Managing and Understanding Riskwithin an Asset ManagementenvironmentDean GriffinPartnerPragma Acuity

Who in the room managesRisk? Who in the room managessafety related risk? Who in the room work withzero harm? Who have skills shortages? Who have resourceshortages?22-24 November 2010, Johannesburg


House of Representatives letter to Tony Haywardregarding the BP Gulf of Mexico Oil Spill

2 ½ months - 3/share (50%)

Do you think that Tiger played the first ‘round’with the same risk tolerance as he did on thelater rounds?


Leading QuestionsWhat is risk and risk management all about?Why does an organisation need a formal risk policy whichlooks at all level risks?“Things that matter most should never be atthe mercy of things that matter least “Goethe

PAS 55-2008 DefinitionsWhat is PAS 55?PAS 55 is the British Standards Institution's "Publicly Available Specification" for the optimized management of physical assetsand infrastructure - it provides clear definitions and a 21-point requirements specification for joined-up, optimized and whole-lifeasset management systems

Risk DefinitionRisk is defined in ISO 31000 as the effect of uncertainty onobjectives (whether positive or negative)Risk management can therefore be considered theidentification, assessment, and prioritization of risksfollowed by coordinated and economical application ofresources to minimize, monitor, and control theprobability and/or impact of unfortunate eventsDouglas Hubbard: The Failure of Risk Management:

Risk DefinitionLikelihoodxConsequenceRisk is then expressed as a number or valueI would like to see it as a monetary value


Various risk assessments at different levels of asset managementBusiness risk assessment to identifypotential risks to achieving the overallbusiness objectivesAsset portfolio risk assessment toidentify potential asset related risks at allasset levelsAsset criticality analysis to determinethe most significant assets andassociated approach for thedevelopment of maintenance tasksSpares criticality analysis to determinethe inventory category and associatedapproach for a specific spare or materialDisposal risk assessment toidentify assets that should bedisposed of and any issues thatshould be considered during thedisposal processAsset acquisition risk assessment to determine issues that should be included in thespecification of the asset such as training, integration of systems, energyconsiderations, critical spares etc

Numbers ofPortfolio & System level consideration ofconditionRemaining useful life

Various risk assessments at different levels of asset management


The ABC’s of failure BiggestFailuremode isPeoplerelated

AdoptationTechnology Adoption Profile Older technology Higher cost obsolescence Lower availability Unreliable Higher cost Bleeding edge Lower availability High skill requirements Reliable Lower cost Wider availabilityEarly adoptersTried & TestedTimeLate adopters

Technology Adoption ProfileOld FashionedAdoptationRepeatable fair costCompetitive EdgeEarly adoptersTried & TestedTimeLate adopters


Risk ProfileLevel of RiskRiskIntervention / mitigatingactionUnacceptable RiskDesired RiskDesired RiskAcceptable RiskRetained RiskTime

Risk profiles Risks change on a daily basis, do your systemsaccommodate this? BP proved that the risk changed with each decision.It can go up or down! Our tolerance to risk changes We need to quantify risk in financial terms– For every R spent on mitigation we removed x amount ofrisk– How do you quantify risk removed?– How do you quantify residual or retained risk?


RiskpolicyRisk Policy (PAS55-2008)

Risk Management Process1. Set theframeworkObjectivesStakeholders2. Identify the risksWhat risks might beencountered?How will these risksoccur?3. Evaluate therisks4. Mitigate therisksProbabilityIdentify risk treatmentoptions and select thebest oneConsequencesCriteriaRisk rankingKey issuesExisting controlsDevelop animplementation plan5. Monitor and reviewRisk register

1. Set the FrameworkVarious risk assessments at different levels of asset managementBusiness risk assessment to identify potential risks toachieving the overall business objectivesAsset portfolio risk assessment to identify potential assetrelated risks at all asset levelsAsset criticality analysis to determine the most significantassets and associated approach for the development ofmaintenance tasksSpares criticality analysis to determine the inventorycategory and associated approach for a specific spareor materialDisposal risk assessment to identifyassets that should be disposed of andany issues that should be consideredduring the disposal processAsset acquisition risk assessment to determine issues that should be included in thespecification of the asset such as training, integration of systems, energy considerations,critical spares etc

2. Identify the Risks

3. Evaluate the RisksHazard Effect / ConsequenceRisk MatrixRisk Type(W here an event has more than one ‘Loss Type’, choose the ‘Consequence’ with the highest ingle fatality or loss of quality of life /Irreversible impact on healthMultiple fatalities / Impact on healthultimately fatalHarm to People (Safety / Health)First aid case / Exposure to minorhealth riskEnvironmental ImpactMinimal environmental harm – L1incidentMaterial environmental harm – L2incident remediable short termSerious environmental harm – L2incident remediable within LOMMajor environmental harm – L2 incidentremediable post LOMExtreme environmental harm – L3incident irreversibleBusiness Interruption / Material Damage & OtherConsequential LossesNo disruption to operation / US 20kto US 100kBrief disruption to operation /US 100k to US 1.0MPartial shutdown / US 1.0M toUS 10.0MPartial loss of operation /US 10M toUS 75.0MSubstantial or total loss of operation/ US 75.0MLegal & RegulatoryLow level legal issueMinor legal issue; non compliance andbreaches of the lawSerious breech of law;investigation/report to authority,prosecution and/or moderate penaltypossibleMajor breech of the law; considerableprosecution and penaltiesVery considerable penalties &prosecutions. Multiple law suits &jail termsConsiderable impact - regional publicconcernNational impact - national publicconcernInternational impact - internationalpublic attentionImpact on Reputation / Social / CommunityLikelihood54321Risk Ratingevents(Almost Certain)(Likely)The unwanted event has occurredinfrequently; occurs in order of lessthan once per year & is likely toreoccur within 5 years11 (M)16 (H)20 (H)23 (Ex)25 (Ex)7 (M)12 (M)17 (H)21 (Ex)24 (Ex)4 (L)8 (M)13 (H)18 (H)22 (Ex)2 (L)5 (L)9 (M)14 (H)19 (H)1 (L)3 (L)6 (M)10 (M)15 (H)The unwanted event has happenedin the business at some time; orcould happen within 10 years(Unlikely)The unwanted event has happenedin the business at some time; orcould happen within 20 years(Rare)The unwanted event has neverbeen known to occur in thebusiness; or it is highly unlikely thatit will occur within 20 yearsRisk Rating21 to 2513 to 206 to 121 to 5Slight impact - public awareness mayLimited impact - local public concernexist but no public concernExamplesThe unwanted event has occurredfrequently; occurs in order of one ormore times per year & is likely toreoccur within 1 year(Possible)Medical treatment case / Exposure to Lost time injury / Reversible impact onmajor health riskhealth4MajorRisk Level(Ex) – Extreme(H) – High(M) – Medium(L) – LowGuidelines for Risk MatrixEliminate, avoid, implement specific action plans/procedures to manage & monitorProactively manageActively manageMonitor & manage as appropriate

4. Mitigate the Risks Understand the total risk exposure from all sources, not justassetsAdopt a cost-effective business approach to manage riskSeveral approaches to manage the inherent risks:––––– reduce risk by capital or maintenance expenditurereduce the impact of a failureaccept some risks and carry the consequential costsinsure against the consequential costsa combination of aboveAfter mitigation, the residual risk should be evaluated asbefore

5. Monitor and Review Risk registers are a common and effective mechanism forrecording and managing riskThe monitoring and management of this risk registerincludes senior management reviews, together with clearprocesses and accountability for planned mitigationThe process of maintaining, updating and auditing the riskregister is a key AM process, and should be referenced in theAM Strategy (PAS 55)Any change introduces new risks– It is important to identify and assess these risks on a continual basis

5. Monitor and ReviewChanges to business objectives and goalsChanges to legal and regulatory requirementsChanges to the business1. Set theframework2. Identify therisks3. Evaluate therisks4. Mitigate therisksObjectivesWhat risks might beencountered?ProbabilityIdentify risk treatmentoptions and select thebestStakeholdersCriteriaKey issuesHow will these risksoccur?ConsequencesRisk rankingExisting controlsDevelopment animplementation plan5. Monitor and reviewRisk register

Change Control Any change creates risk in the businessChange control process must ensure that appropriate risk managementactivities are conductedIncrease riskDecrease risk

In Summary Risk is the common language for AssetManagement As Engineers we need to be able to–––––Understand RiskQuantify Risk at Business, Portfolio, System and Asset levelPrioritise Risk & Risk mitigating activitiesAttach Risk to business objectives and assets alikeMitigate Risk–Speak Risk its a boardroom language34

Questions?Dean Griffin 27 82 550 [email protected]