The risk management cycle

INTERNAL USE ONLY

The Risk Management Cycle

07 November 2012Andrew PilgrimZurich Risk Engineering

Global Corporate

INTERNAL USE ONLY 2

If you think safety is expensive – Try having an

Accident

Dr Trevor Kletz (ICI)

INTERNAL USE ONLY 3

Andrew Pilgrim

• Graduated from University of Leeds (Master of Engineering)

• Hands on experience with major Petrochemical Company in UK– Design, Operations, Product Development, Customer

Support, Process Safety. Global Production and Assets Technical Support

– Qualified Hazard Study Leader

• Insurance Risk Engineer since 2005 and relocated to Bahrain

• Joined Zurich March 2011

• Fellow of the Institution of Chemical Engineers(FIChemE)

INTERNAL USE ONLY 4

Zurich Risk Engineering Services

1,000 Risk Specialists1,000 Risk Specialists

63,000 Site Assessments63,000 Site Assessments

138,000 Risk Assessments138,000 Risk Assessments

680 International Programmes680 International Programmes

Local Zurich staff representation

Serviced by Cooperative Partners

INTERNAL USE ONLY 5

The Middle East Zurich Risk Engineering Team:

– Dubai Based• Glenn Doan – Risk Engineering Manager• Santosh Cletus – Risk Engineer - Property

– Bahrain Based• Andrew Pilgrim – Senior Risk Engineer Energy and Special

Chemical Risks • Dean Pola – Senior Risk Engineer - Construction and Property

INTERNAL USE ONLY 6

Agenda

• Definition of Risk• What I am not going to talk about• A Historical Perspective• Risk Management

– Project / Operational• Industry forums in the Middle East• Q & A

INTERNAL USE ONLY 7

Definition of Risk

• Risk is the possibility of incurring misfortune or loss (Collins English Dictionary).

• Risk is the chance, great or small, that damage or an adverseoutcome of some sort will occur as a result of a particular hazard (Accounts Commission – Scotland).

• Risk is any unintended or unexpected outcome of a decision or course of action (F. Wharton).

• Risk is the chance of something happening that will have an impact on objectives (Australian Standard AS/NZS 4360:1999).

• Risk is the possibility that an event will occur and adversely affect the achievement of objectives (COSO).

• Risk is the impact of uncertainty on objectives (ISO31000)

• But it’s also about the failure to take advantage of opportunities to enable the organisation to best achieve objectives.

INTERNAL USE ONLY 8

What I am not going to talk about

• Personnel safety– Slips, Trips and Falls– Motor Vehicle Accidents (MVAs)– Cuts and Bruises

INTERNAL USE ONLY 9

Personal Safety / Life focussed

INTERNAL USE ONLY 10

What we are interested in….Top of the Pyramid


Historical Perspective - Incident Timeline


A Historical Perspective

• Texas City – 2005

• Longford Gas plant - 1998

• Flixborough - 1974


Example 1 - 2005


VCE – Texas City

• Date 23 March 2005

• Plant: Refinery• Material: Naphtha• Human Cost: 15 dead (Initial incident) + 170 injured• Financial Cost: Unknown.• Cause: Plant Design, Poor Operating Practice, Poor

Application of MOC, Emergency Response.


Example 2 - 1998


VCE / Fire – Longford Gas Plant

• Date: 25 September 1998

• Plant: Gas Plant• Material: Condensate / gas• Human Cost: 2 dead and 8 injured• Financial Cost: USD 590 MM + fines + lawsuit• Third Party: Significant impact on Victoria gas

supply, 1.4 million users interrupted

• Cause: Poor Safety Management Systems, Poor Operating Practice, Poor Plant Knowledge


Example 3 - 1974


VCE / Fire - Flixborough

• Date: 01 June 1974

• Plant: Petrochemical• Material: Cyclo - Hexane• Human Cost: 28 employees killed, and 36 injured• 53 recorded casualties outside plant, many minor

injuries• Financial Cost: Site damage USD250 million at 2009

values• Cause: No Management of Change process, Large

inventories of hydrocarbon, No Responsible Engineer

“What you don’t have, can’t Leak” - Trevor Kletz 1980


In theory there is no difference between theory and practice. In practice there is.


Where does Project Risk Management Start?

0 24 60 months

Engineering

Operation

Contractor

Selection

FEED

Procurement

Feasibility Study

Construction

Commissioning

EPC Contract

Venture kick-off

Commercial operation

4

5

5

5 6

32

1

7


PRM continued

• Starts at the beginning of the project – Time Zero

– Different technique for assessing the risk– 1 Concept stage Hazard Review– 2 FEED / process definition– 3 Detail engineering design– 4 Construction / design verification– 5 On going Risk Assessments– 6 Pre-commissioning safety review– 7 Post start up review

• Different teams involved, different techniques e.g. HACCP, HAZOP, What if, Inherent Safety etc – Depends on the industry / Product


Time Zero – Risk Management Questions to be answered

• Where do the risks come from?• How big are they?• What are the major contributors? (Time, Cost etc)• What are the risks sensitive to, and how can they be changed?• What level of risk does the company find intolerable, what is

considered trivial?• What is it worth doing to reduce the risk?

• Fundamental First steps


Time Zero - Understand the Business?

• What is the business?• What is the industry?• What is the strategic plan?

– NOW, WHERE, HOW• Who owns the business?• Who runs the business?• How will risk management ‘fit’?

• What is the Risk Appetite for the company or Project


Layers of Protection

Use the opportunity to remove hazards and reduce risk!

• Inherent Safety– Removal or reduction of a hazard at source

• Prevention Measures– Prevent initiation of a sequence of events

• Control Measures– Prevent a hazardous event escalating into a major accident

• Limitation Measures– Taken to reduce the consequences

of a major incident

• COSTS LESS

Control Measures


Some examples

• Inherent Safety• Substitute


Inherent Safety

• The best defence against the atom bomb is not to be there when it goes off (British Army Journal)

• Or our Process safety approach

• If it is not there – it can not leak

– For exampleVolume of LPG

80% Damage Circle (Diameter)

1 70 m

10 150 m

25 204 m


Substitute

• Alternative Chemical Route– Avoid storage of toxic or flammable materials– E.g. Production of Pesticide via Methyl Iso Cyanate (MIC) at

Bhopal

– Storage of 180 m3 on site, runaway reaction leads to release

– Safer alternative to make in situ



BUT – not at any price

• “Safety, like everything else can be bought at a price. The more we spend on safety the less we have to fight poverty and disease or to spend on those goods and services which make life worth living, for ourselves and others. Whatever money we make available we should spend in such a way that it produces the maximum benefit. There is nothing humanitarian in spending lavishly to reduce a particular hazard which has been brought to our attention and ignoring the others.”

• Trevor Kletz, 1986


Managing Projects – The Dilbert Way


(Operational) Risk Management CycleIs it so different?

Implementation

Training, Supervision, Selection, Manning

Measurement

Audit, Monitoring, Sampling, Inspection,

Checking, Identification

External Influence

Laws, Industry Standards, Stake Holder Pressure,

Public Concern, Company Image

Policy Making

Policy Statements, Corporate Goals,

Standards

Interpretation

Procedures, Methods, Job Description,

Responsibility

Feedback

Analysis, Trends, Evaluation, Actions


Risk Management Maxims

• “What we learn from history is that people don’t learn from History” – Warren Buffet

• “The first duty of business is to survive and the guiding principle of business economics is not the maximization of profit -it is the avoidance of loss” - Peter Drucker (The Drucker Institute)

• The first step in the risk management process is to acknowledge the reality of risk. Denial is a common tactic that substitutes deliberate ignorance for thoughtful planning – Charles Tremper (Centre for Digital Innovation)


Insurance Industry NetworksMiddle East focus

• Middle East Risk Engineers (MERE) – OGP Focus– [email protected]

• Property and Construction Insurance Risk Engineering Forum– [email protected]

mailto:[email protected]

mailto:[email protected]


Summary - Risk Management Process

Decisions1. ______2. ______3. ______

..

..

..

..

Benefits

Costs

? ? ×

? ? ?

?

ALARP

Criteria

HAZIDHAZID

QUALITATIVEANALYSIS

Judgement

QUANTITATIVEANALYSIS

FTA ETA

EngineeredSystem

RISK MANAGEMENT

RISK ASSESSMENT

RISK ANALYSIS


(Project) Risk Management is an ongoing process!

It is a Journey – not a destination

INTERNAL USE ONLY

Thank you

Zurich Risk Engineeringzurich.com

What has not been identified can neither be assessed nor mitigated…?”


Back up slides


10 Important Rules for PRM(In no particular Order)


Top Tips

1. Plan for risk management in your projectsDecide how to approach and plan the risk management activities for your project

2. Identify risks throughout the projectDetermine which risks are likely to affect the project and document the characteristics of each


3 Analyse the Risk

Make use of any available data to enable a thorough understanding of the risk

• Understanding the nature of a risk is a precondition for a good response

• It is useful to categorise risks to reflect common sources and interdependencies

• Questions to ask include:– what is the cause / source of the risk?– What is the background to the risk?– What are the potential effects of this risk?– Has this risk occurred before? Is there any data?

• Investigate the current controls of the risk• Obtain as much information on the risk as possible and detail

the causes and the possible consequences in order to help with the risk mitigation process


Example Risk Categories

Risk category Description

ReputationRisks that relate to the organisation’s logo or image, or which may cause embarrassment to the organisation and adversely affect ‘Public Confidence’ in the organisation.

InformationRisks that relate to the loss or inaccuracy of data, systems, and the timeliness of reported information.

Financial Risks that relate to losing monetary resources or incurring unacceptable liabilities.

PeopleThe risks associated with employees and management, e.g. retention/recruitment, turnover.

Professional Those risks associated with the particular nature of a profession.

RegulatoryThe risks related to the regulatory environment such as Financial Regulations, Corporate Governance, Health & Safety and legislation.

Physical Risks related to fire, security, accident prevention and health & safety.

Business Continuity

Risks associated with the continuation of the service in the event of disaster, reliance on operational equipment, or loss of funding/contract, poor performance measures.

ContractualRisks associated with the failure of contractors to deliver services or products to the agreed cost and specification.

EnvironmentalThose risks relating to pollution, noise, or the ongoing energy efficiency of ongoing service operations.

PartnershipRisks associated with partnerships/relationships with other organisations such as other public authorities or voluntary organisations.

EconomicRisks associated with the inefficient operation of systems, and the duplication of effort.


Top Tips continued

4. Consider both threats and opportunitiesMake some time to think about the upside of risk and any potential opportunities within your project – you could be rewarded!

5. Prioritise risksGet an understanding of which risks need immediate attention so that appropriate resources can be allocated


Impact CriteriaThe potential impact is expressed in terms of severity of the consequences should a risk occur. Many different impact criteria can be used.

3Significant

Additional expenditure / Loss of service income inc. associated costs of between 5m < 10m

6months – 1 year delay e.g. significant fall in service levels, project deadlines not achieved, serious disruption in service standards

e.g. affects more than one group of stakeholders with widespread medium-term impact on reputation

4Severe

Additional expenditure / Loss of service income inc. associated costs of > 10m

More than one year delayed

e.g. catastrophic fall in service levels, failure of major partnership, complete failure in service standards

e.g. affects all major stakeholders with long-term impact on public memory causing damage to reputation

1Minor

Additional expenditure / Loss of service income inc. associated costs of < 2m

Delayed by less than 1 month

e.g. small fall in service levels, some minor quality standards are not met

e.g. affects only one group of stakeholders with minimum impact on performance

2Moderate

Additional expenditure / Loss of service income inc. associated costs of between 2m < 5m

1 - 6 months delays e.g. moderate fall in service levels, major partnership relationships strained

e.g. affects more than one group of stakeholders but only short-term impact on reputation

Project Cost Schedule Service Stakeholders


Likelihood CriteriaThe likelihood of an event can be described as the potential of a risk occurring

3

4

1

2

Likelihood definition

High

Very high

Low

Medium

Degree of likelihood

Score

50 – 75% chance of occurring - likely

75 – 100% chance of occurring – very likely

0 – 25% chance of occurring – Extremely likely

25 – 50% chance of occurring - unlikely


Top tips continued

6. Document risks in a registerMaintain a risk log to enable you to capture all the risks as well as view progress.

7. Plan and implement risk responsesDevelop options and determine actions to enhance opportunities and reduce threats to the projects objectives

There are a number of options for treating risks:– Risk transfer– Risk retention– Risk control– Organisational change


Top tips continued

8. Appoint risk ownersAssign a risk owner for each risk - it is important to allocate responsibility

9. Monitor and report risks and associated tasksKeep track of the identified risk, monitoring residual risks and identifying new risks, ensure the execution of risk mitigation plans


10 Communicate about risks

Consistently include risk communication in the tasks you carry out

• Make risk management a part of day to day project activity• Include risk management in:

– project policies and procedures– project planning– project meeting agendas – training of staff– personal objectives and appraisals

• Talk about risk management successes and challenges in the project and lessons learned from previous projects

• All project team members have a responsibility for risk and communication about risk should reach all project team members


Layers of Protection

Documents

The risk management cycle