Risk Assessment. Marvin Rausand

Risk Assessment - Marvin Rausand


Скачать книгу
points for accident scenarios (i.e. initiating events).

       Events that are the “center” of the bow‐tie (i.e. hazardous events).

       Events and conditions that trigger accidents (i.e. enabling events and conditions).

      At an initial stage of a practical risk analysis, we often identify several or all of these when we try to answer the question. We may identify both flammable materials, gas leaks, ignition, fire, and explosion as separate hazards/events to consider, but when we inspect these more closely, we can see that they can form different events in a sequence, that is, an accident scenario.

      The important point in this process is to identify as many events and conditions as possible. At this stage, we should not be too concerned about whether these are hazards, initiating events, enabling events, or enabling conditions.

      Hazard and event identification may be supported by generic lists of hazards. Examples of such lists can be found in the standards related to machinery safety (ISO 12100 2010) and for major accident hazard management during design of offshore installations (ISO 17776 2016). When looking at these lists, we often find that the lists are also a mix of hazards, initiating events, and enabling events and conditions in the way that it is defined in this book. This may be confusing, but this should not stop us from using these lists for brainstorming purposes because the structuring of the information can be done afterwards.

      3.2.3.2 Step 3.2: Define Specific and Representative Events

      From the generic lists, we may have identified “fire” as an event, but we now need to make this sufficiently specific, stating, for example, “fire in room X during daytime.” The specificity of the events must be balanced with the resources required to perform the analysis. More events typically require more time and resources to perform the analysis so we try to define representative events that can cover a range of more or less similar events.

      In most cases, a screening of the identified events may be performed as part of this step. Events that are considered to have a very low probability of occurrence or are expected to have no or negligible consequences are usually screened out and not included for further analysis. This screening should be carefully documented.

      3.2.3.3 Step 3.3: Identify Causes of Events

      The purpose of the causal analysis is to identify the causes of the hazardous or initiating events that have been identified. How “deep” into the causes we should go depends on a number of factors, including

       How detailed is the analysis? The level of detail should be determined in step 1. A more detailed analysis requires that we go into more details on the causes.

       What causes can be influenced by the decision‐makers? Causes outside what we can change are less relevant to study in detail except to help us design a robust system that can withstand or compensate for these causes.

       Both technical, human, and organizational causes should be considered whenever relevant.

      The causal analysis may form an important basis for the frequency analysis.

      3.2.3.4 Step 3.4: Determine Frequencies of Events

      This step is not a part of all risk analyses or may sometimes be performed in a simplified manner. In some cases, the risk analysis is purely qualitative and the description of causes from the causal analysis are then adequate as a description of risk, combined with a description of the consequences. In some cases, frequency or probability classes are used instead of assigning a numerical frequency to each event. Frequency classes may, for example, be specified as images /year, images per year, images per year. Frequency classes are discussed in more detail in Chapter 6.

      In practice, a screening process is conducted also as part of this step. If we conclude that the frequency or probability is very small, we may choose to eliminate the event from further analysis.

      3.2.4 Step 4: Develop Accident Scenarios and Describe Consequences

      3.2.4.1 Step 4.1: Identify Barriers and Other Factors Influencing the Scenarios

      During the initial hazard identification, we have most likely identified a number of events and enabling conditions that influence how an accident scenario develops. In this step, we need to identify any barriers that contribute to control the risk by (i) stopping the accident scenario from developing into an accident or (ii) reducing the consequences. There may also be other factors influencing the scenarios, negatively or positively, that should be included in the accident scenarios to be defined in step 4.2.

      3.2.4.2 Step 4.2: Describe Representative Scenarios

      How far the scenarios should be developed is difficult to define precisely. In most cases, the scenarios are stopped when the immediate effects and consequences have occurred (e.g. when a collision has occurred or a fire has been extinguished). In cases where there also may be long‐term effects on assets, this may be too early.

      The scenarios are important to gain a qualitative understanding of what can happen, but they are also important as a basis for quantification of the probability/frequency of the end events.

      In many cases, there can be more or less endless numbers of scenarios. We therefore need to select and describe representative sets of accident scenarios. The representative set should, as far as possible, be general enough


Скачать книгу