Introduction
Risk-based criticality assessment is often a waste of time. It’s more of an academic exercise than a practical solution.
Many people advocate for criticality assessment because you “need to know your critical assets“. When you read articles, books, or LinkedIn posts around reliability, it seems that using criticality is a given. They would say that as an organization, it’s essential you identify your critical assets, often through risk-based criticality assessments, so you can properly prioritise your work.
Now that makes sense.
But the reality is, in most organizations, risk-based criticality is handled poorly and often ends up being a waste of time.
Now before we jump into the details of why that is, let’s get some definitions straight, so we’re talking the same language.
And let’s start with a really basic question.
What is a Critical Asset?
If you jump into the highly popular ISO standard for Asset Management ISO 55000, it will state the following:
“A critical asset is an asset that has the potential to significantly impact the achievement of an organization’s objectives”.
It then continues to explain that criticality can come from different angles. It can be seen as safety-critical or environmental critical or performance-critical.
And that could relate back to Legal regulatory or statutory requirements.
Critical assets can also refer to assets necessary to provide services to critical customers. Asset systems can be distinguished as being critical in the same way as individual assets so we can take groups of assets and deem in critical or individual assets and demons are critical now.
Identifying Critical Assets with Risk-Based Criticality
So now that we kind of know what a critical asset is, how do we determine which of our assets are critical? If you delve deeper into the ISO standards you come across ISO 55,002 which states that
“You can use a risk ranking process to determine which assets have a significant potential to impact our ability to achieve our objectives”.
In other words, you can use a risk ranking process to determine which of your assets are critical. Now there is an ISO standard on risk management and that is ISO 31000.
ISO 31000 states that risk = likelihood x consequence.
So, we combine the likelihood of an event with the consequence of an event to give that event a risk ranking.
We typically use a risk Matrix to do this.
Why Risk-Based Criticality is a Waste of Time
This is where things get messy.
This is where risk-based criticality assessments become a waste of time. The process requires extensive time and resources.
That’s because the process of conducting a criticality assessment is almost always described as a risk-based assessment process where you assess the consequence and likelihood of failure.
This becomes a MASSIVE amount of work because in essence, you’re now doing a (partial) FMEA. When in fact most of your people already have a pretty good idea what your critical equipment is.
What’s worse is, this massive amount of effort is not paid back later. And so, this undermines the perceived value of reliability approaches.
(especially by leadership who only see a lot of busy-work with no ROI)
Case Study
I remember this story of Joe “egg-on-my-face”…
‘Joe’ (not his real name) was in charge of an RCM program at a large-scale industrial plant in the US for which they had engaged a large consultancy.
The first step of the project involved a risk-based criticality analysis of all the systems and equipment in the plant.
This was an ENORMOUS task due to the scale of the plant.
For over three months, more than $150,000 was spent on workshops and creating the detailed criticality analysis.
But when Joe was asked by the leadership to show the value from this initial investment, he struggled.
All he had to show for were detailed analyses that showed that ‘this equipment is more critical than that equipment’.
“Well, yeah… we kind of already know that”.
The project was stopped.
Joe told me he looked really bad in his organization.
He felt like he had ‘egg on his face’.
And he felt like he had damaged his career.
Because his team spent a lot of time, money, and effort doing all that criticality analysis upfront. And they did it in a very complex way And got no clear value from that initial phase. The consultancy they had engaged should have know better, but they had planned a large multi-year improvement plan with most of the value being achieved at the end.
Classic approach, but plant leadership didn’t have the patience and trust to let it run after the first $150k yielded no clear value.
They saw it as a waste of resources.
This story highlights the pitfalls of risk-based criticality assessments.
It’s so much work that it is usually not worth it.
What to do instead
Here’s what I suggest you do instead:
Just keep it simple. Look at the worst-case consequence and use that for your criticality. For example, if a piece of equipment could take out the whole plant upon failure, then that piece is considered highly critical.
Conduct single dimension criticality assessment (i.e. just focus on consequence). Because the 2nd dimension of likelihood adds a massive amount of extra work and that likelihood is not static over time, but we use it as a static value.
Move your risk assessments into your work management process. This is where you can risk-assess new work requests based on the condition of the plant.
Don’t do a criticality analysis for your whole plant in one go. Do it by sections. Instead, identify the biggest problem area and perform a criticality analysis there, linking it directly to your RCM or FMEA.
Listen to your engineers and technicians. Chances are, they already know what equipment is critical. They know that if pump X goes down, this is the consequence. Use that information to get a rough criticality analysis very fast without looking at a lot of extra detail.
Risk-based criticality assessment is something I talk about in greater detail inside our course, PM100: Developing and Improving Preventive Maintenance Programs. Inside this course, I also discuss more practical approaches that your team can execute to assess your criticality.
