Risk scoring using your CMMS

David Berger says ensure that you focus on the right work on the right assets at the right time.

By David Berger

1 of 2 < 1 | 2 View on one page

With growing automation and more complex assets comes growing risk, where risk is defined as the probability and impact of a negative consequence. In the world of asset management, negative consequences can take many forms, such as premature failure, a more catastrophic failure than anticipated, or an incident or near miss involving an asset. This is why regulatory bodies have increased their vigilance and reporting requirements in almost every industry. It is also why accurate risk scoring using your CMMS has risen in importance.

This column provides guidelines and considerations in establishing a risk score. Whatever method you use to generate a risk score must be simple to learn and use, but sufficiently comprehensive to be effective in managing total risk.

Objective of a risk score

An effective risk scoring model helps you find the right balance when trying to

  1. Minimize risk
  2. Maximize asset performance and reliability
  3. Minimize the total cost of ownership for your physical assets

Risk scoring ensures you focus on the right work on the right assets at the right time, in order to manage the tradeoffs above. Too much attention spent on mitigating every risk is very expensive, but so is ignoring a risk that is highly probable and carries catastrophic consequences. These extremes are obvious, but risk scoring helps manage the more nebulous middle ground.

When to risk score

The risk score is derived from three components, namely the criticality of things, the priority of work, and change factors that affect criticality and priority over time. These three components are described below and are depicted graphically in Exhibit 1 – A Model for Risk Scoring. Modern CMMS packages can be used to capture all of these components, but have varying degrees of sophistication for generating and changing a risk score over time.

Exhibit 1 - A Model for Risk Scoring

The work program within the CMMS can be used to record a risk score on job plans for all expected or planned work, including job plans triggered by asset failure, condition, or usage (i.e., time, meter, or event). For all unexpected or unplanned work generated from compliance audit deficiencies, vendor recalls, events, incidents, an unanticipated condition assessment, and other anomalies, a case is initiated and a risk score is associated with the overall case. As well, all work resulting from that case will be risk scored, such as corrective work to immediately address the issue (e.g., clean a spill and temporarily fix the leak), or work to permanently prevent recurrence (e.g., replace all old piping).

Components of a risk score

The risk score is derived from three components, namely the criticality of things, the priority of work, and change factors that affect criticality and priority over time. These three components are described below and are depicted graphically in Exhibit 1 – A Model for Risk Scoring. Modern CMMS packages can be used to capture all of these components, but have varying degrees of sophistication for generating and changing a risk score over time. Some companies never combine any of the components to formulate an overall risk score, while others use complex algorithms, especially for critical assets and high priority work.

Work Priority – Job plans should be created on your CMMS for all expected work, including at least a single field for “priority”. Priorities can be alphanumeric values ranging from high (e.g., regulatory work, safety inspections) to low (e.g., no safety or production consequence if work not done). For unexpected work, a case or equivalent is opened, and all related work requests will be assigned a priority when initiated (e.g., to repair a safety system that has tripped).

Criticality of Things – When acquiring a new asset, component, or part, almost all CMMS packages allow users to define its criticality. As with work priority, criticality can be an alphanumeric value ranging from high (e.g., safety equipment, equipment required to prevent catastrophic failure, essential part with enormous lead time) to low (e.g., redundant equipment exists, part is cheap and accessible).

Change Factors – This is the most complex component of the risk score and by far the most underutilized. There are change factors that affect the work priority, such as work orders that are past due. There are also ones that affect criticality, such as the age of the equipment. Change factors might affect both these components through the combined risk score, such as environmental conditions, how hard the equipment has been running, and end of life issues.

Change factors can be represented by a comprehensive formula that considers multiple variables. However, sometimes a simple algorithm will suffice: for example, adding 20% to the risk score each day that high priority work on a critical asset is overdue. Additionally, most modern CMMS packages can link escalation of the risk score with their notifications feature. In the example above, suppose the first day the work is overdue an email is sent to the manager, the second day to the VP, and the third day to the President.

Risk categories to consider when scoring

When quantifying criticality, priority, and ultimately a risk score subject to possible change factors, it is imperative to build a model that considers all of the following risk categories:

  • Health and safety risk –incident or near miss
  • Environmental risk – spill of hazardous material
  • Security risk – hack into key equipment
  • Asset reliability risk – key asset fails often or is replaced early
  • Operational risk – delay in production
  • Financial risk – lost profit if customer takes business elsewhere
  • Legal/regulatory risk – non-compliance with local bylaw
  • Reputational risk – poor quality product goes viral
  • Latent risk – competitor with same equipment has explosion

The difficulty, of course, is keeping the model simple yet effective, by making it easy for users to assess the risk across all relevant risk categories each time a risk score is calculated. In some cases, this can be pre-determined such as asset criticality and job plan priorities built into the work program, or automated such as an algorithm for generating a risk score combining the asset criticality and job plan priority. The CMMS can help in this regard with a few simple algorithms.

1 of 2 < 1 | 2 View on one page
Show Comments
Hide Comments

Join the discussion

We welcome your thoughtful comments.
All comments will display your user name.

Want to participate in the discussion?

Register for free

Log in for complete access.

Comments

No one has commented on this page yet.

RSS feed for comments on this page | RSS feed for all comments