MODULE TITLE : SAFETY ENGINEERING

TOPIC TITLE : THE CHARACTER AND TREATMENT OF

HAZARDS

LESSON 4 : INDUSTRIAL SAFETY PERCEPTION

SE - 2 - 4

Teesside University 2011

 Published by Teesside University Open Learning (Engineering)
School of Science & Engineering
Teesside University
Tees Valley, UK
TS1 3BA
+44 (0)1642 342740

All rights reserved. No part of this publication may be reproduced, stored in a

retrieval system, or transmitted, in any form or by any means, electronic, mechanical,
photocopying, recording or otherwise without the prior permission
of the Copyright owner.

This book is sold subject to the condition that it shall not, by way of trade or
otherwise, be lent, re-sold, hired out or otherwise circulated without the publisher's
prior consent in any form of binding or cover other than that in which it is
published and without a similar condition including this
condition being imposed on the subsequent purchaser.
 1

________________________________________________________________________________________

INTRODUCTION
________________________________________________________________________________________

This lesson links what we have learned about the nature of the most likely
hazards to which property and people are exposed to the methods available for
dealing with them. 'Risk management' and 'risk control' are general terms.
They are often ill-defined but, bearing in mind that we cannot predict the
future, the application of such techniques and skills can be very effective.

________________________________________________________________________________________

YOUR AIMS
________________________________________________________________________________________

At the end of this lesson you should be able to:

prescribe an outline risk strategy for your own work environment

appreciate the need, however subjectively assessed, for adopting a

proven technical approach to implement such a strategy

develop a 'feel' for the scope and limitations of hazard assessment

expressed quantitatively

acknowledge the significance of risk management within modern

safety technology.

Teesside University Open Learning Teesside University 2011

(Engineering)
 2

________________________________________________________________________________________

THE RISK MANAGER

________________________________________________________________________________________

To minimise potential losses due to accidents and liability litigation, it has

become necessary for many of the larger industrial companies to create the
relatively new position of RISK MANAGER. Frequently misjudged on the
score of "success" or "failure", the holder of this position requires a unique
background to cope with an infinite range of potential technological hazards.

Ideally, risk managers need a basic understanding of:

physics
chemistry
materials science
life sciences
statistics
occupational safety and health
the engineering disciplines
business administration.

Added to this, they are expected to bring experience to bear upon:

loss prevention
fire and explosion protection
hazardous materials handling, transportation and disposal
pollution abatement
plant security
emergency response planning
accident investigation
budget preparation
training

Teesside University Open Learning Teesside University 2011

(Engineering)
 3

and possess practical empathy with

employees
union officials
fellow management
insurance company personnel
consumer safety watchdogs
local police and fire services
the Health and Safety Executive.

________________________________________________________________________________________

RISK CRITERIA
________________________________________________________________________________________

In the absence of any absolute scale of human performance there is an ever on-
going search for better means of 'risk exposure measurement'. However, we
are able to adopt criteria for the dependability of hardware and software
systems (and this gives us scope for enhancing our levels of confidence). Both
areas can be represented by the following examples of typical data, although it
must be remembered that the use of such figures in hazard analysis requires
some measure of reservation, judgement and (hopefully) experience when
bearing in mind that any untoward event has a chance of happening over the
range "now" to "never"! The usual approach to attempted quantification of
criteria is to assume that all faults and failures occur in a random manner with
respect to time.

Teesside University Open Learning Teesside University 2011

(Engineering)
 4

Hazard/Failure mode Failure rate or failure-at-

demand probability

Fire in a flammable liquid storage tank 3.3 104/yr

Fire/explosion in petroleum refineries
resulting in damage outside the perimeter 1.4 104/yr
Tank rupture 1.0 106/yr
Relief valve fails to open on demand 1.0 105/demand
Electronic control system failure 1.0 106/ hour
Shutdown device fails on demand 1.0 104/demand
Operator fails to observe 1.0 103/demand
Operator fails to take action 3.0 106/demand

ARRIVING AT A PROBABILITY

The likelihood of the occurrence of a disastrous event derives from data which
is specific to, for example, the site, the weather, the equipment design, the
foundation specification and the properties of contained material.
Consequently, the probabilities of many events or failures of modern
equipment are not known, if only for want of historical records, and have to be
assessed by the 'best engineering judgement' despite inevitable uncertainties.
The probabilities of some events also tend to change with time, e.g. corrosion
fatigue failures, radioactive release and operator stress.

Teesside University Open Learning Teesside University 2011

(Engineering)
 5

ESTIMATING THE CONSEQUENCES

Any attempt at quantifying the effects of fires, explosions and the release of
contaminants to the environment requires an understanding of the physical and
chemical processes involved, e.g. thermal radiation flux, generated
overpressures and safe distance downwind of a released chemical. To measure
the severity of such events, damage and injury criteria are needed so that the
boundaries of the area affected by each hazard scenario can be established and
an estimate, however subjective, made of fatalities, injuries and exposure,
together with the potential damage to structures, equipment and services.

In a later lesson we shall see how a form of LOGIC TREE may be used to
predict the probability of a specific event occurring by tracing all possible
sequences of events and paths capable of leading towards it. A yardstick of
risk level acceptability is clearly needed, especially considering that different
sectors of society such as the employer, the insurers, the general public and the
regulatory bodies are unlikely to be in mutual agreement. Society at large
tends to tolerate one fatality a year over a considerable period of time but
reacts very differently to a single event which results in multiple fatalities.

Risk profiles may be derived from historical data for various natural or human-
related catastrophes.

FIGURE 1 shows that a hurricane causing ten or more fatalities occurs, on

average, with a frequency approaching once per year whereas an earthquake
that kills more than 1,000 people is expected to occur about once a century.

The risk profile for an industrial activity can be calculated and superimposed
on these figures for comparison with other risks. Such profiles may also be
used to evaluate the costbenefit of changes in process route, plant design and
location or the effect of adding protective measures.

Teesside University Open Learning Teesside University 2011

(Engineering)
 6

10 10

1 Air crashes total

1

1/10 Hurricanes
Frequency (events/year)

Frequency (events/year)
1/10

1/100 1/100 Earthquakes

Dam failures
1/1 000 1/1 000

1/10 000 1/10 000

1/100 000 1/100 000

1/1 000 000 1/1 000 000

1/10 000 000 1/10 000 000

10 100 1 000 10 000 100 000 1 000 000 10 100 1 000 10 000 100 000 1 000 000
N fatalities N fatalities

10
10

1
1

1/10
Frequency (events/year)

Frequency (events/year)

1/10
Fires
1/100
1/100
Explosions
1/1 000
1/1 000

1/10 000 Chlorine releases

1/10 000

1/100 000
1/100 000

1/1 000 000

1/1 000 000

1/10 000 000

1/10 000 000
10 100 1 000 10 000 100 000 1 000 000 10 100 1 000 10 000 100 000 1 000 000
N fatalities N fatalities

FIG. 1 Frequency of Events with Greater than 10 Fatalities

Teesside University Open Learning Teesside University 2011

(Engineering)
 7

________________________________________________________________________________________

THE PROBLEM OF FORMULATING RISK CRITERIA AND ACCEPTABILITY

________________________________________________________________________________________

The form of a criterion must allow an adequate description of the possible

effects of the risk, e.g. whether they are acute or chronic, appear promptly or
are delayed, cause effects singly in the exposed population or affect more than
one person simultaneously. If the criterion does not fulfil this requirement it
may be capable of producing anomalous conclusions. Depending on the
nature of the risk an adequate description may be simple or complex. In the
case of major hazard installations presenting a risk of acute effects to the
public, the risk will be variable amongst those exposed and there may be
potential for a range of multiple fatality accidents to occur. In this case the risk
cannot be completely described by a single parameter. An adequate
description of the totality and distribution of this type of risk can be provided
by the combination of the concepts of Individual and Societal Risk.

An example of a criterion which is based on an inadequate description of the

risk pattern is 'Average Individual Risk' which can produce misleading
conclusions.

Consider a plant at which an explosion could occur at frequency F per year,

with two villages, A and B, within the range of significant overpressure effects
(FIGURE 2). As A is closer than B there is a higher probability that a person
at A will be affected than at B. Assuming that these probabilities are 0.5 and
0.1 respectively for fatal injury, the individual risks at A and B are 0.5F per
year and 0.1F per year: the risk contours are also shown in FIGURE 2. If
there are 50 people living in both villages (assuming, for simplicity, 100%
occupancy) 50% would be killed at A, i.e. 25, but only 10% at B, i.e. 5. The
total number of offsite fatalities from the explosion would therefore be 30,
occurring at frequency F per year. This is the societal risk.

Teesside University Open Learning Teesside University 2011

(Engineering)
 8

0.5F 0.1F

A B

Plant Explosion
(frequency F per yr.)

FIG. 2 Risk Contour Plot

The average number of fatalities per year is 30F and the average individual
risk is this value divided by the number exposed (100), i.e. 0.3F per person
year. Now suppose there is a proposal to build a new housing estate at B,
increasing the population there by 300 to 350. The risk to any of these people
is the individual risk at B 0.1F per year but more people are exposed and
the number of people killed at B would now be 35. The individual risk and
total number killed at A are, of course, unaltered, and so the overall total for
offsite fatalities is now 25 (at A) plus 35 (at B), i.e. 60 occurring at frequency
F per year. The average number of fatalities per year has doubled to 60F but
the number exposed is now 400 and so the average individual risk is 0.15F per
person year half its previous value! This contrived example, summarised in
FIGURE 3, illustrates why average individual risk can produce misleading
conclusions. Exposing more people at low individual risk reduces the average
individual risk. Of course the risk has not reduced the societal risk has

Teesside University Open Learning Teesside University 2011

(Engineering)
 9

increased because more people are exposed at low individual risk (FIGURE 4).
This also stresses the point that an F N curve (FIGURE 1) tells us nothing
about risk distribution.

RELATIONSHIP BETWEEN POPULATION AND AVERAGE

INDIVIDUAL RISK

Event frequency: F yr1

Casualty probability: A = 0.5; B = 0.1
Individual risk: A = 0.5F yr1; B = 0.1F yr1

Population at A 50 50
Societal risk (A) N = 25 = 25 at F yr1

Population at B 50 350
Societal risk (B) N = 5 = 35 at F yr1

Total societal risk N = 30 = 60 at F yr1

AVERAGE
30F 60F
INDIVIDUAL = 0.3F yr 1 ; = 0.15 F yr 1
50 + 50 50 + 350
RISK

FIG. 3

Teesside University Open Learning Teesside University 2011

(Engineering)
 10

F N CURVE

A High probability/low consequence

Frequency, F, type of risk
of N or more
casualties

B Low probability/high consequence

type of risk

No. of casualties, N

DISTRIBUTION CURVE

Individual
risk per yr.

No. of people exposed

FIG. 4

RISK COMPARISONS

The traditional approach to formulation of risk criteria is by risk comparisons.

The basis for target setting is that if a risk is minimal compared with other
background risks, it is a waste of resources to pursue further reduction of the
risk. It has been recognised for a long time that an individual's perceptions and
acceptance of risks are affected by a number of features (e.g. whether the risk
is voluntarily or involuntarily imposed, degree of individual control over the
risk, novelty of the hazard, benefits accrued from the activity).

Teesside University Open Learning Teesside University 2011

(Engineering)
 11

An example of a successful target criterion for risks to employees, which

illustrates the strength of the process, is the Fatal Accident Rate (FAR)
criterion developed by ICI and widely used in the chemical industry for risks
to employees. The FAR statistic is the number of deaths per 108 working
hours and, like most statistics, is essentially an average individual risk. Used
as a loss prevention tool it is an estimate of the risk to a specific individual
employee or job function, although it can be used to represent the risk to a
specified group (i.e. the work force); if multiple fatality accidents are possible
its use as an average individual risk estimate runs into the difficulties discussed
earlier. As a design risk target it cannot be considered stringent the risk
target being the average performance of the recent past and it embodies the
classic safety approach of bringing down the highest risks to the average and
thereby securing an overall improvement. We should note that, although
further action to reduce risk below the target value of the FAR would not
normally be taken, a risk equal to the past average can hardly be described as
insignificant.

A strength of the target-setting approach is that designers will search for a low
cost means of attaining the target rather than arguing that the cost of risk
reduction is prohibitive.

Although there are advantages within industry from generating and using in-
house risk targets, any responsible organisation should be prepared to defend
any decisions on a case-by-case basis. This was one of the conclusions
reached by the Royal Society Study Group report (in 1983) on Risk
Assessment, along with the recommendation that risks should not be
aggregated into a single index unless the contributory factors are clearly
stated.

In this respect it is important to consider all possible contingencies and known

circumstances of the situation being considered. For example, if the risk of an
object falling from a scaffold is considered, there is more risk of someone

Teesside University Open Learning Teesside University 2011

(Engineering)
 12

being injured if the object falls from a scaffold over a public pavement that is
situated in a busy city high street at noon, when there are many people about,
compared to an object falling from a scaffold around say, a country mansion on
a Sunday morning. Other factors which often cannot be ascertained exactly
should be estimated, such as weather conditions (e.g. wet or dry, temperature,
visibility), location, time of day (or night), density of population, etc.

LIMITATIONS OF RISK ASSESSMENT

Risk assessment has been criticised on several counts:

(i) inaccuracy and inapplicability of some of the mathematical models

used (although this is an area of progressive refinement)

(ii) incompleteness of data used in analysis

(iii) use of generic or arbitrary acceptability criteria

(iv) difficulty in checking the final result, except against experience of

incidents

(v) complexity and cost of the techniques used.

However, there are areas wherein risk assessment has contributed significantly
to the formulation of general safety policy. Two such areas are nuclear power
generation and the chemical processing of nuclear fuels where the risks include
delayed or distributed deaths due to accidental events which can affect both
employees and members of the public.

Teesside University Open Learning Teesside University 2011

(Engineering)
 13

In the case of chemical plant management, the overall impact of carcinogens is

a question to be best addressed in a similar way, bearing in mind that the
problem may not be purely one of occupational exposure but the more difficult
issue of the cumulative effect of general environmental contamination.

Whilst various criteria have been proposed for risk to the neighbouring public
from hazardous activities, very little research has been carried out on widely-
spread risks. The concept of a "risk versus benefit" criterion is gaining
acceptance and is consistent with the 'reasonably practicable' requirement of
the U.K. Health and Safety at Work etc. Act.

Teesside University Open Learning Teesside University 2011

(Engineering)
 14

________________________________________________________________________________________

HAZARD RATING INDICES AND PLANS AN EXAMPLE OF PRACTICAL RISK

MANAGEMENT
________________________________________________________________________________________

The use of rating plans, in relation to specific categories of risk, for the
determination of insurance premiums has been long established in order to
secure recognition for
(a) capital investment replacement
(b) the consequences of operational hazards
and (c) the standard of protection provided for such values
against the hazards.

One prominent chemical manufacturing company employs three essential

calculable factors:
(i) the inherent hazard classification
(ii) the estimated 'normal maximum loss'
(iii) the combined adequacy of 'hardware', 'software'
and fire fighting facilities.

Individual parameters requiring evaluation, largely subjectively based on

experience, are listed on standard working sheets to record points awarded,
weighting and penalty factors where applicable.

The inherent hazard classification distinguishes between 'low', medium' and

'high' risk facilities wherein the characteristics of raw materials, products and
the process are accommodated on a points scale 0, 1, 2 and 3.

Process materials are marked principally with respect to fire, explosion and/or
toxicity propensities and a process is judged according to its parameters, such
as energy/heat content, temperature, pressure, corrosion and erosion.
'Hardware' relates to the quality of process containment, location, spacing,
control equipment and electrical integrity, etc.

Teesside University Open Learning Teesside University 2011

(Engineering)
 15

Software relates to such aspects as general housekeeping, maintenance,

communications, 'permit to work' systems and training. Eventually, totalled
points indicate the appropriate insurance category.

Unfortunately, it is possible for this approach to risk assessment to be used for

the purpose of discriminating between identified potential hazards so that
an order of precedence may be drawn up. If the resources required for
eliminating or reducing them are limited some serious risks can remain
unattended.

This approach can, and does, also result in some hazards and risks actually
remaining undetected for want of a rigorous examination of the underlying
causes, a procedure vital to the establishment of appropriate corrective actions.
Two such dominant analytical procedures will be the subject of our next lessons.

Apart from these, one hazard classification method has gained considerable
prominence mainly because it specifies hazard categories and defines how the
numerical ratings should be used.

The Mond Fire, Explosion and Toxicity Index has been developed by ICI
from the American Dow Chemical Company Fire and Explosion
Classification Method (The Dow Index) into a tool which can be applied to
the majority of component units found on a plant site. It is particularly useful
in determining plant layout and spacing.

________________________________________________________________________________________

THE METHODOLOGY OF RISK CONTROL

________________________________________________________________________________________

FIGURE 5 attempts to list all the risk sources of a typical project which
require consideration even before the facility becomes a revenue-earning
reality. At all stages it will be seen that human error is involved.

Teesside University Open Learning Teesside University 2011

(Engineering)
 16

ERRORS MADE DURING

THE BASIC PROCESS
DESIGN

RECOMMENDATIONS
FROM EARLY CONCEPT
SAFETY EVALUATION OR
SIMILAR STUDIES
IGNORED

INCORRECT ENGINEERING
DESIGN SPECIFICATIONS

DESIGN ERRORS OR
OMISSIONS

SOURCES OF
RISK IN LATE CHANGES IN HUMAN
PROJECT DESIGN INTENT FACTOR
DEVELOPMENT

INADEQUATE SAFETY
STUDIES

INADEQUATE QUALITY
ASSURANCE/CONTROL
DURING PROCUREMENT
AND CONSTRUCTION

EQUIPMENT OVERSTRESSED
OR WEAKENED DURING
PRE-COMMISSIONING
ACTIVITIES

SPECIFICATION WAIVES
GRANTED IN ORDER TO
ACHIEVE PROJECT
COMPLETION DATE

FIG. 5 Sources of Risk in Project Management

FIGURE 6 categorises risks to life which are prevalent throughout the

complete life cycle of an industrial enterprise and FIGURE 7 identifies some
non-hazardous operational risks which challenge management in terms of
production and cash-flow continuity.

Teesside University Open Learning Teesside University 2011

(Engineering)
 17

TYPICAL RISKS TO LIFE

RISKS TO LIFE CAN BE DIVIDED INTO TWO MAIN CATEGORIES

"MECHANICAL" RISKS "PROCESS" RISKS

These risks are common to all installations
and arise principally from HUMAN
ACTIVITY on or around the installation,
e.g.
falling off the structure
tripping over obstacles
impact by falling objects
contact with moving machinery
physical operations such as
drilling, lifting, scaffolding,
flexing up, carrying out
maintenance, etc.
These risks vary from installation to
installation depending on the process and
can arise only in event of LOSS OF
CONTAINMENT of the system inventory,
e.g.
emission of flammable material
(fire or explosion)
emission of toxic or corrosive
materials
discharge of hot scalding fluids
discharge of cold sub-zero fluids
asphyxiation risks
blast or projectiles (due to
equipment rupture)

FIG. 6

TYPICAL NON-HAZARDOUS OPERATIONAL RISKS*

These risks are associated with equipment UNAVAILABILITY

for service, or with the equipment being unable to perform its
design function, e.g.

equipment breakdown
equipment malfunction
fouling
corrosion/erosion/thinning
blockages
internal leakage (passing valves, heat exchangers)
spurious operation of protective trip systems.

*Some of the risks listed may also be potentially hazardous,

depending on the system.

FIG. 7

Teesside University Open Learning Teesside University 2011

(Engineering)
 18

This brings us to FIGURE 8, depicting the overall procedural logic for

assessment. 'Feedback' indicates the necessity for repeating the procedure
(usually a quick check) if changes are made which could introduce further
risks at the interfaces with the remainder of the system.

Define
system
to be studied

Identify
AWARENESS
hazards

Analyse Analyse
ANALYSIS
causes effects

Assess risks
ASSESSMENT FEEDBACK qualitatively or
quantitatively
as required

EVALUATION Decision

RESULT Change No change

FIG. 8

NO CHANGE implies that a decision has been made to retain an acceptable or

residual risk level because the system would not otherwise be economically
viable.

Teesside University Open Learning Teesside University 2011

(Engineering)
 19

The flowscheme or procedure is applicable to ALL stages of a project.

LIFE CYCLE OF AN INSTALLATION

STAGE COMMENTS

1. Planning Includes strategy, research and

development and process selection.

2. Process design Layout of installation and broad

equipment specifications agreed.

3. Design engineering Preparation of engineering drawings

and detailed specifications for
equipment fabrication, purchasing
and operation.

4. Construction and Erection, checking, testing and

Commissioning introducing feedstock.

5. Operations Including periodic shutdowns for

maintenance, modifications or for
operational reasons.

6. Final shutdown Operations terminated and plant

dismantled for disposal.

Risk management within this life cycle depends on the following factors.

Sound standards of engineering design must be used.

Quality control procedures must ensure that all equipment conforms

to design specification.

Teesside University Open Learning Teesside University 2011

(Engineering)
 20

All equipment must be inspected, maintained and tested at suitable

intervals. This applies especially to equipment installed for
protective reasons, e.g. alarms, trips and safety valves.

Personnel must be experienced and trained in the use of clearly

defined procedures.

Expanding FIGURE 8, we can now insert the two techniques which are
universally accepted for implementing risk control:

1. for hazard identification (hazards and operational risks):

HAZARD AND OPERABILITY STUDY ('HAZOP')

2. for risk quantification of identified hazards for comparison with

their acceptable target value:

HAZARD ANALYSIS ('HAZAN')

The 'feedback' feature applies in both respects, i.e. for qualitatively checking
the integrity of a system after any corrective change has been decided and/or to
test for the achievement of quantitative risk targets.

Finally, FIGURE 9 embodies, more comprehensively, the guidance upon what

is now regarded as standard practice for implementing effective RISK
MANAGEMENT.

The last box implies that as process (or any) plants can be modified, extended
or changed during the lifespan of the plant, then hazard identification and risk
assessment studies should be on-going throughout the life of the plant.

Teesside University Open Learning Teesside University 2011

(Engineering)
 21

Define potential risk to

be assessed from the hazard identified in the Hazard
and Operability Studies.

Thoroughly define hazard under study examining

design, layout, operating instructions,
maintenance procedures, practical
experience . . . .

Determine the effects and consequences.

Acceptance
Criteria
(quantitative) Compare with criteria.
(qualitative)

Hazard/Event analysis.

Check sensitivity of
Quantification leading to likely numerical data,
frequency for Hazard. particularly for those
having dominant effect.

Compare predicted frequency with

Target figure.

Is Target met?

YES NO

Detailed design specifications, Examine proposed design and

operating criteria and methods operation to identify changes Check
to comply with safety control. favourable to reducing risk.

After commissioning, physical

modifications to plant and
equipment and changes in
operating methods and criteria
to be checked against acceptance
criteria.

FIG. 9 Summary of Risk Assessment Procedure

Teesside University Open Learning Teesside University 2011

(Engineering)
 22

________________________________________________________________________________________

SELF-ASSESSMENT QUESTIONS
________________________________________________________________________________________

1. Which of the following activities would you expect to concern any

competent risk manager:

(i) liaison with their production counterpart

(ii) regular call-out practices of the works rescue team

(iii) awareness of the presence on site of outside contractors

(iv) familiarity with the company's product quality assurance reports

(v) handling, delivery and despatch of hazardous chemicals in sealed

drum containers

(vi) checking of employees wearing protective clothing appropriate to

their duties

(vii) presenting a fatal accident report to the works safety committee

(viii) fulfilling the duties of Incident Controller in the event of an

emergency?

2. Which of the following hazards has the greater frequency?

(a) failure of a relief valve to lift at the

set pressure 1.0 105/demand
(b) failure of the operator to take the
appropriate action 3.0 104/demand

Teesside University Open Learning Teesside University 2011

(Engineering)
 23

3. State whether you believe the following statements to be true or false.

(i) 'Feedback' in system safety analysis means checking whether

changes made to minimise hazards affect the integrity of other parts
of the system.

(ii) To achieve the highest attainable safety standard, industrial plant

should always be designed strictly in accordance with the appropriate
regulation and codes of practice.

(iii) It is permissible to vary prescribed design and specification directives

for safety reasons provided a written dispensation is obtained and
filed.

(iv) Risk management applies only to the planning and process design
stages of an industrial project.

Teesside University Open Learning Teesside University 2011

(Engineering)
 24

________________________________________________________________________________________

ANSWERS TO SELF-ASSESSMENT QUESTIONS

________________________________________________________________________________________

1. ALL of them, (although most are not specifically listed in the text) but
particularly( i), (iii), (v), (vii) and (viii).

2. (b) This is equivalent to 0.0003 or 1 failure for every 3333 actions by the
operator. (The relief valve is 30 times more reliable on this basis.)

3. (i) TRUE

(ii) FALSE

(iii) TRUE

(iv) FALSE

If you were undecided about statements (ii) and (iii) then refer to Topic 1.

Teesside University Open Learning Teesside University 2011

(Engineering)
 25

________________________________________________________________________________________

SUMMARY
________________________________________________________________________________________

Risk management should be a vibrant, developing field of activity, its

credibility as a safety tool depending upon learning from actual incidents and
consequence scenarios. Its responsibility extends beyond the plant boundary
and its yardsticks are increasingly exposed to public acceptance.

We should now have a feel for levels of risk acceptability, the problems of
establishing criteria and for the objectives of those methods by which a
satisfactory response is achievable.

The next lesson introduces us to one particular means by which the underlying
hazards are capable of detection with a high degree of confidence.

Teesside University Open Learning Teesside University 2011

(Engineering)