can easily set the basis for a more structured reasoning, regardless of the field of application. In every field of technology, risk has causes, consequences, and control measures (preventive and mitigative), which are generally referred to as “barriers” (the Swiss cheese slices from Reason).
The operation or non‐operation of control measures affects the level of risk over time and the non‐operation (or failure of a barrier) is in turn a function of a number of aspects: maintenance, information, training, calibration, and so forth. This allows the use of the paradigm to also support the management system.
By analyzing data relating to negative episodes (accidents, if we are talking about safety) it is possible to understand what the failed barriers are, how they link together, and, therefore, the causes of failure, facilitating the analysis of the root causes.
This approach can also be extended to ordinary fire prevention.
The application of this technique makes it possible to analyze a pool of fire scenarios considered representative and sufficiently exhaustive of fire safety risks. Each scenario can be characterized both in probabilistic terms and in terms of dynamics and potential direct and secondary effects (domino effect) on safety.
Starting from the description of the building under assessment, the procedure identifies and characterises the most representative fire scenarios both in terms of causes and effects (the two wings of the bow tie) and then guides the definition of the fire prevention strategy, as it highlights the most critical technical systems identified in the design phase.
In fact, the analysis with the Bow‐Tie method (supplemented by a quantitative assessment for the definition of independent protection levels and for the estimation of the probability of failure) can integrate the risk assessment according to the flow referred to in Section G of the Ministerial Decree of 3 August 2015.
Preface 6
Damiano Tranquilli
HSE Manager, Grandi Stazioni Rail S.p.A., Ferrovie dello Stato
In our everyday experience, each of us faces choices and decisions and implements actions that are carried out in direct interpersonal relationships or more widely in the context of our social relations.
They may be instinctive or almost‐instinctive choices, due to experience or volition or because, perhaps based on the limited scope of the effects, we believe that we can achieve them regardless of the consequences.
They can be the object of longer meditation because they are considered important or directing with respect to our personal sphere or in the economy of our relationships and because according to our way of being, perhaps also because of the conditioning of experience and training, we can be more or less inclined to reflect on our actions.
Even if with different intensity and purpose, in retrospect, we often find ourselves reconsidering choices, decisions, and actions that we are going to rethink for mere attitudinal inclination or for having to manage effects and consequences not initially foreseen.
In the same way we collect our experiences and, even if in the perspective of the different individualities of each one, we consolidate a meaning that informs our further choices, in the orientation of the decisions or in the ways of their implementation, even if only to “not do it again”!
In other words, we can say that risk management goes naturally alongside the complexity of our actions, taking shape and consistency according to our individuality.
We may be more inclined to analyze and weigh choices in a preventive manner or be more instinctive and strong‐willed in acting, and perhaps more skilful in correcting our actions in progress.
One may want to try a certain action, regardless of any consequence, and accept the risk of having to react to the effects to the point of fatalistically trying one’s luck.
In any case, in the organic unity of our cognitive process, risk management is an intrinsic component; the way we manage it characterises each of us, partly as a consequence of our way of being, partly as a result of our experiences.
The above considerations should, however, lead us to further reflection.
If, in fact, the risk management of our actions appears almost immediately associated with our actions in individual unity, the analysis of the process is much more complex than the organizational, decision‐making, and operational processes of a positive organization, which, regardless of the relative degree of complexity, constitutes the sum, and not necessarily the synthesis, of multiple singular processes.
The risks that affect organizations relate to the different profiles in which the organization’s actions are structured.
Let us consider, for example, the organizational and decision‐making profile that inevitably influences the body’s actions.
From this point of view, think, for example, of the possibility that technical and commercial skills and responsibilities may be allocated to different parts of the organization.
In fact, this is a possibility frequently found in social and economic realities which corresponds to the need, which can be absolutely shared, for specialisation in decision‐making and operational processes.
Nevertheless, however, it cannot but be noted that this articulation necessarily corresponds to the risk that the maximization of revenues, on the one hand, and the comprehensible minimization of technical criticalities, on the other, may determine a functional imbalance with the risk of polarizing processes and preventing organizational balance and decisional synthesis if it is not mitigated through specific processes or internal coordination functions.
Still at an organizational level, a similar risk condition can be seen in organizations whose complexity is accentuated by relationships and constraints between bodies.
Consider, for example, a company subject to the management and control of another company/entity, perhaps within a more widely articulated group.
In this case, the management policies and objectives dictated by the parent company significantly influence the choices, decisions, and actions of the subsidiary, which nevertheless remains autonomously responsible in its legal subjectivity.
It is evident how, in the case in question, the condition described would end up accentuating the internal imbalance in the process of synthesis of the subsidiary’s business decisions with the consequent repercussions on the operating processes and the management of related risks, making it necessary to strengthen the internal control systems from a preventive and corrective point of view.
Moreover, the rise of responsibilities on the parent company in the regulations on organizations subject to the management and coordination of other entities, determines for the parent company an additional risk that can be mitigated only by harmonising the decision‐making processes between entities in a bidirectional manner.
In other words, if human subjectivity, at least in power, is naturally able to synthesise experiential and formative stimuli by widely adapting the different profiles of its action, the same process is not as natural in organizations.
In the first instance, it is necessary to frame risk management in an integrated manner within company processes and to understand its instrumentality with respect to the achievement of objectives and therefore the creation of value for the organization.
To this end, risk management
