A Review of Risk Matrices Used in Acute Hospitals in England.

In healthcare, patient safety has received substantial attention and, in turn, a number of approaches to managing safety have been adopted from other high-risk industries. One of these has been risk assessment, predominantly through the use of risk matrices. However, while other industries have criticized the design and use of these risk matrices, the applicability of such criticism has not been investigated formally in healthcare. This study examines risk matrices as used in acute hospitals in England and the guidance provided for their use. It investigates the applicability of criticisms of risk matrices from outside healthcare through a document analysis of the risk assessment policies, procedures, and strategies used in English hospitals. The findings reveal that there is a large variety of risk matrices used, where the design of some might increase the chance of risk misprioritization. Additionally, findings show that hospitals may provide insufficient guidance on how to use risk matrices as well as what to do in response to the existing criticisms of risk matrices. Consequently, this is likely to lead to variation in the quality of risk assessment and in the subsequent deployment of resources to manage the assessed risk. Finally, the article outlines ways in which hospitals could use risk matrices more effectively

A new perspective for the integration of intelligence and risk management in a customs and border control context

This paper concerns intelligence and risk management in a customs and border control context. Intelligence here refers to the collection, sharing, processing, analysis and dissemination of information on threats, related to cross-border movements of goods, travellers, illegal activities, and serious organized crime. The main aim of the paper is to present a new perspective for the integration of intelligence and risk management for this context. The perspective, which builds on contemporary risk and safety science knowledge, as well as studies on intelligence, organizations, management, and social mechanisms, provides concepts, principles, and a unified framework for this integration. The paper gives customs and border control management new insights and instruments on how to organize and handle risk and intelligence issues and studies.publishedVersio

A risk and safety science perspective on the precautionary principle

The precautionary principle is strongly debated as a policy for handling risk and safety concerns. It is commonly claimed that the principle is paralyzing, unscientific and promotes a culture of irrational fear. The risk and safety literature contains considerable work providing support for such claims but also argumentation backing the principle. The present paper aims at contributing to this discussion by investigating the principle in view of what is here referred to as contemporary risk and safety science. Common beliefs about the principle are revisited. New insights are obtained by clarifying the risk and safety fundamentals necessary to understand the principle’s motivation, applicability and limitations. The paper concludes that the precautionary principle is only relevant when the uncertainties and risks are considerable and scientific. Confusion arises, as the principle is mixed with the basic idea of risk management to give weight to uncertainties, in order to prudently handle risk. Properly understood and implemented, the precautionary principle can be aligned with decision analysis and other scientific methods.publishedVersio

An integrated risk analysis framework for safety and cybersecurity of industrial SCADA system

The industrial control system (ICS) refers to a collection of various types of control systems commonly found in industrial sectors and critical infrastructures such as energy, oil and gas, transportation, and manufacturing. The supervisory control and data acquisition (SCADA) system is a type of ICS that controls and monitors operations and industrial processes scattered across a large geographic area. SCADA systems are relying on information and communication technology to improve the efficiency of operations. This integration means that SCADA systems are targeted by the same threats and vulnerabilities that affect ICT assets. This means that the cybersecurity problem in SCADA system is exacerbated by the IT heritage issue. If the control system is compromised due to this connection, serious consequences may follow. This leads to the necessity to have an integrated framework that covers both safety and security risk analysis in this context. This thesis proposes an integrated risk analysis framework that comprise of four stages, and that build on the advances of risk science and industry standards, to improve understanding of SCADA system complexity, and manage risks considering process safety and cybersecurity in a holistic approach. The suggested framework is committed to improving safety and security risk analysis by examining the expected consequences through integrated risk identifications and identifying adequate safeguards and countermeasures to defend cyber-attack scenarios. A simplified SCADA system and an undesirable scenario of overpressure in the pipeline are presented in which the relevant stages of the framework are applied

Uncertainty-based decision-making in fire safety: Analyzing the alternatives

Large accidents throughout the 20th century marked the development of safety fields in engineering, devoted to better identify hazards, understand risks and properly manage them. As these fields evolved rather quickly and moved from a compliance to a risk-based approach, a significant delay in this transition was experienced in fire safety engineering (FSE). Devastating fires well into the 21st century and the restrictive nature of prescriptive codes signaled the need to transition towards a performance-based one. A performance-based approach provides flexibility and capitalizes on learning from accidental events and engineering disciplines such as process safety and FSE. This work provides an overview of the main alternatives to account for uncertainty in safety studies within the context of FSE, including traditional probabilistic analyses and emerging approaches such as strength of knowledge. A simple example is used to illustrate the impact of the uncertainty analysis on the results of a simple fire safety assessment. A structured evaluation is performed on each alternative to assess its ease of implementation and communication. The outcome is a compendium of advantages and disadvantages of the alternatives that constitute a toolbox for fire safety engineers to configure and use within their fire risk assessments. Process safety engineers are expected to gain an understanding of the similar and important challenges of FSE, being it directly relevant for process risk management and fire risk management in administrative buildings

En studie om kvaliteten på risikostyringsprosessen – Interessegruppers involvering, risikoaksept og risikokommunikasjon

For at Norge skal bli et lavutslippssamfunn innen 2050, blir hydrogen ansett å være en av løsningene. Hydrogen kan bli en grønn energikilde ved at det blir produsert via elektrolyse som kommer fra vind, vann og solenergi. Samtidig er hydrogen luktfri, fargeløse og anses som både brann- og eksplosjonsfarlig. Dette gjør at det er fokus på at hydrogen skal produseres trygt, men og at det skal være trygt for samfunnet og nærliggende områder. Derfor er det viktig med en risikoanalyse som påse at alle parter blir ivaretatt. Oppgaven vil dermed forsøke å svare på følgende problemstilling: «Har dagens risikostyringsprosess fokus på interessegruppers involvering i etableringen av hydrogenanlegg?» Oppgavens analytiske rammeverk tar utgangspunkt i risikobegrepet. Teorien bygger på et rammeverk som fokuser på interessegruppers involvering. Hvordan eksperter forholder seg til risikoaksept og risikopersepsjon opp mot interessegrupper. Hva er funksjonen til risikokommunikasjon er og hvordan blir involvering av interessegrupper lagt til rette for. Oppgavens metodiske tilnærming bygger på en kvalitativ metode, som består av en dokumentanalyse og intervju informanter som har en tilknytning til risikostyringsprosessen. Oppgavens hovedfunn viser at tiltakshavere har fokus på å involvere interessegrupper i etableringen av hydrogenanlegg. Det kommer frem at det er brukt ulike tilnærminger for å inkludere interessegrupper og kommunisere med interessegrupper. Det er et fokus på å tilpasse risikokommunikasjonen basert på interessegruppers risikopersepsjon og risikoaksept. Det eksisterer føringer for hvordan risikoanalysen skal bli seende ut i en ferdig rapport med tanke på kunnskapsgrunnlaget som ligger til grunn for antakelser. Det viser seg at det ikke er samsvar mellom det som står skrevet i analyserte dokumenter og det som eksisterer av føringer for ferdig rapporter. Det er manglende beskrivelser både om styrken på kunnskapsgrunnlaget som ligger til grunn for analysegruppen og hvordan usikkerhet har påvirket antakelser. Nøkkelord: Interessegruppers involvering, risikoaksept, risikokommunikasjon, risikostyringsprosessen, hydrogenanleg

Contributions to risk management : On the balance between value creation and protection

PhD thesis in Risk management and societal safetyThe overall objective of this thesis is to contribute to new knowledge in risk management. More concretely, the research relates to one of the main tasks of risk management: to obtain an appropriate balance between value creation on the one hand and protection on the other. Risk management is considered to be all activities and measures carried out to manage the risk. The main purpose is to support the balancing of the conflicts inherent in exploring opportunities, creating values and development, on the one hand, and avoiding losses and accidents on the other. Many of the situations we face, however, involve high risk and uncertainty, making it challenging to predict the outcomes of our decisions and to obtain an appropriate balance between different concerns such as risk and socioeconomic profitability. Various strategies can form the basis for supporting risk management and decision-making under uncertainty, using different tools and approaches. To adequately inform the decision-makers about the risks and uncertainties, we need to make sure that the strategy we apply, and the approaches and principles that follow, are appropriate for the decision-making context and capable of capturing the relevant uncertainties. This is not straightforward, and there is a need to continuously develop the approaches we use to support the decision-makers. At the same time, we need to acknowledge the fact that the tools we use are just tools, with strong limitations. The quality of the produced decision support, then, relates to the quality of the background knowledge, on which the analyses and evaluations are based. To obtain good quality background knowledge, however, is not always straightforward. The thesis contributes to this end by exploring approaches, principles and underlying ways of thinking related to how we can obtain the appropriate balance between value creation and protection, and by producing new knowledge to support that balance in a specific domain. The scientific contribution of the thesis consists of seven papers. The content and contribution of the seven papers are summarised in the following. In risk management, different strategies can be applied to support the tasks. The strategy refers to the underlying way of thinking and the principles that follow. Amongst the principles, ALARP is central. According to the ALARP principle, risks should be reduced to a level that is As Low As Reasonably Practicable, meaning that risk-reducing measures should be implemented unless the costs are grossly disproportionate to the obtained benefits. By large, however, observations from the industry and literature indicate that analysts focus on single measures in isolation when using the ALARP principle to support decision-making. This underlying way of thinking might lead to misguided decisions: it does not consider that safety measures do not always give the intended effect, as offset effects can occur, and the weight given to the cautionary principle might be inappropriate, given the decision-making context. Paper I discusses and illustrates the importance of systems thinking when using the ALARP principle to guide decision-making under uncertainty. Systems thinking has a role to play, as it enhances the understanding of the decision-making context. Enhancing the understanding and knowledge of a risk-related problem is essential for risk management. The available knowledge (justified beliefs) forms the foundation on which risks are assessed. Different methods exist on how to evaluate the strength of the knowledge, but there is a gap in the literature with respect to methods useful for the identification of relevant knowledge, and an arbitrary approach does not appear to be optimal. Paper II suggests a framework, using a systems approach, to identify and assess the background knowledge, as a means to reduce the risk of missing relevant knowledge and obtain more complete background knowledge, on which risk can be assessed. If we are unable to capture all the relevant knowledge, such as hidden assumptions, the result is incomplete background knowledge, which hampers risk management and the balance between value creation and protection. The available background knowledge needs to be considered in a risk assessment, to inform the decision-makers on, for example, what assumptions the analysts made and what the risk assessment represents. The uncertainties and knowledge need adequate treatment and reflection, in order to produce informative decision support. Paper III contributes to this end and illustrates how the knowledge dimension can be integrated with a risk-based approach, supporting decisions about permanent plug and abandonment of offshore oil and gas wells. The objective of the original approach is to evaluate leakage risk from offshore wells on the basis of consequences and probability, in order to justify more costeffective solutions than the prescriptive ones. Creating cost-effective solutions, however, does not justify less focus on risk and uncertainties, and Paper III suggests an improved approach, which strengthens the decision support on the leakage risk by highlighting the uncertainties, assesses the risk of deviation from the assumptions and reflects the knowledge base. The adoption of safety measures, such as barriers in an offshore well, is an essential activity of risk management. At the same time, it is well known that safety measures do not always give the intended effect, as new safety measures are sometimes offset by other system components. This is problematic for the balance between value creation and avoiding losses, as any company has limited resources for safety expenditure. This implies a need for proper consideration of economic concerns. However, economic evaluations are usually made with sole reference to expected values, in which no or limited weight is given to the cautionary principle. The use of expected values is rational given the portfolio theory, but, at the same time, expected values should be used with care in risk management, as the uncertainties and cautionary principle need stronger weight than what the frame of expected values supports. Papers IV and V discuss and illustrate why traditional economic tools need stronger weight on the cautionary principle when applied in a risk context. Paper IV discusses foundational issues of the use of socioeconomic profitability as a prerequisite for investments in security measures, while Paper V discusses the application of the return of investments in safety (ROSI) measure in the chemical industry. Without considerations of uncertainty and background knowledge, the economic tools might produce misguided decision support, hampering the balance of different concerns. There is an increasing awareness of the importance of the knowledge dimension in the risk science field, in relation to managing risk. The knowledge dimension is split into general knowledge and specific knowledge. The former covers all knowledge available for related activities, whereas the latter covers specific knowledge of activities. For example, to improve patient safety in the emergency medical services, we need to know what can go wrong and why (i.e. general knowledge), but, at the same time, we need to make sure that necessary measures, such as a training programme, are implemented and functioning as intended in the emergency medical services (i.e. specific knowledge), especially when the risk management is subject to scarce resources. Papers VI and VII contribute to the latter, by producing new knowledge about the frequency of training in non-technical skills in the Norwegian emergency medical services. The studies indicate that training has had a positive effect, as the frequency of training in non-technical skills among the personnel in the helicopter emergency service has increased over recent years, and that there is a potential for learning and knowledge sharing between the two emergency medical services. This new specific knowledge provides input to evaluations and future practices of the training programmes, and to increase the general knowledge, which can assist the prehospital services in obtaining an appropriate balance between value creation and protection

Forsvarets bransjespesifikke risiko- og sårbarhetsanalyse – en kvalitativ studie av dens begrensninger og muligheter

Forsvarets aktivitetsportefølje består av en rekke ulike, og ofte risikofylte aktiviteter. Til tross for et stadig økende fokus på sikkerhet, redusere risiko og gjennomføre utdanning, trening og øving på tryggest mulig måte, rapporteres det flere uønskede hendelser i Forsvaret for hvert år som går. I 2019 ble det rapportert 44,2 % flere uønskede hendelser enn i 2016. Forfatter har selv jobbet i en operativ vakt- og sikringsavdeling i Forsvaret, og observerte også der flere uønskede hendelser som enkelt kunne vært unngått. På bakgrunn av dette vokste interessen for hvorfor disse uønskede hendelsene oppstår. Oppgaven fokuserer derfor på risikoanalyseprosessen, med hovedvekt på planleggingsfasen, kunnskapen denne bygger på, og forsøker å svare på følgende problemstilling: Hvilken kunnskap bygger Akershus Kommandantskaps planleggingsfase for risikovurdering av utdanning, trening og øvelse på, og i hvilken grad gir kunnskapen forutsetning for en god planleggingsfase? For å besvare problemstillingen er de kvalitative forskningsmetodene intervju, dokumentanalyse og observasjoner gjennomført. Funn fra disse viser en tydelig ikkeeksisterende planleggingsfase i forkant av aktiviteter, og har således et potensial for forbedring. Det fremstår som en ustrukturert prosess som ofte får laveste prioritet og dermed gjennomføres til slutt. Det fremkommer at den bransjespesifikke risikoanalysen som gjennomføres, ofte er en kopi fra tidligere gjennomføring av tilnærmet samme aktivitet. Oppgaven presenterer derfor en strukturert planleggingsfase som sørger for at analysen gjennomføres av de relevante interessentene og gir den beslutningsstøtten den er tiltenkt å gi. Strukturen for planleggingsfasen som presenteres henter inspirasjon fra ulike forskere, men tilpasses Akershus Kommandantskaps ressurstilgang. Likeså kommer det frem at kunnskapen om risikofaget er langt unna det Forsvarets regelverk krever og legger til grunn for å etablere trygge rammer rundt aktiviteten. Forsvaret opererer med en definisjon av risiko som er sannsynlighet multiplisert med konsekvens – med andre ord en definisjon som kun ser på forventningsverdier. I oppgaven argumenteres det for et behov for å inkludere andre viktige elementer, slik som usikkerhet og bakgrunnskunnskap. Dette vil gi en dynamisk definisjon som muliggjør et større spekter av risikobeskrivelser og analysemetoder. Videre fører dette til at ulike fremgangsmåter og beskrivelser kan tilpasses de ulike nivåene i Forsvaret. En vil da kunne oppnå risikoanalyser som inkluderer flere påvirkende faktorer, og som gir et mer detaljert bilde av risikoen. Med dette som bakgrunn presenteres en skalerbar fremgangsmåte som tilpasser analysemetoden til det relevante nivået og ressursene tilgjengelig