indispensableand valuable information:

� re-analysis of previous accidents (period 2001–2006 inclusive),� scrutiny of Safety Audit reports and other Management System

documentation,� establishment of a baseline checklist (pinpointing hazards and

hazardous conditions already known or perceived by theauthors),

� interviews with the workers and their supervisors to bring outtheir points of view and experience feedback, and

� direct observations of the workplace.

The diagrams were produced with the information collectedabove; this involved an iterative process since there was a needto re-check and confirm certain details before reaching the finaldraw. The type of accident (critical event) was categorised by thevariable ‘‘contact-mode of injury’’. This automatically means that,the risk analysis of each single task implies the construction ofeight individual diagrams, as the variable ‘‘contact’’ has eight dif-ferent modalities (or categories) in its classification scheme (Euro-stat, 2001). The variable ‘‘deviation’’ was also used to ‘‘label’’ thedeviating events immediately preceding the contact on the centre

1 ‘‘Work’’ in Portuguese translates as Trabalho, hence the final T in the acronym.

of each diagram. This helped to compare the various pathwaysactually identified in the diagrams with the statistical informationavailable for the pairs ‘‘contact � deviation’’. After the qualitativeanalysis based on the diagram is completed, the second step takesplace, i.e., the assessment of accident risk.

3.2.2. Semi-quantitative assessment – second stepTo enable the link between the diagrams and the semi-quanti-

tative assessment, the authors developed a scoring system basedon a specific subset of national accident statistics, aligned withthe ESAW harmonised variables (Eurostat, 2001). This statisticaldata is used to score, objectively, the ‘‘likelihood of occurrence’’and the ‘‘potential seriousness’’ of each modality of accident. Theresulting scores are then applied to a risk-matrix (similar to thatof BS 8800, 2004) for obtaining the risk level. The aim of thistwo-step approach is to reduce subjectivity, since the scoring sys-tems used are based on realistic accident frequencies and days lostfor each accident type.

To carry out the above process, the ESAW variables consideredwere ‘‘contact’’ and ‘‘days lost’’. The semi-quantitative procedurefor ranking the accident risk level uses a 4 � 5 risk-matrix, withfive levels of risk. The criteria for scoring ‘‘likelihood’’ and ‘‘poten-tial seriousness’’ were derived from the national statistics of theactivity sector 35.1 – building and repairing of ships and boats,2 usedhere as the reference sector. The ‘‘likelihood’’ of occurrence wasranked through the frequency distribution of the variable ‘‘contact’’,whereas the ‘‘potential seriousness’’ was established by crossing thedata of the variables ‘‘contact � days lost’’.

4. Case study and results

In the AA Shipyard accident history, the production area posinghigher concerns is the ‘‘Treatment and Protection of Surfaces’’ orTPS-Area. This technological area deals, essentially, with specialcoating schemes and it comprises three main production processesand facilities: steel-blasting, electroplating and dry dock airlesspainting. This paper discusses the proposed methodology appliedto a particular type of accident in the steel-blasting process.

2 Classification NACE 4 in the ESAW system.


4.1. Risk analysis through the bow-tie diagram

The steel-blasting task is carried out in a blasting chamber andit needs to be done manually by skilled operators, since the metalparts (or pieces) to pickle have a very irregular shape and need tobe turned over more than once in the process. Fig. 3 illustrates thisworking process. The pieces enter the chamber on the top of openwagons on rails and the chamber can accommodate three pieces ata time. The analysis of this task has produced eight diagrams, somemore complex than others, but each portraying the risk situation ofa specific type of accident, depending on the modality of contact inthe centre.

Fig. 4 shows the diagram obtained for Contact 40 (being struckby object in motion, collision with). This modality is also the mostfrequent type of accident in both the shipyard’s TPS-Area and thePortuguese accident statistics of the whole sector 35.1 (buildingand repairing of ships and boats).

The figure shows the relevant features concerning this particu-lar accident risk. To summarise, one can see that there are at leastthree main pathways leading to the critical event. This contact mayoccur either by projection of steel particles under pressure, or bythe fall of a piece/component. The worker being struck by steelparticles is the most frequent occurrence and it can be triggeredby two main categories of deviation: the worker losing control ofthe hose and jet direction or by emission of particles (inherent tothe process, but aggravated by failure of the hose or variations inthe pressure). The second possibility is the worker being struckby a falling piece and this is more likely to occur when the workeris turning over the piece. The dotted ‘‘labels’’ D20, D30 and D40 onthe diagram indicate the code of the main ‘‘deviations’’ identifiedand the arrows indicate the possible paths between these devia-tions (immediate causes) and the hazards/hazardous conditionsbehind them. This left side of the diagram also identifies the mostpertinent prevention barriers. Of these, some were already in placeand seemed reasonably adequate, whilst others were either miss-ing or notoriously insufficient. In the aftermath of this analysis aset of floor grids have already been replaced and the ventilationand illumination levels have been improved. Two safety measureswere scheduled for further discussion, as they need more careful

Fig. 3. Steel-blasting task.

consideration: (1) establishing a new procedure for hiring externaloperators, who need to be ‘‘certified’’ and (2) redesigning the cur-rent training plan, which needs to be more behavioural-driven. Incertain cases, the role of the supervisor and the level of supervisionalso need improvement, but these are currently being equated to-gether with the training strategy for supervisors.

The right side of the diagram (Fig. 4) is less detailed as the con-sequence of any occurrence is always a ‘‘personal injury’’, althoughthe degree of harm varies. This side shows, essentially, the factorsinfluencing the seriousness and the barriers needed for protectionand emergency action. Of these, the main concern is to implementa faster shutdown system actuated from inside the chamber (thecurrent one is only triggered from the outside).

Another possible improvement is to extend the information inthe workers’ ID card: currently it has the person’s identificationand all emergency telephone numbers. A way forward is to includethe person’s blood type and any known allergies (including allergicreactions to medical drugs).

4.2. The accident profile in the AA Shipyard and in the whole activitysector

Ideally, the estimation of accident risks in the particular taskanalysed above should be based on accumulated real data fromthe AA Shipyard, but the number of accidents and incidents in thesteel-blasting process has been low over the years. Even when con-sidering the whole TPS-Area, which already comprises several pro-cesses and a variety of tasks, the registers of six consecutive years(2001–2006 inclusive) reveal no more than 52 accidents at work;most were low injury cases and none was fatal. Given this limita-tion with accident data, the authors opted for using the whole sec-tor 35.1 as the reference dataset. Under the circumstances, thisseems to be a more robust starting point for establishing the riskassessment criteria. The main indicators for the year 2005 arethose summarised in Table 1.

Despite the limitations discussed above, the accident profiles ofthe two datasets were compared (Fig. 5) to establish how the dis-tribution of the variable ‘‘contact-mode of injury’’ (i.e., type of acci-dent) in the TPS-Area fits within the corresponding distribution ofthe whole sector.

Overall, the figure shows considerable similarities between thetwo distributions, and it appears acceptable using the whole sectoras a reference. The Top-2 modalities of accident are the same andare far more frequent than the rest, although there are differencesin their relative frequencies. When considered together, categoriesC40 and C70 represent more than 50% of all accidents in this activ-ity and the category C40 (struck by object in motion) is indisputablythe prevailing type of accident in both cases.

In the next section, the frequency distribution of the referencesector will be used as an indicator to categorise and to score thelikelihood of occurrence of the critical events in the bow-tie dia-grams (i.e., to categorise all eight types of accident). The distribu-tion of the variable ‘‘deviation’’ was also scrutinised, togetherwith the cross-comparison of ‘‘deviation � contact’’ (D � C). Inthe latter case, the purpose was essentially to verify which pairsof modalities (Di � Cj) were more relevant; this information wasthen used to check each diagram for completeness, i.e., to makesure that relevant deviation types had not been forgotten in theapplicable diagram.

4.3. The scoring system used for the assessment of accident risks

Having characterised the accident profile in this activity, andestablished the frequency of each type of accident (critical event),the next step was to explore a way of estimating the risk level asobjectively as possible and based on real accident data. A 4 � 5

Floor grids in bad condition

Lack of lighting

Bad extraction/ poor ventilation

Operator’s physical fitness

& Age

Hose vibrations

Hiring external labour

Workers transfered from

other areas

Variations of pressure

Hoses in bad condition

Objects with cutting edges

Big and heavy objects

Illu

min

atio

n im

prov

em

ent

Vent

ilatio

n im

prov

em

entM

aint

enan

ce p

lan,

In

spec

tion

Med

ical

in

spec

tion

&S

elec

tion

Per

iodi

c w

ork

paus

es

Trai

ning

Pre

ssur

e co

ntro

l de

vice

s

Ove

rpre

ssur

e al

arm

Turn

pie

ces

with

ove

rhea

d cr

ane

two

oper

ator

s tu

rnin

g pi

eces

Lack of experience & training

Tiredness

Poorvisibility

Stumbling on the floor grids /

objects,Operator’s slip

Loss of control of the hose

Contact 40Struck by object

in motion, collision with

Time of exposure / reaction

Distance of

operator

Emergency and

readiness for action

PP

EW

ork

over

all,

helm

et w

ith d

oubl

e vi

sor

and

forc

ed

air,

safe

ty b

oots

, glo

ves

, aur

icul

ar p

rote

ctor

s

Dev

ices

for

part

ial /

tota

l sh

utdo

wn

of s

yste

m

Vis

ual a

nd

Sou

nd W

arni

ng

sign

s

Per

sona

l ide

ntifi

catio

n ca

rd

“RE

ST

RIC

TE

D A

CC

ES

S”

Sig

ns

Firs

t Aid

Kit

Med

ical

Aid

Firs

t Aid

trai

ning CO

NS

EQ

UE

NC

ES

Prevention Barriers

HAZARDS

Influencing

Factors

Protection & Emergency Barriers

Fall of objects on the hose or on the person

Projection / emission of steel particles

Human FailureD40

Technical Failure D30


Breakage ofHose

Steel particlesunder pressure

Mai

nten

ance

&

Insp

ectio

n

Task

spe

cific

pr

oced

ures

Floor grids in bad condition

Lack of lighting

Bad extraction/ poor ventilation

Operator’s physical fitness

& Age

Hose vibrations

Hiring external labour

Workers transfered from

other areas

Variations of pressure

Hoses in bad condition

Objects with cutting edges

Big and heavy objects

Illu

min

atio

n im

prov

em

ent

Vent

ilatio

n im

prov

em

entM

aint

enan

ce p

lan,

In

spec

tion

Med

ical

in

spec

tion

&S

elec

tion

Per

iodi

c w

ork

paus

es

Trai

ning

Pre

ssur

e co

ntro

l de

vice

s

Ove

rpre

ssur

e al

arm

Turn

pie

ces

with

ove

rhea

d cr

ane

two

oper

ator

s tu

rnin

g pi

eces

Lack of experience & training

Tiredness

Poorvisibility

Stumbling on the floor grids /

objects,Operator’s slip

Loss of control of the hose

Contact 40Struck by object

in motion, collision with

Time of exposure / reaction

Distance of

operator

Emergency and

readiness for action

PP

EW

ork

over

all,

helm

et w

ith d

oubl

e vi

sor

and

forc

ed

air,

safe

ty b

oots

, glo

ves

, aur

icul

ar p

rote

ctor

s

Dev

ices

for

part

ial /

tota

l sh

utdo

wn

of s

yste

m

Vis

ual a

nd

Sou

nd W

arni

ng

sign

s

Per

sona

l ide

ntifi

catio

n ca

rd

“RE

ST

RIC

TE

D A

CC

ES

S”

Sig

ns

Firs

t Aid

Kit

Med

ical

Aid

Firs

t Aid

trai

ning CO

NS

EQ

UE

NC

ES

Prevention Barriers

HAZARDS

Influencing

Factors

Protection & Emergency Barriers

Fall of objects on the hose or on the personFall of objects on the hose or on the person



Human FailureD40



Breakage ofHose

Breakage ofHose

Steel particlesunder pressure

Mai

nten

ance

&

Insp

ectio

n

Task

spe

cific

pr

oced

ures

Fig. 4. The bow-tie diagram for Contact 40 (being struck by object in motion, collision with) in the ‘‘steel-blasting’’ task.

Table 1Relevant indicators in sector 35.1 (building and repairing of ships and boats).

Indicators (activity sector 35.1) Year 2005a

Number of fatal accidents 0Number of non-fatal accidentsb 1078Days lostb (total number) 18,407Average seriousness (mean days lost/accident) 17

a Reference year of data. In Portugal, this was the first year using a 3-digits levelfor coding the variable ‘‘economic activity of the employer’’. Only 2005 data wasavailable when this study was made.

b It must be pointed out that these non-fatal figures are not directly comparableto the EU harmonised statistics, as the Portuguese recording system accounts for allaccidents, regardless the number of lost (0+ days).

(a) AA Shipyard (TPS Area) (N=52)Contact – Mode of Injury; coding (Eurostat, 2001) 10. Contact with electrical voltage, temperature, hazardous subst. 20. Drowned, buried, enveloped 30. Horizontal or vertical impact with/ against a stationary object (the victim is in motion) 40. Struck by object in motion, collision with

C604%

C7024%

C106%

C204% C30

8%

C508%

C6010%

C7025%

C802%

C4038%

Fig. 5. The two distribution patterns, by th


risk-matrix, with five levels of risk, was established as shown in Ta-ble 2.

The dimension likelihood of occurrence was categorised into fourclasses of frequency, for which the criteria and scoring system isshown in the table.

On the other hand, the dimension potential seriousness wasscored into five classes, ranging from ‘‘slightly harmful’’ to ‘‘fatalinjury’’, as is also given in the table. In this case, the harmonisedvariable ‘‘days lost’’ was used to categorise the level of seriousness,through the construction of accident pyramids, which are alsostructured in five levels.

(b) National level, whole Sector 35.1 (N=1 078)50. Contact with sharp, pointed, rough, coarse Mat. Agent 60. Trapped, crushed, etc. 70. Physical or mental stress 80. Bite, kick, etc. (by animal or human) 99. Other Contacts - Modes of Injury not listed above 00. No information

C1011%

C3017%

C4029%

C5010%

C005%

C800%

C200%

e type of accident (variable contact).

Table 2Risk matrix adopted for establishing the risk levela.

Scores and criteria Seriousness/potential severity of harm (days lost)

1 Slightly harmful 2 Moderately harmful 3 Very harmful 4 Extremely harmful 5 Fatal

Likelihood of critical event1 Very unlikely (0–1%) Very low Low Low Medium High2 Unlikely (2–9%) Low Low Medium High High3 Likely (10–20%) Low Medium High High Very high4 Very likely (>21%) Medium High High Very high Very high

a The asymmetry of the matrix is intentionally conservative (e.g.: one single label ‘‘very low’’ in contrast with four labels ‘‘very high’’). At least until more abundant data isavailable this offers higher protection to exposed workers.

Fatal

Minor injuries - No absence

30-180 days

181+ days

Up to 30 days lost

N total = 1 078

0

1 [16]

8 [122]

31 [498]

28 [442]

Fig. 6. Accident pyramid in sector 35.1 (2005 data) (ratio to serious accidents 181+days).

C40 (~29%)(Struck by object)

1[3]

6 [19]

45 [135]

53 [158]

1[7]

5 [37]

18 [124]

13 [89]

C70 (~24%)(Physical or mental stress)

Fig. 7. Accident pyramids for the Top-2 modalities of contact (sector 35.1, 2005data).

Table 3The pyramids (ratios) of all modalities of contact (sector 35.1 in 2005).

C10 C20 C30 C40 C50 C60 C70 C80 Fatal (a)

- - - - - - - - 181+

days lost - - 1 1 1 - 1 -30-180 days

lost 1 - 8 6 8 1 5 -

Up to 30 days lost

11 - 24 45 36 2 18 -No lost time 27 1 14 53 7 2 13 -

Score for Seriousness 2 1 4 4 4 3 4 1

aThe absence of score 5 in ‘‘seriousness’’ denotes the non-occurrence of fatal acci-dents in this working population and in the reference period.


Fig. 6 shows the accident pyramid for the whole reference sec-tor, as well as the criteria for each level, starting from minor acci-dents with no absence from work, up to fatal occurrences.

The numbers in bold show the ratio whilst the numbers inbrackets are the actual number of accidents registered in that year(N = 1078). At this stage it is worthy highlighting a detail. Therewere no fatal accidents in the period concerned (year 2005), asthere is no record of any fatality in the AA Shipyard in the pasttwo decades. Thus, the reference level used for calculating the ratiowas the level registering more serious injuries, i.e., the one leadingto higher absence from work: 181+ days lost.

Accident pyramids have important limitations, as discussed byHale (2001), but they are still useful tools for comparing the poten-tial of fatality between different sectors of activity. The pyramidsprogressing faster to the top level indicate a higher potential forvery serious or fatal outcomes. In this assessment, the same philos-ophy is applied for comparing and ranking ‘‘partial’’ pyramids, eachrepresenting a specific type of accident (i.e., the contact in the cen-tre of each bow-tie diagram). Two examples are given in Fig. 7 forthe modalities of Contact C40 and C70 respectively. The absence offatal occurrences results in representations with only four levels.The figure also shows that, despite the modality C40 (struck by ob-ject in motion) is more frequent than C70 (physical or mental stress),it holds a slightly lower potential to originate very serious out-comes, since it progresses less rapidly to the top.

Applying the same criteria, the accident ratios were calculatedfor each of the eight modalities of contact and the result of thisexercise is shown in Table 3. The bottom row of the table indicatesthe scores given to the risk dimension potential seriousness. It couldbe argued that the C70 pyramid progresses somewhat faster to thetop, when compared with those of C30, C40 and C50. For this rea-son, it could be scored 5 to differentiate it from the others. How-ever, the authors opted for giving it a score 4, based on the

following: (1) there were no fatalities in the period, (2) statisticaldata from many other sectors reveal that C70 type of accidentshardly result in a fatality, and (3) based on the matrix established,a score 5 in the ‘‘seriousness’’ axis would not change the final risklevel of this modality.

Returning to the specific case under consideration, with regardto the risk of ‘‘being struck by something (C40) during a steel blastingoperation’’, one will now conclude that ‘‘likelihood’’ (�29%, Fig. 5)and ‘‘seriousness’’ (Table 3) are both scored 4. Entering this infor-mation in the risk-matrix (Table 2), it results in a classification of‘‘very high risk’’. The occurrence of fatal accidents in the referencedataset, in this case, would not have affected the risk level ob-tained, since the frequency of this type of accident is already unac-ceptably high.

The main advantage of this assessment approach is the reduceddependency of subjective judgments from the analysts. As is, it al-lows incorporating some level of objective evaluation, withoutbeing necessarily quantitative.


On the other hand, a current limitation is the fact that this typeof semi-quantitative assessment, based on aggregated statistics,does not allow to differentiate the risk level between tasks. The riskof ‘‘being struck by object in motion’’, for instance, would alwaysbe classified as a ‘‘very high risk’’ in the shipyard, which may notnecessarily be the case with other tasks. Such limitation can onlybe overcome with time, as more accident data is accumulated foreach production process or task.

Another limitation of using the sector’s aggregated statistics isthat the analyst does not know what barriers are already in place;therefore one cannot estimate the impact of new barriers in thesystem. Despite this, the bow-tie diagram keeps the virtue ofdirecting the analyst to identify the necessary barriers for each par-ticular case. Within an organisation, people will be able to identifywhich barriers are already in place and which are failing: either be-cause they are missing or because they are not being used properly.As such, it provides a means of improving the safety situation (andcurrent practice) even though there is no quantified way of assess-ing the impact of such improvements. In any case, the diagramshelp to identify risk controls and to apply the ALARP principle evenwithout quantification.

5. Concluding remarks

This paper has discussed an application of the bow-tie approachin a semi-quantitative assessment of occupational accident risks.The methodology proposed was demonstrated through a casestudy involving a particular type of accident likely to occur in ashipbuilding yard, during the steel-blasting process. In this ap-proach the critical event, in the centre of the diagram, is classifiedthrough the Eurostat variable ‘‘contact-mode of injury’’. This auto-matically implies the construction of eight separate diagrams (onefor each modality of contact) for the analysis of each single task.This requires more time than a classical all-embracing technique,but it has the advantage of forcing the analyst to focus on a partic-ular type of accident individually; it was felt that this processencourages more detailed analysis and better explanations of thepossible pathways leading to each type of accident.

Overall, the method described here consists of a sequence oftwo steps. The first is strictly qualitative and uses the bow-tie dia-gram as graphic tool for mapping the pertinent causes and conse-quences of the accident type under analysis. A particularly usefulfeature of this tool, even if used solely for qualitative analysis, isits ability to direct the analyst to make a clear distinction betweenprevention and protection/mitigation barriers for eliminating,reducing or attenuating the effects of the specific accident risk.The second step consists of a semi-quantitative estimation of risk,based on a five level risk-matrix. With the aim of reducing subjec-tive judgment to a minimum, the criteria for scoring ‘‘likelihood’’and ‘‘potential seriousness’’ were derived from actual accident sta-tistics of the activity sector 35.1 – building and repairing of shipsand boats, used as the reference sector. In this step, the ‘‘likeli-hood’’ of occurrence was scored through the frequency distributionof the variable ‘‘contact’’, whereas the scoring for ‘‘potential seri-ousness’’ was established by crossing the data of the variables‘‘contact � days lost’’. It is believed that this scoring system, basedon realistic accident data, incorporates some level of objectiveevaluation, without being necessarily quantitative.

Although the original bow-tie model is probabilistic and com-plex in nature, this industrial application case demonstrates thata simplified version of it can be successfully applied by individualorganisations in the field of occupational safety and that it brings a

number of advantages over more traditional methods (e.g.: TaskAnalysis or Energy Analysis). However, it has also revealed that,probably only large organisations can afford using this systematictool, since its application in the field seems to be more difficultthan the older techniques: not only it requires relatively more timebut also qualified safety professionals to run the analysis and buildthe diagrams. In spite of this well succeeded first trial, more re-search will be required to allow a clearer distinction between thedifferent tasks.

Acknowledgments

The authors are grateful to Arsenal do Alfeite and its top man-agement for their full cooperation in this work and for makingavailable all the necessary accident data and relevant information,which was essential for carrying out this study. A word of gratitudeis due to the Portuguese Office of Strategy & Planning GEP (Gabin-ete de Estratégia e Planeamento), of the Ministry of Labour and So-cial Solidarity, for supplying the national accident data pertinentto the Ship Building Sector.

References

Aneziris, O.N., Papazoglou, I.A., Baksteen, H., Mud, M., Ale, B.J., Bellamy, L.J., Hale,A.R., Bloemhoff, A., Post, J., Oh, J., 2008. Quantified risk assessment for fall fromheight. Safety Science 46 (2), 198–220.

Arsenal do Alfeite, 2003. Arsenal Safety Book – Safe Work, 2003 ed. Alfeite (inPortuguese).

Bellamy, L.J., Ale, B.J.M., Whiston, J.W., Mud, M.L., Baksteen, H., Hale, A., Papazoglou,I.A., Bloemhoff, A., Damen, M., Oh, J., 2008. The software tool Storybuilder andthe analysis of the horrible stories of occupational accidents. Safety Science 46(2), 186–197.

BSI-BS 8800, 2004. Guide to Occupational Health and Safety Management Systems.British Standard Institutions, UK.

Delvosalle, C., Fiévez, C., Pipart, A., Fabreg, J.C., Planas, E., Christou, M., Mushtaq, F.,2003. ARAMIS project: identification of reference accident scenarios in SEVESOestablishments. Safety and Reliability 2003, 479–488.

Delvosalle, C., Fiévez, C., Pipart, A., Debray, B., 2006. ARAMIS project: acomprehensive methodology for the identification of reference accidentscenarios in process industries. Journal of Hazardous Materials 130 (3), 200–219.

Dianous, V., Fiévez, C., 2006. ARAMIS project: a more explicit demonstration of riskcontrol through the use of bow-tie diagrams and the evaluation of safety barrierperformance. Journal of Hazardous Materials 130 (3), 220–233.

Eurostat, 2001. European Statistics on Accidents at Work (ESAW) – Methodology,2001 ed. DG Employment and Social Affairs. European Commission,Luxembourg.

Goossens, L., Hale, A., Mud, M.L., Oh, J.I.H., Papazoglou, I.A., Post, J., Whiston, J.Y.,2008. Quantifying occupational risk: the development of an occupational riskmodel. Safety Science 46 (2), 176–185.

Hale, Andrew., 2001. Conditions of occurrence of major and minor accidents.Institution of Occupational Safety and Health, IOSH Journal 5 (1), 7–21.

Hale, A., Ale, B., Bellamy, L., Whiston, J., Mud, M., Papazoglou, I., Bloemhof, B., Post, J.,Oh, J., 2005. Best practice in risk assessment: work accidents. In: EuropeanConsumer Safety Association Conference, Edinburgh, 20–21 April, 2005.

Harms-Ringdahl, L., 2001. Safety Analysis – Principles and Practice in OccupationalSafety, second ed. Taylor & Francis, London.

Kurowicka, D., Cooke, R., Goossens, L., Ale, B., 2006. Expert judgment study forplacement ladder bow-tie. In: Guedes Soares, Zio (Eds.), Safety and Reliabilityfor Managing Risk, vol. 1. ESREL 2006. Balkema, Taylor & Francis Group, London,pp. 21–27.

Papazoglou, I.A., Ale, B.J.M., 2007. A logical model for the quantification ofoccupational risk. Reliability Engineering and System Safety 92 (6), 785–803.

Salvi, O., Debray, B., 2006. A global view on ARAMIS, a risk assessment methodologyfor industries in the framework of the SEVESO II directive. Journal of HazardousMaterials 130, 187–199.

Trbojevic, V.M., 2001. Linking Risk Assessment of Marine Operations to SafetyManagement. In: Proceedings of the 6th Biennial Marine Transportation SystemResearch and Technology Coordination Conference, Washington DC, 14–16November, 2001.

Zuijderduijn, C., 1999. Risk management at Shell Pernis refinery/chemicals –implementation of SEVESO-II based on build up experiences, using a hazardsand effects management process. In: Proceedings of the Seveso 2000 EuropeanConference, Athens, Greece, 10–12 November, 1999.

SMRK5103 Risk Management Full Version Study Guide

Documents

risk assessment

risk assurance

risk strategy

risk response

assessment guide

course resources

course synopsis

course aims