This page contains a Flash digital edition of a book.
Fig. 3. We rely on designers of nuclear power stations not taking short cuts with risk assessments, but even they are under pressure to cut costs.


as the safety bubble grows, there is an atmosphere of self- congratulation and investor plaudits, as the company appears to be performing well. When it comes to managing risk as part of the design


process, various tools can help to remove some of the subjectivity. FMEA (Failure Modes and Effects Analysis) and HAZOP (Hazard and Operability Analysis) are two well known examples, but Catmur has reservations about these, especially with the way they are being performed in today’s cost-conscious businesses: “Done well, these can be very useful but, if they are not done properly, they can be very bad. Ideally each should be undertaken using a team consisting of the right people; today, however, they are sometimes done by one person who then circulates the analysis for review. FMEAs and HAZOPs are, to be honest, boring, so it is easy to miss things. Really you need proper brainstorming sessions, led by the people who have in-depth knowledge of the design. Even then, it is not guaranteed that all possible failure modes will be identified. Cost-cutting also means that, for example, HAZOPs only analyse the nodes that are thought to be critical, but this approach is unsound and can easily result in no consideration being given to potentially critical failures and consequences (Fig. 3). “Nevertheless, it would be unrealistic to expect every


company to undertake complete, rigorous FMEAs and HAZOPs, as the costs would be prohibitive. The answer, therefore, is to use a mix of methods with which people are comfortable. For example, start by identifying all of the potential failure modes and consequences, then filter these so that you only pursue the most critical (based on consequence, not risk at the early stages). And be prepared to think about the many different ways that a product or system can be abused, and what the consequences could be; just because you think a person would have to be very stupid to do something, that does not mean that it will never happen.”


8 www.engineerlive.com


Another trap to be aware of is to let the safety team drive the safety analyses, either from the front end (with an over- estimate of the risks) or afterwards in an attempt to back- justify a design by ‘bolting on’ safety. “Safety should be considered as an integral part of the design,” says Catmur. “Engineers should always keep one eye on the potential consequences of what they are designing, and call in the safety experts when they come up against a problem so that they get safety advice in their design decisions.” While products are under warranty, manufacturers have a good opportunity to monitor failures and use this as feedback to check the validity of their risk assessments. However, depending on the product, consumers today might simply discard the faulty item and purchase a replacement from another manufacturer. Furthermore, the feedback loop is lost once the product is out of warranty, and this valuable source of information simply does not exist for competitor products. Despite all the foregoing, Catmur concludes: “Do not use


safety as a reason to do nothing, and certainly do not let it stifle innovation. To sum up, I would offer these five tips:


l Have a rough idea of where you are heading by thinking in terms of consequences and what level of risk might be acceptable;


l Appreciate that you do not have a very good understanding of risk (and in-house experts and external consultants are likely to be not that much better);


l Avoid being too focused on risk estimates, as doing so can lead to a false sense of security;


l Continue to manage risk, even after the product is launched or the system is commissioned; and


l If you build in safety from the outset you will achieve a better result than any safety expert can by ‘bolting on’ safety afterwards.” l


Page 1  |  Page 2  |  Page 3  |  Page 4  |  Page 5  |  Page 6  |  Page 7  |  Page 8  |  Page 9  |  Page 10  |  Page 11  |  Page 12  |  Page 13  |  Page 14  |  Page 15  |  Page 16  |  Page 17  |  Page 18  |  Page 19  |  Page 20  |  Page 21  |  Page 22  |  Page 23  |  Page 24  |  Page 25  |  Page 26  |  Page 27  |  Page 28  |  Page 29  |  Page 30  |  Page 31  |  Page 32  |  Page 33  |  Page 34  |  Page 35  |  Page 36  |  Page 37  |  Page 38  |  Page 39  |  Page 40  |  Page 41  |  Page 42  |  Page 43  |  Page 44  |  Page 45  |  Page 46  |  Page 47  |  Page 48  |  Page 49  |  Page 50  |  Page 51  |  Page 52  |  Page 53  |  Page 54  |  Page 55  |  Page 56  |  Page 57  |  Page 58  |  Page 59  |  Page 60