Xbra3103 PDF

Faculty of Science and Technology
XBRA3103
OSH Risk Management
Copyright © Open University Malaysia (OUM)

XBRA3103
OSH RISK
MANAGEMENT
Mohd Taufik Husain
Moganasundram Balasundram
Mohamad Aliasman Morshidi
Ir Hussein Rahmat

Project Directors: Prof Dato’ Dr Mansor Fadzil
Assoc Prof Dr Norlia T. Goolamally
Open University Malaysia
Module Writers: Mohd Taufik Husain

Moganasundram Balasundram
Mohamad Aliasman Morshidi
Ir Hussein Rahmat
Moderator: Suhaila Abdul Hamid

Developed by: Centre for Instructional Design and Technology

First Edition, December 2011

Second Edition, August 2016 (rs)
Copyright © Open University Malaysia (OUM), August 2016, XBRA3103

All rights reserved. No part of this work may be reproduced in any form or by any means without
the written permission of the President, Open University Malaysia (OUM).

Table of Contents
Course Guide viiăxi
Topic 1 Introduction to OSH Risk Management 1

1.1 Management Commitment in Managing OSH at
the Workplace 2
1.2 OSH Risk Management Terminology 3
1.3 OSH Risk Management 4
1.4 OSH Risk Management Process 6
1.5 OSH Risk Management in OSH Management Systems 7
1.6 OSH Risk Management in Business Management 7
1.6.1 Opportunity-based Risk 8
1.6.2 Uncertainty-based Risk 9
1.6.3 Hazard-based Risk 9
Summary 10
Key Terms 11
References 11
Topic 2 Hazards Identification 13

2.1 Hazards at the Workplace 14
2.2 Hazard Identification 15
2.2.1 Hazard Identification Techniques 15
Summary 20
Key Terms 21
References 21
Topic 3 Risk Assessment 22

3.1 What is Risk Assessment? 23
3.2 Why Conduct Risk Assessment? 24
3.3 Risk Assessment Management 25
3.3.1 Planning 26
3.3.2 Execution Process 27
3.3.3 Follow-up Process and Monitoring 29
3.3.4 Corrective Process 31
3.4 Risk Assessment Methodology 31
3.4.1 Likelihood of an Occurrence 32
3.4.2 Severity of Hazard 33
3.5 Decisions on Risk Control Action 35
3.6 Risk Assessment Challenges at Workplace 37

iv  TABLE OF CONTENTS
Summary 38
Key Terms 38
References 38
Topic 4 Risk Control 40

4.1 Risk Control and Prevention 41
4.2 Risk Control Principles 41
4.2.1 Elimination 43
4.2.2 Substitution 43
4.2.3 Total Enclosure 43
4.2.4 Isolation 44
4.2.5 Reduction 44
4.2.6 Engineering Control 45
4.2.7 Safe Work Systems / Procedure 45
4.2.8 Personal Protective Equipment (PPE) 47
4.3 Location of The Controls Used 48
Summary 48
Key Terms 49
References 49
Topic 5 Job Safety Analysis (JSA) 51

5.1 What is Job Safety Analysis (JSA)? 52
5.2 Terminology 52
5.3 Benefits of Doing a JSA 53
5.4 Basic Steps in JSA 54
5.4.1 Select the Job to be Analysed 55
5.4.2 Break Down the Job into a Sequence of Steps 55
5.4.3 Identify Potential Hazards 57
5.4.4 Determine Preventive Measures to Control These
Hazards 59
5.5 JSA and Safety and Health Procedures 60
Summary 61
Key Terms 61
References 62
Appendix 1 63
Topic 6 Task Analysis 64

6.1 Task Analysis 64
6.2 Create Task Inventory 67
6.2.1 Inventory Occupations 67
6.2.2 Inventory All Tasks within Each Occupation 68
6.3 Critical Task Identification 69
6.3.1 Severity 70

TABLE OF CONTENTS  v
6.3.2 Frequency 71
6.3.3 Probability 71
6.4 Analysing Critical Tasks 73
6.4.1 Reduce the Task to the Steps Performed 73
6.5 Pinpoint Loss Exposures 75
6.6 Make an Improvement Check 77
6.7 Develop Controls 78
6.8 Procedures/Practices Write-up 81
6.8.1 Making the Investment 83
6.9 Put to Work 83
6.10 Update and Maintain Records 84
Summary 85
Key Terms 86
References 86
Topic 7 Hazard and Operability Study (HAZOP) 87

7.1 History of HAZOP 87
7.2 What is HAZOP? 89
7.2.1 Motivation for HAZOP 90
7.2.2 Application of HAZOP 90
7.2.3 Comparison of HAZOP with Other Hazard
Identification Methods 91
7.3 Terminology 92
7.4 Concept of Hazop 93
7.4.1 Brain Storming Principle 93
7.4.2 Principles of a HAZOP Meeting 93
7.4.3 Guide Words 95
7.5 The Four-Step HAZOP Process 99
7.5.1 Definition of Scope, Objectives and Responsibility
of the Team 99
7.5.2 Preparation for the Meeting 102
7.5.3 Examination of the System Being Considered 102
7.5.4 Documentation of Results of the Meeting and
Follow-up Action 106
7.5 Limitations of HAZOP 109
Summary 110
Key Terms 110
References 110

vi  TABLE OF CONTENTS
Topic 8 Structured „What if‰ Technique (SWIFT) 112

8.1 The Difference Between SWIFT and HAZOP 113
8.2 SWIFT Study Methodology 114
8.2.1 Planning and Preparation 114
8.2.2 Initial Discussions 115
8.2.3 Selecting a Study Section 116
8.2.4 Conducting the Discussions 116
8.2.5 The „What if‰ Questions 120
8.2.6 Answering the Questions 120
8.2.7 Using the SWIFT Checklists 121
8.2.8 Recommendations 121
8.2.9 Completing the Analysis 122
8.2.10 Reporting, Documentation and Follow-up 122
8.3 Swift for Non-continuous Operations 128
8.4 Swift Procedures Analysis 129
Summary 130
Key Terms 130
References 130
Topic 9 Fault Tree Analysis (FTA) 131

9.1 Introduction to Fault Tree Analysis (FTA) 132
9.2 FTA Application 134
9.3 Steps in Fault Tree Analysis 134
9.4 Fault Tree Symbols and Logic 135
9.5 Fault Tree: An Example 139
Summary 141
Key Terms 141
References 141
Topic 10 Failure Mode and Effects Analysis (FMEA) 143

10.1 Definition of FMEA 144
10.2 Benefits and Limitations 145
10.3 FMEA Process 146
10.3.1 Obtaining Information 146
10.3.2 Ground Rules and Assumptions 147
10.3.3 Construct Hierarchical Block Diagrams of
the System 148
10.3.4 Completing the FMEA 150
Summary 159
Key Terms 159
References 160

COURSE GUIDE

COURSE GUIDE  vii
COURSE GUIDE DESCRIPTION

You must read this Course Guide carefully from the beginning to the end. It tells
you briefly what the course is about and how you can work your way through
the course material. It also suggests the amount of time you are likely to spend in
order to complete the course successfully. Please keep on referring to the Course
Guide as you go through the course material as it will help you to clarify
important study components or points that you might miss or overlook.
INTRODUCTION
XBRA3103 OSH Risk Management is one of the courses offered by Faculty of
Science and Technology at Open University Malaysia (OUM). This course is
worth 3 credit hours and should be covered over 8 to 15 weeks.
COURSE AUDIENCE
This course is offered to all learners taking the Bachelor of Occupational Health
and Safety Management programme. This module covers the principle of
occupational safety and health (OSH) risk management. Learners will be able to
apply the concept of OSH risk management in managing risks at the workplace.
They will be able to use common tools in identifying hazards such as Job Safety
Analysis, Hazard and Operability Study, Fault Tree Analysis, Failure Mode and
Effects Analysis, Structured What-If Technique as well as Task Analysis.
As an open and distance learner, you should be acquainted with learning

independently and being able to optimise the learning modes and environment
available to you. Before you begin this course, please ensure that you have the
right course material, and understand the course requirements as well as how the
course is conducted.
STUDY SCHEDULE
It is a standard OUM practice that learners accumulate 40 study hours for every
credit hour. As such, for a three-credit hour course, you are expected to spend
120 study hours. Table 1 gives an estimation of how the 120 study hours could be
accumulated.

viii  COURSE GUIDE
Table 1: Estimation of Time Accumulation of Study Hours
Study
Study Activities
Hours
Briefly go through the course content and participate in initial discussion 3
Study the module 60
Attend 3 to 5 tutorial sessions 10
Online participation 12
Revision 15
Assignment(s), Test(s) and Examination(s) 20
TOTAL STUDY HOURS ACCUMULATED 120
COURSE OUTCOMES
By the end of this course, you should be able to:
1. Describe the concept of OSH risk management;
2. Conduct risk assessments (assuming the presence of necessary technical

knowledge in relation to the activities/environments/issues being
assessed);
3. Organise and implement a risk assessment programme where this has not
already been started;
4. Identify specific training needs for the activities being assessed; and
5. Monitor and review risk assessments.
COURSE SYNOPSIS
This course is divided into 10 topics. The synopsis for each topic can be listed as
follows:
Topic 1 gives an introduction to OSH risk management. It covers the commitment

of management in managing OSH at the workplace, terminology, OSH risk
management, OSH risk management process, OSH risk management in OSH
management systems and OSH risk management in business management.
Topic 2 describes hazard identification. It includes a discussion on hazards at the

workplace, hazard identification and hazard identification techniques.

COURSE GUIDE  ix
Topic 3 discusses risk assessment. It covers what is risk assessment, why conduct
risk assessment, risk assessment management, risk assessment methodology,
decisions on risk control action and risk assessment challenges at the workplace.
Topic 4 elaborates on risk control. It discusses risk control and prevention, risk
control principles and location of the control used.
Topic 5 discusses Job Safety Analysis (JSA). It covers what is JSA, terminology,
benefits of doing a JSA, basic steps in JSA as well as JSA and safety and health
procedures.
Topic 6 describes task analysis. It includes a discussion on task analysis, creating

task inventory, critical task identification, analysing critical tasks, pinpointing
loss exposures, making an improvement check, developing controls,
procedures/practices write-ups, putting to work and updating as well as
maintaining records.
Topic 7 explains Hazard and Operability (HAZOP) study. It elaborates on the

history of HAZOP, what is HAZOP, terminology, concept of HAZOP, the four-
step HAZOP process and limitations of HAZOP.
Topic 8 discusses the Structured „What-If‰ Technique (SWIFT). It covers the

difference between SWIFT and HAZOP, SWIFT study methodology, SWIFT for
non-continuous operations and SWIFT procedures analysis.
Topic 9 discusses Fault Tree Analysis (FTA). It includes a discussion on FTA,

FTA application, steps in FTA, fault tree symbols and logic.
Topic 10 describes the Failure Mode and Effects Analysis (FMEA). It covers the
definition of FMEA, benefits and limitations as well as the FMEA process.
TEXT ARRANGEMENT GUIDE

Before you go through this module, it is important that you note the text
arrangement. Understanding the text arrangement will help you to organise your
study of this course in a more objective and effective way. Generally, the text
arrangement for each topic is as follows:
Learning Outcomes: This section refers to what you should achieve after you
have completely covered a topic. As you go through each topic, you should
frequently refer to these learning outcomes. By doing this, you can continuously
gauge your understanding of the topic.

x  COURSE GUIDE
Self-Check: This component of the module is inserted at strategic locations

throughout the module. It may be inserted after one sub-section or a few sub-
sections. It usually comes in the form of a question. When you come across this
component, try to reflect on what you have already learnt thus far. By attempting
to answer the question, you should be able to gauge how well you have
understood the sub-section(s). Most of the time, the answers to the questions can
be found directly from the module itself.
Activity: Like Self-Check, the Activity component is also placed at various

locations or junctures throughout the module. This component may require you to
solve questions, explore short case studies, or conduct an observation or research.
It may even require you to evaluate a given scenario. When you come across an
Activity, you should try to reflect on what you have gathered from the module and
apply it to real situations. You should, at the same time, engage yourself in higher
order thinking where you might be required to analyse, synthesise and evaluate
instead of only having to recall and define.
Summary: You will find this component at the end of each topic. This component
helps you to recap the whole topic. By going through the summary, you should
be able to gauge your knowledge retention level. Should you find points in the
summary that you do not fully understand, it would be a good idea for you to
revisit the details in the module.
Key Terms: This component can be found at the end of each topic. You should go
through this component to remind yourself of important terms or jargon used
throughout the module. Should you find terms here that you are not able to
explain, you should look for the terms in the module.
References: The References section is where a list of relevant and useful

textbooks, journals, articles, electronic contents or sources can be found. The list
can appear in a few locations such as in the Course Guide (at the References
section), at the end of every topic or at the back of the module. You are
encouraged to read or refer to the suggested sources to obtain the additional
information needed and to enhance your overall understanding of the course.
PRIOR KNOWLEDGE
No prior knowledge is required.

COURSE GUIDE  xi
ASSESSMENT METHOD
Please refer to myINSPIRE.
REFERENCES
Bahr, N. J. (1997). System safety engineering and risk assessment: A practical
approach. Washington, DC: Taylor and Francis.
Guidelines for Hazard Identification, Risk Assessment and Risk Control

(HIRARC). (2008). Department of Occupational Safety and Health Ministry
of Human Resource, Malaysia
Hughes, P., & Ferrett, E. (2002). Introduction to health and safety at work.
Oxford, England: Butterworth-Heinemann.
International Electrotechnical Commission (IEC). (2001). IEC 61882 Hazard and

operability studies (HAZOP studies) ă Application guide. Geneva,
Switzerland: International Electrotechnical Commission.
Kletz, T. (1999). HAZOP and HAZAN (4th ed.). New York, NY: Taylor & Francis.
Occupational Safety and Health Management Systems ă Part 1: Requirements.

(2005). Department of Standards Malaysia.
OHSAS 18001:2007 Occupational health and safety management systems ă

Requirements. (2007). London, England: BSI Standards Publication.
Ridley, J., & Channing, J. (1999). Risk management. Oxford, England:

Butterworth- Heinemann.
TAN SRI DR ABDULLAH SANUSI (TSDAS)

DIGITAL LIBRARY
The TSDAS Digital Library has a wide range of print and online resources for the
use of its learners. This comprehensive digital library, which is accessible
through the OUM portal, provides access to more than 30 online databases
comprising e-journals, e-theses, e-books and more. Examples of databases
available are EBSCOhost, ProQuest, SpringerLink, Books247, InfoSci Books,
Emerald Management Plus and Ebrary Electronic Books. As an OUM learner,
you are encouraged to make full use of the resources available through this
library.
Topic  Introduction to
1 OSH Risk
Management
LEARNING OUTCOMES
By the end of this topic, you should be able to:
1. Describe management commitment in managing OSH at the
workplace;
2. Explain the importance of OSH risk management at the workplace;
3. Define the commonly used OSH risk management terms;
4. Describe the process of OSH risk management; and
5. Relate OSH risk management to OSH management systems and
business management.
 INTRODUCTION
Figure 1.1: Workplace safety signs

Source: http://hospitalityrisksolutions.com

2  TOPIC 1 INTRODUCTION TO OSH RISK MANAGEMENT
Look at Figure 1.1 that depicts several workplace safety signs. Did you know that
work activities pose potential risks and hazards? The safety and health of
employees are jeopardised especially if these risks are not properly monitored
and controlled. All employees are entitled to safe and healthy work conditions,
regardless of whether they are working in the field, at the office or at any other
workplace setting. They deserve a safe work environment. Hence, employee
safety and health should be a primary concern for all organisations. In other
words, employers should develop strategies and policies to ensure the
establishment of safe and healthy workplaces.
1.1 MANAGEMENT COMMITMENT IN

MANAGING OSH AT THE WORKPLACE
In managing Occupational Safety and Health (OSH) issues at the workplace, top
management commitment is crucial. Management must acknowledge that OSH
matters are critical as part of the business operations. Management shall oversee
the OSH matters from four points of view (Stranks, 1994) listed as follows:
(a) Legal requirements

All organisations need to comply with certain legal requirements related to
OSH. In Malaysia, the most widely used OSH laws are Occupational Safety
and Health Act (OSHA) 1994, Factories and Machinery Act (FMA) 1967,
Atomic Energy Licensing Act (AELA) 1984 and Petroleum Act (Safety
Measures) 1984.
(b) Social perspective

Management should remember that employees are an important feature in
the operation of an organisation. They are the assets through which the
company can achieve its objectives. Therefore, management should ensure
that the workplace is safe for their employees.
(c) Financial aspects

Management should be aware of the financial impact of any accident that
occurs at the workplace. The impact might be significant and result in
additional costs to the organisation. Hidden costs incurred through loss of
productivity, a tarnished company image, loss of purchase orders, customer
dissatisfaction and legal implications should also be considered by
management.

TOPIC 1 INTRODUCTION TO OSH RISK MANAGEMENT  3
(d) Human factors

This factor involves the influence of human values on employeesÊ
understanding of OSHÊs importance at the workplace. It involves
organisation culture, top management leadership and commitment and also
system approach, by taking into account human capabilities and capacities
to deliver their work.
As part of the legal requirements under Section 16, OSHA 1994, management
must establish a Safety and Health Policy for the workplace. This is considered a
pledge by top managements in terms of their commitment to protect the safety
and health of employees at the workplace. This document is the basis for all OSH
activities within the organisation. As part of the management commitment, this
document should be reviewed regularly especially with regard to individual
responsibilities and accountabilities. Once the document is approved, it should
be communicated to all employees.
SELF-CHECK 1.1
1. Why is it important to manage OSH at the workplace?
2. What is the role played by top management in managing OSH at

the workplace?
1.2 OSH RISK MANAGEMENT TERMINOLOGY

Table 1.1 shows the commonly used terminology in relation to OSH risk
management.
Table 1.1: Commonly used OSH Terminology
Terminology Meaning
Hazard „Source, situation or act with a potential for harm in terms
of human injury or ill health or a combination of these.‰
(OHSAS 18001:2007)
Hazard Identification „Process of recognising that a hazard exists and defining
its characteristics.‰ (OHSAS 18001:2007)
Risk „Combination of the likelihood of an occurrence of a
hazardous event or exposure and the severity of injury or
ill health that can be caused by the event or exposure.‰
(OHSAS 18001:2007)

Risk Assessment „Process of evaluating the risk that arises from a hazard,
taking into account the adequacy of any existing controls,
and deciding whether or not the risk is acceptable.‰
(OHSAS 18001:2007)
Risk Management „Total procedure associated with identifying a hazard,
assessing the risk, putting in place control measures, and
reviewing the outcomes.‰ (DOSH HIRARC Guidelines)
1.3 OSH RISK MANAGEMENT

OSH risk management is crucial to industry and is closely related to the
performance of the organisation. Ridley and Channing (1999) addressed the roles
played by OSH risk management in the industry, describing them as follows:
(a) Consider the impact of certain risky events on the performance of the
organisation;
(b) Devise alternative strategies for controlling these risks and/or their impact
on the organisation; and
(c) Relate these alternative strategies to the general decision framework used
by the organisation.
OSHA 1994, under General Duties of Employer and Self-Employed Person,

states that the employer, as far as it is practicable, is to provide and maintain a
safe plant and system of work and also to make arrangements for safe use,
operation, handling, storage and transportation of plant and substances. Hence,
the employer must systematically identify and assess hazards to which
employees are exposed. The employer must also conduct inspections of the
workplace ă review safety and health information; evaluate new equipment,
materials, and processes for hazards before they are introduced into the
workplace; and assess the severity of identified hazards and rank those hazards
that cannot be corrected immediately according to their severity. This whole
process is known as risk management.
In achieving a safe and healthy workforce and work environment, the

organisation must integrate OSH risk management into its daily operations.
According to Commonwealth Australia 2005, there are six elements of effective
OSH risk management.

Now let us look at each element.
(a) Senior management leadership and commitment means that senior

management is actively involved in and committed to improving OSH
performance within the workplace.
(b) The active involvement of each individual at the workplace means that
each person contributes to the consideration of safety at every level of the
work environment. In other words, OSH is everybodyÊs business.
(c) Effective communication through consultation will establish a framework

that allows for active communication between all parties so that:
(i) Different points of view can be presented;
(ii) All views can be considered before decisions are made; and
(iii) There is room for negotiation about the different points of view with
the aim of achieving resolution of any disputes.
(d) Provision of appropriate information, education and training means that

each individual has the necessary knowledge, skills and information to
undertake their functions and responsibilities in a safe manner.
(e) Hazard identification, risk assessment and risk control at workplace level
may be defined as the systematic application of management policies,
procedures and practices to the four-step process of:
(i) Identifying the hazard;
(ii) Assessing the risk;
(iii) Controlling the risk; and
(iv) Monitoring and reviewing the risk management process.
An OSH Management Information System is designed to provide up-to-date

information on an organisationÊs OSH performance.
SELF-CHECK 1.2
1. How do you ensure the effectiveness of OSH risk management at

the workplace?
2. What are the roles of OSH risk management in industry?

1.4 OSH RISK MANAGEMENT PROCESS

OSH risk management is a term given collectively to the process of identifying
workplace hazards, assessing their risks, taking action to eliminate, contain or
reduce the risk and maintaining a system of review to ensure the effectiveness of
the control measures. Figure 1.2 illustrates the common process flow of health
and safety risk assessments.
Figure 1.2: A common process flow of safety and health risk management
Implementing an OSH risk management process will enable a business to:
(a) Identify areas of OSH risk in the business and in associated work activities;
(b) Help to demonstrate due diligence by directors, managers and other key
persons involved in the process;
(c) Reduce exposure to prosecution of the business and reduce employeesÊ

exposure to the risk of injury and work related health effects;
(d) Provide a systematic approach to the management of risks in the

workplace; and
(e) Allow for standards to be developed against which a business can be

audited for continuous improvement.

1.5 OSH RISK MANAGEMENT IN OSH

MANAGEMENT SYSTEMS
There are several widely known OSH management systems. These systems have
been accepted as consistent approaches to prevent or minimise work related
accidents and injuries as well as to enhance safety and health awareness in an
organisation. In Malaysia, there are two most common OSH management systems
namely MS 1722:2005, which originated from ILO-OSH 2001 and OHSAS 18001.
According to (Bakri et al., 2006) the OSH management system (OSHMS) is an

integral part of the overall management system of the organisation. It facilitates the
management of the OSH risks associated with the business of the organisation.
The MS 1722:2005 OSH system is grounded in the following elements:
(a) Policy;
(b) Organising;
(c) Planning and implementation;
(d) Evaluation; and
(e) Action for improvement.
OSH risk management is one of the elements in planning and implementation. It

is stated in MS 1722:2005 that hazards and risks to employeesÊ safety and health
shall be identified and assessed respectively on an ongoing basis.
OSH risk management is also covered in OHSAS 18001:2007 under Clause 4.3:
Planning, where it is mentioned that the organisation shall establish, implement
and maintain a procedure(s) for ongoing hazard identification, risk assessment
and determination of necessary controls.
1.6 OSH RISK MANAGEMENT IN BUSINESS

MANAGEMENT
Risk is a part of everyday life. There are many types of risk that will be
encountered in business. Some will have a minimal impact and can be managed
easily; others may threaten the longevity of a business. Understanding the
principles and processes for effective risk management will help a business
owner make the decisions necessary to ensure the best possible outcome for the
business.

According to Risk Management Guide for Small Business by New South Wales
Department of State and Regional Development, good governance focuses on
areas such as:
(a) Good business conduct ă including management of areas such as customer

relations, transparent finances, resources and staff management;
(b) Quality outcomes ă ensuring that the products developed or the services
provided by the business are of the highest quality and standard;
(c) Compliance ă ensuring that the business complies with all required
regulations, legislation and standards on an ongoing basis; and
(d) Risk management ă protecting the business from possible negative

occurrences, as well as recognising opportunities and capitalising on these
when they arise.
Effective governance can help improve performance, satisfy customer needs and
meet compliance requirements. Risk management is an integral part of business
governance.
Every risk has its own distinct characteristic that requires particular management
or analysis. Most people will recognise the „obvious‰, or most apparent risk that
they are facing. For example, the owner of a take-away restaurant will
immediately recognise the risk to the safety of their staff from using hot cooking
oil and implements. However, the risk to the business from a new local
competitor may not be as readily identified. An emerging concept in risk
management is that there are three types of risk:
(a) Opportunity-based risk;
(b) Uncertainty-based risk; and
(c) Hazard-based risk.
1.6.1 Opportunity-based Risk

There are two main aspects of opportunity-based risks: risks associated with not
taking an opportunity and those associated with taking an opportunity. The
latter is a conscious decision to accept identified risk associated with an
opportunity and then to implement processes to minimise any negative impacts
and maximise gains.

Opportunity-based risk may or may not be visible or physically apparent; it is

often financial. It can have a positive or negative outcome; and it can have both
short-term and longer-term outcomes.
Opportunity-based risks for small business include: moving a business to a new

location; acquiring new property; expanding a business; and diversifying a
product line.
1.6.2 Uncertainty-based Risk

Uncertainty-based risk is the risk associated with unknown and unexpected
events. This type of risk has attracted more recognition as a result of events such
as Y2K, September 11 and recent natural disasters such as the Asian tsunami.
Uncertainty-based risks are: unknown or extremely difficult to quantify;

catastrophic or disastrous in nature; associated with negative outcomes; and not
possible to control or influence.
Uncertainty-based risks for small business include: physical damage or damage

to buildings by fire or flood; financial loss; loss of a vital supplier; unexpected
loss of insurance; and loss of market share.
Preparing for uncertainty: By their very nature, disaster and the unexpected are
unpredictable. A business owner must plan accordingly and determine how to
minimise business disruption.
There are various management methods to minimise the impact of uncertain

events on a business. Examples are:
(a) Disaster and emergency planning;
(b) Planning to recover from a disaster; and
(c) Business continuity planning to ensure a business can continue to operate

after a major disruption.
1.6.3 Hazard-based Risk

Hazard-based risk is the risk associated with a source of potential harm or a
situation with the potential to cause harm. This is the most common one
associated with business risk management, as addressed by occupational health
and safety programmes.

Hazard-based risks for small business include:
(a) Physical hazards ă including noise, temperature or other environmental

factors;
(b) Chemical hazards ă including storage and/or use of flammable, poisonous,

toxic or carcinogenic chemicals;
(c) Biological hazards ă including viruses, bacteria, fungi and other hazardous
organisms;
(d) Ergonomic hazards ă including poor workspace design, layout or activity

and equipment usage; and
(e) Psychological hazards ă that may result in physical or psychological harm,

including bullying, sexual discrimination, workload or mismatch of job
specification to employee capability.
Integrating OSH into business management will enable a business to provide a

safe and healthy environment for all its employees and customers. All employees
are also expected to support the risk management framework and to be
responsible for identifying, reporting and participating in the management of all
risks in our operations. OSH is relevant to all businesses.
SELF-CHECK 1.3
1. What is the process of OSH risk management?
2. How is OSH risk management able to enhance business

management?.
 Management commitment plays a crucial role in managing OSH at the

workplace. Management shall oversee the OSH matters from four points of
view, which are, legal requirements, social perspective, financial aspects and
human factors.
Ć Hazard, hazard identification, risk, risk assessment and risk management are
commonly used terms related to OSH risk management.

Ć OSH risk management is one of the elements in the OSH management

system. There are six elements of effective OSH risk management: senior
management leadership and commitment, active involvement of each
individual at the workplace, effective communication through consultation,
provision of appropriate information, education and training, hazard
identification, risk assessment and risk control as well as OSH management
information systems.
Ć OSH risk management is a term given collectively to the process of

identifying workplace hazards, assessing their risks, taking action to
eliminate, contain or reduce the risk and maintaining a system of review to
ensure the effectiveness of the control measures.
Ć OSH risk management is important in accident prevention strategy.
 There are three types of risk: opportunity-based risk, uncertainty-based risk

and hazard-based risk.
Accident Opportunity-based risk

Hazard-based risk Risk assessment
Hazards Risk control
Management system Risk management
Occupational Safety and Health (OSH) Uncertainty-based risk
Andrews, J. D., & Moss, T. R. (2002). Reliability & risk assessment (2nd ed.). New
York, NY: ASME Press.


Bakri, A., Mohd. Zin, R., Misnan, M. S., & Mohammed, A. H. (2006).
Occupational safety and health (OSH) management systems: Towards
development of safety and health culture. Proceedings of the 6th Asia-
Pacific Structural Engineering and Construction Conference (ASPEC), (pp.
C-19-28). Kuala Lumpur, Malaysia.
Occupational Health and Safety Management Systems ă Requirements. (2007).

London, England: OHSAS Project Group.
Occupational Safety and Health Management Systems ă Part 1: Requirements


requirements. (2007). London, England: BSI Standards Publication.

Butterworth-Heinemann.
Stranks, J. (1994). Management systems for safety. London, England: Pitman

Publishing.

Topic  Hazards
2 Identification
LEARNING OUTCOMES
1. Define hazards and hazards identification;
2. Describe categories of OSH hazards at the workplace; and
3. Explain the methods used in identifying hazards at the workplace.
 INTRODUCTION
Accidents can happen almost anywhere. However, accidents do not just happen;
they are the result of a process, involving many steps which have to occur in
order for the accident to happen. When an accident occurs, it is not only affects
the quality of work produced but also the employeeÊs respect for management. It
also diminishes a workerÊs motivation.
Another impact that accidents have on companies is that they could also
interrupt production, leading to missed business opportunities. Besides, a major
or high profile accident could also severely tarnish a companyÊs corporate image
which has taken a long time to nurture. This has, in fact, proven true on more
than a few occasions. There is no doubt that OSH is vital for business
sustainability.
When accidents occur leading to either injuries or fatalities, such tragedies bring
pain and agony not only to the victims but also to their families. It will create
anxiety for the rest of the family, especially for the victim's children. Life will
never be the same for them.

14  TOPIC 2 HAZARDS IDENTIFICATION
Accidents or illnesses lead to a great loss to the organisation. The organisation

cannot afford to suffer these losses. Hence, there is an urgent need for both
employer and employees to be aware of the importance of safety and health at
the workplace and work hand in hand to secure good safety and health at the
workplace. Both employer and employees need to strive to create a safe work
culture, which will be able to boost the productivity of the organisation.
Therefore, there is a crucial need to manage hazards at the workplace and this
begins with identifying all the hazards in the workplace. This preliminary step is
the focus of this topic.
2.1 HAZARDS AT THE WORKPLACE

According to MS1722:2005, a hazard is a source or a situation with a potential for
harm in terms of human injury, or ill health, damage to property, damage to the
environment or a combination of these.
Hazards in a workplace can arise from people being exposed to hazardous

substances, processes or environments. Workplace hazards can be divided into
five categories:
(a) Physical hazards such as noise, radiation, ventilation, thermal stress, poor,
electricity;
(b) Chemical hazards such as pesticide, solvents, heavy metal;
(c) Biological hazards such as bacteria, virus, parasites;
(d) Ergonomic hazards such as man/machine interface, repetitive work; and
(e) Psychosocial hazards such as stress, long hours, night shifts.
Since there are a lot of hazards that can cause injuries and property damage at
the workplace, it is important to manage them efficiently and effectively. In order
to identify the risk controls, it is necessary to identify the hazards and measure
the risks. These critical steps need to be planned and must be part of the
organisationÊs strategy to eliminate or minimise any accidents at the workplace.
SELF-CHECK 2.1
1. Explain what hazards are.
2. Discuss OSH hazards at the workplace.

TOPIC 2 HAZARDS IDENTIFICATION  15
2.2 HAZARD IDENTIFICATION

Hazard identification means the identification of undesired events that lead to the
materialisation of the hazard and the mechanism by which those undesired events
could occur. The purpose of hazard identification is to highlight the critical
operations of tasks, that is, those tasks posing significant risks to the safety and
health of employees as well as highlighting those hazards pertaining to certain
equipment due to energy sources, working conditions or activities performed
(Guidelines for Hazard Identification, Risk Assesment and Risk Control
(HIRARC), 2008). Hence, the hazard identification process is a kind of „safety
brainstorming‰. Through the hazard identification process, we may be able to
identify as many hazards as possible and list them in the hazard register.
Hazard identification requires employee involvement and participation. The

cooperation of employees is needed to ensure that the process achieves its
objectives as safety and health issues concern all members of an organisation.
2.2.1 Hazard Identification Techniques

In conducting hazard identification at the workplace, we may rely on the
following documents and information:
(a) Reports on any hazardous occurrence, accident, inspection, internal audit

and enforcement audit;
(b) Records on first aid and minor injury as well as hazardous substances;
(c) Results from the inspections and OSH programmes;
(d) Complaints from employees;
(e) Training evaluation; and
(f) Information in the Act, Regulations, Guidelines, Codes of Practice and
Standards.
We may conduct hazard identification by using:

(a) Identifying Hazards by Document Review
(b) Identifying Hazards by Observation and Inspection
(c) Identifying Hazards by Exposure Monitoring
(d) Biological and Medical Surveillance
(e) Hazards Analysis

Let us explore in detail the various identification techniques.
(a) Identifying Hazards by Document Review

Hazards can be identified by performing document reviews. Examples of
documents that can be reviewed are:
(i) OSH Act, Regulations, Codes of Practice, Guidelines and Standards.

All this information is available on the legal register.
(ii) Reports of accident investigation and safety audits.
(iii) Accident statistics.
(iv) Chemical Safety Data Sheet (CSDS) or Material Safety Data Sheet
(MSDS) if it involves exposure to hazardous substances.
(b) Identifying Hazards by Observation and Inspection

This is the most common method used in identifying hazards. We may
perform a walk-through inspection to observe unsafe acts and unsafe
conditions and then record these observations. We may also perform
workplace inspection with the help of an inspection checklist. According to
OSH (Safety and Health Committee) Regulations 1996, Reg. 12, a safety and
health committee shall inspect the workplace at least once every three
months to ascertain if there is anything prejudicial to the safety and health
of persons employed.
The outcomes of the workplace inspection will then be discussed in the

safety and health committee meeting, which should be held at least once in
three months. Besides the safety and health committee workplace
inspection, the employer is also required to conduct statutory inspections of
all the registered machinery that falls under the Factories and Machinery
Act 1967.
(c) Identifying Hazards by Exposure Monitoring

Exposure monitoring involves the identification of physical, chemical and
biological „stressors‰ such as noise, dust, toxic gases and harmful bacteria
in the workplace environment.
One definition of the term stress is „the common response to environmental

change‰. Stress in the working environment may be created in a number of
ways, for instance, as a result of the installation of noisy plants and
equipment. Stress factors may also take many forms, for example, extremes
of temperature, poor levels of lighting and ventilation or the presence of

hazardous dusts, gases, vapours and bacteria, all of which have a

detrimental effect on the health of workers.
Environmental monitoring is an important method in identifying

individual and group exposure to these stressors and also in ensuring
compliance with Factories and Machinery Act 1967 and OSH (Use and
Standard of Exposure of Chemical Hazardous to Health) Regulations 2000
and other related OSH regulations.
There are two types of exposure monitoring, namely personal monitoring

and area monitoring. Personal monitoring is conducted to determine
exposure levels or to ascertain whether there is a need for medical
consultation, examination and/or surveillance. Area monitoring is
conducted to augment personal monitoring and to aid in assessing the
effectiveness of engineering controls.
(d) Biological and Medical Surveillance

Biological monitoring is a regular measuring activity where selected
validated indicators of the uptake of toxic substances in the human body are
determined in order to prevent health impairments. This form of monitoring
could entail the examination of, for example, blood, urine, saliva and expired
air. Biological monitoring commonly features in the health or medical
surveillance of persons exposed to hazardous environments especially those
listed under OSH (Use and Standard of Exposure of Chemical Hazardous to
Health) Regulations 2000 and other regulations.
Health surveillance is warranted if:
(i) Hazardous substances are used in the workplace;
(ii) The substance is hazardous as scheduled in regulations;
(iii) There is evidence or reason to suspect injury through medical records, etc.;
(iv) Atmospheric monitoring has been insufficient;
(v) Techniques are now available for accurate measurement; and
(vi) It will benefit those workers at risk because of the exposure.
Health surveillance is also warranted in the following situations:
(i) For employees who are exposed to a hazard for which there is an
identifiable health effect or disease (CSDS and others);
(ii) There is a likelihood that it could occur;

(iii) There are valid techniques for detecting effects and valid biological
monitoring methods are available; and
(iv) There is reason to believe established value levels might be exceeded

for certain individuals.
(e) Hazard Analysis

Hazard analysis is a technique to examine the workplace for hazards with
the potential to cause accidents. It is used in new plant design, especially in
process plants where the process is complex, raw materials are hazardous
and the likelihood of fire, explosion and asset loss is great. This is to ensure
that safety is built into the design before the plant is built.
Many formal techniques have been developed for the systematic analysis of
complex systems. They attempt to consider all reasonable possibilities.
Therefore, techniques of mathematical analysis have been developed for
this purpose aided by brainstorming techniques among experts in the
processes. However, all these techniques suffer from the drawback that the
probability of future events can only be guessed.
Some of the techniques used are:
(i) Job Safety Analysis (JSA);
(ii) Hazards and Operability Studies (HAZOP);
(iii) Fault Tree Analysis (FTA);
(iv) Failure Mode and Effect Analysis (FMEA);
(v) Event Tree Analysis (ETA);
(vi) Checklist Analysis;
(vii) What-if Analysis;
(viii) Relative Ranking/Risk Indexing;
(ix) Pareto Analysis;
(x) Preliminary Risk Analysis (PrRA);
(xi) Preliminary Hazard Analysis (PrHA);
(xii) Change Analysis; and
(xiii) Event and Causal Factor Charting.

We will only discuss further the first four techniques of hazard analysis
mentioned.
(i) Job Safety Analysis

Job safety analysis (JSA) or job hazard analysis is an accident
prevention technique that should be used in conjunction with the
development of job safety instructions; safe systems of work; and job
safety training. JSA is based on the SREDIM principle:
 Select (work to be studied);
 Record (how work is done);
 Examine (the total situation);
 Develop (best method for doing work);
 Install (this method into the companyÊs operations); and
 Maintain (this defined and measured method).
(ii) Hazards and Operability Studies (HAZOP)

One common tool used for the process of hazard analysis is the
HAZOP study. It is a „systematic group approach to identify process
hazards and inefficiencies in a system‰ (Bahr, 1997). In this study, a
group of engineers from different processes or expertise backgrounds
who are familiar with the design and operation of the plant are
selected. The team will be led by a leader, normally an engineer who
is very familiar with the HAZOP method.
A HAZOP study is a process involving a technical brainstorming

session within a controlled environment (Bahr, 1997). In this study, a
complex process will be simplified and made easy to understand.
Normally, to simplify the complex process, it will be broken down
into NODE. NODE is defined as the point or position (on piping and
instrumentation diagram, P&ID) where the activity or process
parameters can alter or change (Bahr, 1997).
(iii) Fault Tree Analysis (FTA)

Fault Tree Analysis is a technique that may be utilised to trace back
through the chronological progression of causes and effects that have
contributed to a particular event, whether it be an accident (industrial
safety) or failure (system safety). The fault tree is a logic diagram
based on the principle of multi-causality that traces all the branches of
events that could contribute to an accident or failure.

(iv) Failure Mode and Effect Analysis (FMEA)

Failure Mode Effects Analysis (FMEA) is an opposite analysis to FTA.
In FMEA, it is a bottom-up analysis that identifies failures in the
system. Bahr (1997) defined FMEA as „an analysis tool that identifies
all the ways a particular component can fail, and what its effects
would be on the system‰. It is a prevention tool to define, identify and
eliminate potential problems from a system, sub-system, component
or a process. In FMEA analysis, we study the components in the
system and then analyse the failures and how they affect the overall
system.
FMEA is a very structured and reliable tool for evaluating hardware

and systems. It is an easy system to learn and apply. It can evaluate a
complex system. However, it can be a very time-consuming process
and does not readily identify areas with multiple faults that could
occur.
SELF-CHECK 2.2
1. Explain the five hazard identification techniques.
2. Describe the four hazard analysis techniques.
 A hazard is a source or a situation with a potential for harm in terms of

human injury, ill health, damage to property, damage to the environment or a
combination of these.
Ć Hazards in a workplace can arise from people being exposed to hazardous

substances, processes or environments.
Ć In order to identify the risk controls, it is important for us to identify the

hazards and measure the risks
Ć Hazard identification means the identification of undesired events that lead

to the materialisation of the hazard and the mechanism by which those
undesired events could occur.
Ć Hazard identification requires employee involvement and participation.

Hazards Hazards identification technique

Hazards identification

Health and Safety Executive (HSE). (1996). Five steps to risk assessment (2nd
revision). Sudbury, Suffolk: HSE Books.
Health and Safety Risk Assessment, NEBOSH International General Certificate

Notes.
Hughes, P., & Ferrelt, E. (2002). Introduction to health and safety at work.
OHSAS 18001:2007 Occupational Health and Safety Assessment Series. (2007).



Publishing.
Health and Safety Executive (HSE). (1997). Successful health and safety
management (2nd ed.). Sudbury, Suffolk: HSE Books.
MS 1722: 2005 Occupational Safety and Health Management Systems - Part 1:

Requirements. Department of Standards Malaysia.

T op i c  Risk
3 Assessment
LEARNING OUTCOMES
1. Define risk assessment;
2. Explain the importance of risk assessment;
3. Discuss the relationship between OSH management systems and
risk assessment; and
4. Describe the tolerability-of-risk triangle concept.
 INTRODUCTION
The methods for analysing hazards in occupational safety and health
management have improved over the years, with many theories on hazard
analysis having been introduced. The approach of these various methods may be
different but the ultimate objective is the same, that is, to prevent occupational
accidents or incidents from occurring.
Once a hazard or a potential hazard is identified, it must be analysed to eliminate

or reduce its risk(s). While various methods are available, the suitability of the
application depends on the work activity. Different work processes and activities
require different approaches.

TOPIC 3 RISK ASSESSMENT  23
3.1 WHAT IS RISK ASSESSMENT

The following is a definition of risk:
Risk is a combination of the likelihood of an occurrence of a hazardous event

with specified period or in specified circumstances and the severity of injury
or damage to the health of people, property, environment or any
combination of these caused by the event.
(MS 1722: 2005)
Risk can be presented in a variety of ways to communicate the results of analysis

in order to make decisions on risk control. For risk analysis that uses likelihood
and severity in qualitative methods, presenting results in a risk matrix is a very
effective way of communicating the distribution of risk throughout a plant or an
area in a workplace.
Risk can be calculated using the following formula:
Relative Risk = L  S
Where,
L = Likelihood
S = Severity
We may also address risk assessment through four specific questions:
(a) How severe are the potential injuries?;
(b) How frequent are employees exposed to the potential hazards?;
(c) What is the possibility of avoiding the hazard if it does occur?; and
(d) What is the likelihood of an injury should a safety control system fail?
Example:
Question 1: Severity of potential injuries
S = Severity
S1 Slight injury (bruise, abrasion)

24  TOPIC 3 RISK ASSESSMENT
S2 Severe injury (amputation or death)
Question 2: Frequency of exposure to potential hazards
F = Frequency
F1 Infrequent exposure
F2 From frequent to continuous exposure
Question 3: Possibility of avoiding the hazard if it does occur
P = Possibility
P1 Possible
P2 Less possible to not impossible
Question 4: Likelihood that the hazard will occur
L = Likelihood
L1 Highly unlikely
L2 Unlikely
L3 Highly likely
3.2 WHY CONDUCT RISK ASSESSMENT?

When risk assessment is established, the magnitude of risk can be measured in
order for the organisation to quantify and qualify the risk level. Thus, it is
important for organisations to use the risk assessment data to manage all
activities. Generally, risk assessment is critical to an organisation because of (but
not limited to) the three factors listed below.
The three factors are:
(a) To have a „feeling‰ about or gauge how safe the workplace is;
(b) To establish a benchmark to measure the OSH performance; and
(c) To lay out OSH strategies as part of the business strategies.
Risk assessment exercise is one of the core processes in Occupational Safety and
Health Management Systems (OSHMS) such as OSHAS 18001 and MS 1722.
Furthermore, the risk assessment process will give an overview of the level of
OSH risks at the workplace.

SELF-CHECK 3.1
What are the factors that must be taken into account when conducting
risk assessment at the workplace?
3.3 RISK ASSESSMENT MANAGEMENT

Risk assessment needs to be managed systematically to ensure that
organisational objectives are achieved. According to Stranks (1994), management
is defined as „the effective use of resources in the pursuit of organisational goals‰
and the term „effective‰ means to achieve a balance between the risk of being in
business and the financial investment to minimise the risk. Therefore, to ensure
our investment in terms of finances, time and manpower is not wasted, risk
assessment should be managed efficiently and effectively.
Figure 3.1 shows the relationship of risk assessment in the management system.
This is taken from the OSHAS 18001:2007 standard, which originated from
Quality Management System (QMS). This system covers all stages of
management from the planning stage to corrective action and will enable the
continuous improvement of OSH activities and standards in the organisation.
Figure 3.1: Risk assessment management system

Source: OSHAS 18001:2007

We will look into the details of the four elements ă Planning, Execution Process,
Monitoring and Follow-up, and Corrective Actions.
3.3.1 Planning
The planning stage plays a crucial role in the management of OSH at the
workplace. Without proper planning, we are managing OSH without direction
or a map. There are five main activities in the planning stage as summarised in
Table 3.1.
Table 3.1: Five Main Activities in Planning Stage of Risk Assessment Management
Activity Details
Safety and Health  An established Safety and Health Policy as a management
Policy commitment to ensure that the workplace is safe.
 A legal requirement, endorsed by top management and to
be reviewed and revised when necessary.
 Needs to be communicated to all levels of employees.
 Works as a guideline and direction in general on how to
manage OSH at the workplace.
Risk Assessment  An important step to identify the hazards, measure them
and identify the controls needed to minimise the risk to the
workers and damage to properties and environment.
 Used to decide on priorities and set objectives or targets to
eliminate risks or at least to minimise them to an acceptable
level (Hughes & Ferrett, 2002).
 A standard operating procedure (SOP) is normally
established to standardise the process and procedures for
performing risk assessment.
 A task force represented by each department is necessary
when performing risk assessment. This will ensure that the
right person, who is familiar with their work and activities,
can perform holistic risk assessment as accurately as
possible. Furthermore, risk assessment should include
„non-employees affected by the employerÊs undertakings
such as contractors, clients and members of public‰
(Hughes & Ferrett, 2002).

Legal Compliance  Identify the laws, guidelines or standards that the

organisation needs to comply with.
 Examples include documented Safety and Health Policy,
registration of pressure vessels and accident reporting.
 This legal compliance list shall be used to support the risk
assessment process in order to help the organisation prioritise
which risks need to be tackled first.
Identification of  Once the risk assessment and legal compliance list are
Objectives completed, the organisation needs to identify objectives that
must be achieved to ensure the risks are taken care of and
comply with legal requirements.
 S.M.A.R.T approach is used to identify the objectives.
 Established objectives shall be communicated to all
employees so that they understand them and support
management efforts to achieve these objectives.
OSH Programmes  Programmes that provide support in order to achieve the set
objectives.
 This programme must try to minimise the risk based on the
risk assessment that was performed earlier.
 Update regularly to monitor progress.
3.3.2 Execution Process

The execution process (or DO step in the Plan, Do, Check and Act [PDCA] cycle)
is the most difficult and challenging stage. It involves multiple levels of
communication, discipline, management and commitment to ensure the success
of what was planned with regard to OSH objectives and programmes. In this
execution process, it is important to link:
(a) The OSH strategies (Objectives and Programmes) to the operation;
(b) The OSH strategies to the people; and
(c) The people to the operation.
Without proper coordination of the above links, the success rate of achieving the
risk assessment objectives is low. That is why it is important for top management
and all levels of employees to support and commit to minimising accidents at the
workplace through risk management. Based on OSHAS 18001:2007, to ensure the

success of the execution process, the organisation needs to meet all the criteria
summarised in Table 3.2.
Table 3.2: Seven Main Activities in Execution Process of Risk Assessment Management
Activity Details
Roles,  The roles, responsibilities and accountabilities of the top
Responsibilities and management, middle management and employees with regard
Accountabilities to OSH shall be defined clearly in their job descriptions.
 This will ensure that employees at all levels are aware of
their responsibility for their own safety and of their roles
towards overall OSH in the organisation.
 Risk assessment can be useless if the employees do not want
to comply with OSH requirements stated in the procedure at
the workplace, especially when it is related to work safety
such as wearing Personal Protective Equipment (PPE).
Training and  Employees at all levels must be trained in OSH, at the very
Competence least in terms of their responsibilities towards OSH in their
jobs.
 For certain tasks that need special knowledge and skills in
OSH, for example, working in confined spaces or with
electrical work and radiation equipment, training must be
provided.
 It is required by law to have a competent person perform
special tasks such as in the scope of a Safety and Health
Officer and Chargeman. They should have appropriate
education, training or experience in these tasks (OSHAS
18001).
Communication and  Any OSH issues shall be communicated to employees via e-mail,
Consultation intranet, notice board, memo, toolbox meeting or other methods.
 Regular consultation between management and employees
through the Safety and Health Committee to discuss OSH
issues is required by law.
Documentation  Document mapping on the levels and interrelation of
documents is important to ensure employees are aware of
the OSH documentation system.
 From document mapping, the employees will know which
documents need to be referred to and where they can get the
documents.
 This is important for fast retrieval and referral of documents
when needed.
 Only write documents that are needed, that is, „write what
you do, do what you write‰.

Document Control  This is important to ensure ONLY the latest documents are
referred to.
 It is critical to review and revise documents at regular time
intervals to ensure they are updated and still valid for use.
 The archive of documents needs to be stated to ensure OSH
documents or records are kept as required by law, especially
with respect to training records, OSH meeting minutes and
medical records.
Operational Control  Based on the results of Risk Assessment, some risks need to
be controlled through documented Standard Operating
Procedures (SOP) to ensure workers perform their tasks
safely as stated in the SOP.
 This is an additional precaution to ensure employees follow
the steps on how to perform the task safely and minimise
any accidents.
 Some of the common documented operational control
procedures are hot work activities (welding, metal cutting,
brazing), electrical work, work at heights, working in
confined spaces and equipment maintenance work.
Emergency  ERP is needed as a proactive preparation when the
Response organisation needs to respond to any emergency situations
Preparedness (ERP) such as fire outbreaks, chemical spills, gas leaks, bomb
threats or any other emergency cases that could have an
impact on the organisationÊs OSH matters and operations.
 ERP need to be tested periodically to ensure its effectiveness.
It is reviewed and revised for improvement when needed.
3.3.3 Follow-up Process and Monitoring

After all the activities in the execution process have been executed, it is necessary
to monitor and measure the results against the Safety and Health Policy, objectives
and legal requirements (OSHAS 18001:2007). In this step, we can oversee and
compare the level of risk before and after the implementation of risk control. This
update needs to be recorded into the risk assessment register to ensure the risk
assessment register becomes a live document. The details of the follow-up
process and monitoring are summarised in Table 3.3.

Table 3.3: Six Main Activities in Follow-up Process and Monitoring of

Risk Assessment Management
Activity Details
Performance  It is a qualitative or quantitative measure to monitor the
Measurement and extent to which the organisationÊs OSH objectives are met
Monitoring (OSHAS 18001).
 Proactive (number of training, inspections, compliance) and
reactive (number of accidents, near-miss) data can be
collected to measure the performance.
 The data collected can be used to update the risk
assessment register and also to facilitate the corrective and
preventive actions to minimise the risks.
Evaluation of  The organisation needs to periodically evaluate its
Compliance compliance commitment on legal requirements.
Incident  Incident investigation is important in order to identify the
Investigation root cause of a particular incident. The results of the
incident investigations can then be compared with the
results of the existing risk assessment. Consequently, the
risk assessment should be reviewed and revised to ensure
that corrective and preventive actions are taken and
implemented appropriately.
Non-conformity,  Non-conformity, C&P actions are needed to identify and
Corrective and investigate non-conformity with OSH matters.
Preventive (C&P)  All the C&P actions are needed so that OSH matters are
Actions correctly mitigated and recurrence is prevented.
 The C&P actions taken need to be reviewed to ensure their
effectiveness.
 The findings need to be updated and the effectiveness of
actions linked to risk assessment.
Records of Control  All records of work done need to be kept and controlled.
 The records and data can be used for future reference in
terms of continual improvement of risk assessment.
 The records must link back to the risk assessment in order
to ensure that the risk assessment is accurate, or effective in
eliminating or minimising the risk.

Internal Audit  The purpose of the audit process is to ensure that the risk
assessment management, from planning stage to execution
stage, achieves its goals in meeting OSH policy and
objectives.
 The audit must be performed periodically by a competent
auditor and the audit report will be reviewed and presented
to management in the corrective actions step.
3.3.4 Corrective Process

In the corrective process, all the activities of risk management, from planning and
execution up to the monitoring process, need to be reviewed by top
management. The management review process in the corrective actions step is
the final stage of risk assessment management of what the organisation has done
to eliminate or minimise the risks at the workplace. The organisationÊs success in
eliminating or minimising risk will be measured objectively to ensure it meets its
Safety and Health policy and objectives. The overall risk assessment needs to be
reviewed and revised when necessary to ensure the overall purpose of risk
assessment is accomplished. The risk assessment process is a journey and this
process will be repeated again as a continuous process.
SELF-CHECK 3.2
1. Relate the risk assessment components in the OSH management
system.
2. Discuss how the follow-up process and monitoring is critical as a

source of feedback on risk assessment activity.
3.4 RISK ASSESSMENT METHODOLOGY

Risk is the determination of the likelihood and severity of the credible accident or
event sequence in order to determine the magnitude of identified hazards, and
consequently, to prioritise these hazards. Risk assessment can be performed by
using:
(a) Qualitative;
(b) Quantitative; or
(c) Semi-quantitative methods.

A qualitative analysis uses words to describe the magnitude of potential severity

and the likelihood that these severities will occur. These scales can be adapted or
adjusted to suit the circumstances and different descriptions may be used for
different risks. This method uses expert knowledge and experience to determine
likelihood and severity categories.
In semi-quantitative analysis, qualitative scales such as those described above are

given values. The objective is to produce a more expanded ranking scale than is
usually achieved in qualitative analysis, not to suggest realistic values for risk
such as is attempted in quantitative analysis.
Quantitative analysis uses numerical values (rather than the descriptive scales
used in qualitative and semi-quantitative analysis) for both severity and
likelihood using data from a variety of sources such as past accident experience
and from scientific research.
Severity may be determined by modelling the outcomes of an event or set of

events, or by extrapolation from experimental studies or past data. Severity may
be expressed in terms of monetary, technical or human impact criteria, or any
other criteria. The way in which severity and likelihood are expressed and the
ways in which they are combined to provide a level of risk will vary according to
the type of risk and the purpose for which the risk assessment output is to be
used.
In the Department of Occupational Safety and Health (DOSH) Guidelines on

Hazard Identification, Risk Assessment and Risk Control (2008), qualitative and
semi-quantitative methods are used as an example. It uses the 5  5 matrix
approach.
3.4.1 Likelihood of an Occurrence

This value is based on the likelihood of an event occurring. You may ask the
question „How many times has this event happened in the past?‰ Assessing
likelihood is based on worker experience, analysis or measurement. Likelihood
levels range from „most likely‰ to „inconceivable.‰ For example, a small spill of
bleach from a container when filling a spray bottle is most likely to occur during
every shift. Alternatively, a leak of diesel fuel from a secure holding tank may be
less probable.

Table 3.4 indicates likelihood using the following values:
Table 3.4: Categories and Examples of Likelihood
Likelihood (L) Example Rating

Most likely It is most likely for the hazard or event to be realised. 5
Possible The event has a good chance of occurring and is not 4
unusual.
Conceivable The event might occur sometime in the future. 3
Remote The event has not been known to occur for many years. 2
Inconceivable The event is practically impossible and has never 1
occurred.
3.4.2 Severity of Hazard

Severity can be divided into five categories. Severity is based upon an increasing
level of severity to an individualÊs health, the environment or to property.
Table 3.5 indicates severity by using the following values:
Table 3.5: Categories and Examples of Severity
Severity (S) Example Rating

Catastrophic Numerous fatalities, irrecoverable property damage 5
and productivity
Fatal Approximately a single fatality or major property 4
damage if hazard is realised
Serious Non-fatal injury, permanent disability 3
Minor Disabling but no permanent injury 2
Negligible Minor abrasions, bruises, cuts, first-aid type injury 1

Table 3.6 shows an example of a risk matrix.
Table 3.6: Example of a Risk Matrix
Severity (S)
Likelihood (L) 1 2 3 4 5
5 5 10 15 20 25
4 4 8 12 16 20
3 3 6 9 12 15
2 2 4 6 8 10
1 1 2 3 4 5
High
Medium
Low
To use this matrix, first find the severity column that best describes the outcome
of risk. Then follow the likelihood row to find the description that best suits the
likelihood that the severity will occur. The risk level is given in the box where the
row and column meet. The relative risk value can be used to prioritise necessary
actions to effectively manage workplace hazards. Table 3.7 determines priority
based on the following ranges:
Table 3.7: Ranges for Priority
Risk Description Action

15 to 25 HIGH A high risk requires immediate action to control the
hazard as detailed in the hierarchy of control. Actions
taken must be documented on the risk assessment
form including date of completion.
15 to 12 MEDIUM A medium risk requires a planned approach to
control the hazard and applies temporary measures if
required. Actions taken must be documented on the
risk assessment form including date of completion.
1 to 4 LOW A risk identified as low may be considered as
acceptable and further reduction may not be
necessary.
However, if the risk can be resolved quickly and
efficiently, control measures should be implemented
and recorded.

Hazards assessed as „High Risk‰ must be responded to with immediate action,

to resolve risk to life safety or the environment. Individuals responsible for the
required action, including follow-up, must be clearly identified. A further
detailed risk assessment method may be required; for example, quantitative risk
assessment is a means of determining suitable control measures.
3.5 DECISIONS ON RISK CONTROL ACTION

People are prepared to take more or fewer risks in different circumstances. They
are more likely, for instance, to accept higher levels of risk if there is some benefit
to them ă whether financial or in terms of their quality of life. What is the
tolerability rate? Tolerability of risk (TOR) framework was first developed in the
UK some 35 years ago by the UK regulators. They believed that regulation
should be as flexible as possible and introduced the concept of As Low as
Reasonably Practicable (ALARP), which has become the UK standard.
Later, UK regulatory authorities used the TOR for reaching decisions on whether
risks from an activity or process are unacceptable, tolerable or broadly
acceptable. In the context of tolerable, it does not mean acceptable. It refers to
risks that are worth taking and that are properly controlled.
Figure 3.2: Tolerability-of-risk triangle

Source: http://www.itsinternational.com

Figure 3.2 represents the meaning and value of the tolerability-of-risk triangle.
The triangle can be divided into three broad regions:
(a) The zone at the top represents the unacceptable region. For practical
purposes, a particular risk falling into that region is regarded as
unacceptable, whatever the levels of benefit associated with the activity.
Any activity or practice giving rise to risks falling in the uppermost region
would, as a matter of principle, be ruled out unless the activity or practice
can be modified to reduce the degree of risk so that it falls into one of the
regions below, or there are exceptional reasons for the activity or practice to
be retained.
(b) The zone between the unacceptable and the broadly acceptable region is the
tolerable region. Risks in that region are typical of the risks from activities
that people are prepared to tolerate in order to secure benefits, in the
expectation that: the nature and the level of risks are properly assessed and
the results used properly to determine control measures; the residual risks
are not unduly high and kept as low as reasonably practicable (ALARP);
and the risks are periodically reviewed to ensure that they still meet
ALARP criteria.
(c) The zone at the bottom represents the broadly acceptable region. Risks
falling into the region are generally regarded as insignificant and
adequately controlled. Regulators would not usually require further action
to reduce risks unless reasonably practicable measures are available. The
levels of risk characterising this region are comparable to those that people
regard as insignificant or trivial in their daily lives. They are typical of the
risk from activities that are inherently not very hazardous or from
hazardous activities that can be, or are, readily controlled to produce very
low risks. Nonetheless, the health and safety executive would take into
account that duty holders must reduce risks wherever it is reasonably
practicable to do so or where the law so requires it.

3.6 RISK ASSESSMENT CHALLENGES AT

WORKPLACE
The execution of risk assessment at the workplace can be an interesting and
challenging process. Since the risk assessment activity involves the whole
organisation, a consensus and commitment of the risk assessment plan should be
understood and well-accepted by all level of employees. The main challenges are
broken down into two areas namely:
(a) To get full commitment from top management; and
(b) To get full support from all levels of employees.
The details of the two main challenges are summarised in Table 3.8.
Table 3.8: Two Main Risk Assessment Challenges at the Workplace
No commitment from management Lack of support from employees

 Management is not committed to OSH.  Risk assessment or any OSH work
 Management does not want to invest or is an additional task and
spend money on OSH matters. responsibility for them on top of
their current job scope.
 OSH matters are not a priority in the
business.  OSH procedure is troublesome and
slows down their daily work.
 OSH management approach is more
reactive than proactive.
To ensure risk assessment is effective and adds value to the organisation, the two
factors above must first be corrected. In order to achieve this, a paradigm shift
among management and employees is needed. The importance of risk
assessment must be explained and communicated to management and
employees by a competent safety and health professional.
ACTIVITY 3.1
With regard to the two main risk assessment challenges, discuss with
your coursemates how best to overcome these challenges.

 Risk assessment involves two parameters ă likelihood and severity.
 Risk assessment exercise is one of the core processes in Occupational Safety

and Health Management Systems (OSHMS) such as OSHAS 18001 and MS
1722 standards.
 Risk assessment can be calculated using the 5  5 matrix by DOSH

Guidelines.
 Qualitative risk assessment involves uncertainty and subjectivity.
Likelihood Risk assessment strategy

Risk assessment Severity

Health and Safety Executive (HSE). (1996). Five steps to risk assessment (2nd
revision). Sudbury, Suffolk: HSE Books.
Guidelines for hazard identification, risk assessment and risk control (HIRARC).
(2008). Department of Occupational Safety and Health, Ministry of Human
Resources, Malaysia.
Health and Safety Executive (2001). Reducing risks, protecting people. Retrieved
from http://www.hse.gov.uk/risk/theory/r2p2.pdf

Notes.

OSHAS 18001:2007 Occupational Health and Safety Assessment Series. (2007).

London, England: OSHAS Project Group.

Publishing.
management (1997, 2nd ed.). Sudbury, Suffolk: HSE Books.

T op i c  Risk Control
4
LEARNING OUTCOMES
1. Explain the basics of risk control and prevention;
2. Explain the three main criteria in risk control;
3. Describe the hierarchy of risk control principles; and
4. Analyse the location of controls used.
 INTRODUCTION
„Prevention is better than cure‰ is a common quote when it comes to illnesses. If
we can identify the potential cause of an illness, by taking extra precautions and
controls, we can minimise the chances of getting that illness. For example, we can
prevent heart disease by controlling our diet and exercising regularly.
Sometimes, we can reverse the effects of a disease by taking necessary action

upon being diagnosed. However, most of the time, once diagnosed, the effects of
diseases are irreversible, resulting in additional costs for medication and
treatment. For this reason, it is important that we are aware of our health
conditions and the actions which we can take to prevent disease. In order to do
this, we identify our health risks and then take precautions to control or
eliminate the risks.
Similarly, we can also find risks in our organisation, and, consequently,

undertake control or elimination measures. Financial loss and other negative
events can be minimised through risk identification and control or elimination
measures. Not only that, the organisation will also gain positive effects, such as:

TOPIC 4 RISK CONTROL  41
(a) Improved productivity which results from employees feeling safe and
healthy when they are at work;
(b) A positive image among customers and the public when the organisationÊs
management is committed to workplace safety and health; and
(c) Minimised legal impact from enforcement bodies and also from the public
when the workplace is safe.
In this topic, we will look at how we can establish intervention, control and
prevention of risks at the workplace. It will also cover the basic hazards
prevention and risk control at the workplace and methods of prioritising
hazards control.
4.1 RISK CONTROL AND PREVENTION

Identifying hazards, undertaking risk assessment and implementing control
measures are key aspects of risk management.
According to Section 15 of the Occupational Safety and Health Act (OSHA) 1994,
it is the duty of every employer and every self-employed person to ensure, as far
as it is practicable, to protect the safety, health and welfare of all employees. All
identified safety and health hazards must be eliminated if possible or controlled
as quickly as possible, subject to priorities based upon the degree of risk posed
by the hazards. The preferred method of hazard control should be through the
application of engineering controls or the substitution of less hazardous
processes or materials. Total reliance on personal protective equipment (PPE) is
acceptable only when all other methods are proven to be technically and/or
economically infeasible.
4.2 RISK CONTROL PRINCIPLES

When a risk has been analysed, assessed and prioritised, workplace precautions
can be used to minimise it. Risk control needs to be identified, to ensure our risk
control decisions can lower the risk. The three main criteria in risk control are:
(a) Its effectiveness to eliminate or minimise the risk;

(b) Its reliability or consistency to control the risk; and
(c) Cost benefits in implementing risk control.

42  TOPIC 4 RISK CONTROL
The decision of risk control can be guided using a common risk control
hierarchy. This is based on safety standards and also regulations in certain
countries such as Control of Substances Hazardous to Health Regulations and
Management of Health and Safety at Work Regulations in the UK.
Figure 4.1 summarises the common hierarchy of risk control principles from the
most effective to the least effective methods.
Figure 4.1: Hierarchy of the risk control principles in minimising risk at the workplace
According to Bahr (1997), fairly effective methods, namely substitution, total

enclosure, isolation, reduction and engineering control are risk control methods
that „design out‰ the hazards from workers. They can be used concurrently with
the least effective methods (procedures and PPE) as complementary methods to
minimise risk towards workers.

The following subtopics will explain further the hierarchy of risk control
principles.
ACTIVITY 4.1
1. How can we convince management to invest financially in risk
control items in order to minimise risk at the workplace? Discuss.
2. Prepare a strategy for executing risk control activities from the

planning stage to the implementation stage.
4.2.1 Elimination
This is the most desired and effective risk control activity. By removing the
hazards, the risk will be automatically eliminated. For example, if the activity or
process is too risky or the risk is too high to workers, we should abandon the
process or activity completely.
4.2.2 Substitution
In the substitution approach, we use an alternative approach to minimise the
risk. A simple example is instead of using hazardous chemicals, such as acids, for
cleaning, we can use neutral liquids such as water and soap. When substitution
risk control is implemented, care should be taken not to introduce new hazards
as a result of introducing new material in the substitution process.
4.2.3 Total Enclosure

The total enclosure approach will cover the whole equipment, machine,
hazardous materials or process during operation to protect workers from any
hazards caused by the equipment. For example, the enclosure is not easily
opened or removed by workers (Figure 4.2).

Figure 4.2: An example of total enclosure for toxic gas cylinder storage for equipment
operation
4.2.4 Isolation
Isolation is used to separate the equipment, machinery or process by using an
enclosure, fence, guard or barrier. This will prevent workers from approaching
the hazards. An example of isolation is shown in Figure 4.3.
Figure 4.3: An example of isolation risk control when nitrogen gases are needed to
support the workerÊs activity
Source: Bahr (1997)
4.2.5 Reduction
Reduction in risk control is performed by minimising the root cause of the risks.
This can be done by improving the process or activity. For example, noise
generated from piling activities can be minimised by reducing the hammering
force but increasing the frequency of hammering.

4.2.6 Engineering Control

This control risk uses engineering means (design or sensors) in order to minimise
the risk to workers from being exposed directly or being in close proximity to the
hazard. This is the most practical approach in terms of cost benefits and the
ability to minimise the risk to acceptable levels. Normally, it controls risks at the
source by isolating, reducing and enclosing them. Some examples are:
(a) Dust filters to filter dust and prevent dust inhalation by workers.
(b) Motion sensors to power off the machine when the sensor detects any
human part entering any equipment.
(c) Gas detection sensors to detect any toxic gas or chemical leaks before the
gas or chemical vapours are inhaled by workers.
4.2.7 Safe Work Systems / Procedure

Establishing documented safe operating procedures is part of the safe work
system. A safe system of work can be explained as „a defined method for doing a
job in a safe way‰ (Hughes & Ferrett, 2002). In this risk control approach, a
holistic overview of managing risks at the workplace is important. We know that
the root cause of an accident is a combination of variable factors (such as
equipment failure, substances and operator competency).
Therefore, controlling risk in this approach involves overseeing all the factors,
which requires a system to monitor all the variable factors. This risk control
approach works as a compliment with other risk control approaches. To ensure
we are efficiently and effectively manage risk using this approach, the system
will involve a closed loop management system. In a management system, a
PDCA (PlanăDoăCheckăAct) cycle is adopted. Figure 4.4 explains the common
PDCA cycle.

Figure 4.4: A summary of PDCA cycle in safe system of work

Source: Health and Safety Executive (1997)
Some of the commonly documented safe work procedures that need to be

established are summarised in Table 4.1.
Table 4.1: Examples of Safe Standard Operating Procedures
Procedure Description
Emergency response A procedure to respond in case of emergency, including
plan building evacuation, mitigation response and
communication protocol during emergency.
Permit to work system Critical procedure when dealing with work with
contractors and also non-routine or abnormal work.
Housekeeping Housekeeping guidelines for workers to ensure the
workplace is clean and organised.
Accident investigation A standard process flow to gather information and
perform investigation when accidents occur. This will help
the organisation come up with a systematic flow to identify
the root cause and identify the corrective and preventive
actions to prevent the re-occurrence of the accident.
Preventive and A procedure to provide guidelines on how to perform
corrective maintenance maintenance safely.
Equipment / plant A procedure to assist the operators in operating the
operation equipment or plant safely.

4.2.8 Personal Protective Equipment (PPE)

Personal Protective Equipment (PPE) should be the last resort in minimising risks
to workers. This is because risk still exists and the only protection between the
risk and the worker is PPE. PPE is necessary when workers are directly exposed
to the risk. The limitations of PPE are summarised in Figure 4.5.
Figure 4.5: Limitations of PPE as a risk control method

Source: Hughes & Ferrett (2002)
4.3 LOCATION OF THE CONTROLS USED

Controls are usually placed at the following locations (see Figure 4.6):
(a) At the source (where the hazard "comes from")

Method of control: Substitution, enclosure, isolation, process modification,
local exhaust ventilation and fugitive emission control.

(b) Along the path (where the hazard "travels")

Method of control: Automation or remote control, general ventilation,
dilution ventilation, continuous area monitoring and housekeeping.
(c) At the worker

Method of control: Enclosure of worker, personal monitoring, training and
education, worker rotation and personal protective devices.
Figure 4.6: Location of controls
SELF-CHECK 4.1
1. What are the critical factors involved in the selection of risk
control approaches once risks have been identified and assessed?
Discuss.
2. What are the additional risk controls that should be in place in

order to control health hazards to the workers? Discuss.
 Risk control and prevention is a compulsory responsibility for all employers

under the national Occupational Safety and Health Act (OSHA) 1994,
whereby employers are to take adequate measures to protect employees from
machinery, work procedures, hazardous materials and physical work.
 Risk control can be obtained through engineering controls, awareness

devices, predetermined safe work practice, administrative controls and the
enforcement of personal protective equipment (PPE).

 Engineering controls is a method whereby hazards are eliminated or

minimised at the very early stages ă during the design or engineering stage
through substitution, elimination, ventilation, isolation or process/design
change.
 Administrative controls require the management of an organisation to

prioritise workplace safety and health and to take adequate measures to
address these matters while employees are to adhere to policies, rules and
regulations.
 Risk controls can be ranked as most effective, more effective, less effective
and least effective, which helps to determine the effectiveness of control
measures currently in place.
Hierarchy of risk control Personal protective equipment (PPE)

Risk control Risk prevention
Risk control principles Safe work systems
The Institute of Risk Management (IRM). (2002). A risk management standard.

London, England: Author.


Notes.
management (2nd ed.). Sudbury, Suffolk: HSE Books.

OHSAS 18001:2007 Occupational health and safety assessment series. (2007).


Publishing.

Topic  Job Safety
5 Analysis (JSA)
LEARNING OUTCOMES
1. Describe Job Safety Analysis (JSA) and its benefits;
2. Explain basic steps in JSA; and
3. Discuss the relationship between JSA and Safe Operating
Procedure.
 INTRODUCTION
Do you know what the first step in managing OSH risk is? The first step in
managing OSH risk is the identification of hazards for all possible situations
where people may be exposed to injury, illness or disease or the loss of property
and assets to the organisation including damage to the general environment.
There are many techniques that are used for the identification of hazard. The
selection of methods depends on the type of hazard.
Some techniques are designed for the identification of a hazard as it exists in situ,
such as observing the status of housekeeping or measuring noise levels at the
workplace. Others are designed to identify hazards that arise out of chemical
processes or equipment used in process plants. Bear in mind that this can also be
done even during the design stage of the process plant. For this situation,
identification techniques such as, Hazard and Operability Study (HAZOP) or
Failure Modes and Effects Analysis (FMEA) will be used. These techniques and
others will be discussed in subsequent topics of this module.

52  TOPIC 5 JOB SAFETY ANALYSIS (JSA)
In this topic, we will first learn about the Job Safety Analysis (JSA) process for
specific jobs and tasks. In other words, we will focus on the identification of
hazards for activities that are carried out in sequence. Quite often these activities
are carried out by workers.
5.1 WHAT IS JOB SAFETY ANALYSIS (JSA)?

Job Safety Analysis (JSA) is also known by other names such as Job Hazard
Analysis (JHA) and Activity Hazard Analysis among others. These are essentially
one and the same. JSA is a documented process where a complete task or job is
broken down into its sequential steps. Each step is evaluated for actual or
potential hazards and risks through observation or other means and control
measures are developed to eliminate the hazards or reduce their risks.
In other words, JSA goes beyond the process of identifying hazards to include
the process of controlling and mitigating the effects of the identified hazards.
Hazard and risk evaluation focuses on the worker as he performs his task and
takes into account the tools he uses, the materials he is handling or exposed to,
his work position, the procedure he uses to accomplish the work and his work
environment.
SELF-CHECK 5.1
1. Describe the differences between hazard identification activity
and JSA.
2. Describe the focus of JSA.
5.2 TERMINOLOGY
We have learnt that Job Safety Analysis (JSA) is a documented process where a
complete task or a job is broken down into its sequential steps. Each step is
evaluated for actual or potential hazards and risks through observation or other
means and control measures are developed to eliminate the hazards or reduce
their risks.
Before we proceed further, let us take a look at some definitions of terminology

in Table 5.1. These terms are used in Job Safety Analysis according to
Occupational Health and Safety Standard (OHSAS) 2007.

TOPIC 5 JOB SAFETY ANALYSIS (JSA)  53
Table 5.1: Terminology Used in Job Safety Analysis
Terminology Definition
Hazard Source, situation or act with a potential for harm in terms of
human injury or ill health or a combination of these.
Hazard Process of recognising that a hazard exists and defining its
identification characteristics.
Risk Combination of the likelihood of an occurrence of a hazardous
event or exposure and the severity of injury or ill health that can be
caused by the event or exposure.
Risk assessment Process of evaluating the risk that arises from a hazard, taking into
account the adequacy of any existing controls, and deciding
whether or not the risk is acceptable.
Source: OHSAS (2007)
SELF-CHECK 5.2
1. Define JSA.
2. Define these terms according to Occupational Health and Safety

Standard (OHSAS) 2007:
(a) Hazard;
(b) Hazard identification;
(c) Risk; and
(d) Risk assessment.
5.3 BENEFITS OF DOING A JSA

There are direct and indirect benefits derived from doing a JSA. First of all, the
results of the JSA will directly make the worker and the workplace safer. This
will improve productivity and profitability in the organisation. The other benefit
is that through the process, the organisation has the opportunity to identify
potential improvements to its management system. These benefits are derived in
the following ways:
(a) It is statistically well-known that the majority of incidents and accidents in

the workplace are human-related (Heinrich, 1931). Thus, focusing on

worker activities will substantially address a major source of incidents and

accidents.
(b) From accident theories, we know that the root cause of accidents is the
„lack of management control‰ meaning that, there are weaknesses in the
management system (Bird, 1974). By doing JSA, the organisation will have
the opportunity to discover weaknesses in the system such as hazards that
were not previously recognised, training requirements that have not been
thought through, proper equipment that is not provided or procedures that
are not appropriate.
(c) Doing JSA will provide management with the discipline to analyse a work
activity and have this written down in detailed sequential steps. The result
will become a useful guide for workers involved in this particular activity
in the future. It can be used to train new workers. This will also improve
communication between workers and their supervisors.
(d) With the reduction in incidents and accidents, the potential improvement in
work methods, worker morale, compliance with legal and management
system and improved image and reputation will all lead to increased
productivity and profitability for the organisation.
Thus, it can be said that doing JSA is good for business.
SELF-CHECK 5.3
Describe the benefits of doing JSA.
5.4 BASIC STEPS IN JSA

There are four major steps in conducting a JSA? They are:
Step 1: Select the job to be analysed.
Step 2: Break down the job into a sequence of steps.
Step 3: Identify potential hazards.
Step 4: Determine preventive measures to control these hazards.
Now, let us go through each of the four steps in detail.

5.4.1 Select the Job to be Analysed

Ideally, all jobs should be analysed through actual observation. However, it is
more sensible to prioritise the JSA effort to those jobs that are accident prone. For
example, falls of all types are among the most frequent incidents that can happen
in the workplace. In the annual statistics published by SOCSO (PERKESO), more
than 40 per cent of all reported accidents, year in and year out, are in this
category. Thus, jobs that involve lifting, climbing, working at heights or tripping
on the floor should have a JSA.
These are the categories of jobs that need JSA:
(a) Jobs that involve lifting, climbing, working at heights or trips, slips and
falls;
(b) Jobs that have potential to cause disabling injuries including loss of limbs,
body functions or illnesses such as cancer;
(c) Jobs that are complicated requiring detailed steps and planning such as
when installing heavy equipment;
(d) Jobs that are risky, where a simple error can cause heavy consequences such
as when handling materials with fire and explosion hazards; and
(e) Jobs that are new or have had a JSA done previously but now have changed
the processes or procedure.
A valuable source of information that you can use to determine which job is to be
analysed, is your organisationÊs OSH reports, which include OSH audits and
incident or accident investigation reports.
5.4.2 Break Down the Job into a Sequence of Steps

The second step would be to outline the job procedure into clear steps in the
order the work is to be performed. Review this outlining work together with
employees. This is important for two reasons:
(a) Workers are familiar with the job; and
(b) Workers will have the „buy-in‰ when the time comes for them to carry it out.

Make sure the job steps are simple and perhaps consist of no more than ten steps.
If the steps are long or complicated, this may indicate that the job can be further
broken down into separate smaller tasks and a separate JSA can be carried out for
these. On the other hand, do not make the steps so broad that each step contains
many activities. Do not, for instance, make „change the car tyre‰ as a step as this
involves many activities. Likewise, do not describe the steps in "unbolting the
wheel". Look for logical break points to define the steps. For example, the job of
„change the car tyre‰ can be broken down as shown in Table 5.2.
Table 5.2: Job Safety Analysis Worksheet for Changing a Car Tyre (Break Down the Job
into a Sequence of Steps)
Job Safety Analysis Worksheet

Job: Change the car tyre
Analysis By: Reviewed By: Approved By:
Date: Date: Date:
Job Step Potential Accidents or Preventive Measures
Hazards
1. Secure the car
by pulling on
the hand
brake.
2. Jack the car up.
3. Remove the
wheel.
And so on.....
As can be seen in Table 5.2, in each of the steps given, you will have different
activities, use different tools and be confronted with different sets of hazards.
Review with the worker to see if all the steps to accomplish the job have been
taken into account and whether the steps are in the right order. Therefore, in the
case of „change the car tyre‰, the job begins with „secure the car‰ and finishes off
by "lowering the jack".
You can also use a form to record each job and its consequential steps. The form
can be as simple as the one in Table 5.2, or you may consider using a more
comprehensive one which includes risk assessment for each hazard (see
Appendix 1). Evaluate the risk in exactly the same way as discussed in the
previous topic.

5.4.3 Identify Potential Hazards

Before observing the actual job being performed by the worker, there are two
things that must be done first:
Step 1:
Gather information on previous accidents in the workplace in question.
Step 2:
Observe and take note of the general environment of the work at the time the
work observation is being conducted. Although the work environment may
not be directly related to the work itself, it may affect the work or the worker
to some, or a considerable, extent. For example, you should observe:
(a) The status of housekeeping where the job is to be performed;
(b) Whether there are obstructions in the path of the worker, for example,
materials on the floor that could cause him to trip;
(c) The level of lighting;
(d) The level of noise; and
(e) The existence of live electrical hazards or radiation hazard.
Use the information given and also information from personal experience or
general observation of the work to list the things that could go wrong at each
step of the job. When this is done, the actual observation can be more focused on
the job and the worker itself.
Do you still remember the hazard identification techniques that we learnt earlier?
To supplement the techniques discussed previously, you can identify the
potential hazard at each step by asking yourself a series of questions. These are
some examples of questions that you can modify for your own needs:
(a) Can the worker make harmful contact or be struck by sharp, fixed or
moving objects?
(b) Can the worker get caught in between objects or moving machinery?
(c) Can any part of the workerÊs body, clothing or jewellery get caught in
moving parts?
(d) Can the worker make contact with electricity or hot, toxic, caustic and
hazardous substances?

(e) Is the worker wearing appropriate personal protective equipment, clothing

or safety harnesses?
(f) Are the tools, machines and equipment that the worker uses appropriate
and safe?
(g) Does the worker know how to use the tools, machines and equipment
correctly?
(h) Is the worker's position with respect to the machine dangerous?;
(i) Can the worker be injured by reaching over to the machinery, moving or
feeding material into it?
(j) Is machinery adequately guarded and floor openings or pits and holes
covered?
(k) Is the worker required to make repetitive motions over long periods?;
(l) Is the worker required to carry out lifting, pulling or carrying heavy objects
without mechanical assistance?
(m) Can the worker slip, trip or fall?
(n) Is the worker at any time in an off-balanced position?
(o) Can the worker fall from one level to another?
(p) Is there a danger from falling objects?
(q) Can weather conditions affect safety?
(r) Is the worker exposed to environmental hazards such as:
(i) Extreme heat or cold;
(ii) Harmful radiation;
(iii) Excessive noise or vibrations;
(iv) Dust, fumes, mist or vapours in the air; and
(v) Inadequate level of lighting.
The answer to these questions are noted for each of the steps that are ready to be
used for the next JSA step, which is to determine preventive measures to control
these hazards.

Remember the example in Table 5.2? Now, take a look at Table 5.3; it is the same
example with potential accidents or hazards included.
Table 5.3: Job Safety Analysis Worksheet for Changing a Car Tyre
(Identify Potential Hazards)

Date: Date: Date:
Hazards
1. Secure the car  Hand brake does not
by pulling on hold.
the hand  Car slides down hill.
brake.
2. Jack the car up.  Jack slips, potentially
hitting people.
3. Remove the  Bolts too tight.
wheel.  Straining back.
And so on.....
5.4.4 Determine Preventive Measures to Control

These Hazards
There are two principles that you need to know when dealing with hazards. The
first and the best way is to eliminate or remove the hazard. Secondly, if this
cannot be done, control it at the source of the hazard itself. For example, if your
problem is fumes, then, the right preventive measure is to minimise the fumes by
reducing their production or by covering the fumes and ventilating them away.
The wrong way of controlling this hazard would be to require workers to wear
breathing apparatus to protect themselves.
Determining the preventive and control measures for the hazards found in JSA
will follow the same rules as discussed in the previous topic. You can also use the
Hierarchy of Control principles to determine the preventive and control
measures for JSA.

As can be seen in Table 5.4, we have added the preventive measures to the
example that we created in subtopic 5.4.2.
Table 5.4: Job Safety Analysis Worksheet for Changing a Car Tyre
(Determine Preventive Measures to Control These Hazards)

Date: Date: Date:
Hazards
1. Secure the car  Hand brake does not  Choose a firm, level parking area.
by pulling on hold.  Leave automatic transmission
the hand  Car slides down hill. gear in „PARK‰.
brake.
 Place blocks in front of and
behind the wheel.
2. Jack the car up.  Jack slips, potentially  Place the base of the car jack on
hitting people. something flat and strong.
 Ensure that it stands upright.
3. Remove the  Bolts too tight.  Pry off hub cap carefully.
wheel.  Straining back.  Use proper wrench.
 Apply pressure slowly.
And so on.....
5.5 JSA AND SAFETY AND HEALTH

PROCEDURES
The product of a completed JSA is a set of guidelines on how to perform a job
safely. Therefore, the steps should be converted into written instructions, so that,
every time a worker has to perform the job, he will do it exactly as stated in the
written instructions. Thus, a collection of JSAs should be part and parcel of the
organisationÊs safety procedures.
The job instruction must be made known to those who have to perform the job or
those who are involved in one way or another with the job. Furthermore, those
who are directly involved in the job must be given training. The right tools,
equipment and other requirements identified in the JSA must also be made
available. Finally, the procedures must be enforced and monitored.
In the construction industry, JSA is crucial to the success of every project. Every
job can be different at different times and places. Thus, JSA should be conducted
most of the time and be included in the project method statements. It should be
the organisationÊs policy to conduct JSA for any new job.
SELF-CHECK 5.4
Describe the actions an organisation must make on the completion of a
JSA.
 JSA focuses on identifying hazards as a job is being performed.
 The result of the JSA will directly make the worker and the workplace safer.
This will improve productivity and profitability in the organisation.
 Through the JSA process, the organisation has the opportunity to identify
potential improvements to its management system.
 Four major steps in conducting a JSA include to select the job to be analysed,
break down the job into a sequence of steps, identify potential hazards and
determine preventive measures to control these hazards.
Hazards Job steps

Job Preventive measures
Job safety analysis (JSA) Procedures

Bird, F. E. (1974). Management guide to loss control. Englewood Cliffs, NJ:

Prentice Hall.
Guidelines for Hazard Identification, Risk Assessment and Risk Control

(HIRARC). (2008). Department of Occupational Safety and Health Ministry
of Human Resource, Malaysia.
Heinrich, H. W. (1931). Industrial accident prevention: A scientific approach.

New York, NY: McGraw-Hill.
Occupational Safety and Health Administration (OSHA). (2002). Job Hazard

Analysis, OSHA 3071 (Revised). Washington, DC: U.S. Department of
Labor.
Occupational Health and Safety Management Systems ă Requirements. (2007).

Occupational Safety and Health Management Systems ă Part 1: Requirements


Requirements. (2007). London, England: BSI Standards Publication.
Reason, J. (1990). Human error. New York, NY: Cambridge University Press.

APPENDIX 1

T op i c  Task Analysis
6
LEARNING OUTCOMES
1. Define task analysis and task inventory;
2. Explain critical task identification;
3. Identify the importance of task analysis at the workplace; and
4. Describe the process of task analysis.
 INTRODUCTION
Task analysis is the systematic examination of a task to identify all hazards or
risks associated with the task and develop controls for those exposures.
Organisations of all types have found this to be an extremely useful activity, not
only to improve safety and health but also for the overall improvement of
operations. Task analysis is the direct application of the goals of occupational
safety and health (OSH) control management to the work that is being done in an
organisation.
6.1 TASK ANALYSIS

Prior to any work being done to identify critical tasks, all persons involved
should have a mutual understanding of two main key terms which are task and
critical task. Other necessary terms are procedure and step. Let us now discuss
these terms in greater detail.

TOPIC 6 TASK ANALYSIS  65
(a) Task
A task is a segment of work, which requires a set of specific and distinct
actions for its completion.
Examples are:
(i) Performing the pre-use inspection on overhead crane;
(ii) Setting up the wrapping machine for candy bars;
(iii) Performing an emergency shut down on the preheat furnace; and
(iv) Preparing the shipping papers for an interstate rail shipment.
A task for an electrician might be to wire a junction box. This task could be
done in isolation or could be one of a series of tasks necessary to complete a
much larger work assignment, such as wiring a house.
Tasks are usually made up of a sequence of steps. While there are no

established rules for how many steps may be included in a task, one should
have an overall perception of how specific (or general) an activity may be
called a task.
Ask yourself, „Should there be a procedure or work instruction for doing

this?‰ The light bulb example is too specific and is probably a step within a
task. The jet airliner example is too broad. Imagine the size of the document
required if a single procedure or work instruction could be written.
Operating a jet airliner is a work assignment made up of many tasks.
Rebuilding a carburettor is a task which could be done safely and
consistently while following a well-written procedure or work instruction.
(b) Critical task

A critical task is a task which has the potential to produce major loss to
people, property, process and/or environment when not performed
properly. Critical tasks are the focus of this discussion. It is these vital few
tasks that we must be assured are done the best way possible.
(c) Procedure
A procedure is a step-by-step description of how to proceed, from start to
finish, in performing a task properly.
(d) Step
A step is one segment of the total task where something happens to
advance the work being performed.

66  TOPIC 6 TASK ANALYSIS
Task analysis (TA) is the analysis of how a task is accomplished, including a

detailed description of both manual and mental activities, task and element
durations, task frequency, task allocation, task complexity, environmental
conditions, necessary clothing and equipment as well as any other unique factors
involved in or required for one or more people to perform a given task. TA is a
fundamental methodology in the assessment and reduction of human error. TA
is used to describe or evaluate the interactions between humans and the
equipment or machines. It can be used to make a step-by-step comparison of the
capabilities and limitations of the operator with the requirements of the system.
The resulting information is useful for designing not only equipment, but also
procedures and training.
Upon completion of task analysis, we can further develop task procedure or task
practice. The use of task practice is to avoid attempts to procedurals tasks which
cannot realistically be procedurals and thus have an end product which is not
practical. Task practices are especially useful with trades, crafts, maintenance and
materials handling where the same task may be done in a wide variety of settings
and circumstances.
Hence, TA is geared toward illustrating the proper way to complete a task,

including considerations for safety, quality, reliability and production.
Table 6.1 explains the five steps in developing task procedures and practices.
Table 6.1: Five Steps in Developing Task Procedures and Practices
Step Description
Step 1 Systematically create an inventory of tasks and identify the critical tasks.
Step 2 Analyse each critical task by:
 Reducing it to the steps performed;
 Identifying all loss exposures;
 Making improvement suggestions; and
 Developing controls for each exposure.
Step 3 Write task procedures or practices.
Step 4 Put procedures to work.
Step 5 Maintain records through periodical review and updates.

SELF-CHECK 6.1
1. Define task analysis.
2. Explain the importance of conducting task analysis at the

workplace.
6.2 CREATE TASK INVENTORY

The first step in identifying critical tasks is to make an inventory of all tasks
within the organisation. Typically, this is done for those work areas which are
exposed to risks such as the hands-on areas of production, maintenance and
materials handling. However, it can also be done for other areas such as office
and information systems.
The following are several methods of identifying critical tasks:
(a) Create an inventory of all the tasks performed by all the occupations;
(b) Identify critical tasks as part of a hazard or risk analysis;
(c) Review regulations and industry standards;
(d) Survey employee;
(e) Systematically review existing procedures;
(f) Analyse health hazards;
(g) Analyse accidents or incidents; and
(h) Observe workers performing tasks.
The best system will probably include a combination of these approaches. The
following discussion looks at one such approach.
6.2.1 Inventory Occupations

The first step in developing a comprehensive task inventory is to create a list of
all occupations within the organisation.
These occupations are functional to the operation and are not necessarily the
classification established by the human resources department. The best list of
occupations will come from those who supervise the work.
6.2.2 Inventory All Tasks within Each Occupation

Once the occupation inventory is completed, the next step is the more difficult
effort of listing all the tasks performed within each occupation and/or major
work assignment. This inventory should at least reflect all the „hands-on‰ work
(as opposed to administrative duties) associated with each occupation or major
work assignment. Once developed, this comprehensive task inventory will
permit each of the tasks to be evaluated later to determine whether it is critical.
Examples of such tasks might include emergency shutdown actions for specific
equipment, a control room operator's procedure for instrument loss or donning
of escape breathing apparatus. It also includes tasks that a worker may no longer
be familiar with because they are seldom done.
The people who can best identify all the tasks for a particular occupation are the
supervisors or leaders and workers. They are the most experienced or
knowledgeable about the occupation. They can do this as a team by
brainstorming about the hands-on work related to that occupation or by
observing and talking with those who actually do the work. This provides an
excellent opportunity to apply the principle of involvement by utilising the
expert experience and help of those who will be most affected; the work group.
Remember, a team of people who are knowledgeable about the work being
considered should always be made a part of every stage of task analysis and
procedure.
Task analysis is a management technique, not an exact science. There are,

however, several practical „rules of thumb‰ which can be invaluable to task
inventory development teams. These include:
(a) Terms such as operate and maintain, when used to describe a single task,
often indicate that the work has been too broadly defined and should be
broken down to several more manageable tasks. Determine whether the
work described is a skill or a segment of work, which requires a set of
specific and distinct steps for its completion;
(b) Activities which use the -ing form of the verb (stacking, moving, loading,
and cleaning) are usually general responsibilities rather than specific tasks.
Tasks can be identified from such descriptions, however, by further asking
„What is being stacked, moved, loaded or cleaned and where is this taking
place?‰;

(c) Rarely would a task be comprised of a single step, such as „rotate the 7/8
wrench one half a turn clockwise‰ or „push the reject button.‰ Rather, a
task is almost always made up of a number of definite steps, each
contributing to the completion of the task (tasks can be too narrowly
defined, as well);
(d) General responsibilities and relationships, which are normally included in a

position charter or job description, are generally not tasks. They should not
be listed as tasks if charters are referred to;
(e) The greater the number of people required completing the work, the greater
the chance that more than one task is involved, for example, one to two
workers versus three to five; and
(f) A maintenance-related occupation will typically contain more total tasks

than an operations or assembly-related occupation. The latter might contain
relatively few tasks that are performed repeatedly.
Perhaps the most common error made by task inventory development teams is to
be too broad in defining what will be considered a task. When tasks are broadly
defined at this initial stage, the subsequent stages are seriously compromised.
This is because all the specific work being done within each occupation will not
have been fully identified.
6.3 CRITICAL TASK IDENTIFICATION

All tasks with a history of loss, whether personal injury, property damage,
quality or production loss, should be classified according to their criticality. To be
predictive rather than reactive, it is also vital to include tasks having a potential
for major loss even though there is no history of such an occurrence. To do this,
the following questions should be asked:
(a) Can this task, if not done properly, result in major loss while being
performed?
(b) Can this task, if not done properly, result in major loss after having been
performed?
(c) How serious is the loss likely to be? What is the severity of injury, cost of
damage or cost of quality or production loss likely to be? Are other persons
or departments likely to be affected?
(d) What is the expected frequency of losses?

Frequency of loss is strongly influenced by how often the task is performed in the
organisation in a specific time period (repetitiveness), and how likely it is to
result in a loss each time it is done.
There are many degrees of criticality and, in fact, every task worth doing is
critical to some degree. Thus, a system, which develops a scale of criticality, is
likely to result in fewer differences of opinion than one which merely classifies
the task as critical or not critical. It is suggested that the above factors be
converted into three scales relating to severity, frequency of exposure and
probability of loss. Some subjective judgment is still required by the team
members, the fact that each factor is given due consideration resulting in a more
consistent and logical classification of tasks according to its criticality. The
following paragraphs describe a practical evaluation system that is both easy to
understand and simple to use.
6.3.1 Severity
Severity is derived from the losses being incurred or the loss most likely to be
incurred as a result of wrong performance of the task. In many cases, a whole
range of losses could occur but only the most likely result is considered. If a
wrong vessel entry procedure results in an accident, it is more likely to be serious
than not, while a wrong shovelling technique is more likely to result in a small
loss than a large loss.
A scale of from zero to six is suggested (monetary amounts are up to the

organisation), as shown in Table 6.2.
Table 6.2: Scale from Zero to Six
Scale Description
0 No injury, illness or quality, production, environmental or other loss of
less than $1,000.00
2 Minor injury or illness without lost time; non-disruptive property
damage; quality, production, environmental or other loss of $1,000.00
to $10,000.00
4 A lost time injury or illness without permanent disability; disruptive
property damage; quality, production, environmental or other loss of
more than $10,000.00 but not exceeding $50,000.00
6 Permanent disability; loss of life or body part; extensive loss of
structure, equipment, material; quality, production, environmental or
other losses exceeding $50,000.00

These descriptions and evaluations of severity, as well as the number of points

on the scale, can be varied to suit different requirements.
6.3.2 Frequency
Frequency of exposure can be assessed from Table 6.3, using a scale of one to
three.
Table 6.3: Frequency Value Factors
Number of times task is performed by each person

Number of persons
performing task Less than daily Few times per day Many times per
day
Few 1 1 2
Moderate 1 2 3
Many 2 3 3
6.3.3 Probability
The probability or likelihood of loss occurring whenever a particular task is
performed is influenced by the following factors:
(a) Hazardousness (that is, how inherently dangerous is the task?);
(b) Difficulty (that is, is the task prone to quality, production or other
problems?);
(c) Complexity of the task; and
(d) The chance that there will be loss if the task is improperly performed.
These factors are not evaluated separately but they should all be borne in mind.
The key question is „How likely is it that things will go wrong as a result of the
performance of this task?‰ From this consideration, an estimate of the likelihood
should be quantified. A scale of from -1 to +1 is used as follows:
-1 = Low probability of loss

0 = Moderate probability of loss
+1 = High probability of loss

The points allotted to each of the three factors are then added to indicate a scale
of criticality ranging from 0 to 10 (refer to Table 6.4). It is, in effect, an order of
priority. Management may decide that all tasks allotted less than, say, three
points will be disregarded from an occupational safety and health control point
of view and not be listed as critical tasks. On the other hand, tasks allotted eight
or more points will be regarded as the most critical tasks, requiring immediate
attention.
Table 6.4: Quantifying Criticality
Factor Minimum Maximum

Severity 0 6
Frequency 1 3
Probability -1 1
Total 0 10
The Critical Task Inventory Worksheet and Critical Task Analysis Worksheet
(refer to Figure 6.1 and Figure 6.2) are useful tools for listing the tasks performed
by an occupation and then evaluating the criticality of each task. The Major Loss
Exposures column shows the specific potential losses which could occur while
the task is being performed. Notice that all types of loss exposures should be
considered including safety, health, environment, quality, damage, fire,
production problems and excessive costs. For some organisations, the losses
might include matters such as loss of a major customer or loss of significant data.
Figure 6.1: Critical task inventory worksheet

Figure 6.2: Critical task analysis worksheet
The worksheet also documents whether a task procedure or a set of task practices
is needed. At times, this can be determined when the criticality of tasks is
evaluated. At other times, further analysis of the task is required before making
this decision. Whether skill training is required can also be decided. These and
other important considerations can be recorded so that the completed form
serves as a checkpoint to determine progress in dealing with the tasks that have
been inventoried and evaluated. It can also become the basis for identifying tasks
for the observation programme.
SELF-CHECK 6.2
1. Explain how to determine a task as critical.
2. Describe how task inventory is developed.
6.4 ANALYSING CRITICAL TASKS

The second step in the task analysis process is to analyse each critical task by
reducing it to the steps performed, identifying all loss exposures, making
improvement suggestions and developing controls for each exposure.
6.4.1 Reduce the Task to the Steps Performed

Most tasks can be broken down into a required sequence of steps. We have
defined a task step as one part of the total task where something happens to
advance the work involved. Every task can be broken down into the steps
required to do it and there is usually a particular order to the steps. It is this
orderly sequence of steps that will eventually become the basis for the task
procedure.

Identifying every step of a critical task is essential to the end result. When the
task is first observed, write down everything the worker does. The worksheet
shown in Figure 6.2 may prove helpful. After each step of the task is identified,
the team can go back and combine things or eliminate unnecessary details.
The breakdown must include every key step that is inherent in doing the task
correctly, but exclude those which will trivialise or overly burden the process.
The decision to consider any aspect of a taskÊs performance as a distinct step can
also follow the thinking used in classifying the criticality of a task. In other
words, one could ask the question, „Could a major loss result if the task is done
incorrectly?‰
Experience shows that many tasks can be broken down into ten to fifteen or even
twenty key steps. Certain tasks might justify a greater number of key steps. Each
task must be evaluated on its own needs. The key to the prevention of losses
from injury, property damage, quality problems or production losses is each
team memberÊs judgment in selecting the appropriate task steps.
It is important to use a structured approach to identify each step of a task. The

two recognised methods are:
(a) Analysis by observation and discussion; and
(b) Analysis by discussion alone.
Whenever feasible, use the observation and discussion technique, in which you
actually see the person, the equipment, the materials, the surroundings and the
process.
Here are six steps involved in analysis by observation and discussion.
Step 1 - Select several good workers who are willing to share their knowledge
and experience.
Step 2 - Gain cooperation by explaining what is being done and assuring that it
is the work, not the worker, which is being evaluated.
Step 3 - Observe the task being done by one of the selected workers and record
an initial breakdown.
Step 4 - Discuss this breakdown with the worker for accuracy, thus encouraging
the worker to share knowledge and experience.

Step 5 - Repeat Steps 2 to 4 with another worker if appropriate. Record the basic
steps of the task breakdown. It usually helps to start each statement
with an action verb, such as set, adjust, start, and remove and so on.
Step 6 - Contact other interested groups such as safety and quality control for a
detailed discussion and/or critique of the identified steps. Incorporate
their suggestions with revisions as necessary.
When it is not feasible to observe the work, perform an analysis by discussion

alone. This could be for a new task that is not yet being done, for one at a location
so remote that a visit is impractical or for one that is done infrequently but is so
critical it is not wise to wait. In such cases the following steps can be taken:
Step 1 - Get together the most knowledgeable people available, holding one or
more meetings with some or all of these people, as appropriate.
Step 2 - Explain the purpose and approach of the analysis.
Step 3 - Identify and record the task steps.
Step 4 - Present this information to another team for verification to ensure that
all steps have been identified.
Both approaches make good use of the management principle of involvement.

Meaningful involvement increases motivation and support. Effective
participation may well make the difference between failure and success in
developing and implementing effective task procedures and practices.
6.5 PINPOINT LOSS EXPOSURES

After breaking the critical task down into its steps, analyse each one to determine
the loss exposures involved with that particular step. Every aspect of the task
including safety, quality and production should be considered. Also consider
losses to the area or environment where the task is being done and the possible
long-term consequences of improper performance.
When pinpointing these specific loss exposures, avoid describing them in general
terms such as personal injury, poor quality, prolonged down time, or increased
costs. To be of real value, these entries must be specific enough to give team
members sufficient insight when control measures are being considered.

Carefully judge each of these four subsystems within the total system and answer
such questions as:
(a) People
(i) What contacts are present that could cause injury, illness, stress or
strain?
(ii) Could the worker be caught in, on or between or be struck by or fall

from tools, machinery, equipment or any part of the items being used
to perform the task?
(iii) What practices are likely to downgrade safety, productivity or

quality?
(b) Equipment
(i) What hazards are presented by the tools, machines, vehicles or other
equipment?
(ii) What equipment emergencies are most likely to occur?
(iii) How might the equipment cause loss of safety, productivity or

quality?
(c) Material
(i) What harmful exposures are presented by chemicals, raw materials or

products?
(ii) What are the specific problems involving materials handling?
(iii) How might materials cause loss of safety, productivity or quality?
(d) Environment
(i) What are the potential problems of housekeeping and order?
(ii) What are the potential problems of sound, lighting, heat, cold,
ventilation or radiation?
(iii) Is there anything in the area that would be seriously affected if there
are problems with the task?
(iv) Has the external as well as the work environment been considered?

When things do go wrong, they result in losses. Identifying specific loss

exposures is the key to developing adequate controls.
6.6 MAKE AN IMPROVEMENT CHECK

Making an improvement check is simply determining if the work being
considered can be done in a better way. This, of course, raises the prospect of
change. To conduct an improvement check, one need only ask the right questions
and seek answers. The following are some possible questions that can be asked
during an improvement check:
(a) What is the purpose of this step?
(b) Why is this step necessary?
(c) How can it be done better?
(d) Who is most qualified to do it?
(e) Where is the best place to do it?
(f) When should it be done?
Table 6.5 explains seven major ways to make improvements.
Table 6.5: Seven Major Ways to Make Improvements
Major Ways Description

Eliminate Challenge each task and step. Does it really have to be done?
Eliminate unnecessary steps and activities which really do not
contribute to the objective. Sometimes these are carry overs
from earlier methods or problem solutions that no longer fit
the situation. Eliminate or minimise exposures to injury or
illness.
Combine Combine task steps or even tasks so that one step or one task
can accomplish several purposes.
Rearrange Rearrange the sequence of the steps or the working area or the
flow of work for greater safety and efficiency.
Simplify Simplify the job by providing appropriate aids, tools,
procedures, information and feedback.
Reduce Develop a solution which will increase the life of the task, for
example, a better fitter to reduce cleanouts, a better lubricant to
reduce how often it has to be done.

Substitute Use a different substance, material, chemical, etc., that does not
present the problem (such as, less flammable, toxic, corrosive.)
Relocate Relocate the task so that it is done elsewhere in the process, or
relocate where it is done (inside versus outside, shop versus
on-site.) for greater safety and efficiency. Increase peopleÊs
desire to control losses by providing effective incentives and
reinforcements.
The savings resulting from improvement checks have often more than paid for
all the time and effort invested in the entire task analysis process. In fact, for
some organisations, the savings have exceeded the costs of the entire safety and
health programme for that period of time. When it is considered that the primary
purpose of task procedures is to guide training, it becomes even more important
that they show the best methods; otherwise, inefficiencies may be permanently
entrenched in an organisation. A summary of the improvement check process is
shown in Figure 6.3.
6.7 DEVELOP CONTROLS

Control is applied in task analysis by determining the actions and precautions
that will prevent a potential loss from occurring, or minimising its effect if it were
to occur. Analysing the work and the potential problems as well as making the
improvement check can provide the information necessary to develop the
required controls (Figure 6.3). Keep in mind that task procedures and practices
should be directed primarily at the person or persons doing the task, by telling
them what they are to do to avoid, eliminate or reduce the loss exposures. Other
control methods exist and include such things as engineering changes, work
rotation, personal protective equipment programmes and so forth, which should
be noted in the analysis.

IMPROVEMENT CHECK REVIEW
I. Answer the basic questions about each task step.
Ć WHO should do it?
Ć WHERE should it be done?
Ć WHEN should it be done?
Ć WHAT is its purpose?
Ć WHY is it necessary?
Ć HOW can it be done better?
II. Answer specific subsystem questions about each task step.
PEOPLE
Ć What are the potential hazards that could harm people?
Ć What are the critical needs for rules, for job instruction and for job
observation?
Ć What knowledge and skills are critical for quality performance?
Ć Could we improve quality through better selection, placement,

training, coaching and key point tipping?
Ć How can we reduce lost time? Increase manpower efficiency? Make it

easier for people to be more productive?
Ć Could we control costs by having better trained people? By better

utilisation of people? Through more effective motivation?
EQUIPMENT
Ć What are the potential hazards that could cause equipment damage,
fire or explosion?
Ć How can we make better use of safety devices, protective equipment,

preventive maintenance and pre-use equipment inspection?

Ć What tools, machines or equipment could we provide to ensure

optimum quality? To increase productivity?
Ć Could we improve maintenance operations to get closer tolerance

and better quality?
Ć How can we minimise damage and down time?
Ć Could we control cost by having different tools, machines or

equipment? By using present equipment more effectively?
MATERIAL
Ć How can we eliminate or control exposure to hazardous materials?
Ć How can we improve training in safest handling practices?
Ć How can we best prevent waste and damage of raw materials and
products?
Ć What different materials might boost quality?
Ć Would it be helpful to make material quality checks earlier or more

frequently?
Ć How might materials be handled or transported more efficiently?
Ć What other materials might aid productivity?
Ć Can less experienced or less scarce materials be used?
Ć How can we reduce waste of materials?
ENVIRONMENT
Ć How can we improve housekeeping (cleanliness and order) to control

accident losses?
Ć What can we change in the work environment to improve safety?
Ć Is quality affected by dirt, dust or smoke? By solvents, vapours, mist,

fumes or gases? By lighting, temperature or ventilation?

Ć Can we improve production through better lighting, layout,

cleanliness and order? Through better work climate or conditions?
Ć Can we save money through better housekeeping? Order? Layout?

Lighting? Atmosphere?
III. Make improvements to the steps and the task
Ć SIMPLIFY all necessary details
Ć ELIMINATE all unnecessary details
Ć COMBINE details where practical
Ć REDUCE the frequency
Ć REARRANGE to get better sequence
Ć SUBSTITUTE materials, etc.
Ć RELOCATE the task
Figure 6.3: Improvement check process
6.8 PROCEDURES/PRACTICES WRITE-UP

Effective procedures contain several important features, which are:
(a) They start with a statement of the purpose and importance of the task. This
is included to increase motivation and understanding, and thereby
retention and conformance;
(b) They present a step-by-step description of how to proceed;
(c) They express the steps in a positive way rather than a long list of „donÊts‰;
(d) They explain the reasons for key steps; and
(e) They are printed in a simple, functional format. Since procedures are
primarily teaching and learning tools, they must be clear, concise, correct
and complete.

As mentioned, not all tasks can or should be procedurals. For some tasks,
practices may be more functional and useful. Guidelines for preparing functional
practices are:
(a) To present positive guidelines for correct performance of the specific task,
plus pertinent rules and regulations;
(b) Sometimes not limited to a specific task, but dealing with a fairly wide
range of work activities (for example, using a chain saw, entering confined
spaces, handling explosives, locking out equipment); and
(c) Especially useful for occupations in which workers perform a large number
of tasks infrequently or where specific tasks are hard to define as
procedurals because the way they are done varies greatly with the specific
situation.
Suggested areas of emphasis in work practices are shown in Table 6.6.
Table 6.6: Suggested Areas in Work Practices
Suggestion Area Description

Motivation Explain why the worker should comply with the standard practice.
Relate to the workerÊs own welfare. Build a bit of pride.
Special problem Point out the most probable sources of problems for the specific
sources task (the things to which special attention should be paid).
Clothing and personal Specify required clothing and equipment necessary for the
protective equipment performance of the task, the conditions under which they are
required and the reasons for their use.
Special devices and Emphasise proper use of special guards, barriers, switches,
equipment locks and emergency equipment when performing the task.
Emergency procedures Refer to the procedures for cases of fire, explosion, flooding
and other catastrophes. Specify emergency first aid equipment,
emergency shutdown procedures and reporting requirements
which apply particularly to the task.
Critical rules and Reinforce the most important rules by including them in the
regulations work practices. Keep them as short and simple as possible; give
the reasons for the rules and focus on the critical few.
Positive and proper Highlight the things that the worker can do to ensure efficient,
practices safe, productive results. Accentuate the positives.
Summary statement Summarise the most important points. Give a prescription for
positive action. Focus on the benefits of proper performance.

The purpose of a task practice is to give people written guidelines for doing
critical tasks the best way.
6.8.1 Making the Investment

Taking the time to develop task procedures and practices for critical work
activities will save a great deal of time in the long run. They provide carefully
thought out guidance, based on the best available knowledge, of how to do
critical tasks in the most efficient way.
Generally, employees in occupations engaged in the operational process tend to

perform fewer critical tasks than those in maintenance-related occupations. The
first-line manager, who may have employees from a number of occupations, is
usually responsible for the ultimate completion of task analyses, procedures and
practices. A realistic objective for most organisations is for the first-line manager
to analyse and write (or revise) the procedures for one critical task approximately
every two to three months. This guideline permits the manager to fit the work
into his or her busy schedule and allows him the time to perform a high quality
analysis.
Most organisations take several years to complete this programme. Experience

has shown that realistic objectives promote greater assurance that high-quality
practices and procedures will be produced.
6.9 PUT TO WORK

It is hard to find more practical supervisory management tools than task
procedures and work practices. Table 6.7 explains the seven key ways to put
them to work.
Table 6.7: Ways to Put Practical Supervisory Management Tools to Work
Ways Description
Employee orientation One of the first things new employees want to know is what
work they will be doing. Copies of task procedures and
practices are useful for explaining this to them. Give them
copies to study before starting proper task instruction.
Proper task Written procedures and practices are of tremendous value in
instruction helping leaders meet their basic responsibility for teaching
others how to do their tasks properly (correctly ă quickly ă
conscientiously ă safely).

Planned task Written work procedures and practices enable supervisors to

observation systematically analyse how well worker performance meets
the necessary standards.
Personal contacts, Written task procedures and work practices are an abundant
coaching and tipping source of practical points for supervisors to emphasise in their
personal contacts with workers and in their vital leadership
skills of coaching (the day-to-day actions taken by the
supervisor, designed to stimulate a subordinate to improve)
and tipping (the organised process of giving employees
helpful hints, suggestions, reminders or tips about key quality,
production, cost, or safety points in their work).
Safety talks When everyone in the group performs the task or is directly
affected by it, written procedures and practices provide
supervisors with excellent information to emphasise in their
group meetings (Safety Talks ă Toolbox Meetings ă Tailgate
Sessions).
Accident or incident Written descriptions of the work help supervisors do a
investigation thorough job of investigating accidents and incidents,
analysing whether the work was being done as it should be,
where the process went wrong, and what kinds of changes
could lead to better control.
Skill training By showing specifically and systematically what the work is,
written task procedures and work practices improve the
efficiency and effectiveness of training programmes for
equipment operators and other skilled workers.
6.10 UPDATE AND MAINTAIN RECORDS

It is difficult to think of any management tool with more potential pay-off than
well-developed and well-used task procedures and practices. Even valuable tools
should not be allowed to become obsolete. Along with the original task
inventories, each task procedure and practice should be reviewed for possible
updating, at the following times:
(a) At a stipulated period of time, usually based on criticality, annually being a

common target;
(b) Whenever a high-potential incident or serious loss occurs; and
(c) Whenever significant changes occur which can or will affect the task
performance (such as materials used, process or design alterations, area
changes, personnel and/or equipment changes).

Each department supervisor should have someone appointed with responsibility

to maintain historical records and keep track of progress. The work done during
the task analysis process has many uses throughout the loss control programme.
Done correctly, they impact loss control elements such as:
(a) Training needs;
(b) Rule or permit requirements;
(c) Checklists;
(d) Procedures and practices;
(e) Personal Protective Equipment needs;
(f) Group meeting topics;
(g) Planned personal contacts topics;
(h) Hiring and placement needs; and
(i) Purchasing requirements.
SELF-CHECK 6.3
1. Explain how task analysis is conducted.
2. Describe the outcomes of task analysis.
 Task analysis is the systematic examination of a task to identify all hazards

or risks associated with the task and develop controls for those exposures.
 Prior to any work being done to identify critical tasks, all persons involved
should have a mutual understanding of two key terms: task and critical task.
 Task analysis is geared toward illustrating the proper way to complete a task,
including considerations for safety, quality, reliability and production.

Critical tasks Task analysis (TA)

Probability Task inventory
Procedures Tasks
Severity



Topic  Hazard and
7 Operability
Study (HAZOP)
LEARNING OUTCOMES
1. Discuss the history of HAZOP;
2. Explain HAZOP, its motivation and application;
3. Discuss the concept of HAZOP;
4. Discuss the Four-Step HAZOP process; and
5. Discuss the limitations of HAZOP.
 INTRODUCTION
HAZOP studies are undertaken by the application of a formal, systematic and
critical examination of the process and engineering intentions of a process
design. The potential for hazard is, thus, assessed and malfunctions of individual
items of equipment and the consequences for the whole system are identified.
7.1 HISTORY OF HAZOP

The HAZOP technique originated in the 1960s at the Imperial Chemical
Industries (ICI), UK as a result of efforts to find a better method for reviewing
chemical plant designs. Earlier, the technique was simply referred to as
„operability studies‰. The innovation introduced in the technique was the use of
standardised „guide words‰ to trigger review discussion among the review

88  TOPIC 7 HAZARD AND OPERABILITY STUDY (HAZOP)
team. This technique became widely known and popular after ICI conducted a
course on the subject in the UK in 1974, shortly after the Flixborough disaster.
The Flixborough disaster occurred when 40 tonnes of cyclohexane chemical

leaked from a temporary bypass pipe and exploded. The explosion killed 18
employees, demolished the entire plant and damaged 1800 buildings within a
mile radius of the site. Fires raged in the area for over ten days. The number of
deaths could have been worse had the explosion occurred on a normal weekday.
The installation of the bypass pipe is a modification with many flaws, the worst
of which was that no HAZOP was conducted prior to the installation. Of course,
at the time the HAZOP technique was not yet known outside of ICI. In fact, the
term HAZOP itself was not invented until 1983. Had the technique been used
during the plant modification this accident may not have occurred.
Following several successive disasters, such as the Seveso disaster in Italy in 1976
and later the 1984 Bhopal disaster in India, the European Union issued The
Seveso II Directive in 1998. The Directive, which was aimed at preventing major
industrial accidents and mitigating its consequences, is a driving factor that
ensures the wider use of HAZOP. HAZOP became a legal requirement for
process plant design in Europe and the US at first, and now throughout the
world.
In 1977, the Chemical Industries Association published a guide on hazard and

operability studies. By this time hazard and operability studies had become part
of chemical engineering degree courses in the UK. In 1983, Kletz, an ex-employee
of ICI, published the book HAZOP and HAZAN in which for the first time the
term HAZOP was used. To meet their own special needs many organisations that
handled hazardous substances published their own HAZOP guidelines for
internal use.
One example is Saudi ARAMCO, the Saudi petroleum company. Governments,

too, publish HAZOP guidelines to meet their local legislative needs, for example,
the state government of New South Wales, Australia. In 2001, the International
Electrotechnical Commission (IEC) published the (IEC 61882:2001 Hazard and
operability studies (HAZOP studies) · Application guide). This standard is
widely recognised as the reference standard for conducting HAZOP.

TOPIC 7 HAZARD AND OPERABILITY STUDY (HAZOP)  89
7.2 WHAT IS HAZOP?

HAZOP is an acronym for HAZard and OPerability Study. HAZOP is somewhat
similar to Job Safety Analysis (JSA). Where JSA is intended to review the hazards
arising out of a worker performing a series of tasks in a job, HAZOP in turn is
intended to address the hazards and operability problems that arise in a system
of a flow or sequential processes that occur, usually in the form of the flow of
chemical fluids. Nowadays, HAZOP is also used whenever there is a sequential
movement of goods, people and information, whether these are continuous or
occur in sequential batches. HAZOP, like JSA, is a structured, detailed and
systematic review process of evaluating hazards, their possible causes and finally
the assessment of their consequences.
However, HAZOP has an extended scope that covers the evaluation of potential
deviations from the design intent of a system. It must be emphasised that
HAZOP focuses not only on potential hazards such as safety, health, equipment
integrity, property and environmental risk but also operability problems and
system efficiency. Again, similar to JSA, HAZOP is better applied at an early
stage before work begins or at the design stage of plant construction.
HAZOP studies normally involve a team that has experience in the plant or design
to be studied. These team members apply their experience of the design and their
technical expertise in the HAZOP study sessions to achieve the aims of the HAZOP.
Each HAZOP has a set of objectives, which are particular to that study and which
are decided as near to the beginning of the study as possible. However, there is a
set of four overall aims to which any HAZOP should be addressed to:
(a) Identify all deviations from the way the design is expected to work, their
causes and all the hazards and operability problems associated with these
deviations;
(b) Decide whether action is required to control the hazard or the operability
problem and if so, to identify the ways in which the problem can be solved;
(c) Identify cases where a decision cannot be made immediately, and to decide
on what information or action is required; and
(d) Ensure that actions decided upon are followed through.
The study may not be able to resolve all the hazards that arise at the meeting and
so firm recommendations for change cannot always be guaranteed to result from
deliberation at a HAZOP study meeting. The meeting may decide that it requires
further information, or that a detailed study of a particular issue is necessary.

Some of the questions may be answered by other personnel who did not attend
the meetings, and some issues could require, for example, specific hazard
analysis.
The HAZOP study is completed to draft report stage by issuing a report

summarising the study and giving a specific list of recommendations, together
with the work sheets on which the outcome of group discussion is recorded. The
study is completed by the issuing of a final report giving details of follow-up
actions.
7.2.1 Motivation for HAZOP

The driving force behind the need to conduct HAZOP is to ensure that the
system is working safely and as intended. Plant designers usually adhere to
published standards for the selection of materials and industrial codes of practice
for the overall plant and equipment that they design. This is not adequate to
ensure safety and operability in all circumstances. Standards are reliable only in
specific conditions and for individual components.
When all components have to work together as a whole and at the same time are
exposed to operating deviations, the system could still fail to work as intended.
Furthermore, when one part of a system of a process is modified or becomes
faulty, there could be an undesirable ripple effect on the rest of the system.
Legislation in the UK, the European Union and then elsewhere, intended to
control major industrial accidents and their consequences, provide the additional
impetus that ensures the wider use of HAZOP.
7.2.2 Application of HAZOP

HAZOP is largely used in the process industries such as the chemical and
petroleum industries, where the treatment of a fluid medium is the primary
function and where there exist a complex set of interacting process units. HAZOP
can, however, be used in other situations either for continuous or batch
processes, whenever there is a flow of materials, movement of people or data or
any set of events or activities that occur in a planned sequence. Examples of
situations where HAZOP could be used are:
(a) Systems involving the delivery of goods and services or the movement of
people as in the services industry (for example, „What could go wrong with
the pizza or speed of delivery of the pizza in a pizza home delivery
service?‰) analysis of operating instructions.
(b) Debugging of programmable devices and software or procedures.

HAZOP is usually conducted for the review of a new plant design, for an existing
plant or facility that is about to be modified or before a set procedure is put into
practice. The best time to conduct a HAZOP is as late as possible but just before the
design is frozen for implementation. HAZOP is useful in that it identifies and
evaluates problems in advance before they arise during the operation phase. This
is because once a plant or a facility is built or a process is implemented, it is
impossible or too expensive to modify them should operational or safety problems
appear. The problem that can arise can be catastrophic as exemplified by the
Flixborough cyclohexane plant disaster in 1974.
Although HAZOP is generally applied at the design stage or during the

modification of a plant, it is also useful to apply it at other stages of the life-cycle
of the plant such as during:
(a) Concept and definition;
(b) Design and development;
(c) Manufacturing and installation;
(d) Operation and maintenance; and
(e) Decommissioning or disposal.
7.2.3 Comparison of HAZOP with Other Hazard

Identification Methods
The reason why HAZOP is widely used is because it is simple, effective and
applicable to many situations. It does not require special qualifications or
expertise to use it. Generally, HAZOP can be used as a „stand alone‰ method but
quite often it is used in conjunction with other hazard identification tools such as
Fault Tree Analyses (FTA), Failure Mode and Effects Analysis (FMEA),
Structured What-If Technique (SWIFT) and Task Analysis (TA).
The difference between HAZOP and other hazard identification methods is that
HAZOP focuses on problems at a higher level; at the system level. It looks at,
among other matters, conformance with design intent and system performance
concerns. Other methods are more preoccupied with failure at the component
level. This is so with FMEA and FTA. However, HAZOP gives you the big
picture whilst other methods are more detailed and can be used in a
complementary manner to it. For example, if the HAZOP examines the flow of
fluids in a pipe then no flow could be a problem due to a faulty valve. In this
situation, FMEA can be used for in-depth analysis on the potential for valve
failure.

SELF-CHECK 7.1
1. Briefly discuss the history of HAZOP.
2. Discuss the motivation behind HAZOP and its applications.
7.3 TERMINOLOGY
Now let us look at Table 7.1, which lists commonly used HAZOP terminology.
Table 7.1: Common HAZOP Terminology
Terminology Meaning
Characteristics Qualitative or quantitative property of an element. Examples of
characteristics are pressure, temperature and voltage. Traditionally,
the term „parameters‰ are used here. „Characteristics‰ is a more
general term for other situations where HAZOP is now applicable.
Deviation Departure from the design intent (IEC, 2001).
Design intent DesignerÊs desired, or specified, range of behaviour for elements
and characteristics (IEC, 2001).
Element Constituent of a part which serves to identify the partÊs essential
features (IEC, 2001). The choice of elements may depend upon the
particular application, but elements can include features such as
the material involved, the activity being carried out, the equipment
employed, etc. Material should be considered in a general sense
and includes data, software, etc.
Guide word Word or phrase which expresses and defines a specific type of
deviation from an elementÊs design intent (IEC, 2001).
Hazard Source, situation or act with a potential for harm in terms of human
injury or ill health or a combination of these (OHSAS 18001:2007)
In the context of HAZOP, the potential hazard could arise from any
operation or any action that could cause catastrophic release of
toxic, flammable or explosive chemicals that could result in human
injury or ill health to personnel or the public or damage to property
or the environment.
HAZOP A structured and systematic examination of a planned or existing
process or operation in order to identify and evaluate potential
hazards and operability problems or to ensure the capability of
plant and equipment to operate in accordance with the design
intent.

Operability Operability is the ability to enable a system of processes, their

related equipment and installation to work together to accomplish
a common task in a safe, reliable and efficient manner as intended
by the design.
Part Section of the system which is the subject of immediate study (IEC,
2001). A part may be physical (for example, hardware) or logical
(for example, steps in an operational sequence).
In the past this was referred to as a „node‰. This is not appropriate
as a „node‰ is a point at which lines or pathways intersect or
branch; a central or connecting point. However, in HAZOP we are
considering the whole element, which may even be made up of
several connected components in an installation. Likewise, we may
be considering the whole event out of a series of events.
7.4 CONCEPT OF HAZOP

The HAZOP process is based on the principle that a team approach to hazard
analysis will identify more problems than when individuals working separately
combine results. The HAZOP team is made up of individuals with varying
backgrounds and expertise. This expertise is brought together during HAZOP
sessions and through a collective brainstorming effort that stimulates creativity
and new ideas, a thorough review of the process under consideration is made.
7.4.1 Brain Storming Principle

The HAZOP concept is based on the old idea that „two heads are better than
one.‰ This gives us the popular technique of „brainstorming,‰ which is a team
based approach to problem solving. A team is usually more creative and can
identify more problems, more solutions and a better collection of ideas than any
individuals could while working alone or separately.
HAZOP is nothing more than a series of structured, detailed and disciplined

brainstorming meetings to analyse potential hazards, operational problems and
deviations from the design intent of the system.
7.4.2 Principles of a HAZOP Meeting

HAZOP is usually applied to the analysis of a complex system. In order to be
examined, the system has to be divided into suitable parts for simpler and closer
examination. The focus of the meeting then is to strictly and systematically
examine every part of a given system to identify possible deviations from the

design intent, their causes and their consequences. To facilitate discussions, a set
of pre-determined „guide words‰ is prepared and used to trigger the
brainstorming discussions. See Table 7.2 for a list of guide words to use.
Table 7.2: Basic Guide Words and Their Generic Meanings
Guide word Meaning

NO / NOT Negation of the design intent (for example, no flow when there
should be; no pressure when there should be).
MORE More of a physical property than there should be ă quantitative
increase.
LESS Less of a physical property than there should be ă quantitative
decrease (for example, lower flow rate than there should be).
AS WELL AS More components present than there should be ă qualitative
increase (for example, extra phase or impurities present).
PART OF Composition of the system (stream) is different than it should be
ă qualitative decrease (for example, less of one component).
REVERSE Logical opposite of the design intent (for example, reverse flow).
OTHER THAN Complete substitution (for example, transfer of a material other
than the material intended; transfer of a material to a location
other than intended).
Source: IEC (2001)
Now, look at Table 7.3 for additional guide words.
Table 7.3: Additional Guide Words and their Generic Meanings
Guide word Meaning

EARLY Relative to the clock time
LATE Relative to the clock time
BEFORE Relating to order or sequence
AFTER Relating to order or sequence
Source: IEC (2001)
The result of these deliberations is recorded for further action. The result may or
may not include recommended solutions to the problem, which may be included
depending on the objectives of the study. The entire process of this HAZOP
activity is illustrated in Figure 7.1.

Figure 7.1: The HAZOP study procedure

Source: IEC (2001)
7.4.3 Guide Words

IEC Standard 61882 HAZOP Application Guide (2001) defines the role of guide
words thus:
„The identification of deviations from the design intent is achieved by a

questioning process using predetermined Âguide wordsÊ. The role of the
guide word is to stimulate imaginative thinking, to focus the study and
elicit ideas and discussion.‰

Traditionally these parts are called „nodes‰. This is not always appropriate. See
terminology on „parts‰.
See Table 7.2 for the standard guide words used in HAZOP. In practise, this list
of guide words could be supplemented with other guide words to suit the
situation or process at hand such as when HAZOP is used to analyse movements
of goods or people. It is the duty of the HAZOP team leader to prepare suitable
guide words before the HAZOP meeting. Table 7.3 lists additional guide words
that can be used. Sometimes we need additional guide words to characterise the
element we are analysing.
For instance, if we use „more‰ (from Table 7.2) to analyse a problem then the
question is „more‰ of what? Suppose, we are analysing the problem with driving
a car (see Table 7.6) then may be „more‰ „speed‰ (Table 7.4) is the characteristic
of the problem. Table 7.4 lists sample guide words that are used specifically with
the guide words used in Table 7.2 and Table 7.3. Table 7.5 shows examples of the
use of guide words relating to operational procedures.
Table 7.4: Non- Exhaustive List of Guide Words on Characteristics (or Parameters) to be
used with Guide Words in Table 7.2
Parameter or characteristics guide words

Flow Maintenance
Temperature Action
Pressure Sequence
Voltage Time
Composition Purpose
Level Information
Contamination Training
Corrosion/Erosion Abnormal
Reaction Speed

Table 7.5: Example Use of Guide Words Relating to Operational Procedures
Guidewords Example Causes

PURPOSE Is the step needed? Is the intent of this step clear? Can this step
be misapplied?
NO ACTION Step is missed or omitted, intended operation did not occur
(mechanical failure), action impossible, equipment not ready
(locked out, not in service), blind left in piping.
MORE ACTION Operator does more than intended (opening valve too far,
etc.), other actions occur affecting this operation.
LESS ACTION Operator does less than intended (added less catalyst than
required, etc.), equipment does not perform as required
(plugged strainer), not enough time to complete the step.
WRONG ACTION Operator opens the wrong valve, starts the wrong pump,
reads the wrong instrument, closes instead of opens,
personnel performs different or out of date procedure,
performs two or more steps at the same time.
PART OF ACTION Operator only completes part of a composite action (misses
out middle part, or final part).
EXTRA ACTION Operator assumes he is required to do something in addition
to what is specified (stops motor and isolates power, closes
drain and blanks it, etc.), other procedures interfering, other
personnel in wrong area, poor communications (operation,
maintenance, engineers, etc.), others do not perform as
required.
OTHER ACTION Operator misunderstands instruction and does something
completely different, remembers a similar procedure and
follows that instead.

Now we will look at Table 7.6 for a simple example of the use of guide words in
HAZOP.
Table 7.6: HAZOP for Travelling with a Car
Guide Possible
Characteristics Consequences Action Safeguard
word Causes
Car speed More Rushing Skidded in Slow down ABS brake
emergency system
Less Road Pile up Speed up Safety belt
crowded
Air bag
Tyre No Old tyre, Car skidded Learn Check
thread speeding defensive frequently
and braking driving
often
Less Have spare
thread tyre
Low visibility Low Rain Cannot see Stop Check with
the road driving ITIS*
Very low
Car light Dim Stop car
No light Go replace Avoid night
bulb driving
Switch on
hazard
light
Journey Night No street Travel
light during
daylight
Foggy
SELF-CHECK 7.2
1. State the differences between JSA and HAZOP.
2. Discuss the differences in how hazards are identified in JSA and

in HAZOP.

7.5 THE FOUR-STEP HAZOP PROCESS

As we have seen earlier in Figure 7.1 there are four steps in the HAZOP process.
They are:
(a) Definition of scope, objectives and responsibility of the team;
(b) Preparation for the meeting;
(c) Examination of the system being considered; and
(d) Documentation of results of the meeting and follow-up action.
Let us now discuss them in greater detail.
7.5.1 Definition of Scope, Objectives and

Responsibility of the Team
As pointed out earlier, HAZOP is normally applied to a complex system which
must be divided into parts to enable examination. Break down the system into as
many parts as you wish. How big the part is depends on the complexity of the
system and the severity of the hazard. The important criterion for this is that the
design intent for each part should be easily defined.
For example, in many processing plants there is a fluid cooling system as

depicted in Figure 7.2.
Figure 7.2: A fluid cooling system
This cooling system can be chosen as one part of the total system. Any deviation
in the performance of this part say, the fluid is not cooled enough or if there is no
flow into it, can have consequences to the entire system. Note that this „part‰ is
made up of many components; P4 is the centrifugal pump, P1 is a heat exchanger
and P2 is an air cooler. When we say that there is no flow in this part, it means
there is no flow throughout P4, P1 and P3. Although there might be flow in P4,
the pipe to P1 from P4 is ruptured. It is important that the HAZOP team in its
examination process strictly limits themselves to the boundary of the chosen part.
In this case, no flow means no flow into P4; the input end of the part. This is the
concept of point of reference (POR).
The objective of the study should primarily be the identification of all hazards
and operability problems. The solution to the problems is a secondary issue. If
need be, this issue should be passed on to other parties. However, consideration
should be given to legislative requirements and the audience of the study.
Roles and responsibilities of the HAZOP team are as follows:
(a) Team members

The team members of HAZOP meetings consist of five to eight experts. It is
a multi-disciplinary team. Typically these individuals are technical
specialists and members of departments in the organisation. They are
selected from different fields and backgrounds depending on the type of
HAZOP to be conducted.
Collectively, team members should possess a range of skill and experience

to cover all aspects of the plant and its operations. For example, where
HAZOP is conducted for an existing plant then it is essential that
experienced operational and maintenance staff should be included.
(b) Team leader

The meeting has a team leader who is actually the facilitator of a
brainstorming session, albeit one that is much more disciplined. The team
leader can either be someone from inside the organisation or an outsider.
Whoever he is, the leader must not be associated with the design team. It is
important that the leader has been trained on HAZOP methodologies and
has the knowledge and experience to facilitate this type of meeting. The
competency of the team leader will determine the effectiveness of the
meeting. The team leader has the responsibility to ensure the following:
(i) That the study team members have the knowledge, skills and
experience to contribute to the brainstorming;
(ii) The study team is highly familiar with the information made available
to them including the information contained in the piping and
instrumentation diagram (P&ID);

(iii) The availability of information that is complete, accurate and up-to-

date, including P&ID or any other description of the process being
considered. The latter is for HAZOPs that are not hardware-related
such as HAZOPs of work instructions;
(iv) For existing plants or process, operational, maintenance and

monitoring records must also be made available;
(v) That the study team rigorously follows sound HAZOP procedures
and ensures that no short-cuts are taken;
(vi) That the study team uses common sense and a sense of proportion by
not going overboard in its recommendations;
(vii) That the atmosphere during the brainstorming is positive and

conducive for creativity;
(viii) That there is a plan for the study and that team members are provided
with this plan, including a list of guide words;
(ix) The availability of important personnel for the meeting, for example,
designers, users, maintenance staff and specialists, if this is required;
and
(x) That the result of the HAZOP study is properly communicated with
follow-up.
(c) Team assistance

There should be a secretary or a recorder who records identified hazards
and other matters that arise out of the meeting for further evaluation and
resolution. Some of the information that is required to be listed and
recorded are:
(i) Causes for each deviation;
(ii) Consequences for each cause;
(iii) Probable worst case consequence scenario;
(iv) Safeguards or controls that may prevent either the cause or the
consequence;
(v) Documentation of existing safeguards;
(vi) Future actions or recommendations required to reduce the risk; and
(vii) Allocation of action to an individual or group

The team assistance or recorder should be someone who is technically well-

versed in the subject he is recording. He should be able to follow the
arguments easily.
(d) Others
Other members of the team, to be called on an ad hoc basis, are designers,
users, maintenance staff and specialists. Their role is to brief and to clarify
issues for the main team.
7.5.2 Preparation for the Meeting

The team leader should already be prepared according to his roles and
responsibilities. Additional preparation includes:
(a) Adequate room facilities;
(b) Visual and recording aids;
(c) Templates; and
(d) References.
The team leader should have gathered information about the system from the
piping and instrumentation diagram (P&ID) or any other description of the
process being considered. The design intent for each part can be gathered from
project specifications. Supplementary information is gathered through briefings.
SELF-CHECK 7.3
1. List the guide words you would use to evaluate the HAZOP of
crossing a busy street in Kuala Lumpur.
2. Discuss why you made this selection.
7.5.3 Examination of the System Being Considered

The examination process is strictly done in steps tracing the system beginning
from the input end successively to the output end in logical sequence. Take every
part, in turn, and agree with the team what the design intent of that part is. As a
part may be made up of many elements, or units, (refer to Figure 7.2 as an
example) determine if any characteristics (or parameters, as they are traditionally
called) can be recognised.

Apply the special „guide words‰ (from Table 7.2 and Table 7.3) to this element
coupled with an appropriate characteristic (listed in Table 7.4), if necessary, to
question and brainstorm among team members of how deviations from the
design intent of the system can occur. Deviations could be in the form of what
happens to materials, activities, sources and destinations associated with that
part (see Table 7.7). Determine if a hazardous situation or operability problems
can occur.
Table 7.7: Examples of Deviations and Their Associated Guide Words
Deviation Guide word Example interpretation for Example interpretation

type process industry for a programmable
electronic system
Negative NO No part of the intention is No data or control
achieved, for example, no signal passed.
flow.
Quantitative MORE A quantitative increase, for Data is passed at a
modification LESS example, higher higher rate than
temperature. intended.
A quantitative decrease, for Data is passed at a
example, lower lower rate than
temperature. intended.
Qualitative AS WELL AS Impurities present. Some additional or
modification PART OF Simultaneous execution of spurious signal is
another operation or step. present.
Only some of the intention The data or control
is achieved, that is, only signals are incomplete.
part of an intended fluid
transfer takes place.
Substitution REVERSE Covers reverse flow in Normally not relevant.
OTHER THAN pipes and reverse chemical The data or control
reactions. A result other signals are incorrect.
than the original intention
is achieved, that is, transfer
of wrong material.
Time EARLY Something happens early The signals arrive too
LATE relative to clock time, for early with reference to
example. cooling or clock time. The signals
filtration. arrive too late with
Something happens late reference to clock time.
relative to clock time, for
example, cooling or
filtration.

Order or BEFORE Something happens too The signals arrive

sequence AFTER early in a sequence, for earlier than intended
example, mixing or heating. within a sequence.
Something happens too late The signals arrive later
in a sequence, for example, than intended within a
mixing or heating. sequence.
Source: IEC (2001)
For each step determine the causes and consequences. Continue this process until
the whole system has been analysed. This process is illustrated in Figure 7.3.
Figure 7.3: Flow chart of the HAZOP examination procedure (IEC 61882)
Source: IEC (2001)

The following are further factors that need to be considered for the HAZOP
procedure:
(a) Causes
The causes must relate only to the parts concerned. It is up to the team
members to generate the causes through brainstorming. The HAZOP
leaderÊs role at this point is to prompt the team for answers but should
never state the causes himself as it is the teamÊs responsibility. The team
leader, on the other hand, should prod the team to identify causes as
exhaustively as possible. There could be more than one cause for each
deviation. Generally causes are derived either from human error,
equipment failure, external sources, events or a combination of these.
(b) Consequences
Once all causes have been identified, the associated consequences should be
discussed. Unlike the causes, the consequences should relate to the whole
system. It is important that consequence identified should be stated „as is‰
without considering any intended safeguard provision or an existing one.
The safeguards should be considered separately.
(c) Safeguards
Safeguards should be considered for each ultimate consequence identified
throughout the system under review. If there are current safeguards
already implemented, evaluate if these are adequate. If not, the team should
recommend appropriate safeguards. Safeguards should generally follow
the same idea as any hazard control, that is, the Hierarchy of Control that
we have discussed earlier in previous topics. In addition to that, consider
measures that will detect and give early warning of impending danger and
measures to mitigate consequences including emergency response and
preparedness.
(d) Deriving Recommendations

When making recommendations, a HAZOP team must be aware that the
plant design may yet change and modifications to the design may be made.
The team should make recommendations only in the form of proposals.
Besides, the team may not have all the expertise and information at hand to
make any absolute recommendations. The HAZOP process is time
consuming and the brainstorming methodology may not be the best forum
for doing this.

The HAZOP process is qualitative in nature but if risk assessment can be

incorporated in the meeting deliberations, this would be better.
Recommendation proposals should be based on the notion of the degree of
risk, if possible. The recommendations should also be prioritised according
to risks. The risk assessment technique has already been discussed in Topic
3. However, another technique that can be used is the Delphi Technique,
which is suited to the qualitative and brainstorming HAZOP process.
The HAZOP team may not have all the information at hand or may not
have identified all the hazards when formulating recommendations or the
team may simply not be able to resolve all issues. It is appropriate that the
team make proposals for further studies as part of its recommendations.
SELF-CHECK 7.4
You live in Kuala Lumpur and have to travel by taxi to catch a plane to
Kuching and need to arrive in time for an emergency.
(a) Break down this journey into parts.
(b) List the guide words, deviations, hazards, operability problem,

causes, consequence and safeguards if any.
7.5.4 Documentation of Results of the Meeting and

Follow-up Action
Documentation of results of the meeting
The team leader is responsible for all documentation and has the duty to transmit
the documents to whom they may concern.
The findings of the HAZOP team are issued as a report. The report content
includes:
(a) Summary of the study objectives;
(b) Team members for each session;
(c) Methodology adopted, listing all the parts considered in the analysis and
rationale why parts were excluded;
(d) Listing of drawings and documentation used in the study;
(e) Details of hazards and operability problems identified;

(f) Details of any provisions for their detection and/or mitigation;
(g) List of recommendations:
(i) Recommendations for mitigation of the problems identified; and
(ii) Recommendations for any further studies.
(h) Details of follow-up actions on the recommendations; and
(i) All the work sheets on which the review was recorded will be attached with
the report. Use the HAZOP recording template as in Figure 7.4. Worked
examples are shown in Figure 7.5 and Figure 7.6.
Figure 7.4: HAZOP study template

Source: IEC (2001)

Figure 7.5: HAZOP study worked sample for a continuous process (IEC 61882:2001)
Source: IEC (2001)
In Actions required, please ensure the words characteristics and commissioning

are not separated.
Please ensure that title Safeguards and Comments are joined as one word.
Figure 7.6: HAZOP study worked sample for batch process (IEC 61882:2001)
Source: IEC (2001)

Follow-up and responsibility

The output of a HAZOP study is only a report of hazards and potential
operability problems together with recommendation proposals. The team or its
leader has no other authority beyond the report and therefore have no follow-up
authority. It is the project manager that is responsible for implementing the
proposal. The report is there only for his knowledge.
The project manager may make modifications to the original design. This may
solve the problems identified, but it might also introduce new ones. It is before
the final design is implemented that the HAZOP team may find its use again
7.6 LIMITATIONS OF HAZOP

HAZOP is a very useful tool and is widely used. However, it has some
limitations:
(a) It is a product of brainstorming. As such, it is very dependent on the

atmosphere of the HAZOP meeting and the competency of its leader;
(b) Like all the other identification methods, there is no guarantee that all
hazards have been recognised. This is especially so if the study is entirely
based on a drawing or plans that are presented, for example, P&ID. If some
item is not represented in the drawing, the hazards caused by the item
would not have been considered;
(c) HAZOP is a qualitative hazard identification method; therefore,

prioritisation of actions may not be possible;
(d) HAZOP process meticulously examines each part of the system separately
but does not consider interactions or interlinking between parts. A
deviation on one part may have a ripple effect; and
(e) HAZOP needs to be complemented with other hazard identification tools to

minimise its limitations.
SELF-CHECK 7.5
1. What are the contents of a HAZOP report?
2. Discuss the concerns in formulating a recommendation.
3. How would you overcome the concerns identified in (2) above?

Ć The HAZOP technique originated in the 1960s at the Imperial Chemical

Industries (ICI), UK as part of efforts to find a better method for reviewing
chemical plant designs.
Ć HAZOP is an acronym for Hazard and Operability Study.
Ć Characteristics, deviation, design intent, element, guide word, hazard

HAZOP, operability and part are common HAZOP terms.
Ć There are four steps in the HAZOP process, namely: definition of scope,
objectives and responsibility of the team; preparation for the meeting;
examination of the system being considered; and documentation of results of
the meeting and follow-up action.
Ć HAZOP is a very useful tool but it has some limitations.
Deviations Qualitative hazard identification

Guide word Safeguards
HAZOP
Health and Safety Executive (HSE). (n.d.). Flixborough (Nypro UK) Explosion 1st
June 1974. Retrieved from http://www.hse.gov.uk/ comah/sragtech/
caseflixboroug74.htm
Saudi Aramco. (1997). Guidelines for conducting HAZOP studies (AER-5437 TSI
41-018). Loss Prevention Department, Saudi Aramco.
New South Wales Department of Planning. (2011). HAZOP guidelines:

Hazardous industry planning advisory paper no 8. New South Wales,
Australia: Department of Planning.

International Electrotechnical Commision (IEC). (2001). IEC 61882 Hazard and

operability studies (HAZOP studies) · Application guide Geneva,
Switzerland: International Electrotechnical Commission
Kletz, T. (1999). HAZOP and HAZAN (4th ed.). New York, NY: Taylor & Francis.

Requirements. London, England: BSI Standards Publication.

T op i c  Structured
8 „What-if‰
Technique
(SWIFT)
LEARNING OUTCOMES
1. Describe Structured What-If Technique (SWIFT);
2. Differentiate between SWIFT and HAZOP in identifying hazards at
the workplace;
3. Discuss the SWIFT study methodology; and
4. Explain SWIFT for non-continuous operations and procedures
analysis.
 INTRODUCTION
The Structured „What-If‰ Technique (SWIFT) is a systematic team-oriented
technique for hazard identification. SWIFT is one of many techniques developed
to identify hazards in chemical process plants, but like many other risk analysis
tools, can be adapted to fit many other situations. It addresses systems and
procedures at a high level. Other hazard identification techniques like HAZOP
(Hazard and Operability study) and FMEA (Failure Modes and Effects Analysis)
focus on process flow or hardware at the level of detailed equipment items.
The SWIFT study technique has been developed as an efficient alternative to

HAZOP for providing highly effective hazards identification when it can be
demonstrated that circumstances do not warrant the rigour of a HAZOP. SWIFT
can also be used in connection with, or complementary to, a HAZOP.

TOPIC 8 STRUCTURED “WHAT-IF” TECHNIQUE (SWIFT)  113
8.1 THE DIFFERENCE BETWEEN SWIFT AND

HAZOP
How does the SWIFT technique differ from HAZOP? HAZOP examines the
facility item-by-item, procedure-by-procedure, etc. SWIFT, on the other hand, is a
systems-oriented technique, which examines complete systems or subsystems. To
ensure comprehensive identification of hazards, SWIFT relies on a structured
brainstorming effort by a team of experienced process experts with supplemental
questions from a checklist.
SWIFT considers deviations from normal operations identified by brainstorming,

with questions beginning with „What if ⁄?‰ or „How could⁄?‰. The
brainstorming is supported by checklists to help prevent overlooking hazards.
SWIFT may be used simply to identify hazards for subsequent quantitative
evaluation, or alternatively to provide a qualitative evaluation of the hazards and
to recommend further safeguards where appropriate.
SWIFT, like HAZOP, requires the input of a team of „experts‰ to evaluate the
consequences of hazards, which might result from various potential failures or
errors they have identified. When answering all the questions raised about realistic
deviations from the normal intended operation of a system, design or operation,
the team assesses the likelihood of an incident, the potential consequences and the
adequacy of safeguards to prevent or mitigate it should it occur.
The "What if?" questions, which can be posed by any team member (including
the team leader and recorder), are structured according to various categories.
When the team is no longer able to identify additional questions in a category, a
category specific checklist is consulted to help prompt additional ideas and
ensure completeness.
The technique is efficient because it generally avoids lengthy discussion of areas

where the hazards are well understood or where prior analysis has shown no
hazards are known to exist. Its effectiveness in identifying hazards comes from
asking questions in a variety of important areas, according to a structured plan,
to help ensure complete coverage of all the various types of failures or errors
which are likely to result in a hazard within the system being examined. The
SWIFT analysis is further strengthened through the use of the checklists at the
conclusion of each question category resulting in an additional level of
thoroughness.

114  TOPIC 8 STRUCTURED “WHAT-IF” TECHNIQUE (SWIFT)
SELF-CHECK 8.1
1. What is SWIFT?
2. What is the difference between SWIFT and HAZOP?
8.2 SWIFT STUDY METHODOLOGY

Just as with a HAZOP study, adequate preparation is vital to the success of a
SWIFT analysis. Let us first discuss the important aspects of the planning and
preparation phase.
8.2.1 Planning and Preparation

First, a team comprising between four and eight members including the leader
and technical recorder is selected. In contrast to HAZOP, the leader of a SWIFT
review does not have to refrain from participation in the team discussion. This is
because the leader may have been actively involved in generating the checklist.
Depending upon the circumstances, a leader with a high level of expertise in the
system can benefit the efficiency and effectiveness of the study.
However, the leader should have HAZOP leadership training so he or she can
recognise the importance of issues, control the flow of the study and keep it on
track. Also, he must still be careful to ensure that he does not assert undue
influence over the direction and outcome of the proceedings, particularly because
he is now a "participant".
For studies of narrow scope, it is also acceptable for the leader to double as the
technical recorder. When recording is performed with the correct level of detail, a
study requiring more than a half a day to complete probably would be more
efficient and effective if the proceedings are transcribed by qualified individual
other than the leader. The significant danger of using the leader is that
incomplete minutes will be obtained due to time pressures. In normal
circumstances it is routine for the recorder to be typing the last discussion
minutes, while the team moves on to the next item.

At a minimum, the team should include one or more persons who have expertise
in technical issues (process engineer, chemist, etc.) related to the process and one
or two persons who have relevant operating experience (lead operator, foreman,
etc.). Depending upon the precise nature of the process or the change being
examined, additional team members might include representatives from
maintenance, instrumentation, quality control, safety and other disciplines.
The reference documents necessary for conducting a SWIFT review are identical
to those required for HAZOP. Just as with a HAZOP, the more comprehensive
and up-to-date the data available to the team, the more efficient and effective the
analysis.
8.2.2 Initial Discussions

Once the preparations are completed and the SWIFT team assembles, the leader
should spend a brief period of time reminding or training the team as necessary
in how the SWIFT analysis will be conducted. Next, he should orient the team to
the basics of the design or system under review.
In many cases, the study is likely to involve the analysis of a proposed change in
some part of the process or its mode of operation. If such is the case, the details of
that change should be discussed. To ensure compliance with Management of
Change procedures, this pre-analysis discussion should focus on, but not be
limited to:
(a) The technical reason or basis for the change;
(b) The expected impact the change might have on safety and health;
(c) The need to change or modify operating procedures; and
(d) The intended duration of the change and, if possible, an estimate of how
long its start-up is likely to take.
As a result of this discussion, the ground rules for the study can then be
established. At a minimum, these should include setting the boundaries of the
system(s) to be examined, specifying the types of on-site and off-site issues of
concern (safety, health, environment, quality and productivity) as well as clearly
defining any other objectives of interest to the company.

8.2.3 Selecting a Study Section

As necessary, the system to be examined should be divided into an appropriate
number of smaller subsystems. Examining the unit at a systems level often makes
it easier to recognise interactions of various components within the system or
with other systems in the processing unit. However, since each item of
equipment is not being individually treated as in a HAZOP, caution should be
exercised so that any error is on the side of being too detailed. Usually, a team
should be able to review unit operation size sections with no trouble. Some
systems representative of those which typically can be analysed successfully as a
single section might include:
(a) Boiler feed water system;
(b) Digging a cable trench in a busy street; or
(c) All logically associated equipment on a single drawing.
However, smaller sections may need to be considered if:
(a) Unusually high hazard materials or extreme conditions are present;
(b) The system or its controls are very complex; or
(c) Unusual types of equipment are involved.
It is also certainly appropriate to use HAZOP to evaluate specific sub-sections

meeting these criteria should the study leader consider it advisable.
Just as when picking nodes or sections for a HAZOP, experience will enable the
leader to become adept at choosing systems for study which ensure both efficient
use of team time and effectiveness in identifying the hazards.
8.2.4 Conducting the Discussions

Once the section is defined and marked on the drawing, the design intent,
conditions and other appropriate details should be discussed and entered into
the study log. Except for the structured posing of "What if" questions, the
discussion during a SWIFT review should be similar in all aspects to those
encountered during a HAZOP study. All team members should participate and
all should be permitted to express their opinions and concerns. Although the
leader will also be a participant in a SWIFT study, he must be careful not to
dominate the discussions nor intimidate any other members of the team.

The leader should begin the discussion by asking for and summarising team
input for each of the regulatory requirements as follows:
(a) Hazards of the activity or procedure;
(b) Previous incidents;
(c) Engineering and administrative controls;
(d) Consequences of failures of engineering and administrative controls;
(e) Sitting/layout issues;
(f) Qualitative evaluation of safety and health effects; and
(g) Other regulatory issues.
Next, the leader should begin the discussion by stating the category of questions
for discussion and then by either asking for ideas or offering an initial question.
The structure for questioning in the original SWIFT (developed for process
industry) is provided by the following categories:
(a) Material problems (MP);
(b) External effects or influences (EE/I);
(c) Operating errors and other human factors (OE&HF);
(d) Analytical or sampling errors (A/SE);
(e) Equipment/instrumentation malfunction (E/IM);
(f) Process upsets of unspecified origin (PUUO);
(g) Utility failures (UF);
(h) Integrity failure or loss of containment (IF/LOC);
(i) Emergency operations (EO); and
(j) Environmental release (ER).
This provides guidance for application to other industries.
Table 8.1 summarises the intent of each of these question categories. If needed, a
leader or team member may obtain additional ideas of the types of questions
which are appropriate for each category by consulting the Structured Checklists
(Appendix I of the Combined Process Safety Management Practice: Process
Hazards Analysis and Process Modification Guidelines).
It is best, however, for the team to initially "brainstorm" each category

individually and then to use the questions on the corresponding checklist to help
ensure completeness. This approach will help minimise the tendency for the
team to become dependent upon the SWIFT Checklists as a sort of "cheat sheet"
which could stifle team creativity.
Table 8.1: „What If‰ Question Category - Summary of Intent
Material Problems (MP)

This question category provides an opportunity to explore the known or documented
potential hazards and the special conditions which may need to be maintained in
order to safely store, handle and process the raw materials, intermediates and finished
products which will be present in the process.
External Effects or Influences (EE/I)
This question category is intended to help identify the effect of outside forces or
demand scenarios which might result in the development of some of the hazards
identified during discussions of material problems (MP). Included might be natural
phenomena ranging from volcanoes which could send hot mud flooding into the
plant, to freezing weather which might cause a polymerisation inhibitor to precipitate
from a monomer (ultimately leading to a runaway reaction and subsequent
environmental release) or freezing in a line (which could lead to integrity failure or
loss of containment). Also to be considered are man-made random events such as
arson, civil disturbances or a nearby explosion which might in some way impact the
unit being reviewed.
Operating Errors and Other Human Factors (OE&HF)
For each mode of operation (for example, charging, start-up, shutdown, reaction,
stand-by), the SWIFT team should imagine itself in the operator's role and devise
questions related to every conceivable way to mistreat the process represented on the
flow sheets. It is important to remember that many operating errors are the result of
inadequate training or poorly written or incomplete instructions.
Analytical or Sampling Errors (A/SE)
The team should consider and devise questions related to all potential analytical or
sampling requirements or operations. This category of questions could range from the
importance of controlling slime in a cooling tower loop, to failing to obtain critical
process control data, or even injuries occurring to lab technicians who must analyse a
thermally unstable intermediate.
Equipment / Instrumentation Malfunction (E/IM)
The team should consider and devise questions related to all potential significant
mechanical and instrumentation failures. Many of these failures will probably be obvious
because of the equipment shown on the P&ID or as the result of previous operating errors
and other human factors (OE&HF) discussions. In fact, some OE&HF inputs may also be
recognised as demands which may result in equipment/instrumentation malfunction

(E/IM). It is important to examine instrument and control system failures, which might be
significant. It is crucial for the team to take note of protective devices and systems which
must remain operative if the various mechanical and human demands are to be prevented
from causing a hazard. Protective system proof testing schedules should also be reviewed.
Process Upsets of Unspecified Origin (PUUO)
This question category is intended to be a "catch all" for additional demands, hazards
or scenarios which were somehow overlooked (may not have been obvious, or just did
not fit into any of the previous categories) during discussions of other question
categories. This category also should serve as a reminder that the materials and
process conditions within a system or subsystem may be directly influenced by the
conditions at the point of interface with other systems or subsystems. A brief review
(even a mini HAZOP if the team considers it necessary) is made by the team to
determine whether "anything else" is important.
Utility Failures (UF)
This question category is straightforward but care should be taken to note external
effects or influences (EE/I), analytical or sampling errors (A/SE), operating errors and
other human factors (OE&HF) and electrical/instrumentation malfunction (E/IM)
demands and hazards which may directly cause a utility failure (UF) type hazard to
develop.
Integrity Failure or Loss of Containment (IF/LOC)
This question category should draw heavily upon all the preceding categories.
Additional care concerning the accuracy and detail of the logical interaction of
previous errors and/or failures with each other should be considered. Integrity failure
or loss of containment (IF/LOC) hazards certainly can introduce some additional
considerations such as normal and emergency venting. However, some combination of
the demands and hazards previously identified will probably represent the major basis
for those scenarios which could result. It should also be noted that vessels, lines,
pumps and various other components need to be considered in this discussion, and the
size of such failures should be specified (small leak, catastrophic failure, etc.)
Emergency Operations (EO)
If the team has been thorough in its analysis of the ultimate effects of the various
consequences relating to all the previous categories, new issues will rarely be
discovered at this stage. It is, however, very important to consider emergency
operations independently because errors or failures related directly to the emergency
condition or emergency procedures may not have been readily apparent when the
emergency was discussed in the context of the precipitating events. Possible escalation
of minor situations during emergencies should also be evaluated by the team.
Consider how the process will be operated or shut down if such conditions should
occur.

Environmental Release (ER)

The most obvious release will be that caused by integrity failure or loss of containment
(IF/LOC). However, correctly functioning emergency vents, various mechanical
failures and operating errors must also be considered. Resultant effects such as toxic
clouds, fires or explosions scenarios which are identified as occurring external to the
process may need to be developed further as fault trees or event trees with the
identified environmental release (ER) causes as the starting points.
8.2.5 The “What if” Questions

The "What if" questions may often begin with the words "What if" but they do
not have to. "How could", "Is it possible," or any other form of question is
perfectly acceptable. The intent is to ask questions which will cause the group to
carefully consider and think through the potential scenarios and ultimate
consequences that such an error or failure might precipitate. When the multi-
disciplinary team is unable to draw upon or extrapolate their experience to
imagine any additional "What if" questions in a given category, they should
consult the SWIFT checklists to prompt additional questions as appropriate.
Although the questions can be answered as they are raised, it is usually best to
pose and record as many questions as possible in a "brainstorming" manner
before trying to answer them. This is because interrupting the train of thought
when brainstorming may result in questions being forgotten or perhaps never
even being posed. Additional questions can always be added to the discussion
list as they are raised. The SWIFT study leader needs to be aware that this is not
an unusual occurrence during the discussions of the initial questions.
8.2.6 Answering the Questions

When the flow of ideas subsides, the leader should ask the recorder to read each
"What if" question in turn and ask the team to comment on how the system,
adjoining systems or the whole unit is likely to respond. The recorder should
enter a brief summary of the discussion in the log sheet just as would be done
during a HAZOP. Similarly, the possible consequences are then examined and if
the team considers current detection, safeguards or mitigation to be sufficient,
the next question should be discussed.
By applying his experience, the leader may further reduce the study time by
selectively changing the order of discussion of the questions posed by the team.
By first considering those questions which appear to involve the most severe
potential consequences, the team can often make a more comprehensive
recommendation which covers many of the same issues which will be identified

during the discussion of the remaining questions. When this approach is used,
however, care must be taken to adequately consider all of the "What if" questions
on the list to ensure that every known important issue has been raised, discussed
and necessary recommendations written.
8.2.7 Using the SWIFT Checklists

As previously described, when the SWIFT team is unable to imagine any
additional „What if" questions in a given category, they should consult the
SWIFT checklists to prompt additional questions. The recommended strategy for
use of these lists is to consult them at the conclusion of answering all the initial
brainstormed „What if‰ questions for the current structured category. For
example, the team may have raised and answered nine „What if‰ questions
during the initial discussions of the Material Problems (MP) category. Before
moving on to brainstorm for new „What if‰ questions in the next category,
External Effects or Influences (EE/I), the MP Checklist should be consulted to
determine whether it contains or inspires additional questions which should be
addressed by the SWIFT team before leaving the MP question category.
Depending upon the experience level of the team and leader, the team may either
be asked to review the MP Checklist, or the leader may choose to quickly run
through each item on the list while asking the team, "Does anybody have any
additional Material Problem concerns related to flammability, thermal instability,
flash points, etc." until he has read through the complete list.
Perhaps the team will identify two additional questions. These should be
recorded, discussed and answered as before. Finally, only when the leader is
confident that no more MP issues exist, should he change to the next structured
category, External Effects or Influences (EE/I). This approach should be repeated
during the discussion for each category until all 10 categories in the structure
have been completed.
8.2.8 Recommendations
Just as in a HAZOP, if the team is not satisfied with the level of protection or
otherwise perceives a need for further analysis, recommendations for further
action should be proposed for management consideration. Such
recommendations need to include a brief description of the potential hazard, a
description of what equipment, instrumentation or procedures currently in place
are relied upon to prevent the development of the hazard and, finally, the
objectives which must be achieved to provide a solution to the potential problem.

Care should be taken to provide enough factual information but not too many
specific details of how the correction should be implemented. This provides the
designers with as much flexibility as possible in providing a solution which will
meet the objectives necessary to eliminate or manage the potential hazard.
It is important to remember that the SWIFT team, just like a HAZOP team, has
only the responsibility of identifying and adequately explaining to management
what hazards might be present.
Recommendations should always remain flexible. They should clearly state the
perceived deficiency and the objectives which the team considers important for
eliminating or managing the hazard. Ideas for potential modifications which
came to mind during the discussions can and should be documented; however,
care must be taken not to state them in such a manner that can be construed as
the only solution to the identified problem or as binding upon management.
8.2.9 Completing the Analysis

The procedure described above should be carried out for each question category.
After the last category is discussed, the leader should ask the team if there is
"anything else" which comes to mind that just did not come up in the discussions.
If so, the questions should be posed and answered. When the analysis of a system
or subsystem is complete, the procedure is repeated for any remaining sections
until the agreed upon scope has been completely and satisfactorily addressed.
To wrap up the study of the major process section, the leader should direct the
team in reviewing and updating their thoughts on each of the regulatory
requirements which were used to initiate the discussions. Finally, the review of
an entire unit or plant may consist of a series of several studies, each having a
scope comparable to the typical major section just described.
As with a HAZOP, the team should agree on the "Top 10" (nominally) significant
issues to provide management with a clear understanding of the issues. The report
format for a SWIFT analysis should be no different than that of a HAZOP, and the
recommendations should be prioritised, tracked and completed in the same manner.
8.2.10 Reporting, Documentation and Follow-up

The SWIFT analysis is recorded on a log sheet (refer to Table 8.2a to 8.2e for an
example) very similar to that used for HAZOP recording. The organisation of the
report and follow-up should be handled in a manner identical to that used for
HAZOP.

Table 8.2a: Example of SWIFT Study Log Sheet Format

Table 8.2b: Example of SWIFT Study Log Sheet Format (Continued)

Table 8.2c: Example of SWIFT Study Log Sheet Format (Continued)

Table 8.2d: Example of SWIFT Study Log Sheet Format (Continued)

Table 8.2e: Example of SWIFT Study Log Sheet Format (Continued)

SELF-CHECK 8.2
1. What are the procedures for holding discussions on SWIFT by
experts?
2. What are the kind of questions asked during SWIFT discussions?
8.3 SWIFT FOR NON-CONTINUOUS

OPERATIONS
When SWIFT is applied to non-continuous, and in some instances start-up or
shutdown operations, the non-continuous activity should be divided into
systems or subsystems as with a continuous system. However, it is likely that
there will be fewer subdivisions involving specific groupings of process
hardware. The more important division will be to consider the operation during
each major processing step within the systems of interest. For a given system and
for each major processing step carried out within that system, „What if"
questions should be posed for each category in the same manner described for a
continuous process.
The leader should be aware of several potential differences which may require
added attention when changes in non-continuous operations are being analysed
using SWIFT. These include but should not be limited to the following:
(a) Hardware changes directly contact several processing steps and may
therefore impose consequences or impact during one or more operating
steps; and
(b) Although associated changes in procedure, parameter or software may only

impact the step in question, care should be taken to consider whether
subsequent steps may be impacted differently (by errors or failures during
the changed step) than they would have been in the old process.
Finally, the category-specific checklists include some notes concerning special

emphasis which should be applied when analysing non-continuous operations.
It is important to realise that the significant differences between continuous and

non-continuous typically may have their origins in such issues as:
(a) Increased errors ă the result of additional operator interface; and

(b) Increased incident magnitude or rate of development ă a result of errors or

malfunctions which accumulate reactive materials or otherwise delay the
release of energy in such a manner that it greatly exceeds the design
capacity of the system. There is also a much greater potential for personnel
exposure ă a result of increased direct/equipment interface.
8.4 SWIFT PROCEDURES ANALYSIS

Review of procedures using the SWIFT technique is similar to the non-
continuous system review. It is preferable to review procedures after the process
has been reviewed and the hardware changes have been identified. The
consequences of wrong or incomplete information, wrong or incomplete actions,
and actions at the wrong time or out of sequence should be the primary concern.
It is helpful to divide the procedure into steps or major groups of steps for review
purposes.
It is also helpful to be aware that good procedures need to clearly explain:
(a) What is to be done?
(b) Why the action is necessary?
(c) Where the action is to be performed?
(d) How the action is to be achieved?
(e) When the action is to be executed?
(f) Who is responsible for completing the action?
When analysing procedures, all question categories should be addressed;

however, Material Problems (MP), Operating Errors and other Human Factors
(OE&HF) as well as Emergency Operations (EO) are most likely to produce the
most significant discussions.
SELF-CHECK 8.3
1. How do you record SWIFT analysis findings?
2. How do you conduct SWIFT analysis of procedures?

Ć SWIFT method is a kind of „What If‰ analysis method.
Ć SWIFT may be used simply to identify hazards for subsequent quantitative

evaluation, or alternatively to provide a qualitative evaluation of the
hazards and to recommend further safeguards where appropriate.
Ć To ensure comprehensive identification of hazards, SWIFT relies on a

structured brainstorming effort by a team of experienced process experts
with supplemental questions from a checklist.
Ć SWIFT makes use of brainstorming such as considering the deviation from

usual operation by posing questions such as „What if⁄was⁄?,‰ „How
could ⁄ occur?‰ and so on.
Brainstorming Record
Checklists Team of experts
Deviation „What If‰ analysis
Procedures

OSH Risk Management Module. Executive Diploma in OSH: IPD-NIOSH.

Butterworth-Heinemann.
ClassNK. (2009). Risk assessment guidelines. Retrieved from

www.classnk.or.jp/hp/Rules_Guidance/Guidelines/riskgl.pdf

Topic  Fault Tree
9 Analysis (FTA)
LEARNING OUTCOMES
1. Describe Fault Tree Analysis (FTA);
2. Describe the importance of FTA;
3. Explain the six steps in FTA; and
4. Discuss FTA symbols and logic.
 INTRODUCTION
NASA administrator Dan Goldin, as quoted by Ericson (1999), said that „To
design systems that work correctly, we often need to understand and correct how
they can go wrong‰.
Fault Tree Analysis (FTA), which is one of the many symbolic logic analytical
techniques found in the operations research discipline, was developed in 1962 for
the US Air Force by Bell Telephone Laboratories for use with the Minuteman
system and was later adopted and extensively applied by the Boeing Company.
FTA can be used to predict and prevent accidents or as an investigation tool

after-the-fact. It is an analytical methodology that uses a graphic model to
display the analysis process visually. A fault tree is built using special symbols,
some derived from Boolean algebra and the resultant model resembles a logic
diagram or a flow chart.

132  TOPIC 9 FAULT TREE ANALYSIS (FTA)
A fault tree is a logical diagram which shows the relationship between system
failure, that is, a specific undesirable event in the system and failures of the
components of the system. It is a technique based on deductive logic. An
undesirable event is first defined and the causal relationships of the failures
leading to that event are then identified.
9.1 INTRODUCTION TO FAULT TREE

ANALYSIS (FTA)
Fault Tree Analysis (FTA) is a graphical method that starts with a hazardous
event and works backwards to identify the causes of the undesired „top event‰.
It is commonly used in reliability engineering or system safety engineering. It is a
top-down analysis and very powerful deductive approach to identify the root
cause of an undesired top event.
In FTA, the engineer is forced to systematically go through and list:
(a) Various sequential events;

(b) Parallel events; or
(c) Combinations of faults.
These must occur for the top event to transpire. All the intermediate events
related to the top undesired event are related using logical operations namely
logic gates and Boolean algebra. This will allow us to quantify the fault tree with
event probabilities and, thereby, calculate the probability of the undesired top
event.
We must take note that FTA is not a hazard analysis model to identify all
possible system failures or all possible causes of the hazard. Instead, it is a model
of a particular system operation failure that causes the top event to occur. FTA
model does not list all system or component failures, it only registers the failures
that lead to the top event. The model only assesses likely faults, which can be
from the events connected to:
(a) Component hardware failure;

(b) Software glitches;
(c) Human mistakes;
(d) Surrounding factors; or
(e) Any component that makes up the overall system.

TOPIC 9 FAULT TREE ANALYSIS (FTA)  133
FTA is an excellent method for investigating, beforehand, the factors that

significantly affect probability leading to harm in a large-scale and complex
system.
Fault tree can be used in qualitative or quantitative risk analysis. The difference
between these methods is that the qualitative fault tree is looser in structure and
does not require use of the same rigorous logic as the formal fault tree.
Quantitative FTA is used as a reliability and safety tool.
The benefits of qualitative FTA are that it:
(a) Provides a format for quantitative and qualitative evaluation;
(b) Provides a visual description of system functions that lead to undesired

outcomes;
(c) Identifies failure potentials which may otherwise be overlooked;
(d) Identifies design features that preclude occurrence of a top level fault event;
(e) Identifies manufacturing and processing faults;
(f) Determines where to place emphasis for further testing and analysis;
(g) Directs the analyst deductively to accident-related events;
(h) Is useful in investigating accidents or problems resulting from the use of a

complex system;
(i) Can identify impact of operator/personal interaction with a system;
(j) Can help identify design, procedural and external conditions which can
cause problems under normal operations;
(k) Often identifies common faults or interrelated events which were

previously unrecognised as being related;
(l) Is excellent for ensuring interfaces are analysed as to their contribution to

the top undesired event;
(m) Can easily include design flaws, human and procedural errors which are
sometimes difficult to quantify (and therefore, often ground-ruled out of
quantitative analysis); and
(n) Requires „cutset analysis‰ to attain the full benefits of the analysis. (Cutsets:
Any group of non-redundant contributing elements which, if all occur, will
cause the top event to occur).

SELF-CHECK 9.1
1. What is FTA?
2. What are the key benefits of FTA?
9.2 FTA APPLICATION

FTA is best applied to cases with the following features:
(a) Large, perceived threats of loss, that is, high risk;
(b) Numerous potential contributors to a mishap;
(c) Complex or multi-element systems or processes;
(d) Already-identified undesirable events; and
(e) Indiscernible mishap causes, such as, autopsies.
9.3 STEPS IN FAULT TREE ANALYSIS
Figure 9.1: Six steps in Fault Tree Analysis

Source: http://www.fault-tree.net

A fault tree is developed using the following six steps, also illustrated in Figure 9.1:
Step 1 ă Identify undesirable TOP event;
Step 2 ă Identify first-level contributors;
Step 3 ă Link contributors to TOP by logic gates;
Step 4 ă Identify second-level contributors;
Step 5 ă Link second-level contributors to TOP by logic gates; and
Step 6 ă Repeat/continue.
Experience, deliberate care and systematic analysis are very important in

constructing fault trees. Once a fault tree has been constructed, it is examined to
determine the various combinations of failure or fault events that could lead to
the top event. With a simple fault tree, this can be accomplished manually; with
more complex trees, this step is difficult. However, computer programmes are
available to assist in accomplishing this step. The final step involves making
recommendations for preventive measures.
9.4 FAULT TREE SYMBOLS AND LOGIC

As explained earlier, FTA uses a graphical method to draw up the logical process
sequence that leads to an undesired top event. We read a fault tree from the top
event to the component events. The top gates are the outputs of the lower gates
in the tree. Therefore, the top or undesired event is the output of all the input
faults or flawed events that occur. This can be summarised in Figure 9.2.
Generally, the beginning point of FTA is an existing FMECA and a system block
diagram (Rausand & Hoyland, 2005). FMECA is a critical step in understanding
the process or system. Here, we have to understand and analyse the design,
operation and environment of the process or system. Based on a clear view of the
overall system, the causeăand-effect relationship that leads to the top event can
be identified and understood.
In FTA, it is important to understand the basic terms that are normally used in
the analysis. Here are some critical terms that must be understood correctly.
(a) Failure: „something has broken‰;
(b) Fault: „something does not perform the action you desire, even though it
operates as designed‰;

(c) Primary failure: „a failure that occurs under normal operating and
environmental conditions‰;
(d) Secondary failure: „a failure outside of normal conditions‰; and
(e) Command fault: „occurs when a component performs as designed but

produces the output signal at the wrong time‰.
Figure 9.2: The basic methodology of input faults that lead to an undesired event in FTA
In FTA, the symbols are split into four groups, namely:
(a) Primary event symbols;
(b) Intermediate event symbols;
(c) Gate symbols; and
(d) Transfer symbols.
All the definitions of the group and its symbols are summarised in Table 9.1. It is
very important that the user understands and grasps the definitions and symbols
to generate an accurate FTA.

Table 9.1: Fault Tree Symbols
Description Fault Tree Symbols

1. Primary Event Symbols - it is the end event, for one reason or another; they do not
need to be studied further.
BASIC EVENT ă a basic initiating fault requiring no further
development.
CONDITIONING EVENT ă specific conditions or

restrictions that apply to any logic gate (used primarily
with PRIORITY and INHIBIT gates).
UNDEVELOPED EVENT ă an event which is not further

developed either because it is of insufficient consequence
or because information is unavailable.
EXTERNAL EVENT ă an event which is normally expected

to occur.
2. Intermediate Event Symbols

INTERMEDIATE EVENT ă a fault event that occurs
because of one or more antecedent causes acting through
logic gates.

3. Gate Symbols
AND ă output fault occurs if all of the input faults occur.
OR ă output fault occurs if at least one of the input faults

occurs.
EXCLUSIVE OR ă output fault occurs if exactly one of the

input faults occurs.
PRIORITY AND ă output fault occurs if all of the input

faults occur in a specific sequence (the sequence is
represented by a CONDITIONING EVENT drawn to the
right of the gate).
INHIBIT ă output fault occurs if the (single) input fault

occurs in the presence of an enabling condition (the
enabling condition is represented by a CONDITIONING
EVENT drawn to the right of the gate).
4. Transfer Symbols
TRANSFER IN ă indicates that the tree is developed
further at the occurrence of the corresponding TRANSFER
OUT (for example, on another page).

TRANSFER OUT ă indicates that this portion of the tree

must be attached at the corresponding TRANSFER IN.
Source: Bahr (1997)
It is not difficult to construct a fault tree. However, we must follow a few rules
and several useful rules can be found in the Fault Tree Handbook (NUREG-0492)
from the US Nuclear Regulatory Commission. Some of the rules are as follows
(Bahr, 1997):
(a) Write clear and precise statements that are captured as faults in the event
symbols, describing what faults and when they occurred;
(b) Is this fault a component failure or system failure? If it is a component

failure, add an OR Gate below the event and look for primary, secondary
and command modes. If it is a system failure, look for the minimum
necessary and sufficient immediate cause or causes;
(c) If a fault is going to occur, it must occur;
(d) All the inputs to a specific gate should be completely described before
additional study of any of them is undertaken; and
(e) Define the fault event to the gate inputs correctly. Gates should not connect
directly to other gates.
Qualitative analysis of FTA can be done using a simple Boolean algebraic

manipulation (Bahr, 1997). There is a standard Boolean manipulation rule that
can be referred to in reference books. Then, it can be quantified by applying
probabilities or frequency of occurrence for each event fault. By combining the
Boolean manipulation with the probabilities or frequency of occurrence, we can
determine the top-event probability.
9.5 FAULT TREE: AN EXAMPLE

A company president recognised that its personnel evaluation system was not
effective in motivating its employees and charged the personnel department with
improving it. As part of the initial analysis of the existing system, FTA was used
to identify the different ways that the evaluation system could fail and lead to
demotivation (Figure 9.3).

Identified failure areas were investigated further, and a new system was based
on corrections of these failures. As a result, motivation increased significantly.
Figure 9.3: An example of a Fault Tree

Source: http://syque.com/quality_tools/toolbook/FTA/example.htm
ACTIVITY 9.1
1. Construct a Fault Tree Analysis for a car accident on the road.
(just a Fault Tree diagram will suffice, without the need for
qualitative and quantitative analysis)
2. Discuss the advantages and disadvantages of the Fault Tree

Analysis in comparison to other hazard analysis tools.

 Fault Tree Analysis (FTA) can be used to predict and prevent accidents or as
an investigation tool after-the-fact.
 FTA is an analytical methodology that uses a graphic model to display the

analysis process visually.
 A fault tree is built using special symbols, some derived from Boolean
algebra. The resultant model resembles a logic diagram or a flow chart.
 Fault Tree Analysis is a logical method of analysing how and why a disaster
could occur. It is a great technique for working out the overall probability of a
catastrophic event occurring such as a melt-down in a nuclear power plant
where the substantial cost involved is obviously necessary.
 Experience, deliberate care and systematic analysis are very important in

constructing fault trees.
Boolean Qualitative
Fault Tree Analysis (FTA) Quantitative
Investigation Top event
Logic diagram

Clemens, P. L. & Sverdrup, J. (1993). Fault tree analysis: Steps in fault tree
analysis. Retrieved from http://www.fault-tree.net/papers/clemens-fta-
tutorial.pdf
Ericson, C. A. (1999). Fault tree analysis. Retrieved from http://www.fault-

tree.net/papers/ericson-fta-tutorial.pdf

Goetsch, D. L. (2005). Occupational safety and health for technologist (5th ed.).
New Jersey, NJ: Pearson Education Inc.
Rausand, M., & Hoyland, A. (2005), System reliability theory: Models, statistical
methods and applications (2nd ed.). New Jersey, NJ: John Wiley & Sons.


http://www.classnk.or.jp/hp/Rules_Guidance/Guidelines/riskgl.pdf

Topic  Failure Mode
10 and Effects
Analysis
(FMEA)
LEARNING OUTCOMES
1. Define Failure Mode and Effects Analysis (FMEA);
2. Describe the benefits and limitations of FMEA; and
3. Explain the FMEA process.
 INTRODUCTION
High product reliability is essential to the survival and success of modern
industries. Having a product that fails during usage is almost equivalent to
losing a customer. Therefore, in this topic, we will learn about Failure Mode and
Effects Analysis (FMEA). FMEA is a structured procedure for identifying and
preventing as many potential failure modes as possible in the processes of
product design and manufacturing in any industry.
FMEA also encourages strong team participation amongst different departments,

resulting in the rapid and complete delivery of information required to design
products in time to prevent failures. The importance of FMEA is evidenced by its
inclusion as one of the most powerful tools of ISO/TS 16949:2002 and Six Sigma.
We will first learn the definition of FMEA, and then, we will learn about its
benefits and limitations, and finally, the process of FMEA.

144  TOPIC 10 FAILURE MODE AND EFFECTS ANALYSIS (FMEA)
10.1 DEFINITION OF FMEA

What does FMEA stand for? FMEA stands for Failure Mode and Effects Analysis.
FMEA is a reliable analysis method often used to pick out fault factors. It is a
technique wherein a system placed under a certain environment is focused upon.
An assessment from the quality improvement perspective to prevent faults and
to reduce faults is performed by a team of experts.
FMEA was first developed for use by the US military. It has also been used for a
long period for space development by National Aeronautics and Space
Administration (NASA). Currently, it is being applied in various fields. For
example, the International Maritime Organization (IMO) has stipulated FMEA as
the safety assessment method to be implemented when constructing high speed
vessels.
There are a number of standards that are often used to specify the approach and
format to be used for FMEA. The major standards are:
(a) British Standard BS5760 Part 5:1991;
(b) US Military Standard MIL STD-1629A, Notice 2 dated 28 November 1984;
(c) UK Defence Standard 00-41/Issue 3, dated 25 June 1993; and
(d) Society of Automotive Engineers (SAE) ARP926A, dated 15 November

1979.
All of the standards adopt a similar approach but differ slightly in the level of
detail required. Use of a particular standard is usually specified as a preference
by whichever industry client is the end-user. For example, defence contracts
specify the Defence Standard whilst aerospace contracts specify the MIL STD.
The British Standard is a recent addition to the range of standards, although
many users within the offshore and process industries still specify the MIL STD
as their preference.
SELF-CHECK 10.1
Define FMEA.

TOPIC 10 FAILURE MODE AND EFFECTS ANALYSIS (FMEA)  145
10.2 BENEFITS AND LIMITATIONS

Now, let us take a look at the benefits of conducting an FMEA:
(a) It provides an auditable method for the identification of equipment failure

modes and resulting consequences or hazards;
(b) It avoids the need for costly equipment modifications in service by

identifying problems early in the design process;
(c) It provides an objective basis upon which to decide on potential corrective

actions;
(d) It identifies single point failures and requirements for redundancy or safety
systems;
(e) It can identify non-compliance with regulatory requirements;
(f) It provides input to the development test programme to highlight key

features to be tested;
(g) It assists in the definition of maintenance strategy and can be used as the
basis for the failure diagnosis sections of maintenance manuals;
(h) It identifies the need for a built-in test or suitable testing provisions in
service;
(i) It aids communication between the various engineering disciplines

involved in the project; and
(j) It ensures that the reliability engineer has a thorough understanding of the
operation of the system under analysis.
However, there are still some limitations of the technique such as:
(a) It can only be used to identify single failures not combinations of failures;
(b) Unless adequately controlled and targeted, it can be time consuming and
costly;
(c) It can be difficult and tedious for complex multi-layered systems; and
(d) It is not suitable for quantification of system reliability.

In order to address these limitations, it is important to concentrate upon those

areas of the system where maximum benefit can be achieved. The systems and
levels to be covered should be agreed upon by all the interested parties such as
maintenance engineers and design engineers, to ensure that the FMEA analysis
output meets the requirements of the users of the analysis. For example,
maintenance engineers often identify items as Maintenance Significant Items
(MSIs) and target their efforts on those systems or components. It is important
that the reliability engineer provides FMEAs for those items to allow the
maintenance engineer to complete his analyses effectively.
SELF-CHECK 10.2
Describe the key benefits of FMEA.
10.3 FMEA PROCESS

There are a number of steps that are important in the successful completion of an
FMEA. These are:
Step 1: Obtain all necessary information on the system to be analysed.
Step 2: Establish ground rules and assumptions for the analysis.
Step 3: Construct a hierarchical block diagram for the system.
Step 4: Conduct the FMEA based upon the information derived in Steps 1 to 3.
Let us have a look at each step in detail.
10.3.1 Obtaining Information

The first step is to obtain all necessary information on the system to be analysed.
In order to complete the analysis, it is necessary to obtain as much of the
following information as possible:
(a) Drawings of the item or system under analysis;
(b) Drawings showing the relationship of the item under analysis with the
overall system or plant;
(c) Details of expected materials of construction;
(d) Details of process parameters, pressure, flow, temperature, etc;

(e) System inputs and outputs;
(f) The expected operating environment;
(g) Expected equipment utilisation; and
(h) Operator interfaces.
In many cases, the given information is not available in the early stages of a
design. These circumstances usually arise because those features are not given
adequate design attention. One of the roles of the FMEA is to ensure that the
design team understands the need and the benefits of having this information
available early in the project definition phase. This will save costly time delays
and misunderstandings later in the project. Therefore, it is important that the
reliability engineer has adequate management support to ensure that this
information is made available at an early stage.
10.3.2 Ground Rules and Assumptions

The second step would be to establish ground rules and assumptions for the
analysis. In order that the analysis adopts a consistent approach, it is necessary to
establish the ground rules and assumptions under which the FMEA will be
completed. To this end, any assumptions made should be based upon
consideration of how the client will operate the equipment or what materials or
equipment types will be used by the designer. It is useful to generate assumption
record sheets which are agreed as acceptable by the client or designer.
Typically, the ground rules would establish answers to the following issues:
(a) What constitutes failure?
(b) Should an FMEA be conducted?
(c) Should a hardware or functional approach to be adopted?
(d) What format or standard is to be used for the analysis?
(e) Which level of the system will the analysis start from?
(f) How many indenture levels are to be analysed?
(g) Are human errors to be considered in the analysis?
(h) Is the analysis to consider environmental impacts?

(i) Will the analysis be used as an input to related studies (for example, RCM
or test plans)?
(j) What are the system boundaries?
10.3.3 Construct Hierarchical Block Diagrams of the

System
The third step would be to construct a hierarchical block diagram for the system.
Block diagrams which illustrate the operation, redundancy, interactions and
functional inputs and outputs of the system should be constructed. It may be
necessary to produce a series of diagrams to show both functional relationships
and operating configurations.
It may also be necessary to produce separate diagrams for each mode of

operation, as the various elements of the system may respond differently
depending on the demand placed upon them. It is extremely useful to develop a
hierarchical numbering system for each element of the system, so that it can be
noted which parts belong to which modules and which modules belong to which
subsystem, etc. This numbering system may already exist in the component part
numbering system, but if it does not, it is necessary to define it separately.
An example of a functional block diagram is shown in Figure 10.1.
Figure 10.1: Example of a functional block diagram of a system

Now, let us look at Figure 10.2 which shows the breakdown of the system into its
hierarchical structure.
Figure 10.2: Example of a hierarchical breakdown of a system

Figure 10.3 shows the relationship between the failure effects of the sub-levels
and the failure modes of the next higher level.
Figure 10.3: Example of a relationship between failure effects and failure modes
10.3.4 Completing the FMEA

The final step would be to conduct the FMEA based upon the information
derived in Steps 1 to 3. Due to the number of standards produced for the FMEA
process, a number of different formats have been produced. Each differs slightly
from the other in format for the FMEA table and allocates different priorities to
the various pieces of data they contain. Take a look at Table 10.1, which shows a
typical MIL STD-1629A format, whilst Table 10.2 shows the BS 5760 suggested
format.

Table 10.1: MIL-STD-1629A FMEA Worksheet Format

Table 10.2: BS5760 FMEA Worksheet Format

There are two primary approaches to the completion of an FMEA:
(a) The Hardware Approach

The hardware approach lists individual items and identifies their possible
failure modes and effects. This hardware approach (called the physical
approach in DEF-STAN-0040) considers the detailed arrangement of
components in a system. It uses the „bottom up‰ approach in considering
the effect of component failures on the unit of which they form a part.
It is normally used when sufficient information is available to uniquely

identify the component parts of a system from the relevant drawings. It can
be started at any level in the hierarchy and can move either up or down
although it is most effective when started at the lowest indenture level of
the system.
(b) The Functional Approach

The functional approach recognises that every item is designed to perform
a number of functions that can be considered as outputs. The outputs are
then all listed and the effects of losing those outputs are considered. The
functional approach is normally used when hardware items (component
parts) cannot be uniquely identified from drawings, or when system
complexity dictates a „top down‰ approach.
It can also be started at any level in the hierarchy and can move either up or
down although it is most effective at the higher levels of system hierarchy.
Generally, it takes less time to complete than the hardware approach
although being a „top down‰ approach; it is possible to overlook the
contribution that a component part or single point failure can have on the
system. It is often used in hazard identification exercises as a formal
method of identifying the effects of functional failures on plant safety.
It should be noted that there is no hard and fast rule regarding the format of the
FMEA table. Provided it contains the following key information, its appearance
can be modified to suit the needs of the analyst or client. The FMEA worksheet
should contain the following information as a minimum:
(a) System/indenture level

This section describes the level at which the analysis is being conducted.
(b) Reference drawing

The reference drawing section records the drawing number and issue upon
which the analysis is based.

(c) Mission phase or mission type

This is used to record the functional mode being considered by the
worksheet. For example, the failure of a certain component or system may
have an effect on the filling of a vessel, but will have no effect on its
emptying. Both operating modes need to be considered.
(d) Identification or reference number

This refers to the means of uniquely identifying the component or system
whose failure is being considered. This could be the equipment part
number or installation tag number. Remember to also enter its hierarchical
code if this is not obvious from its part or tag number.
(e) Item functional identification or description

This is the component name or primary functional description, for example,
selector valve.
(f) Function
This is a brief description of the itemÊs normal operating function outlining
its primary function and other important functions. For example, the
primary function of a selector valve would be to control the direction of
flow of a fluid; however, it must also operate without external leakage. This
column heading does not exist in the BS5760 format. However, it is
important to be able to recognise all item functions in order to correctly
identify the functional failure modes.
Unless the range of item functions is recognised and recorded, it is difficult

to demonstrate that all failure modes have been identified. It is also
important to recognise the role of the item in alternative or abnormal
operating conditions particularly in safety-related applications.
If we consider the selector valve case, it could be in the control circuit for an
emergency shutdown valve, where its normal function is to allow hydraulic
pressure to reach the valve actuator. In an abnormal or dangerous situation,
its function is to operate by stopping the flow of fluid to the actuator and
venting the hydraulic fluid to the supply tank, which then allows the
actuator to close the valve.
Therefore, a failure mode that has no functional effect in normal operation

could prevent the selector valve operating in a demand type situation,
resulting in failure to close the shutdown valve.

(g) Functional failure mode

This is a brief description of each potential functional failure mode that
should be entered. Each item may have a number of ways in which it can
fail to perform its function. The selector valve could fail to respond to a
control signal, it could leak internally or externally, or it could be blocked
internally restricting flow. It is, therefore, important that we have agreed at
the start of the analysis in our ground rules, exactly what constitutes a
failure. For example, has the selector valve failed when it begins to leak
externally or has it failed only when it no longer performs its primary
function?
These are the examples of typical functional failure modes to be considered.
Ć Loss of output Ć Loss of indication

Ć Loss of flow Ć No amplification
Ć Loss of pressure Ć No filtration
Ć Loss of signal Ć No ignition
Ć Loss of feedback
Now, these are the examples of typical hardware failure modes reproduced
from BS5760 Part 5.
Ć Cracked or fractured Ć Binding/jamming

Ć Distorted Ć Loose
Ć Undersized Ć Incorrect adjustment
Ć Oversized Ć Seized
Ć Fails to open Ć Worn
Ć Fails to close Ć Sticking
Ć Fails open Ć Overheated
Ć Fails closed Ć False response
Ć Internal leakage Ć Displaced
Ć External leakage Ć Delayed operation
Ć Fails to stop Ć Burned
Ć Fails to start Ć Collapsed

Ć Corroded Ć Overloaded
Ć Contaminated Ć Omitted
Ć Intermittent operation Ć Incorrect assembly
Ć Open circuit Ć Scored
Ć Short circuit Ć Noisy
Ć Out of tolerance (drift) Ć Arcing
Ć Fails to operate Ć Unstable
Ć Operates prematurely Ć Chafed
(h) Failure cause

Each failure mode should, in turn, be considered to identify the mechanism
that could cause the failure. In the selector valve case, excessive internal
leakage could be due to seal failure or excessive wear in mating parts.
Failure to respond to a control signal could be due to a seized valve or a
burnt out solenoid.
(i) Failure effects

This column is sometimes subdivided into local effects, next higher effects
and end effects. It is particularly important in identifying how the
functional failure is revealed and diagnosed. It may not be immediately
apparent to the operator or control room staff what is causing the alarm
condition or reduction in output of a system. It is, therefore, important to
trace the functional failures from the level at which they occur, to a level at
which they become revealed.
To continue with the selector valve example, if it develops an external

hydraulic leak, its local effect would be an external loss of fluid. Its next
higher level effect would be depletion in the fluid level in the hydraulic
system tank (which may have only local level indication) but its end effect
would be the spurious closure of the emergency shutdown valve due to the
actuator spring overcoming the residual hydraulic pressure.
This end effect would certainly be alarming to the operators in the control
room. It may be that as a result of the analysis, a decision is taken to install
remote level indication on the hydraulic supply tank to prevent the initial
item failure escalating to an event causing loss potential of production.
However, unless the failure effects are considered fully, key events may be
overlooked.

(j) Failure detection method

This column requires a description of the means by which the failure effect
is detected. In the case of the selector valve, the local external fluid leak
may be visually detected by a walk round inspection, the depletion of the
fluid in the supply tank may be detected by a technician recording readings
locally and detecting a downward trend, or the remote valve position
indication in the control room will indicate an out of position shutdown
valve to the control room staff.
(k) Compensating provisions

This section details whether the onset of the failure mode can be avoided or
its effects mitigated. Typically, this would involve operator interventions,
system redundancy or de-rating of component loading.
(l) Severity class

This is a guide to the severity of the functional failure mode in terms of its
end effects. It provides an essential guide in focusing on the safety-related
effects of the various failure modes. Five severity categories should be
considered; these are shown in Table 10.3, together with their reference to
the applicable standard, where possible.

Table 10.3: Examples of Failure Mode Severity Classes

It can be seen that in three cases, the numbering classification goes from 1 (most
serious) to 5 (least serious) whilst in the case of BS5760, the opposite is true.
Analysts must establish in their ground rules and assumptions what the severity
classification philosophy will be, in order to avoid confusion either internally or
with the client.
SELF-CHECK 10.3
1. Explain the systematic FMEA process.
2. Describe how to record FMEA findings.
 Failure Mode and Effects Analysis (FMEA) is a method designed to identify

potential failure modes for a product or process, in order to assess the risk
associated with those failure modes, to rank the issues in terms of importance
and to identify and to carry out corrective actions to address the most serious
concerns.
 There are two primary approaches to the completion of an FMEA. One is the
hardware approach, which lists individual items and identifies their possible
failure modes and effects. The other is the functional approach, which
recognises that every item is designed to perform a number of functions that
can be considered as outputs.
 It should be noted that there is no hard and fast rule regarding the format of
the FMEA table. Provided it contains certain key information (discussed in
this topic), its appearance can be modified to suit the needs of the analyst or
client.
Fault factors Quality improvement

FMEA Team of experts

Bahr, N. J (1997). System safety engineering and risk assessment: A practical


www.classnk.or.jp/hp/Rules_Guidance/Guidelines/riskgl.pdf
OSH Risk Management Module. Executive Diploma in OSH: IPD-NIOSH.


MODULE FEEDBACK
MAKLUM BALAS MODUL
If you have any comment or feedback, you are welcome to:
1. E-mail your comment or feedback to modulefeedback@oum.edu.my
OR
2. Fill in the Print Module online evaluation form available on myINSPIRE.
Thank you.
Centre for Instructional Design and Technology

(Pusat Reka Bentuk Pengajaran dan Teknologi )
Tel No.: 03-27732578
Fax No.: 03-26978702


Xbra3103 PDF

Încărcat de

Informații document

Titlu original

Drepturi de autor

Formate disponibile

Partajați acest document

Partajați sau inserați document

Opțiuni de partajare

Vi se pare util acest document?

Este necorespunzător acest conținut?

Drepturi de autor:

Formate disponibile

Xbra3103 PDF

Încărcat de

Drepturi de autor:

Formate disponibile

Faculty of Science and Technology

Copyright © Open University Malaysia (OUM)

Copyright © Open University Malaysia (OUM)

Module Writers: Mohd Taufik Husain

Moderator: Suhaila Abdul Hamid

Developed by: Centre for Instructional Design and Technology

First Edition, December 2011

Copyright © Open University Malaysia (OUM), August 2016, XBRA3103

Copyright © Open University Malaysia (OUM)

Topic 1 Introduction to OSH Risk Management 1

Topic 2 Hazards Identification 13

Topic 3 Risk Assessment 22

Copyright © Open University Malaysia (OUM)

Topic 4 Risk Control 40

Topic 5 Job Safety Analysis (JSA) 51

Topic 6 Task Analysis 64

Copyright © Open University Malaysia (OUM)

Topic 7 Hazard and Operability Study (HAZOP) 87

Copyright © Open University Malaysia (OUM)

Topic 8 Structured „What if‰ Technique (SWIFT) 112

Topic 9 Fault Tree Analysis (FTA) 131

Topic 10 Failure Mode and Effects Analysis (FMEA) 143

Copyright © Open University Malaysia (OUM)

Copyright © Open University Malaysia (OUM)

COURSE GUIDE DESCRIPTION

As an open and distance learner, you should be acquainted with learning

Copyright © Open University Malaysia (OUM)

Table 1: Estimation of Time Accumulation of Study Hours

1. Describe the concept of OSH risk management;

2. Conduct risk assessments (assuming the presence of necessary technical

5. Monitor and review risk assessments.

Topic 1 gives an introduction to OSH risk management. It covers the commitment

Topic 2 describes hazard identification. It includes a discussion on hazards at the

Copyright © Open University Malaysia (OUM)

Topic 6 describes task analysis. It includes a discussion on task analysis, creating

Topic 7 explains Hazard and Operability (HAZOP) study. It elaborates on the

Topic 8 discusses the Structured „What-If‰ Technique (SWIFT). It covers the

Topic 9 discusses Fault Tree Analysis (FTA). It includes a discussion on FTA,

TEXT ARRANGEMENT GUIDE

Copyright © Open University Malaysia (OUM)

Self-Check: This component of the module is inserted at strategic locations

Activity: Like Self-Check, the Activity component is also placed at various

References: The References section is where a list of relevant and useful

Copyright © Open University Malaysia (OUM)

Guidelines for Hazard Identification, Risk Assessment and Risk Control

International Electrotechnical Commission (IEC). (2001). IEC 61882 Hazard and

Occupational Safety and Health Management Systems ă Part 1: Requirements.

OHSAS 18001:2007 Occupational health and safety management systems ă

Ridley, J., & Channing, J. (1999). Risk management. Oxford, England:

TAN SRI DR ABDULLAH SANUSI (TSDAS)

Figure 1.1: Workplace safety signs

Copyright © Open University Malaysia (OUM)

1.1 MANAGEMENT COMMITMENT IN

(a) Legal requirements

(b) Social perspective

(c) Financial aspects

Copyright © Open University Malaysia (OUM)

(d) Human factors

1. Why is it important to manage OSH at the workplace?

2. What is the role played by top management in managing OSH at

1.2 OSH RISK MANAGEMENT TERMINOLOGY

Table 1.1: Commonly used OSH Terminology

Copyright © Open University Malaysia (OUM)