In modern industry, particularly in sectors handling hazardous chemicals, risk assessment serves as a cornerstone for operational safety, personnel protection, and environmental impact mitigation. Yet despite advances in methodologies and regulations, fundamental challenges persist in accurately identifying, analyzing, and managing risks. Conceptual and practical errors can create false security, underestimating high-impact scenarios with potentially catastrophic consequences.
This article, based on work presented by Álvaro Conde at the 10th Latin American Conference on Process Safety (LACPS 2024), addresses critical difficulties in risk assessment—from terminological confusion to effective implementation of defenses-in-depth approaches. It also examines how misinterpretations of these concepts have contributed to historical industrial accidents and proposes strategies for more robust risk management.
The Complexity of Risk as a Concept
Risk has evolved from its Renaissance origins—linked to probability and games of chance—into a pillar of modern industrial safety. However, its definition remains ambiguous and varies across disciplines and standards:
-
ISO 31000 (2018): Defines it as the «effect of uncertainty on objectives.»
-
Colombian Legislation (Law 1523 of 2012): Focuses on «disaster risk» as potential damages from natural events.
-
OSHA (U.S.): Simplifies it to the formula «Risk = Hazard × Exposure.»
This definitional diversity often leads to contradictory interpretations in practice, especially when applying methodologies like HAZOP, WHAT IF, or LOPA, where misclassification of inherent, mitigated, or projected risks distorts corrective action prioritization.
Challenges in Risk Assessment
The risk assessment process comprises three key components: identification, analysis, and evaluation. Common pitfalls include:
-
Delayed or incomplete applications: Conducting assessments post hoc or omitting critical steps like protection barrier analysis.
-
Incorrect perceptions: Underestimating «low-probability, high-consequence» scenarios (e.g., cascade failures).
-
Confusing potential vs. mitigated risks: Failing to distinguish between inherent risk (no controls) and current risk (with existing barriers).
A landmark example is the Buncefield disaster (2005), where simultaneous failure of multiple barriers—including alarms and shut-off systems—demonstrated how overreliance on non-independent safeguards can prove catastrophic.
The «Defenses-in-Depth» Approach
The defenses-in-depth strategy emerged in response to major industrial accidents, proposing multiple protection layers to:
-
Prevent initiating events (e.g., operational controls).
-
Mitigate consequences if events occur (e.g., containment systems).
Keys to effective implementation:
-
Independence: Barriers shouldn’t rely on one another to prevent cascade failures.
-
Auditability: Must be verifiable through testing and documentation.
-
Specificity: Each barrier should target a specific risk.
James Reason’s «Swiss Cheese Model» illustrates this principle: holes (weaknesses) in barriers only allow accidents when aligned. Thus, rigorous scenario evaluation must consider:
-
Potential risk: Without barriers.
-
Mitigated risk: With existing barriers.
-
Projected risk: With future improvements.
Conclusion
Risk assessment isn’t a theoretical exercise but a vital tool for organizational resilience. Application errors—from ambiguous definitions to omitting critical barriers—can lead to preventable disasters. As the author emphasizes:
«All IPLs (Independent Protection Layers) are safeguards, but not all safeguards are IPLs.»
To bridge gaps, organizations must:
-
Clarify terminology and criteria (e.g., differentiate risk assessment vs. evaluation).
-
Implement systematic approaches like LOPA and defenses-in-depth.
-
Foster proactive safety cultures, managing risk from design through operations.
This introductory article invites deeper exploration of the full document, which includes case studies, references to standards like IEC 61511, and lessons from global incidents.
