Risk assessment

Theoretical risk assessment

Ideally, the resilience-oriented design should be based on data about the risks associated with hazards. An operational risk may be defined numerically as the expected value of the hazard, using the following variables:

• Costs - the expected (expectation by the system stakeholders) perceived cost that might result from the threat
• Likelihood - the probability that the potential hazard will be implemented.

  Unfortunately, these variables cannot be measured. Threats are subjective, and there is no available data enabling assessment of the likelihood of unknown hazards.

Cost estimation

The model used in economics for cost estimation is linear: the costs are proportionate to the damage. The human cognitive and perceptual systems seem to be designed to sensitize us to small changes in our environment, possibly at the expense of making us less able to detect and respond to large changes. When dealing with accidents, the model that applies is the psychophysical model, explained here ....

Likelihood estimation

The likelihood of hazards should be based on statistics of the history of hazards. However, according to the argument by Taleb ( reference ...) the history of hazards does not have any data about unknown hazards.

Practical risk assessment

Theoretically, the operational risks may be defined by

Operational Risks = Expected Costs (over faults) = Sum _{(over faults)} of Risk (fault)

Traditionally, the risk level due to a particular fault is computed by

Risk (fault) = Costs (fault) X Probability (fault)

Assumptions

According to the LOPA methodology, the risk assessment should assume that the costs of all incidences are the maximal, independent of the fault.

Strategy for risk reduction

Assuming Murphy's law, in order to reduce the risks, we need to disable probability of incidences. This is sometimes possible, for example, when considering certain operator's slips, human-machine cooperation, inter-unit coordination. However, generally, faults may not be absolutely prevented. This is typical of hardware faults. Therefore, practically risk reduction requires reducing the probability of faults.

Deciding on the component reliability

The component reliability may be defined in two stages:

Mean Time Between Failure (MTBF)

The acceptable risks

• System level
• Component level
• Resilience tradeoff

  Guidelines

• Risk assessment may be based on Risk Indicators .
• Risk level may be assessed subjectively only.
• The risk level can be rated using a score on a 1-10 scale.

Related topic

11 Feb 2017.