When the impact is large, it only takes one.
Protect yourself with asset reliability solutions.
We take risks in virtually everything that we do - even in everyday events like crossing the street. In business, risks are events that could prevent achievement of an objective. Asset intensive companies take risks that the physical assets they invest in may not provide the returns they planned. In some industries, companies also take the risk that their physical assets may expose them to costs that are far greater than the value of their investment. Generally, markets recognize these risks and demand high returns for risky investments. Nevertheless, the past few years have shown us that companies that do not actively manage their risks imperil themselves, their industries and their communities.
The science of managing risk has advanced considerably in the last decade, driven by the occurrence of events that were thought to be only remotely possible but that had enormous impact. This excerpt from "Enterprise Risk Management - Integrated Framework" (COSO, 2004) provides a description of the role of risk management:
- All entities face uncertainty and the challenge for management is to determine how much uncertainty to accept as it strives to grow stakeholder value. Uncertainty presents both risk and opportunity, with the potential to erode or enhance value. Enterprise risk management enables management to effectively deal with uncertainty and associated risk and opportunity, enhancing the capacity to build value.
Operational Risk Management is the subset of Enterprise Risk Management that covers the uncertainty and risk associated with running physical assets.
The COSO framework meshes very well with reliability best practices but starts at a more strategic level, focusing on securing the organization's objectives rather than preserving system function. Applying the framework to an organization progresses through a series of analytical steps that should seem familiar to a reliability centered maintenance (RCM) practitioner:
1) Identify events that could affect an organization's ability to achieve its objectives, either positively or negatively.
2) Characterize the risk associated with these events by evaluating their potential severity of impact and their
likelihood of occurrence.
3) Define how the organization will respond to an occurrence.
4) Specify the controls that will be used to mitigate the impact of an event.
5) Establish how event-related information will be disseminated and how communications will be managed.
6) Monitor changes to the likelihood or potential impact of an event.
Because historical data is scarce on many events, evaluations are generally qualitative, resulting in relative values for severity of impact and likelihood of occurrence. A robust operational risk assessment evaluates the impact of events from the perspective of safety, environment, production, quality and maintenance cost. Once the organization's risk profile is understood, RCM and Failure Modes and Effects Analysis techniques are very effective at identifying needed controls.
Most companies have the system capabilities needed to properly monitor and manage operational risks but do not effectively use these capabilities for this purpose. A number of condition monitoring systems are on the market today and are widely used within asset intensive businesses. Additionally, EAM systems like IBM's Maximo and or SAP's PM module are designed specifically to manage and track the work that is vital to regulatory compliance. Financial benefits may be significant. Companies that actively manage operational risk should enjoy significantly lower cost of capital from increasingly savvy investors.