Analyses for risk are as from 2013 a new mandatory element in the EU ETS emissions monitoring framework.
Installations with low emissions excluding, the results of the final risk assessment must submitted as supporting documentation to the competent authority when approval of the monitoring plan is requested by the operator.
Strictly speaking in the above situation to the competent authority must be submitted “the results of a risk assessment providing evidence that the proposed control activities and procedures for control activities are commensurate with the inherent risks and control risks identified”.
There is available the specific Guidance document on issue.
From the operators point of view the fundamental point when it comes to risk analysis is the distinction between the “inherent risk” and “control risk”. The legislative definitions of these terms originating in the M&R Regulation are usefully translated into the common language by the above Guidance document by explaining that the inherent risk mirrors the fact that monitoring is carried out by human beings, and that therefore errors can simply happen.
In turn, the control risk reflects the quality of the control system and should at least include:
(a) quality assurance of the measurement equipment;
(b) quality assurance of the information technology system used for data flow activities, including process control computer technology;
(c) segregation of duties in the data flow activities and control activities as well as management of necessary competencies;
(d) internal reviews and validation of data;
(e) corrections and corrective action;
(f) control of out-sourced processes;
(g) keeping records and documentation including the management of document versions.
Other types of risk i.e. the detection risk and the verification risk are on the part of the verifier rather (overall verification risk being the overall result of the first three).
The M&R Regulation and the above-mentioned Guidance Document established the general framework and specific rules for risk analyses in the context of emissions monitoring which may appear burdensome and superfluous for the technical personnel involved in the daily operation of the installation, however, it is noteworthy that industrial standards are even more robust and complex when it comes to general risk-assessment methodologies.
The element of these best industrial practices, which the M&R Regulation and the above-mentioned Guidance Document does not mention is for instance the requirement to designate the specific “Risk Owners” for each identified risk in the overall monitoring scheme at the installation level.
This concept has some merits, in particular identifies the single post (person) to which the responsibility for managing the specific risk is assigned. The other tasks and responsibilities of these persons include:
a) risk identification and assessment,
b) the design and realisation of the risk-management strategy,
c) monitoring for risk as well as overseeing the risk-management efficiency,
c) submitting the relevant risk reports,
d) managing the risk in a way allowing to achieve targets within the established thresholds.
Another useful tool in the general risk management systems which can be successfully applied also for monitoring purposes is the Risk Chart.
The Risk Chart serves the purpose of preserving the information on a given risk and contains in particular the following data:
a) the risk designation and categorisation,
b) the risk owner,
c) the most often occurring effects of the risk materialisation,
d) values set for the risk parameters, as KPI (key performance indicator), KRI (key risk indicator),
e) description of the risk current risk infrastructure, strategy and actions for managing the risk,
f) risk probability and impact before and after applying the risk-management strategy,
g) assessment of the adequacy of current risk-management strategies and actions,
h) description of the actions planned.
Maintaining and updating the Risk Chart for the given risk should be the responsibility of the Risk Owner, however, this is the issue of the specific ERM (Enterprise Risk Management) scheme whether the Risk Committee is established and what endorsements are required at the Risk Committee level.