Assessment 2: Mandatory Critical Review (60%)
Assignment Two is a mandatory submitted discursive assessment which requires students to demonstrate that they are able to apply the processes of risk management and safety management to an organisational context
Submission Details: Submitted on Turn tin. Please note that you can submit the assignment on Turn tin as many times as you like providing that the file name is the same for every submission. However, please note that on the submission date you may only submit your assignment once as it will be regarded as your final submission.
Feedback Details: Feedback will be provided on Turn tin. The intention of the feedback is to apply it to the subsequent assignments to enhance these by learning from negative items of feedback as well as from positive feedback.
This assessment is intended to expose students to the knowledge and skills to undertake WH&S research, in particular how to manage risk according to the requirements of safety management principles: Owing to legislative requirements to manage risk, this knowledge generates particularly relevant workplace skills.
Based on an evidentiary base from the study package material and other sources including the literature, the Internet and, if applicable, your workplace experience:
- Provide an introduction which provides an overview of the content of the assignment (what you intend to argue).
- If you were called on to implement a risk management approach to managing risks and to control hazards efficiently would you use a generic model like AS/NZS ISO 31000?
- Alternatively would you use a more focused WH&S specific method such as those discussed in Module 7?
- You may also choose a WH&S model not included in Module 7, but talk about your choice with Don Dingsdag before you commence the assignment.
- Demonstrate why you have chosen the approach you have selected based on what you consider its positive and negative elements. If you are not basing your assignment on AS/NZS ISO 31000 you should discuss why you have not chosen it.
You will be assessed according to the marking rubric below.
Very useful WH&S websites are: http://www.austlii.edu.au
as well as, the UWS library website e-sources for:
Science Direct (in particular the journal Safety Science)
European Agency for Safety and Health at Work at https://osha.europa.eu/en
United States Department of Labor Occupational Safety and Health Administration (OSHA) at
Module 7 Hazard identification models
At the end of this module, you should be able to:
- detail the process of risk identification of selected models,
- identify some common sources of risk,
- apply commonly used tools to assist in hazard identification,
- discuss how these tools are used to identify and control
Hazard identification is the step in the risk management process that aims to identify hazards so that the associated risks can be controlled. Remember that for OHS purposes a hazard is a source of potential personal harm, or for other generic purposes a situation with the potential to cause loss. Since only those hazards that are identified can be assessed for the associated risks which should be managed or controlled, it is a critical component of the overall risk management process and needs to be both a comprehensive and a systematic process. Sources of risk from hazards can be very extensive.
The hazard identification process essentially asks the following questions:
- What can happen?
- How can it happen?
- What is the cause or causes?
Of course, if harm has already occurred, these questions become:
- What has happened?
- How did it happen?
- What was the cause or causes?
The first set of questions is a proactive approach, which identifies hazards before any harm occurs and is mandatory for OHS purposes. The latter set of questions is reactive, since harm has already occurred. To answer these two sets of questions various tools and techniques can be employed. The particular approach depends on the nature of the activities under investigation.
Below the module outlines a number of the more commonly employed tools and techniques. These overviews of Root Cause Analysis, Hazard and Operability Studies (HAZOPS), Hazard Analysis and Critical Control Points (HACCP), Failure Mode Effects Analysis (FMEA), Event Tree Analyis (ETA), Fault Tree Analysis (FTA) are adapted from various sources.
Root cause analysis
Root cause analysis (RCA) is a structured and process-focused framework whose aim is to identify the most basic, or root cause of a problem or variation in performance. RCA is useful in determining the cause(s) of variation so that appropriate improvement action can be implemented, and improvement can be sustained over time.
Improvement action that is not focused on the root cause will not be effective. Correcting superficial causes is like treating only the ‘symptoms’. To make performance measurably better and sustain the improvement over time, the in-depth causes must be found and fixed.
Getting down to the root causes of a problem or variation in performance is difficult, and sometimes even uncomfortable for the people engaging in the exercise. Too often the analysis stops prematurely and action is taken on a superficial factor identified early on. The question ‘why’ should be asked repeatedly until a further rational answer can no longer be found: That is, the process of why questions have been exhausted.
The focus of root cause analysis is changing the system or process to prevent a reoccurrence of the problem.
A Root Cause Analysis is characterized by the following:
- A focus on the performance of a process and/or system, not individuals
- Advancing from identification of direct or proximate causes in a process to the root causes in an organizational process or related
- Continues to dig deeper (asking ‘why?’ repeatedly)
- Identifies change that could be made to a system or process that would improve performance or solve the problem
Definition: Proximate Causes
Proximate causes are events that occurred, or conditions that existed, immediately before the undesired outcome and which directly resulted in its occurrence and, if eliminated or modified, would have prevented the undesired outcome. Proximate causes are also known as direct causes.
The principal steps in conducting a Root Cause Analysis are:
- Assign a Include staff from all levels—those who ‘do’ the work and those with decision-making authority.
- Establish a method to report the progress and findings to the organisation’s senior
- Develop a work plan with objectives and target
- Clearly define the problem and the team’s task and make sure all team members have a clear understanding of the problem and what needs to be
- Identify all possible contributing Focus on processes, not people. Continue to ask ‘why’ at each conjuncture.
- Sort and analyse possible contributing
- Determine which process or system each possible cause is a part
- Plan actions focused on the most basic causes-the answers to the ‘why’
- Design and implement c Don’t wait until the evaluation is complete to take action if the problem is a sentinel event and/or has serious consequences.
- Periodically assess progress after action is Decide what should be measured, by whom and how often.
- Repeat the previous steps as Although it may take intermediate action along the way, don’t stop analysis until the true root cause is identified and improvement action is taken. Redesign systems and processes to eliminate the root cause!
- Make sure improvement is Continue to track and report progress!
From the Book of Readings read: Reading 15: Appendix IV: How to Conduct a Root Cause Analysis, General Project Specification For Project Safety Requirements GPS- 008, Esso Exploration & Production Chad Inc., Chad Development Project.
The Root Cause Analysis process has a heavy emphasis on teamwork and focuses on process or the system rather than on individuals when investigating an incident. In your view is it always the system which is at fault or in your opinion can humans interacting with the workplace environment also have contributory role when an incident occurs.
How useful is asking why repeatedly until the ‘root cause has been discovered. Will the question ultimately provide the required answer?
Hazard and operability studies (HAZOPS)
[Source: US Coast Guard’s Risk-Based Decision Making Guidelines.
Summary of Hazard and Operability (HAZOP) Analysis
The HAZOP analysis technique uses a systematic process to (1) identify possible deviations from normal operations and (2) ensures that appropriate safeguards are in place to help prevent accidents. The HAZOP technique uses special adjectives (such as ‘more,’ ‘less,’ ‘no,’ etc.) combined with process conditions (such as speed, flow, pressure, etc.) to systematically consider all credible deviations from normal conditions. The adjectives, called guidewords, are a unique feature of HAZOP analysis.
Some of you may have heard of HAZID which undertakes a similar process. The commercially available HaziD pack;
presents an ordered sequence of Primary and Secondary Hazard questions, the purpose of which is to enable the proper identification of hazard conditions on the job.
The program first asks the user to enter the site details and then provides a structured sequence of questions that will assist the user to correctly identify workplace hazards. In every case, the program will pass through a list of Primary Hazard headings, where, for every “YES” response that is made, the program will provide a detailed list of Secondary Hazard questions.
This process enables the user to focus attention to the broadest possible cross section of hazard conditions. A simple yes or no response to the Secondary Hazard prompts is all that is required from the user. For every Secondary Hazard question that is confirmed with a “Yes” response the computer will generate a list of pre-set (linked) safe working and exposure avoidance controls. The control lists are further enhanced by prompts for permitting requirements and equipment /machinery pre- start procedures for the work to be undertaken and are included on the printed report (Source: www.hazidpack.com/content_files/concept_summary.pdf)
Figure 7.1: HAZOP analysis process
(Source: US Coast Guard’s Risk-Based Decision Making Guidelines:
Brief summary of HAZOP Analysis characteristics
- HAZOP analysis is a systematic, highly structured assessment relying on HAZOP guide words and team brainstorming to generate a comprehensive review and ensure that appropriate safeguards against accidents are in place
- It is typically performed by a multidisciplinary
- It is applicable to any system or procedure.
- It is used most as a system-level risk assessment
- It generates primarily qualitative results, although some basic quantification is possible.
Most common uses
Used primarily for identifying safety hazards and operability problems of continuous process systems, especially fluid and thermal systems. It is also used to review procedures and sequential operations
Figure 7.2: Example HAZOP documentation
(Source: US Coast Guard’s Risk-Based Decision Making Guidelines.
In your view beyond continuous process systems, how practical is the HAZOP approach as an application to identify potential ‘deviations.’ Is the reliance on ‘qualitative’ descriptors a barrier to its application. Do quantitative descriptors always produce more accurate potential risk exposures?
Hazard Analysis and Critical Control Points (HACCP)
HACCP is a systematic approach to the identification, assessment, and control of hazards. Some definitions directly reference food safety, reflecting the predominant use to date of the HACCP approach in the food sector. Other definitions are more generic: A step-by-step approach to the identification and assessment of hazards and risks associated with the manufacture, distribution and use of products. Hazard refers to any part of a production chain or a product that has the potential to cause a safety problem (including OHS). Analysis is the identification and assessment of the seriousness and likelihood of occurrence of a hazard. A Critical Control Point is a point, step, or procedure at which control can be exercised to prevent, eliminate, or minimize a hazard. In other words, HACCP uses the same proactive hazard identification processes as those used for OHS purposes. HACCP is a proprietary system which has ‘plug in’ OHS modules. HACCP has been increasingly applied to industries other than food, such as cosmetics and pharmaceuticals for example. HACCP, which in effect seeks to proactively eliminate unsafe practices based on science, differs from traditional quality control methods that are not designed to prevent hazards from occurring and identifies them at the end of the production process.
HACCP has its roots in the U.S. aerospace industry and was developed by the Pillsbury Company in 1959 to ensure the safety of food in the new U.S. space program in collaboration with NASA to enable to get astronauts on the moon. Because the lives of astronauts, who, if they developed food poisoning in space, would be in serious danger, NASA requested the creation of a preventive process to guarantee the quality and purity of food.
There are seven principal steps in the HACCP approach:
- Conduct a hazard analysis, preparing a list of steps in a process where significant hazards occur and identifying preventive
- Identify critical control points – steps at which controls can be applied to prevent, eliminate, or reduce to acceptable levels a safety
- Establish critical limits for preventive measures associated with each identified critical control
- Establish monitoring requirements for each critical control point, and procedures to monitor results to adjust the process and maintain
- Establish corrective actions to be taken when a critical limit deviation
- Establish procedures to verify on an ongoing basis that the HACCP system is working
- Establish record-keeping procedures to document the HACCP
Figure 2.3 shows a simple illustration of the HACCP method applied to preparation of an infant formula for feeding.
Figure 7.3: Simple HACCP illustration. A food flow diagram for preparation of infant formula from milk, water, and sugar
(Source: Proactive Hazard Analysis and Health Care Policy, figure 1. p. 8; Available online from: http://www.milbank.org/reports/Proactive/020925Proactive.html)
Title: Three pillars of ISO 31000 and HACCP for OHS
From the book of Readings read: Reading 16 International Life Sciences Institute, 1997, A Simple guide to understanding and applying the hazard analysis critical control point concept, ILSI, Belgium.
From Reading 16 and this module do you think that HACCP is a good fit with OHS procedures in controlling hazards?
Failure Mode Effects Analysis (FMEA)
FMEA is a tool used to identify and evaluate potential failures and their causes. The tool is then used to prioritize potential failures according to their risk, pointing to actions to eliminate or reduce the likelihood of occurrence. FMEA provides a methodology to document the analysis for future use and for continuous process improvement. It is used in combination with other problem-solving tools to eliminate or reduce risk.
The FMEA process was developed by the U.S. military in 1949 as a reliability evaluation technique to determine the effect of system and equipment failures. Failures were classified according to their impact on mission success and personnel/equipment safety. FMEA was adapted for the National Aeronautics and Space Administration (NASA) in the 1960s for the Apollo space program to facilitate the process of predicting failures, planning preventive measure, estimating the cost of failures, and planning redundant systems or system responses to failures.
The principal steps in the FMEA process are to:
- identify potential failures in processes (failure mode);
- identify the possible effects of those failure modes;
- identify the criticality of each failure mode (a combination of the probability of the failure mode occurring, the effect resulting when the failure mode occurs, and the severity of the effect);
- prioritize the failure modes based on their criticality;
- identify possible causes of the priority failure modes;
- redesign the process to prevent the failure mode and/or put in place process controls to detect the failure mode before the effect occurs;
- implement and test the new design or control process;
FMEA is a tool widely used in industries such as aviation, chemicals, nuclear power and aerospace. The U.S. Veterans Health Administration (VHA) pioneered the adaptation of FMEA to patient safety in health care systems producing the Healthcare Failure Mode and Effect Analysis (HFMEA). In 1998, the VHA established the National Center for Patient Safety (NCPS). The NCPS in collaboration with quality and risk managers, as well as others, developed a patient safety handbook to provide direct problem-based learning to front-line personnel of all VHA facilities.
The five key steps involved in conducting an HFMEA analysis are:
• Define the HFMEA topic.
This should include a clear definition of the process to be studied.
• Assemble the HFMEA team.
The personnel should be multidisciplinary and include subject matter experts and an adviser.
Graphically describe the process.
Develop a flow diagram; number each process step; identify the area of the process to focus on; identify all sub-processes; create a flow diagram of the sub-process.
• Conduct a failure analysis.
List all possible failure modes under the key sub-process; determine the severity and probability of each potential failure mode; use a Decision Tree to determine if the failure mode warrants further action; list all failure mode causes where the decision has been made to proceed;
• Evaluate actions and outcome measures.
Determine whether to;
- eliminate, control, or accept each failure mode cause;
- identify a description of action for each failure mode to be controlled or eliminated;
- identify outcome measures to test the redesigned process;
- identify an individual responsible for completing the action;
- indicate whether senior management concurs with the recommended action;
From the Book of Readings read: Reading 17 Kusler-Jensen, J. & Weinfurter, A. 2003, FMEA—An idea whose time has come’, Surgical Services Management, vol. 9, no. 3, June, pp. 30–37.
Reading 18 Common Errors in Healthcare Failure Mode and Effects Analysis (HFMEA®)
Reading 19 McDonough, J.E. 2002, Proactive Hazard Analysis and Health Care Policy, Milbank Memorial Fund.
Whereas FMEA is a tool widely used in high risk industries such as aviation, chemicals, nuclear power and aerospace, in your view is it too complex and time consuming to provide efficient and timely advice on the control of hazards?
Comparison between HFMEA and HACCP
HFMEA and HACCP differ in significant ways in operation, but the similarities are significant.
Table 7.1 shows the basic steps in performing an HFMEA analysis and in undertaking a HACCP process. The five HFMEA steps are the core elements described in materials
produced by the VHA National Center for Patient Safety. The HACCP procedure is slightly modified from a full 14 step process to enableeasy comparison
Table 7.1: HFMEA and HACCP steps
(Source: Proactive Hazard Analysis and Health Care Policy, Table 1, p. 11;
Event Tree Analysis (ETA)
Summary of Event Tree Analysis
Event tree analysis (ETA) is a technique that logically develops visual models of the possible outcomes of an initiating event. Event tree analysis uses decision trees to create the models. The models explore how safeguards and external influences, called lines of assurance, affect the path of accident chains.
Figure 2.4: Chart of Event Tree Analysis process[Source: US Coast Guard’s Risk-Based Decision Making Guidelines. Source:
Event tree terminology
The following terms are commonly used in an event tree analysis:
The occurrence of some failure with the potential to produce an undesired consequence. An initiating event is sometimes called an incident.
Line of assurance (LOA)
A protective system or human action that may respond to the initiating event.
Graphical illustration of (usually) two potential outcomes when a line of assurance is challenged; physical phenomena, such as ignition, may also be represented as branch points.
Accident sequence or scenario
One specific pathway through the event tree from the initiating event to an undesired consequence.
Brief summary of Event Tree Analysis characteristics
- Models the range of possible accidents resulting from an initiating event or category of initiating
- A risk identification technique that effectively accounts for timing, dependence, and domino effects among various accident contributors that are cumbersome to model in fault
- Performed primarily by an individual working with subject matter experts through interviews and field
- An analysis technique that generates the following:
- qualitative descriptions of potential problems as combinations of events producing various types of problems (range of outcomes) from initiating
- quantitative estimates of event frequencies or likelihoods and relative importance of various failure sequences and contributing
- lists of recommendations for reducing
- quantitative evaluations of recommendation
Most common uses
Generally applicable for almost any type of risk assessment application, but used most effectively to model accidents where multiple safeguards are in place as protective features.
Fault Tree Analysis (FTA)
Fault tree analysis (FTA) is an analysis technique that visually models how logical relationships between equipment failures, human errors, and external events can combine to cause specific accidents.
Figure 2.5 Example of a Fault Tree Analysis
The fault tree presented in the figure above illustrates how combinations of equipment failures and human errors can lead to a specific type of accident. The procedure for performing a Fault Tree Analysis is outlined in the US Coast Guard’s Risk-Based Decision Making Guidelines, and consists of the following eight steps:
Procedure for Fault Tree Analysis
- Define the system of Specify and clearly define the boundaries and initial conditions of the system for which failure information is needed.
- Define the TOP event for the Specify the problem of interest that the analysis will address. This may be a specific quality problem, shutdown, safety issue, etc.
- Define the treetop Determine the events and conditions (i.e., intermediate events) that most directly lead to the TOP event.
- Explore each branch in successive levels of Determine the events and conditions that most directly lead to each intermediate event. Repeat the process at each successive level of the tree until the fault tree model is complete
- Solve the fault tree for the combinations of events contributing to the TOP Examine the fault tree model to identify all the possible combinations of events and conditions that can cause the TOP event of interest. A combination of events and conditions sufficient and necessary to cause the TOP event is called a minimal cut set. For example, a minimal cut set for over pressurizing a tank might have two events:
(1) pressure controller fails and (2) relief valve fails.
- Identify important dependent failure potentials and adjust the model Study the fault tree model and the list of minimal cut sets to identify potentially important dependencies among events. Dependencies are single occurrences that may cause multiple events or conditions to occur at the same time. This step is a qualitative common cause failure analysis.
- Perform quantitative analysis (if necessary). Use statistical characterizations regarding the failure and repair of specific events and conditions in the fault tree model to predict future performance for the
- Use the results in decision Use results of the analysis to identify the most significant vulnerabilities in the system and to make effective recommendations for reducing the risks associated with those vulnerabilities.
Source ‘Fault Tree Analysis’ in Chapter 9, vol. 3 of the US Coast Guard’s Risk-based Decision-making Guidelines :
Environmental hazard identification
The Australian/New Zealand guide: HB 203:2000, Environmental risk management – Principles and process, provides an excellent overview of the entire risk management process as it relates to the environment.
Environmental risk may arise from the relationship between humans and human activity and the environment. Ecological risk management, a subset of environmental risk management, deals with risks associated with past, present and future human activities on flora, fauna, and ecosystem.
Environmental risk may be divided into two categories:
- Risks to the environment
- Risks to an organization from environment-related
Risks to the environment are those activities of an organization that can cause some form of environmental change and can relate to flora and fauna; human health and wellbeing; human social and cultural welfare; earth, air and water resources; energy and climate.
Risks to an organization from environmental-related issues include the risk of not complying with existing (or future) legislation and criteria. Other risks of this type include business losses an organization may suffer resulting from poor management such
as loss of reputation, fines, cost of litigation, and from failure to secure and maintain permission for development and operational activities.
HB 436:2004, Risk Management Guidelines – Companion to AS/NZS 4360:2004, Standards Australia, Standards New Zealand.
HB 203:2000, Environmental risk management –Principles and process, Standards Australia, Standards New Zealand.