The above illustration shows the four layers and includes a triangle symbolizing the risk assessment frequency from once-per-year (or less frequent) for the top layer to several hundred times per day across the site for the bottom layer.
Layer 1 and 2 offer an opportunity to design-down the risk on the site by carefully considering controls, identifying factors that erode their effectiveness and noting opportunities to optimize or add controls. Layer 3 and 4 offer some opportunity to improve controls, especially in the development of task standards, but their main function is to ensure the required controls are understood, in place and effective.
Each layer involves a different process. The following information is intended to suggest some of the process features with an added focus on controls. It is not a complete list but rather a set of important points.
Layer 1 – Managing the site’s highest priority unwanted events – including principal hazard, site baseline or full site risk assessment methods
Objective: To develop and apply a site-wide effective management plan to manage the risks of potential major unwanted events (MUEs) to an acceptable level.
- systematically break down the entire site and its operations into appropriate detail to identify the most significant hazards.
- apply hazard identification that includes acquiring a clear understanding of the location, magnitude, mechanisms of failure and the uncertainties of the hazards.
- considering each significant hazard, establish the list of priority MUEs that need further analysis based on the potential consequences to health and safety (multiple fatalities and selected single fatalities events, including short-term and longer-term H&S impacts).
- review and analyze the MUEs with Bowtie Analysis (BTA) to an adequate depth so that it can be established that the overall control strategy is adequate (i.e. the risk is acceptable).
- develop a site management plan and system to record and retain the output of the analysis. The plan should document the MUEs and their overall control strategy from the BTA with systems implications such as required improvements, accountability, monitoring, reporting, etc.
- note that the ‘plan and system’ may meet the requirements of Principal Hazard Management or Control-Based ORM. With further development, the information could form the basis of Critical Control Management planning or Safety Case development. Later articles will offer more detail on Control-Based ORM and Critical Control Management.
- include a continuous improvement aspect so the plan is up to date
- link the plan and system to the next two layers (2. and 3.) and integrate the defined control strategy information into other related plans, procedures, training and site activities.
Layer 2 – Managing dynamic site risk exposures – including risk assessment methods for projects, changes or learnings from incidents
Objective: To develop and apply effective management plans to manage the risks of potential unwanted events in significant site projects and changes, as well as identify improvements after incident investigations. Thereby addressing dynamic site risk exposures that may not have been considered in Layer 1.
- are driven by site procedures for project management, change management and incident management that include the ‘triggers’ that initiate risk assessment and management based on some level of potential negative outcomes, as well as a set of risk assessment methods to suit the issues (e.g. hardware – Failure Modes and Effects Analysis (FMEA), process – Hazard and Operability Study (HAZOP), work methods – Workplace Risk assessment and Control (WRAC), single event concern – BTA, etc.)
- when the defined trigger is met or exceeded, apply the appropriate risk assessment method to the new project, change or incident learning.
- ensure that the risk assessment method includes a careful review of existing and potential new controls for any significant unwanted event using the new definition of a control (act, object or technological system), considering control effectiveness and potential improvements.
- develop the required content for the project management, change management or incident management plans to record and retain the output of the analysis. The plan should document the controls with systems implications such as required improvements, accountability, monitoring, reporting, etc.
- feed the results of risk assessments back into the plan and system established in layer 1.
Layer 3 – Managing work procedure risk exposures – including routine and non-routine task planning risk assessment methods
Objective: To develop and apply effective safe work expectations (guidelines, standard work procedures, task plans, etc.) to manage risk exposures in tasks as well as plan tasks where a procedure is not available or adequate.
- are driven by site requirements for standard work procedures, including the need to plan for tasks that are not common, utilizing risk assessment methods such as Job Safety Analysis (JSA) or Workplace Risk assessment and Control (WRAC).
- ensure that the risk assessment method includes a careful review of existing controls for any significant unwanted event in the task using the new definition of a control (act, object or technological system).
- do not re-rank risk but rather conclude that the task can be done safely if the reviewed controls are adequate.
- set a process of documenting and integrating the information derived by the relevant risk assessment.
- define documentation criteria for the standard work procedures (SWPs), work guidelines, work plans for employees and contractors. Include highlighting of important controls for the most significant potential unwanted events.
- integrate the resultant document into training, monitoring and auditing requirements where relevant with an emphasis on important controls for the task.
- where relevant to an MUE, link the risk assessment and relevant resultant document back to the Layer 1 plan
Layer 4 – Managing personal risk exposure – including individual, informal, “face” risk assessment methods
Objective: To have all personnel execute a personal systematic process to ‘stop, think and proceed only if safe’ before a task or during a task should a hazard or condition change.
- define a method of considering hazards (energy sources), unwanted events (what could go wrong?) and the important acts, objects or technological systems (controls) for ensuring the unwanted event does not occur.
- provide the individual with clear criteria for determining when it is ‘safe’ to proceed, as well as action to be taken if ‘unsafe’.
- train the individual, including contractors, in the method and ‘safe’ criteria, or ensure the contractor’s method meets the same objective.
- reinforce the application of the layer 4 method through supervisor and management monitoring and engagement in pre-task meetings and ‘face’ discussions with an emphasis on discussing important controls.
- link to work order systems should the process identify a need improvement of controls.
This article provides a set of information that can be used to review current ORM practices against generally accepted objectives and process requirements, as well as added suggestions for increasing the focus on controls. The review may indicate that site risk management efforts in the four layers do not achieve the intended objectives, suggesting changes or even elimination of some methods.
However, the main purpose of this article is to suggest that examination of the degree to which controls are effectively identified, challenged and managed in each of the four layers may lead to significant improvements.
As discussed in Article 1, this series of articles is intended to stimulate strategic thinking as a company, business unit or site advances along the ORM journey, as illustrated.