Nadine Cranenburgh

Introduction Risk Engineering is a set of approaches that compliments other forms of risk management , including enterprise and project risk management. AS/NZS ISO 31000:2018 defines risk as “effect of uncertainty on objectives” and risk management as “coordinated activities to direct and control an organisation with regard to risk”. Therefore it is implied that engineering risk is the effect of uncertainty on engineering objectives. If we accept that risk engineering is a specialised form of risk management, then to be consistent with ISO 31000, risk engineering could be defined as coordinated activities to direct and control an organisation with regard to engineering risk. Risk engineering can also be defined as the identification, prioritisation and control of the material risks which may impact engineering outcomes, processes and systems, cost, schedule, quality and safety. It involves the application of engineering methods to deal with all forms of uncertainty (including loss and opportunity). Risk engineering encompasses the entire management lifecycle from concept, design and construction; through operations management; to decommissioning and disposal or re-engineering, repurposing, reuse and recycling. Risk engineering is informed by the requirements of the specific context, broader corporate environment and management organisation. It is also shaped by inputs from other internal and external stakeholders including relevant or involved engineering disciplines. Risk engineering in projects In the context of projects, risk engineering is commonly associated with uncertain events or conditions within the project scope that, if they eventuate, could have a negative impact on the project’s objectives, or expose the project to regulatory non-compliance. At the project concept stage, identified risks can be dealt with as opportunities to improve the project's scope to be more resilient or achieve more beneficial outcomes. Generally, risk engineering should be performed using a system framework that accounts for uncertainties in modelling, behaviour and prediction, and interaction between the system's components. The framework should also assess impact on the system and its surrounding environment. Risk engineering elements Typical elements of risk engineering include: Safety assurance Safety in design (SID) Process safety Systems assurance Fault analysis Reliability engineering Resilience engineering Hazardous operations studies (HazOp, HazID) Probabilistic risk determination (QRA) Some specific tasks that might be involved in risk engineering are: Reviewing and influencing project proposals Investigations, reporting and appearing as expert witnesses e.g. in court, before royal commissions, on expert panels Raising public awareness of risk issues in engineering contexts e.g. by presenting conference papers, publishing in journals, contributing to communities of practice and bodies of knowledge, posting on social media Advocating for improved engineering practices to increase safety, reliability and resilience. Context Risk engineering can vary depending on the context where it is applied, including different project fields, locations and environments, or engineering disciplines. For example, in a chemical engineering context, risk engineering might involve the application of quantitative risk assessment methods to consider the likelihood and consequence of hazards or events, and developing models to represent the behaviour of systems, events or scenarios of interest. In an environmental engineering context, risk engineering might also involve investigating how to reduce the existential risk posed by the effects of climate change to the ongoing existence of flora, fauna and humans in various socio-economic groups. In product development risk engineering workshop to improve equipment performance by application of tools like failure mode, effects and criticality analysis (FMECA). The insurance industry employs risk engineering principles to identify and reduce loss exposures of industrial plant. Sources The content on this page was primarily sourced from: Webinar titled ‘Perspectives on Risk: Engineers, frameworks and new ways of thinking’, delivered to REBOK Community on 29 May 2018 by Warren Black, Principal and Founder, Complexus Material supplied by Brian Njamba, MBA, Meng (Oil & Gas), BEng (Chemical) (Hons) Material supplied by Ian Thomas, BScHons(ChemEng), MEngSci(EnvEng), FIChemE, FIEAust, FRACI, FSIA, CEng, CPEng, CChem, RSP(Aust) Peer review by Geoff Hurst, President RES, FIEAust CPENG CHOHSP Input from Kevin Foster, 24 June 2020.

Introduction Enterprise risk management is the identification, prioritisation and treatment of the risks which may hinder an organisation or company from meeting its business objectives. Large engineering firms, as well as high-risk industries including mining, oil and gas will generally have a central enterprise risk management framework to which all other forms of risk management – including project risk management and risk engineering – should align. Elements of enterprise risk management frameworks Typical elements of an enterprise risk management framework include: Corporate governance Strategic risk management Financial risk management Operational risk management Auditing and corporate assurance Insurance These elements are usually overseen by a group or chief risk officer. Further reading Click this link for a list of related pages. Sources: The content on this page was primarily sourced from: Webinar titled ‘Perspectives on Risk: Engineers, frameworks and new ways of thinking’, delivered to REBOK Community on 29 May 2018 by Warren Black, Principal and Founder, Complexus

Introduction One of the goals of risk management is to put in place a risk-aware and accountable culture that ensures all parties know that they are responsible for all forms of risk management, and understand what their roles are and how they contribute to the overall risk management framework. How do we establish the right culture? In the safety world, some visible initiatives to build an aware and accountable culture include posters and other marketing material and the ready availability and training in use of high-visibility safety gear. Initiative such as introducing a safety check or briefing at the start of management or executive meeting is another way of raising awareness. Sources The content on this page was primarily drawn from: Webinar titled ‘Perspectives on Risk: Engineers, frameworks and new ways of thinking', delivered to REBOK Community on 29 May 2018 by Warren Black, Principal and Founder, Complexus

Introduction Because risk has many forms, sources and contexts, there are numerous branches of risk management. Some examples which engineers may come across in their careers include enterprise risk management, project risk management and risk engineering. This page describes some basic general concepts as an introduction to risk management. The Mechanics of Risk Management The standard process reflected in most conventional risk management environments generally follows a four-step process: Identify the risk: This could involve predicting, forecasting or documenting risks Quantify the risk: This could involve assessing, measuring or prioritise risks. eg. material vs. immaterial risks, immediate vs. non urgent Control the risk:This involves planning for and executing risk treatment or mitigation to do something about identified risks according to how they have been quantified Review the risk: This is an ongoing process of reviewing the progress of the risk, monitoring and recording it until the risk is either either completed or the risk profile has been downgraded. Key concepts in determining the degree of risk are: its probability (likelihood) of occurrence (P) its perceived impact (I) eg. low-level, high-level the strength of the control environment eg. how mature is the system, and how well will it control the risk at hand? These factors can be related in the basic risk management formula: R=(P x I) / C For example, if a risk’s probability and impact are high, and the control environment is weak or has a low effectiveness then the risk could be a major or even extreme threat. If a risk’s probability and impact are low, and the control environment is strong, then the risk is likely to be an insignificant threat. Risk Management Framework When building a risk management solution, the framework required can be divided into six key factors as shown in the diagram below. Diagram courtesy of Warren Black, Complexus Sources The content on this page was primarily drawn from: Webinar titled ‘Perspectives on Risk: Engineers, frameworks and new ways of thinking', delivered to REBOK Community on 29 May 2018 by Warren Black, Principal and Founder, Complexus

Introduction Strategic maintenance management is essential to maintain the integrity of physical assets and ensure business survival and success. An effective way to support strategic maintenance management is through a risk-based approach. Risk-based maintenance originated in the 1980s and 1990s and has received a recent boost in interest from companies putting in place robust performance standards to avoid catastrophic equipment failures. An additional driver is that many companies are adopting asset management standards ISO 55000:2014, 55001:2014 and 55002:2014. These standards require companies to develop a set of structured documents which cover the maintenance of assets including data, information, costs and people throughout their lifecycle. They must also use risk as a basis for decision making and continuously improve their processes. Risk-based maintenance management vs reliability centred maintenance (RCM) Another way that risk can be used to regulate maintenance is using reliability centred maintenance (RCM). RCM can be used to choose which method is best-suited to a particular asset, while risk-based maintenance management is used to select which assets a maintenance program should target. What is risk-based maintenance management? Maintaining assets, rather than simply waiting for them to break down, delivers significant cost savings, as the cost of repairing an equipment breakdown is three to five times the cost of the same repair done in a planned manner, prior to failure. But maintenance budgets are limited, and engineers and managers need tools to help them allocate resources for the best results. Risk-based maintenance management prioritises the maintenance of assets that carry the most risk if they were to fail. This approach allows engineers and maintenance managers to determine the most economical use of limited maintenance resources to minimise the total risk of failure across a facility. The main phases are: criticality assessment development of risk-based maintenance program and strategies risk-based maintenance planning risk-based allocation of spares and repairs The risk-based maintenance system is set up during the project phase of establishing a facility, then continued into the operation phase. A diagram of the risk-based management process is shown below. Diagram courtesy of David Finch, Maintenance Integrity Solutions Criticality assessment The goal of maintenance is to deliver a proper balance of maintenance activities to identify and prevent impending failures. By understanding which assets are the most important through a criticality assessment, engineers and maintenance managers can determine how to most effectively schedule maintenance activities of the right equipment at the right time to reduce risk over the whole facility. Criticality of equipment is based on the consequence of failure (CoF). Higher consequences lead to higher criticalities. Consequences can include impacts on safety, environment, reputation and production. One approach to evaluating the criticality of failure consequences is summarised below. Diagram courtesy of David Finch, Maintenance Integrity Solutions The criticality evaluation score can then be used to allocated a criticality ranking to equipment as shown below. Diagram courtesy of David Finch, Maintenance Integrity Solutions Criticality assessment should not be confused with assessing the risk of equipment failure, which is the product of the probability of equipment failure and the consequence of that failure. Risk-based maintenance program and planning After completing a criticality assessment, facilities can set up a risk-based maintenance program based on the criticality ranking of assets. An example is shown below. Diagram courtesy of David Finch, Maintenance Integrity Solutions Principles for the maintenance program are: assets with a greater risk and consequence of failure are maintained and monitored more frequently to achieve tolerable risk criteria assets with a lower risk have a less stringent maintenance program This means that the total risk of failure is minimised over the facility. It is important to keep the maintenance program flexible, and develop it through a dynamic process of collecting information on operating conditions and revisiting the frequency of inspection and testing. The next stage is maintenance planning for both preventative and corrective maintenance. This includes allocating maintenance resources , sourcing parts and properly training staff. Emergency management circumvents the planning process, but all other maintenance should be planned. In order to prioritise work orders for risk-based maintenance planning, a work order priority matrix (as shown below) can be used. Diagram courtesy of David Finch, Maintenance Integrity Solutions Other methods, such as a ranking index for maintenance expenditures (RIME) can also be used. However RIME is complicated, and based on criticality rather than risk. If implemented correctly, risk-based maintenance planning should lead to a shift from corrective or reactive maintenance to condition-based maintenance, which is economical and provides evidence to back up maintenance budgets. Risk-based spares and repairs Finally, risk-based categorisation of spares and repairs can be put in place. Critical spares should be kept on site. An example of a risk-based spares matrix is shown below. Diagram courtesy of David Finch, Maintenance Integrity Solutions For effective risk-based spares stocking, engineers and maintenance managers should understand that a critical machine part is not necessarily a critical spare part. The time needed to obtain parts is also a consideration, as parts that can be obtained quickly can be ordered as required. Another factor to take into account is connection between the failure mode and the maintenance response, as some parts fail unexpectedly and catastrophically, while other failures can be predicted through condition monitoring or other maintenance activities. Benefits and limitations of risk-based maintenance The benefits of risk-based maintenance are summarised below: provides a systematic approach to determine the most appropriate asset maintenance plans reduces the risk of asset failures to an acceptably low level supports decision-making about how best to allocate limited maintenance budgets provides opportunities to identify and eliminate low-value maintenance tasks A limitation is that a highly sophisticated team is needed to quantify the risks of different maintenance tasks. Sources: The content on this page was primarily drawn from the following sources: Webinar titled ‘Risk-Based Maintenance Revisited’ by David Finch, Maintenance Integrity Solutions

Introduction In order to effectively manage the risks associated with complex, high profile projects, project managers need a set of tools tailored to a project context. Project management decision-making, including the level of contingency set aside for budget and schedule overruns, can be affected by the cognitive biases of stakeholders. Several well-established project management frameworks have risk management modules which can provide project managers with guidance in this area. Elements of project risk management Typical elements of a project risk management framework include: Project governance Project assurance Cost risk management Schedule risk management Contingency risk management Scope risk management Change control Benefits management Many disciplines contribute to project risk management, including risk engineering and safety. Managing risks for individual projects also needs to take into account risks that may be introduced by related projects and areas within the project management organisation, and at the program and portfolio levels. Standards and Frameworks Some of the standards and frameworks specific to project risk management are: PMBOK - The US-based Project Management Institute’s (PMI) Project Management Body of Knowledge (PMBOK) framework includes a module on how risk management should be performed in a project context. This standard is used across a range of industries. PMI has also published a risk-specific standard: The Standard for Risk Management in Portfolios, Programs, and Projects PRINCE2 - Projects In Controlled Environments (PRINCE2) is a popular, UK-based project management standard. It was originally developed as a government standard for information systems projects and includes a risk management approach including a risk register COBIT 5 - Is a recent standard for project management which includes a risk management module. This standard links risk management to governance and insurance, where PRINCE2 and PMBOK treat them as individual modules. and is used extensively in projects to implement information technology solutions such as SAP and Oracle. Challenges A particular challenge for complex projects is building the maturity of internal control systems to increase resilience in the event of unpredictable risks. For this reason, momentum is building in emerging risk management methods including complexity sciences and organisation-wide resilience. Further reading Click this link for a list of related pages Sources: The content on this page was primarily sourced from: Webinar titled ‘Perspectives on Risk: Engineers, frameworks and new ways of thinking’, delivered to REBOK Community on 29 May 2018 by Warren Black, Principal and Founder, Complexus

Introduction The Committee of Sponsoring Organizations of the Treadway Commission (COSO) Enterprise Risk Management – Integrated Framework is well known and referenced, particularly in internal control and auditing applications. Application This framework describes a form of enterprise-wide risk management with a focus on matching risk management with strategy to develop an internal control capability to effectively manage risk. It is suited to general risk management in corporate organisations. For discipline specific risk management, other standards exist (eg project risk management standards). Sources The content on this page was primarily drawn from: Webinar titled ‘Perspectives on Risk: Engineers, frameworks and new ways of thinking’, delivered to REBOK Community on 29 May 2018 by Warren Black, Principal and Founder, Complexus

Introduction International Organization for Standardization (ISO) 31000 is a family of risk management standards which provides a foundation level “practitioner's” view of risk management. This global standard was first published in 2009, based on a standard originally developed by the Australian/New Zealand standards organisation. The ISO 31000 standard is perhaps the most commonly and widely used risk management approach. It was recently updated to a 2018 version. The ISO standard is a useful foundation overview of risk management. For complex, advanced or highly specialised projects or applications, other approaches to risk may be considered. Methodology The ISO 31000 standard recommends the following steps in the risk management process: Establishing the Context Risk Assessment Risk Treatment Monitoring, Auditing, Review and Improvement Risk Communication Sources The content on this page was primarily based on: Webinar titled ‘Perspectives on Risk: Engineers, frameworks and new ways of thinking’, delivered to REBOK Community on 29 May 2018 by Warren Black, Principal and Founder, Complexus

Introduction ‘Risk’ is defined by the International Standards Organisation (ISO) 31000:2018 as “effect of uncertainty on objectives”. This is a common definition in risk literature. An alternative definition is “an event, situation which may influence an entity’s ability to achieve desired objectives successfully”. Risk management can therefore be defined as the proactive control of risk in a manner that promotes positive outcomes. For example, for a commuter with the objective of driving a car to work and arriving on time, risks could include: high traffic, a traffic accident, roadworks, and poor driving of the person trying to get to work or other commuters. In order to manage these risks, the commuter would assess the barriers to him or her arriving on time, and come up with a proactive solution, eg. leaving home earlier or deciding to ride a bicycle or park the car and catch public transport to avoid traffic delays. Sources The content on this page was primarily drawn from: Webinar titled ‘Perspectives on Risk: Engineers, frameworks and new ways of thinking', delivered to REBOK Community on 29 May 2018 by Warren Black, Principal and Founder, Complexus

Introduction Bow-tie diagrams are powerful risk management tools that are clear, simple and visually describe the dynamics of a major incident. This tool can be used in all industries and sectors. What is a bowtie? A bow-tie diagram summarises the risks associated with a particular hazard in a pictorial form. It gets its name from the bowtie shape of the diagram, which separates proactive and reactive risk management. The starting point is to map out the incident using a hazard and the ‘top event’, or point at which the hazard becomes active. An example is shown in the centre of the diagram below. Diagram courtesy of Fiona Boyle, R4Risk On the left of the diagram above, the causes of the incident are mapped, and on the right, the outcomes. The second step is to insert preventative controls on the left of the diagram, to lessen the likelihood of the triggering causes (as shown below). This summarises a proactive approach to preventing the incident. Diagram courtesy of Fiona Boyle, R4Risk The final step is to add mitigative controls on the right of the diagram to summarise the reactive response to the incident, as shown in the following diagram. Diagram courtesy of Fiona Boyle, R4Risk For the bow-tie to be effective, the validity and completeness of the controls and information included needs to be carefully considered. Applications Bow-ties can be used to demonstrate ALARP and SFAIRP (as low as reasonably practicable and so far as is reasonably practicable) assessments, and to facilitate semi-quantitative risk assessments. They are also a good way of identifying critical controls to prevent and mitigate incidents and communicating hazards to workers. They can also be useful in training and auditing applications. Benefits and limitations The benefits of bowties are their simplicity, usefulness as a communication tool and applicability to a wide variety of industries and applications. Software is also available to use bowties in reporting and risk register creation. They do have some limitations. One of these is the challenge of balancing the level of detail with the ease of reading the diagram, as greater levels of detail can make reading difficult (as shown below). Diagram courtesy of Fiona Boyle, R4Risk Bow-ties do not provide a methodology to assess the effectiveness of controls, unless details are added (as in the diagram above). Other challenges are defining the scope that the bowtie will cover, keeping the diagram to a manageable size, and differentiating between onsite and offsite risks. In some hazardous applications, the large number of bow-tie diagrams required to detail risks can limit their practicality. For example, a refinery would require hundreds of bowties for the many hazards present. It is also important to consider whether the controls included add value to the risk management process, whether they are generic or in-depth, and if they are independent. Application in Safety Cases Bow-ties have been used in Safety Cases to link hazards, controls and consequences. They have also been generated and used to review and validation of existing major incidents and controls. Control assessment using bowties Bow-ties have been used in the assessment of site material risks for non-major hazard facilities (MHF). This application concentrates on high consequence potential events and demonstration that they have been reduced to ALARP. They can also help workers gain an understanding of the site and awareness of hazards. A summary of the process to use bow-ties in control assessments is shown in the diagram below. Diagram courtesy of Fiona Boyle, R4Risk Sources: The information on this page was primarily drawn from: Presentation titled “Bowtie diagrams – Looking at the Bigger Picture” by Fiona Boyle, Risk Consultant, R4Risk, Risk Engineering Society Conference 2012

Introduction Project teams can be subject to different kinds of cognitive biases, including: optimistic estimates of budgets and timelines, or social or political pressure to meet particular targets. This can lead to setting aside unrealistically low project contingencies, or allocations of budgetary or time resources in addition to the base estimate or schedule, to allow for inherent or contingent risks at the desired confidence level. Cognitive bias can be defined as peoples’ deviation from rational judgement to draw illogical conclusions. In some cases, cognitive biases may lead to more effective decisions or actions, especially where speed is more important than accuracy (as demonstrated by heuristics in decision making). Engineers may have an unconscious bias toward systems, processes and data as effective tools for problem solving. These tools are effective when problems are reasonably linear, but many problems are complex, especially those with a strong human element. Therefore, it is important to select appropriate models and assumptions to simplify complex problems to assess risk in order to make the right decisions. Lessening effect on project contingency setting To improve project risk management and contingency calculations, project teams should be aware of possible cognitive biases that may affect decision making. The diagram below shows some common forms of cognitive bias. Diagram courtesy of Pedram Danesh-Mand, Risk Engineering Society Accuracy of contingency allowances can also be improved by identifying and assessing possible causes of cost or schedule overruns and holding regular review meetings. Sources: The information on this page was primarily sourced from: Risk Engineering Society Contingency Guideline, 2016

Risk engineering contributes to health, safety, productivity and environmental protection for society at large. For engineers, the need to identify, monitor and mitigate project risks has been acknowledged throughout history, as failure to do so can lead to damage to reputations, financial loss, injury or death. Less well-acknowledged is the potential for risk engineers to identify and act on opportunities that can enhance project outcomes. The following is a non-exhaustive summary of general risk principles applicable across application categories, engineering disciplines and industries. Links to further information will be added as REBOK develops: Risk Management in Society (Socio-Political Context) Legislation Community Expectations Code of Ethics Global Concepts Risk Management Basics Uncertainty Complexity Accident Causation Models Risk Perception and Tolerance Risk Assessment Criteria Risk Management Approaches International Risk Management Standard 31000 Due Diligence Resilience Engineering Reliability Engineering Risk-based Maintenance and Reliability Centred Maintenance Culture, Organisation and Systems Maturity Models Policies Leadership and Commitment Personnel Documentation and Records Management and Organisational Systems Dealing with Stakeholders Crisis and Emergency Preparedness and Response Tools and Techniques Index of Tools and Techniques Hazard Identification Qualitative Risk Assessment Semi-quantitative Risk Assessment Quantitative Risk Assessment Incident Investigation

Introduction Due diligence is a legal concept. It arises when a duty of care exists. This duty can be by directors to shareholders, management to employees, parents to children or manufacturers to the public. Its importance is to do with how our citizens, institutions and corporations can deal fairly with each other. It is the basis of trust without which an open, civilised society cannot prosper. Essentially it asks the question: if you were in the same position, how would you expect to be treated? This is hardly a novel idea. It has been considered throughout recorded history. What is new is its absorption into the legislative and judicial process within the last 100 years. Ideas to governance framework The diagram below shows the ideas to governance framework which led to the adoption of due diligence principles into the law. Diagram courtesy of Richard Robison, R2A The world is full of problems. In fact, there appears to be an endless supply of them. One of humanity’s achievements to date has been an ability to overcome some of the important (meaning serious but not societally fatal) ones retrospectively by determining, with the advantage of hindsight, what ought to have been done using the investigative feedback of our judicial systems and then inserting this knowledge robustly into our governance systems. In a parliamentary democracy like Australia, this swirl of competing ideas is distilled by our parliaments in the form of legislation. Such legislation is supposed to become the minimum social expectation to be articulated and enforced, thereby preventing such identified bad things from reoccurring. In this sense, legislation and the common law represents a form of societal memory, despite (or perhaps overcoming) the passing parade of elected politicians. Due diligence is one of those ideas that arose from this process and has subsequently crept into legislation in all Australian parliaments. Due diligence represents the societal implementation of the principle of reciprocity (do unto others), formally included into the English common law in Donoghue v Stevenson (1932) and subsequently enacted by Australian parliaments in the corporations law (for example, do not trade whilst insolvent), safety legislation (to eliminate or reduce hazards so far as is reasonably practicable - SFAIRP) and environmental acts (to ensure a proper legacy for current and future generations). It also appears in the common law as a defence against negligence. Sources The content on this page was based primarily on the following sources: Robinson Richard M and Gaye E Francis (2019). Engineering Due Diligence (11th Edition). R2A Pty Ltd, Consulting Engineers. More information R2A Due Diligence Engineers Webinar Recording: Introduction to Engineering Due Diligence.

Introduction When managing risk in engineering projects and operations, it is important to consider how to consult and communicate with stakeholders. Some key categories of stakeholders include: Customers / Clients Contractors Suppliers Sources: The information on this page was drawn primarily from the following sources:

Introduction Risk engineering and management need to be supported by organisational and management systems to provide the structure, resources and organisational memory to make the management of risk effective and meet the organisation's needs. Some systems to consider include: Design and Construction Operations Management Change Management Sources: The information on this page was drawn primarily from the following sources:

Introduction Some key concepts when treating risk according to the ISO 31000 Risk Management standard are: Avoiding the risk Accepting or increasing the risk Removing the risk source Changing the likelihood Changing the consequences Sharing the risk (including insurance) Retaining the risk Sources The information on this page was primarily drawn from: The ISO 31000 Risk Management standard

Introduction Some key concepts when considering a risk assessment according to the ISO 31000 Risk Management standard are: Risk Identification Risk Analysis Risk Evaluation Sources: The information on this page was drawn primarily from the following sources: The ISO 31000 Risk Management standard

Introduction Some key concepts when considering risk assessment criteria are: Individual Risk Societal Risk Risk Matrix A tool that can be used in defining risk assessment criteria is the risk matrix as defined in the ISO 31000 Risk Management standard. Sources: The information on this page was drawn primarily from the following sources:

Introduction Risk is a subjective concept, which is perceived differently by stakeholders based on their education, experience and other unique factors including the culture of organisations and societies to which they belong. A further consideration is the various levels of risk tolerance of stakeholders, and how these tolerances will be balanced when managing projects or day-to-day operations. Organisations should consider enshrining their position in a risk tolerance or risk position statement. Key concepts Some important concepts when considering risk perception and tolerance are: Risk Appetite Risk Intelligence Cognitive Bias Voluntary vs Involuntary Risk Sources: The information on this page was drawn primarily from the following sources:

Introduction This entry will contain details for What If. Sources: The information on this page was primarily sourced from:

There are two main approaches to the management of (safety) risk. These are: Managing risks to as low as reasonably practicable (ALARP). That is, reduction of risk levels until they are below target risk criteria and are therefore ‘tolerable’ or ‘acceptable’. If risk levels for identified hazards are determined to exceed target risk criteria then risk treatments are put in place until target risk criteria are met. At this point the risk has been reduced as low as reasonably practicable. Target risk criteria are identified on a subjective basis and generally differ between organisations Reducing risks so far as is reasonably practicable (SFAIRP). This is the common law due diligence approach and the obligation under the provisions of the Work Health & Safety legislation. That is, implementing all reasonable precautions for all credible, critical threats, with a focus on ensuring that (at a minimum) recognised good practice is in place. When no further practicable precautionary options are considered reasonable in all the circumstances, due diligence has been demonstrated by reducing the risk so far as is reasonably practicable. Both the ALARP and SFAIRP approaches aim to demonstrate due diligence and require three main steps: identify safety hazards relating to the situation determine and implement appropriate precautions to address these hazards ensure confidence that these precautions are maintained over time. The key steps in the ALARP and SFAIRP approaches are shown below in the diagram below. Diagram courtesy of Richard Robinson, R2A Key advantage of the SFAIRP approach over the ALARP approach is a focus on reasonable precautions rather than risk levels. The SFAIRP approach facilitates: identification and implementation of recognised good practice, that is, precautions shown to be reasonable by virtue of their implementation in similar situations (e.g. elsewhere in the industry) irrespective of perceived acceptable or tolerable risk levels a focus on the hierarchy of controls when identifying precautionary options. The SFAIRP approach requires all practicable precautionary options to be tested for reasonableness, rather than to stop testing options once a ‘tolerable’ level of risk is reached identification of other (further) precautionary options and judging their reasonableness on the benefit they provide compared to the time, difficulty and expense required for their implementation. This is consistent with decisions of the High Court of Australia, for example, in Wyong Shire Council v Shirt. Sources The information on this page was primarily sourced from: Robinson Richard M and Gaye E Francis (2019). Engineering Due Diligence (11th Edition). R2A Pty Ltd, Consulting Engineers.

Below is a list of frequently asked questions. Links to further information will be added as REBOK develops: What is risk? How do risk engineering and risk management relate to the COVID-19 pandemic? Why do we manage risks? How do we manage risks? What is risk engineering and how does it relate to risk management? How does risk engineering apply to project management? How does opportunity contribute to risk engineering? What standards and legislation apply to risk engineering?

Introduction The categories of accident causation models can be divided into: Single Cause Multiple Cause (including latent conditions) Complex Non Linear Sources: The information on this page was drawn primarily from the following sources:

Introduction There is a range of legislation that provides risk engineering and risk management governance, including: Work Health and Safety (WHS / OHS) Environmental Common law Corporations law Safety case regimes Land use safety planning Sources: The information on this page was drawn primarily from the following sources:

Introduction While many risk engineering and management principals (such as those on the general principles page) are applicable across a broad range of professional specialisations, there are some principles, tools and practices which are specific to particular fields of specialisation. A non-exhaustive list of professional specifications is below, and links to information will be added as REBOK develops: Asset management Cost engineering Reliability engineering Forensic engineering and science Accident phenomenology Accident analysis Human factors investigation Workplace Health and Safety investigation Victim pathology Simulation Security infrastructure Environment Sustainability Existential risk Sources: The information on this page was drawn primarily from the following sources: