Part 2: Does Relying on Criticality Put Your Organization at Risk?
This article is Part 2 of a two-part series focusing on risk as an enabler for asset management (AM). Part 1 argued the case for moving away from criticality to an ISO31000 risk-based approach. This part will address how to effectively model asset risk in complex systems.
The first part of this article, Part 1, started with a discussion on how rapidly the field of AM has evolved in recent years. It also brought attention to the fact that certain sections of the AM body of knowledge (BoK) have not managed to keep up with this pace of change. A notable example is criticality, which keeps being used and misused throughout literature, causing significant confusion among AM professionals. The confusion surrounding criticality stems largely from its synonymous use with risk, as well as the fact that both terms have an identical mathematical expression. Part 1 highlighted this confusion and subsequently called for AM professionals to move away from criticality and to adopt a risk-based approach instead.
Part 2 will describe a risk-based approach to asset risk. It will show how this approach aligns to the ISO31000 risk management process (Figure 1) and how it can help AM professionals and asset intensive organizations make better risk-based AM decisions.
Figure 1: ISO31000 risk management system
A Different Approach to Asset Risk
Risk managed performance (RMP) is an asset risk approach that aligns fully to the ISO31000 risk management system shown in Figure 1. The approach aims to provide organizations with an effective decision-making mechanism in order to strike the appropriate balance between asset performance and asset risk control, as illustrated in Figure 2 with the zone of risk managed performance. The goal is to first help organizations reach the RMP zone and then make incremental asset performance improvements over time. Within the RMP zone, the organization’s asset portfolio operates within its asset risk appetite. This means the organization is neither guilty of destroying asset performance due to insufficient asset risk control nor destroying possible value creation by excessively controlling its asset risk.
Figure 2: The risk managed performance approach
Asset risk level and organizational asset risk attitude
The appropriate response for organizations to take with regard to their asset risk depends on the asset risk level, as well as the organization’s asset risk attitude. The mathematical expression for asset risk level is given in Figure 3. This expression does not violate the ISO31000 definition of risk since asset condition does not mathematically alter the equation. Rather, it is an optional input parameter during the asset risk analysis process (see Figure 1) that can provide additional decision-making insight. The benefit of including asset condition will become more apparent later in this article.
Figure 3: Mathematical expression for asset risk
An organization’s asset risk attitude depends on a number of factors, such as the nature of operation, overall risk culture, aversion toward risk (i.e., risk appetite and tolerance levels) and how proactively it chooses to manage risk. The three asset risk matrices in Figure 4 are examples to explain some of these points. Assets X, Y and Z are situated on the exact same position on all three asset risk matrices. This means the corresponding asset on each matrix has the same asset risk level. However, from left to right, the asset risk matrices are increasingly risk averse. One would expect the matrix on the left in Figure 4 to be used at a low-risk operation, whereas the matrix on the right would be commonplace at a high-risk operation, such as a nuclear power plant. Even though the corresponding asset may have the same asset risk level, the responses from each organization will differ in accordance to its aversion to risk. Take Asset Y in Figure 4 as an example. It is considered a low-risk item on the left matrix, a medium-to-high risk item on the middle matrix and a medium-to-high risk item on the right matrix. Moving from left to right, one can expect the effort and resources to be spent on asset risk mitigation to intensify as the risk aversion increases.
Figure 4: Asset risk attitude examples, left: low aversion to asset risk; middle: medium aversion to asset risk; and right: high aversion to asset risk
Asset risk Pareto analysis
A Pareto analysis can be extremely useful when it comes to representing asset risk. It follows the Pareto principle, which is commonly known as the 80/20 rule. In essence, it alerts AM professionals to those assets in which they should invest 20 percent of their time and effort in order to generate 80 percent of the benefit they would have attained by attending to the entire asset portfolio.
Figure 5 shows an example of an asset risk Pareto analysis. The figure contains a wealth of insight and shows the 20 percent of assets that contain 80 percent of the asset portfolio risk. Moreover, the inherent and residual risks of each asset illustrate the effectiveness of the organization’s asset mitigating plans. At the same time, Figure 5 shows whether these mitigating plans are sufficient in reducing asset risk to within the organization’s acceptable asset risk appetite levels. This is all shown as the backdrop of the organization’s specific risk aversion, illustrated using conventional risk colors, ranging from red, indicating high risk, to green, indicating low risk.
Figure 5: Asset risk Pareto analysis example
Asset risk matrix
Introduced in Figure 4, a risk matrix is arguably the most popular way of representing risk. Figure 6 shows two examples of asset risk matrices. Both break down the asset risk level, shown in Figure 5 as a single value out of 100, into its constituents, namely probability and consequences. These two-dimensional risk matrices also show the same risk aversion in the backdrop and the organization’s asset risk appetite. The difference between the two risk matrices is the size of the bubbles on them, which represent the condition of the assets.
Figure 6: Asset risk matrix examples, left, excluding asset condition and right, including asset condition
In order to verify the asset register in preparation for an asset risk assessment (see Figure 1), proxy asset conditions are assigned to the assets by means of visual inspections during a plant walk down or from other sources, such as condition monitoring data. This does not have to be a full asset condition assessment. Using an asset condition proxy can give additional insight into the health of the assets. It might be discovered that some high-risk assets are in good condition, whereas some low-risk assets are in poor condition. This might contradict the traditional notion of the asset risk Pareto analysis, in which high-risk assets are attended to immediately, thus adding new insight and consideration to AM professionals’ decision-making process.
Figure 7 plots the asset risk matrix on the right-hand side of Figure 6 in terms of the level of asset risk versus the condition of the asset. It is typically seen in practice that the majority of high-risk assets are known and numerous risk mitigating plans are in place to ensure these assets stay in a healthy condition. However, by overcommitting time and resources to high-risk assets, organizations often overlook their low-to-medium risk assets. This lack of attention can quickly lead to deterioration, resulting in an unexpected asset failure. Since the asset conditions of lower risk assets are not in the decision-making framework, failure of these assets often comes as a shock and without the appropriate level of preparedness.
Figure 7: Asset risk level vs. asset condition example
This attention paid to proxy asset condition is unlike most criticality analyses. Typically, a criticality analysis aims to provide insight on where to focus effort in terms of conducting asset condition assessments. However, this may be too late, as one can see the invaluable insight gained between the two risk matrices in Figure 6, as well as Figure 7. Getting a proxy for asset condition does not take significantly more effort and forms part of the risk assessment preparation process, during which the plant is walked down to verify the contents of the asset register.
Risk-based asset hierarchy
Organizations are often challenged with choosing the most appropriate method of asset hierarchy construction. However, constructing asset hierarchies on the basis of asset risk can provide enormous practical advantages. For example, as alluded to in the asset risk Pareto analysis, the majority of asset risk may be limited to only a few assets or systems in the whole asset portfolio. Figure 8 shows an example of a risk-based asset hierarchy and how it can assist organizations to be more effective during their asset risk analysis process (see Figure 1).
Figure 8: Risk-based asset hierarchy example
Starting at the highest practical analysis level, which in Figure 8 is the section or system level, conducting the asset risk analysis will reveal the section/system with the highest risk. If the section/system risk level falls above the organization’s asset risk appetite, the analysis can go one level deeper and analyze asset risk at the equipment level. This process continues until the organization is comfortable in reaching the appropriate level at which to mitigate the risk below its asset risk appetite. The process is termed “chasing asset risk” and is a very useful tool to visually illustrate asset risk since the color of each asset bubble indicates where the asset sits on the asset risk Pareto analysis (Figure 5) graph and the asset risk matrix (Figure 6).
As noted in the beginning of this article, effective risk management is a clear performance enhancer. With that in mind, constructing a risk-based asset hierarchy facilitates a direct foundation to risk-based decision-making and management.
Thinking Like a Risk Manager
Risk management theory and practice is a well-trodden path and AM professionals can save time, effort, resources and confusion by aligning to the ISO31000 methodology and vocabulary. ISO31000 promotes seven options to managing risk, which are summarized in Table 1. Keep in mind that these risk treatment options are not necessarily mutually exclusive or appropriate in all circumstances.
|Avoid the risk||Discontinue the activity that provides the origin of the risk|
|Take on more risk||Use a calculated understanding of risk to exploit risk opportunities|
|Address risk source||Remove or modify the risk initiator to operate at a lower risk level|
|Change the probability||Through the combination of understanding the primary functions and failure modes, apply the appropriate range of reliability engineering tools and processes|
|Alter the consequences||Change the outcome of the event should a risk occur|
|Share the risk||Distribute risk or insure against risk outcome with another party or parties|
|Retain the risk||Accept the fact that in the real world, some risks will remain, but understand fully the retained risk that is in place|
By understanding the appropriate risk treatment options available, AM professionals can set forth a path to completion that consists of actions that can achieve their desired outcomes. For example, if one changes the probability of asset failure, it effects the frequency at which the failure may occur and, as such, may allow for a completely different tactical approach to managing the asset. This may be more cost and resource effective, thereby providing an amplified advantage.
Key Takeaways for AM Professionals
Risk management as a professional discipline is mature in its thinking and proven in its application. The ISO31000 process applied by risk managers is shown in Figure 1. There is no need or benefit for AM professionals to reinvent or modify this proven process, but rather to understand and align to it. Adopting this process bridges the divide between asset management and risk management principles and has a number of tangible advantages, which can be summarized as follows:
- It creates a consistent and unambiguous use of language based on international standards.
- It provides a coherent vocabulary for all organizations, their departments and other professionals, such as lawyers, regulators, insurers, etc.
- Using the terms, principles and guidelines in both ISO31000 and ISO55000 means organizations do not have to spend time and effort creating their own. This time can be spent on effectively managing actual risks.
- AM aligns with established risk literature and standards (e.g., ISO31000 and ISO Guide 731)and, therefore, brings greater credibility to the field of AM.
- Executive managers and board members are tasked with managing enterprise risk. They are conversant with risk concepts and the contemporary language of risk. For AM professionals, conversing with these professionals with the appropriate risk vocabulary will make communication more effective and credible.
- International Organization for Standardization (ISO). ISO Guide 73: 2009 Risk management – Vocabulary. https://www.iso.org/standard/44651.html