Risk analysis is a vital part of safety management in the undertaking of any project. Safety risk management is all about managing risks. Projects come with inherent risk but managing that risk is what is important. First, it is essential to understand the difference between a risk and an issue. A risk is something that could happen in the future while an issue is something that has happened. Risk management allows management to plan ahead, not necessarily to avoid the risk, but to be as prepared as possible should the risk become an issue. In health and safety, this could mean the difference between an accident happening or not. Qualitative and quantitative techniques are important risk analysis tools and help develop a comprehensive risk management plan. Safety Risk Management : Risk Identification However, before even getting to the differences between qualitative and quantitative techniques, and how they can be used to improve safety, risks first must be identified. Risk identification is probably the most important component of a risk management plan. If the existence of a risk is not acknowledged it definitely can’t be managed. That’s why it is important to get input from as wide a range of people as is feasible. Risk identification needs to be a collaborative effort from all stakeholders in the project. Workers, no matter their status in the project, should feel that their voice matters and be encouraged to raise concerns when they see one. The ability to plan ahead could potentially save an employer huge amounts of money so it can’t be stressed enough how important it is that all workers feel included in this step of the risk management process. Risk identification is often done through brainstorming sessions so everyone should feel welcome to voice their health and safety concerns in a ‘no such thing as a bad idea’ type of atmosphere. The more risks people can name the better, as it improves the data set that will be used later in the risk analysis. Use surveys to get the knowledge of various stakeholders of the project and/or conduct interviews with those who may have key safety knowledge. A root cause analysis should be conducted that looks at the root cause of a hazard to determine whether the full effects of the problem can be averted. All risks need to be recorded to a risk register. This usually takes the form of an excel spreadsheet and is used to track risks throughout the life of a project. It is also a useful document for re-evaluating once the project is completed and management is looking to learn lessons from the process. Once the risk identification process has been exhausted, and all the potential health and safety issues have been logged in the risk register, a risk analysis can be conducted. Qualitative vs Quantitative Risk Analysis Qualitative risk analysis is a descriptive measure and relies upon the judgement skills of project managers to determine the impact and probability of risk, in this case, health and safety risks. Quantitative analysis is used to produce a more developed risk model and more accurate projections, depending on the quality of the data inputted. In a lot of good risk analyses relating to safety, there is a mix of qualitative and quantitative analysis that works together to produce a fairly comprehensive risk analysis. A good basic rule of thumb, that should always be remembered, is that qualitative analysis comes before quantitative because it forms the foundation for the more data analytical approach. Qualitative Risk Assessment: Qualitative risk analysis has a few advantages. It can be done quite quickly compared to quantitative analysis and so allows for more nimble and responsive decision making. In addition, risks can also be categorized by timing which helps decision-making. It’s also not dependent on the quality of data that is inputted as it relies on the judgment and experience of management. Qualitative Risk Assessment Tools:- Failure modes and effects analysis (FMEA): Qualitative risk analysis relies upon two main pieces of information: The impact of a risk occurring and the likelihood of that risk occurring. These two measures are subjectively determined by management and can be ranked on a 1-10 scale. An FMEA multiples these two measures together to produce a ranking of project risks. Another measure, the degree of warning that accompanies these risks, can also be inputted using the 1-10 scale to produce more information to support management planning mitigation strategies for the risk. In health and safety risk management, this technique allows for hazards to be identified and for root causes to be identified to be followed up on by management.
- Red, Amber, Green (RAG) and risk urgency assessment: Qualitative assessment relies on management judgment of risk and this technique allows management to classify their assessment of hazards into different levels of importance. Red is the most serious risk in terms of cost, impact and likelihood of the risk occurring, while green is the risk deemed to be of the lowest level impact. A RAG assessment can be combined with an urgency assessment to create good results, generating a list of risks in terms of their priority levels. A system like this allows management to organize and keep track of a project’s safety risk management.
- Categorization: This tool allows management to group risks by category. This makes the risk management process more organized and workable, especially for large projects. Risks can be categorized by impact and probability: Low-impact high probability, medium-impact low-probability etc. This gives management a good overview of the risks involved in the project and the information they need for planning their avoidance and mitigation strategies. Grouping risks by a shared commonality allows for a coordinated approach from management in dealing with the risk. For instance, if risks are categorized by their root cause, then that cause can be planned for and monitored closely by safety management.
- Event Trees: An event tree is a commonly used probability measurethat helps determine the potential outcome of various events. In safety risk management, event trees are used to project the event of a hazard occurring and the knock-on impacts that event would have. In risk management, event trees become very useful when combined with the Expected Monetary Value (EMV) of the risk occurring. EMV relies on two measures, probability and impact, and attaches an associated cost to each risk. When event trees are combined with EMV, they can be a really instructive and realistic illustration of how risks can impact the project and can help management significantly in their safety risk management strategy.
- Sensitivity Analysis: A Sensitivity analysis is a very useful tool in safety risk management. It shows the impact that a number of variables can have on risk. Simply put, a sensitivity analysis allows management to understand how one aspect of a project relates to the overall risk involved in the project. Management can then see how different project risks impact the overall safety risk in different ways and at different levels. The results of a sensitivity analysis can be clearly illustrated by a tornado diagram. Since this is a quantitative analysis, these figures are easily comparable and so can be of great help to management in identifying safety risks of a project.
- Project simulations: Project simulations are group enactments or stagings of situations. These simulations can be enacted by actual people on a team; where workers and managers simulate a project. This can help identify potential safety risks involved in the project as well as foster a spirit of teamwork within a group. Human error is always a risk in any project and project simulations can help both to identify risks and avoid any accidents relating to human error.
- Alternatively, management can employ a data analytical approach. Using a Monte Carlo simulation, we can input a range of outcomes that result from a hazard occurring and get a range of results from best case to worst case with an attached likelihood of each situation. The computer simulates all potential scenarios and can also project the most likely outcome based on the risks attached to the project. The key to this is advanced knowledge of the risk variables at play in the project. As mentioned before, quantitative analysis is only as good as the information inputted!
- Avoidance – For risks that can severely negatively impact a project, avoiding the risk totally is a good response (if possible).
- Mitigation – Reducing the impact of the risk occurring. This is probably the most common risk response.
- Transference – Transferring the impact of the risk to a third party i.e. an insurer.
- Acceptance – Some problems you can’t solve! The response of doing nothing needs to be a well thought out response that comes after reviewing all possible options and deciding that this is the best course of action.
