LACC Wk 2 Occupational Risk Management Chapter Analysis and Discussion Response

User Generated

anvspbq

Writing

Los Angeles City College

Description

1. Provide a detailed analysis of Chapter 1 from the texbook and PPT presentation included in Week 2 Lecture Materials. Discuss one of the case studies provided in the PPT presentation and describe the consequences for the organization. Include financial and reputation damages. 

2. Peer review. Comment to at least one classmate's post.  

POST

replay on this : Chapter 1 Summary - Many organizations in today's world are becoming more and more risk-oriented as time moves on. OSH professionals are expected to have more sufficient skills in selecting and applying occupational risk management tools to an organization to make then successful when it comes to risk. OSH professionals should be expected to understand and apply the hierarchy of controls concept to achieve an acceptable risk level. That way companies can come up with an acceptable risk level with the OSH professional and develop systems to put in place to make sure that the risk stays at that level. Risk elimination and reduction will be incorporated into designs and throughout a systems life span. The goal of the OSH professional should be to come in and develop these systems for the company and train them on how to keep and improve these systems that way that can last over a long period of time. If the OSH professional comes into the company and tells the company what to do and trains them but then the company doesn't do anything after the system is going to fail, the risk will go up, and someone will end up getting hurt. So, if something is not working then the OSH professional needs to come back so the company can go back through and develop new systems that will work instead of the old ones. OSH professionals should be very familiar with understanding occupational risk management systems such as ISO 45001 and ANSI Z10 so that they can relay this information to the company. The concepts and tools are designed to help prepare the OSH professional for these changing developments and expectations. Retrieved From - Chapter 1 of textbook & PowerPoint Case Study - On June 24th, 2005 a fire and explosion happened at the Praxair plant in St. Louis, Missouri. The accident occurred when gas released by a pressure valve on a propylene cylinder ignited. The explosion launched dozens of cylinders into the air and over into the nearby towns and damaged homes, buildings, and cars causing damage and many small fires around the plant. There was an alarm that went off that evacuated all the workers out of the plant. The accident occurred on a hot 97-degree day in June and the cylinders were stored on asphalt which added to the heat getting to the cylinders. One of the tanks pressure relief valve began venting and the CSB concluded that static electricity ignited the gas causing more than 8000 cylinders to ignite and causing a huge fire. The fire department had to wait for all the cylinders to explode before entering the plant which took about five hours to complete. The CSB found that high temperatures and relief valves that open at too low a pressure increase the risk for fires. The board of compressed gas revised its standards for propylene relief valves to provide a greater margin of improved reliability. There were some financial damages that Praxair had to take care of but their overall reputation was not hurt that much. 

Unformatted Attachment Preview

1 Risk Management Tools for Safety Professionals – Part I, Chapter 1. RM and PtD PART I – RISK MANAGEMENT METHODS AND TOOLS Chapter 1 – Risk Management and Prevention through Design Authors: Bruce Lyon, CSP, PE, ARM, CHMM, and Georgi Popov, PhD, QEP, SMS, CMC The following is a selected section from the upcoming Risk Management Tools for Safety Professionals manual to be published by ASSE in 2018. INTRODUCTION The safety profession has evolved and experienced significant change during the past 40 years. Prior to the United States (U.S.) Occupational Safety and Health Act, work-related injuries and illnesses were common and viewed as the norm among many organizations. Amputations, respiratory problems and hearing loss, ergonomics-related disabilities and even fatalities were accepted as a part of doing business. The role of safety was basically nonexistent. In 1970, the enactment of the OSH Act created a demand for occupational safety and health (OSH) professionals to assist organizations comply with the many newly implemented workplace safety and health regulations. The OSHA regulations provided a foundation for worker protection and greatly defined the OSH professionals’ role for decades. However, a transformation is underway within the profession. Once confined to traditional and often times reactionary activities such as regulatory compliance, accident investigation and reporting, safety programs development, safety training, worksite inspections, and safety equipment selection, OSH professionals are beginning to engage in more proactive, risk-based practices. This shift is noted in the following quote from Thomas Cecich, the American Society of Safety Engineers (ASSE) President in 2016 taken from the 2 Risk Management Tools for Safety Professionals – Part I, Chapter 1. RM and PtD ISHN 50th anniversary: Challenges and Opportunities - Thought Leader Essays at http://www.ishn.com/articles/105319-ishn-50th-anniversary-challenges-and-opportunities--thought-leader-essays. In the future of the practice of occupational safety and health the role of safety and health professionals must continue to move beyond compliance with regulatory standards. Leading organizations understand that the key to injury and illness reduction and greater operational efficiency lies with the need to identify, assess, manage and communicate workplace risk. Senior management understands the concept of managing risk. They do it all the time, whether operational risk, financial risk, reputational risk or market risk. (Cecich, 2016) The need to comply with regulations and perform traditional practices will always be part of the job; however, it is the authors’ opinion that those activities will not be the primary focus of the OSH profession. What then will define the need for future OSH professionals? In a word, ‘risk’. As the profession moves from a hazard and compliance-based focus to a ‘risk-centric’ (a phrase coined by Dave Walline) or risk-based approach, OSH professionals will be expected to expand their skill-set to include those in risk assessment (identification, analyses, and evaluation), application of higher level controls for risk reduction, Prevention through Design (PtD) and pre-operational risk assessment, safety specifications for procurement, change management, and operational risk management systems. This shift to more risk-based efforts is 3 Risk Management Tools for Safety Professionals – Part I, Chapter 1. RM and PtD elevating the profession to greater importance within organizations. In essence, the profession is becoming more ‘active’ in nature, providing risk-based information to decision makers; moving away from ‘passive’ traditional safety programs towards safety processes operating within operational risk management systems. Perhaps a better descriptor for the profession is ‘occupational safety and health risk’ or simply ‘occupational risk’. None the less, the profession is evolving. The Sources of Risk Risk is described as the effect of uncertainty by the ISO 31000:2009 Risk Management Standard (adopted by ANSI/ASSE Z690.2 in 2011). As the role of the OSH professional continues to evolve, it is important to recognize the different sources of risk, and their relationship and effects upon an organization. The American Institute For Chartered Property Casualty Underwriters known as ‘The Institutes’ refers to these risk source categories as the ‘risk quadrants’ (The Institutes, 2017). The risk quadrants are known as operational risk, hazard risk, financial risk and strategic risk. Operational risks and hazard risks are considered ‘pure’ risks – those that can only result in loss or negative outcomes – and are the primary risks that OSH professionals manage or control. Financial and strategic risks are ‘speculative’ risks which have the possibility of either a positive or negative outcome. ‘Pure’ risks are typically insurable since they only involve the chance of loss while ‘speculative’ risks are not. Figure 1.1 represents the four quadrants of risk. 4 Risk Management Tools for Safety Professionals – Part I, Chapter 1. RM and PtD Pure Risk Speculative Risk Hazard Risk Financial Risk Operational Risk Strategic Risk Figure 1.1, The Four Quadrants of Risk In the course materials for the Associate in Risk Management (ARM) designation, The Institutes describe the ‘risk quadrants’ as follows:  Hazard Risk - Risks that are derived from property, liability, or personnel loss exposures and are generally insurable.  Operational Risk – Risks that are derived from people or a failure in processes, systems, or controls including information technology (IT) related exposures. Both hazard and operational risks are closed aligned and interrelated, and are often managed as such.  Financial Risk – Risks derived from the effect of market forces or financial assets or liabilities and include market risk, credit risk, liquidity risk, and price risk.  Strategic Risk – Risks derived from trends in the economy and society, including changes in economic, political, and competitive environments, as well as from demographic shifts. 5 Risk Management Tools for Safety Professionals – Part I, Chapter 1. RM and PtD Risk sources have the potential of falling into more than one category or quadrant, and can also impact other types of risks with in an organization – causing a cascade effect. For instance, a product release or spill initially effects the operational aspect of the organization as a loss of product and temporary business interruption risk. However, if the product is hazardous, the operational risk turns into a safety, health and environmental risk – a hazard risk. And depending upon the scale and severity of the operational and hazard risks, the event may lead to significant financial loss - a financial risk - and possibly damage the organization’s reputation – a strategic risk. As indicated by The Institutes, organizations define types of risk differently, and recommend that each organization define their categories to align with their objectives and processes. For this manual, the authors refer to ‘operational risks’ which OSH professionals tend to manage as including both operational-related exposures and hazard risks – those derived from occupational safety, health, environmental and property exposures. Enterprise Risk Management (“ERM”) is a strategic business discipline that supports the achievement of an organization’s objectives by addressing the full spectrum of its risks and managing the combined impact of those risks as an interrelated risk portfolio (RIMS, 2017). Organizations seek to manage risk exposures across all parts of their business so that, at any given time, they incur just enough of the right kinds of risk—no more, no less—to effectively pursue strategic goals (COSO, 2012). The OSH professional is trained to look at hazards and risks associated with operational activities that produce negative consequences. Businesses must balance both the negative risks as well as the opportunities and positive risks they face. Interdependencies and Synergistic Effects ERM risks are interdependent. Key interdependencies exist between hazard risks, operational risk, financial risk, and strategic risk. Upon further examination, each of these major 6 Risk Management Tools for Safety Professionals – Part I, Chapter 1. RM and PtD interdependent categories is comprised of sub-risk categories. In addition, the synergistic effect of risk exposures could pose greater risk that the sum of individual hazards and risks. For example, the regulatory fines related to OSH risks may be considered acceptable form a financial prospective, but may not be acceptable from and ERM prospective due to strategic risk and potential reputational damage. Such risks may be misunderstood or underestimated. For instance, OSH risk may lead to financial losses, operational interruptions, and regulatory issues if the function is not properly integrated into ERM process. Improperly managed OSH risks may lead to operations shut down due to incident investigations, resulting in financial losses, failure to fulfil orders, insurance premiums increase and reputational damage. Unfortunately, considerable number of organizations use different systems and methodologies to manage different risks. For instance, OSH function may utilize risk assessment and risk management methodologies that are not familiar to business managers. Conversely, OSH managers may not be fully familiar with business risk assessment and risk management practices and tools. Hence, the need for integration. Benefits of OSH Function and ERM Integration ERM requires an integrated risk organization. While many companies now have a Chief Risk Officer (CRO), they are often aligned to financial or internal audit functions far removed from operational and strategic risk domains where OSH professionals feel comfortable. This progression from OSH risk to Operational, Financial, Business and Strategic risk offers the OSH professionals the opportunity to integrate OSH risk management into the ERM process. ERM requires the integration of risk management strategies, as not all risks are graded or scored equally. Under the very familiar “silo approach” to risk identification, assessment and management, OSH functions are frequently limited to compliance over effective implementation 7 Risk Management Tools for Safety Professionals – Part I, Chapter 1. RM and PtD truly affecting worker and community health, environmental quality, or personnel safety. Any opportunity to align OSH projects with business objectives was often ignored. Risk Management and the OSH Professional In an effort to better prepare for the changes occurring in the profession, this manual provides guidance for selecting, modifying and combining risk management methods and tools. It is largely shaped by significant events in recent years that give greater prominence to risk assessment and the risk management process. Some of the more important events which signal a move toward risk-based efforts are shown in the following list. 1. The National Safety Council created an entity known as the Institute for Safety through Design (ISTD) in 1995. The core of the ISTD and the safety through design concept is hazard identification and risk assessment in the design phase. 2. In 1996, the National Institute for Occupational Safety and Health (NIOSH) began consideration of what became a major initiative on Prevention through Design (PtD). The intent of the initiative was to encourage organizations to have processes in place to address occupational hazards and risks in the design and redesign processes. Doing so requires making risk assessments as a continuum as the design process moves forward. 3. A European led drive to have risk assessment be recognized as the cornerstone of an occupational risk management system is having an impact in the U.S. The move has led OSHA, NIOSH, and industry to a more risk-based process. 4. In 2011, the American National Standard Institute (ANSI) approved a petition made by the American Society of Safety Engineers to adopt four standards on risk management developed by ISO (the International Organization for Standardization.) One of those 8 Risk Management Tools for Safety Professionals – Part I, Chapter 1. RM and PtD standards (ISO 31010) known as ANSI/ASSE Z690.3, Risk Assessment Techniques is receiving broad attention in the OSH profession. 5. Sustainability and resilience of business has emerged as a major corporate endeavor. Risk management is fundamental to a sustainable and resilient enterprise, in that it is a continual improvement process used by an organization to achieve its objectives through assessing uncertainly and lowering risk to acceptable levels. 6. In 2010, the Bureau of Ocean Energy Management Regulation and Enforcement (BOEMRE), a federal government agency, adopted a mandatory standard that combines safety and environmental risk management within one management system. 7. An ANSI standard on Prevention through Design was adopted on September 1, 2011. A substantial portion of the standard is devoted to hazard analysis and risk assessment in the design and redesign phase. Educators are developing new courses related to Prevention through Design and new risk assessment tools. Plans for revision of the standard are underway. 8. Organizations are moving from program-based safety and health methods to a more management systems approach. With the ANSI Z10 standard, and a new ISO 45001 Occupational Health and Safety Management standard expected, employers have come to realize that occupational safety and health and risk management are an integral part of sustainable business practices. 9. Recent research shows that risk assessment can be successfully implemented in daily operations and long-term planning. 9 Risk Management Tools for Safety Professionals – Part I, Chapter 1. RM and PtD 10. Many industries have applied Lean Concepts to reduce waste, improve efficiency, and lower production costs. Lean Six Sigma concepts and risk assessment tools can be applied in the OSH profession. 11. For many years, businesses have been operating with tight budgets and continuously seeking ways to reduce costs, among which are accident/incident costs. Risk-based decision making has become more prevalent in organizations and is requiring greater use of tools that assess and manage risk, analyze costs and determine benefits of interventions. 12. In June 2013, the American Society of Safety Engineers (ASSE) recognized the significance of risk assessment by launching its Risk Assessment Institute, a gateway for members of the society to develop new risk assessment core competencies. 13. In 2015, ASSE initiated the Risk Assessment Certificate program which has received heavy demand by OSH professionals. 14. The significance of risk assessment is evidenced in the number of published peerreviewed articles on the subject. As of September, 2017, a search for articles on the subject of risk assessment found in the ASSE Professional Safety Archives reveals 155 articles since the year 2000. Of special note is the development of ASSE’s Risk Assessment Institute. In 2012, officers of ASSE recognized a need for OSH professionals to develop greater skills in risk assessment fundamentals. The increasing number of safety-related standards and guidelines requiring risk assessment made it evident that ASSE should provide its members with educational opportunities through which the necessary skills could be acquired (Manuele, 2016). The Risk Assessment committee was formed in 2013 and its members continue to develop and collect 10 Risk Management Tools for Safety Professionals – Part I, Chapter 1. RM and PtD literature, videos, webinars and other materials that could be used by OSH risk professionals. The success of the Risk Assessment Certificate program which includes over 500 certificate recipients as of November 2016 continues to grow. An international outreach is also taking place with the program being extended to OSH risk professionals worldwide, as well as a more advanced certificate program being considered. This development is significant in that awareness has developed among leaders of such technical organization with an international scope. As Fred Manuele proclaims, ‘this is an important step forward for the practice of safety.’ (Manuele, 2016). The Risk Assessment Institute website can be accessed at http://www.oshrisk.org/. To summarize, operational risk assessments are becoming a requirement within many countries, branches of the military and certain industries such as atomic energy, chemical operations and pharmaceuticals. Considering these developments, and the need for organizations to compete on a more global basis, it is anticipated that requirements for risk assessment will continue to grow, both in the U.S., and worldwide. MANUAL CONTENTS For the OSH risk professional, this manual is intended to provide instructive guidance in selecting, modifying, and applying fundamental risk management tools and Prevention through Design concepts. It is divided into three parts: Part I – The Risk Management Methods and Tools contains instructional steps for common risk management tools used by safety professional; Part II – STRATEGIES FOR SELECTING, MODIFYING AND COMBINING RISK MANAGEMENT METHODS provides strategies used to select, customize, optimize and combine methods to provide the risk-based information needed by the safety professional ; and Part III – PRACTICAL EXAMPLES AND CASE STUDIES OF RISK MANAGEMENT METHODS AND 11 Risk Management Tools for Safety Professionals – Part I, Chapter 1. RM and PtD TOOLS from the field are used to help demonstrate the use of tools. Part I is organized in accordance with the Risk Management Process elements identified in the ANSI/ASSE Z690.22011 Risk Management Standard (adopted from ISO 31000:2009) shown in Figure 1.2. Note: For the purposes of this manual, the authors use ISO 31000 when referring to ISO 31000:2009/ANSI/ASSE Z690.2–2011 Risk Management Standard, and ISO 31010 when referring to ISO 31010:2009/ANSI/ASSE Z690.3-2011, Risk Assessment Techniques. Process (clause 5) Risk identification (5.4.2) Risk analysis (5.4.3) Risk evaluation (5.4.4) Monitoring and review (5.6) Communication and consultation (5.2) Establishing the context (5.3) Risk treatment (5.5) Figure 1.2, ISO 31000 Risk Management Process reprinted with permission (Courtesy of the American Society of Safety Engineers) 12 Risk Management Tools for Safety Professionals – Part I, Chapter 1. RM and PtD Within each process step, select tools and methods commonly used by OSH risk professionals are presented and discussed as shown in Figure 1.3. Many other methods are available as indicated in ANSI/ASSE Z690.3 – 2011 Risk Assessment Techniques standard (adopted from ISO 31010:2009), and should be considered where appropriate. Risk Communication  Plan-Do-Check-Act Model  Risk-based Decision Making  Risk Assessment Triggers Risk identification (5.4.2) Risk analysis (5.4.3) Risk evaluation (5.4.4) Risk treatment (5.5) Monitoring and review (5.6) Risk Analysis  Bow Tie Analysis  Event tree  Fault tree  Failure Mode and Effects Analysis (FMEA)  Hazard and Operability Study (HAZOP)  Job Risk Assessment (JRA)  Layers of Protection Analysis (LOPA)  Preliminary Hazard Analysis  Striped Bow Tie Risk Assessment  Structured What-if Technique (SWIFT) Establishing Context  Risk Criteria  Risk Scoring System  Pareto Analysis  Risk Assessment Matrix Establishing the context (5.3) Communication and consultation (5.2) Risk Identification  Brainstorming  Checklists  Delphi Technique  Design Safety Review  Hazard Identification (HAZID)  Nominal Group Technique Process (clause 5) Monitoring and Review  Key Performance Indicators (KPI)  Key Risk Indicators (KRI)  Risk Treatment Tracking  Risk Performance Measurement  Risk Register Risk Treatment  Business Impact Analysis  Cost/Benefit Analysis  Nonfinancial Benefits Analysis  Hierarchy of Controls  Multi-Criteria Analysis Risk Evaluation  As Low As Reasonable Practicable (ALARP)  Risk Heat Map  Risk Indices Figure 1.3, The ISO 31000 Risk Management Process with associated tools adapted and reprinted with permission (Courtesy of the American Society of Safety Engineers) 13 Risk Management Tools for Safety Professionals – Part I, Chapter 1. RM and PtD RISK MANAGEMENT - PRINCIPLES, FRAMEWORK AND PROCESS Internal and external factors that create uncertainty for organizations can also prevent the achievement of certain business objectives. This effect of uncertainty to an organization’s objectives is referred to as ‘risk’ (ANSI Z690.2, 2011). Without a clear picture of the risks facing an organization, it is difficult to make informed decisions on objectives, and the degree of risk the organization is willing to ‘assume in pursuit of those objectives’ (ANSI Z690.2, 2011). Therefore, it is vital that organizations incorporate and integrate a process of managing operational risk within the overall management system. Such systems should encompass strategies for risk assessment and management planning, risk-based decision making, establishing accountabilities, managing and measuring activities, reporting and recording, and risk communication with stakeholders. The ISO 31000:2009 Risk Management standard provides organizations the principles, framework and process for managing risk. The authors, as members of the U.S. Technical Advisory Group for ISO 31000, developed the graphic shown in Figure 1.4 to depict the relationship of these elements. These principles, framework and process elements provide a standardized approach to managing risk and should be studied by those responsible for managing operational risk. For OSH risk professionals, these fundamentals provide a blueprint in assessing and managing operational risks, and are the foundation of the material presented in this manual. 14 Risk Management Tools for Safety Professionals – Part I, Chapter 1. RM and PtD Framework (clause 4) Process (clause 5) Implementation (4.4) Leadership and commitment (4.2) Improvement (4.6) Risk identification (5.4.2) Risk analysis (5.4.3) Risk evaluation (5.4.4) Evaluation (4.5) Monitoring and review (5.6) Design (4.3) Communication and consultation (5.2) Establishing the context (5.3) Risk treatment (5.5) Principles (clause 3) a) Value creation and protection b) Integration c) Structured d) Customized e) Inclusive f) Best available information g) Human and cultural factors h) Continual improvement Figure 1.4, Risk Management Principles, Framework and Process Relationship developed by the authors – adapted from ISO 31000 15 Risk Management Tools for Safety Professionals – Part I, Chapter 1. RM and PtD Risk is managed within an organization to achieve its objectives. It is the primary purpose of managing risk. If objectives are not meet, the organization is at risk of losing market share and value, failing to compete, downsizing or going out of business. Uncertainty of risks can be a significant obstacle to the achievement of certain objectives. To succeed and grow, organizations must be able to reduce uncertainly that impedes decision making and be in a position to successfully achieve their business objectives. This requires sound risk management. Principles The relationships that exist between the principles, framework and process of risk management are illustrated in Figure 1.3. The principles (clause 4) are the foundation on which the framework (clause 5) and process (clause 6) are built as described in the ISO 31000 standard. Both the framework and process are constructed in a plan-do-check-act (PDCA) model for continual improvement, one of the principles cited in clause 4. The eight (8) principles identified in the standard help communicate the intention and purpose of risk management, and enable an organization to manage risk more successfully and meet its objections (ANSI Z690.2, 2011). The principles are briefly described in the following: a) Value creation and protection - Value is created and protected through an organization’s ability to innovate, continually improve performance, and achieve objectives. b) Integration - Integration of risk management into all activities and decision making requires a coordinated effort from stakeholders in the organization to ensure risk is considered in decisions and actions at all levels. 16 Risk Management Tools for Safety Professionals – Part I, Chapter 1. RM and PtD c) Structured - A structured, systematic approach to managing risk helps ensure a more efficient, consistent, reliable and repeatable process, which is vital. d) Customized - The ability to modify and customize the framework and process elements to suit an organization, its culture and structure, internal and external factors is important to the effectiveness of risk management. e) Inclusive - Inclusiveness of stakeholders in risk management ensure ownership and allows for better risk-informed decisions to be made. f) Best available information - Incorporating the best available information into the process of managing risk enables decision makers to better anticipate and take proper action. g) Human and cultural factors - Human behavior as well as the organization’s values, perceptions, beliefs, attitudes, intentions and capabilities influence risk management at all levels. h) Continual improvement - Management of risk should facilitate continual improvement through organizational performance, continued learning and experience. Finally, risk management should be fluid, dynamic and responsive in managing new emerging or changing risks as well as existing risks that an organization encounters. Framework A risk management framework, based on the aforementioned principles, exists to provide organizational structure for leadership, process design, implementation and monitoring, evaluation and continual improvement of the risk management process. It assists an organization in the integration of risk management into all activities, decisions and actions. 17 Risk Management Tools for Safety Professionals – Part I, Chapter 1. RM and PtD Leadership and Commitment - As with all management system structures the most critical elements to the framework are leadership and commitment – without which the remaining elements are ineffective. An organization’s genuine commitment and leadership are central to the framework and can be demonstrated by an organization through some of the following actions:  establishment of defined policies for risk management which are aligned with the organization’s culture;  determination of key performance indicators;  alignment of risk management objective with the organization’s objectives;  consideration of regulatory, legal and voluntary obligations  assignment of authority, responsibilities and accountabilities within the organization;  allocation of necessary resources for risk management;  effective communication with the organization and its stakeholder in the value of risk management;  assessment of progress in the achievement of risk management objectives. Design – To begin, the organization should gain understanding of its external and internal context. This may include evaluation of the political, legal, social, regulatory, financial technological and competitive environment the organization operates within. Other factors may include relationships with external stakeholders, their perceptions, expectations and values, contractual agreements, or other factors that affect the organization’s objectives. Internal context may include the organization’s own structure, overall vision, mission, and objectives, culture, management system, as well as the perceptions and values of internal stakeholders. 18 Risk Management Tools for Safety Professionals – Part I, Chapter 1. RM and PtD Once an understanding of the organization and its context is established, leadership should clearly define and communicate a risk management policy. The policy should include the organization’s philosophy and reasoning, linkage to objectives, responsibilities and accountabilities throughout the organization, commitment of resources, measurement of performance, communication with stakeholders, and commitment to continual improvement. The policy should be effectively communicated with internal and external stakeholders as appropriate. Assignment of roles, responsibilities and authorities for risk management duties for all levels of the organization should be made and communicated. Those given responsibilities should also be provided adequate education, training and resources to enable their performance of their risk management tasks successfully. Integration of risk management into all organizational decisions and actions should be designed into the framework. As part of the decision-making process, management should consciously take into account the potential risks of any decision made to determine whether the risks are acceptable. Methods for effective communication of risk management should be established within the organization. Management should ensure that risk-based information and feedback are exchanged with internal and external stakeholders as appropriate on a timely basis. An implementation strategy for the risk management framework should be developed to ensure affected stakeholders clearly understand the timing, method, and meanings to be employed. Communication throughout the implementation process is crucial. 19 Risk Management Tools for Safety Professionals – Part I, Chapter 1. RM and PtD Once implemented, an evaluation process should be established. The process should be objective and consistent to provide the organization accurate data. Periodic measurement of key performance indicators (KPIs) and key risk indicators (KRIs) should be made and compared to the initial baseline, with the results communicated to stakeholders. Improvement - As the organization operates and adapts to its operating environment, there is often times a need to make modifications and improvements. The framework should be designed to adapt to any changes in the organization and continually improve. This requires the use of monitoring the internal and external factors affecting objectives, and the use of feedback, auditing, observations and other means of gathering information. Identified gaps, weaknesses, as well as improvements should be acknowledged, addressed and incorporated into action plans to further the overall improvement and maturity of the organization’s risk management. Process The risk management process is the systematic application of policies, procedures and practices for activities involving communication, establishing context, assessing risk (identifying, analyzing and evaluating risk), treating risk, monitoring and reviewing, and reporting and recording. Each of these process elements along with select tools and methods will be covered in the balance of this manual. PREVENTION THROUGH DESIGN In this manual, the concept of prevention through design (PtD) is woven into the concepts, elements and tools of the risk management process. The authors believe that it is vitally important to consider managing risk from the beginning stages of design throughout the system’s 20 Risk Management Tools for Safety Professionals – Part I, Chapter 1. RM and PtD life span to decommission and disposal. This is a relatively new concept that OSH risk professions and some organizations are beginning to explore and champion. To put into the proper context, the ANSI Z590.3-2011 (R2016) Prevention through Design standard is written to address occupational safety and health risks over the entire life cycle of a system. This more pinpointed focus aligns with OSH risk professional’s roles in assessing and managing workplace exposures. The ISO 31000 standards on the other hand, are written from a much broader perspective and designed to address all types of risks including those that have negative and/or positive consequences with the ultimate purpose of reducing uncertainly and enabling an organization to achieve its objectives. Therefore, ISO 31000 provides the risk management platform that the risk assessment and Prevention through Design process operates within which is illustrated in Figure 1.5. Figure 1.5, Relationship between ISO 31000 and ANSI Z590.3 21 Risk Management Tools for Safety Professionals – Part I, Chapter 1. RM and PtD The Beginnings of Prevention through Design In 1994, a Position Paper was released by the American Society of Safety Engineers (ASSE) to promote the relatively new concept of “Designing For Safety”. A year later, the National Safety Council established the Institute for Safety through Design which was formed to advance the integration of hazard analysis and risk assessment into the design stage. Some of this work lead to the 2007 launch of the Prevention through Design (PtD) initiative by the National Institute for Occupational Safety and Health (NIOSH). The research developed through the Institute, the National Safety Council and NIOSH helped pave the way for the Prevention through Design concepts now used (Popov, Lyon, Hollcroft, 2016). In 2009, the Technical Report ASSE TR-Z790.001-2009 Prevention through Design Guidelines for Addressing Occupational Risks in Design and Redesign Processes was released. Shortly after, the ANSI/ASSE Z590.3-2011 Prevention through Design – Guidelines for Addressing Occupational Hazards and Risks in Design and Redesign Processes standard was released. This standard, developed to provide consistent procedures for addressing occupational hazards and risks in the design and redesign processes, is considered foundational to the practice of safety, and was reaffirmed in 2016. PtD Concepts and Application ANSI/ASSE Z590.3-2011(R2016) is the first standard to address risk assessment in the design and redesign phase. It provides a framework for implement risk assessment concepts within the various phases of a system’s life span including conception, design, redesign, 22 Risk Management Tools for Safety Professionals – Part I, Chapter 1. RM and PtD construction, manufacture, use, maintenance, decommission and disposal. ANSI/ASSE Z590.32011(R2016) defines prevention through design as follows: Prevention through Design. Addressing occupational safety and health needs in the design and redesign process to prevent or minimize the work-related hazards and risks associated with the construction, manufacture, use, maintenance, retrofitting, and disposal of facilities, processes, materials, and equipment. (ANSI/ASSE Z590.32011(R2016)) The stated goals of Z590.3 are to 1) achieve acceptable risk levels, 2) prevent or reduce risks that produce injuries and illnesses, and 3) reduce the need for retrofitting to address hazards and risks not addressed in the design or redesign phases. The PtD standard is based on the risk reduction hierarchy of controls concept shown in Figure 1.6 that theorizes the most effective and reliable controls come from higher level measures which are avoidance, elimination, substitution and reduction of hazard through proper design of the system. This concept also promotes cost efficiency in controlling hazards and risks. Fundamentally, and practically, it makes the most sense to avoid a problem rather than allow it to exist and try to manage it. This is the concept of prevention through design. (Popov, Lyon, Hollcroft, 2016) 23 Risk Management Tools for Safety Professionals – Part I, Chapter 1. RM and PtD Most Preferred Least Preferred Risk Avoidance: Prevent entry of hazards into a workplace by selecting and incorporating appropriate technology and work methods criteria during the design processes. Eliminate: Eliminate workplace and work methods risks that have been discovered. Substitution: Reduce risks by substituting less hazardous methods or materials. Engineering Controls: Incorporate engineering controls/safety devices. Warning: Provide warning systems. Administrative Controls: Apply administrative controls (the organization of work, training, scheduling, supervision, etc.). Personal Protective Equipment: Provide Personal Protective Equipment (PPE). Figure 1.6. Risk Reduction Hierarchy of Controls reprinted with permission from ANSI/ASSE Z590.3-2011(R2016) (Courtesy of the American Society of Safety Engineers) PtD concepts can be applied in any occupational setting and at various stages of a system’s life. There are four major stages identified in Z590.3 which are: 1. Pre-operational – conceptual, initial planning, design, specification, prototyping, construction phases which offer the greatest degree of control and lowest costs. 2. Operational – production, maintenance, redesign, modification, addition, and other activities related to the operational phase of a system. Hazards and risk are identified and evaluated with control measures taken through redesign initiatives or work method changes before incidents occur. 3. Post-incident – following incidents such as injuries, illnesses, fatalities, property damage, equipment failure, product failure, non-injury incidents and other unwanted events. 24 Risk Management Tools for Safety Professionals – Part I, Chapter 1. RM and PtD Investigations and analysis of causal factors to determine appropriate interventions to reduce recurrence or control similar exposures to an acceptable risk level. 4. Post-operational – end of life, decommission, reuse, demolition, and/or disposal of a system. Hazards and risk are identified/anticipated and evaluated with control measures taken through redesign initiatives or work method changes before incidents occur. Management Policy and Responsibilities Similar to ISO 31000, the PtD standard outlines requirements for establishing policy, and assigning roles and responsibilities for carrying out prevention through design. Management should begin with defining a policy and implementing a process to incorporate risk reduction in the design and redesign processes. The standard states that the policy and process should be designed to include the following:  Hazards should be anticipated, identified, and evaluated to avoid, eliminate or substitute less hazardous components.  A consistent hazard analysis and risk assessment process should be implemented to address identified hazards.  Hazards and their risks should be reduced using the risk reduction hierarchy of controls approach to achieve acceptable risk levels.  The risk assessment process should include knowledgeable, skilled stakeholders close to the hazards and risks.  The process should be monitored by stakeholders for effectiveness and continual improvement.  Systems for recording and reporting results during design reviews should be used. 25 Risk Management Tools for Safety Professionals – Part I, Chapter 1. RM and PtD Responsibilities should be defined within the organization to address opportunities to prevent or reduce risk when: 1) new facilities, processes, equipment, technologies, and materials are planned, designed, acquired, or installed; 2) changes or additions are planned for existing facilities, processes, equipment, technologies, or materials; 3) during incident investigations and selection of corrective actions; and 4) when demolition, decommissioning or reusing/rebuilding operations are planned. The organization should establish and communicate to stakeholders its acceptable risk levels and goal to achieve such levels during conceptual design and redesign phases. Acceptable risk levels should be the basis for an organization’s overall occupational safety and health goals and objectives. For hazards that cannot be totally avoided or eliminated during design, the organization should establish ‘acceptable risk targets’ that assist in the design and selection of risk control alternatives. The organization’s established policies and procedures should ensure the design process incorporates input from affected stakeholders including designers and engineering, procurement, quality, legal, risk management, safety and health, maintenance, supervisors, operations personnel, as appropriate. Assurance that personnel skilled and experienced in performing risk assessments are utilized in the design process should be made by the organization. The standard also calls for communication plans that include design safety specifications, use of risk assessment and risk-based decision making as part of the prevention through design process. Relationships with Suppliers A unique component of the Z590.3 standard is the inclusion of measures for affected contractors, suppliers and vendors involved in new designs, equipment, and construction, 26 Risk Management Tools for Safety Professionals – Part I, Chapter 1. RM and PtD changes in processes, materials and technology. Many catastrophic incidents have occurred as a result of outside contractors and suppliers that were not properly managed by the organization. Some of these requirements stated in the standard which should be considered by the organization include:  communication with suppliers, engineers, and contractors to reach agreement on expectations related to their management of risk through designs, methods, technologies and materials;  written safety and health performance specifications in procurement documents, purchase orders and contracts;  use of risk assessment to achieve an acceptable risk level;  inspections and test protocols during factory acceptance, site acceptance, and/or commissioning;  visits to suppliers to verify safety specifications are met prior to purchase/delivery;  and procedures for ongoing testing and maintenance of systems. Design Safety Reviews The greatest opportunity for reducing risk is achieved by anticipating, identifying, assessing, and controlling risks during the design and redesign phase. This process is sometimes referred to as a design safety review. The standard includes this important management tool for integrating safety into the design process and provides guidance on the subject. A design safety review process is most effective early in the design stage. Top management should establish the organization’s policies, roles and responsibilities for conducting design safety reviews. Some of these requirements stated in the standard include: 27 Risk Management Tools for Safety Professionals – Part I, Chapter 1. RM and PtD  A designated design safety review manager or person in charge appointed to manage the process and coordinate the review.  A review team consisting of qualified and affected stakeholders designated by management to perform design safety reviews.  Policy outlining how, when and to what degree design safety reviews will be performed including the risk assessment methods used.  Appropriate safety requirements and specifications incorporated into the design process.  Designers held accountable for adhering to established safety specifications in the design, unless the deviation has been reviewed, approved and documented by management as meeting acceptable risk levels.  Procedures requiring a written certification signed by the lead design professional verifying that the design safety review has been completed. For further information, Addendum E of ANSI Z590.3 and Chapter 4 of this manual provide a summary of the safety design review method. Through the application of PtD concepts, organizations can manage risks much more effectively and efficiently. Decision makers that understand the value of designing out hazards rather than working around them will be more successful for their organizations. PtD Hazard Analysis and Risk Assessment Process Like the ANSI Z690.2 Risk Management and ANSI Z690.3 Risk Assessment Techniques standards, Z590.3 addresses the same fundamental steps in risk assessment. However, there are some important distinctions between the two. The ANSI Z690 standard addresses the 28 Risk Management Tools for Safety Professionals – Part I, Chapter 1. RM and PtD management of all types of risk (including those with positive results as well as those with negative consequences) in a much broader sense with the purpose of reducing uncertainly and achieving an organization’s objectives. Z590.3 is focused on the assessment and control of hazard-derived risks through design and the use of the hierarchy of controls within the lifecycle of a system to achieve acceptable risk. The heart of the prevention through design process involves a ‘hazard analysis and risk assessment’ methodology which closely aligns with the ISO 31000 risk management process model represented in Figure 1.7. Note that ‘Communication and consultation’ (6.2) and ‘Monitoring and review’ (6.6) in ISO 31000 are connected to and involved with all elements of the risk management process. 29 Risk Management Tools for Safety Professionals – Part I, Chapter 1. RM and PtD 1) Data gathering – Injury and protective data Process (clause 5) 2) Set scope or Limits of Assessment 3) Develop and charter risk reduction team Establishing the context (5.3) Risk identification (5.4.2) Risk analysis (5.4.3) Risk evaluation (5.4.4) 4) Identify task and hazards 5) Assess risk – Initial risk scoring system Monitoring and review (5.6) Communication and consultation (5.2) Reevaluate tasks and hazards 6) Reduce risk – Hazard control hierarchy Identify current controls Test/verify current controls Identify new controls 7) Assess Risk – residual risk scoring system No Residual risk acceptable? Yes 8) Results/Documentation Risk treatment (5.5) Evaluation complete 10) New hazard ID ISO 31000 9) Controls measurement system ANSI Z590.3 Figure 1.7, Alignment of ISO 31000 and the ANSI/ASSE Z590.3 Risk Assessment Process Management Direction - As in ISO 31000, the PtD standard emphasizes the importance of management leadership and direction. Throughout the process, top management must set the policy and expectations for planned designs and the need to achieve acceptable risk levels. Some of the policy elements include establishment of the risk assessment matrix and analysis parameters; implementation of a risk assessment process; application of risk treatment methods using the hierarchy of controls; risk acceptance decision making; and communication, documentation and follow-up. 30 Risk Management Tools for Safety Professionals – Part I, Chapter 1. RM and PtD Risk Assessment Matrix – The standard notes that a risk assessment matrix provides a means of establishing and comparing risk by categorizing combinations of probability of occurrence and severity of harm. They are helpful in communicating risk levels and discussing risk treatment options with decision makers. Each organization should establish a risk assessment matrix or other validated process that is suitable and agreed upon by the stakeholders. Analysis Parameters – For each analysis, the parameters and scope should be well defined including the process, product, project, or task to be analyzed, the context of the analysis, boundaries and limitations, operating phase, resources, and affected stakeholders. Hazard Identification – Stakeholders trained in the anticipation and recognition of hazards and their mitigation are needed in the process. This requires an understanding of technologies, activities, and characteristics (equipment, technology, processes, materials, chemicals, etc.) or actions or inactions of people that could result in exposure or unwanted energy release. A systems approach, treating each hazard independently, as well as their synergistic effects should be applied with the intent of achieving acceptable risks for all. Special attention should be given to anticipating and uncovering hidden hazards or hazards that can be later created but not initially recognized. Failure Modes – According to the standard, potential failure modes resulting from credible circumstances that could result in hazardous situations shall be considered, including the reasonably foreseeable uses and misuses of facilities, materials, and equipment. In addition, any existing controls should be taken into account as to their effectiveness, reliability and whether the condition of controls can cause failures, or be easily defeated. 31 Risk Management Tools for Safety Professionals – Part I, Chapter 1. RM and PtD Severity Analysis - The worst credible consequences (defined in Z590 as ‘an incident that has the potential to occur within the lifetime of the system’) should be considered rather than the worst conceivable risk (an incident that could occur, but probably will not occur, within a system’s lifetime). Historical data, past experience and best engineering practices that provide objective information regarding injuries or illnesses and their severity, property or equipment values, potential business interruption, environmental damage, or market share loss can be used. Probability Analysis – Following severity analysis of a hazard, an estimate of the likelihood or probability of its occurrence should be determined. Occurrence analysis may include the frequency and duration of exposure, or dose response and exposure assessments, and is typically related to an interval base such as a unit of time, activity, events, units produced, or life cycle of a facility, machine, material, process, or product. Initial Risk – Using the selected risk assessment criteria and matrix to categorize the hazard’s severity and probability risk levels, the initial risk is evaluated and determined. The initial risk evaluation should take into account any existing controls for the hazard’s occurrence or severity. Risk Reduction and Control Methods – If the initial risk evaluation indicates the risk requires further risk reduction, the hierarchy of controls model is used to select possible risk reduction measures. The PtD model lists, in descending order of effectiveness and preference; 1) risk avoidance, 2) elimination, 3) substitution, 4) engineering controls, 5) warning, 6) administrative controls, and 7) personal protective equipment. Prioritizing risks for reduction, and a system to track risk reduction measures for effectiveness should be included in the process. 32 Risk Management Tools for Safety Professionals – Part I, Chapter 1. RM and PtD Residual Risk – Following the risk reduction measures, a second assessment is made to determine the remaining risk known as ‘residual risk. If the residual risk is not acceptable, further risk reduction measures are applied where feasible until the risk is considered acceptable to the organization. As the standard states, ‘if an acceptable risk level cannot be achieved, operations shall not continue, except in unusual and emergency circumstances or as a closely monitored and limited exception circumstance with approval of the person having authority to accept the risk’. Risk Acceptance – Based on the organization’s defined ‘acceptable risk levels’, decision makers will determine whether the risk is acceptable or if further action is required. In certain situations, higher risks may be tolerated temporarily until risk measures can be implemented. Documentation – Pertinent information such as details on assessment team, dates, methods, hazards and risks identified, measures taken to reduce risk, and other related information should be recorded by the organization conducting the assessment. Follow Up – Effectiveness and reliability of implemented control measures should be evaluated to determine if the risk was adequately reduced, that no new hazards were created, or if additional measures are needed. If it is determined the risk level is not acceptable, or that unintended consequences were introduced by the control measures, the organization should take steps to reassess the risk and consider other risk reduction measures. Hazard Analysis and Risk Assessment Techniques in PtD Each organization should select and apply risk assessment methods suitable to its needs and provide training in those methods to stakeholders involved in the process. The Z590.3 standard 33 Risk Management Tools for Safety Professionals – Part I, Chapter 1. RM and PtD identifies eight common techniques for hazard analysis and risk assessment in its Addendum G. Those methods are:  Preliminary Hazard Analysis (PHA),  What-If Analysis,  Checklist Analysis,  What-If/Checklist Analysis,  Hazard and Operability Analysis (HAZOP),  Failure Mode and Effects Analysis (FMEA),  Fault Tree Analysis (FTA), and  Management Oversight and Risk Tree (MORT). As the standard further suggests, most situations and risks can be adequately assessed using three primary methods which are the Preliminary Hazard Analysis, What-If/Checklist Analysis, and Failure Mode and Effects Analysis. In some cases, a combination of techniques is used to adequately assess and communicate risks to stakeholders. ANSI/ASSE Z10-2012 (R2017) A key component of the ANSI Z10 Occupational Health and Safety Management Systems standard, is the requirement that a risk assessment process be established. Similar to other management system standards, its purpose is to provide a structured, systematic approach that enables an organization to control its OSH risks and improve performance. Z10 defines a safety management system as ‘a set of interrelated elements that establish and/or support occupational health and safety policy and objectives, and mechanisms to achieve those objectives in order to continually improve occupational health and safety’ (ANSI Z10-2012 (R2017)). In other words, 34 Risk Management Tools for Safety Professionals – Part I, Chapter 1. RM and PtD Z10 directs organizations to manage occupational safety risks as they do other elements in their business to achieve their objectives. The ANSI Z10 standard, originally published in 2005, revised in 2012, and reaffirmed in 2017 contains requirements for managing risk through risk assessment, the use of hierarchy of controls, designing in safety, procurement and management of change. The most recent version of Z10- 2012 (R2017) emphasizes risk assessment in sections 4.2 Assessment and Prioritization, 5.1.1. Risk Assessment, and Appendix F. Risk Assessment (informative). Included in the Appendix F are several example methods used in risk assessment including brainstorming, checklists, risk assessment matrix and consequence and probability matrix. Even though there are numerous methods and variations, all are based on the same fundamental process: hazard/risk identification, risk analysis and risk evaluation A comparison of listed hazard analyses and risk assessment methods in ISO 31010, ANSI Z590.3 and ANSI Z10 standards is shown in Table 1.1. Of these methods, the checklist method is the only one listed in all three standards. Several techniques are listed in at least two of these standards including design reviews, brainstorming, preliminary hazard analysis (PHA), what-if analysis, hazard and operability studies (HAZOP), failure mode and effects analysis (FMEA), fault tree analysis, consequence/probability matrix and risk assessment matrix (Lyon, Popov, 2016). 35 Risk Management Tools for Safety Professionals – Part I, Chapter 1. RM and PtD ISO 31010/ANSI Z690.3-2011 ANSI Z590.3-R2016 PtD Design Safety Review ANSI Z10-R2017 Design Review Risk Assessment Matrix Risk Assessment Matrix Management Oversight and Risk Tree MORT What-if / Checklist Analysis B.1 Brainstorming Brainstorming B.2 Structured / Semi Structured Interviews B.3 Delphi B.4 Checklists Checklists B.5 Preliminary Hazard Analysis Preliminary Hazard Analysis B.6 Hazard and Operability Studies Hazard and Operability Studies B.7 B.8 Hazard Analysis and Critical Control Points (HACCP) Toxicity Assessment B.9 Structured What-if Analysis B.10 Scenario Analysis B.11 Business Impact Analysis B.12 Root Cause Analysis B.13 Failure Mode Effects Analysis (FMEA); Failure Mode Effects and Critical Analysis (FMECA) Failure Mode and Effects Analysis B.14 Fault Tree Analysis Fault Tree Analysis B.15 Event Tree Analysis B.16 Cause and Consequence Analysis B.17 Cause and Effect Analysis B.18 Layers of Protection Analysis B.19 Decision Tree Analysis B.20 Human Reliability Analysis B.21 Bow Tie Analysis B.22 Reliability Centered Maintenance B.23 Sneak Analysis and Sneak Circuit Analysis B.24 Markov Analysis B.25 Monte Carlo Simulation B.26 Bayesian Statistics and Bayes Nets B.27 FN Curves B.28 Risk Indices B.29 Consequence / Probability Matrix B.30 Cost/Benefit Analysis (CBA) B.31 Multi-Criteria Decision Analysis Checklists What-if Analysis Consequence / Probability Matrix 36 Risk Management Tools for Safety Professionals – Part I, Chapter 1. RM and PtD Table 1.1 Comparison of hazard analysis and risk assessment methods listed in ISO 31010, ANSI Z590.3, and ANSI Z10 SUMMARY As organizations become more risk-centric, OSH risk professionals will be expected to have sufficient skills in selecting and applying occupational risk management tools. They will be expected to understand and apply the hierarchy of controls concept to achieve an acceptable risk level. Risk elimination and reduction will be incorporated into designs, and throughout a system’s life span. Knowledge and skill in these concepts as well as a firm understanding of occupational risk management systems such as ISO 45001 and ANSI Z10 will be required by organizations. The concepts, tools and case studies in this manual are designed to help prepare the OSH risk professional for these changing expectations and developing trends. 37 Risk Management Tools for Safety Professionals – Part I, Chapter 1. RM and PtD References ANSI/ASIS/RIMS RA.1-2015. Risk Assessment. Alexandria, VA: ASIS International and The Risk and Insurance Management Society, Inc., 2015. ANSI/ASSE/AIHA Z10-2012 (R2017). American National Standard—Occupational Health and Safety Management Systems. Fairfax, VA:. American Society of Safety Engineers, 2017 ANSI/ASSE Z590.3-2011 (R2016). Prevention through Design: Guidelines for Addressing Occupational Hazards and Risks in Design and Redesign Processes. Des Plaines, IL: American Society of Safety Engineers, 2016. ANSI/ASSE Z690.1-2011. American National Standard - Vocabulary for Risk Management. Des Plaines, IL: American Society of Safety Engineers, 2011. ANSI/ASSE Z690.2-2011. American National Standard – Risk Management Principles and Guidelines. Des Plaines, IL: American Society of Safety Engineers, 2011. ANSI/ASSE Z690.3-2011. American National Standard - Risk Assessment Techniques. Des Plains, IL: American Society of Safety Engineers, 2011. ANSI B11.0-2015. Safety of Machinery. Houston, TX: B11 Standards, 2015. ASSE’s Risk Assessment Institute website (http://www.oshrisk.org/videos/) BS OHSAS 18001:2007. Occupational health and safety Management systems—Requirements. London, UK: British Standards Institution (BSI), 2007 38 Risk Management Tools for Safety Professionals – Part I, Chapter 1. RM and PtD ILO-OSH 2001. Guidelines on occupational safety and health management systems. Geneva, Switzerland. International Labour Office, 2001. Main, Bruce, W. Risk Assessment: Challenges and Opportunities. Ann Harbor, MI: Design Safety Engineering, Inc., 2012. Manuele, Fred. A., Advanced Safety Management: Focusing on Z10 and Serious Injury Prevention. Hoboken, NJ: Wiley, 2008. MIL-STD-882E. Standard Practice for System Safety. Washington, DC: Department of Defense, 2012. OSHA. (2003). Voluntary protection programs: Policies and procedures manual. Washington, DC: U.S. Department of Labor, Author. Retrieved from www.osha.gov/ OshDoc/Directive_pdf/CSP_03-01-003.pdf Popov, G., Lyon, B., Hollcroft, B., Risk Assessment: A Practical Guide to Assessing Operational Risks. Hoboken, NJ: Wiley, 2016 Risk Assessments – Top 10 Pitfalls & Tips for Improvement, Bruce K. Lyon and Bruce Hollcroft, Professional Safety, December 2012, American Society of Safety Engineers The Art of Assessing Risk – Selecting, Modifying and Combining Methods to Assess Operational Risks, Bruce K. Lyon and Georgi Popov, Professional Safety, March 2016, American Society of Safety Engineers 39 Risk Management Tools for Safety Professionals – Part I, Chapter 1. RM and PtD The Institutes, Quadrants of Risk: Hazard, Operational, Financial, and Strategic. Retrieved from https://www.theinstitutes.org/comet/programs/arm/assets/arm54-chapter.pdf The Risk Management Society (RIMS), What is ERM? Retrieved from https://www.rims.org/resources/ERM/Pages/WhatisERM.aspx Risk Management Tools for Safety Professionals – Part I, Chapter 1 RISK MANAGEMENT METHODS AND TOOLS Chapter 1 – Risk Management and Prevention through Design Authors: Bruce K. Lyon, P.E., CSP, ARM, CHMM Georgi Popov, Ph.D., CSP, QEP, SMS, ARM, CMC Chapter 1: INTRODUCTION • The safety profession has evolved and experienced significant change during the past 40 years. Prior to the United States (U.S.) Occupational Safety and Health Act, workrelated injuries and illnesses were common and viewed as the norm among many organizations. Amputations, respiratory problems and hearing loss, ergonomicsrelated disabilities and even fatalities were accepted as a part of doing business. The role of safety was basically non-existent. In 1970, the enactment of the OSH Act created a demand for occupational safety and health (OSH) professionals to assist organizations comply with the many newly implemented workplace safety and health regulations. The OSHA regulations provided a foundation for worker protection and greatly defined the OSH professionals’ role for decades. However, a transformation is underway within the profession. • Once confined to traditional and often times reactionary activities such as regulatory compliance, accident investigation and reporting, safety programs development, safety training, worksite inspections, and safety equipment selection, OSH professionals are beginning to engage in more proactive, risk-based practices. Chapter 1: The Sources of Risk • Risk is described as the effect of uncertainty by the ISO 31000:2009 Risk Management Standard (adopted by ANSI/ASSE Z690.2 in 2011). As the role of the OSH professional continues to evolve, it is important to recognize the different sources of risk, and their relationship and effects upon an organization. • The American Institute For Chartered Property Casualty Underwriters known as ‘The Institutes’ refers to these risk source categories as the ‘risk quadrants’ (The Institutes, 2017). The risk quadrants are known as operational risk, hazard risk, financial risk and strategic risk. Chapter 1: The Sources of Risk • Operational risks and hazard risks are considered ‘pure’ risks – those that can only result in loss or negative outcomes – and are the primary risks that OSH professionals manage or control. Financial and strategic risks are ‘speculative’ risks which have the possibility of either a positive or negative outcome. ‘Pure’ risks are typically insurable since they only involve the chance of loss while ‘speculative’ risks are not. Figure 1.1 represents the four quadrants of risk. Pure Risk Speculative Risk Hazard Risk Financial Risk Operational Risk Strategic Risk Figure 1.1, The Four Quadrants of Risk Chapter 1: The Sources of Risk • In the course materials for the Associate in Risk Management (ARM) designation, The Institutes describe the ‘risk quadrants’ as follows: • Hazard Risk - Risks that are derived from property, liability, or personnel loss exposures and are generally insurable. • Operational Risk – Risks that are derived from people or a failure in processes, systems, or controls including information technology (IT) related exposures. Both hazard and operational risks are closed aligned and interrelated, and are often managed as such. • Financial Risk – Risks derived from the effect of market forces or financial assets or liabilities and include market risk, credit risk, liquidity risk, and price risk. • Strategic Risk – Risks derived from trends in the economy and society, including changes in economic, political, and competitive environments, as well as from demographic shifts. Chapter 1: The Sources of Risk • Risk sources have the potential of falling into more than one category or quadrant, and can also impact other types of risks with in an organization – causing a cascade effect. • For instance, a product release or spill initially effects the operational aspect of the organization as a loss of product and temporary business interruption risk. • If the product is hazardous, the operational risk turns into a safety, health and environmental risk – a hazard risk. And depending upon the scale and severity of the operational and hazard risks, the event may lead to significant financial loss - a financial risk - and possibly damage the organization’s reputation – a strategic risk. Chapter 1: The Sources of Risk • Enterprise Risk Management (“ERM”) is a strategic business discipline that supports the achievement of an organization’s objectives by addressing the full spectrum of its risks and managing the combined impact of those risks as an interrelated risk portfolio (RIMS, 2017). • Organizations seek to manage risk exposures across all parts of their business so that, at any given time, they incur just enough of the right kinds of risk—no more, no less—to effectively pursue strategic goals (COSO, 2012). The OSH professional is trained to look at hazards and risks associated with operational activities that produce negative consequences. • Businesses must balance both the negative risks as well as the opportunities and positive risks they face. Chapter 1: The Sources of Risk • Interdependencies and Synergistic Effects • ERM risks are interdependent. • Key interdependencies exist between hazard risks, operational risk, financial risk, and strategic risk. • Each of these major interdependent categories is comprised of sub-risk categories. In addition, the synergistic effect of risk exposures could pose greater risk that the sum of individual hazards and risks. • The regulatory fines related to OSH risks may be considered acceptable form a financial prospective, but may not be acceptable from and ERM prospective due to strategic risk and potential reputational damage. Such risks may be misunderstood or underestimated. For instance, OSH risk may lead to financial losses, operational interruptions, and regulatory issues if the function is not properly integrated into ERM process. Chapter 1: The Sources of Risk • Improperly managed OSH risks may lead to operations shut down due to incident investigations, resulting in financial losses, failure to fulfil orders, insurance premiums increase and reputational damage. • Unfortunately, considerable number of organizations use different systems and methodologies to manage different risks. • OSH function may utilize risk assessment and risk management methodologies that are not familiar to business managers. • OSH managers may not be fully familiar with business risk assessment and risk management practices and tools. • Hence, the need for integration. Chapter 1: The Sources of Risk • Benefits of OSH Function and ERM Integration • ERM requires an integrated risk organization. While many companies now have a Chief Risk Officer (CRO), they are often aligned to financial or internal audit functions far removed from operational and strategic risk domains where OSH professionals feel comfortable. • This progression from OSH risk to Operational, Financial, Business and Strategic risk offers the OSH professionals the opportunity to integrate OSH risk management into the ERM process. Chapter 1: The Sources of Risk • Risk Management and the OSH Professional • In an effort to better prepare for the changes occurring in the profession, this manual provides guidance for selecting, modifying and combining risk management methods and tools. • It is largely shaped by significant events in recent years that give greater prominence to risk assessment and the risk management process. • Review Chapter 1 for details. Chapter 1: The Sources of Risk • MANUAL CONTENTS • For the OSH risk professional, this manual is intended to provide instructive guidance in selecting, modifying, and applying fundamental risk management tools and Prevention through Design concepts. • It is divided into three parts: • Part I – The Risk Management Methods and Tools contains instructional steps for common risk management tools used by safety professional; • Part II – STRATEGIES FOR SELECTING, MODIFYING AND COMBINING RISK MANAGEMENT METHODS provides strategies used to select, customize, optimize and combine methods to provide the risk-based information needed by the safety professional ; and • Part III – PRACTICAL EXAMPLES AND CASE STUDIES OF RISK MANAGEMENT METHODS AND TOOLS from the field are used to help demonstrate the use of tools. Process (clause 5) Chapter 1: The Sources of Risk Risk identification (5.4.2) Risk analysis (5.4.3) Risk evaluation (5.4.4) Risk treatment (5.5) Monitoring and review (5.6) Communication and consultation (5.2) Establishing the context (5.3) • Note: For the purposes of this manual, the authors use ISO 31000 when referring to ISO 31000:2009/ANSI/ASSE Z690.2–2011 Risk Management Standard, and ISO 31010 when referring to ISO 31010:2009/ANSI/ASSE Z690.3-2011, Risk Assessment Techniques. Figure 1.2, ISO 31000 Risk Management Process reprinted with permission (Courtesy of the American Society of Safety Professionals (ASSP)) Chapter 1: The Sources of Risk Risk Communication ➢ Plan-Do-Check-Act Model ➢ Risk-based Decision Making ➢ Risk Assessment Triggers Risk identification (5.4.2) Risk analysis (5.4.3) Risk evaluation (5.4.4) Risk treatment (5.5) Risk Evaluation ➢ As Low As Reasonable Practicable (ALARP) ➢ Risk Heat Map ➢ Risk Indices Monitoring and review (5.6) Risk Analysis ➢ Bow Tie Analysis ➢ Event tree ➢ Fault tree ➢ Failure Mode and Effects Analysis (FMEA) ➢ Hazard and Operability Study (HAZOP) ➢ Job Risk Assessment (JRA) ➢ Layers of Protection Analysis (LOPA) ➢ Preliminary Hazard Analysis ➢ Striped Bow Tie Risk Assessment ➢ Structured What-if Technique (SWIFT) Establishing Context ➢ Risk Criteria ➢ Risk Scoring System ➢ Pareto Analysis ➢ Risk Assessment Matrix Establishing the context (5.3) Communication and consultation (5.2) Risk Identification ➢ Brainstorming ➢ Checklists ➢ Delphi Technique ➢ Design Safety Review ➢ Hazard Identification (HAZID) ➢ Nominal Group Technique Process (clause 5) Monitoring and Review ➢ Key Performance Indicators (KPI) ➢ Key Risk Indicators (KRI) ➢ Risk Treatment Tracking ➢ Risk Performance Measurement ➢ Risk Register Risk Treatment ➢ Business Impact Analysis ➢ Cost/Benefit Analysis ➢ Nonfinancial Benefits Analysis ➢ Hierarchy of Controls ➢ Multi-Criteria Analysis • Within each process step, select tools and methods commonly used by OSH risk professionals are presented and discussed as shown in Figure 1.3. Many other methods are available as indicated in ANSI/ASSE Z690.3 – 2011 Risk Assessment Techniques standard (adopted from ISO 31010:2009), and should be considered where appropriate. Figure 1.3, The ISO 31000 Risk Management Process with associated tools adapted and reprinted with permission (Courtesy of the ASSP) Chapter 1: The Sources of Risk • RISK MANAGEMENT - PRINCIPLES, FRAMEWORK AND PROCESS • Internal and external factors that create uncertainty for organizations can also prevent the achievement of certain business objectives. This effect of uncertainty to an organization’s objectives is referred to as ‘risk’ (ANSI Z690.2, 2011). • Without a clear picture of the risks facing an organization, it is difficult to make informed decisions on objectives, and the degree of risk the organization is willing to ‘assume in pursuit of those objectives’ (ANSI Z690.2, 2011). • It is vital that organizations incorporate and integrate a process of managing operational risk within the overall management system. Such systems should encompass strategies for risk assessment and management planning, risk-based decision making, establishing accountabilities, managing and measuring activities, reporting and recording, and risk communication with stakeholders. Chapter 1: The Sources of Risk Framework (clause 4) Process (clause 5) Implementation (4.4) Leadership and commitment (4.2) Improvement (4.6) Evaluation (4.5) Risk identification (5.4.2) Risk analysis (5.4.3) Risk evaluation (5.4.4) Monitoring and review (5.6) Design (4.3) Communication and consultation (5.2) Establishing the context (5.3) Risk treatment (5.5) Principles (clause 3) a) Value creation and protection b) Integration c) Structured d) Customized • RISK MANAGEMENT - PRINCIPLES, FRAMEWORK AND PROCESS • The ISO 31000:2009 Risk Management standard provides organizations the principles, framework and process for managing risk. e) Inclusive f) Best available information g) Human and cultural factors h) Continual improvement Figure 1.4, Risk Management Principles, Framework and Process Relationship developed by the authors – adapted from ISO 31000 Chapter 1: The Sources of Risk • Principles • The relationships that exist between the principles, framework and process of risk management are illustrated in Figure 1.3. The principles (clause 4) are the foundation on which the framework (clause 5) and process (clause 6) are built as described in the ISO 31000 standard. Both the framework and process are constructed in a plan-do-check-act (PDCA) model for continual improvement, one of the principles cited in clause 4. • Review Chapter 1 for further details Chapter 1: The Sources of Risk • Framework • A risk management framework, based on the aforementioned principles, exists to provide organizational structure for: ➢leadership, ➢process design, ➢implementation and ➢monitoring, evaluation and continual improvement of the risk management process. • It assists an organization in the integration of risk management into all activities, decisions and actions. Chapter 1: The Sources of Risk • PREVENTION THROUGH DESIGN • In this manual, the concept of prevention through design (PtD) is woven into the concepts, elements and tools of the risk management process. • The authors believe that it is vitally important to consider managing risk from the beginning stages of design throughout the system’s life span to decommission and disposal. • This is a relatively new concept that OSH risk professions and some organizations are beginning to explore and champion. Chapter 1: The Sources of Risk Figure 1.5, Relationship between ISO 31000 and ANSI Z590.3 • To put into the proper context, the ANSI Z590.3-2011 (R2016) Prevention through Design standard is written to address occupational safety and health risks over the entire life cycle of a system. • This more pinpointed focus aligns with OSH risk professional’s roles in assessing and managing workplace exposures. • The ISO 31000 standards on the other hand, are written from a much broader perspective and designed to address all types of risks including those that have negative and/or positive consequences with the ultimate purpose of reducing uncertainly and enabling an organization to achieve its objectives. Chapter 1: The Sources of Risk • PtD Concepts and Application • ANSI/ASSE Z590.3-2011(R2016) is the first standard to address risk assessment in the design and redesign phase. It provides a framework for implement risk assessment concepts within the various phases of a system’s life span including conception, design, redesign, construction, manufacture, use, maintenance, decommission and disposal. ANSI/ASSE Z590.3-2011(R2016) defines prevention through design as follows: • Prevention through Design. Addressing occupational safety and health needs in the design and redesign process to prevent or minimize the workrelated hazards and risks associated with the construction, manufacture, use, maintenance, retrofitting, and disposal of facilities, processes, materials, and equipment. (ANSI/ASSE Z590.3-2011(R2016)) Chapter 1: The Sources of Risk Most Preferred Least Preferred Risk Avoidance: Prevent entry of hazards into a workplace by selecting and incorporating appropriate technology and work methods criteria during the design processes. Eliminate: Eliminate workplace and work methods risks that have been discovered. Substitution: Reduce risks by substituting less hazardous methods or materials. Engineering Controls: Incorporate engineering controls/safety devices. Warning: Provide warning systems. Administrative Controls: Apply administrative controls (the organization of work, training, scheduling, supervision, etc.). Personal Protective Equipment: Provide Personal Protective Equipment (PPE). • PtD Concepts and Application • The stated goals of Z590.3 are to 1) achieve acceptable risk levels, 2) prevent or reduce risks that produce injuries and illnesses, and 3) reduce the need for retrofitting to address hazards and risks not addressed in the design or redesign phases. The PtD standard is based on the risk reduction hierarchy of controls concept shown in Figure 1.6 Figure 1.6. Risk Reduction Hierarchy of Controls reprinted with permission from ANSI/ASSE Z590.3-2011(R2016) (Courtesy of the ASSP) Chapter 1: The Sources of Risk • PtD Hazard Analysis and Risk Assessment Process • Like the ANSI Z690.2 Risk Management and ANSI Z690.3 Risk Assessment Techniques standards, Z590.3 addresses the same fundamental steps in risk assessment. • There are some important distinctions between the two. • The ANSI Z690 standard addresses the management of all types of risk (including those with positive results as well as those with negative consequences) in a much broader sense with the purpose of reducing uncertainly and achieving an organization’s objectives. • Z590.3 is focused on the assessment and control of hazard-derived risks through design and the use of the hierarchy of controls within the lifecycle of a system to achieve acceptable risk. Chapter 1: The Sources of Risk 1) Data gathering – Injury and protective data • PtD Hazard Analysis and Risk Assessment Process Process (clause 5) 2) Set scope or Limits of Assessment 3) Develop and charter risk reduction team Establishing the context (5.3) Risk identification (5.4.2) Risk analysis (5.4.3) Risk evaluation (5.4.4) 4) Identify task and hazards 5) Assess risk – Initial risk scoring system Monitoring and review (5.6) Communication and consultation (5.2) Reevaluate tasks and hazards 6) Reduce risk – Hazard control hierarchy Identify current controls Test/verify current controls Identify new controls 7) Assess Risk – residual risk scoring system No Residual risk acceptable? Yes 8) Results/Documentation Risk treatment (5.5) Evaluation complete 10) New hazard ID ISO 31000 9) Controls measurement system ANSI Z590.3 Figure 1.7, Alignment of ISO 31000 and the ANSI/ASSE Z590.3 Risk Assessment Process Chapter 1: The Sources of Risk • Hazard Analysis and Risk Assessment Techniques in PtD • Each organization should select and apply risk assessment methods suitable to its needs and provide training in those methods to stakeholders involved in the process. The Z590.3 standard identifies eight common techniques for hazard analysis and risk assessment in its Addendum G. Those methods are: • Preliminary Hazard Analysis (PHA), • What-If Analysis, • Checklist Analysis, • What-If/Checklist Analysis, • Hazard and Operability Analysis (HAZOP), • Failure Mode and Effects Analysis (FMEA), • Fault Tree Analysis (FTA), and • Management Oversight and Risk Tree (MORT). Chapter 1: The Sources of Risk • A comparison of listed hazard analyses and risk assessment methods in ISO 31010, ANSI Z590.3 and ANSI Z10 standards is shown in Table 1.1. ISO 31010/ANSI Z690.3-2011 ANSI Z10-R2017 Design Review Risk Assessment Matrix What-if / Checklist Analysis B.1 B.2 Brainstorming Structured / Semi Structured Interviews B.3 B.4 B.5 B.6 Delphi Checklists Preliminary Hazard Analysis Hazard and Operability Studies B.7 Hazard Analysis and Critical Control Points (HACCP) B.8 B.9 B.10 B.11 B.12 B.13 Toxicity Assessment Structured What-if Analysis Scenario Analysis Business Impact Analysis Root Cause Analysis Failure Mode Effects Analysis (FMEA); Failure Mode Effects and Critical Analysis (FMECA) Fault Tree Analysis Event Tree Analysis Cause and Consequence Analysis Cause and Effect Analysis Layers of Protection Analysis Decision Tree Analysis Human Reliability Analysis Bow Tie Analysis Reliability Centered Maintenance Sneak Analysis and Sneak Circuit Analysis B.14 B.15 B.16 B.17 B.18 B.19 B.20 B.21 B.22 B.23 Table 1.1 Comparison of hazard analysis and risk assessment methods listed in ISO 31010, ANSI Z590.3, and ANSI Z10 ANSI Z590.3-R2016 PtD Design Safety Review Risk Assessment Matrix Management Oversight and Risk Tree - MORT B.24 B.25 B.26 B.27 B.28 B.29 Markov Analysis Monte Carlo Simulation Bayesian Statistics and Bayes Nets FN Curves Risk Indices Consequence / Probability Matrix B.30 Cost/Benefit Analysis (CBA) Brainstorming Checklists Preliminary Hazard Analysis Hazard and Operability Studies Checklists What-if Analysis Failure Mode and Effects Analysis Fault Tree Analysis Consequence / Probability Matrix Chapter 1: The Sources of Risk • SUMMARY • As organizations become more risk-centric, OSH risk professionals will be expected to have sufficient skills in selecting and applying occupational risk management tools. They will be expected to understand and apply the hierarchy of controls concept to achieve an acceptable risk level. • Risk elimination and reduction will be incorporated into designs, and throughout a system’s life span. Knowledge and skill in these concepts as well as a firm understanding of occupational risk management systems such as ISO 45001 and ANSI Z10 will be required by organizations. • The concepts, tools and case studies in this manual are designed to help prepare the OSH risk professional for these changing expectations and developing trends. Chapter 1: The Sources of Risk • References • ANSI/ASIS/RIMS RA.1-2015. Risk Assessment. Alexandria, VA: ASIS International and The Risk and Insurance Management Society, Inc., 2015. • ANSI/ASSE/AIHA Z10-2012 (R2017). American National Standard—Occupational Health and Safety Management Systems. Fairfax, VA:. American Society of Safety Engineers, 2017 • ANSI/ASSE Z590.3-2011 (R2016). Prevention through Design: Guidelines for Addressing Occupational Hazards and Risks in Design and Redesign Processes. Des Plaines, IL: American Society of Safety Engineers, 2016. • ANSI/ASSE Z690.1-2011. American National Standard - Vocabulary for Risk Management. Des Plaines, IL: American Society of Safety Engineers, 2011. • ANSI/ASSE Z690.2-2011. American National Standard – Risk Management Principles and Guidelines. Des Plaines, IL: American Society of Safety Engineers, 2011. • ANSI/ASSE Z690.3-2011. American National Standard - Risk Assessment Techniques. Des Plains, IL: American Society of Safety Engineers, 2011. • ANSI B11.0-2015. Safety of Machinery. Houston, TX: B11 Standards, 2015. • ASSE’s Risk Assessment Institute website (http://www.oshrisk.org/videos/) • BS OHSAS 18001:2007. Occupational health and safety Management systems—Requirements. London, UK: British Standards Institution (BSI), 2007 Chapter 1: The Sources of Risk • References • ILO-OSH 2001. Guidelines on occupational safety and health management systems. Geneva, Switzerland. International Labour Office, 2001. • Main, Bruce, W. Risk Assessment: Challenges and Opportunities. Ann Harbor, MI: Design Safety Engineering, Inc., 2012. • Manuele, Fred. A., Advanced Safety Management: Focusing on Z10 and Serious Injury Prevention. Hoboken, NJ: Wiley, 2008. • MIL-STD-882E. Standard Practice for System Safety. Washington, DC: Department of Defense, 2012. • OSHA. (2003). Voluntary protection programs: Policies and procedures manual. Washington, DC: U.S. Department of Labor, Author. Retrieved from www.osha.gov/ OshDoc/Directive_pdf/CSP_03-01-003.pdf • Popov, G., Lyon, B., Hollcroft, B., Risk Assessment: A Practical Guide to Assessing Operational Risks. Hoboken, NJ: Wiley, 2016 • Risk Assessments – Top 10 Pitfalls & Tips for Improvement, Bruce K. Lyon and Bruce Hollcroft, Professional Safety, December 2012, American Society of Safety Engineers • The Art of Assessing Risk – Selecting, Modifying and Combining Methods to Assess Operational Risks, Bruce K. Lyon and Georgi Popov, Professional Safety, March 2016, American Society of Safety Engineers Chapter 1: The Sources of Risk • References • The Institutes, Quadrants of Risk: Hazard, Operational, Financial, and Strategic. Retrieved from https://www.theinstitutes.org/comet/programs/arm/assets/arm54-chapter.pdf • The Risk Management Society (RIMS), What is ERM? Retrieved from https://www.rims.org/resources/ERM/Pages/WhatisERM.aspx Risk Management and Prevention through Design EHS Seminar Developed by: Dr. Georgi Popov, CSP, QEP, SMS, ARM, ASP, CMC Why ERM? • Value of the Profession “ASSE must tell the story of what we do and the value we provide to organizations. While regulatory standards will always be part of OSH programs, we deliver the greatest value to our organizations and clients when we use our technical knowledge to identify and assess risks, then apply our business skills to develop and communicate effective solutions Progressive organizations do not hire professionals to achieve basic compliance. They hire us to influence the policies, systems and programs that are needed to protect the organization’s employees, assets and viability. We do this best by focusing on identifying, assessing, reducing and communicating with our corporate leaders in terms of risk.” • Risk Communication: A journey from SH&E Hazards Identification to Enterprise Risk Management (ERM) 2 Why ERM? • You don't have a true and overarching safety strategy. • Your safety strategy was developed in a vacuum (silo approach) • You have antiquated equipment that is unsafe to operate at optimum speeds. • You have developed the mindset in your workers that safety is the enemy of productivity. ??? • Your flawed safety culture reinforces this division between safety and productivity. Source: https://proactsafety.com/blog-posts/the-war-between-safety-and-productivity 3 Why ERM? • History lessons: • Integration is the key!!! • Alexander the Great (Egypt – I’m one of you) = Alexandria • Roman Empire – Integration and common values • Opposite: Napoleon and Hitler (us against the World) – Short lived results Anubis in • Translation: Safety examples? Roman Toga 4 “Traditional” Risk Management • “Traditional” RM is often associated with entrenched silos. • Safety professionals were very often separated from financial and strategic risk decisions. Safety function was very often considered separate or part of operations. • Human resources typically managed the turnover rate, hiring, benefits and absenteeism. • Lean Six Sigma function managed productivity and quality. • Accounting managed financial records, business transactions, cash flows and accounts payable. • All these functions or departments had their own management structure and very rarely worked in synergy. ERM integrates safety risks with operational, financial, and strategic risks and it encourages an understanding of their relationships and synergistic effect. 5 ERM Models Hazard Risk Financial Risk Operational Risk Strategic Risk ERM Hazard risk Example: Insurable risks. Injuries & Illnesses, Property damage, Natural catastrophe Financial risk Financial losses, Pricing risk, Asset risk, Currency risk, Liquidity risk Operational risk Employee error, System failure, Process interruption, Customer satisfaction, Product failure, Integrity, Knowledge drain Strategic risks Competition, Social trend, Reputational risk; $$$ availability (GM & Chrysler 2008) 6 ERM Models Generally, risks to the Company’s success can be grouped into four categories: (1)Strategic, (2) Operational, (3) Compliance and (4) Financial & Reporting J&J ERM: Source: https://www.jnj.com/_document?id=0000015a678b-d85b-a1da-779f4cfe0000 7 OSH and Enterprise Risk Management integration Strategic Risk Compliance Risk This ERM methodology integrates safety into Enterprise Risk Management.8 Safety Function and ERM Traditional RM 2007 – “Silo” approach Diesel Forklift "Knauf Tianjin“ Drywall 9 OSH Risk Management adds Value • ERM risks are interdependent. • Key interdependencies exist between OSH risks, operational risk, financial risk, business risk and reputational risk. • Each of these major interdependent categories is comprised of sub-risk categories. • The synergistic effect of risk exposures could pose greater risk that the sum of individual hazards and risks. For example, the regulatory fines related to OSH risks may be considered acceptable form a financial prospective ($12,675 per violation), but may not be acceptable from and ERM prospective due to strategic risk and potential reputational damage. 10 OSH Risk Management adds Value • Safety risks may be misunderstood or underestimated. • OSH risk may lead to financial losses, operational interruptions, and regulatory issues if the function is not properly integrated into ERM process. • Improperly managed OSH risks may lead to operations shut down due to incident investigations, resulting in financial losses, failure to fulfil orders, insurance premiums increase and reputational damage. • Unfortunately, considerable number of organizations use different systems and methodologies to manage different risks. • OSH function may utilize risk assessment and risk management methodologies that are not familiar to business managers. • OSH managers may not be fully familiar with business risk assessment and risk management practices and tools. Hence, the need for integration. 11 OSH - ERM framework • Our interpretation: OSH - ERM framework should be defined as follows: • OSH risk is a variable that can have a negative effect on key business objectives. Conversely, proper management of OSH risks may contribute to achieving business objectives, eliminate or minimize overall organization risk, maximize company value and contribute to achieving strategic objectives. • Presented OSH-ERM methodology clarifies the importance of OSH function’s role in strategic planning, and demonstrates that it is easily embedded throughout an organization. • OSH risk influences and aligns with strategic goals and performance across all departments and functions. 12 OSH & ERM Integration • Case study/Practical example • Consider the following practical example. In 2006 - The U.S. Chemical Safety and Hazard Investigation Board (CSB) issued a safety bulletin following the agency's investigation into the June 24, 2005, fire and explosions that swept through the Praxair Distribution, Inc., gas cylinder filling and distribution center in St. Louis, Missouri. According to CSB, the accident occurred when gas released by a pressure relief valve on a propylene cylinder ignited. (CSB, 2006 report available at: http://www.csb.gov/one-year-after-gas-cylinder-fire-and-explosionsat-praxair-st-louis-csb-issues-safety-bulletin-focusing-on-pressurerelief-valve-standards-and-good-safety-practices/) 13 OSH & ERM Integration • Case study/Practical example • Under the “traditional” Loss Control approach, the organization will purchase property, liability and workers compensation for this type or risk. Safety managers may add proper handling procedures and emergency response plan in case of chemical release or an explosion. • “Traditional” Loss Control approach may consider this type of risk transfer sufficient form of control – a.k.a. “cost of doing business”. “Traditional” Safety management function may consider the SOPs sufficient measure to reduce probability/likelihood of explosion and emergency response plan a measure to reduce the consequences. • Under ERM approach, additional risks will be considered. Additional risks include business interruption, turnover rate, ethical considerations and reputational damage. Strategic risk may include failure to complete orders on time and eventually loss of clients. CSB: http://www.csb.gov/praxair-flammable-gas-cylinder-fire/ 14 Objectives of risk assessment and risk management • As defined by ISO 31000/ANSI Z690.2, risk assessment is the “overall process of risk identification, risk analysis, and risk evaluation.” • A more detailed definition of risk assessment within an occupational safety and health context is found in the ANSI/ASSE Z590.3 Prevention through Design: Guidelines for Addressing Occupational Hazards and Risks in Design and Redesign Processes standard. It states that risk assessment is “a process that commences with hazard identification and analysis, through which the probable severity of harm or damage is established, followed by an estimate of probability of the incident or exposure occurring, and concluding with a statement of risk.” (ANSI/ASSE Z590.3-2011-R2016, 3.19, p 13) 15 Objectives of risk assessment and risk management • The objectives of risk assessment are: ➢Identify hazards and their risks that threaten the organization and its objectives ➢Analyze, evaluate and determine risk levels ➢Recommend risk reduction measures according to the hierarchy of controls (HoC) ➢Reduce and maintain residual risk to an acceptable level to the organization ➢Communicate risk effectively to decision makers to enable informed riskbased decisions ➢Reduce uncertainty ➢Assist the organization in achieving its stated objectives 16 Objectives of risk assessment and risk management • The objectives of risk management are: ➢Align the outcomes of risk assessment with the organization objectives ➢Treat the risks ➢Communicate the outcomes ➢Monitor and review the risks ➢For ERM consider Operational, Financial, and Strategic risks 17 ISO 31000 Risk Management Standard and modified to include ERM 18 Selection of SH&E and ERM techniques 19 Selection of SH&E and ERM techniques 20 ERM • For an ERM to work, it needs to be: ✓Enterprise (i.e. integrating all influences over the whole organization), ✓Risk (i.e. model the interrelationships that cause uncertainty), ✓Management (i.e. be a decision making tool for those who actually run the business). Source: BREXIT AND THE FAILURE OF ERM – GREG CARROLL http://www.fasttrack365.com/blog/bid/brexit-and-the-failure-of-erm 21 Safety Value • Notice Opportunities Source: ASSE PSJ: Safety & Sustainability: Understanding the Business Value http://aeasseincludes.asse.org/professionalsafety/pastissues/058/06/F3Hill_0613.pdf 22 Safety Value Opportunities • Notice Opportunities Source: ASSE PSJ: Safety & Sustainability: Understanding the Business Value http://aeasseincludes.asse.org/professionalsafety/pastissues/058/06/F3Hill _0613.pdf 23 ASSP RAI Source: © istock.com/relif 24
Purchase answer to see full attachment
User generated content is uploaded by users for the purposes of learning and should be used following Studypool's honor code & terms of service.

Explanation & Answer

Attached.

Running head: OCCUPATIONAL RISK MANAGEMENT

Occupational Risk Management
Student’s Name
Institutional Affiliations
Course

1

OCCUPATIONAL RISK MANAGEMENT

2

Occupational Risk Management
Chapter 1 Analysis
Lyon & Popov (2018) stipulates the measure of understanding how much exposure to
hazard can cause a health risk to workers as well as provides an avenue to control, reduce, and
eliminate threats. In chapter one, it is accurate that the safety profession has undergone
tremendous changes and developments that provide safety to workers. At all times, the
workplace must be secure to accommodate both workers and assets. According to Lyon & Popov
(2018), the Occupational Safety and Health Act provides initiations that are critical for ensuring
that organizations act on injuries and illnesses that are experienced in the workplaces.
Technically, the existence of the OSH Act has been significant in seeing that organizations have
the propensity of dealing with any tragic occurrence that is linked to the safety of workers. OSH
profes...


Anonymous
Very useful material for studying!

Studypool
4.7
Trustpilot
4.5
Sitejabber
4.4

Related Tags