Skip to Content, Skip to Navigation

Safeguard OSH Solutions - Thomson Reuters

Safeguard OSH Solutions - Thomson Reuters

Safeguard Magazine

Understanding risk

ANDREW WILSON says any organisation which faces low-frequency/high-consequence events needs to focus on risk-based decision making.

Both as managers and as human beings, we are continually making risk-based decisions; for example, approving a new project, committing to a performance target, giving an employee more latitude to solve a problem, or even crossing the road against a flashing “red man.”

All of us have faced a choice between the convenient way (cross the road now – no cars are coming), and the safer way (wait for the lights to change to green). But do we, a select group of people who read Safeguard, always take the safer, less convenient, lower risk option? The probability of being hit by a car is very low, especially if we check before crossing. But the consequences of such an “accident” are very high, and could be fatal.

As humans making risk-based decisions, we are good at quickly calculating the probability of an incident, but not so good at considering the consequence. This is what makes process safety so much more difficult to manage than personal safety – because certain events are unlikely, our natural response is to dismiss them by saying, “it’s never going to happen to me.”


We advocate a differentiated risk approach that ensures appropriate effort and resources are expended based on the specific risk profile of the industry and business a company is in, resulting not just in the desired end-state, but ensuring value for investment. We recognise that there is no one-size-fits-all approach to managing risk. It is not practical to address all risks with the same level of intensity, given the limited resources most enterprises have.

Before applying a risk-based approach, organisations must first define their risk appetite in a way that takes into account the protection of people, assets, environment and business implications. This is usually done through a risk matrix. Consider your own organisation. How many risk matrices and tools are there? Ideally, an organisation’s risk appetite is defined by a single risk matrix that is approved by the board. This document explains to the organisation what level of risk acceptable, what needs to be mitigated, and what is unacceptable. (If each function or site has its own risk matrix, then the organisation cannot make consistent risk-based decisions.)

The organisation’s risk appetite should be embedded in all its risk assessment tools. Risk governance is defined in a way that takes all of this, as well as regulatory requirements, insurance and stakeholder’s considerations, into account. Once the risk tolerance is defined, a framework for managing risks should be developed that clearly defines proportionate control mechanisms.


Risk management is most effective when it is integrated into the standard operation of the organisation, as per the diagram. A system for risk governance, as described above, oversees the allocation of resources to manage risk. The next step, often overlooked, is to “recognise risk.” This understanding of risk then informs and provides context about how the organisation undertakes activities such as the management of people, operations, maintenance, incidents, change and emergencies.

Many organisations which struggle with process safety work harder on the orange boxes. They write new procedures, increase maintenance inspections, prepare an updated emergency response plan or install new plant and equipment. A risk-based approach means taking a step back, thinking about the red box, and asking: “do we understand our risks?” Operating procedures can then include safe operating envelopes, maintenance inspection scopes and frequencies based on potential failure modes.

“Weak signal” process safety incidents (eg, a relief valve lifting) are investigated with the same degree of rigour as a personal injury, and specific emergency plans reflect credible scenarios identified during a HAZOP. Resources are then allocated to make sure that activities in the orange boxes are having the most impact on reducing risk.

Here’s a question to ask: “If we are not reducing risk, why are we doing this work?” The concept of proportionality is paramount; the allocation of resources must not be equal or democratic, but rather deployed to reap maximum benefit in terms of risk reduction.


Importantly, this framework for risk-based allocation of resources does not just apply to those organisations managing hazardous materials such as in the oil and gas or chemical industries. The model applies to any organisation that needs to manage operational risk, particularly those exposed to low-probability, high-consequence events. Do I understand the risks I am managing? Am I allocating resources on the basis of risk? Have I reduced the level of risk sufficiently?

Melbourne-based Andrew Wilson is principal, DuPont Sustainable Solutions.

comments powered by Disqus

From Safeguard Magazine

Table of Contents