Special Issue—Risk Management

0957–5820/04/$30.00+0.00 # 2004 Institution of Chemical Engineers Trans IChemE, Part B, November 2004 Process Safety and Environmental Protection, 82(B6): 391–392

EDITORIAL Special Issue—Risk Management What has become of risk management? It has changed over the last fifty years, and this issue contains papers representing developments of many of the strands of thinking. For chemical engineers the roots of risk management are in safety and protection against large accidents (unlike, say, for actuaries or financiers, although loss prevention is common territory). When chemical engineering was young, say in the 1920’s, most if not all engineers were determinists. Some still are. Good design could eliminate serious faults and the plant would be safe. True, tragic accidents might still reveal flaws but these could be learnt from and then the plant would be perfect again. This was and is a very sound approach and it took some time for the community to realise that there is no such thing as a safe plant: some are just safer than others. This is a difficult psychological leap for any of us; truly to realize that one’s cherished design will have flaws is not easy; one can see this nowadays in HAZOP teams where designers tend to defend rather than scrutinize. After the Second World War, methods based on experience continued to develop, but had added to them methods that attempted to be numerically predictive and hence applicable to plant where there is no experience. The traditional sequence of risk management started to emerge:    

Analysis of past major accidents also yielded a much deeper understanding of the processes and sequences of events involved. This has never stopped: in the March 2004 issue of this journal there is an interesting reappraisal by Venart (82(B3): 105–127), using state of the art modelling, of the Flixborough accident, thirty years after the event. By the 1990’s predictive risk assessments were being widely used, not only for plant development and design but also for regulatory purposes such as land use planning (the UK Health and Safety Executive published their views on risk criteria for this in 1989 (Pape, R; HMSO), following closely on their risk criteria for nuclear power stations (in 1988)). So risk management as applied to major hazards moved in not a lot over fifty years from being embryonic to an established, quantitative, process. So is it mature now? Probably ‘yes’ in its traditional application to hardware failures and their consequences. Software is something of a different issue. Design of software has made great strides in the development of fault tolerant systems, but there has been no development, similar to hardware, of predictive techniques for estimating failure probabilities. So are people. Human factors were seen early on as an essential part of risk analysis, initially mostly by hardware analogy as a fallible component with failure rates that might be estimated for different influencing circumstances. These early methods for quantitative estimation have not been much improved on although the wider reach of human factors into management systems and culture has developed significantly qualitatively. Over the last decade or two the focus of risk management has gradually shifted to bringing stochastic risk techniques to bear on practical management problems, and making it more of a holistic approach. There is after all little point in designing plant that is relatively safe against major accidents if it is not also safe for workers, environmentally friendly, acceptable to the public and profitable for the owners. The papers in this issue contain current developments and reflections in most of these areas. Palazzi et al. and also Kossoy and Sheinman illustrate simplified methods able to help in ranking risk issues for attention. Khan et al. show risk methodology in support of risk based inspection and maintenance, but looking to encompass a wider than usual range of significant parameters through multiattribute analysis. Wang et al. look at the problem of data uncertainty in analysing safety integrity levels. Crawley considers the integration of safety health and environmental issues over the whole life of a plant. Abu-Khader addresses the issue of local culture and practice and its effect on plant management and human factor issues generally.

hazard identification; probability of that hazard; consequence; so what? – judgements and actions.

Hazard identification led on to the now ubiquitous HAZAN and HAZOP techniques, originating in the UK in ICI. These are arguably the most valuable single risk management technique ever. The use of frequencies and probabilities also led to the development of new methods. Fault trees emerged and proved to be a powerful tool in synthesizing the frequencies of neverexperienced events. (Their origin is probably in work in the Bell Telephone laboratories on the reliability of the Minuteman missile control systems.) Event trees emerged as one means of classifying and making some coherent sense of alternative outcomes from initiating events. Their origin was in the UK nuclear industry when looking at the routes by which reactor accidents might escalate. The US nuclear industry pioneered large scale number crunching risk analysis in the Rasmussen safety study and later. The techniques are so numerically seductive that they may well have led to a rash of over-credulity; this author (MB) at least has seen papers where the writers solemnly present accident probabilities of 1E-08 and lower. In the chemical and process industries, the prediction of consequences received a lot of attention. There was much work on modelling, and experiments to validate the models. Gas cloud formation, explosion, and toxic material dispersion were areas of great development in the 1970’s and 80’s in particular.

391

392

EDITORIAL

Park et al. provide a case study on how risk is evaluated and managed by a city for the gas pipeline system. Pollard et al. give an overview of an industry (the water industry) the important issues for running the business and the methods used. It is an example of the coming together of technical and business risk. Not all of the risks are amenable to strict quantification but the considering and balancing of them all is the centrepiece of modern risk management. This issue of this journal is not a comprehensive view of risk management (nor does it pretend to be) but the variety and content of the papers give a good illustration of what is now considered the proper span of risk management, and the techniques currently being brought to bear. Where are the future problem areas, those possibly remaining intractable? Everyone will have their own view and to try and make a prediction is a sure way to be proved wrong, but as food for thought . . .  Risk Perception. This is an area that has been much studied in parallel to the development of engineering risk analysis but has never successfully been brought together with it. The Royal Society of the UK had a brave attempt in their publication Risk Analysis, Perception, and Management but in the opinion of this author (MB) at least, failed. Turnbull (Ingenia 8 May 2001, Royal Academy of Engineering, UK) argues that this is not impossible but requires a deeper shared appreciation of risk and that this can only be obtained by better efforts on the part of the engineering professions to be understood more widely.







Software. The Holy Grail would be to be able to predict failure frequencies for new software. This may prove impossible. Developments along the lines of agreed standards for fault tolerant software may be the future. Globalization. The working and management culture can vary greatly (not only between developing and developed countries) and whilst one can export a plant one cannot a culture. Rapid innovation. Though quantitative, traditional risk analysis uses data that rest on a basis of experience. The most obvious example is that of failure rates for a standard piece of equipment. As new materials and processes are introduced, existing data are less relevant and new failure modes may even be introduced. This can be managed in a practical fashion through hazard studies but the ‘risk’ posed becomes less ponderable.

Sound engineering will always remain the essential. But as more diverse elements of life are incorporated in semiquantitative methods, risk management will probably develop through an expansion of scope, eventually using new tools we do not yet have.

Dr Mike Brown Serco Assurance, UK Dr Sam Mannan Texas A&M University, USA Subject Editors – Risk Management

Trans IChemE, Part B, Process Safety and Environmental Protection, 2004, 82(B6): 391–392