In this article, Simon van Wyk and Carin Joyce discuss the multi-scalar and multi-dimensional nature (complexity) of risks, with a special focus on the interconnectedness of operational and disaster risk, with Civil Engineering magazine.
Risk is an inherent part of any business. However, risks can also be viewed as externalities in the right conditions, such as natural hazards that wreak havoc. The fact of the matter is that risk cannot be viewed in a ‘silo’ form. The ‘silo effect’ typically applies to the more historical forms of assessing risk. Examples include disaster risk, financial risk, operational risk, fire risk and the list goes on. This article therefore aims to illustrate the multi-scalar and multi-dimensional nature (complexity) of risks, with a special focus on the interconnectedness of operational and disaster risk.
As the title implies, risks are often complex and the result may well include what starts as an operational risk leading to a disaster risk. As a case in point, there are a number of well documented cases whereby operational activities of an organisation led to disasters that caused loss of human life, damage to assets and degradation to the environment – in some cases, irreversible. The following classic examples are briefly provided to set the scene:
1986, Chernobyl, Ukraine
The Chernobyl disaster was a nuclear accident that occurred on 26 April 1986 at the Chernobyl Nuclear Power Plant in Ukraine (officially Ukrainian Soviet Socialist Republic). An explosion and fire released large quantities of radioactive contamination into the atmosphere, which spread over much of the Western Union of Soviet Socialist Republics and Europe. (http://en.wikipedia.org/wiki/Chernobyl_disaster)
• Oil spills
1989, Exxon Valdez
The Exxon Valdez oil spill occurred in Prince William Sound, Alaska, on 24 March 1989, when the Exxon Valdez, an oil tanker bound for Long Beach, California, struck Prince William Sound's Bligh Reef and spilled 260 000 to 750 000 barrels (41 000 to 119 000 m3) of crude oil. It is considered to be one of the most devastating human-caused environmental disasters. The Valdez spill was the largest ever in United States waters (until the 2010 Deepwater Horizon oil spill) in terms of volume released. (http://en.wikipedia.org/wiki/Exxon_Valdez_oil_spill)
2010, Deepwater Horizon (BP)
The Deepwater Horizon oil spill (also referred to as the BP oil spill, the Gulf of Mexico oil spill, the BP oil disaster, or the Macondo blowout) was an oil spill in the Gulf of Mexico which flowed for three months. The impact of the spill continues even after the well has been capped. It is the largest accidental marine oil spill in the history of the petroleum industry. The spill stemmed from a sea-floor oil gusher that resulted from the 20 April 2010 explosion of Deepwater Horizon, which was drilling on the BP-operated Macondo Prospect. The explosion killed 11 men working on the platform and injured 17 others. On 15 July 2010, the leak was stopped by capping the gushing wellhead, after it had released about 4.9 million barrels (780 000 m3) of crude oil. It was estimated that 53 000 barrels per day (8 400 m3/d) were escaping from the well just before it was capped. (http://en.wikipedia.org/wiki/Deepwater_Horizon_oil_spill)
2010, Pike River Mine disaster (New Zealand)
The Pike River Mine incident ranks as New Zealand's worst mining disaster since 43 men died at Ralph's Mine in Huntly in 1914. It also resulted in the country's worst loss of life caused by a single disaster since the 1979 crash of Air New Zealand Flight 901, although this was surpassed by the 2011 Christchurch earthquake. (http://i.telegraph.co.uk/multimedia/archive/01766/air_1766017c.jpg)
These examples illustrate how and where operational activities have led to disastrous impacts. It therefore stands to reason that appropriate risk management can indeed become the very ‘lifeline’ to curb these unnecessary occurrences that wreak havoc in terms of loss of life, environmental degradation and a wave of economic ripple effects, as was experienced with the Deepwater Horizon oil spill.
Operational activities may lead to disasters on the one hand. However, on the flipside, natural and/or man-made hazards can lead to operational risks which could also lead to a disaster. This is explained in Figure 1, using the 2011 Japanese earthquake, and consequent tsunami that led to severe infrastructure damage to the Fukushima Daiichi Nuclear Facility, as an example.
Figure 1: Multi-scalar/multi-dimensional disaster risk
Risk management, in the true sense, encompasses a greater paradigm shift from reactive measures which underpin the notion that ‘prevention is better than cure’. When applying this philosophy to operational risk a few ‘potential’ solutions come to mind.
A number of risk assessment methodologies are available on the global market. However, determining the correct and most appropriate methodology can become taxing on an organisation. A good place to start is the international standards for risk management, namely ISO 31000:2009 and ISO 31010:2009 which set out risk management principles and guidelines for addressing risk management in its broadest sense.
Having said that, operational risk assessment, which, for all intents and purposes, is an element of risk management, should be practical and centred on understanding an organisation's activities and associated risks. This can be achieved by using multiple methodologies that provide a robust and holistic understanding of the risks that an organisation may not only be liable for, but ultimately ‘capable’ of causing!
Several methodologies can be used, such as a quantitative risk assessment methodology that focuses on frequency, probability and severity analysis which can then be coupled with risk scenario based assessment methodologies. The net result is to achieve as clear an understanding as possible to inform operational decision-making, which, as has been witnessed around the world, can lead to disastrous impacts if not appropriately managed.
Once the operational risks have been assessed, an organisation will then be one step closer to being in a position of knowledge, because with knowledge and understanding measures can be taken to proactively reduce the potential of a disaster occurring. Risk management therefore encompasses the need to set achievable objectives, targets and action plans to reduce the assessed operational risk over time. This notion is consistent with international best practice in that Risk Management Principles & Guidelines (ISO 31000:2009) as well as Environmental Management Systems (ISO 14001:2004) and Occupational Health and Safety Assessment Series (OHSAS 18001:2007) are centered around the need to continually improve operational performance over time through risk reduction.
This question needs to be asked. There is a huge amount of information available suggesting that ‘prevention is better than cure’ and that, no matter what initiatives are actioned, risk will still in all probability be present – commonly known as residual risk. The rationale is rather straightforward in that sense, because economic theory dictates that organisations will only pay for what is required (mitigation costs), within their business model, to mitigate the potential operational risks to within tolerable levels. This phenomenon is aptly dubbed ‘risk tolerance’ or ‘acceptable levels of risk’ and is directly linked to an organisation’s Willingness to Pay (WTP). The result is that an element of risk will always exist, since the risk tolerance is essentially created because an organisation will be Willing to Accept (WTA) a certain level of risk. The challenge thus presents itself to limit the gap between WTP and WTA.
Risk management thus comprises a multi-scalar and multi-dimensional paradigm in that risk, which can be localised or globalised, requires a holistic understanding of the multiple elements of risk that are interrelated, i.e. natural disasters, such as earthquakes, tsunamis and hurricanes to name a few, can impact organisations, whereas organisations, through their operations, can cause disasters, such as coal combustion explosions in mining activities, oil spills, nuclear radiation, and so forth.
The challenge put forth to the risk management/consultancy fraternity is to continue to be innovative, to strive to reach new limits in risk solutions, and first and foremost to arrive at a solution that prevents risks (by extension, disaster risks) from being a possibility. Impossible perhaps, but this is the challenge, as it has always been.
The authors would like to acknowledge Dr Elretha Louw of Aurecon for contributing to and reviewing the content of this article.