96,99 €
Mehr erfahren.
- Herausgeber: John Wiley & Sons
- Kategorie: Wissenschaft und neue Technologien
- Sprache: Englisch
BOW-TIE INDUSTRIAL RISK MANAGEMENT ACROSS SECTORS Explore an approachable but rigorous treatment of systematic barrier-based approaches to risk management and failure analysis In Bow-Tie Industrial Risk Management Across Sectors: A Barrier-Based Approach, accomplished researcher and author Luca Fiorentini delivers a practical guide to risk management tools, with a particular emphasis on a systematic barrier-based approach called "bow-tie." The book includes discussions of two barrier-based methods, Bow-Tie and Layers of Protection Analysis (LOPA), for risk assessment, and one barrier-based method for incident analysis, Barrier Failure Analysis (BFA). The author also describes a traditional method-Root Cause Analysis-and three quantitative methods-FMEA/FMECA, Fault Tree (FTA), and Event Tree (ETA) with a discussion about their link with barriers. Written from the ground up to be in full compliance with recent ISO 31000 standards on enterprise risk management, and containing several case studies and examples from a variety of industries, Bow-Tie Industrial Risk Management Across Sectors also contains discussions of international standards dealing with common risks faced by organizations, including occupational health and safety, industrial safety, functional safety, environmental, quality, business continuity, asset integrity, and information security. Readers will also benefit from the inclusion of: * A thorough introduction to the Bow-Tie method, including its practical application in risk management workflow from ISO 31000, the history of Bow-Tie, related methods, and the application of Bow-Tie in qualitative and quantitative ways * An exploration of Barrier Failure Analysis, including events, timelines, barriers, causation paths, and multi-level causes * A practical discussion of how to build a Barrier Failure Analysis, including fact finding, event chaining, identifying barriers, assessing barrier states, causation analysis, and recommendations * A concise treatment of Bow-Tie construction workflow, including a step-by-step guide Perfect for engineers and other professionals working in risk management, Bow-Tie Industrial Risk Management Across Sectors: A Barrier-Based Approach will also earn a place in the libraries of advanced undergraduate and graduate students studying risk management and seeking a one-stop reference on the "bow-tie" approach and barrier-based methods.
Sie lesen das E-Book in den Legimi-Apps auf:
Seitenzahl: 753
Veröffentlichungsjahr: 2021
Ähnliche
Table of Contents
Cover
Title Page
Copyright Page
Dedication Page
List of Figures
List of Tables
List of Acronyms
Preface 1
Preface 2
Preface 3
Preface 4
Preface 5
Preface 6
Preface 7
Preface 8
Author Preface
Acknowledgements
1 Introduction to Risk and Risk Management
1.1 Risk Is Everywhere, and Risk Management Became a Critical Issue in Several Sectors
1.2 ISO 31000 Standard
1.3 ISO 31000 Risk Management Workflow
1.4 Uncertainty and the Human Factor
1.5 Enterprise Complexity and (Advanced) Risk Management (ERM)
1.6 Proactive and Reactive Culture of Organizations Dealing with Risk Management
1.7 A Systems Approach to Risk Management
2 Bow‐Tie Model
2.1 Hazards and Risks
2.2 Methods of Risk Management
2.3 The Bow‐Tie Method
2.4 The Bow‐Tie Method and the Risk Management Workflow from ISO 31000
2.5 Application of Bow‐Ties
2.6 Level of Abstraction
2.7 Building a Bow‐Tie
2.8 Hazards
2.9 Top Events
2.10 Threats
2.11 Consequences
2.12 Barriers
2.13 Escalation Factors and Associated Barriers
2.14 Layer of Protection Analysis (LOPA): A Quantified Bow‐Tie to Measure Risks
2.15 Bow‐Tie as a Quantitative Method to Measure Risks and Develop a Dynamic Quantified Risk Register
2.16 Advanced Bow‐Ties: Chaining and Combination
3 Barrier Failure Analysis
3.1 Accidents, Near‐Misses, and Non‐Conformities in Risk Management
3.2 The Importance of Operational Experience
3.3 Principles of Accident Investigation
3.4 The Barrier Failure Analysis (BFA)
3.5 From Root Cause Analysis (RCA) to BFA
3.6 BFA from Bow‐Ties
4 Workflows and Case Studies
4.1 Bow‐Tie Construction Workflow with a Step‐by‐Step Guide
4.2 LOPA Construction Workflow with a Step‐by‐Step Guide
4.3 BFA Construction Workflow with a Step‐by‐Step Guide
4.4 Worked Examples
Conclusions
Appendix 1: Bow‐Tie Easy Guide
Appendix 2: BFA Easy Guide
Appendix 3: Human Error and Reliability Assessment (HRA)
Human Errors and Violations
The Rasmussen Skills‐Rules‐Knowledge Model of Human Error
References and Further Reading
References
Further Reading
Index
End User License Agreement
List of Tables
Chapter 1
Table 1 Applicability of tools for risk assessment.
Chapter 2
Table 2 Example of “what‐if” analysis.
Table 3 Guidewords for HAZOP analysis.
Table 4 Extract of an example of HAZOP analysis. Adapted from Assael and Kako...
Table 5 Subdivision of the analyzed system into areas.
Table 6 Hazards and assumed event in HAZID.
Table 7 List of typical consequences.
Table 8 HAZID worksheet.
Table 9 Different classification of barriers as physical or non‐physical.
Table 10 Comparison of defined hazards with insufficient detail and optimal d...
Table 11 Comparison of defined top events with insufficient detail and with a...
Table 12 Comparison of defined causes with insufficient detail and with an op...
Table 13 Comparison of defined consequences with insufficient detail and with...
Table 14 Barrier Types.
Table 15 Quality scores and judgments on the effectiveness of barriers.
Table 16 Standard Performance Scores (PS)
Chapter 3
Table 17 Definition of BRFs in Tripod Beta.
Table 18 Example of spreadsheet event timeline.
Table 19 Example of Gantt chart investigation timeline.
Chapter 4
Table 20 Barrier function score (FS).
Table 21 Barrier consequence of failure score (CS).
Table 22 Barrier redundancy score (RS).
Table 23 Barrier criticality ranking.
Table 24 Barrier criticality assessment example.
Table 25 Interpretation of the barrier‐based audit response histograms.
Table 26 Survey team members should and should not.
Table 27 General information about the case study.
Table 28 Record of the supervisor systems (adapted from Italian).
Table 29 Threshold values according to Italian regulations.
Table 30 Summary of the investigation.
Appendix 3
Table 31 Example of calculating HEP with the SPAR‐H Method.
Table 32 PIF (current configuration).
Table 33 PIF (Configuration A).
Table 34 PIF (POST configuration).
Table 35 Frequency of incidental assumptions considered.
List of Illustrations
Preface 3
Figure 1 Descent from Col du Chardonnet. Is it safe?
Preface 5
Figure 2 Bas‐relief depicting the god Kairos.
Figure 3 The epistemological meaning of security.
Chapter 1
Figure 4 Swiss Cheese Model.
Figure 5 Top five global risks in terms of likelihood (2007–2020).
Figure 6 Top five global risks in terms of impact (2007–2020).
Figure 7 Different perspectives on risk.
Figure 8 Definition of the scope of risk management.
Figure 9 Relationship between principles, framework, and risk management pro...
Figure 10 The principles of RM according to ISO 31000.
Figure 11 The RM framework.
Figure 12 Components of a risk management framework.
Figure 13 Risk management framework.
Figure 14 Leadership and commitment.
Figure 15 Internal and external context.
Figure 16 Identify the requirements related to risk management.
Figure 17 Implementing the risk management framework.
Figure 18 Scheme of the risk management process according to ISO 31000.
Figure 19 Relationship between the RM principles, framework, and process.
Figure 20 Improving the risk management framework.
Figure 21 The risk assessment phase in the context of the RM process.
Figure 22 Level of risk.
Figure 23 Frequency analysis and probability estimation.
Figure 24 Risk acceptability and tolerability thresholds.
Figure 25 Example of a risk matrix with level of acceptability regions.
Figure 26 Prioritization of risk given impact and liklihood.
Figure 27 Risk prioritization and the risk matrix.
Figure 28 Matrix example for qualitative ALARP analysis.
Figure 29 Achieving balance in risk reduction.
Figure 30 Risk treatment activities.
Figure 31 Residual risk.
Figure 32 Risk management process continuous improvement.
Figure 33 Documenting the risk management process.
Figure 34 Skills and knowledge for a risk manager.
Figure 35 Resources to be allocated for an effective RM.
Figure 36 Understand the mission, objectives, values, and strategies.
Figure 37 Risk control hierarchy and in practice.
Figure 38 Thinking‐Behavior‐Result model.
Figure 39 Stimulus‐Response model.
Figure 40 Two‐pointed model.
Figure 41 Inverted two‐pointed model.
Figure 42 Human factors in process plant operation.
Figure 43 The principles of RM according to ISO 31000.
Figure 44 Main types of business risks.
Figure 45 Most common enterprise risks.
Figure 46 Culture maturity level in an organization.
Figure 47 Safety culture levels.
Figure 48 Quality of risk management approach.
Figure 49 The pathological condition.
Figure 50 The reactive condition.
Figure 51 The bureaucratic condition.
Figure 52 The proactive condition.
Figure 53 The generative condition.
Figure 54 The Deming Cycle PDCA.
Figure 55 Swiss Cheese Model applied to a major industrial event.
Figure 56 Maturity model.
Chapter 2
Figure 57 Feed line propane‐butane separation column.
Figure 58 Basic structure of a fault tree (horizontal).
Figure 59 Basic structure of a fault tree (vertical).
Figure 60 Basic Events.
Figure 61 Example of the fault tree, taking inspiration from the Åsta railwa...
Figure 62 Gates.
Figure 63 Fire triangle using FTA.
Figure 64 Flammable liquid storage system.
Figure 65 Example of FTA for a flammable liquid storage system.
Figure 66 Fault tree example.
Figure 67 The structure of a typical ETA diagram.
Figure 68 Event tree analysis for the Åsta railway accident.
Figure 69 Pipe connected to a vessel.
Figure 70 Example of event tree for the pipe rupture.
Figure 71 Bow‐Tie diagram structure.
Figure 72 F‐N Curve.
Figure 73 Example of a risk matrix with acceptability regions.
Figure 74 Calibrated risk graph.
Figure 75 A typical Bow‐Tie.
Figure 76 Bow‐Tie as the combination of an FTA and an ETA.
Figure 77 The Swiss Cheese Model by James Reason.
Figure 78 Bow‐Tie project risk assessment.
Figure 79 Bow‐Tie diagram – transfer of a data center.
Figure 80 Bow‐Tie diagram on virtual classroom training.
Figure 81 Level of abstraction.
Figure 82 Zoom level and point in time.
Figure 83 Example of point in time.
Figure 84 Basic elements of a Bow‐Tie diagram.
Figure 85 Determining the threshold level to cause the top event.
Figure 86 Barrier functions.
Figure 87 Location of elimination and prevention barriers.
Figure 88 Location of control and mitigation barriers.
Figure 89 Barrier systems.
Figure 90 Using the same barrier on either side of the Bow‐Tie diagram.
Figure 91 Classification of safety barriers.
Figure 92 Barrier classification promoted by the AIChE CCPS Guidelines.
Figure 93 The energy model.
Figure 94 Generic safety functions related to a process model.
Figure 95 Layers of defence against a possible industrial accident.
Figure 96 A comparison between ETA and LOPA’s methodology.
Figure 97 Actions of a barrier.
Figure 98 Misuse of escalation factors, with nested structure.
Figure 99 Defining “activities” for a barrier.
Figure 100 Quantifying a simplified Bow‐Tie.
Figure 101 Scale of the effectiveness of a barrier and the relationship betw...
Figure 102 Relationship between effectiveness and PFD (correct).
Figure 103 Bow‐Tie concatenation example
Chapter 3
Figure 104 Difference between accident, near‐accident and unintended circums...
Figure 105 Principles of incident analysis.
Figure 106 The importance of accident investigations.
Figure 107 Steps in the analysis of the operational experience of organizati...
Figure 108 Steps in accident investigations.
Figure 109 The pyramid of conclusions.
Figure 110 Example a Tripod Beta diagram.
Figure 111 Possible Tripod Beta appearances.
Figure 112 Example of a BFA diagram 1.
Figure 113 Example of a BFA diagram 2.
Figure 114 BFA core elements.
Figure 115 General structure of a BFA diagram.
Figure 116 Event chaining in BFA.
Figure 117 Defeated barriers are not BFA events.
Figure 118 Barrier identification in BFA.
Figure 119 Correct and incorrect barrier identification in BFA.
Figure 120 BFA analysis.
Figure 121 Events types in a BFA diagram.
Figure 122 Example of timeline developed for the
Norman Atlantic
investigati...
Figure 123 Timeline example.
Figure 124 The onion‐like structure between immediate causes and root causes...
Figure 125 Benefit of RCA.
Figure 126 RCA Process.
Figure 127 Levels of analysis.
Figure 128 The Bow‐Tie diagram.
Figure 129 Bow-Tie risk assessment and incident analysis.
Chapter 4
Figure 130 Bow‐Tie preparation workflow.
Figure 131 From organization to critical tasks.
Figure 132 Example of Barrier Criticality Assessment.
Figure 133 Steps to identify critical barriers.
Figure 134 Example of a barrier audit.
Figure 135 Traditional audit: one element of the management system is analyz...
Figure 136 Audit barrier‐based: all elements of the management system identi...
Figure 137 General workflow of LOPA.
Figure 138 The general workflow of a survey.
Figure 139 Incident barrier states and relation between barrier state and ba...
Figure 140 Recommendations development and review.
Figure 141 On the left: pier with a damaged downpipe; the concrete is wet an...
Figure 142 Effects of ageing and humidity on the concrete. The reinforcement...
Figure 143 Concrete spalling on a Gerber support with a consequent capacity ...
Figure 144 The spalling of concrete caused the corrosion to progress. The re...
Figure 145 Bow‐Tie diagram for “Local reduction of the resisting capacity of...
Figure 146 Employee infected with COVID‐19 virus.
Figure 147 Fire in flight.
Figure 148 BFA on food contamination (near miss).
Figure 149 Web‐based software development – Bow‐Tie.
Figure 150 IT systems protection Bow‐Tie.
Figure 151 Satellite view of Matera.
Figure 152 Matera – Piazza Vittorio Veneto. On the right: steps.
Figure 153 Developed Bow‐Tie to assess crowding‐related risks – zooming the ...
Figure 154 Developed Bow‐Tie to assess crowding‐related risks – zooming the ...
Figure 155 Map to develop simulated scenarios.
Figure 156 Different levels of service.
Figure 157 Piazza Vittorio Veneto and the bottleneck in Via San Biagio, Mate...
Figure 158 Impact of the soft obstacles on the pedestrian flow.
Figure 159 Bow‐Tie Risk assessment (whole picture).
Figure 160 Helicopter loss of control Bow‐Tie risk assessment.
Figure 161 Treatment of critically ill patients.
Figure 162 Treatment of patient with pain.
Figure 163 Preparing parenterals (excluding cytostatic drugs).
Figure 164 Administration of parenterals (excluding cytostatic drugs).
Figure 165 Medication verification in handoff during hospital admission.
Figure 166 Medication verification in handoff during hospital discharge (1 o...
Figure 167 Medication verification in handoff during hospital discharge (2 o...
Figure 168 Administration of medicines.
Figure 169 Treatment of patients with acute coronary syndrome.
Figure 170 Administering intravascular iodinated contrast media (excluding i...
Figure 171 Applying a central venous catheter (CVC).
Figure 172 Operating on a patient.
Figure 173 Hospitalization of vulnerable elders (>70 years) (1 of 4).
Figure 174 Hospitalization of vulnerable elders (>70 years) (2 of 4).
Figure 175 Hospitalization of vulnerable elders (>70 years) (3 of 4).
Figure 176 Hospitalization of vulnerable elders (>70 years) (4 of 4).
Figure 177 Performing surgical procedures.
Figure 178 Elaboration of the threat “external corrosion” and main escalatin...
Figure 179 Link between controls and the company HSE management system proce...
Figure 180 BFA of Flixborough (UK) incident.
Figure 181 BFA of Seveso (Italy) incident.
Figure 182 BFA of Bhopal (India) incident.
Figure 183 BFA of
Piper Alpha
(UK – offshore) incident.
Figure 184 BFA of Pembroke Refinery (Milford Haven) (UK) incident.
Figure 185 BFA of Texas City (US) incident.
Figure 186 BFA of Macondo (
Deepwater Horizon
) (US – Offshore) incident.
Figure 187 BFA of Fukishima (Daiichi) (Japan) incident.
Figure 188 Drug administration Bow‐Tie.
Figure 189 Area involved in the accident. Right, unwinding section of the li...
Figure 190 The flattener and the area involved in the accident. Details of t...
Figure 191 Details of the hydraulic pipe that provoked the flash fire.
Figure 192 Map of the area struck by the jet fire and by the consequent fire...
Figure 193 Footprint of the jet fire on the front wall.
Figure 194 Timescale of the accident. F1 is the time interval in which the i...
Figure 195 The domain used in the FDS fire simulations.2013.
Figure 196 Simulated area, elevation.
Figure 197 Jet fire simulation results: flames at 1 s from pipe collapse....
Figure 198 Jet fire simulation results: flames at 2 s from pipe collapse....
Figure 199 Jet fire simulation results: flames at 3 s from pipe collapse....
Figure 200 Jet fire simulation results: temperature at 1 s from pipe collaps...
Figure 201 Jet fire simulation results: temperature at 2 s from pipe collaps...
Figure 202 Jet fire simulation results: temperature at 3 s from pipe collaps...
Figure 203 Scheme of the hydraulic circuits with two‐position (a) and three‐...
Figure 204 Event tree of the accident. The grey boxes indicate a lack of saf...
Figure 205 Damages on the forklift.
Figure 206 Frames from the 3D video, reconstructing the incident dynamics.
Figure 207 Bow‐Tie diagram of the ThyssenKrupp fire.
Figure 208 Twente stadium roof collapse Tripod Beta analysis.
Figure 209 Water treatment Bow‐Tie analysis.
Figure 210 Timeline of the sample (developed with CGE‐NL IncidentXP).
Figure 211 Possible RCA of the sample (developed with CGE‐NL IncidentXP).
Figure 212 Possible Tripod Beta of the sample (developed with CGE‐NL Inciden...
Figure 213 Possible BFA of the event (developed with CGE‐NL IncidentXP).
Figure 214 Bow‐Ties developed to assess fire risk in multiple railway statio...
Figure 215 Fire load.
Figure 216 Bow‐Tie worksheet developed by TECSA S.r.l. and Royal Haskoning D...
Figure 217 Barriers/protection layer scores.
Figure 218 Weakest barriers and the public.
Figure 219 Bow‐Tie model for fire risk assessment in PV plants.
Figure 220 Map of ceraunic density in Italy.
Figure 221 Annual average temperature in Italy.
Conclusions
Figure 222 Deming Cycle from a barrier‐based perspective.
Appendix 1
Figure 223 Bow‐Tie core elements and general structure.
Figure 224 Bow‐Tie guiding principles.
Appendix 2
Figure 225 BFA core elements.
Figure 226 Incident barrier state.
Figure 227 Incident barrier state decision support tree.
Figure 228 BFA guiding principles.
Appendix 3
Figure 229 Classification of human failure.
Figure 230 Fault tree Analysis, current configuration (ANTE).
Figure 231 Fault tree analysis, better configuration (configuration A).
Figure 232 Fault tree analysis, the best configuration (POST configuration)....
Figure 233 Frequency estimation of the scenario “Oxygen sent to blow down, d...
Figure 234 The Swiss Cheese Model by James Reason.
Figure 235 Level 1: Unsafe acts.
Figure 236 Level 2: Preconditions.
Figure 237 Level 3: Supervision Issues.
Figure 238 Level 4: Organizational Issues.
Guide
Cover Page
Title Page
Copyright Page
Dedication Page
List of Figures
List of Tables
List of Acronyms
Preface 1
Preface 2
Preface 3
Preface 4
Preface 5
Preface 6
Preface 7
Preface 8
Author Preface
Acknowledgements
Table of Contents
Begin Reading
Conclusions
Appendix 1 Bow‐Tie Easy Guide
Appendix 2 BFA Easy Guide
Appendix 3 Human Error and Reliability Assessment (HRA)
References and Further Reading
Index
Wiley End User License Agreement
Pages
iii
iv
v
ix
x
xi
xii
xiii
xiv
xv
xvii
xviii
xix
xx
xxi
xxii
xxiii
xxiv
xxv
xxvi
xxvii
xxviii
xxix
xxx
xxxi
xxxii
xxxiii
xxxiv
xxxv
xxxvi
xxxvii
xxxviii
xxxix
xl
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
32
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
409
410
411
412
413
414
415
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
Bow‐Tie Industrial Risk Management Across Sectors
A Barrier‐Based Approach
Professor Luca Fiorentini
This edition first published 2022© 2022 John Wiley & Sons Ltd
All rights reserved. No part of this publication may be reproduced, stored in a retrieval system, or transmitted, in any form or by any means, electronic, mechanical, photocopying, recording or otherwise, except as permitted by law. Advice on how to obtain permission to reuse material from this title is available at http://www.wiley.com/go/permissions.
The right of Luca Fiorentini to be identified as the author of this work has been asserted in accordance with law.
Registered OfficeJohn Wiley & Sons, Inc., 111 River Street, Hoboken, NJ 07030, USAJohn Wiley & Sons Ltd, The Atrium, Southern Gate, Chichester, West Sussex, PO19 8SQ, UK
Editorial Office111 River Street, Hoboken, NJ 07030, USA
For details of our global editorial offices, customer services, and more information about Wiley products visit us at www.wiley.com.
Wiley also publishes its books in a variety of electronic formats and by print‐on‐demand. Some content that appears in standard print versions of this book may not be available in other formats.
Limit of Liability/Disclaimer of WarrantyWhile the publisher and authors have used their best efforts in preparing this work, they make no representations or warranties with respect to the accuracy or completeness of the contents of this work and specifically disclaim all warranties, including without limitation any implied warranties of merchantability or fitness for a particular purpose. No warranty may be created or extended by sales representatives, written sales materials or promotional statements for this work. The fact that an organization, website, or product is referred to in this work as a citation and/or potential source of further information does not mean that the publisher and authors endorse the information or services the organization, website, or product may provide or recommendations it may make. This work is sold with the understanding that the publisher is not engaged in rendering professional services. The advice and strategies contained herein may not be suitable for your situation. You should consult with a specialist where appropriate. Further, readers should be aware that websites listed in this work may have changed or disappeared between when this work was written and when it is read. Neither the publisher nor authors shall be liable for any loss of profit or any other commercial damages, including but not limited to special, incidental, consequential, or other damages.
Library of Congress Cataloging‐in‐Publication Data
Name: Fiorentini, Luca, 1976– author.Title: Bow‐tie industrial risk management across sectors : a barrier based approach / Professor Luca Fiorentini.Description: First edition. | Hoboken, NJ : Wiley, 2022. | Includes bibliographical references and index. | Summary: “As stated by ISO 31000 “organizations of all types and sizes face internal and external factors and influences that make it uncertain whether and when they will achieve their objectives. The effect this uncertainty has on organization’s objectives is a risk. All activities of an organization involve risk”. ISO, together with the International Trade Centre and the United Nations Industrial Development Organization published a specific guide about the importance of the implementation of sound risk management practices in small and mid enterprises. Risk management is an integral part of all organizational processes and of decision making. It should be systematic, structured and timely. It also should be based on the best available information and tailored. It should consider human and cultural factors (“soft” factors) together with technical and organizational factors (“hard” factors).”– Provided by publisher.Identifiers: LCCN 2021003284 (print) | LCCN 2021003285 (ebook) | ISBN 9781119523833 (hardback) | ISBN 9781119523826 (adobe pdf) | ISBN 9781119523673 (epub) | ISBN 9781119523857 (obook)Subjects: LCSH: Risk management.Classification: LCC HD61 .F49 2022 (print) | LCC HD61 (ebook) | DDC 658.15/5–dc23LC record available at https://lccn.loc.gov/2021003284LC ebook record available at https://lccn.loc.gov/2021003285
Cover Design: WileyCover Image: © Nikolay_Popov/iStockphoto
To my wife Sonia, with whom, day by day and together, I always reach new important goals. Thank you for your support, patience and constant love, witnessed by the wonderful family we have.
Luca Fiorentini
List of Figures
Figure 1 Descent from Col du Chardonnet. Is it safe? Source: Luca Marmo archive photo.
Figure 2 Bas‐relief depicting the god Kairos.
Figure 3 The epistemological meaning of security.
Figure 4 Swiss Cheese Model. Source: Reason, J., 1990.
Figure 5 Top five global risks in terms of likelihood (2007–2020). Source: World Economic Forum, 2020.
Figure 6 Top five global risks in terms of impact (2007–2020). Source: World Economic Forum, 2020.
Figure 7 Different perspectives on risk.
Figure 8 Definition of the scope of risk management.
Figure 9 Relationship between principles, framework, and risk management process.
Figure 10 The principles of RM according to ISO 31000.
Figure 11 The RM framework.
Figure 12 Components of a risk management framework.
Figure 13 Risk management framework.
Figure 14 Leadership and commitment.
Figure 15 Internal and external context.
Figure 16 Identify the requirements related to risk management.
Figure 17 Implementing the risk management framework.
Figure 18 Scheme of the risk management process according to ISO 31000.
Figure 19 Relationship between the RM principles, framework, and process.
Figure 20 Improving the risk management framework.
Figure 21 The risk assessment phase in the context of the RM process.
Figure 22 Level of risk.
Figure 23 Frequency analysis and probability estimation.
Figure 24 Risk acceptability and tolerability thresholds.
Figure 25 Example of a risk matrix with level of acceptability regions.
Figure 26 Prioritization of risk given impact and liklihood.
Figure 27 Risk prioritization and the risk matrix.
Figure 28 Matrix example for qualitative ALARP analysis.
Figure 29 Achieving balance in risk reduction.
Figure 30 Risk treatment activities.
Figure 31 Residual risk.
Figure 32 Risk management process continuous improvement.
Figure 33 Documenting the risk management process.
Figure 34 Skills and knowledge for a risk manager.
Figure 35 Resources to be allocated for an effective RM.
Figure 36 Understand the mission, objectives, values, and strategies.
Figure 37 Risk control hierarchy and in practice.
Figure 38 Thinking‐Behavior‐Result model. Source: Adapted from Fiorentini and Marmo (2018).
Figure 39 Stimulus‐Response model. Source: Adapted from Fiorentini and Marmo (2018).
Figure 40 Two‐pointed model. Source: Adapted from Fiorentini and Marmo (2018).
Figure 41 Inverted two‐pointed model. Source: Adapted from Fiorentini and Marmo (2018).
Figure 42 Human factors in process plant operation. Source: Adapted from Strobhar (2013).
Figure 43 The principles of RM according to ISO 31000.
Figure 44 Main types of business risks.
Figure 45 Most common enterprise risks.
Figure 46 Culture maturity level in an organization.
Figure 47 Safety culture levels.
Figure 48 Quality of risk management approach.
Figure 49 The pathological condition.
Figure 50 The reactive condition.
Figure 51 The bureaucratic condition.
Figure 52 The proactive condition.
Figure 53 The generative condition.
Figure 54 The Deming Cycle PDCA.
Figure 55 Swiss Cheese Model applied to a major industrial event.
Figure 56 Maturity model. Source: Courtesy of EXIDA L.C.C. (USA).
Figure 57 Feed line propane‐butane separation column. Source: Adapted from Assael and Kakosimos (2010).
Figure 58 Basic structure of a fault tree (horizontal).
Figure 59 Basic structure of a fault tree (vertical).
Figure 60 Basic Events.
Figure 61 Example of the fault tree, taking inspiration from the Åsta railway incident. Source: Sklet, S., 2002.
Figure 62 Gates.
Figure 63 Fire triangle using FTA.
Figure 64 Flammable liquid storage system. Source: Modified from Assael, M. and Kakosimos, K., 2010.
Figure 65 Example of FTA for a flammable liquid storage system.
Figure 66 Fault tree example.
Figure 67 The structure of a typical ETA diagram.
Figure 68 Event tree analysis for the Åsta railway accident.
Figure 69 Pipe connected to a vessel.
Figure 70 Example of event tree for the pipe rupture.
Figure 71 Bow‐Tie diagram structure.
Figure 72 F‐N Curve.
Figure 73 Example of a risk matrix with acceptability regions.
Figure 74 Calibrated risk graph.
Figure 75 A typical Bow‐Tie.
Figure 76 Bow‐Tie as the combination of an FTA and an ETA.
Figure 77 The Swiss Cheese Model by James Reason.
Figure 78 Bow‐Tie project risk assessment.
Figure 79 Bow‐Tie diagram – transfer of a data center.
Figure 80 Bow‐Tie diagram on virtual classroom training.
Figure 81 Level of abstraction.
Figure 82 Zoom level and point in time.
Figure 83 Example of point in time.
Figure 84 Basic elements of a Bow‐Tie diagram.
Figure 85 Determining the threshold level to cause the top event.
Figure 86 Barrier functions.
Figure 87 Location of elimination and prevention barriers.
Figure 88 Location of control and mitigation barriers.
Figure 89 Barrier systems.
Figure 90 Using the same barrier on either side of the Bow‐Tie diagram.
Figure 91 Classification of safety barriers. Source: Sklet, S., 2006.
Figure 92 Barrier classification promoted by the AIChE CCPS Guidelines.
Figure 93 The energy model. Source: Haddon, W., 1980.
Figure 94 Generic safety functions related to a process model. Sources: Hollnagel, E., 2004. Barrier And Accident Prevention. Hampshire, IK: Ashgate; Duijm et al., 2004.
Figure 95 Layers of defence against a possible industrial accident.
Figure 96 A comparison between ETA and LOPA’s methodology.
Figure 97 Actions of a barrier.
Figure 98 Misuse of escalation factors, with nested structure.
Figure 99 Defining “activities” for a barrier.
Figure 100 Quantifying a simplified Bow‐Tie.
Figure 101 Scale of the effectiveness of a barrier and the relationship between effectiveness and PFD (correct).
Figure 102 Relationship between effectiveness and PFD (correct).
Figure 103 Bow‐Tie concatenation example.
Figure 104 Difference between accident, near‐accident and unintended circumstance.
Figure 105 Principles of incident analysis.
Figure 106 The importance of accident investigations.
Figure 107 Steps in the analysis of the operational experience of organizations.
Figure 108 Steps in accident investigations.
Figure 109 The pyramid of conclusions.
Figure 110 Example a Tripod Beta diagram.
Figure 111 Possible Tripod Beta appearances.
Figure 112 Example of a BFA diagram 1.
Figure 113 Example of a BFA diagram 2.
Figure 114 BFA core elements.
Figure 115 General structure of a BFA diagram.
Figure 116 Event chaining in BFA.
Figure 117 Defeated barriers are not BFA events.
Figure 118 Barrier identification in BFA.
Figure 119 Correct and incorrect barrier identification in BFA.
Figure 120 BFA analysis.
Figure 121 Events types in a BFA diagram.
Figure 122 Example of timeline developed for the Norman Atlantic investigation.
Figure 123 Timeline example.
Figure 124 The onion‐like structure between immediate causes and root causes.
Figure 125 Benefit of RCA.
Figure 126 RCA Process.
Figure 127 Levels of analysis.
Figure 128 The Bow‐Tie diagram.
Figure 129 Bow‐Tie risk assessment and incident analysis.
Figure 130 Bow‐Tie preparation workflow.
Figure 131 From organization to critical tasks.
Figure 132 Example of Barrier Criticality Assessment.
Figure 133 Steps to identify critical barriers.
Figure 134 Example of a barrier audit.
Figure 135 Traditional audit: one element of the management system is analyzed at a time.
Figure 136 Audit barrier‐based: all elements of the management system identified as relevant to a specific barrier are analyzed.
Figure 137 General workflow of LOPA.
Figure 138 The general workflow of a survey.
Figure 139 Incident barrier states and relation between barrier state and barrier lifecycle.
Figure 140 Recommendations development and review.
Figure 141 On the left: pier with a damaged downpipe; the concrete is wet and deteriorated. On the right: a similar pier with a safe downpipe; the concrete is in good condition.
Figure 142 Effects of ageing and humidity on the concrete. The reinforcement bars are corroded and there are signs of rust on the beams.
Figure 143 Concrete spalling on a Gerber support with a consequent capacity reduction. The cause of the damage has to be searched for on a damaged downpipe on the road joint (recently substituted).
Figure 144 The spalling of concrete caused the corrosion to progress. The reinforcement bars broken due to the limited cross‐section are causing a reduction of the capacity of the girder.
Figure 145 Bow‐Tie diagram for “Local reduction of the resisting capacity of a bridge due to ageing”.
Figure 146 Employee infected with COVID‐19 virus.
Figure 147 Fire in flight.
Figure 148 BFA on food contamination (near miss).
Figure 149 Web‐based software development – Bow‐Tie.
Figure 150 IT systems protection Bow‐Tie.
Figure 151 Satellite view of Matera.
Figure 152 Matera – Piazza Vittorio Veneto. On the right: steps. Source: Google LLC.
Figure 153 Developed Bow‐Tie to assess crowding‐related risks – zooming the threats and preventive barriers.
Figure 154 Developed Bow‐Tie to assess crowding‐related risks – zooming the consequences and mitigative barriers.
Figure 155 Map to develop simulated scenarios.
Figure 156 Different levels of service.
Figure 157 Piazza Vittorio Veneto and the bottleneck in Via San Biagio, Matera.
Figure 158 Impact of the soft obstacles on the pedestrian flow.
Figure 159 Bow‐Tie Risk assessment (whole picture).
Figure 160 Helicopter loss of control Bow‐Tie risk assessment.
Figure 161 Treatment of critically ill patients.
Figure 162 Treatment of patient with pain.
Figure 163 Preparing parenterals (excluding cytostatic drugs).
Figure 164 Administration of parenterals (excluding cytostatic drugs).
Figure 165 Medication verification in handoff during hospital admission.
Figure 166 Medication verification in handoff during hospital discharge (1of 2).
Figure 167 Medication verification in handoff during hospital discharge (2of 2).
Figure 168 Administration of medicines.
Figure 169 Treatment of patients with acute coronary syndrome.
Figure 170 Administering intravascular iodinated contrast media (excluding intensive care patients).
Figure 171 Applying a central venous catheter (CVC).
Figure 172 Operating on a patient.
Figure 173 Hospitalization of vulnerable elders (> 70 years) (1 of 4).
Figure 174 Hospitalization of vulnerable elders (> 70 years) (2 of 4).
Figure 175 Hospitalization of vulnerable elders (> 70 years) (3 of 4).
Figure 176 Hospitalization of vulnerable elders (> 70 years) (4 of 4).
Figure 177 Performing surgical procedures.
Figure 178 Elaboration of the threat “external corrosion” and main escalating factors and controls.
Figure 179 Link between controls and the company HSE management system procedures.
Figure 180 BFA of Flixborough (UK) incident.
Figure 181 BFA of Seveso (Italy) incident.
Figure 182 BFA of Bhopal (India) incident.
Figure 183 BFA of Piper Alpha (UK – offshore) incident.
Figure 184 BFA of Pembroke Refinery (Milford Haven) (UK) incident.
Figure 185 BFA of Texas City (US) incident.
Figure 186 BFA of Macondo (Deepwater Horizon) (US – Offshore) incident.
Figure 187 BFA of Fukishima (Daiichi) (Japan) incident.
Figure 188 Drug administration Bow‐Tie.
Figure 189 Area involved in the accident. Right, unwinding section of the line, left, the front wall impinged by flames. Source: Taken from Marmo, Piccinini and Fiorentini, 2013.
Figure 190 The flattener and the area involved in the accident. Details of the area struck by the jet fire, view from the front wall. Source: Taken from Marmo, Piccinini and Fiorentini, 2013.
Figure 191 Details of the hydraulic pipe that provoked the flash fire. Source: Taken from Marmo, Piccinini and Fiorentini, 2013.
Figure 192 Map of the area struck by the jet fire and by the consequent fire. The dots represent the presumed position of the workers at the moment the jet was released. Source: Marmo, Piccinini and Fiorentini, 2013.
Figure 193 Footprint of the jet fire on the front wall. Source: Marmo, Piccinini and Fiorentini, 2013.
Figure 194 Timescale of the accident. F1 is the time interval in which the ignition occurred. F2 is the time interval in which it is probable that the workers noticed the fire. The group 5 and group 6 events are defined as in Table 28. Source: Marmo, Piccinini and Fiorentini, 2013.
Figure 195 The domain used in the FDS fire simulations. Source: Marmo, Piccinini and Fiorentini, 2013.
Figure 196 Simulated area, elevation. Source: Marmo, Piccinini and Fiorentini, 2013.
Figure 197 Jet fire simulation results: flames at 1 s from pipe collapse. Source: Marmo, Piccinini and Fiorentini, 2013.
Figure 198 Jet fire simulation results: flames at 2 s from pipe collapse. Source: Marmo, Piccinini and Fiorentini, 2013.
Figure 199 Jet fire simulation results: flames at 3 s from pipe collapse. Source: Marmo, Piccinini and Fiorentini, 2013.
Figure 200 Jet fire simulation results: temperature at 1 s from pipe collapse. Source: Marmo, Piccinini and Fiorentini, 2013.
Figure 201 Jet fire simulation results: temperature at 2 s from pipe collapse. Source: Marmo, Piccinini and Fiorentini, 2013.
Figure 202 Jet fire simulation results: temperature at 3 s from pipe collapse. Source: Marmo, Piccinini and Fiorentini, 2013.
Figure 203 Scheme of the hydraulic circuits with two‐position (a) and three‐position (b) solenoid valves. Source: Marmo, Piccinini and Fiorentini, 2013.
Figure 204 Event tree of the accident. The grey boxes indicate a lack of safety devices. Source: Marmo, Piccinini and Fiorentini, 2013.
Figure 205 Damages on the forklift.
Figure 206 Frames from the 3D video, reconstructing the incident dynamics.
Figure 207 Bow‐Tie diagram of the ThyssenKrupp fire.
Figure 208 Twente stadium roof collapse Tripod Beta analysis.
Figure 209 Water treatment Bow‐Tie analysis.
Figure 210 Timeline of the sample (developed with CGE‐NL IncidentXP).
Figure 211 Possible RCA of the sample (developed with CGE‐NL IncidentXP).
Figure 212 Possible Tripod Beta of the sample (developed with CGE‐NL IncidentXP).
Figure 213 Possible BFA of the event (developed with CGE‐NL IncidentXP).
Figure 214 Bow‐Ties developed to assess fire risk in multiple railway stations.
Figure 215 Fire load.
Figure 216 Bow‐Tie worksheet developed by TECSA S.r.l. and Royal Haskoning DHV to quantify a Bow‐Tie scheme with a LOPA approach. Not real scores and data presented in the image.
Figure 217 Barriers/protection layer scores.
Figure 218 Weakest barriers and the public.
Figure 219 Bow‐Tie model for fire risk assessment in PV plants.
Figure 220 Map of ceraunic density in Italy.
Figure 221 Annual average temperature in Italy.
Figure 222 Deming Cycle from a barrier‐based perspective.
Figure 223 Bow‐Tie core elements and general structure.
Figure 224 Bow‐Tie guiding principles.
Figure 225 BFA core elements.
Figure 226 Incident barrier state.
Figure 227 Incident barrier state decision support tree.
Figure 228 BFA guiding principles.
Figure 229 Classification of human failure.
Figure 230 Fault tree analysis, current configuration (ANTE).
Figure 231 Fault tree analysis, better configuration (configuration A).
Figure 232 Fault tree analysis, the best configuration (POST configuration).
Figure 233 Frequency estimation of the scenario “Oxygen sent to blow down, during start up of reactor of GAS1”.
Figure 234 The Swiss Cheese Model by James Reason. Source: Reason, 1990.
Figure 235 Level 1: Unsafe acts.
Figure 236 Level 2: Preconditions.
Figure 237 Level 3: Supervision issues.
Figure 238 Level 4: Organizational issues.
List of Tables
Table 1 Applicability of tools for risk assessment.
Table 2 Example of “what‐if” analysis. Source: Adapted from Assael, M. and Kakosimos, K., 2010.
Table 3 Guidewords for HAZOP analysis.
Table 4 Extract of an example of HAZOP analysis. Adapted from Assael and Kakosimos (2010).
Table 5 Subdivision of the analyzed system into areas.
Table 6 Hazards and assumed event in HAZID.
Table 7 List of typical consequences.
Table 8 HAZID worksheet.
Table 9 Different classification of barriers as physical or non‐physical.
Table 10 Comparison of defined hazards with insufficient detail and optimal degree for evaluation.
Table 11 Comparison of defined top events with insufficient detail and with an optimal degree for evaluation.
Table 12 Comparison of defined causes with insufficient detail and with an optimal degree for evaluation.
Table 13 Comparison of defined consequences with insufficient detail and with an optimal degree of evaluation.
Table 14 Barrier Types.
Table 15 Quality scores and judgments on the effectiveness of barriers.
Table 16 Standard Performance Scores (PS).
Table 17 Definition of BRFs in Tripod Beta.
Table 18 Example of spreadsheet event timeline.
Table 19 Example of Gantt chart investigation timeline.
Table 20 Barrier function score (FS).
Table 21 Barrier consequence of failure score (CS).
Table 22 Barrier redundancy score (RS).
Table 23 Barrier criticality ranking.
Table 24 Barrier criticality assessment example.
Table 25 Interpretation of the barrier‐based audit response histograms.
Table 26 Survey team members should and should not.
Table 27 General information about the case study.
Table 28 Record of the supervisor systems (adapted from Italian). Source: Marmo, Piccinini and Fiorentini, 2013.
Table 29 Threshold values according to Italian regulations. Source: Marmo, Piccinini and Fiorentini, 2013.
Table 30 Summary of the investigation.
Table 31 Example of calculating HEP with the SPAR‐H Method.
Table 32 PIF (current configuration)
Table 33 PIF (Configuration A)
Table 34 PIF (POST configuration)
Table 35 Frequency of incidental assumptions considered.
List of Acronyms
AHJ
authority having jurisdiction
AIChE
American Institute of Chemical Engineers
ALARP
as low as reasonably practicable
BCM
business continuity management
BCMS
Business Continuity Management System
BFA
barrier failure analysis
BIA
business impact analysis
BPCS
basic process control system
BRF
basic risk factor
BSCAT
barrier‐based systematic cause analysis technique
BT
Bow‐Tie
CCD
cause‐consequence diagram
CCPS
Centre for Chemical Process Safety
COSO
Committee of Sponsoring Organizations of the Treadway Commission
ERM
enterprise risk management
ETA
event tree analysis
FARSI
functionality, availability, reliability, survivability and interactions
FMEA
failure modes and effects analysis
FMECA
failure modes, effects, and criticality analysis
FMEDA
failure modes, effects, and diagnostic analysis
FSMS
fire safety management system
FTA
fault tree analysis
GAMAB
globally at least as good
GIGO
garbage in, garbage out
HAZID
hazard identification
HAZOP
hazard and operability analysis
HEART
human error assessment and reduction technique
HEMP
hazard and effects management process
HEP
human error probability
HFACS
human factors analysis and classification scheme
HLS
high‐level system
HSE
health, safety, and environment
HSEQ
health, safety, environment, and quality
ICT
information and communications technology
IE
initial event
IEC
International Electrotechnical Commission
IEF
initial event frequency
IPL
individual protection layer
IRM
The Institute of Risk Management
IRPA
individual risk per annum
IRT
independent protection layer response time
ISO
International Organization for Standardization
IT
information technology
KPI
key performance indicator
LFE
learning from experience
LOPA
layer of protection analysis
LOPC
loss of primary containment
MEM
minimum endogenous mortality
MGS
at least the same level of safety
MOC
management of change
NFPA
National Fire Protection Association
NMAU
not more than unavoidable
PDCA
Plan‐Do‐Check‐Act
P&ID
piping and instrumentation diagram
PFD
probability of failure on demand
PHA
preliminary hazard analysis
PIF
performance‐influencing factor
PPE
personal protective equipment
PSM
process safety management
QIQO
quality in, quality out
QRA
quantitative risk assessment
RA
risk assessment
RAGAGEP
recognized and generally accepted good engineering practice
RBD
reliability block diagram
RCA
root cause analysis
RM
risk management
ROI
return on investment
RPN
risk priority number
RRF
risk‐reducing factor
SCE
safety critical equipment
SHIPP
system hazard identification, prediction and prevention
SIF
safety instrumented function
SIL
safety integrity level
SIS
safety instrumented system
SLC
safety life cycle
SLIM
Success Likelihood Index Method
SMS
safety management system
SPAR‐H
Standardized Plant Analysis Risk‐Human Reliability Analysis
THERP
technique for human error‐rate prediction
TR
technical report
Preface 1
Riccardo Ghini
Quality Head Italy & Malta and South Europe Cluster, Sanofi
Risk assessment is a basic concept that has always accompanied me throughout my work and professional experience, so being able to contribute, albeit marginally, to the drafting of this monumental work fills me with pride and happiness.
Since the time of Legislative Decree 626/94, the ability to evaluate the probability of occurrence and the possible consequences of accidents and injuries at work has been a fundamental skill for me to develop, through the study of ever‐more‐refined methods and techniques of investigation. Finding all these useful analysis tools grouped in this way, brilliantly described and accompanied by real application examples, represents for me, and for all professionals, a unique opportunity for enrichment and deepening.
In fact, as my career continued, I soon realized how the concepts underlying this book can be effectively applied, not only in the field of work safety, but also in all areas of business activity, where words like “risk,” “scenario,” “analysis of the causes,” and “continuous improvement” have become commonly used, as they are based on the very structure of the management systems developed in accordance with the various reference standards, now completely standardized.
Furthermore, we mustn’t fail to mention the importance assumed by the methods of analysis, assessment, and operational management of the risks associated with the predicate offenses of Legislative Decree 231/2001 (administrative liability of companies and entities), which constitute the essential element in the preparation of a Corporate Organization, Management, and Control Model that effectively prevents the occurrence of the types of offense and, at the same time, constitutes a valid exemption in the context of a possible criminal trial.
The real cultural transition, however, takes place when the concept of risk assessment is adopted and is also applied outside the professional sphere, elevating it to a rational criterion to guide our daily choices: “do I overtake or not overtake the car that’s in front of me?, “do I subscribe to this insurance policy or not?,” “do I vaccinate my children or not?” These are all questions and situations we face every day, and for which it is very useful to identify the possible “top event,” the “consequences” that can be generated, and the “causes” that can originate it, as well as to know what “barriers” we can implement in our defence.
This book is therefore much more than a scientific text for a few super‐technicians and experts; it is a concrete and useful reference to all, to bring order and reasoning into our decisions, whatever they may be, in a world increasingly dominated by superficiality and disinformation.
I would also like to underline another aspect, often not adequately communicated: the concept of risk not only with a negative meaning, as a threat or weighting of an unfavourable event, but also, from the perspective of ISO 31000, as a positive deviation from the result expected, therefore, as an opportunity, to be evaluated and seized for the development of the organization. A better understanding of this dimension of risk would certainly facilitate a wider and more extensive use of the methodologies illustrated in the book.
At this point, before diving into reading and studying, I just have to applaud the authors, who represent all‐Italian excellence, similar to Ferrari and Parmigiano Reggiano, in this scientific field traditionally the prerogative of Anglo‐Saxon and American schools, and of which we must all be proud.
Preface 2
Bernardino Chiaia
Head of SISCON (Safety of Infrastructures and Constructions), Politecnico di Torino
The number and the magnitude of accidents worldwide in the industrial sector and in the realm of civil and transportation infrastructures has risen since the 1970s and continues to grow both in frequency and socioeconomic impact. Several major accidents in the industrial sector (see, e.g., the Seveso chemical plant disaster in 1976, the Bhopal gas tragedy in 1984, the Chernobyl nuclear accident in 1986, the Deepwater Horizon oil spill in 2010, the explosion in Warehouse 12 at the Port of Beirut in 2020) have been under the lens of the United Nations Office for Disaster Risk Reduction (UNISDR), which puts great effort in developing safety guidelines within the Sendai Framework for Disaster Risk Reduction 2015–2030.
At the same time, the number of infrastructure failures in developed countries rose dramatically since the beginning of the new millennium. This is partly due to ageing and poor maintenance of bridges, viaducts, tunnels, and dams, which were constructed mainly in the first 35 years after World War II. Moreover, traffic loads and required performances have increased 20 times the original design conditions. On the other hand, in underdeveloped countries there is clear evidence that industrial regulations are less strict and that a general lack of a culture of safety generally results in looser applications of the rules, thus producing a physiological higher percentage of accidents.
In this evolving context, the barrier‐based approach named Bow‐Tie represents a successful methodology to approach risk analysis in a consistent and robust manner. The method allows a synthetic and powerful control of multiple hazard scenarios, clearly differentiating between proactive and reactive risk management.
In this book Dr Fiorentini clearly shows the applicability and the advantages of the methodology to various situations. He shows that, once all the hazard scenarios have been correctly identified and well defined, the definition of the most appropriate barriers represents the core of the methodology to ensure risk reduction. In the non‐standard case of civil engineering, for example, the Bow‐Tie method shows how inspections and maintenance operations represent preventive control barriers against the risk of structural collapse, whereas retrofitting, traffic limitations, and active monitoring represent mitigating or recovery barriers.
The wide experience of Dr Fiorentini, along with his clarity and scientific rigour, make the book a unique and comprehensive essay on the Bow‐Tie methodology of risk assessment.
Preface 3
Luca Marmo
Professor of Safety of Industrial Processes, Politecnico di Torino Department of Applied Science and Technology
In over 30 years of mountaineering and ski touring (see an example in Figure 1), I have done thousands of risk analyses, probably more than I have ever done in my professional career. Each preparation for a climb includes risk analysis. Imagine, or remember, if you have the same passion as me, a classic of European ski mountaineering, the high street Chamonix Zermatt. Climbing it takes three days if you are a pro climber, four if you are super‐trained—better five or six if you are merely human—between glaciers, crevasses, overhanging rocks, and descents hanging from a rope with skis on your shoulders. 6,300 m of positive altitude difference, all between 1,600 and 3,800 m of altitude. Risky? Yes. Accidents, even fatal ones, in these environments are not so rare. However, those who do not practice mountaineering tend to overestimate the risks because they do not have the cognitive tools to evaluate them.
Figure 1 Descent from Col du Chardonnet. Is it safe?
Source: Luca Marmo archive photo.
What will be the risk of causing an avalanche, or in any case of being hit by one? And the degree of coverage of the crevasses along the route? Will the snow be sufficient to guarantee the solidity of the snow bridges or will a chasm open under my skis when I least expect it? Will the weather be favourable or will I be surprised by a blizzard at 150 km/h on the glacier? And if so, will I have at my disposal a protective barrier, sufficient clothing, satellite device, material to take care of myself?
In mountaineering, risk assessments are based on often uncertain data. Weather forecasts are really reliable only within 72 hours, the state of a slope can be inferred from the historical weather data of the previous weeks, and the evaluation methods are often deductive and unstructured. Forecasting is fundamentally based on experience and knowledge of the environment. This is why it is wise to maintain substantial safety margins. In my career, undoubtedly many more times I gave up from a climb, evaluating the risks to be more excessive than they weren, than I really got into trouble.
We are luckier in our professional life. We have more reliable data, we are confronted with less uncertain situations. Therefore, we can apply more rigorous and schematic methods. We can clearly identify the functional relationships between the elements of a machine and outline a specific picture of the process knowing in detail the characteristics of the substances used.
The sharpness of the picture we can paint is exceptional when compared to the drawing based on which we decide whether to reach a peak. And so much clarity deserves a schematic and systematic approach. Bow‐Tie and barrier failure analyses are excellent tools for describing the cause‐and‐consequence relationships of both simple and complex systems because they allow the precise identification of the relationships between the initiating causes and unwanted events. Unfortunately, I fear they do not apply to mountaineering, but I am convinced that if you have the patience to reach the end of this book, you will find that they are of great help in your professional activity.
Preface 4
Giuseppe Conti
Head of Legal and Corporate Affairs Italy, ENEL S.p.A.
Risk management and its related methodology are used to represent the main and fundamental tool for the conscious and measured prevention of a series of safety issues that every industrial operator may have to face.
The availability of scientific methodologies continuously updated and developed to facilitate this difficult task for companies is a resource of great value.
This relevance is clearly appreciable to the extent that the set of assessments carried out in advance allows the prevention of the risk of problematic events, or at least the reduction the probability that they will occur. Having implemented evaluation methods such as those covered by this treatise may also help to facilitate the reconstruction of the dynamics and root causes of the event itself.
This last aspect, through the perspective of a legal practitioner, be it a lawyer or a judge, represents an essential technical and scientific support.
The availability of a methodological and scientific approach since the preliminary phase of an event is a fundamental resource for the determination of the causes of a given event, of possible causes, and for the management of the related responsibilities.
The legal issues surrounding safety issues are inseparably linked to technical issues; only a correct scientific reconstruction of the events, causes, and any possible relevant element in the dynamics of the event can allow legal practitioners to manage consequential aspects such as the traceability of the event to the responsibility of one person or another with the consequent distribution of the related burdens, including economic ones, that result from it.
The collaboration between legal experts and experts of analysis, operational risk assessment is essential for the correct reconstruction of the events and for the proper conduct of investigations, checks aimed at the exclusion of responsibility, or the correct attribution of the same.
Preface 5
Claudio De Angelis
General Manager, National Fire Corp, Ministry of Interior, Italy
Hypocrites! You know how to evaluate the appearance of the earth and the sky; why this weather (ton kairon) can’t you evaluate it?
Luke 12, 56
Krónos and Kairós were gods who impersonated the meanings that the Greeks attributed to time, one quantitative and the other qualitative.
Kronos is the abstract time that flows; it is made of seconds, hours, seasons, years; it is what marks the flow of life towards the end and the functioning of things until the end of their usefulness, the place where we are continually placed before our limit.
Kairos (Figure 2), on the other hand, is qualitative; it is the right time to live (or work); the right time to be or do.
Figure 2 Bas‐relief depicting the god Kairos.
Figure 3 The epistemological meaning of security.
As can be seen in Figure 3, to be “safe,” from the Latin securum [se (sine) + cure], means to be in a state without breathlessness, without worry. This is what must be guaranteed to the users of a building or activity in daily use.
This means that the safety of a building or activity lives in Kairos and not in Kronos, i.e. in the time for which it is designed, the “appropriate” time for which it is made, during which people’s attention must be focused on what they have to do, certain that their safety is guaranteed if they respect simple ordinary ways of use.
The complexity of fire safety in construction means that the majority of designers see it as a specialization.
The emergence in the design of unusual technical‐scientific problems, the complex problems related to the construction phase of the Opera, with the need to collect documentation and certifications during the project, the need to guarantee the expected performance of the protection measures over time (with reference to a service life of at least 50 years), and the economic value of these problems require analysis and study of unusual topics and problems.
For constructions of the past, for which safety in everyday use was a modest concern (it was considered sufficient to have a roof over one’s head) and design methods were simple and inaccurate, even the incorrect and approximate definitions of safety were sufficient.
For today’s sophisticated constructions rich in systems, where the theory of statics is replaced by theories of dynamics, where the description of fire as temperature is replaced by fluid dynamics models, and where the behaviour of materials is described by entropic theories, it is necessary to “chase” and better define the meaning of safety.
The correct measurement of safety through risk analysis is one of these issues.
Safety science is the discipline that studies risk in its various forms, direct and indirect, with the aim of reducing it to the minimum possible and controlling its consequences.
