Right Risk Identification - Wrong Mitigation!

I have always loved Garfield. Back in 90's we had to wait until the Sunday morning paper could be delivered to delve into ones favourite "fat cat" and his many misadventures. I could often relate to the quirky lessons and obviousisms (made that up) and how hindsight is as akin to having a pair of eyes in your butt. I said that.

Fast forward to the 21st century as a process engineer it still irks me that we have gotten mountains better at sophisticated risk identification but no better at meaningful risk mitigation. To measure is always to know. But while trying to swat a spider with a golf club may seem like a good idea at first, there is nothing worse than managing your risk register with measures that; either do not address the risk at all or introduce a residual risk that might have been a lot worse than you started off with. Look at Jon's broken nose in the headline!

In Process Engineering risk management may often be like swatting a bear with a fly trap. And sometimes like catching a fly in a bear trap. Goodness! 30 years since Risk Management became a hot shot profession we are still no closer to fewer Process Safety Incidents.

Sure! We have wonderful comprehensive QRAs, (MHIs and COMAHs) , cyclic HAZOPs, Bowties and Fault trees etc to guide us on the best available techniques to meet both Legal Compliance and keep us safe on our plants. But have we moved from the starting gate of risk identification to instating meaningful risk reduction measures to our plants? Or often the curious case of Right Risk Identification, Wrong Risk Mitigation.

While this is a topic cannot be summed up in a soap box article like this; as a risk professional and passionate process engineer, the solution lies in tackling risk like any business threat. By understanding the Opportunity to make Process Safety part of your profit centre for your organisation. We have a long way to go. Risk Mitigation is not just about instating a physical barrier/safeguard but the people and processes that keep the proverbial Tiger in the Tank.

For now we its a big like that elusive pot of gold at the end of the rainbow. And if you were lucky enough to find it, perhaps it turned out to be pyrite (fools gold).

So how do we get to our zero incident targets with safer but more profitable process units on out major hazardous installations? What's on the other side of this door?

Understand your animal. John Bresland once said there were 3 types of organisations

• One that doesn’t understand the hazards of its operations. It lacks suitable process safety programs and suffers serious accidents with dire consequences.
• One that understand the hazards and the regulations. Has excellent safety programs and quality people but still experiences incidents, some minor and some very serious. These incidents (fires and explosions) cause lots of frustration and expense for company management!
• The third type of company understands the hazards and the regulations. It has excellent safety programs and quality people. It doesn’t have any serious incidents.

I might add the 4th type, one that understands the hazards and regulations and complies on paper to all of them. They can demonstrate a great process safety program, with quality hires but where process safety is seen as simply an exercise in Compliance to meet a Regulator breathing down its neck. This company does the bare bones and disengages Process safety from its core value and strategic business objectives. This company is one step away from its next Major Incident.

While we are all familiar with the Swiss Cheese model and how many flawed layers of protection there are...where do we really focus ? The whole or the holes? The small ones or the large one? Will there be mice in cheese factory?

The chances are a Plant Manager, Engineer or Business Leader you are little confused as to where you should focus your People and your budget. I do not envy you. Not all holes are made equal in a plant where there are competing needs. But I say you need several practical approaches to risk management that incorporate the 4 key principles :Understanding Hazards and Risks/Management of Risks/Learning from Experience/ Continuous Commitment to Process Safety along with practical engagement at all layers of the organisation

Some Tips

1. Make Process Safety one of your organisations key Values.
2. Group your identified risks by systems eg. Specific Plants, or technologies that you may identify from a Hazards and Effects Management Process or an Umbrella of process risks you have. Split your risks into similar consequences as well (this helps trust me).
3. Engagement - Like good PHAs and Safety Cases, they hinge on engaging with your teams to go beyond identification but to solutions thinking.
4. Ideas on the Ground - Divide and Conquer is your friend. Establish Discipline specific Champions viz. to tackle practical solutions within their teams and plants. The best ideas may be found in your Operators, Artisans and those closest to the operating units. Trust me, all these good souls would like to tell you how they and you can ensure that we go home. The solutions have in my experience been as practical as resizing a control valve, or reducing an operating setpoint.
5. Commit to not shifting the shifting the goal post! While business needs vary, risk evolves and rarely magics itself to becoming lesser. The biggest threat to a sustained and profitable business is sweeping risk under the carpet that you daily walk on.
6. Weekly process safety tours. Grab an expert and educate your senior leaders. Take all those BOWTIES and do a field barrier assessment. Ask your Process Engineers/Safety Engineers to help develop a barrier assessment checklist/guide.
7. Ensure that the Critical barriers identified in these PHAs, and COMAHs are designed, maintained, reliable and above all OPERATIONAL. If not, this is a RED Flag and one of your Champions is the key person to drive either improvement, or replacement
8. Training and Standard Operating Procedures - Use your risk register to establish key competencies for each person working with a specific risk. This must feed back into your organisational Management of Change Process. No one is indispensable, but required competencies in a living plant are NOT. Make sure people don't just know WHAT to do but WHY they do it.
9. Design for practicality
10. Critical Activities - What are the key acitivities to keep any barrier/safeguard healthy. Who is required, how often and and what competencies are required?
11. Gap Assessment - What is missing? And what more can I do? This exercise is your continuous improvement loop and must be embedded within the DNA of the organisation.

How do you show you have done enough? (Credit :DNV)

• You know your major risks
• You know the controls you have in place?
• You know what controls are working?
• We know what more we can do?
• We know when its time to do more?
• We can show you

Knowing and doing is more than a Safety Report, an MHI Study or a Compliance. Its a matter deeply embedded in the organisational DNA to find practical and meaningful risk reduction measures to hazards that threaten the Sustained business objective. Get everyone behind this boulder and shift it together

**The ideas, views and opinions expressed in my LinkedIn posts and profiles represent my own views and not those of any of my current or previous employer or LinkedIn. Also, any and all comments on my posts from respondents/commenters to my postings belong to, and only to, the responder posting the comment(s). I am not responsible or liable for any such comments.All my posts are provided just for your reading pleasure. If you decide to rely on them for any purpose whatsoever, I will not be held liable, and you do so at your own risk.** (Credit: https://www.dhirubhai.net/pulse/20140818224446-7933571-disclaimer-for-my-profile-and-posts-articles)

**The ideas, views and opinions expressed in my LinkedIn posts and profiles represent my own views and not those of any of my current or previous employer or LinkedIn. Also, any and all comments on my posts from respondents/commenters to my postings belong to, and only to, the responder posting the comment(s). I am not responsible or liable for any such comments. All my posts are provided just for your reading pleasure. If you decide to rely on them for any purpose whatsoever, I will not be held liable, and you do so at your own risk.** (Credit: https://www.dhirubhai.net/pulse/20140818224446-7933571-disclaimer-for-my-profile-and-posts-articles