Skip to content

Risk Algorithms and Risk Analysis Tools

… ingredients in risk assessments

Let’s first differentiate between risk assessments and risk analyses. While there are many definitions out there for ‘risk assessment’, let’s recognize that a risk assessment produces a complete picture of the risk being assessed. A risk analysis tool, on the other hand, can refer to any of many techniques for exploring some narrow aspect of a certain risk. Risk analyses tools run ‘behind the scenes’ in a risk assessment and are often the building blocks of a risk assessment, but they are NOT replacements for a risk assessment.

Part of this distinction comes from practical applications. Some risk analyses tools could theoretically be considered to be risk assessments but, for practical reasons, are not reasonably deployable, especially for long, linear assets like pipelines. Here’s a quick way to know if you are looking at a risk assessment rather than a risk analysis tool.

Continue below for more discussion on this important distinction. See also more definitions in Chapter 2 and Chapter 3 of the textbook.

Risk Assessment Algorithms

Algorithms are simply equations that calculate various aspects of risk. A set of algorithms receives information and outputs risk estimates.

Risk algorithms calculate risk values. This separates risk assessments from risk analysis tools. The two are often confused. Risk analysis tools can provide valuable inputs into a risk assessment, can help with visualization and communications of risk, and can also sometimes produce narrowly-focused estimates of risk. However, they are not intended to produce efficient, robust total estimates of risk, especially for long linear assets such as pipelines.

Some key features of a modern risk assessment approach are described below:

  • Assessment recognizes all known failure mechanisms, i.e., time dependent failure mechanisms of fatigue and corrosion and time independent failure mechanisms including third party damage, sabotage, human error (incorrect operations), geohazards, and others.
  • Time-independent failure mechanisms are assumed to either cause immediate failure or create a defect that leads to a time-dependent failure mechanism.
  • Time-dependent failure mechanisms of corrosion and fatigue are measured in mils-per-year (mpy) (or mm/yr) pipe wall metal loss.  This mpy is used to determine the time to failure (TTF) with the assumption that failure occurs just below the wall thickness required for maximum internal pressure (rupture) or when wall is breached (leak).
  • Integrity verification re-sets the clock at the measured wall thickness. Mpy is then applied to the new measured wall thickness to determine again when failure theoretically occurs.
  • A previous incident impacts the degree of belief about future failure potential in proportion to its relevance as a predictor. Historical incident information, properly adjusted for relevance, is used to initially tune or calibrate the model’s frequency of failure (FoF) estimates when absolute estimates of risk are needed.
  • Increased uncertainty is treated the same as increased risk. This is conservative, ensures model credibility, and shows the value of acquiring information.

Risk assessment building blocks

Risk assessment practitioners have varying ideas of how to understand and measure risk. Many tools and techniques are available to help. While almost all can improve understanding, few should be considered to be comprehensive risk assessment techniques. There is a real difference between identifying elements of risk and performing a risk assessment.

Chapter 3 provides a list and discussion of “risk assessment techniques”:

  • Brainstorming
  • Structured or semi-structured interviews
  • Delphi
  • Checklists
  • Process hazard analysis (PHA)
  • Hazard and operability studies (HAZOPS)
  • Hazard Analysis and Critical Control Points
  • Environmental risk assessment
  • What if? analysis
  • Scenario analysis
  • Business impact analysis
  • Root cause analysis
  • Failure mode effect analysis
  • Fault tree analysis
  • Event tree analysis
  • Cause and consequence analysis
  • Cause-and-effect analysis
  • Layer of protection analysis (LOPA)
  • Decision tree
  • Human reliability analysis
  • Bow tie analysis
  • Reliability centered maintenance
  • Sneak circuit analysis
  • Markov analysis
  • Monte Carlo simulation
  • Bayesian statistics and Bayes
  • FN Curves
  • Risk indices
  • Consequence/probability matrix
  • Cost/benefit analysis
  • Multi-criteria decision analysis.

Each are described in the reference along with a complexity rating and an opinion as to whether each can produce ‘quantitative’ results.

For improved clarity, these techniques should be categorized according to the role they play in risk assessment. Several ways to group them could be appropriate but for discussion purposes here, the following categories are suggested:

  • Risk Assessment techniques—full risk assessment methodologies, meeting all requirements of an actual risk assessment.
  • Risk Tools—ingredients or supplements to a risk assessment.

Where ‘tools’ can be further categorized into:

  • Hazard/threat identification—techniques focused on presenting lists of or confirming hazards or threats to a system. Examples include HAZOPS, brainstorming, check lists.
  • Scenario identification—techniques focused on the chain of events leading to a failure or unfolding once failure has occurred. Examples include event trees, fault trees, cause-effect analyses.
  • Analyses support—usually statistically based, these techniques work with a risk assessment model to improve outputs. Techniques are applied both to risk assessment inputs and outputs (results). Examples include Monte Carlo simulation, Bayesian statistics, and Markov analyses.
  • Visualization—techniques, usually with a strong graphical nature, used to support presentation or visualization of risk results or inputs. Examples include bowtie, matrix, FN curves.

Since many techniques can be used in differing ways, not all fit neatly into one of these categories. This does not detract from the central idea here that risk tools play various roles in a risk assessment, but are NOT complete risk assessment methodologies.

Tools vs Models

An important distinction has been drawn between risk assessments—meaning methodologies, techniques, etc that produce complete risk estimates; versus risk analyses tools that play a more limited role, such as hazard identification or analyses of specific cause-consequence pairings.

One of the simplest discriminators between a risk model and risk tool is the ‘map point’ test. This test simply means that, using a real risk assessment approach, one can pick any point on any pipeline and should have access to all pertinent risk information for that location. If the so-called risk assessment cannot support this straightforward and intuitive task, then it is probably a risk tool rather than a complete risk assessment model, at least for purposes of this discussion. This and other ways to identify a true risk assessment are presented in a later section. But first is an examination of some of the more popular risk tools.

For additional discussion on some of these tools, see Chapter 3.

Published inBeginners CornerRisk Modeling