Managing risks in Engineering: A Comprehensive Approach

That’s how the world of engineering works, risks in finances, construction, production – everything to do with engineering including H&S is risk managed, partly going back to my post the other day on H&S in engineering but also the costs involved in making a decision. Risk tells us if we should go ahead or not, sometimes regulations state it must be done, but whatever role you play in engineering managing risks comes with the job.

When you work within a business you will undoubtedly come across a meeting where the subject of risk comes up, and that won’t just be about the product, it could be processes related or one of the areas above if not more. Businesses don’t like uncertainty so they attempt to mitigate this by evaluating the risks involved if the decision is taken or not, what are the benefits and repercussions?

Risk Assessment Tools

Take for example the RPN (Risk Priority Number), in my world it determines when a company needs to act (this should be when a threshold score is reached), and processes like FMEA (Failure Mode Effects Analysis) review the risks for two areas – Design and Process for each product.

There are others like Safe Systems of Work that do a similar calculation, others include:

• Fault Tree Analysis (FTA)
• Hazard and Operability Study (HAZOP)
• Hazard Identification (HAZID)
• Event Tree Analysis (ETA)
• Bowtie Analysis
• Layers of Protection Analysis (LOPA)
• Safety Integrity Level (SIL) Assessment
• Root Cause Analysis (RCA)
• Risk-Based Inspection (RBI)
• Preliminary Hazard Analysis (PHA)
• Job Safety Analysis (JSA)

Focus on FMEA

Let’s stick with FMEA and run through how risks are assessed and affect business decisions.

FMEA or Failure Mode Effects Analysis is a risk analysis and mitigation tool used within industries to audit Designs (DFMEA) and processes (PFMEA) to identify the risks, score them and then work on the control plan or the methods you’ll be putting into place to do one of 3 things:

• Eliminate the problem
• Substitute the problem
• Reduce the problem

Each stage is assessed for the risks below and then monitored via the control plan to ensure the issues have been resolved. Once the control plan has been assessed and agreed upon, it is then rescored against the 3 risks to understand how much risk has been removed. If the score is still high then you have to rethink your corrective actions.

PFMEA Process

Looking at PFMEAs – before looking at the risk, we need to go through the work instructions if the process already exists or if you haven’t implemented it, then you need to work out how you’ll produce the product and then perform the PFMEA.

For each stage in your process, identify the steps and assess the risks involved.

The Three Components of Risk Assessment

There are 3 aspects to risk: Severity, Occurrence and Detection.

1. Severity: What is the worst case scenario? How will the customer be affected? How will this affect the operators within the business?
2. Occurrence: How often has this happened? What is the likelihood that this will happen again?
3. Detection: How easy is it to detect the problem?

Every failure mode that we identify within the process (for a PFMEA) or design (for DFMEA) needs to be assessed for the amount of risk they could cause. The severity, occurrence and detection values (1,3,5 or 9) are multiplied together to create the RPN (Risk Priority Number). Now here’s the key – your company can set thresholds for different RPN scores and apply the standard traffic light system (Red, Yellow or Green) to ranges.

For example, Green could be from 1-9, Yellow 10-27, Red 28-81. So when you see reds, you’ll know which aspects of the process need to be addressed first.

Overall, PFMEAs can be long-winded and take time, and in most cases I’ve used generic PFMEAs to cover operations that tend to repeat themselves, only reviewing and scoring the methods that are unique to the stage you’re assessing.

Risk Management in Practice

What I’ve found most beneficial is involving cross-functional teams when conducting risk assessments. Having perspectives from engineering, production, quality, and even customer service can reveal risks that might be overlooked by a single department.

Implementation and Documentation

Once risks are identified and assessed, proper documentation becomes critical. Companies should maintain a risk register that tracks:

• Identified risks and their RPN scores
• Assigned mitigation actions
• Responsible personnel
• Due dates for implementation
• Verification of effectiveness

Continuous Improvement

Risk management isn’t a one-time activity. The most successful organizations implement a cycle of continuous improvement where risks are periodically reassessed. Changes in processes, materials, or even regulations can alter the risk profile.

Communication and Training

Lastly, ensuring all stakeholders understand the risks and mitigation strategies is essential. Regular training sessions and clear communication channels help embed risk-awareness throughout the organization. This cultural aspect of risk management is often overlooked but is crucial for long-term success.

Remember that while tools like FMEA provide structure, effective risk management ultimately depends on the expertise and judgment of the people implementing it.

Want to know more about risk managing tools? then I recommend HBR

---