Skip to main content

Operations Risk Management

How Technology Transforms Operational Risk Management for Power Generation and Utility

Author Bob Hooper

For power companies, managing risk is always a top priority. It’s one of the first things on a plant manager’s mind when they arrive at work in the morning and the thing that keeps them up at night – particularly right now, when pressure on the industry is mounting. That’s why operational risk management – or ORM – has become central to every organization’s strategy. But a good ORM strategy has to overcome one intimidating foe: complexity.

Anyone who has ever worked in a plant knows that managing operational risk is multifaceted. Most incidents and accidents can’t be traced back to one singular cause; they’re always the effects of a series of near misses, occurring one after the other.

Multiple layers of protection against risk are required to protect the health and safety of our teams and communities. However, the more complex operations become, the harder it is to anticipate and address all potential risk contributors.

That’s why power generation, transmission & distribution companies are increasingly turning to new technology to help them ensure they are covered from every angle.

The human factor introduces risk and disrupts procedures

No matter how far technology evolves or how many different processes and policies you institute, one factor can always throw a wrench into your carefully laid plans: people.

People forget things. They lose concentration. They may take a shortcut to save time. Some may need help understanding how to follow procedures correctly or use their tools and technology the right way.

For example, a common procedure states a machine must be turned off at the breaker and Lock Out - Tag Out (LOTO) applied before servicing begins. However, at some plant anywhere in the world, you can bet someone will skip that life-saving practice and endanger themselves and others regardless of the formal training they may (or, in some cases, may not) have received. Nonetheless, the human element naturally adds a layer of risk and complexity. As such, human error can play havoc with your total recordable injury rate (TRIR) and risk management program compliance.

And that’s just internal personnel. The inherent unpredictability of human nature also makes it harder to predict how external factors could present risk to your organization; such as significant weather events, the threat of cyber-attacks on your control systems and supply chain difficulties.

It’s becoming increasingly common for criminals to attack electrical grids, both physically and in cyberspace, causing major disruptions. In 2022, the Department of Energy recorded 163 reports of electrical incidents and disturbances caused by vandalism, physical attacks, or “suspicious activity.”

Some of these incidents were targeted sabotage; some were simple vandalism and others – like thefts of copper – were spurred by financial motivations.

It’s hardly surprising that electrical grids have become a favored target. Physical protections that ensure the safety of the grid’s infrastructure are aging, along with the legacy systems that defend them from cyber-attacks.

This is where the challenge truly lies; accounting for human nature means trying to predict how, when, where, and why people both inside and outside of your organization are going to act. And you can guarantee that, as soon as you relax your guard, people will find a new and creative way to introduce risk.

Protecting the grid is now a government priority – a 2022 Department of Energy Federal Notice of Intent called for modernization and reinforcement of the grid, saying that “aging infrastructure leaves the grid increasingly vulnerable to attacks.”

But there’s no national strategy for managing external threats to grids. It’s up to individual states – and on some level, individual plants – to ensure they’ve taken all the necessary precautions.

That’s why risk identification is a huge component of ORM; companies need to consider where risk could arise at every single stage of every process, so they can build a risk mitigation strategy covering all bases. That means trying to account for something that’s inherently unpredictable: human behavior.

It also means that any ORM strategy needs to be tailored to human nature. In the real world, the processes you introduce should be easy for real people to follow. That means taking time to make every step – from documenting faults to accessing training documentation – as simple as possible.

ORM strategies that counteract this challenge should consider the following:

  • Processes and procedures – Look for technology that makes it easy for everyone to access the information they need, follow correct safety procedures accurately, track actions and incidents, share information, validate their compliance and check the compliance of others.

  • Training – Provide team members with extensive training on best practices when using your equipment and moving around your plant. Make sure to tailor this training for your team; younger team members won’t be satisfied with a manager who leaves them alone to learn on the job or hands them a book and tells them to read a certain chapter. They want detailed, expert advice and training delivered in an up-to-date manner. You’ll also need a way to keep close track of each team member’s certifications and progress through your training scheme.

  • Hiring – Fail-safes and safety processes are essential but don’t provide the full picture. Accounting for human error also means carefully selecting what kinds of “human natures’ make up your company. Your ORM strategy should consider how it will help you screen out candidates who are likely to break the rules, take unnecessary risks and introduce uncertainty.

Of course, all of these elements need to be combined with other aspects of your ORM strategy, like process improvements and automation. But if you can’t nail down the human element, the rest of your strategy doesn’t have a hope of succeeding.

How does technology alleviate this issue?

  • Use an operations management system (OMS) to digitalize everything from employee handovers to shift logbooks. Remember, we want to make working safely as simple and foolproof as possible. Look for an OMS that is available in app form, so that employees can access the information anywhere. The best solutions also allow you to rapidly filter data, so your people can find what they’re looking for faster. This kind of ease and access is excellent for operations discipline; when information is shared freely and effortlessly, you remove many of the barriers that stop people from doing the right thing in the right way every time.

  • Invest in a knowledge management system that makes process documentation, equipment manuals and training content more accessible. This way, your people won’t have to rely on memory alone to ensure they’re following best practices; they can double-check a process or troubleshoot an issue without having to pause work and return to the office. This makes it far less tempting to “make it up as they go.” Further, the “approved” procedure that has been thoroughly vetted should be available to the user immediately – and accessible wherever they need it on their mobile device.

  • Use an asset management system to make sure everyone is kept up to date on any machine faults or maintenance schedules. With this information available, no one puts themselves (or one of their colleagues) at risk by trying to use a piece of broken equipment. The asset management system should allow for robust and accurate planning and scheduling. Your asset management system is also the repository for repair history and preventive maintenance tasks that have or have not been completed. This type of information is crucial to the study of reliability and its subsequent improvement.

Gaining visibility into your compliance can be challenging

On the surface, it seems simple: comply with local or national safety regulations like OSHA’s LOTO procedures, RAGAGEP, ISO 55000, or any of the myriad of other H&S requirements that affect your plant, and you’ll be covered against most kinds of risk.

Not only that but you’ll also be protected from the indirect risk of fines and legal action that can arise from non-compliance.

The trouble is that plants are complicated places – and there are plenty of areas for non-compliance to hide.

Without a detailed overview of your operations – all your equipment, your processes, and your people’s responsibilities, qualifications and training – it’s difficult to gauge whether you’re fully compliant. It’s very easy for minor issues to slip through the cracks and lurk unnoticed until a disaster occurs, or the regulator comes calling for an inspection.

It’s even more challenging to gather the data needed to prove your compliance. Particularly when the documentation needed to check and improve your compliance – from logbooks to training certificates – is scattered across your business, saved in multiple formats, and impossible to search through effectively.

This applies to every area of compliance, not just safety; for example, without proper visibility and control, it’s easy for emissions to creep up unnoticed, which can interfere with your environmental compliance.

How does technology make it easier to manage this risk?

  • Create a digital twin to visualize your operations and make process documentation easily accessible. The best digital twins can handle all types of data formats, from PDFs to AutoCAD® and 3D models. They can also be updated in near-real-time using performance data gathered by alarm management systems, boundary management systems, control loop monitoring and tuning systems, and Independent Protection Layers (IPL). With everything compiled in one place, you can see the full picture – and share with the regulator – without spending hours trying to pull together information from different sources. And near-real-time data feeding into your system allows you to be faster, more agile, and more equipped to identify risks to your ongoing operations early on.

  • Use an operations management system to digitalize logbooks, handovers, and near misses so it’s easier to keep track of the data required by regulators.

It isn’t easy to justify capital for process improvements

It’s easy to think of reducing risk as an exercise in avoiding loss; it’s not so much about gaining anything as it is about avoiding negatives like injury, lost production, reputational damage and fines for non-compliance.

Steering clear of those things is a powerful motivator. That’s why it’s easier to win a budget for things like protective equipment, projects and training that clearly fall under the banner of “safety.”

But it’s often harder to secure investment in proactive process improvements which improve long-term safety but aren’t necessary to remain compliant.

To overcome this, the industry needs to adapt its thinking. Because process improvements that improve safety almost always improve productivity and efficiency too.

Developing a proactive maintenance mindset, for example, doesn’t just improve your mean time between failure (MTBF) and reduce the amount of time maintenance teams need to spend on potentially dangerous repairs. It also increases the lifetime of your equipment, reduces the number of work hours required by the maintenance team and cuts down on the amount of budget spent on avoidable repairs.

How can technology help mitigate this challenge?

digital twin doesn’t just help you manage compliance; it also makes finding and validating data much faster, which means less time wasted and better, more data-driven decisions. This kind of visibility makes it easier to demonstrate how process improvements will have a knock-on effect on safety and vice versa.

ORM technology: Cutting through the complexity

The power generation and transmission and distribution industries are going through an exciting time.

Demand is growing. New forms of energy are gathering momentum. Ways of working are evolving.

But this evolution only makes managing operational risk more challenging and implementing new ORM strategies is tougher than ever.

To keep your people and the public safe, you need tools to help you navigate that complexity – protecting against every form of risk from every angle – without losing sight of the big picture.

Where should you begin?

In our webinar, “Smart Digital Reality™: Solutions for the Industrial Facilities,”, we explore the crucial role of data, technology and digitalization in managing operational risk – and explore how the right strategy can help you:

  • Improve asset reliability and availability,

  • Reduce maintenance costs,

  • Reduce compliance, risk management and investigation efforts,

along with a host of other benefits that are helping power and utility companies transform their approach to risk.

Are you ready to revolutionize your ORM? Contact us to learn how we can help.

About the Author

Bob Hooper is a senior industry consultant at Hexagon with a successful track record in the development and implementation of operational excellence, lean manufacturing and reliability programs within the oil and gas, chemicals and consumer products industries. His areas of expertise include program management and change management, and he specializes in helping customers understand the intricacies and applications of a variety of digital technologies.

Profile Photo of Bob Hooper
More Content by Bob Hooper