"That'll never happen." Famous last words. Things can and will go wrong. The job of the business owner and engineers is to anticipate, evaluate, and mitigate possible risks in the operation. Especially if those risks include the potential of loss of life, facilities, and equipment. Risk management and risk assessment are tools to assist companies in understanding and mitigating potential problems.
Anticipate the Risks:
This involves identifying the risks to the operation. The best way to start is to construct what-if scenarios. What if there was a major lightning strike on the north tower? What if a blowout preventer failed? What if our computer controllers are hacked? Identify key safety processes and discuss what would happen if each failed. Include a review of injury, maintenance, and incident reports, the near misses as well as the losses.
The best brainstorming sessions include staff from all parts of the operation, including the front line workers. They often know the dangers better than management because they've been on the receiving end of the close calls.
Evaluate the Risks:
Separate the risks into groups (some may fall into more than one category.) As an example, headings might include loss of life/injury, loss of the facility, loss of equipment, loss of data, loss of income, environmental damage, etc. Go through each category and rank the risks from highest damage potential to lowest. The same incident may rank differently in different categories.
This can lead to some sobering realizations such as if there was a fire at the south entrance, everyone in the maintenance bay would be trapped.
The next step requires expertise and analysis. Each risk needs to be considered by its probability of happening. For example, a natural disaster causing major property and environmental damage is going to have a higher probability in areas prone to hurricanes, tornadoes, and earthquakes. Conversely, equipment that is new, well-maintained, and has little or no record of operating problems is going to have a lower probability of failure.
The goal is to create a risk matrix. At a glance, a company can sort out high damage, but low probability occurrences from the more immediate risks faced by the company. In short, the risk matrix identifies the likelihood of a failure and the damages if it happens.
This can be a difficult procedure. Software experts have gathered data about everything from weather or injury reports and the programs can assist you in assigning probabilities of different types of failures. Creation of a risk matrix may start out as yellow pads and whiteboards, but in modern business, it will end up as a computerized summary identifying the company's key vulnerabilities.
Mitigate the Risks:
This isn't just good business, its good stewardship. Once the risk matrix identifies areas of improvement, the company can target resources to lessening or eliminating the problems. Rather than trying to hurricane-proof the entire facility, it could be as simple as clearing out trees and bushes around key valves and equipment. If there is a history of injuries, a job process can be reworked or additional safety equipment installed. Computers can be upgraded and expanded to include easily accessible cloud storage. Comprehensive risk management reviews can also weed out inefficient tottering equipment that is costing the company more in dollars and danger than it is worth.
Performing a risk evaluation is a major project. Depending on the size and complexity of the operation, it is a significant commitment of manpower and resources. But the payoff is increased efficiency, lower accident rates, and real savings by avoiding unnecessary downtime and repairs. Bonuses include a better relationship with safety and environmental regulatory agencies and potentially lower insurance rates. Contact us to discuss solutions to help streamline and improve your risk management system.
Visitors to public buildings pose a substantial security risk. This affects the oil & gas industry as much as any federal facility. A smart company can reduce that risk, however, by managing its visitors.
Some visitor management systems are "low-tech"; that is, the person signs her name, the time she enters the building, what office/employee she will visit, and signs out when leaving the building - all done using pen and paper.
The most successful visitor management relies on computerized systems to confirm visitor identity, conduct background checks, confirm security clearances and otherwise obtain information with regard to the person that may affect his or her ability to visit or that impacts the company.
To be successful, a visitor management system should combine security checks with access control. The low-tech method used keys, key cards, and badges to limit access to sensitive areas. Comprehensive visitor management systems now use smart software technology and web-based programs able to document a visitor's whereabouts in the building and track building usage by specific visitors. Some include registration through a portal before the visit. This technique helps the business check the identity and security clearance to fast-track the visitor when he arrives. The visitor management process begins several days before the actual visit and isn't completed until after the visit is over and all information analyzed.
For more information on how Accupoint’s solutions can help you manage your visitor management process, visit www.accupointsoftware.com or call us at (800) 563-6250. We always appreciate the opportunity to share information on systems that can help your business become more efficient and positioned to meet global business standards.
As a professional within the oil and gas industries, your ultimate goal is to provide safe, reliable, and high-quality products and services to your customers. As you strive to consistently achieve this goal, you already know you need to control risk throughout your processes. You are a competitive leader within your industry, so you also know the value of quality standards and compliance. So what procedure does the API Spec Q2 standard mandate in order to achieve compliance?
According to the standard, “the organization shall maintain a documented procedure to control risk throughout the execution of service.” There’s four main components that your procedure should include, so as you develop your procedure, you’ll want to:
1. Identify potential or real risks associated with your company’s services
2. Recognize and use risk management tools and techniques
3. Choose, communicate, and implement preventive control measures to reduce and/or avoid risk exposure
4. Have a plan to alert your customer of any remaining risk (potential or real) that could impact your service to them
Lastly, you’ll want to ensure you keep records of your assessment and any associated actions taken as a result of your process. Risk assessment is an active means of facing and dealing with quality-related challenges and doesn’t need to be complicated. It’s been said that great success requires great risks, but that doesn’t mean sacrificing safety, quality or service. For more information on how Accupoint’s solutions can help you develop your risk assessment and management procedures, visit www.accupointsoftware.com or call us at (800) 563-6250.