Certifico 2000/2025

In occasione del venticinquesimo di Certifico stiamo lavorando al nuovo layout del sito

Maggiori informazioni
Slide background
Featured

EN 31010 Guida alle Tecniche di Valutazione del Rischio: elenco / scelta

IEC 31010 2019

EN 31010 Guida alle Tecniche di Valutazione del Rischio: elenco / scelta

ID 4040 | Rev. 1.0 del 04.07.2019

Il Documento, estratto dal draft 2018 della norma e dall'allegato informativo A (pubblicata come UNI CEI EN IEC 31010:2019), illustra le "Tecniche di Valutazione del Rischio", dalle definizioni delle fasi del processo di VR, alle tecniche/metodi e la scelta opportuna in relazione:

- alle fasi del processo (Tabella 1)
- ai fattori del processo (Tabella 2).

Questa Norma internazionale serve all'applicazione della Norma ISO 31000 e fornisce una guida per la  scelta e l'applicazione di tecniche sistematiche per la valutazione del rischio.

La valutazione del rischio effettuata in conformità a questa Norma rientra nell'ambito più ampio della gestione dei rischi.

In questa Norma si presenta l'applicazione di diverse tecniche, con specifico riferimento ad altre norme internazionali dove il concetto e l'applicazione delle singole tecniche sono descritte in maggior dettaglio.

La seconda edizione del 2019 annulla e sostituisce la prima edizione pubblicata nel 2009.

Questa edizione costituisce una revisione tecnica. Questa edizione include le seguenti modifiche significative rispetto alla precedente edizione:

- maggiori dettagli sul processo di pianificazione, implementazione, verifica e convalida dell'uso delle tecniche;
- il numero e il campo di applicazione delle tecniche sono stati aumentati;
- i concetti trattati nella ISO 31000 non sono più riportati in questa norma.

Data di pubblicazione: 13.06.2019

Comitato Tecnico: CT 56

La Tabella A (Allegato A) contiene l’elenco delle 41 Tecniche di Valutazione del rischio, non necessariamente legate alla sicurezza:

1. ALARP/SFAIRP
2. Bayes analysis
3. Bayesian networks/ Influence diagrams
4. Bow tie analysis
5. Brainstorming
6. Business impact analysis
7. Causal mapping
8. Cause consequence analysis
9. Check lists classifications, taxonomies
10. Cindynic approach
11. Conditional value at risk CVaR
12. Consequence likelihood matrix
13. Cost-benefit analysis
14. Cross impact analysis
15. Decision tree analysis
16. Delphi technique
17. Event tree analysis (ETA)
18. Fault tree analysis (FTA)
19. Failure modesand effect and(criticality) analysis FME(C)A
20. F/N diagrams
21. Game theory
22. Hazard analysis and critical control points HACCP
23. Hazard and operability studies HAZOP
24, Human reliability analysis
25. Interviews
26. Ishikawa analysis (fishbone diagram)
27. Layers of protection analysis (LOPA)
28. Markov analysis
29. Monte Carlo analysis
30. Multi criteria analysis
31. Nominal group technique
32. Pareto charts
33. Reliability centred maintenance (RCM)
34. Risk indices
35. Risk register
36. S curves
37. Scenario analysis
38. Surveys
39. Structured what if technique SWIFT
40. Toxicological risk assessment
41. Value at risk (VAR)

Elenco 31 Tecniche di Valutazione del rischio (Tabella A) edizione 2009:

1. Brainstorming
2. Structured or semi-structured interviews
3. Delphi
4. Check-lists
5. Primary hazard analysis
6. Hazard and operability studies (HAZOP)
7. Hazard Analysis and Critical Control Points (HACCP)
8. Environmental risk assessment
9. Structure «What if? (SWIFT)
10. Scenario analysis
11. Business impact analysis
12. Root cause analysis
13. Failure mode effect analysis
14. Fault tree analysis
15. Event tree analysis
16. Cause and consequence analysis
17. Cause-and-effect analysis
18. Layer protection analysis (LOPA)
19. Decision tree
20. Human reliability analysis
21. Bow tie analysis
22. Reliability centred maintenance
23. Sneak circuit analysis
24. Markov analysis
25. Monte Carlo simulation
26. Bayesian statistics and Bayes Nets
27. FN curves
28. Risk indices
29. Consequence/probability matrix
30. Cost/benefit analysis
31. Multi-criteria decision analysis (MCDA)

___________

Introduction

This document provides guidance on the selection and application of various techniques that can be used to help improve the way uncertainty is taken into account and to help understand risk.

The techniques are used:

- where further understanding is required about what risk exists or about a particular risk;
- within a decision where a range of options each involving risk need to be compared or optimized;
- within a risk management process leading to actions to treat risk.

The techniques are used within the risk assessment steps of identifying, analysing and evaluating risk as described in ISO 31000, and more generally whenever there is a need to understand uncertainty and its effects.

The techniques described in this document can be used in a wide range of settings, however the majority originated in the technical domain. Some techniques are similar in concept but have different names and methodologies that reflect the history of their development in different sectors. Techniques have evolved over time and continue to evolve, and many can be used in a broad range of situations outside their original application. Techniques can be adapted, combined and applied in new ways or extended to satisfy current and future needs.

This document is an introduction to selected techniques and compares their possible applications, benefits and limitations. It also provides references to sources of more detailed information.

The potential audience for this document is:

- anyone involved in assessing or managing risk;
- people who are involved in developing guidance that sets out how risk is to be assessed in
- specific contexts;
- people who need to make decisions where there is uncertainty including:

      - those who commission or evaluate risk assessments,
      - those who need to understand the outcomes of assessments, and
      - those who have to choose assessment techniques to meet particular needs.

Organizations that are required to conduct risk assessments for compliance or conformance purposes would benefit from using appropriate formal and standardized risk assessment techniques.

Core concepts

Uncertainty

Uncertainty is a term which embraces many underlying concepts. Many attempts have been made, and continue to be developed, to categorize types of uncertainty.

One distinction that is sometimes useful is between:

- uncertainty which recognises the intrinsic variability of some phenomena, and that cannot be reduced by further research; for example, throwing dice (sometimes referred to as aleatory uncertainty) and
- uncertainty which generally results from a lack of 294 knowledge and that therefore can be reduced by gathering more data, by refining models, improving sampling techniques etc. (sometimes referred to as epistemic uncertainty).

In many situations both types of uncertainty are faced.

Other commonly recognized forms of uncertainty include:

- linguistic uncertainty, which recognizes the vagueness and ambiguity inherent in spoken languages;
- decision uncertainty, which has particular relevance to risk management strategies, and which identifies uncertainty associated with value systems, professional judgement, company values and societal norms.

Thus uncertainty, in its broader sense, can encompass:

- uncertainty as to the truth of assumptions, including presumptions about how people or systems might behave;
- variability in the parameters on which a decision is to be based;
- uncertainty in the validity or accuracy of models which have been established to make predictions about the future;
- events (including changes in circumstances) whose occurrence or character are uncertain;
- uncertainty associated with disruptive events;
- the uncertain outcomes of systemic issues, such as shortages of competent staff, that can have wide ranging impacts which cannot be clearly defined;
- lack of knowledge about something;
- lack of knowledge which arises when uncertainty is recognized but not fully understood;
- unpredictability;
- the inability of the human mind to discern complex data, situations with long-term consequences, and bias-free judgments.

Not all uncertainty can be understood, and the significance of uncertainty might be hard or impossible to define or influence. However, a recognition that uncertainty exists in a specific on text enables early warning systems to be put in place to detect change and arrangements to be made to build resilience to cope with unexpected circumstances.

Characteristics of risk

In general terms risk includes the effects of any of the forms of uncertainty described in clause 4.1.

One way of describing risk is as a set of consequences and their likelihoods that might occur as a result of defined but uncertain events. These might have multiple causes and lead to multiple effects. Not all risks can be described in these terms. There is not always an identifiable event. Further, sources of risk also can include inherent variability, human behaviour and organizational structures and arrangements. In addition consequences may take a number of discrete values, be continuous variables or be unknown. They may be positive, negative or both. Consequences may not be discernible or measurable at first, but may accumulate over time. It follows that risk cannot always be tabulated easily as a set of events, their consequences and their likelihoods.

Risk assessment techniques aim to help people understand uncertainty and the associated risk in this broader, more complex and more diverse context, for the primary purpose of supporting better-informed decisions and actions.

____________

Selection of techniques

The choice of technique and the way it is applied should be tailored and scaled to the context and use, and provide information of the type and form needed by the stakeholders. In general terms, the number and type of technique selected should be scaled to the significance of the decision, and take into account constraints on time and other resources, and opportunity costs.

In deciding whether a qualitative or quantitative technique is more appropriate, the main criteria to consider are the form of output of most use to stakeholders and the availability and reliability of data. Quantitative techniques generally require high quality data if they are to provide meaningful results. However, in some cases where data is not sufficient, the rigour needed to apply a quantitative technique can provide an improved understanding of the risk, even though the result of the calculation might be uncertain.

There is often a choice of techniques relevant for a given circumstance. Several techniques might need to be considered, and applying more than one technique can sometimes provide useful additional understanding. Different techniques can also be appropriate as more information becomes available. In selecting a technique or techniques the following aspects of context should therefore be considered:

- the purpose of the assessment;
- the needs of stakeholders;
- any regulatory and contractual requirements;
- the operating environment and scenario
- the importance of the decision (e.g. the consequences if a wrong decision is made).
- any defined decision criteria and their form;
- the time available before a decision must be made;
- information that is available or can be obtained;
- the complexity of the situation;
- the expertise available 1094 or that can be obtained;

The characteristics of the techniques relevant to these requirements are listed in Table A.1.

Table A.2 provides a list of techniques, classified according to these characteristics.

Note Although Annex A and B introduce the techniques severally, it may be necessary to make complementary use of multiple techniques to assess complex systems. IEC TR 63039: 2016, for example, guides how to use ETA, FTA and Markov techniques in a complementarily way so that the combined use is a as an efficient way to analyse risk of complex system.

As the degree of uncertainty, complexity and ambiguity of the context increases then the need to consult a wider group of stakeholders will increase, with implications for the combination of techniques selected.

Some of the techniques described in this document can be applied during steps of the ISO 31000 risk management process other than their usage in risk assessment. Application of the techniques in the risk management process of ISO 31000 is illustrated in Figure A.1.

Annex B contains an overview of each technique, its use, its inputs and outputs, its strengths and limitations and, where applicable, a reference for where further detail can be found. It categorises techniques according to their primary application in assessing risk, namely:

- eliciting views from stakeholders;
- identifying risk;
- analysing sources and drivers of risk;
- analysing controls;
- understanding consequences, likelihood and risk;
- analysing dependencies and interactions;
- selecting between options;
- evaluating the significance of risk;
- reporting and recording.

Table A 1

Table A.1 – Characteristics of techniques

A.2 Application of categorization of techniques

Table A.2 lists a range of techniques classified according to these characteristics. The techniques described represent structured ways of looking at the problem in hand that have been found useful in particular contexts. The list is not intended to be comprehensive but covers a range of commonly used techniques from a variety of sectors. For simplicity the techniques are listed in alphabetical order without any priority.

Each technique is described in more detail in Annex B. The techniques in Annex B are grouped according to how they are most commonly used in risk assessment. Within each grouping techniques are arranged alphabetically and no order of importance is implied.

Note The majority of techniques in table A2and Annex B assume that risks or sources of risk can be identified.

There are also techniques which can be used to indirectly assess residual risk by considering controls and requirements that are in place (see for example IEC 61508).

Fig  A 1

Figure A.1 – Application of techniques in the risk management process

Table A 2

Table A.2 – Techniques and indicative characteristics

...

segue in allegato

Fonti
IEC 31010:2018 Draft 
IEC 31010:2009

Certifico Srl - IT | Rev. 1.0 2019
©Copia autorizzata Abbonati

Matrice revisioni

Rev. Data Oggetto Autore
1.0 2019 Ed. 1.0 IEC 31010:2019 Certifico Srl - EN
0.0 2017 --- Certifico Srl - EN

Collegati

Certifico s.r.l.

Sede: Via A. De Curtis, 28 - 06135 Perugia - IT
P. IVA: IT02442650541

Tel. 1: +39 075 599 73 63
Tel. 2: +39 075 599 73 43

Assistenza: +39 075 599 73 43

www.certifico.com
info@certifico.com

Testata editoriale iscritta al n. 22/2024 del registro periodici della cancelleria del Tribunale di Perugia in data 19.11.2024