Risk management for engineers

I enjoyed reading the article “How safe can you really make it?” in the November/December 2017 issue of Engineering Dimensions. About 25 years ago we asked a similar question, although slightly more accurate from a nuclear regulatory viewpoint, because it was directly applicable to the public and, eventually, the environment: “What is the acceptable risk and why?” No matter how safe an engineer can make it, there will always be an inherent residual risk.

The methodology of how to integrate risk management and process safety management systems requires a better understanding of how a decision is made and who is accountable for that decision. The complexity of the aforementioned integrated systems poses a challenging interdisciplinary growth mindset (leadership) in developing and understanding new safety analyses and accident models, involving not just professional engineers but also experts from social sciences, organizational theory, cognitive psychology and Cynefin (complexity).

I would also like to highlight some assertions and provide references for clarification:

  • There is an inconsistency in the usage of hazard, risk and risk-based—see Risk Management: An Area of Knowledge for All Engineers by Paul Amyotte, P.Eng., and Douglas McCutcheon, P.Eng., 2006, engineerscanada.ca/sites/default/files/risk_management_paper_eng.pdfengineerscanada.ca/sites/default/files/risk_management_paper_eng.pdf
  • The swiss cheese model has evolved beyond a direction of causality which is linear and the static view of the organization. The defects are often transient. The holes in the swiss cheese are continually moving in a nonlinear/complex manner—see A New Accident Model for Engineering Safer Systems by Nancy Leveson, 2004, sunnyday.mit.edu/accidents/safetyscience-single.pdf
  • “…the regulatory ministries agreed to an overarching risk-management framework within which each ministry was required to develop a business-specific model. The Treasury Board recently released a new Ontario Public Service enterprise risk management framework that provides guidance to ministries on the risk journey.” This is inaccurate because: 1) the definition of risk contained in ISO 31000 (Risk Management) needs to be revised, and 2) risk thinking, contained in ISO 9001 (Quality Management) is not defined—see Engineering Risk Management by Thierry Meyer and Genserik Reniers, 2016, e-ISBN (pdf) 978-3-11-041804-0

I fully concur with the comment made by Amanda SistilliP.Eng., that continued engagement with all stakeholders is needed in terms of “…[developing] plans that reduce the potential impact on the community.” Furthermore, we need to do a better job communicating the social impact, which can be defined as: the consequence experienced by all stakeholders due to any changes associated with significant engineering/resource projects or designs for the life cycle of the product/service. Social impacts can involve changes to stakeholders’: 1) way of life, 2) access to and use of infrastructure, services and facilities, 3) culture, 4) health and well-being, 5) surroundings, 6) personal and property rights, 7) decision-making systems, and 8) bias, perceptions and aspirations. Can we communicate a balanced approach for defining the social impacts versus the benefits? Maybe a good starting point would be for PEO, or Engineers Canada, to develop a policy guideline on risk communication for professional engineers, similar to this one in the UK: www.engc.org.uk/engcdocuments/internet/website/Risk%20Communication%20and%20Professional%20Engineers.pdf

Ahmed Fathi Shalabi, P.Eng., Ottawa, ON