Risk Assessment Techniques

Chapter 4 Risk Assessment Techniques 4.1 4.1.1 Techniques for Risk Assessment An Overview Various tools and methods are used for the assessment of risk. Some of these tools and methods are here presented. As presented in Sect. 3.1.2, risk assessment includes (Fig. 4.1): • Risk identification • Risk Analysis • Risk Evaluation 4.1.2 Risk Assessment Techniques as Per ISO/IEC 31010:2009 “ISO/IEC 31010:2009 Risk management—Risk assessment techniques” is a standard dedicated to risk assessment techniques. It is a supporting standard for “ISO 31000 Risk management—Principles and guidelines” and guides how to select and apply systematic techniques for risk assessment. It includes 31 different techniques, although some techniques converge. It is not critical that managers know all of them but knowing more about these techniques will help managers better align the risk assessment process with the risk assessment objectives. The risk assessment techniques can be classified as following (Fig. 4.2) • risk identification • risk analysis © The Author(s), under exclusive license to Springer Nature Switzerland AG 2021 K. Tzanakakis, Managing Risks in the Railway System, Springer Tracts on Transportation and Traffic 18, https://doi.org/10.1007/978-3-030-66266-0_4 113 114 4 Risk Assessment Techniques Fig. 4.1 Risk assessment Fig. 4.2 Classification of risk assessment techniques – – – – – – consequence analysis qualitative, semi-quantitative or quantitative probability estimation assessing the effectiveness of any existing controls estimation the level of risk • risk evaluation Next Fig. 4.3 presents the various types of risk assessment techniques as per ISO/IEC 31010:2009. 4.1 Techniques for Risk Assessment 115 Fig. 4.3 Types of risk assessment techniques The techniques suitable for the various risk assessment types are presented in Fig. 4.4. Techniques providing quantitative outputs are marked with a bold frame. Table 4.1 presents the applicability of tools used for risk assessment as per ISO/ IEC 31010:2009 (Annex A, Table A). The techniques described in the next sections are indicated in Table 4.1 with a reference to the related Section. In Annex A of ISO, all techniques are described in detail. Column 7 of Table 4.1 is referring to the related Section of the ISO. 4.1.3 Look-Up Methods 116 4 Risk Assessment Techniques Fig. 4.4 Techniques suitable for the various risk assessment types Tools and techniques Sections Risk assessment process Risk analysis Risk identification Consequence Probability Risk evaluation See Annex A of ISO 1B 2 3 4 6 7 Brainstorming Structured or semi-structured interviews Delphi simulation technique Checklist analysis Preliminary hazard analysis Hazard and operability studies (HAZOP) Hazard Analysis and Critical Control Points (HACCP) Environmental risk assessment Structure « What if? » (SWIFT) Scenario analysis Business impact analysis Root cause analysis Failure mode effect analysis (FMEA and FMECA) Fault tree analysis (FTA) Event tree analysis Cause and consequence analysis Cause-and-effect analysis 4.1.4.2 4.1.4.1 ++ ++ o o o o o o o o B 01 B 02 4.1.4.3 4.1.3.1 4.1.3.2 4.1.6.3 ++ ++ ++ ++ o o o ++ o o o + o o o + o o o + B B B B ++ ++ o o ++ B 07 ++ ++ ++ + o ++ ++ ++ ++ ++ ++ ++ ++ ++ + + ++ ++ ++ ++ + + ++ ++ ++ ++ + + ++ ++ B B B B B B 08 09 10 11 12 13 + + + ++ o ++ ++ ++ ++ + ++ o + + + o + o + o B B B B 14 15 16 17 (continued) 4.1.5.1 4.1.6.1 and 4.1.6.2 4.1.5.2 4.1.5.3 03 04 05 06 117 1A Level of risk 5 4.1 Techniques for Risk Assessment Table 4.1 Applicability of tools used for risk assessment (based on ISO/IEC 31010:2009, Annex A, Table A) Tools and techniques 1A Sections 1B 4.1.9.1 4.1.7.1 4.1.8.1 4.1.9.2 Risk assessment process Risk analysis Risk identification Consequence Probability 2 3 + o ++ o ++ + + o o + + ++ + + ++ ++ ++ + ++ o ++ o ++ ++ ++ ++ ++ ++ Risk evaluation See Annex A of ISO 4 Level of risk 5 6 7 + ++ ++ ++ ++ o o o o ++ ++ ++ + + + + ++ ++ ++ o o o o + + ++ + ++ o + + + ++ o o ++ ++ ++ ++ + + + B B B B B B B B B B B B B B 18 19 20 21 22 23 24 25 26 27 28 29 30 31 4 Risk Assessment Techniques Layer protection analysis (LOPA) Decision tree Human reliability analysis Bow tie analysis Reliability centred maintenance Sneak circuit analysis Markov analysis Monte Carlo simulation Bayesian statistics and Bayes Nets FN curves Risk indices Consequence/probability matrix Cost/benefit analysis Multi-criteria decision analysis (MCDA) ++: Strongly applicable +: Applicable ∘: Not applicable 118 Table 4.1 (continued) 4.1 Techniques for Risk Assessment 4.1.3.1 119 Checklist Analysis Risk identification checklists are lists of hazards, risks or control failures developed based on historical information and knowledge that has been accumulated from previous similar cases and other sources of information, either as a result of a previous risk assessment or as a result of past failures. 4.1.3.2 Preliminary Hazard Analysis The Preliminary Hazard Analysis identifies safety-critical areas, provides an initial assessment of hazards and identifies requisite hazard controls and follow-on actions. The Preliminary Hazard Analysis is used to obtain an initial risk assessment of the system hazards. The preliminary hazard analysis (PHA) technique is a broad, initial study used in the early stages of system design. It focuses on 1. identifying apparent hazards, 2. assessing the severity of potential accidents that could occur involving the hazards, and 3. identifying safeguards for reducing the risks associated with the hazards. This technique focuses on identifying weaknesses early in the life of a system, thus saving time and money that might be required for major redesign if the hazards were discovered at a later date. PHA relies on brainstorming and expert judgment to assess the significance of hazards and assign a ranking to each situation. This helps in prioritizing recommendations for reducing risks. It is applicable to any activity or system and can be used as a high-level analysis early in the life of a process. It generates qualitative descriptions of the hazards related to a process. Provides a qualitative ranking of the hazardous situations; this ranking can be used to prioritize recommendations for reducing or eliminating hazards in subsequent phases of the life cycle. Quality of the evaluation depends on the quality and availability of documentation, the training of the review team leader with respect to the various analysis techniques employed, and the experience of the review teams. PHA focuses predominantly on identifying and classifying hazards rather than evaluating them in detail. It is most often conducted early in the development of an activity or system, when there is little detailed information, or there are few operating procedures. Often a precursor to further risk assessment. Next, an example is provided of a completed PHA table (Fig. 4.5) documenting the findings of an analysis team. 120 4 Risk Assessment Techniques Fig. 4.5 Example of a completed PHA table 4.1.4 Supporting Methods 4.1.4.1 Interviewing (Structured or Semi-structured) In this technique, people with previous experience in similar cases to yours or those with specialized knowledge or industry expertise are interviewed. For a structured interview, a set of questions is prepared in advance and individual interviewees are asked to tell you about any risks that they’ve experienced or that they think might happen on your case. It encourages the interviewee to view a situation from a different perspective and thus identify risks from that perspective. A semi-structured interview is more a conversation, allows more freedom and aims to explore issues which could arise. 4.1.4.2 Brainstorming Brainstorming is a way to expand your thinking on a topic. Brainstorming is a technique for gathering ideas, typically, from a group, to identify potential failure 4.1 Techniques for Risk Assessment 121 modes and associated hazards, risks, criteria for decisions and/or options for treatment. The group could be subject matter experts, team members, risk management team members, and anyone else who might benefit the process of the risk identification process. The technique is to ask them to start identifying possible risk events. The idea behind brainstorming is that one person’s idea might spawn another idea, and so on so that by the end of the session you’ve identified all the possible risks. Brainstorming can be used as a standalone technique or in combination with other risk assessment methods described briefly next or in detail in the ISO 31010. It can be used at any stage of the risk management process and any stage of the life cycle of a system. 4.1.4.3 The Delphi Method The name “Delphi Method” refers to the Oracle of Delphi, a priestess at a temple of Apollo in ancient Greece known for her prophecies. The Delphi method allows experts to work towards a convergent solution, a mutual agreement to a specific problem, by conducting a circulating series of questionnaires and releasing related feedback to further the discussion with each subsequent round. The experts’ responses shift as rounds are completed based on the information brought forth by other experts participating in the analysis. The first and very important step is to select a panel of individuals who have experience in the area at issue, they may be from both inside and outside the Organization. It is recommended, the panel members should not know each other, and the process should be conducted with members being at separate locations. Delphi members are given a questionnaire to identify potential risks. They, in turn, send their responses back to the facilitator of this process. All the responses are organized by content and sent back to the experts for further input, additions, or comments, who then send their comments back one more time, and the facilitator elaborates a final list of risks. The process is continued until group responses converge to a specific solution. The Delphi technique is a lot like brainstorming, only the people participating in the meeting do not necessarily know each other, and as mentioned, the people participating in this technique can be located at different places and usually participate anonymously. Emails can be used to facilitate the Delphi technique. The Delphi technique is a great tool that allows consensus to be reached quickly. One advantage is that it prevents persons to be unduly influenced by others in the group and in this way it is preventing bias in the outcome because the Delphi members usually do not know each other and also they usually do not know how others in the group responded. 122 4.1.5 4 Risk Assessment Techniques Scenario Analysis Techniques providing quantitative outputs, are marked with a bold frame (ISO/IEC 31010:2009). 4.1.5.1 Root Cause Analysis Root cause analysis (RCA) (Fig. 4.6) is a method of problem-solving used for identifying the root causes of faults or problems. A factor is considered a root cause if removal thereof from the problem-fault-sequence prevents the final undesirable outcome from recurring; whereas a causal factor is one that affects an event’s outcome but is not a root cause. Though removing a causal factor an outcome can benefit, but it does not prevent its recurrence with certainty. Fig. 4.6 Root cause analysis (RCA) 4.1 Techniques for Risk Assessment 123 Essentially it is based on four general principles: • • • • Define and describe properly the event or problem (‘five whys’ technique). Establish a timeline from a normal situation until the final crisis or failure. Distinguish between root causes and causal factor. Once implemented (and with constant execution), RCA is transformed into a method of problem prediction. The diagrams used with this type of analysis are sometimes known as fishbone diagrams because they look like the skeleton of a fish. The technique was developed by Professor Ishikawa in the 1960s. 4.1.5.2 Fault Tree Analysis (FTA) Fault Tree Analysis (FTA) is a technique for identifying and analysing factors that can contribute to a specified undesired event (called the “top event”). It can be used to predict the most likely failure in a system breakdown (Fig. 4.7). Fault Tree Analysis may be used qualitatively to identify potential causes and pathways to a failure (the top event) or quantitatively to calculate the probability of the top event, given knowledge of the probabilities of causal events. Fig. 4.7 Fault Tree Analysis (FTA) 124 4 Risk Assessment Techniques This analysis method is mainly used in the field of safety engineering and reliability engineering to determine the probability of a safety accident or a particular system level (functional) failure. This technique is presented in EN 61025:2007 (“Fault tree analysis [FTA]”). 4.1.5.3 Even Tree Analysis (ETA) This analysis technique is used to analyse the effects of functioning or failed systems given that an event has occurred. ETA is a powerful tool that will identify all consequences of a system that have a probability of occurring after an initiating event that can be applied to a wide range of systems (Fig. 4.8). This technique may be applied to a system early in the design process to identify potential issues that may arise, rather than correcting the issues after they occur. With this forward logic process, use of ETA as a tool in risk assessment can help to prevent negative outcomes from occurring, by providing a risk assessor with the probability of occurrence. ETA uses a type of modelling technique called event tree, which branches events from one single event using Boolean logic. This technique is presented in EN 62502:2011 (“Analysis techniques for dependability. Event tree analysis (ETA)”). 4.1.6 Function Analysis Techniques providing quantitative outputs are marked with a bold frame (ISO/ IEC 31010:2009). 4.1.6.1 Failure Mode and Effects Analysis (FMEA) FMEA is a structured process to identify the potential failure modes of the elements of a system, the causes of these failures, and their effects. Failure modes are identified for each component, and the effects of each failure mode on larger assemblies and the whole system are identified. Some of these effects may include hazards. Potential failure modes can be identified based on past experience with similar products or processes, enabling the team to design those failures out of the system 4.1 Techniques for Risk Assessment 125 Fig. 4.8 Event Tree analysis of a fire—a simple example with the minimum of effort and resource expenditure, thereby reducing development time and costs. Every product or process is subject to different types or modes of failure and the potential failures all have consequences or effects. • Identify the potential failures and the associated relative risks designed into a product or process • Prioritize action plans to reduce those potential failures with the highest relative risk • Track and evaluate the results of the action plans An example is provided in the next Fig. 4.9. Column 1: Column 2: Column 3: What is the component or process? What is the intended function(s)? A potential failure mode represents any manner in which the component or process step could fail to perform its intended function or functions (i.e. rail may crack/break) Column 4: What are the potential causes of failure? Column 5: What is the effect(s) if the component or the process fails? Column 6: on a scale 1–10 rate the likelihood of each failure (10 = max) Column 7: on a scale 1–10 rate the severity of each failure (10 = max) Column 8: on a scale 1–10 rate the detectability of each failure (10 = least detectable (Very rare likelihood of detecting failure mode)/ 1 = Almost certain detection of failure mode) Column 9: RiskRisk Priority Number (RPN) is the combined weight of Likelihood, Severity and Detectability Column 10: Recommended Corrective Action to mitigate the risks Columns 11–14: new likelihood, severity and detectability, after recommended actions Cause(s) Of Failure Effect(s) Of Failure 1 2 3 4 5 6 7 8 (L)*(S)*(D) Failure Mode(s) (Risk Priority Number) Component Funcon Detecon Index (D) RPN Component / Process Severity (S) 4 Risk Assessment Techniques Likelihood (L) 126 9 Recommended Acon new Likelihood (L) new Severity (S) new Detecon Index (D) new RPN (L)*(S)*(D) Aer Acons Taken 10 11 12 13 14 Fig. 4.9 A template for the “Failure Mode and Effects Analysis (FMEA)” For further guidance see “EN 60812:2006—Analysis techniques for system reliability. Procedure for failure mode and effects analysis (FMEA)”. 4.1.6.2 Failure Mode, Effects and Criticality Analysis (FMECA) Failure Mode, Effects and Criticality Analysis (FMECA) is an extension of FMEA by including a criticality analysis, which is used to chart the probability of failure modes against the severity of their consequences. The result highlights failure modes with relatively high probability and severity of consequences, allowing remedial effort to be directed where it will produce the greatest value. 4.1.6.3 A Hazard and Operability Study (HAZOP) A structured and systematic examination of a planned or existing process or operation in order to identify and evaluate problems that may represent risks to personnel or equipment or prevent efficient operation. A HAZOP is a qualitative technique based on guide-words and is carried out by a multi-disciplinary team (HAZOP team) during a set of meetings, to assess the hazard potential that arises from deviation in design specifications and the consequential effects on the facilities as a whole. 4.1 Techniques for Risk Assessment 127 This technique is usually performed using a set of guide words: NO/NOT, MORE/LESS OF, AS WELL AS, PART OF REVERSE, AND OTHER THAN. From these guidewords, scenarios that may result in a hazard or an operational problem are identified. Consider the possible flow problems in a process line, the guide word MORE OF will correspond to high flow rate, while that for LESS THAN, low flow rate. The consequences of the hazard and measures to reduce the frequency with which the hazard will occur are then discussed. This technique had gained wide acceptance in process industries as an effective tool for plant safety and operability improvements. For further guidance, see EN 61882:2016—Hazard and operability studies (HAZOP studies). Application guide 4.1.7 Controls Assessment Techniques providing quantitative outputs are marked with a bold frame (ISO/IEC 31010:2009). 4.1.7.1 Bow Tie Analysis The method takes its name from the shape of the diagram that you create, which looks like a men’s bowtie (Fig. 4.10). Bow tie is using a graphical representation and is describing and analysing the pathways of a risk from causes to consequences. It combines the fault tree analysing (cause of an event represented by the knot of a bow tie) and the event tree analysis (analysing the consequences). A Bowtie diagram is also identifying control measures an Organization has to take to treat the risks. Once the control measures are identified, the Bowtie method takes it one step further and identifies the ways in which control measures fail. Besides the basic Bowtie diagram, management systems should also be considered and integrated with the Bowtie. Integrating the management system in a Bowtie demonstrates how An Organization manages hazards. The Bowtie can also be used effectively to assure that Hazards are managed to an acceptable level (ALARP). 128 4 Risk Assessment Techniques Fig. 4.10 Bowtie diagram 4.1.8 Statistical Methods Techniques providing quantitative outputs are marked with a bold frame (ISO/ IEC 31010:2009). 4.1.8.1 Monte Carlo Simulation Scientists working on the atom bomb first used the technique; it was named for Monte Carlo, the Monaco resort town made famous by its casinos. With games of chance, all the possible outcomes and probabilities are known, but the set of future outcomes is unknown. It is up to the analyst to determine the set of outcomes and the probability that they will occur. In Monte Carlo simulation, the analyst runs multiple trials (often thousands) to determine all the possible outcomes and the probability that they will take place. It lets you see all the possible outcomes of your decisions and assess the impact of risk, allowing for better decision making under uncertainty. The essential idea is using randomness to solve problems that might be deterministic in principle. In principle, Monte Carlo methods can be used to solve any problem having a probabilistic interpretation. Monte Carlo model approximates solutions to quantitative problems through statistical sampling. It is a decision-making tool that integrates the concept that every decision will have some impact on overall risk. The probability distributions produced by a Monte Carlo model create a picture of risk. Because of advances in software, very complex Monte Carlo models can be designed and executed by anyone with access to a personal computer. 4.1 Techniques for Risk Assessment 129 Since its introduction in World War II, Monte Carlo simulation has been used to model a variety of physical and conceptual systems. 4.1.9 Other Techniques 4.1.9.1 Decision Tree Analysis A Decision Tree Analysis is a graphic representation of various alternative solutions that are available to solve a problem. It is a diagram that shows the implications of choosing one or other alternatives. The manner of illustrating often proves to be decisive when making a choice. Because each decision or event node has at least two alternatives, the structure of the decision looks like a tree, typically placed on its side with the root on the left and the branches on the right, with potentially many branches. 4.1.9.2 Cost-Benefit Analysis Introduction Cost-benefit analysis (CBA) is a useful tool for organizing, assessing and finally presenting the cost and benefits, and pros and cons of interventions [1]. A CBA allows comparisons between all the possible alternatives to assist the decision-makers in examining the most profitable safety measure to invest. Risk is commonly defined as the probability of potential impacts affecting people, assets or the environment. Natural disasters may cause a variety of effects which are usually classified into social, economic, and environmental impacts as well as according to whether they are triggered directly by the event or occur over time as indirect or macroeconomic effects (Fig. 4.11). Two important issues deserve special attention when conducting a CBA [1]. 1. Assessment of risk: The analysis should be done by analyses that should take account of the probability of future disaster events occurring (stochastic manner), in order to account for the specific nature of natural hazards and associated disaster impacts. Fig. 4.11 Disaster, risk and categories of potential disaster impacts (as per [1]) 130 4 Risk Assessment Techniques 2. Assessment of avoided risks: As disaster risk is a downside risk, benefits are the risks avoided. The core benefit generated by investments in disaster risk management is the reduction in future impacts and losses. Estimating the economic efficiency of an intervention, benefits and costs need to be compared. Costs and benefits arising over time need to be discounted to render current and future effects comparable. From an economic point of view, $1 today has more value than $1 in 10 years; thus future values need to be discounted by a discount rate representing the preference for the present over the future. Furthermore, costs and benefits are compared under a common economic efficiency decision criterion to assess whether benefits exceed costs. Cost-benefit analysis (CBA) provides an objective means of comparing the costs and benefits of the risk without treatment and the comparable costs and benefits of the treated risk (Fig. 4.12). There should be a consistent approach to comparing the costs and benefits of different options. All the benefits should be considered: both direct benefits and indirect benefits as also both direct and indirect costs. Costs and benefits may be quantitative or qualitative. Benefits can arise: a. Directly from the reduction in risk. b. Increased opportunities. c. Indirectly such as from greater management confidence, savings such as insurance premium reductions, or improvements in intangibles like reputation or credit rating. Fig. 4.12 Relation between the level of safety and related cost 4.1 Techniques for Risk Assessment 131 Costs can be: a. Direct costs related with treatment options and their implementation. b. Increased risk of negative outcomes or reduced opportunities. c. Indirect costs such as loss of productivity, disruption from core business activities, management time, etc. Three decision criteria are of significant importance in CBA [2]: • See section Net Present Value (NPV). • See section Cost Benefit Ratio. • Internal Rate of Return (IRR): Whereas the above two criteria use a fixed discount rate, this criterion calculates the interest rate internally, which represents the return on investments in the given project. A project is rated desirable if this IRR surpasses the average return of public capital determined beforehand (i.e. 12%). The Net Present Value (NPV) The NPV is the most useful and one of the most commonly used criteria for determining whether an intervention should be accepted. The net present value formula is: NPV ¼ n X ðBt t¼0 Ct Þ ð1 þ rÞt where, Bt are benefits in period t Ct are costs in period t r is the appropriate financial or economic discount rate n is the number of years for which the project will operate For input to our calculation, future costs are converted to their current equivalent by using a suitable discount rate: in the analysis of the interventions, any costs and benefits of an intervention that are received in future periods are discounted, or deflated by some factor, r. The factor used to discount future costs and benefits is called the discount rate and is usually expressed as a percentage. Example: 100 USD receivable today is more than 100 USD receivable a year later, as 1000 USD received today will earn interest or profits and shall accumulate to more than 100 USD in a year. Alternatively, 100 USD received today can be used to reduce borrowing thereby avoiding interest payments as well as reducing debts by 100 USD. Assuming that the Railways’ cost of finance is its current dividend rate (say 6% per year), USD 106 received a year hence should be worth 100 USD today and 100 0USD which may be received in a year is worth about 94 USD today (actually it is worth 94.34 USD). Likewise, the present value of 100 USD receivable 2 years hence is about 89 USD, and so on. In this way, the cash flow for the intervention in any future year can be discounted to obtain the present value. 132 4 Risk Assessment Techniques For example, suppose an intervention is expected to yield a stream of benefits equal to B0, B1, B2, …, Bn and to incur a stream of costs equal to C0, C1, C2, …, Cn in years 0, 1, 2, …, n. Then in each period, the net benefits (benefits minus costs) of the project will be: (B0–C0), (B1–C1), (B2–C2), …, (Bn–Cn) This is simply the intervention’s net benefit flow. If the discount rate, r, is constant, then the discounted cash flow of the project can be represented as: Year Year 0 Year 1 Benefit flow B0–C0 Year 2 ðB1 C1 Þ ð1 þ rÞ2 Year 3 ðB1 C1 Þ ð1 þ rÞ3 Year n ðB1 C1 Þ ð1 þ rÞn ðB1 C1 Þ ð1 þ rÞ Once future net income streams have been discounted in this way, expenditures and revenues from all the different time periods will be valued in units of similar value—present day units of currency. They will then be directly comparable with each other and can be added together. Adding the discounted net benefits from each year of the intervention, life, its discounted net benefit flow, gives a single monetary value called the intervention’s net present value, NPV. For, the previous example, the intervention’s NPV is: The net present value criterion of an intervention is the single most important measure of the intervention’s worth. In the above Table 4.2, an r = 6% discount rate is used to discount the net benefits of a railway intervention. The intervention’s NPV can then be estimated by just adding up these discounted net benefits. Columns (1), (2) and (3) show the non-discounted costs, benefits and net benefits (benefits-costs) of the railway intervention. Column (4) gives the discount factor, 1/(1 + r)t, by which the non-discounted net benefits in column (3) are multiplied, to obtain the discounted value of these net benefits in each year, t, shown in column (5). These discounted net benefits can then be added together to obtain the total discounted net benefits, or net present value, of the intervention. The bottom line of the table shows that the NPV comes to 57.06 million USD if a 6% discount rate is used. An NPV higher than zero indicates that the discounted benefits of the intervention are expected to be higher than its discounted costs and the intervention will, therefore, be worth undertaking. 4.1 Techniques for Risk Assessment 133 Table 4.2 Example: Cash flow of an intervention—discounted at 6% discount rate (million USD) (3)=(2)-(1) Discount Factor 1/(1+r)t (4) (5)=(3)*(4) 0 -100 1 -100,00 400 50 -350 0,943 -330,19 2 200 150 -50 0,890 -44,50 3 100 200 100 0,840 83,96 4 100 200 100 0,792 79,21 5 100 200 100 0,747 74,73 6 100 200 100 0,705 70,50 7 100 200 100 0,665 66,51 8 100 350 250 0,627 156,85 Total 1.300 1.550 250 Costs Benefits (B) Net Benefits (1) (2) 0 100 1 Year (t) NPV = Net Benefits 57,06 This example illustrates how crucially the estimation of an intervention’s NPV depends on the discount rate employed.1 A lower discount rate would have deflated future income by less and increased NPV of the intervention. A higher discount rate would have deflated future income more heavily and decreased the NPV of the intervention, possibly changing it from positive to negative. The selection of the appropriate discount rate is, therefore, a critical issue in intervention appraisal. In the above example, a discount rate of r = 7% gives an NPV of 32.85 Million USD, and a discount rate of r = 8% gives an NPV of 10.44 Million USD. A discount rate of r = 8.5% gives a negative NPV (−0.15 Million USD). The NPV of an intervention is –as presented- the sum of the present values of the net cash flows for all the years of the intervention’s economic life (present value of incomes minus present value of expenses). Interventions and processes with the 1 The discount rate is roughly the opportunity cost of capital: it is the cost of using the capital in one project renouncing to earn a return in another project. Its value is defined mostly empirically for a given project, in a given country or region, for a given firm and at a given time. The value of the discount rate can have a very serious impact on the decision making process of a cost benefit or life cycle cost analysis. 134 4 Risk Assessment Techniques highest NPV are usually the winners. Often incremental changes on an intervention can lead to a positive NPV. Thus many improvement interventions must be selected on the least negative NPV values from many alternatives. NPV in decision making: If … NPV > 0 NPV < 0 NPV = 0 It means … the investment on the planned intervention would add value to the Infrastructure Manager the investment on the planned intervention would subtract value from the Infrastructure Manager’s or government’s available budget the investment on the planned intervention would neither gain nor lose value for the Infrastructure Manager’s or government’s available budget Then … the intervention may be accepted the intervention should be rejected We should be indifferent in the decision whether to accept or reject the intervention. This intervention adds no monetary value A decision should be based on other criteria, i.e. strategic positioning or other factors not explicitly included in the calculation The Cost-Benefit Ratio The Cost-Benefit Ratio is a variant of the NPV. The benefits are divided by the costs. If the ratio is higher than 1, i.e. benefits exceed costs, a project is considered to add value to society. Costs and benefits should be calculated over an appropriate time span, on the basis of discounted cash flow. Cost Benefit Ratio ¼ Net Present Value of Benefits [1 Net Present Value of Costs Benefits = • value of avoided injuries+ • damage avoided+ • other benefits. Costs should be shared by those who benefit from the reduction of the risk. Qualitative Analysis of Costs and Benefits Cost-benefit analysis (CBA) presented in Sects. 4.1.9, and 4.1.9.2, is comparing estimated costs and benefits. In many cases, it will not be possible to quantify all 4.1 Techniques for Risk Assessment 135 costs and all benefits and sometimes benefits cannot be quantified at all. For example, preventing the damage to reputation caused by a major incident cannot be easily quantified. Cost-Benefit of Risk Reduction Costs and benefits should be calculated over an appropriate time span, on the basis of discounted cash flow. Cost Benefit Ratio ¼ Net Present Value of Benefits Net Present Value of Costs Benefits = • value of avoided injuries+ • damage avoided+ • other benefits. Costs should be shared by those who benefit from the reduction of the risk. Value of Avoided Deaths and Injuries The cash valuations of preventing health and safety effects on people are presented for UK (2003) and New Zealand (2017) United Kingdom (http://www.hse.gov.uk/risk/theory/alarpcheck.htm) Values in £ Fatality Injury Permanently incapacitating injury Serious £1,336,800 (times 2 for cancer) Moderate to severe pain for 1– 4 weeks. Thereafter some pain gradually reducing but may recur when taking part in some activities. Some permanent restrictions to leisure and possibly some work activities Slight to moderate pain for 2–7 days. Thereafter some pain/discomfort for Values in USD2 $ 1,690,000 £207,200 $ 262,000 £20,500 $ 25,900 (continued) 2 Approximately, as per June 2019. 136 4 Risk Assessment Techniques (continued) several weeks. Some restrictions to work and/or leisure activities for several weeks/months. After 3– 4 months, return to normal health with no permanent disability Injury involving minor cuts and bruises with a quick and complete recovery Slight Illness Permanently incapacitating illness Other cases of ill health Minor £300 $ 380 Same as for injury £193,100 $ 244,000 Over one-week absence. No permanent health consequences £2300 + £180 per day of absence £53 $2900 + $230 per day of absence $ 67 Up to one-week absence. No permanent health consequences New Zealand As a guide the value of avoided deaths and injuries can be taken as [3]: Injury (2017) Value (2017) (New Zealand Dollars) Fatality Serious injury Minor injury $ 4,915,000 $ 513,000 $ 29,000 Value (USD) (Approximately, as per June 2019) $ 3,212,000 $ 335,000 $ 19,000 Example of CBA Calculation Case of serious train/car accident because passing level crossing barriers Example of the case examined “Serious train/car accident because of passing level crossing barriers.” (Figure 4.13) 1. We estimate the probability of the accident to happen 40.2% 2. Let us for this example assume that if an accident happens, • • • • 1 person will die, persons will be seriously injured and persons minor injured 3 cars will be damaged 3. The value will be estimated: • 1 person died X 1,000,000 USD = 1,000,000 USD • 2 persons will be seriously injured = 2  100,000 = 200,000 USD 4.1 Techniques for Risk Assessment 137 Fig. 4.13 Level crossing • 3 persons minor injured = 3 X 5,000 = 15,000 USD • Car damage = 25,000 USD TOTAL = 1,240,000 USD 4. We plan to improve the safety of the road crossing, with a cost estimated on 80,000 USD. 5. We calculate that the probability of an accident will decrease from 40.2 to 25%. 6. What will be the Cost-Benefit of Risk Reduction? Present Value of Benefits 7. As we discussed: Cost Benefit Ratio ¼ Net Net Present Value ofCosts 8. We calculate: • The benefit will be a decrease of the accident probability from 40.2% to 25% = 15.2% • The Value of Benefits will be 15.2% X1, 240,000 USD  190,000 USD • The Value of Costs will be 80,000 USD • So, the Cost Benefit Ratio ¼ 190;000 80;000  2:4  1 So, the investment in improving the safety of the road crossing is extremely beneficial. Explosion in a rolling stock maintenance depot A simple method for coarse screening of measures is presented below. This puts the costs and benefits into a common format of ‘USDs per year’ for the lifetime of a plant. Consider a rolling stock maintenance depot with a process that if it were to explode could lead to: • • • • 20 fatalities 40 permanently injured 100 seriously injured 200 slightly injured 138 4 Risk Assessment Techniques The rate of this explosion happening has been analysed to be about 1  10−5 per year, which is 1 in 100,000 per year. The plant has an estimated lifetime of 25 years. How much could the Organization reasonably spend to eliminate (reduce to zero) the risk from the explosion? If the risk of explosion were to be eliminated the benefits can be assessed to be: • • • • • Fatalities: 20  1,336,800  1  10−5  25 years = 6684 Permanent injuries: 40  207,200  1  10−5  25 years = 2072 Serious injuries: 100  20,500  1  10−5  25 years = 512 Slight Injuries: 200  300  1  10−5  25 years = 15 Total benefits: USD 9.283 The sum of USD 9.283 is the estimated benefit of eliminating the major accident explosion at the plant on the basis of avoidance of casualties. (This method does not include discounting or take account of inflation.) For a measure to be deemed not reasonably practicable, the cost has to be grossly disproportionate to the benefits. This is taken into account by the disproportion factor (DF). In this case, the DF will reflect that the consequences of such explosions are high. A DF of more than 10 is unlikely. Therefore it might be reasonably practicable to spend up to somewhere in the region of USD 93,000 (USD 9300  10) to eliminate the risk of an explosion. The duty holder would have to justify the use of a smaller DF. This type of simple analysis can be used to eliminate or include some measures by costing various alternative methods of eliminating or reducing risks. 4.1.9.3 Other Techniques not Mentioned in the ISO/IEC 31010:2009 Next, other techniques not mentioned in the ISO/IEC 31010:2009 are briefly presented. Three-Point Estimate Three-Points estimation is a technique that involves people that are professional in the task we are estimating by this technique. It is called three-point estimation because the team members provide their pessimistic, optimistic and best guess estimates for their risk estimation, based on prior experience or best-guesses. Three-point estimation is a: • Triangular distribution (Simple Average) • Beta distribution (Weighted Average). 4.1 Techniques for Risk Assessment 139 The process for the Tree Point Estimation technique Team members involved in the process are requested to make three estimates: the pessimistic (P), the most likely (M) and the optimistic (O) estimation. Then you do some simple mathematics with the three estimates: Three-point Estimation3: P þ 46M þ 0 Standard deviation: P 0 6 The calculation reflects the amount of risk in the task and the severity of the impact of optimistic and pessimistic risks. Standard deviation is the possible range for the estimate. You can assess and compare the risk of various cases by looking at the ranges of the cases and the standard deviations. Expected Monetary Value (EMV) Expected Monetary Value (EMV) is a method used to establish the contingency reserves for a project budget and schedule. As we discussed, once you have identified your risks, you need to calculate out both the likelihood of the threats being realized, and their possible impact. One way of doing this is to make your best estimate of the probability of the event occurring, and then to multiply this by the amount it will cost you to set things right if it happens. This gives you a value for the risk: Risk Value = Probability of Event  Cost of Event Or If we express the risk value as the Expected Monetary Value (EMV): EMV = P * I (P =Probability, I = Impact) Example Imagine you have a business and you have identified a risk that your rent might rise substantially. You think that within the next year there is a 70% chance that this will happen because your landlord has recently increased rents for other businesses. If this happens, over the next year it will cost your business an additional $350,000. So the rent increase risk value is: 70% (Probability of Event)  $500,000 (Cost of Event) = $245,000 (Risk Value) 3 Or “Beta distribution”. 140 4 Risk Assessment Techniques Expert Judgment Risk identification experts can include anyone with experience in working on similar projects, experience working in the business area for which the project was conducted, or industry-specific experience. When using this technique, you should consider any bias that your experts may have with regard to the project or potential risk events. SWOT Analysis SWOT Analysis is a useful technique for understanding your Strengths and Weaknesses, and for identifying both the Opportunities open to you and the Threats you face (Fig. 4.14). In general, strengths and weaknesses are related to issues within the Organization. Strengths examine what’s going well with your Organization and what your customers or the marketplace see as your strengths. Weaknesses are areas that may be improved by the Organization. Negative risks are typically associated with the weaknesses of the Organization and its strengths are associated with positive risks. The Organization usually has external opportunities and threats. SWOT analysis is sometimes referred to as internal-external analysis and can be used to help discover and document potential risks in combination with brainstorming techniques. Fig. 4.14 SWOT analysis structure 4.1 Techniques for Risk Assessment 141 Sensitivity Analysis Sensitivity Analysis is a technique used to determine which risks affect a project the most. It is a quantitative method of analysing the potential impact on the project of risk events and determining which risk event (or events) has the highest impact potential by examining all the uncertain elements at their baseline values. A tornado diagram is one way to display sensitivity analysis data. A Functional Hazard Analysis (FHA) A systematic, comprehensive examination of functions to identify and classify failure conditions of those functions according to their severity. For the analysis of a change to the railway, it may be appropriate to apply the FHA at the system level. This would involve a high-level, qualitative assessment of the defined functions of the system (as specified in the system definition). The system-level FHA is undertaken to identify and classify the failure conditions associated with the system-level functions. FHA involves less work than FMEA/FMECA and can be started earlier, because a specification, and not a design, is all that is required. However, FHA is not good at finding hazards that are not easily characterised as the failure of a function (such as electromagnetic interference or fuel leakage). Failure Block Diagram Analysis The analysis of a system based on the component reliabilities. It is a method of modelling how components and subsystem failures combine to cause system failure. Reliability block diagrams may be analysed to predict the availability of a system and determined the critical components from a reliability viewpoint. 4.1.10 Accident Rates Fatality rates can be expressed in the following terms [4], see also Sect. 3.5.4.3: Fatality Accident Rate (FAR) The FAR or Fatal Accident Rate is a measure of how many people would die per 100 million exposure hours. This is approximately the same as saying how many deaths are likely in 1000 people, over their working lives. It assumes an average of working 2000 h a year, and a working life of 50 years (Note, that standard hours worked per annum is 1886 h). By their very nature, FARs vary significantly throughout a passenger trip or working day. An average rate of exposure is therefore used. 142 4 Risk Assessment Techniques FAR ¼ 100; 000; 000  DPA ðDeath per annumÞ ðNumber of people exposedÞ  ðHouse exposed per annumÞ Equivalent Fatal Accident Rate (EFAR) Injuries will be considered as if 10 serious injuries are equivalent to death, and 200 minor injuries are equivalent to death. Therefore, Equivalent Deaths per annum (EDPA) EDPA ¼ DPA þ   serious injuries p:a: minor injuries p:a: þ 10 200 where DPA = deaths per annum p.a. = per annum Then Equivalent Fatal Accident Rate (EFAR): EFAR ¼ 100; 000; 000  EDPA ðNumber of people exposed Þ  ðHours exposed p:a:Þ ð4:5Þ where EDPA = Equivalent Death per annum Often the DPA or EDPA will have to be assessed statistically, i.e. one death may be expected every 20 years giving a likelihood of 0.05 deaths p.a. Where no detailed information such as accident history is available, consideration of any industry-wide information may assist. Example of Accident Rate calculation • Say 500 rail personnel in a workgroup, each working 1886 h per annum • In this workgroup say there have been 3 fatalities in the last 15 years • From the personal accident database, there have been 6 serious injuries and 113 minor injuries since in the last 12 months So, DPA = 3/15 = 0.2 which = 0.2 in 500, which = 1 in 2500, which is less than 1 in 1000 so it is  0:2 below the Upper Bound (see Sects. 3.5.4.2 and 3.5.4.3). FAR ¼ 100;000;000 ¼ 500  1886 21:2 which is less than 50 (see Sect. 3.5.4.3) 6 EDPA ¼ 0:2 þ 10 þ 113 200 ¼ 1:365 in 500 Which is 1 in 366, which is greater than 1 in 400, so it is above the Upper Bound (see Sects. 3.5.4.2 and 3.5.4.3).  1:365 EFAR ¼ 100;000;000 ¼ 145, which is greater than 125 (see Sect. 3.5.4.3). 500  1886 Therefore, the FAR is ALARP (or tolerable), using the table of upper and lower bounds in Sect. 3.5.4. The EFAR is intolerable (risk cannot be justified) and therefore, action is required to reduce the risk to ALARP. 4.2 The Risk Management Plan 4.2 4.2.1 143 The Risk Management Plan Introduction The Risk Management Plan presents at a high level how an Organization manages its risks and how the entire process is integrated into the activities of the Organization. The Risk Management Plan may contains [2]: a. A statement of the Organization’s risk management policy. b. A description of the external and internal context, arrangements for corporate governance and supervision, and the environment in which the Organization operates. c. Details of the scope and objectives of the risk management activities in the Organization, including organizational criteria for assessing whether risks are tolerable. d. Risk management responsibilities and functions in the Organization. e. The list of risks identified and an analysis of them, usually in the form of a risk register included as an appendix. f. Summaries of the risk treatment plans for major risks, incorporated as an Appendix or by reference to a treatment plan. The risk treatment plan is produced after the Organization has conducted its risk assessment and is a detailed document describing roles and responsibilities for specific actions to bring the identified risks down to an acceptable level. The risk treatment plan needs to provide a summary of (Table 4.3): Table 4.3 Risk Treatment Plan template Area/Department Risk Register ID Date Treatment Developed Risk Category Risk Owner Treatment Owner 144 4 Risk Assessment Techniques Risk Treatment Control Risk DeEffectivescription ness Treatment Action Responsibility Implementation Date Monitor & Review Implementation Status Selecting the most appro- Assign a person to authorise Agreed timeframes must be Consideration must be Provide a status with re- scription of what known control ef- priate treatment option the time and resources establishing to outline gard to implementation the risk is. fectiveness rating involves balancing the required for risk treatment. when risk treatment will be will be monitored to assess progress (i.e. not (i.e. high, medium costs and efforts of achieved and completed. whether the treatment is started, in progress or or low). implementation against effective. completed). Provide a de- Provide the last the benefits derived. Assign person must im- Factors such as legal, plement the risk treatment. regulatory, the natural environment and social corporate responsibility must also be considering when deciding on treatment options. Some examples of treatment options are: Avoiding the risk by deciding not to start or continue the activity that gives rise to the risk Taking or increasing the risk in order to pursue an opportunity Removing the risk source Changing the likelihood Changing the consequence Sharing the risk with another party Retaining the risk by informed decision a. b. c. d. Identified risks Responses that have been designed for each risk Parties responsible for those risks and The date to apply the risk treatment. given to how risk treatment The frequency and method of how progress against treatment plans is reported must be defined. 4.2 The Risk Management Plan 4.2.2 145 The Risk Register ISO 73:2009 Risk management—Vocabulary [5] defines a risk register to be a “record of information about identified risks”. A Risk Register (also referred to as a Risk Log), is a master document which is created during the early stages of the process. It is a tool helping you to track issues and address problems as they arise. The Risk Register records details of all the risks identified at the beginning and during the life of projects, their grading in terms of likelihood of occurring and seriousness of impacts, initial plans for mitigating each high-level risk, the costs and responsibilities of the prescribed mitigation strategies and subsequent results. It usually includes [6]: • a unique identifier for each risk • a description of each risk and how it will affect the project • an assessment of the likelihood it will occur and the possible seriousness/impact if it does occur (low, medium, high) • a classification of each risk according to a risk assessment table • who is responsible for managing the risk • an outline of proposed mitigation actions (preventative and contingency) and • in larger projects, costings for each mitigation strategy. This Register should be maintained throughout the project and will change regularly as existing risks are re-graded in the light of the effectiveness of the mitigation strategy, and new risks are identified. In smaller projects, the Risk Register is often used as the Risk Management Plan. A Risk Register is developed to: • provide a useful tool for managing and reducing the risks identified before and during the project • document risk mitigation strategies being pursued in response to the identified risks and their grading in terms of likelihood and seriousness • provide the Project Sponsor, Steering Committee/senior management with a documented framework from which risk status can be reported • ensure the communication of risk management issues to key Stakeholders • provide a mechanism for seeking and acting on feedback to encourage the involvement of the key Stakeholders and • identify the mitigation actions required for the implementation of the risk management plan and associated costings. Initial risks must be identified and classified according to the likelihood and seriousness very early in the Project. This initial risk assessment will form part of the Project Proposal/Brief or Project Business Case for the project. Once the project is approved the Risk Management Plan and Risk Register should be fully developed. In the case of smaller projects, the Risk Register may serve both purposes. The completed Risk Register should be brief and to the point, so it quickly conveys the essential information. It should be updated regularly, at least monthly. 146 4 Risk Assessment Techniques The description of the risk should include the associated consequences or impact where these are not obvious. These consequences can be useful in identifying appropriate mitigation actions. In larger more complex projects, a separate column may be required. Mitigation actions should include such things as: • Preventative actions—planned actions to reduce the likelihood a risk will occur and/or reduce the seriousness should it occur. (What should you do now?). • Contingency actions—planned actions to reduce the immediate seriousness of the risk when it does occur. (What should you do when?) • Recovery actions—planned actions taken once a risk has occurred to allow you to move on. (What should you do after?). References 1. Mechler R, The Risk to Resilience Study Team (2008) The cost-benefit analysis methodology, from risk to resilience working paper No. 1. In: Moench M, Caspari E, Pokhrel A (eds), ISET, ISET-Nepal and ProVention, Kathmandu, Nepal, 32 pp 2. Standards Australia/Standards New Zealand (2005) Risk Management Guidelines—Companion to AS/NZS 4360:2004 3. New Zealand, Ministry of Transport (2017) Social Cost of Road Crashes and Injuries June 2017 update 4. Australian/New Zealand Standard (2004) AS/NZS 4360 SET Risk Management 5. ISO/IEC Guide 73, Risk Management—Vocabulary—Guideline for use in standards [3] ISO/ IEC 31010/ 2009, Risk Management—Risk Assessment Techniques 6. Department of Premier and Cabinet (2008) Project Risk Register Template & Guide, Version 1.3, April 2008, Tasmania