Zero risk does not exist!


We take risks every day: whether we are in traffic or we are refueling… The same logic applies to business processes. We know from psychological research that an average person misses about 3 times out of 1000 when he has to ‘’read and copy’ a process variable (e.g. temperature, pressure, level…).

Let’s take this example a step further:

  • Imagine a business process with a reading of a process variable
  • Assume that the probability of a mistake is 3 out of 1000

As a process engineer you will be looking for ways to lower this probability of 0,3%. Perhaps HR can (through selection procedures) hire some employees with a lower probability of mistake. Or you could split the responsibility of the reading between two persons. If person 2 does not know the result of the reading of person 1, you can easily prove that these are two stochastic independent variables which means that probability of a mistake is the product of the partial probabilities: 3/1000 times 3/1000 = 9 / 1 000 000. This means, we can substantially lower the risk but the residual risk is still not zero… We could even hire a third person, but still the residual risk will not be zero.

Besides, reducing the risk is always accompanied by an increate in means (financial, personnel, materials…). 

What is an ‘acceptable risk’?

The example above raises the question ‘which risk do we find acceptable?’ Who is responsible for determining the acceptable level of risk? The management of an organization should take responsibility for this. Several elements play a role in this decision-making process:

  • What are the possible consequences of failing (effect)?
    • Imagine, we are the management of a factory that produces a chemical agent. The potential risk of failing is that our product does not reach its specifications. If this happens the chemical agent is useless for our customer. The consequence is a customer complaint and an accompanying cost of replacing the delivered product. Perhaps, we find it acceptable that this happens 3 times out of 1000.
    • Imagine, we are the management of a factory that produces an hydraulic pump of an airplane. Our hydraulic pump has a fail ratio of 1 out of 25000 flying hours. The main difference between this example and the example above is the fact that the consequences of failing here are the loss of human life. Which risk do we find acceptable in this case? We could install a second hydraulic pump which means a drastic decrease in fail ratio but means an increase in costs as well. The decision-making process is a lot more complex in this case.
  • Are there any technological breakthroughs?
    • Imagine, that we invest in innovation and discover a new technology to produce a different type of hydraulic pump. This new hydraulic pump has a fail ratio of 1 out of 150 000 flying hours. This breakthrough has an immediate impact on the decision-making process to determine the ‘acceptable risk’.
  • Do we have the necessary means to reduce the risk?
    • As stated above, reducing the risk is always accompanied by an increase in costs. Do we have the necessary means? Secondly, there is a tension between the necessary investment and the usability of the investment. In many cases the investment is useless, unless there is a failure of the system.
  • What are the current regulations?
    • Authorities can determine a minimum risk level to which companies need to comply. An organization can strategically position itself with respect to this regulations:
      • We make sure that we achieve the minimum
      • We do whatever we can as an organization
      • We want to be a market leader and be the best company with respect to safety / environmental aspects

How to deal with risks?

Generally speaking, there are four possible strategies to deal with risks:

  • You could accept the risk
  • You could reduce the risk by taking preventive measures
  • You could avoid the risk, if possible
  • You could transfer the risk to another party (insurance)
accept - reduce - transfer - avoid

The fundamental question is ‘what risk is acceptable for us’? And how much are we willing to pay to reduce the risk to that acceptable level?

The SHEQ manager should conduct the risk assessment and propose (preventive) measures. It is the role of the management to set the acceptable risk.

How to do a risk assessment or an environmental aspect analysis?

An ISO 14001 or ISO 45001 certified company has to conduct an environmental aspect analysis or global risk assessment periodically. To do this in a well-structured way you follow a process flow:

  • Identify the risks/environmental aspect
  • Evaluate the risks (e.g. Kinney method)
  • Control the risks (define measures)
  • Monitor the risks
  • Report

We are happy to schedule a demo to show you how our technology can assist you! Applications can help you to develop risk assessments and environmental aspect analysis in an efficient way. If you want to discover how Phronesys deals with risk assessments and environmental aspects analysis, do not hesitate to contact us.

How do you deal with risks? How do you determine the acceptable risk in your organization? Which technologies make your life easier? Share your thoughts with us!