In addition to the internet risks of catastrophic failure, risk management must also considerthe relative importance (e.g., critically) of each asset to the plant's ability to meet delivery commitments ans the business plan.

The definition of risk is generally compartmentalized based upon whether the risk is in the context of business continuity, project management, security, engineering, industrial processes, financial portfolios, actuarial assessments, or public health and safety. The potential list is finite, but is certainly overwhelming. Within the context of reliability excellence and effective continuous improvement, risk management can be limited to two major categories: business risk and asset risk.

Risk Management and Business Continuity

All risks can never be fully avoided or mitigated simply because of financial and practical limitations. Therefore, all organizations have to accept some level of residual risks, but it is imperative that all risks are isolated and clearly defined and managed within financial and practical constraints.

Business risk management must include all financial, market loss, and business continuity risks, as well as well-planned emergency response plans to catastrophic events that could affect the health and safety of the workforce or the public. These risks must also include product-related liabilities.

Risk management tends to be preemptive and must be augmented with business continuity planning (BCP) to deal with the consequences of realized residual risks. The necessity of BCP arises because even very unlikely events will occur if given enough time. Risk management and BCP are often mistakenly seen as rivals or overlapping practices. In fact, these processes are so tightly tied together that such separation seems artificial.

Asset Risk Management

The physical assets that comprise the installed capacity of plants have inherent risks or the potential for failure. In addition, they have the potential for off-specification operation that could result in poor product quality, lower output, or increased production costs. These risks must also be clearly understood and managed to assure cost-effective business continuation.

In addition to the inherent risks of catastrophic failure, risk management must also consider the relative importance (e.g., criticality) of each asset to the plant's ability to meet delivery commitments and the business plan. This type of risk cannot be resolved solely by applying preventive or predictive maintenance technologies. Too many of the risks are the result of inherent design deficiencies, mode of operation, and operating practices. Therefore, risk management must address all forcing functions and triggers that would result in risk.

Risk Management Plan

Ideal risk management follows a prioritization process whereby the risks with the greatest loss and the greatest probability of occurring are handled first, then risks with lower probability of occurrence and lower loss are handled in descending order. In practice, the process can be very difficult, and balancing between risks with a high probability of occurrence but lower loss and risks with high loss but lower probability of occurrence can often be mishandled. In addition to those risks that can be easily identified, an effective risk management plan must address:

Intangible risk: Intangible risk management identifies a new type of a risk that has a 100% probability of occurring but is ignored by the organization due to a lack of identification ability. For example, when deficient knowledge is applied to a situation, a knowledge risk materializes. Intangible risk management allows risk management to create immediate value from the identification and reduction of risks that reduce productivity.

Relationship risk: Relationship risk appears when ineffective collaboration occurs. Coordination between engineering, procurement, production, and maintenance is the primary source of these relationship risks.

Process-engagement risk: Process-engagement risk may be an issue when ineffective operational procedures are applied. These risks directly reduce the productivity of knowledge workers and decrease cost-effectiveness, profitability, service, quality, reputation, brand value, and earnings quality. Risk management also faces difficulties with allocating resources. This is the idea of opportunity cost. Resources spent on risk management could have been spent on more profitable activities. Again, ideal risk management both minimizes spending and minimizes the negative effects of risks.

The International Organization for Standardization (ISO), in ISO 31000, identifies the following principles of risk management:

Risk management should:

  • Create value
  • Be an integral part of organizational processes
  • Be part of decision making
  • Explicitly address uncertainty
  • Be systematic and structured
  • Be based on the best available information
  • Be tailored
  • Take into account human factors
  • Be transparent and inclusive
  • Be dynamic, iterative, and responsive to change
  • Be capable of continual improvement and enhancement.

To create an effective risk management plan, select appropriate controls or countermeasures to measure each risk. Risk mitigation needs to be approved by the appropriate level of management. For example, a risk concerning the image of the organization should have top management decision behind it, whereas information technology management would have the authority to decide on computer virus risks.

The risk management plan should propose applicable and effective security controls for managing the risks. For example, an observed high risk of computer viruses could be mitigated by acquiring and implementing antivirus software. A good risk management plan should contain a schedule for control implementation and persons responsible for those actions.

Finally, risk management is multi-dimensional and requires the direct support of most business and plant functions, as well as the entire workforce. The most effective approach to risk management is to integrate all facets into a single, manageable process in which roles, responsibilities, expectations, and single-point accountability are clearly defined. For example, Environmental, Health, and Safety may retain the responsibility for regulatory compliance, occupational health and safety, etc., but a central function, usually reliability engineering, has single-point accountability for the overall risk management process.

Risk management is not limited to catastrophic failures of assets or processes. To be effective, risk management must acknowledge that risk takes many forms and that all must be clearly understood and effectively managed. Do not become fixated on asset-related risks-they are important, but they have much less impact on overall performance than less spectacular failures in the business and work processes that dictate your ability to meet market, financial, and overall business goals. Business success and continuation depends on your ability to recognize and manage these less-visible risks.

In addition to the inherent risks of catastrophic failure, risk management must also consider the relative importance (e.g., criticality) of each asset to the plant's ability to meet delivery commitments and the business plan.

Keith Mobley

Keith Mobley, MBB, CMRP, has earned an international reputation as one of the premier consultants in the fields of plant performance optimization, reliability engineering, predictive maintenance, and effective management. He has more than 35 years of direct experience in corporate management, process design, and troubleshooting.

Upcoming Events

August 9 - August 11 2022

MaximoWorld 2022

View all Events
80% of newsletter subscribers report finding something used to improve their jobs on a regular basis.
Subscribers get exclusive content. Just released...MRO Best Practices Special Report - a $399 value!
“Steel-ing” Reliability in Alabama

A joint venture between two of the world’s largest steel companies inspired innovative approaches to maintenance reliability that incorporate the tools, technology and techniques of today. This article takes you on their journey.

Three Things You Need to Know About Capital Project Prioritization

“Why do you think these two projects rank so much higher in this method than the first method?” the facilitator asked the director of reliability.

What Is Industrial Maintenance as a Service?

Industrial maintenance as a service (#imaas) transfers the digital and/or manual management of maintenance and industrial operations from machine users to machine manufacturers (OEMs), while improving it considerably.

Three Things You Need to Know About Criticality Analysis

When it comes to criticality analysis, there are three key factors must be emphasized.

Turning the Oil Tanker

This article highlights the hidden trap of performance management systems.

Optimizing Value From Physical Assets

There are ever-increasing opportunities to create new and sustainable value in asset-intensive organizations through enhanced use of technology.

Conducting Asset Criticality Assessment for Better Maintenance Strategy and Techniques

Conducting an asset criticality assessment (ACA) is the first step in maintaining the assets properly. This article addresses the best maintenance strategy for assets by using ACA techniques.

Harmonizing PMs

Maintenance reliability is, of course, an essential part of any successful business that wants to remain successful. It includes the three PMs: predictive, preventive and proactive maintenance.

How an Edge IoT Platform Increases Efficiency, Availability and Productivity

Within four years, more than 30 per cent of businesses and organizations will include edge computing in their cloud deployments to address bandwidth bottlenecks, reduce latency, and process data for decision support in real-time.

MaximoWorld 2022

The world's largest conference for IBM Maximo users, IBM Executives, IBM Maximo Partners and Services with Uptime Elements Reliability Framework and Asset Management System is being held Aug 8-11, 2022