Bow-Tie Industrial Risk Management Across Sectors. Luca Fiorentini
processes mentioned above, understood as an awareness of the organization’s synthesis, is made possible only through a methodology defined and shared in the organization that allows the reading of experiences and the prospecting of new activities on the basis of uniform parameters that offer homogeneous measurement and comparison tools.
In this perspective, the importance of the methodology in the risk management process and in its projection with respect to the creation of value for the organization must be understood.
Preface 7
Enzo Matticoli
Renewable Energies HSE Director
When I met Luca Fiorentini the first time, I was attending his Bow‐Tie method presentation at 2017 Safety Expo Bergamo. I saw a Bow‐Tie diagram and I was impressed by the power of a tool (new to me) that would have supported both fire risk management and identifying the barriers to mitigate it. It was clear to me that a risk‐based approach is essential.
In 2012, I moved from the Oil & Gas sector to Renewable energy. Moving from an international working environment (Europe, Middle East, etc.) to an Italian photovoltaic company, I experienced a very poor HSE culture together with a very bad HSE climate. In order to improve the HSE key performance indicators, I had to start from the basics. Nevertheless, I had the opportunity to build and certify HSE‐integrated management systems based on the international standards. Having had continuous improvement as a driver, I was looking for new tools to reach the highest HSE standards.
So, in 2019, together with Luca Fiorentini and Rosario Sicari, we developed a photovoltaic fire risk assessment with the barrier‐based Bow‐Tie method. Some barriers were already in place; some others needed reinforcement or a different implementation. Stakeholder involvement, fire break zones, video surveillance systems, fire brigade training and close cooperation with O&M contractors, lightning protection system (LPS), insurance policies, automatic fire detection systems, inverter protection and safety systems, and so on are some of the proactive and reactive barriers identified to mitigate photovoltaic plants’ fire risks, focusing on the top event.
As HSE professionals, the most difficult challenges are those regarding top management involvement. I will never forget that during the HSE senior management review, when I presented the Bow‐Tie analysis, as soon as the Bow‐Tie diagram was on the screen, I immediately got the directors’ attention. They had an overview of multiple plausible scenarios in a single and organic picture. No doubt the Bow‐Tie method helped directors address measures to avoid unpleasant consequences such as loss of life, business interruptions, reputational damage, and so forth. Without such a clear and powerful tool, it would have been much more difficult. A personal thanks goes to Luca and Rosario.
Preface 8
Salvatore Bagnato
Operations Manager – Ed.Ina Donje Svetice
In both the daily aspects of social life and in the management of issues relating to the life of companies, there is often confusion between the terms risk and hazard.
The meaning of the word hazard can be confusing. Often dictionaries do not give specific definitions or combine it with the term risk, which helps explain why many people use the terms interchangeably and, therefore, often incorrectly.
There are many definitions of danger and risk. Still, among them, we will propose the one relating to the new ISO 45000, since management systems today represent an essential aspect of the organization of any company that wishes to achieve its business objectives. Today, it is impossible to separate the economic issues from those concerning the health and safety of workers as well as respect for and protection of the environment.
ISO 45001 defines a hazard as a “source or situation with a potential to cause injury and ill health,” while the risk is defined as the “combination of the likelihood of occurrence of a work‐related hazardous event or exposure(s) and the severity of injury and ill health that can be caused by the event or exposures.”
So, the hazard is the feature of the process that can harm an individual, and the risk is the likelihood that it will happen, along with how severe the consequences will be.
The risk assessment process is also, in this case, an intrinsic component of each person’s life and allows, consciously or unconsciously, to manage risks of any nature (related to health, economics, etc.) by operating with preventive actions (to reduce the probability that an event is assessed to happen) or mitigative (to minimize the effects that this event can cause).
The process of risk assessment is somewhat informal at the individual social level but can become a sophisticated process at the strategic corporate level. However, in both cases, the ability to anticipate future events and create effective strategies for mitigating them when deemed unacceptable is vital.
Risk assessment is the process that:
Identifies hazards and risk factors that have the potential to cause harm (hazard identification).
Analyzes and evaluates the risk associated with that hazard (risk analysis and risk evaluation).
Determines appropriate ways to eliminate the hazard or control the risk when the hazard cannot be removed (risk control).
In many companies now, the risk is fully integrated into the strategic planning process and in the context of the organization’s performance. Risk management is permeated within the company, determining those changes that can transform the negative potential that could lead to crises or failures into growth opportunities.
In the scientific literature and the various standards of management systems, today, there are different definitions that all have in common the presence of three elements:
1 Hazards
2 Consequence seriousness
3 Frequency of a specific scenario
There is a risk if a given event is considered (with its probability of occurrence) and, depending on the type of impact, an opportunity, a loss, or the presence of uncertainty is determined. Events that have only negative consequences are indicated as pure risks. In general, a tolerability threshold is set for them and managed in such a way as to fall within this threshold.
Generally, there are three types of risk assessment, namely qualitative (Q), semi‐quantitative (SQ), and quantitative risk assessment (QRA).
In QRA, numerical values are independently assigned to the various risk assessment components and the level of potential losses. When all the elements (threat frequency, safeguard effectiveness, safeguard costs, uncertainty, and probability, etc.) are quantified, the process is considered entirely quantitative.
In the SQ, frequency and severity are approximately quantified within ranges.
Finally, Q does not assign numerical values to the risk assessment components. It is based on the scenario. Several threat vulnerability scenarios are determined by trying to answer “what‐if” questions. In general, qualitative risk assessment tends to be more subjective in nature
The lower levels of assessment (Q and SQ) are considered most appropriate for screening for hazards and events that need to be analyzed in greater detail. One approach to deciding the proper level of detail could be to start with a qualitative approach and to add for more detail whenever it becomes apparent that the current level is unable to offer an understanding of the risks, discrimination between the risks of different events, and so on.
It is possible to refer to the existing literature (widely used by many states in the promulgation of laws and regulatory provisions) to analyze the numerous methodologies implemented over time, in particular, to support sectors of activity characterized by elements of risk that could determine if the event were to occur, and serious consequences for people and the environment, as well as for the company itself (O&G, nuclear,