Practical Risk Management for Level 7 HSE Engineers

Risk Assessment and Management

Purpose

This handout bridges the gap between academic risk models and the messy reality of engineering operations. At Level 7, knowing what a concept is (e.g., “What is ALARP?”) is insufficient. You must demonstrate how to apply it under pressure.

Core Objective: To equip learners with the ability to translate theoretical risk concepts into robust, legally defensible operational controls that survive contact with reality.

Concept 1: Hazard Identification → Systemic Vulnerability Analysis

The Level 7 Shift: Move beyond “spotting hazards” (e.g., a trip hazard) to identifying Systemic Vulnerabilities.

  • Concept: Hazard ID.
  • Practice: Integrated Design Reviews (HAZOP/HAZID).
  • Operational Reality: Hazards are often “designed in” during the conceptual phase. Once the plant is built, hazard identification becomes damage control.
  • Incident Link: Incidents occur not because hazards were unknown, but because they were identified too narrowly—focusing on physical risks while ignoring software logic, supply chain fragility, or change management gaps.

Concept 2: Risk Estimation → Dynamic Risk Profiling

The Level 7 Shift: Risk is not static. A “Medium” risk on Monday can become “Critical” on Friday due to weather, fatigue, or concurrent activities.

  • Concept: Likelihood × Severity.
  • Practice: Dynamic Risk Assessment (DRA) & Simultaneous Operations (SIMOPS) Planning.
  • Operational Reality: A static risk register is obsolete the moment it is printed. Experienced managers adjust risk ratings in real-time based on Leading Indicators (e.g., backlog of maintenance orders).
  • Professional Insight: Experienced professionals recognize that risk is contextdependent. A lifting operation is low risk in a workshop but high risk on an offshore platform during high winds.

Concept 3: Tool Selection → The “Right Tool” Trap

The Level 7 Shift: Using the wrong tool provides a false sense of security (The “Illusion of Control”).

  • Concept: Risk Assessment Methodologies.
  • Practice: Matching complexity to consequence.
    • Low Complexity: Checklist / JSA.
    • High Complexity: Bow-Tie / QRA / LOPA (Layers of Protection Analysis).
  • Operational Reality: Using a simple 5×5 matrix for a major hazard installation (e.g., a hydrogen storage tank) is negligence. It cannot capture the interconnectivity of failure modes.
  • Incident Link: Major accidents often follow oversimplified risk assessments applied to complex systems.

Concept 4: Hierarchy of Control → Defense in Depth

The Level 7 Shift: The Hierarchy is not a menu; it is a reliability ranking.

  • Concept: Eliminate → Substitute → Engineer → Admin → PPE.
  • Practice: “Defense in Depth” (Swiss Cheese Model). Never rely on a single layer of control.
  • Operational Reality: Heavy reliance on PPE or Procedures (Administrative Controls) is a red flag indicating a failure of engineering design or budget allocation.
  • Strategic Rule: If your primary control relies on a human doing the right thing every time, your system will fail.

Concept 5: ALARP → The Cost-Benefit Battlefield

The Level 7 Shift: ALARP is a negotiation between Safety, Finance, and Operations.

  • Concept: As Low As Reasonably Practicable.
  • Practice: Cost-Benefit Analysis (CBA).
  • Operational Reality: Failures occur when short-term cost savings (e.g., delaying a shutdown) override long-term risk exposure.
  • Defensible Decision: You must be able to prove in court that the cost of the additional measure was “grossly disproportionate” to the risk reduction. “It was too expensive” is not a legal defense.

Concept 6: Human Factors → Designing for Error

The Level 7 Shift: Stop blaming the worker. Fix the system.

  • Concept: Human Error.
  • Practice: Error-Tolerant Design.
  • Operational Reality: Human error is rarely the root cause—it is a symptom of poor system design (e.g., confusing interfaces, fatigue-inducing rosters, contradictory procedures).
  • Action: If a procedure is violated routinely, the procedure is wrong, not the workforce.

Concept 7: Risk Plans → The “Living Document” Test

The Level 7 Shift: A plan on a shelf is a liability. A plan in use is an asset.

  • Concept: Risk Management Plan.
  • Practice: Operational Integration.
  • Failure Pattern: Plans fail when they exist only to satisfy audits.
  • Test: Does the night shift supervisor know what is in the Risk Management Plan? If not, it doesn’t exist.

UK Legal Framework → From Compliance to Defense

The Level 7 Shift: Your risk assessment is your primary legal defense document.

  • Legal Duty: MHSWR 1999 Regulation 3 (“Suitable and Sufficient”).
  • Operational Integration: Inadequate application leads to criminal prosecution.
  • Strategic View: Every risk decision you make creates a legal audit trail. Ensure your “ALARP” justifications are documented, dated, and signed.

Targeted Strategic Questions

  1. Critique: Why is “Compliance” (following the rules) often insufficient to prevent major accidents in novel engineering projects?
  2. Analyze: How does the “Sunk Cost Fallacy” prevent managers from stopping unsafe projects?
  3. Evaluate: If a QRA predicts a fatality every 100 years, is that risk “Acceptable”? How do you justify this to the public?
  4. Synthesize: How can “Defense in Depth” be applied to management controls (e.g., supervision, audit, culture) as well as hardware?

Learner Task: Strategic Gap Analysis

Task Overview:

You are required to perform a Gap Analysis on a risk management system you are familiar with (or a detailed case study), contrasting “Theory” with “Operational Reality.”

Step 1: Select a System/Activity

  • Choose a high-risk engineering activity (e.g., Commissioning a new plant, Deep excavation, High-voltage switching).

Step 2: The “Paper vs. Practice” Audit

  • Review the Theory: What risk assessment tool should be used? What does the Hierarchy of Control dictate?
  • Observe the Reality: What is actually happening? Are workers relying on PPE? Is the risk matrix being “gamed” to get approval?

Step 3: Incident Trajectory Analysis *

Explain how the misapplication of these concepts (the gap between theory and practice) could lead to a specific incident.

  • Map the “Latent Failures” you have identified.

Step 4: Strategic Improvements & Legal Justification

Propose 3 specific improvements to close the gap.

  • Crucial Step: For each improvement, provide a Legal Justification linking it to UK Law (e.g., “This upgrade is required to meet the ‘Suitable and Sufficient’ test of MHSWR Reg 3 because…”).

Output:

A 3-page Strategic Gap Analysis Report designed for a Technical Director, highlighting vulnerabilities and proposing legally defensible solutions.