Software – BIRA’s Integrated Risk Analysis and Management Software
In risk assessment various risk analysis techniques can be applied to quantify the risk as well as to determine those specific issues or components that should be managed to reduce the risk to an acceptable level. Risk is inherent to every business and therefore Risk Assessment is a key component of the Risk Management process. Risk Assessment is not only applicable to those events that may impact on the health and safety of employees, for this will only deal with part of the overall risk that have to be managed to make any business enterprise profitable. To obtain a holistic picture of the risk exposure of any business, the following five categories should be assessed:
- risk to employees;
- risk to equipment/facilities;
- risk to the public;
- risk to revenue;
- risk to the environment.
The role of Risk Assessment in the Risk Management process is explained in Figure 1.
Figure 1. The risk Management Process
Risk Analyses techniques that can be used in the Risk Assessment are:
- SCHIRP (Systematic Comprehensive Hazard Identification and Risk Profiling technique)
- HAZOP (Hazard and Operability Study)
- FMEA (Failure Mode and Effect Analysis)
- FTA (Fault Tree Analysis) and
- ETA (Event Tree analysis).
Baseline Risk Assessment tool (based on the “What-if” technique), which considers complete or sub-systems. It requires a team to evaluate the consequences of hazards, which might result from various potential failures or errors. The team also assesses the likelihood of an accident, the potential consequences and the control measures to prevent or mitigate the consequence should it occur. The outcome of a SCHIRP study is a baseline risk profile.
BIRAM software is developed to assist companies in Risk Management. BIRAM software is structured in such a way that a baseline risk profile at any level in the organization, including its details, can be viewed and printed, Further the risk profiles at lower levels can be incorporated in a higher level risk profile, in which the origin of each specific risk is also indicated. Once the information is keyed in, a report can be generated by the click of a button. BIRA will facilitate a baseline risk assessment study during which the system will be tailor made for any specific type of operation. Once this is done, the BIRAM software can be used to manage and update the baseline as and when necessary.
The BIRAM program takes away time consuming calculations and graph production in spreadsheets. Considering that this is automatically generated in the software, management reports can easily be generated by the click of a button.
As the software allows the user to print a report for a specific sub division of the organization and for a specific risk category, it becomes a valuable tool for risk management at any level in the organization.
This program also highlights control measures that have to be put in place to reduce the risk to an acceptable level.
The BIRAM program provides the user with valuable information about the overall risk categories in the organization, which may lead to certain overall risk management strategies.
From the Baseline Risk Assessment it should be decided which risks could be tolerated, should be treated or transferred. In the event where the risk cannot be reduced to an acceptable level, termination of the specific operation resulting in this unacceptable risk should be considered.
In some events it may be obvious that by putting a specific control measure in place, will reduce the risk to an acceptable level. In other events it may not be obvious and it could be necessary to use more detailed risk assessment techniques such as HAZOP, FMEA, FTA or ETA, to identify the parameters that will sufficiently reduce the risk. This is referred to as Issue Based Risk Assessment. These techniques can be accessed from the BIRAM program and the reports linked to a specific issue or group of issues in the Baseline Risk Assessment. Actions required to reduce a specific risk are linked to action sheets which are email driven.
When the necessary control measures are in place to adequately reduce a specific risk, Risk Control becomes necessary to assure that these safeguards are adhered to. The process of Risk Control is explained in Figure 2.
Figure 2. Risk Control Process
Inspections and audits are referred to as Continuous Risk Assessment and incident and accident investigations may result in Issue Based Risk assessments.
To assist in Continuous Risk Assessment an incident reporting and audit system is incorporated in the BIRAM software and linked to all the relevant functions in the program so as to close the loop.
Any deviation that is detected during these activities should result in corrective action and consequential updating of the Baseline Risk Profile in Figure 1. The risk management process thus becomes a continuous process throughout the lifespan of an operation.
To keep track of changes to identified risks in order to manage them in a cost effective manner, can become a burden in any business. The BIRAM Software is specifically designed to eliminate this burden and to add value.
Basic BIRAM Functionalities
BIRAM runs in Internet explorer in “DotNet (.Net) framework” on a SQL server.
- Advanced security system: Every user will have a predetermined menu linked to his password, which will give him certain rights to view, change, print in the different levels of the organization tree (complete matrix system).
- Different currencies can be selected for reports.
- The program has two matrices (financial and word based) which are linked.
- The front face of the program can be changed to any language (can even be changed by the client)
- Risk profile for each function/division.
- Unique numbering/identification of issues and the associated control measures.
- Each risk can be categorised (i.e. Safety, Health, Environment, Quality, etc.)
- Risk profile for each risk category (i.e. Safety, Health, Environment, Quality, etc.) for each domain.
- Risk profile at any pre-selected level in the organization.
- Risk profile for each risk category at any pre-selected level in the organization.
- Baseline correlation with pre-determined previous baselines to monitor progress.
- Action plan per function/division (domain)
- Selection of actions per person and or due date for a specific domain or for all domains.
- Flagging of outstanding actions or actions that have to be completed in a pre-selected period (e-mail driven).
- Updating of the risk profile, after completion and approval of the outcome of an action on the action sheet, by the click of a mouse.
- Search facility per issue number, word or phrase.
- Compilation of a report on the search results.
- Accident and incident reports linked to a specific issue (e-mail driven)
- Actions from incident and accident reports linked to the applicable action sheet.
- Issue based risk assessments linked to a specific issue or group of issues.
- Direct link to procedure directory and individual procedures
- Direct link to previously compiled issue based risk assessments and relevant documentation
- Statistical analysis of data for each domain regarding hazards, risk value, contribution to overall risk etc.
- Deactivation of a specific domain in the event of mothballing without loss of data.
- Activation of deactivated domain.
- Relocation of a domain in the event of restructuring in the organization.
- Audit list/report per domain and a combination of domains where each control measure can be evaluated for adequacy, applicability, adherence to, etc.
- Updating of the risk profile from the outcome of the audit with click of a mouse.
- Compilation of the reports in a MS Word, HTML or PDF format using SQL Reporting Services
- Audit reports per domain and updating of risk profile from the audit outcome
- Access to the database (via a server) by any number of pre-selected employees. Individual and site license (unlimited number of users) available.
BIRA is South African agent for the following software of ISOGRAPH LIMITED, namely: