The Synergy and Accumulation Model for Analysis (SAMA): A Novel Approach to Transforming Risk Analysis in Construction with a Focus on the Deepwater Horizon Disaster Case

Abstract

Risk analysis is critical for preventing catastrophic failures in complex systems, as exemplified by the Deepwater Horizon disaster, a stark reminder of systemic vulnerabilities in offshore drilling operations, where inadequate appraisal of overlapping failures led to severe environmental and human losses. This study addresses the absence of a predictive framework capable of capturing cumulative risk interactions across both time stages and defensive layers. To fill this gap, and by drawing on prior frameworks such as the Swiss Cheese Model (SCM) and the Risk Matrix (RM), as well as critiques of their limitations, we introduce the Synergy and Accumulation Model for Analysis (SAMA). This model defines project life-cycle stages and risk recipients, characterizes each risk by four parameters (the focus of impact, suddenness, frequency, and effectiveness), and calculates horizontal (RF_h) and vertical (RF_v) risk factors. We applied SAMA to fifteen identified failure modes of the Macondo well, categorizing them across two time stages (operational and construction) and four defensive layers. Horizontal analysis revealed that the regulatory-laws layer accumulated the highest risk factors, RFh_1laws = 129.25 during the operational stage and RFh_2laws = 95.98 during the construction stage. Vertical analysis showed that the safety objective experienced the greatest systemic vulnerability, with RF_vsafety = 135.8 across ten overlapping risks, followed by the quality objective at RF_vquality = 128.39. These findings demonstrate SAMA’s enhanced capability to identify critical collapse paths often overlooked by conventional models. For researchers, SAMA offers a transparent, parameter-driven methodology applicable across engineering and construction domains. For industry stakeholders, regulators, project managers, and safety engineers, this model provides actionable insights to prioritize resource allocation and strengthen specific defensive layers, thereby enhancing both preventive planning and resilience against future disasters.

1. Introduction

Accidents occur when control over risks is lost and can stem from deficiencies in the defense system, noncompliance with regulations, unsafe behaviors, or unforeseen circumstances [1,2]. The scholarly consensus affirms that accidents occurring within complicated systems result from a series of interrelated factors, their amalgamation giving rise to risks and subsequent accidents within them [3].

Consequently, accident and risk factors within systems can be classified into two primary categories: (1) Human factors, which often serve as the root cause of major accidents or are linked to their causation [4], and (2) Factors encompassing system tracking and policies, wherein the influence of challenges of the physical, political, and economic work environment becomes apparent, alongside inherent vulnerabilities [5].

The literature emphasizes the significance of classifying and organizing risks. Such endeavors help direct efforts and resources toward addressing the following with their prioritization and consequences [5].

The advancement of techniques across all industries has led to the introduction of multiple variables and standards in the domain. Consequently, scholars concur that the complexity of projects positively correlates with the level of uncertainty involved [6]. As a result, difficulties have intensified in estimating the requisite variables for risk analysis and management and comprehending the interconnectedness and interdependence among transactions and variables. These concerns have become a source of apprehension for risk management professionals and project managers alike [7].

This line of contemplation assumes a pivotal role within the present article, as it underscores the necessity of dissecting risks based on their impact on essential resources or the entities referred to as recipients of risks. This analytical framework predominantly aligns with the discourse on resource study and management in engineering projects, specifically construction projects and other spheres of public administration within diverse high-risk industries. Additionally, this approach emphasizes the component influenced by the risk, namely the recipients of risks, rather than solely focusing on the risk itself.

Several models exhibit deficiencies in integrating human and system interdependencies among the existing array of approaches. Furthermore, these models confront substantial obstacles in effectively addressing the dynamic systems, encompassing the dynamic interplay of internal system dynamics, software architectures, various process variables, and the key human dimension [8]. For example, post-occupancy evaluation (POE) offers a framework for integrating user feedback into building performance and management, enhancing the overall system effectiveness [9,10]. A primary challenge encountered in safety, risk prediction, and risk analysis is the absence of a comprehensive model encompassing the desired attributes within these disciplines. Accordingly, the principal objective of this article is to introduce a novel semi-quantitative model for risk analysis that aspires to tackle the amalgamation and accumulation of risks. Initially, this model will be tailored to serve the field of construction risk analysis. Subsequently, it will be linked to other management domains under construction management’s umbrella.

According to Eccleston and Doub [11], risk assessment can be defined as the systematic procedure of identifying, evaluating, accepting, avoiding, and managing risks. Hence, a crucial aspect of risk analysis lies in selecting a model suitable for risk assessment [5].

In recent years, the construction industry has adopted more advanced risk assessment methods to deal with the complexities of modern projects. Although traditional methods are effective, they fail to capture the dynamic interactions and accumulation of risks over time. New approaches, such as graph convolutional networks, have been used to model construction safety risks better and to identify patterns in accident data. [12]. Monte Carlo simulations have been used to quantify risks and to account for uncertainties in probability and impact assessments [7]. Probabilistic digital twins have been developed to incorporate different sources of uncertainty in geotechnical design and construction processes to enhance decision-making [13]. Building on these advancements, the Synergy and Accumulation Model for Analysis (SAMA) introduces a dual-axis framework that captures both the temporal and structural dimensions of risk. By quantifying how risks accumulate and interact across different system layers and over time, SAMA is a comprehensive risk assessment approach and a new tool in the construction industry risk analysis toolbox.

The principal aim underlying the development of a systematic approach to risk management is to augment the efficacy of risk management practices by identifying and analyzing risk accumulation. The present study endeavors to accomplish this objective by subjecting two fundamental risk management models, the Swiss Cheese Model (SCM) and Risk Matrix (RM), to critical evaluation. Specifically, the research strives to address the primary criticisms and limitations associated with both models, with the ultimate aim of proffering a superior alternative in the form of the Synergy and Accumulation Model for Analysis (SAMA).

2. Literature Review

This article draws inspiration from two prominent frameworks: the Swiss Cheese Model (SCM) and the Risk Matrix (RM). A comprehensive examination highlights the limitations inherent in these models, motivating the development of an integrated approach.

2.1. Why RM and SCM?

A comparative study references substantial scientific articles and publications emphasizing various risk analysis and management models.

Table 1. Comparison table of the most popular risk analysis models.

The Method	The Standard Provided for Comparison
	Qualitative Analysis	Quantitative Analysis	Semi-Quantitative Analysis	Graphical Representation	Theoretical Representation	Focuses on One Risk	Focuses on a Group of Risks Together	Focuses on the System’s Risk	Focuses on a Person’s Risk	Explains the Intertwining of Risks	Difficult to Apply	Easy to Apply	Used in Construction Projects
Swiss Cheese Model	*			*			*	*		*		*	*
The Risk in Early Design (RED)	*				*	*		*			*		*
Event Tree			*	*			*	*	*			*	*
Fishbone Diagram	*			*			*	*	*				*
Fault Tree Analysis	*	*		*		*			*		*		*
Layer of Protection Analysis			*		*	*		*				*	*
Risk Matrices			*		*	*			*			*	*
Failure Mode and Effects Analysis	*				*	*		*			*		*

* Indicates that this standard is available in this model.

presents a detailed comparison of widely recognized risk analysis models as classified by referenced studies [6,14,15,16].

A review of Table 1 reveals that each model typically adheres to a specific analytical approach, lacking the flexibility to integrate multiple methodologies. Furthermore, an examination of reviewed scientific articles indicates that most existing models overlook time as a critical factor in risk identification. These models often treat risk analysis as a perpetual, iterative process, focusing on the repetition of newly identified risks while neglecting the inherent risks within the system.

Given the simplicity and widespread adoption of the Swiss Cheese Model (SCM) and the Risk Matrix (RM), along with the significant criticisms they have faced, synthesizing these models’ strengths became essential. From the comparative analysis presented, it is clear that these models complement each other’s shortcomings. This realization inspired the creation of a model that builds on their capabilities while addressing their known limitations.

Consequently, the proposed model aims to provide users with greater flexibility, more comprehensive results, and broader analytical methods within a unified framework.

2.2. Literature on the Swiss Cheese Model (SCM)

The failures often arise from interactions among various factors at each system level [3,17].

In his seminal work, Reason [14] introduced a model that employs slices of Swiss cheese to illustrate human errors and failures within defense barriers. The perforations in the cheese symbolize the weaknesses and gaps in the defense barriers [1]. Since its inception in the 1990s, this model has engendered a paradigm shift in safety sciences and accident studies [15].

Reason identified multiple causes for forming these perforations and their contribution to accidents or failures. These causes encompass inherent system conditions, including inadequate design, suboptimal procedures, insufficient training, and decisions made by human factors influencing the system [16,18,19].

Another pattern leading to the formation of these perforations is the presence of an active defect or failure that breaches one of the defensive layers within the system [20]. Notably, Reason et al. [3] emphasized that the consecutive alignment of perforations can give rise to accidents that jeopardize the system and its operations.

Nevertheless, Reason did not explicate the selection of the locations for these perforations or the mechanisms governing their opening and closure. He merely proposed preventive measures without delineating a mechanism or law for manipulating the occurrence and closure of the perforations [19,21]. The flexibility inherent in representing accidents through this model serves as a primary incentive for its utilization by numerous safety researchers across various academic disciplines [22,23,24].

Through an exhaustive examination of pertinent scholarly literature, a comprehensive compilation of key criticisms of the SCM was formulated, culminating in a structured inventory of critical aspects as delineated in

Table 2. Criticism of the Swiss Cheese Model.

Category	Source	Quotes
Criticisms related to the holes	[25,26]	Failure to locate cheese holes accurately—failure to determine the nature of holes and their interrelationships
	[3]	The holes’ location, cause, and change—the mechanism of aligning the holes—focus on barriers rather than risks.
Criticisms related to relationships and etiology	[27]	Failure to take into account the interrelationship between the causative factors
	[28]	Ignore the reasons behind the events
	[1]	Lack of understanding of causal links, regulatory, and local—over-general
Criticisms related to defenses	[29]	Inconsistency in defenses and their independence

below:

2.3. Literature on Risk Matrix Model (RM)

Risk matrices (RMs) are a valuable graphical tool employed for risk representation within the realm of safety science. The underlying framework of RMs utilizes a bitmap approach, relying on two fundamental components: probability and consequences [8,30,31,32]. Probability indicates the likelihood of potential consequences, with estimations derived from available information about previous or similar risks. This likelihood value is represented within a range from 0 to 1, effectively reflecting the existing state of uncertainty [33,34]. On the other hand, consequences pertain to the impact of risks on diverse objectives, wherein each objective possesses its unique level of urgency. For instance, in the context of preserving human lives, the consequences would manifest as the number of lives lost or injured [35,36].

This section provides an overview of the Risk Matrix (RM) limitations as highlighted in prior scholarly investigations. Cox [37] brought attention to the issue of RM ranges and central bias, wherein individuals tend to favor average values to avoid extreme responses—another concern, as noted by Thomas et al. [30], is the potential problems stemming from the color schemes employed in the Risk Matrix. Furthermore, the literature has extensively discussed the problem of inverting the order in the Risk Matrix, with researchers attributing this issue to erroneous calculations of risk consequences and probabilities [38]. Additionally, several studies have indicated that utilizing a Risk Matrix can result in misleading decisions, inappropriate resource allocation, and potential harm to organizations [31,38]. The following

Table 3. Criticisms of the Risk Matrix.

Category	Criticisms Related to Results				Criticisms Related to Estimates
Criticisms Source	Risk-Ranking Errors	Risk-Ranking Reversals	Accessing the Wrong Actions	Not Accounting for the Accumulation of Risks	Uncertainty in Estimating Probability and Consequences	Color Classification Problem
[37]	*	*	*		*	*
[30]					*	*
[39]					*
[40]					*
[41]					*
[38]		*		*
[42]		*
[43]		*	*	*	*
[44]			*			*
[45]	*		*		*
[31]			*		*

* Indicates that this Criticism is mentioned in this reference.

outlines a selection of criticism points raised in previous research:

2.4. Conceptual Framework

Drawing on the strengths and addressing the limitations of the Swiss Cheese Model and the Risk Matrix, we propose an integrated framework that (1) embeds cumulative risk interactions across distinct life cycle stages, (2) captures the vertical layering of organizational defenses, and (3) each risk is defined by four defining parameters (focus of impact, suddenness, frequency, and effectiveness). From these parameters, two complementary metrics emerge: horizontal risk factors (RF_h), which quantify how individual hazards accumulate over time, and vertical risk factors (RF_v), which measure the overlap of vulnerabilities across regulatory, technical, managerial, and human-behavioral layers. By unifying temporal progression with defensive layering, this framework synthesizes existing theories into a cohesive structure that guides the development of our hypotheses on stage-specific risk escalation, layer-specific collapse paths, and their joint influence on overall system failure potential.

3. Methodology

Through an extensive review of relevant scholarly literature concerning the Swiss Cheese Model and Risk Matrix, along with a thorough examination of the critical points presented in Table 2 and Table 3, the Synergy and Accumulation Model for Analysis (SAMA) aims:

To offer a methodical framework to elucidate the concept of overlapping risks;

To shift the focus of risk management from a mere interpretation and analysis of risk to the consideration of the risk recipient, SAMA aims to enhance the efficacy and applicability of risk management practices;

To mitigate uncertainties associated with the estimation of risk parameters, this goal is achieved by introducing novel parameters that draw upon the historical background of the risk and its corresponding consequences.

Ultimately, the primary objective of our novel model is to establish a robust connection between the outputs generated by the model and the outcomes of its analyses across various domains, encompassing comprehensive management in the construction industry.

These articulated goals serve as a foundation for developing the proposed model, which aims to address the limitations of previous approaches while providing a comprehensive framework for risk analysis and management.

3.1. Conceptual Theoretical Principles of SAMA

Our proposed model focuses on identifying essential conditions associated with overlapping risks to ascertain the most critical scenario. Specifically, we compile risks that impact a singular recipient within a specific time stage, subsequently evaluating the level of riskiness resulting from their overlapping and grouping. Moreover, the perspective of the individual responsible for risk analysis is considered a significant contributing factor. Figure 1 presents the mechanics underlying the SAMA workflow.

Detailed elucidation of the model is expounded upon in subsequent sections, which include three phases: inputs, processes, and outputs.

3.2. Input Phase

3.2.1. Developing the Basic Structure of the Studied Case

Within every risk analysis model, various organizational factors play a pivotal role in enhancing the model’s performance [46]. The Synergy and Accumulation Model for Analysis (SAMA) shares similarities with other established risk analysis models in this regard. To operationalize the model, the user first specifies the project’s temporal stages. Subsequently, within each stage, the pertinent individuals or entities responsible for assuming the associated risks are referred to as “defensive layers”. It is conceivable to allocate weight to time stages or defensive layers within the project, should such allocation be deemed essential for risk monitoring and the commensurate elevation of attention levels.

3.2.2. The New Definition of Constituent Risk Parameters

In light of the fact that each novel model introduces new parameters designed to align with the model’s application and contribute to minimizing uncertainty, a crucial question arises: Why do we confine the definition of risk to predetermined parameters? Is it not true that these parameters should be flexible options that users of the model can freely utilize, tailored to the specific requirements of their respective projects? In the ensuing section, we put forth a set of parameter recommendations that have been discerned through an extensive review of pertinent literature on the subject matter. We contend that these suggested parameters align aptly with delineating risks inherent to the building and construction management domain.

The second step determines the value associated with the consequences of risk. To circumvent this issue, we combine the influence of two factors that exhibit a direct proportionality to the consequences of risk. These factors are denoted as “the focus of the impact (F)” and “the suddenness (S)” see Figure 2, with respective ranges of [1, 10] and [0.1, 1]. A comprehensive breakdown of these factors is presented in

Table 4. Define new parameters, their description, and details of their value.

Parameter’s Name	Value from-to	Value Details	Description	References and Semantic Sentences
The focus of the impact	1–2.5	The effect includes a quarter of the statistical community or less	It indicates the extent of the impact of the risk on the studied statistical community, and it is left within a single or wide range	“The focus of the impact was on the procurement of …” [47] “It is found that the focus of the impact of housing prices and …” [48] “Which the main inductive focus of the impact belongs …” [49] “Strategic refers to the focus of the impact …” [50]
	2.6–5	The effect includes one-quarter to one-half of the statistical community
	5.1–7.5	The effect includes one-half to three-quarters of the statistical community
	7.6–10	The effect includes three-quarters of the whole of the statistical community
The suddenness	0.1–0.25	We are clearly alert to the occurrence of danger through warning signs	Indicates the extent of warning of the occurrence of risk through warning signs that warn of imminent risk	“Any suddenness in the later stages of the development system can …” [51] “The suddenness of impact in many disasters and the urgency …” [52]
	0.26–0.5	Warning signs can alert to the occurrence of danger
	0.51–0.75	There are warning signs, but they are not very clear
	0.76–1	There are no warning signs at all
The frequency	1–2.5	The frequency of the occurrence of the risk is less than the frequency mentioned in historical records	It refers to the frequency with which a particular risk occurs during a specified period. This is related to previous studies on the history of the risk and its impact on the statistical community studied.	Frequency spillovers between global Green Bonds (GBs), WTI oil, and G7 stock markets using the time–frequency … [53] performance with regard to the frequency of supply … [54] We provide a detailed application to multivariate high-frequency … [55] the expected frequency or predict the frequency … [56]
	2.6–5	The frequency of the occurrence of the risk is close to or equal to the frequency mentioned in the historical records
	5.1–7.5	The frequency of the occurrence of the risk is more than the frequency mentioned in historical records but less than twice that frequency
	7.6–10	The frequency of the occurrence of the risk is more than twice the frequency mentioned in historical records
The effectiveness	0.1–0.25	Risk exhibits a constant effect intensity during its repetition within one time period	Indicates the fluctuation of the intensity for this risk over one time period	Purpose To evaluate the effectiveness of a … [57] The effectiveness of current guidance and practice … [58] The study design was based on previous evidence for the effectiveness of … [59] Examining the effectiveness of risk elicitations … [60]
	0.26–0.5	Risk exhibits a little change in effect intensity during its recurrence within one time period
	0.51–0.75	Risk exhibits a variable effect intensity during its recurrence within one time period
	0.76–1	Risk exhibits a significantly variable effect intensity during its recurrence within one time period

.

A higher F corresponds to a greater magnitude of consequences. Similarly, a reduced level of S indicates more noticeable warning signs, subsequently reducing the risk’s consequences. The interplay between these factors can be mathematically expressed as Equation (1), yielding a range of consequences between [0.1, 10].

$$Consequences=F\ast S=[0.1,10]$$

(1)

The third step in the risk assessment process involves estimating risk probability. To enhance the accuracy of this estimation, a proposed solution is to incorporate two essential factors: frequency and effectiveness. Frequency, denoted as Fr, represents the number of repetitions for this risk within a specific timeframe (which may include the project duration or the investment period, at the discretion of the risk manager) and is taken from historical records of such risk. The range for Fr is defined as [0.1, 1]. On the other hand, the second factor, effectiveness, measures the extent to which risks influence the project’s original objectives, referred to as effectiveness, and is denoted as E. The range for E is specified as [1, 10], as shown in Figure 3. Further elaboration on these factors is provided in Table 4. Consequently, the probability of risk can be determined by multiplying the values of Fr and E, resulting in Equation (2):

$$probability=Fr\ast E=[0.1,10]$$

(2)

When a new risk emerges within a particular defensive layer and time frame, assessing its relationship with previously identified risks within the same context becomes crucial. Specifically, the team must ascertain whether these risks exhibit an overlapping relationship, if one’s impact encompasses that of another, or if their influences remain entirely distinct and unrelated. Answering this question is pivotal for ensuring a precise and comprehensive risk assessment and aids in identifying pathways of risk accumulation.

To enable a comprehensive tracking and analysis of risks, the team must establish the main objectives affected by each studied risk. Furthermore, they must determine the relationship type with other risks impacting the same objective. This information serves as a critical component in the vertical analysis of risks and informs the decision-making processes.

To support the validity and comparability of the risk factor calculations, the ranges of all parameters (focus of impact, suddenness, frequency, and effectiveness) are defined in a manner that normalizes their combined outputs within a final risk factor scale of [0.1, 100] [37]. Such bounds ensure a consistent mathematical structure and facilitate risk ranking across diverse projects and contexts. The lower bounds (e.g., 0.1 for suddenness and frequency) allow the model to account for minimal or rare risks. In contrast, the upper bounds (e.g., 10 for focus on impact and effectiveness) represent the most severe or influential risks. Without universal, exact thresholds, they are adjusted based on theoretical modeling needs and logical differentiation between low and high-risk scenarios. This range provides a practical resolution for analysis and ensures that risk values remain interpretable, scalable, and analytically tractable throughout the framework of SAMA.

3.3. Processes Phase

3.3.1. Horizontal Tracking and Analysis

By applying the previous stage, the model is configured to work. Subsequently, risks are introduced individually, carefully considering their interrelation with previously defined risks within the project. These risks are identified within distinct “layers”, representing defensive layers or recipients of risks across the project’s life cycle. To effectively manage these risks, it is crucial to thoroughly examine the collapse paths of each defensive layer and ascertain the most critical line of collapse by evaluating the accumulation of risks and their mutual impact. Subsequent sections will elaborate more comprehensively on the mechanism, overlay, and associated conditions and types. This methodology draws inspiration from the rupture patterns observed in bolted steel plates within steel connections, where the breaking line is determined based on the applied tensile forces, signifying the breakdown concerning the number of holes present in the slice.

Overlapping risks share several features, including temporal congruence and similar recipients of risks. They might also have conflicting effects. The expert’s perspectives and insights are valuable in establishing whether a given risk overlaps with or remains distinct from other risks. Subsequently, we present a comprehensive set of recommendations and restrictions to elucidate the underlying mechanism governing the phenomenon of overlapping risks:

• The horizontal analysis and evaluation of risks are predicated on identifying and assessing common risks during a specific phase in the project life cycle. This approach involves studying the impact of these risks within the designated stage, primarily focusing on their effects on project resources as recipients of risk. Consequently, the method facilitates the identification and cumulative impact of shared risks in terms of both temporal occurrence and resource utilization.
• The proposed model exclusively considers risks with negative implications while disregarding those associated with positive outcomes.
• For horizontal analysis, segmented objectives or any other suitable delineation that aligns with the project’s requirements may be employed rather than relying exclusively on resource-related considerations.
• Risks that manifest a similar impact can be grouped in the same risk path. Therefore, risks can be aggregated within a collapse paths mechanism when they affect a specific type of resource or recipient.
• The collapse path mechanisms shall be identified within each resource segment of a given project life cycle phase. Subsequently, the most optimistic and pessimistic scenarios are selected based on the following criteria:

  ○

  The highest horizontal Risk Factor (Max RF_h) determines the most optimistic scenario;

  ○

  The lowest horizontal risk factor (Min RF_h) determines the most pessimistic scenario.

Thus, the equation by which the horizontal risk factor “RF_h” for any horizontal risk path is calculated is as follows in Figure 4 and Equation (3):

$${RF}_h=\mathrm{f}\left({RF}_i\right)={RF}_1+{RF}_2+\dots +{RF}_{\mathrm{n}}$$

(3)

3.3.2. Vertical Tracking and Analysis:

The analysis commences by tracing the vertical trajectory within the model, adhering to the subsequent steps:

• The progression of the project, embraced by defensive layers or stages in the Swiss cheese model, necessitates an exact definition based on the project life cycle. If warranted by the project’s significance and magnitude, a solitary stage may be subdivided into several segments corresponding to the specific project.
• Determining the significance of the defensive layers is paramount. The impact diagram and the cost associated with responding to risks, as expounded in the relevant literature [61], indicate that addressing risks may prove more arduous in the project’s later stages than in the early stages. The model advocates assigning greater weight to the defensive layers, which exhibit a higher risk factor whenever a stage progresses within the project life cycle. Estimating the value of this weight, ascribed to the defensive layer, necessitates considering the project’s importance, scope, precision required in risk analysis, and overall project duration, as shown in Figure 5.
• Certain risks solely impact a singular stage and do not reverberate across other stages. Consequently, these risks should be excluded from the analysis of the vertical risk trajectory unless they act as causative agents or catalysts for generating additional risks.
• There are risks that directly and primarily affect the project’s ultimate objectives, manifesting across all stages of the project life cycle. These risks align with the Swiss cheese model and warrant separate examination, resulting in the derivation of a final vertical risk factor (RF_v) as Equation (4).

$${RF}_v=W_i\ast {RF}_i$$

(4)

• Additionally, certain risks recur across multiple layers or demonstrate associations with risks in other layers. These risks may engender vertical overlap, cumulative effects, or cascading impacts, wherein the initial risk begets subsequent risks, and so forth.
• In the case of cumulative risks, it is logical to posit that the vertical risk factor is the aggregate of the risk factors, as in Equation (5), duly considering the weight assigned to each stage during the risk factor computation.

$${RF}_v=W_1\ast {RF}_1+W_2\ast {RF}_2+\dots +W_{\mathrm{n}}\ast {RF}_{\mathrm{n}}$$

(5)

• When confronted with a situation involving successive impacts of risks, wherein the effect of one risk is implicitly embedded in the effect of another, careful consideration is required. For instance, let us consider the delay in the team’s arrival at the work site and the subsequent delay in delivering essential materials needed. Both cases result in the same effect. Traditionally, when multiple risks are present, the prevailing practice involves attributing the vertical risk factor to be equivalent to the final risk within the sequence, typically occurring during the later stages of the project’s life cycle. However, our proposed model challenges this convention by advocating for the assignment of the vertical risk factor based on the risk factor exhibiting the most significant influence within the analyzed series, as shown in Equation (6).

$${RF}_v=max(W_1\ast {RF}_1,W_2\ast {RF}_2,W_3\ast {RF}_3,\dots ,W_{\mathrm{n}}\ast {RF}_{\mathrm{n}})$$

(6)

3.3.3. Assessing Risk Interactions

After calculating each risk’s RF_h and RF_v values, those pairs or groups of risks that share the same time stage and defensive layer are to be reviewed. For each grouping, the risks are determined whether they:

• Synergize: Two or more risks amplify one another’s effects. In order to check their cumulative impact, their RF_h or RF_v scores must be combined.
• Cancel out: certain risks may counteract each other. The combined score is adjusted downward to reflect the reduction, although ignoring the cancellation effect is safer.
• Overlap without synergy: When risks arise from a similar root cause but do not materially interact with one another, only the higher of the individual scores is counted to avoid double-counting.

This expert judgment step ensures that the model captures actual interactive behavior, whether risks magnify, neutralize, or coexist, without relying on rigid formulas.

3.4. Output Phase

3.4.1. Outputs and Implications Derived from the Computation of the Horizontal Risk Factor RF_h

The horizontal risk factor (RF_h) serves as an evaluative metric, illustrating the cumulative and integrated impact of risks inherent in a specific time stage of the project life cycle for a particular risk recipient. Subsequently, we delineate the conclusions and implications inherent to the RF_h calculation, which are particularly pertinent to the risk management specialist scrutinizing the project and its associated risks:

• RF_h serves as a quantitative indicator of the risk level associated with a given time stage in the project life cycle. Consequently, it apprises management of the imperative need to intensify focus on risk management activities, particularly in stages characterized by heightened risk, thereby advancing the overall state of risk management.
• The computation of RF_h facilitates the determination of resource management direction during a specific stage of the project life cycle. It provides insights into the requisite maximum and minimum resource allocations essential for effectively managing anticipated project risks at that stage. Consequently, the outcomes of the new model SAMA are linked to resource management, specifically if the defensive layers employed in the model encompass project resources.
• When employing staged objectives as defensive layers at each time stage, RF_h aids in identifying the most hazardous risk combinations and synergy scenarios that threaten the staged objectives based on each time stage. By comparing these scenarios, predicated on the risk of attaining staged objectives as delineated by SAMA, it plays a pivotal role in diverse domains such as time management, quality management, and the strategic management of phased plans within the scrutinized project.

3.4.2. Outputs and Implications Derived from the Computation of the Vertical Risk Factor RF_v

The vertical risk factor (RF_v) elucidates the cumulative and synergistic effects of risks associated with the project’s ultimate goals, which are predetermined at the initiation of SAMA for risk analysis. Subsequently, it also explains the conclusions and implications of the RF_v calculation, which are particularly pertinent to the risk management specialist scrutinizing the project and its associated risks:

• Assessment of Impact Magnitude and Identification of At-Risk Goals: The utilization of RF_v provides a means to gauge the magnitude of impact, thereby facilitating the evaluation of the extent to which identified risks or the synergy and accumulation of risks influence the project’s ultimate goals. These goals encompass crucial elements such as time, cost, and quality. By discerning the potential impact of risks on these vital goals, RF_v emerges as a valuable instrument for identifying specific areas necessitating concentrated efforts to mitigate risks or allocate additional resources for their resolution. This, in itself, constitutes a form of goal management.
• Facilitating project comparisons: RF_v contributes to the project selection by enabling a comparative analysis of different projects regarding their respective risk levels. Projects with lower risk levels may be perceived as more desirable investments than those with higher ones.

In summary, RF_v emerges as a valuable tool for comprehensively assessing and managing risks within projects, enabling project managers to make informed decisions and effectively prioritize risk mitigation measures.

4. Case Study

4.1. Explanation of the Case Study

The Deepwater Horizon disaster (Macondo well) on 20 April 2010, which resulted in the death of 11 individuals and the release of 53,000 barrels of oil per day, stands as a stark reminder of the catastrophic consequences of inadequate risk management in offshore drilling operations. From the outset of the Macondo well project, risks, uncertainties, and hazards were neither properly assessed nor managed [62].

The primary flaws leading to this disaster can be traced to critical lapses in both technical and organizational risk management practices. Notably, the failure of the cementing process, essential for sealing the well, was a significant factor. Halliburton’s cement job exhibited known stability issues, which were neither adequately tested nor addressed [63]. Compounding this, the Blowout Preventer (BOP), designed as a fail-safe mechanism, failed due to multiple deficiencies, including a miswired solenoid and a dead battery in the control pod. These issues were overlooked during the maintenance and testing phases [64].

Moreover, the rig crew misinterpreted the negative pressure test, a critical step for verifying well integrity, leading to the erroneous conclusion that the well was secure despite clear signs of pressure anomalies [65]. Additionally, the crew either missed or misinterpreted several warning signs of a kick, and appropriate actions were not taken promptly [66]. These technical failures were exacerbated by significant lapses in human and organizational factors, including poor communication and decision-making processes among BP, Transocean, and Halliburton. The pressure to complete the well on schedule led to disregarding safety protocols and adopting undue shortcuts [65]. These interconnected failures underscore the profound deficiencies in risk assessment and management practices that prevailed at the time. This disaster emphasizes the need for continuous improvement in risk management practices to prevent similar catastrophic events in the future [67].

In this article, we will use the example of the Deepwater Horizon disaster to demonstrate the shortcomings of the Risk Matrix and the Swiss Cheese Model in accurately explaining risk analysis for such complex projects. These models fail to account for all the scenarios that may accumulate to culminate in a disaster. In contrast, the Synergy and Accumulation Model for Analysis (SAMA) will be applied to illustrate how effectively it aligns with the actual events of the incident.

4.2. The Risks of the Macondo Well

The Deepwater Horizon disaster resulted from multiple critical failures, including the Blowout Preventer (BOP) malfunction and an improperly executed cement seal, which allowed hydrocarbons to leak. Misinterpretation of a negative pressure test, coupled with inadequate well design, further contributed to the incident. These technical failures were exacerbated by poor risk assessment and management, delayed emergency response, and a series of poor decisions by the involved organizations. Human and organizational errors, regulatory failures, inadequate equipment maintenance, communication breakdowns, and insufficient crew training played significant roles in the catastrophe.

The following are the most prominent risks identified in the literature addressing the Deepwater Horizon incident:

• Cementing Process Failures: The cement job on the Macondo well, intended to seal the well from hydrocarbon zones, suffered significant failures. Post-incident investigations revealed that the cement slurry design and testing were flawed [63]. Halliburton, the contractor responsible for the cementing, was aware of the cement’s instability but did not adequately communicate these concerns, nor were they incorporated into the risk assessments [65].
• Blowout Preventer (BOP) Reliability: The BOP, a critical safety device designed to seal the well in case of uncontrolled pressure, was fraught with design and maintenance issues. Investigations revealed that the BOP had a dead battery and a miswired solenoid, which prevented it from functioning correctly during the blowout [64]. The compounded technical failures highlighted significant gaps in risk management practices.
• Kick Detection and Response: Kick detection, the process of identifying uncontrolled hydrocarbon flow, is critical in well operations. On the day of the blowout, there were clear signs of a kick that the crew either misinterpreted or ignored, leading to a delayed response [65]. The failure to emphasize the urgency and protocols for kick detection and response was a critical oversight.
• Negative Pressure Test Interpretation: The negative pressure test, used to ensure well integrity, was misinterpreted by the rig crew. Conflicting pressure readings during the test were disregarded, leading to the erroneous conclusion that the well was secure [68]. This false sense of security directly resulted from not recognizing the criticality of correctly interpreting negative pressure tests.
• Emergency Disconnect System (EDS) Activation: The EDS, designed to allow the rig to disconnect from the well in case of a blowout, failed during the incident. Attempts to activate the EDS were unsuccessful, exacerbating the disaster [66]. The underestimation of the EDS’s critical role and potential failure modes highlighted significant gaps in risk management.

4.3. Risk Matrix Analysis Shortcomings for the Deepwater Horizon Disaster

The Deepwater Horizon disaster, which occurred on 20 April 2010, exemplifies how the traditional Risk Matrix approach inadequately assessed and mitigated critical risks, ultimately contributing to one of the worst environmental catastrophes in history. To analyze the risks using the Risk Matrix, it is necessary to identify the detailed risks associated with the main groups mentioned above. This process involves determining the impact and likelihood of each risk identified in the literature examining the Deepwater Horizon disaster. These studies sought to understand the causes of this catastrophic incident and to explain them through various risk analysis models.

Table 5. Risk Matrix Table for Deepwater Horizon.

#	Code	Risk	Impact	Likelihood	Mitigation Failure
1	R1	Blowout Preventer (BOP) Failure	Catastrophic	Likely	BOP was not maintained properly and failed to seal the well in an emergency
2	R2	Cement Seal Failure	Catastrophic	Likely	The cement job at the well bottom failed to isolate hydrocarbons
3	R3	Misinterpretation of Pressure Test	Severe	Likely	Negative pressure test results were misinterpreted, indicating no issues when there were multiple issues
4	R4	Inadequate Well Design	Severe	Possible	Design did not account for the potential high pressure and gas influx
5	R5	Failure in Risk Assessment and Management	Severe	Likely	Risks were underestimated, and proper assessments were not conducted
6	R6	Emergency Response Failure	Severe	Likely	Emergency response plans were not effective, leading to delayed containment efforts
7	R7	Poor Decision-Making	Severe	Likely	Multiple poor decisions and tradeoffs led to the disaster
8	R8	Human and Organizational Malfunctions	Severe	Likely	Organizational and human errors significantly contributed to the failures
9	R9	Regulatory Failures	Severe	Possible	Regulatory bodies did not enforce proper safety measures and regulations
10	R10	Equipment Maintenance	Major	Likely	Equipment was not maintained or tested according to industry standards
11	R11	Communication Failures	Major	Possible	Poor communication between the parties involved in the operation and management
12	R12	Training Deficiencies	Major	Possible	The crew was not adequately trained for emergencies

below presents the risks that contributed to the Deepwater Horizon disaster, as assessed using the Risk Matrix [69]. Figure 6 also shows the Risk Matrix for the risks studied in the Deepwater Horizon disaster.

The results of the Risk Matrix in the Deepwater Horizon case highlight a prioritization of risks for treatment but fail to address critical systemic issues, such as inadequate management flow, delayed response to risks, and ineffective handling of complaints. This analysis reveals several limitations of the Risk Matrix approach. For instance, the concentration of risk parameter estimates in terms of impact and likelihood tends to fall within a specific range, making it challenging to distinguish between negligible risks and those with high likelihood but low impact. This can lead to overly polarized assessments. Additionally, the complexity of ranking risks by their impact and likelihood coefficients is evident, as many risks occupy similar positions within the classification system, thereby complicating prioritization.

4.4. Swiss Cheese Model Analysis of the Deepwater Horizon Incident

The Swiss Cheese Model categorizes errors into Latent Failures and Active Failures. Additionally, unsafe actions contribute to disasters by creating significant vulnerabilities within the whole defense system, leading to potentially catastrophic accidents [70]. Furthermore, we consider failures in protection systems originally designed to serve as safety and prevention mechanisms. In some instances, these systems can become primary contributors to disasters, exacerbating the severity of the incident by acting counter to their intended operational function. Accordingly, we will categorize these risks from the perspective of the Swiss cheese model as follows:

• Latent Failures (Organizational and Regulatory Weaknesses):

  1.

  Regulatory Oversight: Inadequate regulatory oversight and enforcement by the Minerals Management Service (MMS). The MMS had conflicts of interest, as it was both promoting offshore drilling and responsible for its regulation, so the MMS’s oversight was not strict in enforcing regulatory requirements on ongoing offshore operations.

  2.

  Safety Culture: BP’s organizational culture prioritized cost-cutting and speed over safety. BP’s main focus was meeting financial targets, leading to compromised safety standards and inadequate risk management practices.

• Active Failures (Errors and Violations):

  3.

  Decision-Making Errors: Critical decisions were made without adequate risk assessment. Decisions such as using a single long string casing instead of a safer liner/tieback system were made to save time and money despite being riskier.

  4.

  Operational Deviations: Failure to adhere to established procedures and best practices. The negative pressure test, a crucial step in determining well integrity, was misinterpreted, leading to the incorrect assumption that the well was secure.

• Preconditions for Unsafe Acts (Human and Environmental Factors):

  5.

  Crew Training and Competence: The rig crew lacked adequate training and preparedness. Crew members were not sufficiently trained to handle the negative pressure test and other critical procedures, resulting in misjudgments and errors.

  6.

  Communication Failures: Poor communication between BP, Transocean, and Halliburton. Significant lapses in communication regarding changes in drilling plans and risk assessments resulted in misunderstandings and a lack of coordinated response.

• Defenses in Depth (Safety Systems and Equipment):

  7.

  Blowout Preventer (BOP) Failures: The BOP, a critical safety device, failed to function correctly. The BOP had several design and maintenance issues, including a dead battery and a miswired solenoid valve, which prevented it from sealing the well effectively.

  8.

  Well Design Flaws: Design choices increased the risk of a blowout. The well design included fewer barriers to hydrocarbon flow, and the decision to use a long string casing instead of a liner/tieback system increased the likelihood of a blowout.

4.5. SAMA Analysis of the Deepwater Horizon Incident

The Deepwater Horizon incident analysis begins by applying the Synergy and Accumulation Model for Analysis (SAMA), defining the time stages. The stages of risk analysis for the Macondo well before the incident can be divided into two phases: Operational and Construction. By reviewing the company’s previous incidents and conducting interviews in earlier studies with officials and workers involved with the Macondo well, defensive layers (recipients of the risks) were identified for each phase. These layers include protection procedures and tools, regulatory laws, structural integrity, and the project’s primary objectives to ensure quality implementation and occupational safety.

This approach provides the foundational structure for collecting the necessary data for the risk analysis of the Macondo well and for interpreting the Deepwater Horizon incident. It is important to note that the numerical data for risk parameters presented in this analysis are approximate and were derived from reviewing scientific articles on related topics. The primary aim of these estimates is to demonstrate the SAMA mechanism and clarify the form of the results produced through its application.

Table 6. SAMA inputs used in the Deepwater Horizon analysis.

The Studied Risks	Coding	Parameters							Objectives		Time Stages		Defensive Layers (the Recipients of the Risks)
		The Focus of the Impact	Suddenness	Frequency	Effectiveness	Consequences	Probability	Risk Factor	Safety	Quality	1-Operational	2-Construction	Protection Procedures and Tools	Regulatory Laws	Structural Structure
Blowout Preventer (BOP) Failure	RF1	10	0.8	1	1	8	1	8	*		*	*	1 + 2
Cement Seal Failure	RF2	8	0.3	4	0.6	2.4	2.4	5.76	*		*	*	1 + 2
Misinterpretation of Pressure Test	RF3	6	0.2	8	0.8	1.2	6.4	7.68	*	*	*		1
Inadequate Well Design	RF4	9	0.3	1	1	2.7	1	2.7		*	*	*			1 + 2
Failure in Risk Assessment and Management	RF5	8	0.9	7	0.9	7.2	6.3	45.36	*	*	*	*		1 + 2
Emergency Response Failure	RF6	9	0.2	7	0.6	1.8	4.2	7.56	*		*			1
Poor Decision-Making	RF7	8	0.8	8	0.4	6.4	3.2	20.48		*	*	*		1 + 2
Human and Organizational Malfunctions	RF8	7	0.5	5	0.5	3.5	2.5	8.75		*	*			1
Regulatory Failures	RF9	5	0.1	9	0.6	0.5	5.4	2.7		*	*	*		1 + 2
Neglecting Equipment Maintenance	RF10	8	0.3	9	0.9	2.4	8.1	19.44	*	*	*		1
Communication Failures	RF11	4	0.3	7	0.8	1.2	5.6	6.72		*	*			1
Training Deficiencies	RF12	3	0.2	2	0.8	0.6	1.6	0.96	*	*	*		1
Weak Safety Culture	RF13	8	0.7	7	0.7	5.6	4.9	27.44	*		*	*		1 + 2
Unsatisfactory Concrete Tests	RF14	7	0.4	2	0.6	2.8	1.2	3.36	*	*		*	2
Operational Deviations	RF15	8	0.2	8	0.8	1.6	6.4	10.24	*	*	*			1

* Indicates that this risk affects this Objective and affects the specified time stage.

outlines SAMA inputs used in the Deepwater Horizon analysis, including the identification of influential risks, their parameters, calculation of risk factors, identification of the affected targets, time stages, and the recipients of the risks (defensive layers).

Furthermore, many risk paths were identified by meticulously examining the interrelationships between risks associated with the same time stage and the risk recipient. These risk paths signify the amalgamation of diverse risks and are visually depicted in Figure 7.

The horizontal analysis process of SAMA commences with a comprehensive assessment of each layer, wherein potential risks and their interconnections are meticulously examined. This analytical endeavor enables the identification of horizontal pathways of risk or collapse paths for each layer. This process is subsequently replicated for all existing layers, culminating in the computation of the horizontal risk factor for each layer, as shown in

Table 7. Total risk factor for risk paths in horizontal analysis.

Time Stage	Defensive Layers	Coding	Horizontal Paths	The Value
Operational stage	Protection procedures and tools	RFh1tools	RF1 + RF2 + RF3 + RF10 + RF12	41.84
	Regulatory laws	Rfh1laws	RF5 + RF6 + RF7 + RF8 + RF9 + RF11 + RF13 + RF15	129.25
	Structural structure	RFh1str	RF4	2.7
Construction stage	Protection procedures and tools	RFh2tools	RF1 + RF2 + RF14	17.12
	Regulatory laws	Rfh2laws	RF5 + RF7 + RF9 + RF13	95.98
	Structural structure	RFh2str	RF4	2.7

.

Additionally, a vertical analysis is conducted by scrutinizing each risk’s characteristics and its overall objective. Throughout this process, the objectives impacted by the studied risks are considered. When common factors emerge among the risks, they are assigned to the same vertical collapse paths. The vertical risk factor for each path can be accurately calculated by identifying all vertical paths, as demonstrated in Figure 8 and

Table 8. Total risk factor for risk paths in vertical analysis.

The Objective	The Objective	Coding	Vertical Paths	The Value
	Safety	RFvSafty	RF1 + RF2 + RF3 + RF5 + RF6 + RF10 + RF12 + RF13 + RF14 + RF15	135.8
	Quality	RFvQuality	RF3 + RF4 + RF5 + RF7 + RF8 + RF9 + RF10 + RF11 + RF12 + RF14 + RF15	128.39

.

5. Findings

Applying SAMA to the Deepwater Horizon incident provides a comprehensive understanding of how interacting and overlapping risks contributed to systemic failure. This dual-perspective model has horizontal analysis, which looks at the accumulation of risks over the project timeline, and vertical analysis, which looks at the synergy and accumulation of risks on specific defensive layers associated with key project objectives.

Horizontal Analysis: The horizontal part of the SAMA framework shows that the defensive layer of regulatory laws had the highest risk accumulation across both major time stages, operational and construction. During the operational phase, this layer was exposed to eight interrelated risk events, resulting in a horizontal risk factor of Rfh_1laws = 129.25. Four notable risks were identified in the construction phase, resulting in a horizontal risk factor of Rfh_2laws = 95.98.

These values show that regulatory oversight was highly vulnerable throughout the project’s life. The accumulation of risks in this layer means a persistent failure to translate legal frameworks into operational controls. The data also show a broader inability of the regulatory system to adapt to dynamic conditions in offshore drilling environments. The horizontal findings show a synergistic buildup of risks that were not just isolated to a stage but compounded across project phases, indicating a form of temporal risk entrenchment.

Vertical Analysis: The vertical analysis reveals the synergy and accumulation of risks on key project objectives, highlighting the most vulnerable collapse paths within the system. The safety objective stands out as the most affected, with 10 overlapping risks resulting in a vertical risk factor of RF_vSafety = 135.8. This is not just the number of risk events but the convergence of those risks on a single critical outcome: human life and operational integrity. The quality objective follows closely with 11 overlapping risks and a vertical risk factor of RF_vQuality = 128.39. This synergy and accumulation of risks in the quality layer means failures in construction integrity, process verification, and engineering compliance, which indirectly compromise safety performance.

The vertical results show the systemic interdependence between project layers and objectives. Rather than isolated weaknesses, these figures show how multiple risks converged through interrelated pathways to undermine core functions. Through vertical risk mapping, SAMA identifies critical defensive breakdowns where synergistic effects amplify the potential for collapse. This vertical perspective is particularly powerful in showing how risks with moderate individual impact can collectively escalate into severe systemic vulnerabilities when they accumulate across defensive layers.

These findings demonstrate SAMA’s strength: it can quantify not only the presence of risk but also the structured accumulation and synergistic interaction of risk, as well as how failure modes propagate over time.

The insights from both horizontal and vertical analysis inform practical recommendations for addressing risk at systemic and organizational levels:

• Regulatory Laws (Horizontal Track): The case study shows a persistent weakness in regulatory enforcement and communication. The accumulation of risks in this layer means there is no feedback mechanism, administrative delays, and a lack of operational adaptation to regulatory expectations. To address this, one must implement continuous monitoring systems, dynamic regulatory frameworks that evolve with project conditions, and integration between field operations and legal compliance teams. A real-time regulatory risk tracking system could have flagged the inconsistencies and prompted preventive action before the disaster struck. This issue is consistent with the U.S. report of the Chemical Safety and Hazard Investigation Board [64], which addressed this disastrous incident and its causes.
• Safety (Vertical Track): The synergy and accumulation of risks on the safety objective shows a major systemic failure—defective cement seals, postponed maintenance, and inadequate emergency protocols aligned to create a high-risk environment. Post-incident reports show that despite knowing of these failures, the decision-makers did not act [64]. Strengthening this layer means proactive maintenance protocols, cross-verifying critical safety systems, and a culture of accountability where safety is prioritized even under cost or schedule pressure.

6. Discussion

While the Risk Matrix (RM) and the Swiss Cheese Model (SCM) are industry standards for risk assessment, our SAMA framework addresses their most significant limitations by introducing a parametric, multi-dimensional approach. We summarize the key criticisms of RM and SCM alongside SAMA’s solutions and results below:

• Overlapping Probability–Impact Ranges and Color-Based Classification:

Criticism (RM): Traditional risk matrices have overlapping probability–impact cells and use color coding (e.g., green/yellow/red), which introduces ambiguity and ranking bias.

SAMA Solution: By defining four independent risk parameters: focus of impact, suddenness, frequency, and effectiveness, SAMA replaces arbitrary color bands with numerical horizontal and vertical risk factors. These metrics stratify risk pathways into equal, non-overlapping intervals so each scenario gets an unambiguous, mathematically aggregated score. This numeric approach eliminates subjective interpretation and enables precise prioritization of hazards, reducing inconsistency in color-based designs.

2.

Ignoring Synergy and Accumulation of Risks:

Criticism (RM): Risk matrices treat each hazard in isolation, ignoring how multiple moderate risks can combine to cause a significant failure.

SAMA Solution: Through its horizontal and vertical analysis, SAMA maps how risks converge into collapse paths. Horizontal factors (RF_h) quantify risk buildup across life-cycle stages; vertical factors (RF_v) capture the synergy and accumulation of failures across layers. This two-dimensional mapping reveals systemic vulnerabilities that single-point models miss, highlighting critical collapse paths for proactive mitigation.

3.

“Holes” Without Time Factor or Quantification:

Criticism (SCM): SCM’s “holes in layers” metaphor effectively illustrates defensive breakdowns, but it lacks quantification and overlooks the project timeline, making it difficult to manage risk proactively.

SAMA Solution: SAMA reframes layers as dynamic risk recipients and computes risk factors for each defensive layer at each project stage. Tracking RF_h within phases and RF_v across layers turns static “holes” into quantified vulnerability profiles. The model enables the prediction of risk trajectories at each time stage and for every risk recipient.

4.

Event-Centric Focus vs. Recipient-Centric Framework:

Criticism (SCM): SCM is event-centric, focusing on post-incident interpretation rather than aligning defenses to protect project objectives.

SAMA Solution: SAMA’s recipient-centric approach prioritizes safeguarding defined objectives—safety, quality, cost, and schedule, rather than just explaining past failures. This means risk management efforts focus on preserving the integrity of critical system functions. By aligning risk assessment with resource, objective, time, and financial management, SAMA provides a proactive roadmap for strengthening defenses and allocating mitigation efforts.

SAMA’s modular structure allows seamless embedding into widely used management platforms:

• Enterprise Risk Management (ERM) Suites: Export RF_h/RF_v tables from SAMA into ERM dashboards (e.g., as custom metrics in Power BI or Tableau) for continuous monitoring and analysis.
• Project Management Tools: Link stage-specific RF_h values to scheduling software (e.g., Microsoft Project or Primavera) so that timelines automatically flag high-risk tasks for additional review.
• Maintenance and Compliance Systems: Feed vertical RF_v scores into Computerized Maintenance Management Systems (CMMS) to prioritize work orders where synergy of failures heightens potential impact.

Organizations can integrate our model without replacing existing workflows by mapping SAMA’s outputs onto familiar data fields such as Risk Score, Control Priority, and Review Date. This integration transforms SAMA from a standalone analytical exercise into a live decision-support module that augments, rather than disrupts, current management systems.

7. Conclusions

This study introduces and validates the Synergy and Accumulation Model for Analysis (SAMA), a new parameter-driven framework inspired by the Risk Matrix (RM) and the Swiss Cheese Model (SCM). SAMA was developed to understand risk overlaps and to predict shared risks by defining discrete life cycle stages and defensive layers. Each risk is characterized by four parameters—focus of impact, suddenness, frequency, and effectiveness—and aggregates into horizontal (RF_h) and vertical (RF_v) risk factors. This systematic approach addresses the limitations of traditional models by quantifying how risks accumulate over time and interact across system defenses. The key contributions of this research are:

• Robust Framework: SAMA provides a structured schema where layers are weighted recipients of risk, allowing for precise classification based on temporal and systemic attributes.
• Dual Analytical Approach: Horizontal analysis identifies the most hazardous paths within each time stage. In contrast, vertical analysis uncovers the synergy and accumulation of risks that, although temporally distinct, jointly threaten core objectives.
• Risk Manager’s Role: The model incorporates expert judgment to evaluate the interrelationships between risks and to identify the highest-risk collapse paths, thereby integrating rational oversight into an otherwise quantitative process.

When applied to the Deepwater Horizon case study, SAMA found the Regulatory Laws layer had RF_h values of 129.25 (operational) and 95.98 (construction), and the safety objective had an RF_v of 135.8 due to 10 overlapping risks. These numbers indicate that SAMA can capture and address cumulative risk interactions more effectively than traditional models.

SAMA provides actionable guidance for various management domains. In resource management, decision-makers can allocate resources to the stages and layers with the most synergy of risks, preventing shortages or overstaffing. In time management, project schedulers receive an early warning of temporal risk bottlenecks and can adjust timelines and inspection intervals. In cost management, financial controllers can model the cumulative impact of layered risks on budget projections and prioritize investments in high-leverage controls. In quality and compliance management, auditors can focus their review on the defense layers with the highest accumulation of risk and ensure regulatory compliance before minor lapses escalate. Finally, in safety and maintenance management, safety officers and engineers can target overlapping failure modes, such as cement integrity and equipment maintenance, for simultaneous remediation and turn SAMA’s insights into action plans. Risk assessments can move from past incident mapping to predictive synergistic analysis of future threats. SAMA enables users to see collapse paths, cross-functional controls, and system resilience across all aspects of project management. In future studies, we encourage applying the SAMA framework to additional sectors or case studies. Such applications would validate the model’s adaptability and contribute to its refinement through cross-contextual comparison.