Health & Safety Management for Quarries

Topic Five

Risk Assessment &

Management
 Objectives of this Section
• Introduce the concept of risk assessment and
risk management and its role within UK health
and safety legislation.
• To define the principle components of risk
management.
• To outline advanced risk assessment
methodologies for use in QRA’s.
• To outline a practical risk assessment
process.
 Principals of Risk Management

Risk management can be defined as:

The eradication or minimisation of the adverse

affects of risks to which an organisation is
exposed.
 Stages in Risk Management

• Identifying the hazards.

• Evaluating the associated risks.
• Controlling the risks.
RISK MANAGEMENT

RISK REDUCTION
RISK ASSESSMENT
Activity Option Analysis Implementation
Characterisation


 Monitoring
Hazard Identification


Decision Making Audit or Review
Risk Estimation

RISK EVALUATION
RISK ANALYSIS
 Regulation 3(1) of the ‘Management of Health
and Safety at Work Regulations 1992 states:-

• ‘Every Employer shall make a suitable and efficient

assessment of:-
a) The risks to the health and safety of his employees to
which they are exposed whilst they are at work.
b) The risks to the health and safety of persons not in his
employment arising out of or in connection with the conduct by
him or his undertaking;
• For the purpose of identifying the measures he needs
to take to comply with the requirements and
prohibitions imposed on him by or under the relevant
statutory provisions.’
 Risk assessment can be a
‘very straightforward process based on
judgement requiring no specialist skills or
complicated techniques.’

This approach is commonly known as

qualitative or subjective risk assessment.
 Major Hazards
• Major hazards associated with complex
chemical or nuclear plants, may ‘warrant the
need of such techniques as Quantitative Risk
Assessment’.
• In Quantitative Risk Assessment (QRA) a
numerical estimate is made of the probability
that a defined harm will result from the
occurrence of a particular event.
 The Risk Management Process

Hazard Identification

Hazard :
The potential to cause harm. Harm including ill
health and injury, damage to property, plant,
products or the environment, production losses
or increased liabilities.
 Hazard Identification

• Comparative Methods. e.g. checklists and

audits.
• Fundamental Methods: e.g. Deviation
Analysis, Hazard and Operability Studies,
Energy Analysis, Failure Modes & Effects
Analysis.
• Failure Logic: e.g. Fault Trees, Event Trees &
Cause- Consequence diagrams
 Assessing the Risks

Risk:
The likelihood that a specified undesired
event will occur due to the realisation of a
hazard by, or during work activities or by
the products and services created by
work activities.
 Assessing the Risks
Quantitative risk assessment
• Commonly used in the high technology
industries
• QRA tends to deal with the avoidance of
low probability events with serious
consequences to the plant and the
surrounding environment.
 Assessing the Risks

Subjective risk assessment

• Qualitative risk assessment involves making a formal

judgement on the consequence and probability using:

Risk = Severity x Likelihood

 Assessing the Risks
Example:
The likely effect of a hazard may for example be rated:

1.   Major
Death or major injury or illness causing long term disability
 
2.   Serious
Injuries or illness causing short-term disability
 
3.   Slight
All other injuries or illnesses 
 Assessing the Risks

The likelihood of harm may be rated

 
1.   High
Where it is certain that harm will occur
 
2.   Medium
Where harm will often occur
 
3.   Low
Where harm will seldom occur
 Assessing the Risks

Risk
=
Severity of Harm
x
Likelihood of occurrence
• This simple computation gives a risk value of between 1 and 9
enabling a rough and ready comparison of risks.
• In this case the lower the number, the greater the risk, and so
prioritises the hazards so that control action can be targeted at
higher risks.
 Controlling Risk

• Risk Avoidance – This strategy involves a

conscious decision on the part of the organisation to
avoid completely a particular risk by discontinuing the
operation producing the risk e.g. the replacing a
hazardous chemical by one with less or no risk
potential.
• Risk Retention – The risk is retained in the
organisation where any consequent loss is financed
by the company. There are two aspects to consider
here, risk retention with knowledge and risk retention
without knowledge.
 Controlling Risk

• Risk Transfer – This refers to the legal

assignment of the costs of certain potential losses
from one party to another. The most common way is
by insurance.
• Risk Reduction – Here the risks are
systematically reduced through control measures,
according to the hierarchy of risk control described in
earlier sections.
 ALARP

• Legislation requires employers to reduce risks

to a level that is as low as is reasonably
practicable (sometimes abbreviated as
ALARP).
• To carry out a duty so far as is reasonably
practicable means that the degree of risk in a
particular activity or environment can be
balanced against the time, trouble, cost and
physical difficulty of taking measures to avoid
the risk.
 Types of Risk Assessment

Within Industry, three types of risk

assessment can be distinguished:
• Assessments of large scale complex hazard sites,
such as those found in the process and nuclear
industries. These require QRA’s
• General assessments of the complete range of
workplace risks – as required under the Management
of Health & Safety at Work Regulations, 1999.
• Risk Assessments required under specific legislation
– for example for hazardous substances (COSHH
Regulations, 1998), Manual Handling (Manual
Handling Operations Regulations, 1992).
 Advanced Risk Assessment
Techniques

Quantitative Risk Assessment

• QRA is most commonly used in the process

industries to quantify the risks of ‘major hazards’.
• QRA used in the offshore oil and gas industries, the
transport of hazardous materials, the protection of the
environment, mass transportation (rail) and the
nuclear industry.
 Quantitative Risk Assessment (1)

• Individual Risk is defined as ‘the frequency at

which an individual may be expected to sustain a
given level of harm from the realisation of specific
hazards’.

• Societal Risk
Usually expressed as risk contours:

0.3*10-6/year
VILLAGE risk contour

Site for 10-6/year

proposed risk contour
developmen
t

10-5/year
risk contour

CHLORINE
INSTALLATION

1 km
 Quantitative Risk Assessment:
Acceptance Criteria

• The HSE state that ‘broadly, a risk of death of 1 in

1000 (1x10 -3) per annum is about the most that is
ordinarily accepted under modern conditions for
workers in the UK and it seems to be the dividing line
between what is tolerable and what is intolerable’.
Failure Modes and Effect Analysis

The system is divided into sub systems that

can be handled effectively.
It involves:
• Identification of the component and parent system.
• Failure mode and cause of failure.
• Effect of the failure on the subsystem or system.
• Method of detection and diagnostic aids available.
 Failure Modes and Effect Analysis

A typical format:

Component Function Failure Failure Failure Criticality Detection Preventative

Mode Rate Effect Method Measures
Failure Modes and Effect Analysis

• For each component’s functions, every conceivable

mode of failure is identified and recorded.
• It is also common to rate the failure rate for each
failure mode identified.
• The potential consequences for each failure must be
identified along with its effects on other equipment,
components within the rest of the system.
• It is then necessary to record preventative measures
that are in place or may be introduced to correct the
failure, reduce its failure rate or provide some
adequate form of detection.
 Hazard & Operability Studies
• Hazard and Operability Studies (HAZOP)
have been used for many years as a
formal means for the review of chemical
process designs.
• A HAZOP study is a systematic search
for hazards which are defined as
deviations within these parameters that
may have dangerous consequences.
• In the process industry, these deviations
concern process parameters such as
flow, temperature, pressure etc.
 Hazard & Operability Studies

• HAZOP is a team approach, involving a team of

people representing all different functions in a plant.
• They identify all the deviations by ‘brain-storming’ to a
set of guide words which are applied to all parts of
the system.
 Hazard & Operability Studies

The process is as follows:

 The system is divided into suitable parts or sub-systems,
which are then analysed one at a time.
 For each sub-system each parameter (flow, temperature,
pressure, volume, viscosity etc.) that has an influence on it,
is noted.
 Guidewords are applied to each parameter in each
subsystem. The intention is to prompt creative discussion of
deviations and possible consequences
 For each significant deviation, possible causes are
identified.
 Hazard & Operability Studies

Guideword Definitions

NO or NOT No part of the design intent occurs, such as no flow in a

pipeline due to blockage.

MORE or LESS A quantitative increase or decrease of some parameter, such

as flow, temperature etc.

AS WELL AS All the design intentions are fulfilled and something happens
in addition
PART OF Only part of the design intention is fulfilled

REVERSE The logical opposite of the design intention occurs

OTHER THAN Something completely different than attended occurs

 Hazard & Operability Studies
Example
• Consider the simple process diagram below. It
represents a plant where substances A and B react
with each other to form a new substance C. If there is
more B than A there may be an explosion.

V3

V4
B
A
V2
V1
V5

A < B = Explosion C

Example from Harms Ringdahl L (1995), Safety Analysis: Principals and Practice in
Occupational Safety, Elsevier Applied Science.
 The HAZOP sheet for the section of the plant from A to C will be as
follows:
Guide Word Deviation Possible Causes Consequences Proposed
Measures
NO, NOT No A Tank containing A is empty. Not enough A = Indicator for low
V1 or V2 closed. Explosion level.
Pump does not work. Monitoring of flow
Pipe broken
MORE Too much A Pump too high capacity C contaminated by Indicator for high
Opening of V1 or V2 is too A. Tank overfilled. level.
large. Monitoring of flow

LESS Not enough V1,V2 or pipe are partially Not enough A = See above
A blocked. Pump gives low flow or Explosion
runs for too short a time.

AS WELL AS Other V3 open – air sucked in Not enough A = Flow monitoring

substance Explosion based on weight

REVERSE Liquid Wrong connector to motor Not enough A = Flow monitoring

pumped Explosion
backwards A is contaminated

OTHER A boils in Temperature too high Not enough A = Temperature (and

THAN pump Explosion flow) monitoring.

Example from Harms Ringdahl L (1995), Safety Analysis: Principals and Practice in
Occupational Safety, Elsevier Applied Science.
 Fault Tree Analysis

• A fault tree is a diagram that displays the logical

interrelationship between the basic causes of the
hazard.
• Fault tree analysis can be simple or complex
depending on the system in question. Complex
analysis involves the use of Boolean algebra to
represent various failure states.
 Fault Tree Analysis

• The first stage is to select the hazard or top event

that is to be analysed.
• The tree is structured so that the hazard appears at
the top. It is then necessary to work downwards,
firstly by identifying causes that directly contribute to
this hazard.
• When all the causes and sub-causes have been
identified, the next stage is to construct the fault tree.
 Fault Tree Analysis

Symbol Designation Function

EVENT / CAUSE Causes or events that can be developed

  further

BASIC Basic or Root Causes or events that cannot

EVENT/CAUSE be developed further

UNDEVELOPED Causes are not developed due to lack of

EVENT/CAUSE information or significance.

AND gate Output event occurs only if all input events

occur
OR gate Output event occurs if any one of the input
  events occurs
 Fault Tree Analysis
Example
• Consider the simple circuit diagram shown below:
LAMP

POWER
UNIT

+ BATTERY

-
FUSE SWITCH

Example from Harms Ringdahl L (1995), Safety Analysis: Principals and Practice in
Occupational Safety, Elsevier Applied Science.
 Fault Tree Analysis
• The corresponding fault tree for the above circuit, with the top
event (or hazard) being the lamp not working is as follows:
Lamp does not
light

No current
through the lamp

Faulty No power supply

Lamp to the lamp

No power feed Broken circuit

Broken Defective Defective

No Power No Power
Circuit switch fuse
from battery from unit

Example from Harms Ringdahl L (1995), Safety Analysis: Principals and Practice in
Occupational Safety, Elsevier Applied Science.
Practical Risk Assessment
(from BS8800)
Classify work activities

Identify hazards

Determine risk

Decide if risk is tolerable

Prepare risk control action plan

(if necessary)

Review adequacy of action plan

 Classify Work Activities

Possible ways of classifying work activities

include:
• Geographical areas within/outside the organisation's
premises.
• Stages in the production process, or in the provision
of a service.
• Planned and reactive work.
• Defined tasks (e.g. driving).

BS8800:1996
 Identify Hazards

Broad categories of hazard

To help with the process of identifying
hazards it is useful to categorise hazards in
different ways, for example by topic, e.g.:
• Mechanical.
• Electrical.
• Radiation.
• Substances.
• Fire and explosion.
BS8800:1996
Hazards prompt-list

During work activities could the following

hazards exist?
• Slips/falls on the level.
• Falls of persons form heights.
• Falls of tools, materials, etc., from heights.
• Inadequate headroom.
• Hazards associated with manual lifting/handling of
tools, materials, etc..
• Hazards from plant and machinery associated with
assembly, commissioning, operation, maintenance,
modification, repair and dismantling.
BS8800:1996
Hazards prompt-list

• Vehicle hazards, covering both site transport, and

travel by road.
• Fire and explosion.
• Violence to staff.
• Substances that may be inhaled.
• Substances or agents that may damage the eye.
• Substances that may cause harm by coming into
contact with, or being absorbed through, the skin.
• Substances that may cause harm by being ingested
(i.e., entering the body via the mouth).
• Harmful energies (e.g., electricity, radiation, noise,
vibration).
BS8800:1996
Hazards prompt-list

• Work-related upper limb disorders resulting from

frequently repeated tasks.
• Inadequate thermal environment, e.g. too hot.
• Lighting levels.
• Slippery, uneven ground/surfaces.
• Inadequate guard rails or hand rails on stairs.
• Contractors' activities.

BS8800:1996
 Determine risk

The risk from the hazard should be

determined by estimating the potential
severity of harm and the likelihood that harm
will occur.
Severity of harm
Information obtained about work activities is a
vital input to risk assessment. When seeking
to establish potential severity of harm, the
following should also be considered:
• Part(s) of the body likely to be affected;
• Nature of the harm, ranging from slightly to extremely
harmful:
– 1) Slightly harmful, e.g.:
• Superficial injuries; minor cuts and bruises; eye irritation
from dust.
• Nuisance and irritation (e.g. headaches); ill-health leading
to temporary discomfort.
BS8800:1996
Severity of harm

– 2) Harmful, e.g.
• Lacerations; burns; concussion; serious sprains; minor
fractures.
• Deafness; dermatitis; asthma; work related upper limb
disorders; ill-health leading to permanent minor disability.
– 3) Extremely harmful, e.g.
• Amputations; major fractures; poisonings; multiple
injuries; fatal injuries.
• Occupational cancer; other severely life shortening
diseases; acute fatal diseases.

BS8800:1996
 Likelihood of harm
When seeking to establish likelihood of harm
the adequacy of control measures already
implemented and complied with needs to be
considered.
Issues considered:
•Number of personnel exposed.
•Frequency and duration of exposure to the hazard.
•Failure of services e.g. electricity and water.
•Failure of plant and machinery components and safety devices.
•Exposure to the elements.

BS8800:1996
 Likelihood of harm
• Protection afforded by personal protective equipment
and usage rate of personal protective equipment;
• Unsafe acts (unintended errors or intentional
violations of procedures) by persons, for example,
who:
– 1) May not know what the hazards are.
– 2) May not have the knowledge, physical capacity, or skills
to do the work.
– 3) Underestimate risks to which they are exposed.
– 4) Underestimate the practicality and utility of safe working
methods.

BS8800:1996
Decide if risk is tolerable
One simple method for estimating risk levels and for
deciding whether risks are tolerable. Risks are
classified according to their estimated likelihood and
potential severity of harm.
       
Slightly harmful Harmful Extremely
harmful
       
Highly unlikely TRIVIAL RISK TOLERABLE MODERATE
RISK RISK

       
Unlikely TOLERABLE MODERATE SUBSTANTIAL
RISK RISK RISK

       
Likely MODERATE SUBSTANTIAL INTOLERABLE
RISK RISK RISK

BS8800:1996
Prepare risk control action plan

Risk categories shown form the basis for

deciding whether improved controls are
required and the timescale for action.
The outcome of a risk assessment should be
an inventory of actions, in priority order, to
devise, maintain or improve controls.

BS8800:1996
A simple risk-based control plan.
RISK LEVEL ACTION AND TIMESCALE

TRIVIAL No action is required and no documentary records need to be kept.

TOLERABLE No additional controls are required. Consideration may be given to

a more cost-effective solution or improvement that imposes no
additional cost burden. Monitoring is required to ensure that the
controls are maintained.

MODERATE Efforts should be made to reduce the risk, but the costs of
prevention should b e carefully measured and limited. Risk
reduction measures should be implemented within a defined time
period.
Where the moderate risk is associated with extremely harmful
consequences, further assessment may be necessary to establish
more precisely the likelihood of harm as a basis for determining the
need for improved control measures.
SUBSTANTIAL Work should not be started until the risk has been reduced.
Considerable resources may have to be allocated to reduce the risk.
Where the risk involves work in progress, urgent action should be
taken.
INTOLERABLE Work should not be started or continued until the risk has been
reduced. If it is not possible to reduce risk even with unlimited
resources, work has to remain prohibited.

BS8800:1996
Prepare risk control action plan

The action plan should be reviewed before

implementation, typically by asking:
• Will the revised controls lead to tolerable risk levels?
• Are new hazards created?
• Has the most cost-effective solution been chosen?
• What do people affected think about the need for,
and practicality of, the revised preventive measures?
• Will the revised controls be used in practice, and not
ignored in the face of, for example, pressures to get
the job done?
BS8800:1996
Changing Conditions and Revising

Risk assessment should be seen as a

continuing process. Thus, the adequacy of
control measures should be subject to
continual review and revised if necessary.

BS8800:1996