# Questions from a reader interested in risk assessment

Oct 3rd, 2018

We received a number of questions from a reader interested in risk assessment. After we replied we thought these questions may be of general interest, so, here they are, with their answers.

## General questions from a reader interested in risk assessment

Q1: On your website you use acronyms such as FTA and ETA what are these?

A1: Failure Tree Analysis (FTA), Event Tree Analysis(ETA) are tools used to evaluate the probability of failure and/or the development of complex events starting from elementary ones.

Q2: In your risk assessments do you use frequencies or probabilities?

A2: We generally use probabilities per year. In some cases we communicate to the public using the “number of expected accidents” over the life of the system, which is easier to grasp.

## Risk assessment methodologies differences

Q3: What is the difference between Riskope’s ORE and FMEA (Failure Mode & Effects Analysis?)

A3: In FMEA a failure probability can only be estimated or reduced by understanding its mechanism. Therefore if the system is not well understood or an inexperienced reviewer starts the exercise, it is very likely that some failure mode will be left-out. Inter-dependencies are generally neglected by FMEAs, unless a specific effort is made to include cascading events (domino effects always “forgotten”). FMEA generally give a false sense of precision and simplicity of risk matters to their users.

Common practice FMEA generally do not include detailed consequences’ analyses. Thus FMEA do not properly evaluate (oftentimes underestimate) risks. It is common for example, when applying FMEA, to see teams selecting the worst among financial, human, or environmental category of consequences and forgetting their possible combinations. FMEA are misleading! ORE overcomes all these missteps.

Probability Impact Graphs (PIGs risk matrix) often display the results of FMEA. PIGs 4×4 or 5×5 risk matrix cells colouring should give a sense for risk criticality. However, many interpretative problems afflict PIGs. Now you have a misleading method (FMEA) using a misleading display (PIGs). Everybody merrily keeps using these approaches, however…. until someone will end up in jail!

## Questions on the risk register

Q4: What do you mean by the risk registers being scalable and drillable? Breaking the risk down into individual components (drillable) and combining various components into one (assembling?)

A4: Scalable means that whether your project is at pre-feasibility or at reclamation the same data base and model progressively scale-up.

Drillable means that you get exactly the data you are looking for — quantified and prioritized by drilling (querying) into the database (risk register where all the probabilities and consequences are).

Q5:What do you mean by “Convergent” Risk Assessment?

A5: Convergent means you get all the risks relative one to another. So, no more silo with, for example, H&S risks separated from Community risks or Strategic risks, etc. NB: most risk assessments are not convergent …. We would not call them divergent, however.

Updatable means that as soon as implementation or design selections occur risks update quickly and affordably. The risk register follows the evolution of the project with lesson learned, etc.

## A couple more technical questions on risk assessment

Q6: In one of your write-ups you discuss that in most cases a second moment approximation is possible but this assumes that individual components are completely independent. So, how do you deal with interdependencies in ORE?

A6: Your question is very important. Dealing with interdependencies is paramount. Points 2c) First order interdependencies (cascading failures, dominoes effects), and 2d) Second order interdependencies (at strategic level, division to division, logistic node to logistic node, etc.) of a paper entitled Military Grade Risk Application for Projects Defence Resilience and Optimization talk about interdependencies types and ORE.

Q7: Perhaps you set up the system’s nodes and hazards such that you avoid interdependencies even if it means that you don’t get the full picture which, by the way, is rarely necessary at early stages of projects?

A7: The nodes are dictated by the system we analyze, we are not free to “place them” as we please. However, if the risk assessment shows that interdependencies amplify risks in an intolerable manner, we may suggest, as a mitigation, to eliminate or reduce some system’s interdependencies.

Q8: I believe that interdependencies are also one of the weak points of Monte Carlo?

A8:Monte Carlo has no link to interdependencies. MonteCarlo is a “function processor”: if you have a mathematical function with one or more stoachastic variables (eg. temperature and its variations, pressure and it variations) Montecarlo will allow you to process the formula and spit out average and standard deviation of the result. That’s it… and it comes with many hidden points that necessitate caution).

