Risk Assessment. Marvin Rausand
is a multidimensional vector of the potential types of harm/damage to all relevant assets caused by accident scenario , with associated probabilities, that is, the consequence spectrum for
The risk
If all relevant accident scenarios
The risk – defined by answers to the three questions – may be presented as in Table 2.2 , where the first column lists the accident scenarios
Table 2.2 Risk related to a system (example).
|
Accident scenario |
Frequency |
Consequence |
1 | Gas leak in area 1 | 0.01 | Consequence spectrum 1 |
2 | Falling load from crane 2 | 0.03 | Consequence spectrum 2 |
|
|
|
|
2.2.2 Alternative Definitions of Risk
Many alternative definitions of risk have been suggested in the literature. Among these are the following:
1 (a) “Effect of uncertainty on objectives” (ISO 31000). This definition is different from the one used in this book. Events are not mentioned in the definition and it also encompasses both positive and negative consequences.
2 (b) “The possibility that human actions or events lead to consequences that harm aspects of things that human beings value” (Klinke and Renn 2002).
3 (c) “Situation or event where something of human value (including humans themselves) has been put at stake and where the outcome is uncertain” (Rosa 1998).
4 (d) “Uncertainty about and severity of the consequences (or outcomes) of an activity with respect to something that humans value” (Aven and Renn 2009).
5 (e) “The probability that a particular adverse event occurs during a stated period of time, or results from a particular challenge” (Royal Society 1992 , p. 22).
6 (f) “Risk refers to the uncertainty that surrounds future events and outcomes. It is the expression of the likelihood and impact of an event with the potential to influence the achievement of an organization's objectives” (Treasury Board 2001).
One aspect that distinguishes several of these definitions from our definition is the use of uncertainty instead of likelihood or probability.
Thorough discussions of the various definitions and aspects of risk are given, for example, by Lupton (1999) and Johansen (2010). We do not go into further details on this here, just repeat our cautionary comment that risk is not always defined as in this book.
Remark 2.3 (Risk: singular or plural?)
Many standards, books, and articles use the word “risk” in both singular and plural. The plural form – risks – is most often used when assets are exposed to several sources of risk. In this book, we refrain from using the plural form, except when quoting other authors. Instead, we use the term “sources of risk” when it is important to point out that there are several “sources” that may give rise to harm.
2.3 What Can Go Wrong?
To be able to answer the first question in the definition of risk, we need to specify what we mean by “What can go wrong?” So far the term accident scenario has been used to describe this, but we now elaborate more on this question.
2.3.1 Accident Scenario
An accident can usually be described as a sequence of events that harms one or more assets. The term accident scenario is used to describe a possible, future accident and is defined as follows:
Definition 2.2 (Accident scenario)
A potential sequence of events from an initiating event to an undesired end state that will harm one or more assets.
Accident scenarios may vary significantly, both with respect to the number of events and the time interval from the initiating event to the end event or state. The “path” of an accident scenario is diverted by various conditions and when barriers are activated. In cases where no barriers are available, the sequence may be reduced to a single event. The concept of accident scenario is discussed further by Khan and Abbasi (2002) and is a central element in the ARAMIS methodology (ARAMIS 2004).
Example 2.1 (Accident scenario in a process plant)
A possible accident scenario starting with a gas leak in a process plant may proceed as follows:
1 (1) A gas leak from flange A occurs (i.e. the initiating event).
2 (2) The gas is detected.
3 (3) An alarm is triggered.
4 (4) The process shutdown system fails to shut off the gas flow to the flange.
5 (5) The gas is ignited and a fire occurs.
6 (6) The firefighting system is activated.
7 (7) The fire is extinguished within