Hi Doug, This looks like a very good summary and mentions a few of the things I was, in my poor attempt, trying to point out. One of my concerns about RA, and FMEA in particular, is that this method does have a lot of numeric computation for what is essentially a qualitative process. As such, it gives the "appearance" of quantifiable due diligence, which many decision makers want to see. Sad to say, when I've been involved in meetings with various SMEs, I've occasionally heard discussions on how to adjust the parameters in order to keep a particular risk listed on the spreadsheet but not trigger any corrective actions. As with any system, there are those who would like to manipulate it to their own advantage. It is for this reason that, when I am leading the team effort and using a severity scale of 1 to 10, I always press for mandatory action when severity is a 9 or 10 (disabling injury or worse), regardless of the other parameters.
Oh, and that's a nice bibliography as well. I think I just received my summer reading list. Best, Doug Douglas E Powell Laporte, Colorado USA LinkedIn <https://www.linkedin.com/in/coloradocomplianceguy/> (UTC -07:00) Mountain Time (US-MST) On Mon, Feb 14, 2022 at 1:45 PM Douglas Nix < 00000bb8ff993b10-dmarc-requ...@listserv.ieee.org> wrote: > Hi Rich, > > I have to admit that I’ve been thinking about your reply all weekend. > > As you know, I teach machinery risk assessment and consult in this area > regularly. I want to stipulate that there are some significant issues with > risk assessment the way it is most commonly applied in industry, see my > list of references on this topic at the end of my message. > > The inherent subjectivity of risk assessments that are performed without > empirical data is unquestioned. The difficulty is that for many areas of > human endeavour we have no empirical data, and try as we might we cannot > calculate without numeric data. Nevertheless, we must be able to make > risk-based decisions when designing products and equipment, and so we > muddle along with the best tools that we have, hopefully while recognizing > their flaws. > > The HBSE model is a good one, and it fits machinery applications as > readily as does risk assessment, however, the risk assessment methods that > are used today have a history that stretches back to the 1960s, while the > HBSE model is much younger. This doesn’t take away from HBSE in any way for > me, but it does have an impact on the broader acceptance of the method > since it is not yet as widely known as “conventional” risk assessment. None > of the the standards in the machinery safety sector recognize the method as > yet, so getting regulators and users to consider the method is a challenge. > > HBSE also suffers from issues with lack of data when it comes to > characterizing some hazards, leaving the user to estimate the > characteristics. This brings in the biases of the person(s) doing the > estimating just as surely as conventional risk assessment methods. > > The absence of a probability parameter in the HBSE model is an interesting > one, since the probability aspect is the one most subject to error in > conventional risk assessment. Humans are notoriously bad at estimating > probability. It appears to me that the absence of that parameter implies > that the presence of a hazard will inevitably lead to harm, which I don’t > disagree with. CSA Z1002, OHS risk assessment, actually states that this is > the case, and recommends that hazards are eliminated on this basis whenever > possible. > > So we’re left with this situation, I think: > > 1) Risk assessment, when done quantitatively using sound statistical > techniques and valid data is a useful and relatively objective method to > provide data to decision makers, > 2) Conventional risk assessment using subjective opinions and risk > matrices or decision trees are unrepeatable and therefore unscientific, > however. despite their flaws, they provide a means to help guide decision > makers, > 3) HBSE improves on some aspects of conventional risk assessment by > eliminating the probability parameters, but is still subject to some > subjectivity, and is still not widely accepted enough for some decision > makers. > > I wish there was a more utopian perspective to take on the topic, but I > have yet to find my way to it. > > *References* > > [1] E. S. Levine, “Improving risk matrices: The advantages of > logarithmically scaled axes,” *J. Risk Res.*, vol. 15, no. 2, pp. > 209–222, 2012. > > [2] R. Long, “Calculators , Matrices and Mumbo Jumbo Risk Assessment,” > *Safetyrisk.net > <http://Safetyrisk.net>*, 2016. [Online]. Available: > http://www.safetyrisk.net/calculators-matrices-and-mumbo-jumbo-risk-assessment/. > [Accessed: 03-Feb-2016]. > > [3] D. J. Ball and J. Watt, “Further Thoughts on the Utility of Risk > Matrices,” *Risk Anal.*, vol. 33, no. 11, pp. 2068–2078, 2013. > > [4] C. Bao, D. Wu, J. Wan, J. Li, and J. Chen, “Comparison of Different > Methods to Design Risk Matrices from the Perspective of Applicability,” > *Procedia > Comput. Sci.*, vol. 122, pp. 455–462, 2017. > > [5] C. Peace, “The risk matrix : uncertain results?,” *Policy Pract. > Heal. Saf.*, vol. 0, no. 0, pp. 1–14, 2017. > > [6] B. Ale and D. Slater, “Risk Matrix Basics,” 2012. > > [7] P. Gardoni and C. Murphy, “A Scale of Risk,” *Risk Anal.*, vol. 34, > no. 7, pp. 1208–1227, 2014. > > [8] P. Baybutt, “Guidelines for Designing Risk Matrices,” *Process Saf. > Prog.*, vol. 00, no. 0, p. 7, 2017. > > [9] H. J. Pasman, W. J. Rogers, and M. S. Mannan, “Risk assessment: What > is it worth? Shall we just do away with it, or can it do a better job?,” *Saf. > Sci.*, vol. 99, pp. 140–155, 2017. > > [10] X. Ruan, Z. Yin, and D. M. Frangopol, “Risk Matrix Integrating Risk > Attitudes Based on Utility Theory,” *Risk Anal.*, vol. 35, no. 8, pp. > 1437–1447, 2015. > > [11] S. Albery, D. Borys, and S. Tepe, “Advantages for risk assessment: > Evaluating learnings from question sets inspired by the FRAM and the risk > matrix in a manufacturing environment,” *Saf. Sci.*, vol. 89, pp. > 180–189, 2016. > > [12] P. Thomas, R. B. Bratvold, and J. E. Bickel, “The Risk of Using Risk > Matrices,” *SPE Annu. Tech. Conf. Exhib.*, no. April 2015, 2013. > > [13] F. Gauthier, Y. Chinniah, D. Burlet-Vienney, B. Aucourt, and S. > Larouche, “Risk assessment in safety of machinery: Impact of construction > flaws in risk estimation parameters,” *Saf. Sci.*, vol. 109, no. June, > pp. 421–433, 2018. > > [14] O. Amundrud and T. Aven, “On how to understand and acknowledge risk,” > *Reliab. > Eng. Syst. Saf.*, vol. 142, pp. 42–47, 2015. > > [15] S. O. Hansson and T. Aven, “Is Risk Analysis Scientific?,” *Risk > Anal.*, vol. 34, no. 7, pp. 1173–1183, 2014. > > [16] J. Li, C. Bao, and D. Wu, “How to Design Rating Schemes of Risk > Matrices: A Sequential Updating Approach,” *Risk Anal.*, 2018. > > [17] L. A. Cox, D. Babayev, and W. Huber, “Some limitations of qualitative > risk rating systems,” *Risk Analysis*, vol. 25. pp. 651–662, 2005. > > [18] L. A. Cox, “What’s wrong with risk matrices?,” *Risk Anal.*, vol. > 28, no. 2, pp. 497–512, Apr. 2008. > > [19] A. Quintino, “What’s Wrong with Risk Matrices? Decoding a Louis > Anthony Cox paper Reshaping dowsntream configuration View project An > integrated risk management model for an oil and gas company View project,” > no. March 2011, 2016. > -- > Doug Nix > d...@mac.com > > “If there are no dogs in Heaven, then when I die I want to go where they > went.” -Will Rogers > > > > On 12-Feb-22, at 16:59, Richard Nute <ri...@ieee.org> wrote: > > > > I don’t like the Risk Assessment process because it is highly subjective > and not very repeatable. > > When I was with Hewlett Packard, three of us developed “Hazard Based > Safety Engineering,” HBSE. The basis for HBSE was James J. Gibson’s > (Cornell University) research into child injury from auto accidents. > Gibson said: > > “Injuries to a living organism can be produced only by some energy > interchange. Consequently, a most effective way of classifying sources of > injury is according to the forms of physical energy involved. The analysis > can thus be exhaustive and conceptually clear. Physical energy is either > mechanical, thermal, radiant, chemical, or electrical.” > > In a moving automobile, the automobile and its passengers have kinetic > (mechanical) energy. In an accident, the kinetic energy of the automobile > is dissipated in crumpling parts. The kinetic energy of the passengers is > dissipated in injuries to the body. Seat belts transfer the passenger > kinetic energy to the automobile. Air bags slow the rate of kinetic energy > transfer to the automobile. > > HBSE identified the magnitudes each kind of physical energy necessary to > cause injury. We called this “hazardous” energy. Then, HBSE went on to > specify safeguards that would attenuate or prohibit hazardous energy > interchange. > > When I evaluate a product, I look for the physical energy sources, and > then determine if the energy sources are hazardous or not. Unlike Risk > Assessment, this is easy and repeatable and not subjective. For example, > all primary circuits are hazardous energy circuits that can cause injury > (electric shock, thermal, fire, and maybe more) and safeguards must be > provided. > > Best regards, > Rich > > > *From:* Douglas E Powell <doug...@gmail.com> > *Sent:* Friday, February 11, 2022 11:37 AM > *To:* EMC-PSTC@LISTSERV.IEEE.ORG > *Subject:* Re: [PSES] EN 62368-1 : 2020 Ed 3 > > In my view, the Risk Assessment should never be treated as a 'get out of > jail' card or panacea. Instead, it is only a starting point for a safe > design and should be done near the beginning of a project, not the end. I > agree with what Rich says, I've seen a lot of subjective assessments by > cross-functional teams, with variability based on personal risk tolerance > or risk aversion. There are any number of articles pointing to why humans > are not very good at assessing risk (Google search > <https://www.google.com/search?q=humans+are+not+very+good+at+assessing+risk> > ). > > When using FMEA for risk assessment, I always stress that the RPN factors > of probability of occurrence, severity, and detection be quantified > separately without regard to the other factors, not an easy task. There is > also the problem of RPN vs Criticality (severity x occurrence). If using > the RPN, there is the possibility that Detection can dilute the RPN number > to a point below the threshold for action. So in my view, Criticality alone > should be used to trigger action. > > Kenneth Ross wrote a very good article last month on Navigating the Safety > Hierarchy; for me, it was an excellent refresher on how I should use > risk assessment more effectively ( > https://incompliancemag.com/article/navigating-the-safety-hierarchy/). > > -Doug > > Douglas E Powell > Laporte, Colorado USA > - > ---------------------------------------------------------------- > > This message is from the IEEE Product Safety Engineering Society emc-pstc > discussion list. To post a message to the list, send your e-mail to < > emc-p...@ieee.org> > > All emc-pstc postings are archived and searchable on the web at: > http://www.ieee-pses.org/emc-pstc.html > > Attachments are not permitted but the IEEE PSES Online Communities site at > http://product-compliance.oc.ieee.org/ can be used for graphics (in > well-used formats), large files, etc. > > Website: http://www.ieee-pses.org/ > Instructions: http://www.ieee-pses.org/list.html (including how to > unsubscribe) <http://www.ieee-pses.org/list.html> > List rules: http://www.ieee-pses.org/listrules.html > > For help, send mail to the list administrators: > Scott Douglas <sdoug...@ieee.org> > Mike Cantwell <mcantw...@ieee.org> > > For policy questions, send mail to: > Jim Bacher <j.bac...@ieee.org> > David Heald <dhe...@gmail.com> > > > - > ---------------------------------------------------------------- > > This message is from the IEEE Product Safety Engineering Society emc-pstc > discussion list. To post a message to the list, send your e-mail to < > emc-p...@ieee.org> > > All emc-pstc postings are archived and searchable on the web at: > http://www.ieee-pses.org/emc-pstc.html > > Attachments are not permitted but the IEEE PSES Online Communities site at > http://product-compliance.oc.ieee.org/ can be used for graphics (in > well-used formats), large files, etc. > > Website: http://www.ieee-pses.org/ > Instructions: http://www.ieee-pses.org/list.html (including how to > unsubscribe) <http://www.ieee-pses.org/list.html> > List rules: http://www.ieee-pses.org/listrules.html > > For help, send mail to the list administrators: > Scott Douglas <sdoug...@ieee.org> > Mike Cantwell <mcantw...@ieee.org> > > For policy questions, send mail to: > Jim Bacher <j.bac...@ieee.org> > David Heald <dhe...@gmail.com> > - ---------------------------------------------------------------- This message is from the IEEE Product Safety Engineering Society emc-pstc discussion list. To post a message to the list, send your e-mail to <emc-p...@ieee.org> All emc-pstc postings are archived and searchable on the web at: http://www.ieee-pses.org/emc-pstc.html Attachments are not permitted but the IEEE PSES Online Communities site at http://product-compliance.oc.ieee.org/ can be used for graphics (in well-used formats), large files, etc. Website: http://www.ieee-pses.org/ Instructions: http://www.ieee-pses.org/list.html (including how to unsubscribe) List rules: http://www.ieee-pses.org/listrules.html For help, send mail to the list administrators: Scott Douglas <sdoug...@ieee.org> Mike Cantwell <mcantw...@ieee.org> For policy questions, send mail to: Jim Bacher: <j.bac...@ieee.org> David Heald: <dhe...@gmail.com>
