Saint Josephs University Preventive Risk Controls Discussion

User Generated

Nynaar

Health Medical

Saint Josephs University

Description

Please look and answer the questions in APA format.

Ask me to clarify anything.

Thank you!

Unformatted Attachment Preview

1/ Hopkin presents a diagram of types of controls for hazard risks (Figure 16.1, page 186). He then offers a description of types of hazard controls in Tables 16.1 (p. 187) and 16.2 (p. 188). Select one of the control categories from Table 16.2 and discuss how it contributes to risk control. Provide an example from your experience that reflects the effectiveness of the control you have selected. If you do not have such an example, discuss its potential impact in general terms. 2/ Respond to my classmate’s post (two only) 3/ if the teacher asks any question related to the question, I would like you to answer. APA FORMAT 186 16 Risk control techniques types of controls There are a range of controls that can be applied to hazard risks. The most convenient classification system is to describe these controls as preventive, corrective, directive and detective. This is the risk classification system suggested in the Orange Book. Table 16.1 provides a more detailed description of each of these four types of hazard controls. In relation to hazard risks, the control options of preventive, corrective, directive and detective (PCDD) represent a clear hierarchy of controls. The relationship between these four types of controls and the dominant risk of response for different levels of risks is illustrated on the risk matrix shown in Figure 16.1. Table 16.2 gives examples of these four types of controls in relation to health and safety risks. FIg URE 16.1 Types of controls for hazard risks Impact Transfer risk to another party Dominant type of control will be Directive Terminate activity generating the risk Dominant type of control will be Preventive Tolerate risk and its likely impact Dominant type of control will be Detective Treat risk to reduce the likely impact/exposure Dominant type of control will be Corrective Likelihood Risk control techniques TAb LE 16.1 Description of types of hazard controls 1 Preventive (terminate) These controls are designed to limit the possibility of an undesirable outcome being realized. The more important it is to stop an undesirable outcome, then the more important it is to implement appropriate preventive controls. 2 Corrective (treat) These controls are designed to limit the scope for loss and reduce any undesirable outcomes that have been realized. They may also provide a route of recourse to achieve some recovery against loss or damage. 3 Directive (transfer) These controls are designed to ensure that a particular outcome is achieved. They are based on giving directions to people on how to ensure that losses do not occur. They are important, but depend on people following established safe systems of work. 4 Detective (tolerate) These controls are designed to identify occasions when undesirable outcomes have been realized. Their effect is, by definition, ‘after the event’ so they are only appropriate when it is possible to accept that the loss or damage has occurred. Preventive controls are designed to limit the possibility of an undesirable hazard event occurring. The majority of controls implemented in organizations in response to hazard risks are preventive controls. For health and safety risks, preventive controls will include substituting a less hazardous material in the activity or enclosing the activity so that employee exposure to dust or fumes is eliminated. Examples of preventive controls for fraud risks are shown in Table 16.2. Corrective controls are designed to correct undesirable circumstances and reduce unacceptable risk exposures. Such controls provide a key method whereby the risk is treated so that it becomes less likely to occur and/or the impact is much reduced. In general terms, corrective controls are designed to correct the situation. For example, machinery guards are corrective controls. There has been debate about disaster recovery planning (DRP) and business continuity planning (BCP) and whether they fit into the PCDD classification of the different types of hazard risk controls. Some organizations consider DRP and BCP to be directive controls, whereas others argue that they are corrective controls. An alternative approach is to say that a DRP and BCP are concerned with crisis management and cannot be easily classified as a PCCD type of control and should be considered to be a fifth type of control. In reality this argument, like so many other arguments about terminology, is not helpful. When an organization is faced with a crisis, it will be in a much better position to cope if plans have been considered and put in place before the crisis 187 Risk control techniques TAb LE 16.2 Examples of the hierarchy of hazard controls generic control category Hierarchy of controls for health and safety risks Hierarchy of controls for fraud risks Preventive Elimination or removal of the source of the hazard Substitution of the hazard with something less risky Limits of authorization and separation of duties Pre-employment screening of potential staff Corrective Engineering containment using barriers or guards Exposure reduction by job rotation or limitation on hours worked Passwords or other access controls Staff rotation and regular change of supervisors Directive Training and supervision to enforce procedures Personal protective equipment and improved welfare facilities Accessible, detailed, written systems and procedures Training to ensure understanding of procedures Detective Health monitoring to enquire about potential symptoms Health surveillance to find early symptoms Reconciliation, audit and review by internal audit Whistleblowing policy to report (alleged) fraud arises. Sometimes crisis management will involve the use of alternative facilities that have been put in place before the crisis arose. It could be argued that these are corrective controls. In all cases, crisis management will involve directions to the involved parties as to how they should behave if the crisis arises. It could be argued that these are directive controls. Normally, detective controls relate to identification of circumstances where a risk has materialized at a fairly low level with limited impact and consequences. Clearly, DRP and BCP relate to circumstances where risks have materialized at crisis level. Therefore, it is inappropriate to classify DRP and BCP as detective controls. The bow-tie representation of the risk management process is a convenient way of illustrating the role of the four types of controls. Preventive controls are relevant to actions that are taken before the event occurs. The nature of detective controls means that they relate to circumstances after the event has occurred. Corrective and directive controls can be relevant to loss prevention, damage limitation and cost containment. 188 Risk control techniques These are the three phases of loss control. The relevance of the types of controls 189 Risk control techniques FIg URE 16.2 Bow-tie and types of controls Impact Financial Fire Earthquake Break-in Loss prevention Damage to premises Infrastructure Cost containment Damage limitation Reputational Marketplace Corrective Directive Detective to the bow-tie presentation of the risk management process is shown in Figure 16.2. For the sake of illustration, this figure uses the same hazard of damage to premises as represented in Figure 11.2. Directive controls are designed to ensure that a particular outcome is achieved. In health and safety terms, directive controls would include instructions/directions given to employees to follow, for example, in the use of personal protective equipment. Training in how to respond to a particular risk event and detailed instructions and procedures are directive controls. Directive controls are also associated with actions that must be taken in the event of a loss to limit the damage and contain the costs. Detective controls are designed to identify occasions when an undesirable outcome has occurred. The control is intended to detect when these undesirable events have happened, to ensure that the circumstances do not deteriorate further. An example of detective controls in a project is undertaking a post-incident review. There is a clear hierarchy of effectiveness of controls that is represented by the order preventive, corrective, directive and finally detective. Preventive controls are clearly the most effective, followed by controls that correct adverse circumstances. Providing training and direction to staff is a weaker level of control, and detective controls only confirm that an adverse event has occurred. The importance of DRP and BCP should not be underestimated. They are both methods of cost containment designed to ensure minimum disruption after a hazard risk has materialized, so they are aligned with detective controls. However, DRP and BCP do not conveniently fit into the PCDD classification system for controls, 190 Risk control techniques 191 because they are post-loss procedures. Some control classification systems include BCP and DRP as a fifth category of control. The example in the box below illustrates that an organization will use all four types of control in order to build a robust set of risk responses. The road transport company will make use of all four types of controls in order to reduce road traffic accidents. application of the 4ts Take the example of a road transport company and the desire to reduce the number of road traffic accidents per million miles driven, and the options for reducing this number. The company can look at the preventive, corrective, directive and detective control hierarchy and decide the following: ● The scope for introducing preventive controls includes review of vehicle routing and realistic estimates on delivery schedules so that drivers do not need to drive dangerously to arrive on time. ● The types of corrective controls that will be introduced include enhanced maintenance procedures and improved arrangements for drivers to report vehicle defects. ● Enhanced directive controls will be based on defensive driver training and the provision of a vehicle driver handbook with practical advice that is easy to understand and follow. ● Although some detective controls are already in place through the use of tachographs in the vehicles, the company may decide to also introduce a routine review of drivers’ licences to check for penalty points. Other controls that might be evaluated by the transport company include routine inspections of vehicles to discover and report damage, and a review of fuel consumption to identify drivers with an aggressive driving style. The company is then in a position to introduce structured and measurable loss-control programmes to reduce the overall cost of running the fleet of vehicles. Hazard risk zones Although the 4Ts of hazard response can be illustrated on a simple risk matrix, such as Figure 16.1, the options are not that clear cut. It can be seen that the tolerate and terminate options meet at the centre of the risk matrix. It is not sensible to suggest that a small increase in risk likelihood and potential impact would completely change the approach of the organization to that particular risk. Figure 16.3 provides a slightly more realistic analysis by providing a diagram that builds on Figure 16.1. Figure 16.3 illustrates that there are three zones on the risk matrix, as the cautious and concerned areas combine into a central zone. The comfort zone is predominantly for low-likelihood/low-impact events. As can be seen, there is
Purchase answer to see full attachment
User generated content is uploaded by users for the purposes of learning and should be used following Studypool's honor code & terms of service.

Explanation & Answer

Attached. Please let me know if you have any questions or need revisions.

1

Student’s Name:
Course, Department:
Institutional Affiliation:
Date:

2
Risk management
In ISO Guide 73, the risk is defined as the effect of uncertainty on objectives. In
comparison, the Institute of Risk Management defines risk as a combination of the probability of
an event occurring and its consequences. The consequences are either positive or negative
towards the organization's objectives or the subject of occurrence.
Risk control technics can be grouped as preventive, corrective, directive, and detective.
The directive technics can be used to transfer risk to a third party, like taking an insurance cover
against some risks. Preventive technics are control measures used to terminate risk or block the
risk from occurring, like installing an antivirus in a computer system to control attacks. Detective
measures are measures used to tolerate risk; they are applied after the risk has occurred to
recover from the risk.
Preventive risk controls
Preventive controls are the type of controls designed to limit the possibility of an
undesirable outcome or help stop the possibility of such outcomes. These controls are those that
terminate the activity that can generate the risk. The majority of the control measures applied in
different organizations in responding to possible risk occurrences are the preventive controls.
These control measures can include a substitution of less hazardous material with
hazardous or enclosed fumes to protect the employees from the possible exposure to the fumes or
dust at work in a way to prevent the health risk involved in health safety risks. Therefore,
preventive controls eliminate the risk and replace the activity with a safer one in health and
safety risks. Simultaneously, limitation of authorization and specifying tasks within an

3
organization or pre-employment screening of the potential staff can be described as the
preventive controls towards fraud risks control.
From the representation of the risk control measures, preventive controls are still the most
relevant actions since they are taken before the risk occurs. Detective controls relate to the
circumstance after the risk has occurred, while corrective and directive controls prevent losses,
limit damages, and contain cost when the risk occurs.
Preventive controls still also in the hierarch...


Anonymous
Excellent resource! Really helped me get the gist of things.

Studypool
4.7
Trustpilot
4.5
Sitejabber
4.4

Similar Content

Related Tags