In this article, Robert Lubbe joins me in exploring risk and the methodologies to determine the likelihood of a risk occurring needed to give the risk owner the information needed for the age-old question. "What is the likelihood of this occurring?" and "What level of risk control is needed in order to demonstrate due diligence?" We also explore the role of the Safety Professional to realise a world of work where reputable practitioners add value by guiding the risk owners to embed safety into business practice.

illustrations by Heinrich Havemann

“There are seven million people in Moscow, I think we are pretty safe here”, said the Professor as the shrill shriek of an air raid siren sounded. His friends rushing to a nearby air-raid shelter whilst the Professor remained at home. This would go on night after night until one night... the professor, who specialised in statistics, stumbled into the shelter, his face pale and visibly shaken. His friends looked up all surprised to see the professor there. The professor looked at them and said:

“There are seven million people in Moscow,” and one elephant. Last night they got the elephant!”

This event occurred several weeks into the air raid campaign by the Germans against the Kremlin during World War II. But the professor had it all wrong, the odds of getting hit didn't stack up against the elephant, nor did it increased because the elephant got hit. The risk remained exactly the same regardless of whether you were elephant or professor – they were still part of the 7 million Muscovites exposed to the risk. The likelihood of being hit in any of the air raids remained the same, so, now the question is posed: what was the likelihood really of being hit? It seemed pretty high if there was a raid on Moscow every night and you chose to remain outside in the open. It would diminish however, if you chose to seek shelter in an air-raid bunker.

Fast forward to 2004 to a military camp south of Baghdad where I worked for a company contracted to rebuild the electrical infrastructure of Iraq. We were installing four large gas turbines to feed energy into the national grid feeding Baghdad. Adjacent to our camp a few hundred meters down the road was a US Marine base which housed the original electrical facility. Needless to say, this was a prime target for the insurgency hell-bent on derailing the progress. As the mortars started coming in one day, I started running to the nearby shelter only to be told by one of the experienced Private Security Operators to slow down. “Take a walk, it's safer than to fall and get caught out in the open.” He went on telling me that as long as you can hear the whistle of the mortars you are okay as it means that it is overshooting your position. We made our way to the shelter in an orderly fashion. As we huddled down together in the bunker white-faced and a bit shaken up, we heard the mortars exploding in the base next door. This time around it was me who was wrong. I overestimated the likelihood of a risk occurring, i.e. being hit.

In both these examples, something was missing. As people would often ask me: “…so what is the likelihood of that risk realising?” It is possibly one of the most difficult questions any risk professional could be asked because we don't really know. Sure we have tools and formulas we could use to determine the likelihood, but in the end, it is just that, a possibility. In both examples, the risk was not well understood, in the first, it was underestimated and in the second it was overestimated. It's perhaps better to overestimate risk and to err on the side of caution, as I did when running away, or perhaps to the mortars... what we refer to here is the perception of risk. The perception of risk is like the blind men touching and describing what it feels like to touch an elephant. The story has it that in ancient India seven blind men, who have never before touched or seen an Elephant, took turns to touch and describe an Elephant. The problem was that none of them were touching the same part of the elephant. Thus, describing what a tusk feels like would be very different to a foot, for example. You can just imagine what happened. It is the same problem with risk perceptions. The risk of being bitten by a cobra, for example, would be very different for a snake charmer to what it is for someone who has never before seen or handled a snake.

When I was a teenager, I had a poster on my wall of a rock climber on a cliff face with the words: "We are not afraid of falling, we are afraid of what falling is going to feel like." I remembered these words years later in the army when I did my first parachute jump and it was true, the feeling of falling is actually quite terrifying until you realise that you are in control. You may not always be able to totally control the arrival, but that’s life. But, this is the thing with parachuting, it is actually very enjoyable and as the saying goes, “…the most fun you could have with your clothes on.” Sadly, most people will never get to enjoy the thrills of parachuting as they are just too scared of what it would feel like to fall.

So what does a professor in statistics, a snake charmer, 7 blind men, an elephant and a risk management professional who jumps from aeroplanes got to do with this? It relates to our varying degrees of risk perception, let me explain, in each of these examples, the risk, and in particular, the likelihood of the risk realising, was not fully appreciated.

The professor believed that because there are 7 million people in Moscow, the risk of him dying in an air raid was low. This all changed when the only elephant in Moscow was killed during an air raid. In reality, nothing changed. Same risk, same place, same enemy, just one less elephant. So, why then, did it need the death of an elephant to change the professors’ mind?

According to research, you have a better chance of dying by being hit with a coconut lying under a palm tree on a tropical island, than dying whilst parachuting.

What about the snake charmer? According to statistics snake charmers actually have a very real chance of getting bitten by the snakes they handle, thus apparently, they pull the fangs of the snakes, thereby eliminating the risk of being bitten. The reality is, as long as you put people and snakes together, there will be bites. That's the thing with risk, when you are exposed to a risk which is uncontrolled, it is not a matter of if but when. That's the basic law of averages.

Is there any value then in asking, What is the likelihood?, or even better, When is this going to happen? According to a google search, COVID-19 is not a Black Swan event, thus meaning it couldn't have been foreseen. All evidence, however, points to the fact that scientists have, for years, said that an epidemic with flu-like symptoms will come from China. Then why the surprise when COVID-19 hit us in early 2020? Scientists have always said, “it is not a matter of if but when." In the days following the first lockdowns around the globe people were echoing the sentiment that this is unprecedented. Unprecedented maybe, but not unforeseen. Another example, When will an earthquake occur? or What is the likelihood of a gas escape in an ammonia plant? In each of these examples, it is likely to occur at some point in time. It could be once in a hundred years, as is the case with a pandemic like COVID, or it may be more often, for example, earthquakes or gas leaks, the latter which may happen for sure if there wasn't maintenance done on the plant. These events are called Black Elephants. I often hear people say, “…when has this ever happened before?” when referring to a risk, followed by them saying that there is no proof that it would happen, therefore, they would not put controls in place to manage the risk. Great! It’s like arguing that there is no evidence that a country may be invaded by an enemy, so they’ll disband their military forces.

This is the Paradox a Risk Manager faces all too often. The solution to this is reasonable and proportionate risk control called Sensible Risk Management. All too often risk managers and safety people go excessive on controls, thereby losing credibility and buy-in from the business they support. So, the first step after identifying the risk is to determine the likelihood of that risk realising. This is also the hardest part if you, as a Risk Manager, are seeking to achieve assurance that the risk is effectively managed. How do we determine the likelihood of risk, when in many cases, it is just a guess, a probability guess at most, based on a hunch or a feeling? It is for this reason that the likelihood estimation is often based on the individual Risk Managers’ experience and knowledge of risk. The perception of risk would vary dramatically depending on experience and understanding of the risk, for example, a professional snake handlers’ determination of the likelihood of being bitten, will be very different from a person who has never handled a snake.

Let me explain, in high-risk activities like working at heights, you are not able to lower the risk of working at height. High will forever remain high. But this brings us to that first step in risk management – to identify and understand the risk. In working at heights it is not the height that is the actual risk, it is the falling from heights that is the actual element of the risk that need to be controlled. The same applies to the snake-handling. The risk is not the snake, but being bitten by the snake, that is the risk that needs to be controlled. And for determining the best possible way of controlling risks, we refer back to, and follow the hierarchy of risk control with elimination right at the top, followed by engineering controls or substitution, administrative controls like signs and training and lastly by Personal Protective Equipment (PPE).

The Hierarchy of Risk Control illustrates what is necessary to control risk. With Elimination the most desirable and Personal Protective Equipment (PPE) the least desirable.

Peter Bernstein says this in the forward of his book Against the Gods: The Remarkable Story of Risk,

The word "risk" derives from the early Italian risicare which means "to dare." In this sense, risk is a choice rather than a fate. The actions we dare to take, which depend on how free we are to make choices, are what the story of risk is all about. And that story helps define what it means to be a human being.

So, how do we then determine (and present), the likelihood of a risk realising? To be worthy of the high vis, a confident Health and Safety practitioner will have you believe that the likelihood estimation of a risk realising is not the analysis of space travel at all (or is it?)

To explain this a little better, I consulted my friend and colleague Robert Lubbe, Health & Safety Management and Risk training professional. He is not new to risk-taking at all. Like the author, Rob served in an elite military unit. He is HALO/HAHO qualified, and a static line and freefall parachute despatcher. Rob explains

Let’s first define Risk Analysis: Risk analysis is the understanding of the identified hazard and the risk it presents; the frequency of exposure to the particular hazard presenting the risk, considering similar historical events and then putting it all together to finally explain the anticipated likelihood of the risk realising and also the possible consequential harm that may result from the interaction. Now, that was a mouth full, but it’s just the beginning of space travel. After getting your head around the aforementioned theory, the only true estimation can be obtained by analysing the data. Data? What data? Historical data. Data relating to the same or similar hazards, presenting the same or similar risks, captured over a period of time when the risk has actually realised and caused harm. When historical data is compared to the present circumstances, it should present a relatively accurate estimation of the likelihood of this risk realising. Yes, it can only ever be an “estimate”, because we do not live and work under laboratory conditions in a fully isolated and controlled environment. There will always be those totally unpredictable factors that enter stage left, like a three-year-old suddenly applauding a sheet wrestling match early on a Sunday morning. The best we can do is to approach the risk from all possible angles, then take an aerial shot and try to think of any and all possible scenarios and outcomes.

Too complicated? Not to fear, it gets better over time. Even seasoned health and safety practitioners, or those that would admit to it anyway, still learn about risk management on a daily basis. It’s like dancing, there’s always a new move to learn and if you don’t step on any toes, you’re not close enough. But there remains a challenge, however, and that is to communicate this estimation to the business or maybe to someone lacking the experience to understand the reasoning behind it all. So, how do we overcome this?

One way of doing so is to reduce the complications of attempting to explain the reasoning and methodology of space travel, to a mathematical representation that anybody can understand. And for major risks, you can take it a step further, by comparing the data to baseline information from similar environments/hazards/risks – you guessed it, the historical data! This can be quite useful, especially when the risk assessment is not for a straight forward, single-hazard scenario. So, what would this look like in practice? For a single hazard presenting the risk, the risk can be given a mathematical value, i.e. “Risk Rating” with the help of a Risk Assessment Matrix. To measure the risk rating with the use of the well-known 5x5 risk matrix tool, the numerical values matching the selected levels of Consequence and Likelihood are added together to give the assessed Hazard a Risk Rating.

Here’s an example: Being in an accident while driving a motor vehicle (Hazard) = Consequence: Extreme (5) + Likelihood: Possible (3) = Risk Rating of 8

Based on the Risk Rating outcome, an organisation would then manage this risk through the implementation of the hierarchy of controls (mentioned earlier in the article) and, based on their pre-determined tolerance levels, implement the associated control measures and monitoring frequencies.

One shortfall, however, with using the 5x5 Risk Matrix is that we often see risk managers select Possible (3) for almost all the likelihood ratings. I guess you can argue possible is suitable for any risk, but it’s like choosing the “neither agree nor disagree” on your bank satisfaction survey – it doesn’t really tell the bank if you were happy with the service or if they should fire someone. Similarly, the organisation would not know if they should allocate resources in controlling the risk or just sit and watch to see what happens.

So, how do we get passed this? Do we use a 2x2 risk matrix? For anyone that has been involved with risk management or dealt with risks will know that this won’t work, because risk management is by far not a black or white business, it’s 50 shades of grey! (no pun indented)

The solution here lies in historical data analysis – matching incident records with as many as possible similarities between present hazards, site conditions, core business activities, exposure time frames, etc. The data would shed some light on what the actual likelihood is for a respective risk realising. For those hazards where no data is readily available and the Possible (3) remains the favourite likelihood - the best way to cope with this centre line, fence hovering opinion, would be to ensure that the responding control measures reduce that likelihood rating to Rare as far as is reasonably practicable.

Ok, risk assessment done! But what about complex sites with multiple contributing factors competing for a top position on the risk matrix outcome?

Back to our snake charmer – estimating the likelihood, and controlling the risk of being bitten by a single snake is one thing, but for the purpose of explaining the concept, National Geographic Channel tells us that snakes are twice as aggressive during the day than at night, because that’s usually their nap time. Additionally, NGC also states that snakes are half as aggressive from January to June due to mating season. Firstly, this adds a number of new flies to the ointment to consider, but all with the same risk to the handler – of being bitten. Secondly, there are external factors that must be considered at the time of the risk assessment. Trying to present the likelihood of a bite occurring in this scenario to, let’s say, the show manager, while also trying to explain the different levels of impact the various contributing factors may have, would probably require a thesis on risk analysis. And even then, good luck with getting your point across.

So, back to the math, we go...

The standard 5x5 Risk Matrix can still be implemented to determine a risk rating for the scenario outlined above, because there is a likelihood estimation of the risk occurring against the consequences, if it did. But because we are still talking about one risk, being bitten by the snake, the consequences would basically remain the same for the purpose of estimating the risk rating; it would just be the likelihood of it realising that would differ, relating to the elements mentioned above. (*If both the consequences and the likelihood would significantly change, it would be better to do multiple assessments). So, due to the fact that there are numerous conditions surrounding the same hazard, with some posing a bigger influence than others on the likelihood, under certain conditions, for example, the time of day and the time of year, the rating of the likelihood vs. the consequences cannot be simply added together. This would result in busting the bank on the risk rating score.

The way to get passed this, is for the selected ratings to be multiplied and divided. This multiplication function will, of course, influence the overall risk matrix scoring levels and result in the risk ratings to span from 1 to 25 (with a risk rating out of 25), instead of 2 to 10 (with a risk rating out of 10) when addition was used.

Let’s use our snake handler as a test run to show how this would work in practice: (*as a simple example, no control measures were considered)

Firstly, the scenario in which, and for which, the risk assessment is done – this is a very important aspect and an element often ignored in risk assessments:

A risk assessment is required for a snake charmer to perform at an evening show in June. The snake to be used is standard issue with fangs and all.

The Risk Matrix: 5 x 5 (score between 1 and 25 due to multiplication)

The Risk: Being bitten by the snake during the show

Consequences: Extreme (5) as this snake has odontophobia, so it did not have its fangs removed

Likelihood: From historical data, the likelihood of a snake charmer being bitten is Likely (4)

Influencers on the likelihood

Likelihood Influencer 1: Evening show – double (x 2) the likelihood due to being at night (from historical data)

Likelihood Influencer 2: June – half (x 0.5) the likelihood due to mating season (from historical data)

There are two elements that could influence the likelihood for this risk, so the Risk Rating calculation would look something like this:

Risk Rating = Consequence (C) x Likelihood (L)

After incorporating influencers into the equation, it would look like this

= ((2 x (C x L1)) + (0.5 x (C x L2))) / (2 + 0.5)

= ((2 x (5 x 4)) + ((0.5 x (5 x 4))) / 2.5

= (40 + 10) / 2.5

= 12 (out of 25)

Of course, these calculations could become quite complex and challenging depending on the level of detail that is considered, and as with anything done, a few practicalities need to be brought into consideration before you ascend into space travel, such as the actual risk being assessed and how serious the outcome could be; resource availability for the analysis; reasonably practicable control measures and also the appetite of the organisation to implement effective risk management.

Let’s define Risk Analysis: Risk analysis is the understanding of the identified hazard and the risk it presents; the frequency of exposure to the particular hazard presenting the risk, then putting it all together to finally explain the anticipated likelihood of the risk realising and possible consequential harm that may result from the interaction. Robert Lubbe

In his explanation, Rob has done two things, he considered the risk to understand it and then applied the conditions that could affect the risk. This presented the details for assessing the risk, to finally estimate the likelihood and consequence of taking the risk, because let’s face it, there will always be an element of risk-taking.

Do we really have to strive to eliminate all risks?

The question can be presented: Is this an acceptable level of risk-taking or does it borderline recklessness? Sadly, few safety professionals get this and are constantly trying to eliminate all risks at a huge cost. If you think about this, it would make sense that this could be the reason why many organisations lose faith in their risk managers or consultants. It’s time to stop trying to wrap everything and everyone in bubble wrap and cotton wool. Being practical, realistic and striking the balance, this is the key. Few people will experience the thrills of parachuting purely because they do not understand the risks involved and th