In order to increase the effectiveness of risk-based asset management, pipeline companies require a solution for modeling integrity threats with potential safety and environmental consequences in measureable units. A quantitative model offers the ability to not only prioritize assets for spending on mitigation, but also to identify which are in need of mitigation. When a company is able to estimate its exposure to risk using real units of measure, such as incidents per year and dollars per incident, it is then possible to identify which assets are above the company’s tolerance for risk and make better decisions about spending than the competitors can.
It is recognized that purely quantitative models have a number of advantages over indexed, or relative, models. Managing a risk model becomes easier, as the model is easier to calibrate and discuss when the results are in real, tangible units. It is also easier to disseminate the risk data to business users across the enterprise. With a quantitative model, discussions can occur around actual failure rates and actual costs, as opposed to how severe things are on an abstract, relative scale. Quantitative models lend themselves to greater consistency of results across different field offices and types of assets. Most importantly, as mentioned above, it makes it possible to not only decide which assets are more important to mitigate than others, but also how many require mitigation at all.
Quantitative models can present challenges in development. Numeric equations for calculating rates of failure often rely on inputs which may not be available. Subject matter expert can cloud the transition and make the process overly complicated. Although it is possible to create empirical equations independent of established industry models for threat behavior, in many cases, there is not enough data available to infer relationships between available inputs and failure rates. As the risk model changes from reporting to scores to reporting in units (e.g. number of fatalities), this may cause some apprehension for legal and management; some education may be necessary to overcome this. It is also important to note that the added complexity and uniqueness of the model may stretch the capabilities of the current IT and software infrastructure supporting the legacy risk model.
The focus of this paper is to outline an approach to making the transition from an indexed or relative risk assessment method to an absolute, quantitative method. This includes strategies identified while attempting to convert various threat calculations, using inputs already being gathered for the existing model. The paper will conclude with some challenges, lessons learned, and ways to identify future recommended improvements.