Risk Management/ Assessment
Risk management is a central part of any organization’s strategic management. It is the process whereby organizations methodically address the risks attached to their activities with the goal of achieving sustained benefit within each activity and across the portfolio of all activities.
The application of risk assessment to the asset management function must be in accordance with the organization’s risk management framework which is normally set as a corporate policy. The details within the hazard and likelihood matrices are specific to the organization, its industry, and its type of operations.
Risk identification sets out to identify an organization’s exposure to uncertainty. This requires an intimate knowledge of the organization, the market in which it operates, the legal, social, political, and cultural environment in which it exists, as well as the development of a sound understanding of its strategic and operational objectives, including factors critical to its success and the threats and opportunities related to the achievement of these objectives.
Effective risk management requires a reporting and review structure to ensure that risks are effectively identified and assessed and that appropriate controls and responses are in place. Regular audits of policy and standards compliance should be carried out and standards performance reviewed to identify opportunities for improvement. It should be remembered that organizations are dynamic and operate in dynamic environments.
Changes in the organisation and the environment in which it operates must be identified and appropriate modifications made to systems. The monitoring process should provide assurance that there are appropriate controls in place for the organization’s activities and that the procedures are understood and followed. Changes in the organization and the environment in which it operates must be identified and appropriate changes made to systems.
Risk identification should be approached in a methodical way to ensure that all significant activities within the organization have been identified and all the risks flowing from these activities defined. All associated volatility related to these activities should be identified and categorized. Business activities and decisions can be classified in a range of ways, examples of which include:
• Strategic – These concern the long-term strategic objectives of the organization. They can be affected by such areas as capital availability, sovereign and political risks, legal and regulatory changes, reputation, and changes in the physical environment.
• Operational – These concern the day-to-day issues that the organization is confronted with as it strives to deliver its strategic objectives.
• Financial – These concern the effective management and control of the finances of the organization and the effects of external factors such as availability of credit, foreign exchange rates, interest rate movement, and other market exposures.
• Knowledge management – These concern the effective management and control of the knowledge resources, the production, protection, and communication thereof. External factors might include the
unauthorized use or abuse of intellectual property, area power failures, and competitive technology. Internal factors might be system malfunction or loss of key staff.
• Compliance – These concern such issues as health & safety, environmental, trade descriptions, consumer protection, data protection, employment practices, and regulatory issues.
Once the risk is identified, AMCO will estimation can be quantitative, semiquantitative or qualitative in terms of the probability of occurrence.
The methods and ranking system within this framework should be applied to five core asset management functions, listed below. Each of these functions will provide feedback on the risk associated with the assets or how they are managed:
- Determination of asset risks in terms of condition, capability or compliance;
- Surveillance reports
- Asset health reports
- Reliability analytics (asset condition)
- The value assessment in terms of risk reduction for work proposed in the Capital Plan and which is used as part of the justification process for the investment;
- Capital investment strategy opportunities
- Capital Investment Plan
- Value analysis of the maintenance performance in managing risk in the Asset Portfolio;
- Incident response reports
- Performance KPIs
- Monthly reports on work completed
- Summary reporting of facility risks across the portfolio for the purposes of performance reporting:
- Customer feedback reports
- Reliability analytics (work history)
- Incident management plans
- Statutory reporting of risk compliance in the delivery of asset management:
- Critical or certified plant system effectiveness and health report
- Operating License audits
- Safety investigations and findings
- Information Security attestation
- In the case of hazards which must be managed instead of removed, contingency plans are required to manage the situation where the risk is realised (ie a control has broken down).
Investment in improvement work is required to reduce risk in assets to As Low as Reasonably Practicable (ALARP), consistent with the Asset Management Objectives (which should include statutory compliance). These considerations inform the use of risk in the AMP and its reports.
Audits assess plans and activities, and audit findings should be scored in terms of the risk management framework where the findings pertain to a risk. If the findings lead to an opportunity for improvement, this requirement is relaxed, and a measure of the likely opportunity value should be used instead.