Technical Competency 1.3: Technical Risk Management in Engineering Practice

Engineering is a profession entrusted with a significant level of public trust – a privilege that comes with the obligation to ensure public safety and well-being in everything engineers do. Engineering demands conscious awareness of risk management, as every aspect of the profession involves assessing and mitigating potential hazards. From the earliest stages of design to the operation and maintenance of complex systems, engineers must carefully evaluate technical risks, weigh alternative solutions, and implement measures to ensure reliability and safety. Technical Competency 1.3, which is part of the Competency-based Assessment (CBA) Framework focuses on engineers ability to analyze technical risks and offer solutions to mitigate the risks. This article provides an overview of competency 1.3, defining each component through practical examples and providing guidelines for demonstrating your competency in your P.Eng. licensing application.

Description of Technical Competency 1.3:

 Technical competency 1.3, as outlined in the Competency-based assessment (CBA) guidelines published by most Canadian professional engineering regulators using the 34-competency framework, is as follows:

“Analyze technical risks and offer solutions to mitigate the risks.”

The other regulators that use the 22-competency framework, such as APEGA, Engineers Yukon, and NAPEG, define this competency as follows:

“... ability to identify and mitigate risks that affect the technical aspect of the project. You must differentiate between risk and safety….”

Concept of Technical Risk:

Technical risk refers to the possibility of unforeseen events that may lead to a failure to meet specified requirements. These events can manifest in various ways, including system or equipment malfunctions, compliance or safety issues, as well as financial or scheduling repercussions. In most industries, technical risks are characterized by two key parameters as shown in the equation below: i) Frequency (F), which indicates the likelihood of these unforeseen events occurring, and ii) Impact (I), which denotes the severity of the consequences on performance should the events take place.

Technical Risk = Frequency (F) x Impact (I) x [Detection (D) x Velocity (V)]

While the above formula represents the simplest definition of risk, other parameters may also be added to bring a specific industrial context. For example, in mission-critical industries, the third parameter, called Detection (D), is added to demonstrate a potential issue's detectability before it transforms into an actual problem (MIL-STD-338B, 1983). For instance, in oil refineries, instrumentation analyzers, such as gas chromatography systems and infrared detectors, continuously monitor the possible leak of hazardous gases like hydrogen sulfide (H₂S) or methane. These gases, often present in crude oil processing, pose severe safety risks due to their flammability, toxicity, or potential to form explosive atmospheres. The analyzers are configured to trigger alarms when gas concentrations exceed pre-set thresholds, enabling operators to isolate affected areas, activate emergency systems, and prevent catastrophic events. By providing real-time, highly sensitive data, these systems enhance the detectability of early warning signs, reducing the likelihood of escalation to hazardous conditions.

Similarly, a parameter called Velocity (V) may also be added to determine how quickly the effects of a risk unfold (onset speed) once it occurs, thus providing helpful direction in defining effective risk management capabilities. For example, in power transformers, dissolved gas analysis (DGA) monitors the presence and growth of certain fault gases, such as hydrogen, methane, and acetylene, which indicate issues like overheating, arcing, or insulation breakdown. By tracking the gas generation rate and analyzing the relationship between gas production and transformer loading, operators can evaluate the velocity of risk evolution. For instance, a rapid increase in acetylene concentration might indicate a high-energy fault requiring immediate shutdown to prevent catastrophic transformer failure. Combining DGA data with load trends and operational histories allows engineers to establish predictive models, ensuring timely maintenance and risk mitigation strategies. Nevertheless, these additional parameters are often included with the common objective of gaining visibility into the evolution of systems or equipment from their current safe state to a future undesirable state.  

Guidelines on Technical Risk Management:

As defined by the flagship standard CSA ISO 31000:18 (R2023), the risk management process involves a coordinated set of activities that should be carried out periodically in sequence. Below are the steps:

1. Communication & Consultation:

The purpose of communication and consultation is to foster a shared understanding of the risks associated with an engineering project among all stakeholders. While typically initiated as the first step, this process remains integral throughout the risk management lifecycle. Ongoing dialogue ensures effective collaboration between internal and external parties, enables the exchange of critical insights, and provides an opportunity to reassess and adapt risk management strategies as conditions evolve.

2. Scope, Context, and Criteria:

This step defines the scope of the risk assessment, sets its objectives, and considers operational, regulatory, and/ or environmental conditions. It also establishes evaluation benchmarks, including safety thresholds, performance standards, and cost-effectiveness criteria, ensuring a comprehensive boundary of the risk management plan.

3. Risk Assessment:

Risk assessment is the central exercise in risk management, focusing on evaluating the uncertainty of unforeseen events and their potential impacts. It encompasses three critical components: risk identification, risk analysis, and risk evaluation. The risk identification stage systematically identifies potential technical hazards—such as equipment failures, design oversights, or material deficiencies—that may affect the project or public safety. Additionally, the process involves assessing both the physical and functional characteristics of unforeseen events, such as in the case of construction projects, the ability of structural components to withstand extreme loads or the impact of unexpected environmental conditions. To evaluate the likelihood and potential impact of each identified risk, various tools and methodologies—such as Fault Tree Analysis (FTA), Failure Modes and Effects Analysis (FMEA) (IEC 60812:2018), Monte Carlo simulations, and Finite Element Analysis (FEA)—may be employed. Historical data analysis, such as analyzing past project failures or industry benchmark processes such as Failure Reporting Analysis and Corrective Actions Systems (FRACAS) (MIL-STD-2155), can also offer valuable insights into risk patterns and probabilities.

4. Risk Treatment:

Risk treatment involves developing strategies to eliminate or mitigate identified risks, ensuring they fall within the tolerance levels established during the scoping stage. Multiple alternatives should be identified, evaluated, and compared to select the solution that delivers the most outstanding value while meeting the project’s objectives and stakeholder requirements. It is essential to recognize that the most effective solution may not always be cost-effective. The treatment plan should strike a balance that optimizes all the objectives identified through communication and consultation. Risk treatment strategies may include redesigning components, incorporating redundancies, selecting advanced materials, or enhancing quality controls. Each proposed treatment is carefully assessed for its technical feasibility, cost-effectiveness, and ability to mitigate the identified risks effectively, ensuring that the selected solution provides long-term value and aligns with the project's overall goals.

5. Monitoring and Review:

This step ensures ongoing vigilance through monitoring and review. It regularly assesses the performance of risk controls and adjusts them in response to changing project conditions or new information. This iterative review process continues throughout the project lifecycle and maintains alignment with safety and performance goals.

6. Recording and Reporting

Finally, recording and reporting activities document the entire risk management process, capturing insights, decisions, and outcomes. This documentation serves as a valuable reference for stakeholders and future projects, reinforcing transparency and accountability in engineering practice.

Figure 1: Risk Management Process ("Adapted from ISO 31000:2018, Risk Management - Guidelines, International Organization for Standardization.")

While this article doesn't delve into the specifics of each risk management step, engineers aiming to demonstrate competency should understand the order of these steps. In large projects, engineers may not be involved in the entire risk management lifecycle, but understanding the process is key to ensuring their contributions align with the broader framework and enhance the overall success of risk mitigation.

Technical Risks vs Public Safety:

While interconnected, technical risks and public safety risks are distinct in their focus and implications. It is crucial to demonstrate competency in understanding the nuances of addressing both objectives. Technical risks concern the potential failure or malfunction of systems, equipment, or processes, often evaluated within the context of meeting specific technical performance or operational requirements. These risks can sometimes be mitigated through re-engineering solutions, ensuring that technical requirements are met. However, mitigating a technical risk does not always necessarily enhance public safety.

Example # 1 (Electrical Safety)– 

Polychlorinated biphenyls (PCBs) in transformer oil, which has technical benefits such as improved electrical insulation properties and enhanced thermal stability, may reduce the likelihood of transformer failures. However, PCBs are highly toxic and pose significant environmental and health risks, making their use a severe concern for public safety, especially in leaks or accidents.  

Example # 2 (Automotive Safety) –

 In the automotive industry, using advanced lightweight materials like carbon fiber may enhance vehicle performance by reducing weight and improving fuel efficiency or electric vehicle range. However, while carbon fiber offers technical benefits, it may also introduce public safety risks. In crashes, carbon fiber can fracture into sharp fragments, posing a danger to occupants and emergency responders. Unlike traditional steel, which deforms predictably, carbon fiber's failure mode may result in hazardous debris. To mitigate this, design adjustments, such as reinforced areas or additional crash protection, may be essential to balance technical advantages with safety considerations. This example illustrates how innovations for improved performance may create new safety challenges that need to be addressed through comprehensive risk management.

Handling High-Intensity Low Frequency (HILF) Risks 

One key aspect of risk management is addressing High-Intensity Low-Frequency (HILF) events, which, though rare, can have catastrophic consequences. These events are often underestimated due to their low probability but can cause significant damage when they occur. Incorporating HILF risks into risk management strategies ensures resilience and preparedness for rare, high-impact scenarios.

 Example # 3 (Extreme Weather Planning) –

For example, climate change and its increasing frequency of severe weather events, such as hurricanes and storms, pose a growing HILF risk in electricity utility planning. Electricity grids must be designed to withstand these events, requiring infrastructure enhancements such as storm-resistant poles, underground wiring in vulnerable areas, and improved grid automation to restore power during outages. Properly accounting for these HILF events ensures the grid remains resilient and can maintain public safety despite unpredictable and extreme weather events.

Example # 4 (Vehicle Crash Management) –

Similarly, in the automotive industry, using lithium iron phosphate (LiFePO4) batteries improves the technical risk profile by offering faster charging rates and better cycle life than other battery chemistries. However, these batteries may introduce public safety risks, such as the potential for fire or thermal runaway, especially in the event of a collision or damage. These risks can be reduced by implementing reinforced battery enclosures, fire-resistant materials, and advanced battery management systems that prevent overheating and overcharging. Such additional engineering controls help balance both technical and public safety objectives, ensuring safer EV operation.

 Conclusion:

In conclusion, demonstrating technical competency in risk management requires engineers to be adept in applying risk management steps outlined in the article. Engineers must be able to assess both the technical risks that affect system performance and public safety issues that may arise, developing comprehensive mitigation plans. A key distinction lies in recognizing that while technical solutions address system failures, public safety demands a broader, more precautionary approach. The applicants should highlight their ability to manage these risks effectively, ensuring both professional integrity and public well-being in their licensing applications.