Three Keys to Improving Risk Management
Risk management is at the heart of what safety professionals do every day. Effective risk management is what prevents injuries and fatalities and enables workers to do their jobs safely. The challenge lies in finding solutions that adequately address the hazards and risks workers encounter in your workplace.
As a member of the U.S. Technical Advisory Group (TAG) to ISO technical committee (TC) 262, Risk Management, and Systemwide Enterprise Risk Management Director at the University of California, Carrie Frandsen, ARM-E, CRMP, dedicates her work to helping organizations advance their risk intelligence.
“Risk enters every decision in life, yet we don’t really think about it too much,” she says. “Having risk intelligence means taking a structured approach to risk and moving risk management from a policing function to a more strategic resource that is central to decision-making.”
Through her work with the U.S. TAG and across the University of California system, Frandsen has gained valuable insights into the benefits of a risk-based mind-set. She identifies three keys to help you and your organization become more intelligent about risk and improve risk management.
The world of occupational safety and health offers many tools and resources to help keep workers safe. One such tool focused specifically on risk management is ISO 31000, Risk Management - Guidelines, which provides guidelines and best practices for improving risk management, regardless of the size of your organization.
“ISO 31000 provides guidance on how existing management practices in your organization can be adapted and improved so that managing risk is consistent, efficient and effective,” says Frandsen. “It offers a framework that can be integrated within safety management systems to ensure consistency and effectiveness of management control across the organization.”
Furthermore, the standard is an open, principles-based system, meaning that an organization can apply the principles in the standard to any organizational context, be it an oil company, a pharmaceutical company, higher education or elsewhere. The standard also provides direction on how you can integrate risk-based decision-making across your entire culture including governance, planning, management and reporting.
The 2018 revision of ISO 31000 places a greater focus on creating and protecting value as the key driver of risk management. It also includes the consideration of human and cultural factors, such as cognitive biases. ISO/TC 262 is developing an implementation guide to help an organization tailor the standard to its unique circumstances and assess the effectiveness of its risk management processes.
Once you’ve educated yourself on developing an improved risk management framework, you must examine how to apply that framework to your organization. And, you need to identify where safety fits into the organizational context and overall management goals.
“It pays for you to know where you fit in the organization and your leadership’s priorities,” Frandsen says. “If you can set your safety goals in the context of the entire organization and show the consequences of not having resources in place, leadership can begin to understand the importance of the safety program in the context of the risks the organization is faced with.”
Frandsen emphasizes that this risk examination needs to include internal and external risks, as well as a forward-looking mind-set to assess emerging risks. This will help an organization develop a holistic process for identifying risks so that it can be more thoughtful about risk-based resource allocation, thereby providing assurance that the company is headed in the right direction.
“Risk management is a part of governance and management itself. If you want to run the organization effectively, you need to know what’s coming,” she says. “You need to know your external risks, you need to know your internal operational risks and you need to consider risks when you’re making strategic decisions.”
Improving your own risk intelligence is a step in the right direction, but to truly advance risk management and safety performance, you have to impart that knowledge to your front-line workers. Frandsen notes that while having engineering controls in place to address risks is important, more work needs to be done to prevent injuries and fatalities.
“Our job as safety and risk professionals is to support people with the resources and expertise that empowers them to make risk-intelligent decisions,” she says. “With this mind-set, employees will think about risks before they begin their work.”
The first two steps in this process provide insights into the types of risks workers face on a daily basis, providing you the knowledge necessary to formulate suitable solutions. Based on this information, you can tailor training and risk assessment tools to each working environment. This provides workers the knowledge they need to understand the risks they face each day and to properly protect themselves and their coworkers from injuries.
Frandsen reminds safety professionals that everyone is a risk manager and that the goal for risk management is to develop a culture in which all stakeholders are aware of the importance of monitoring and managing risk.
“Failure to manage risks is inherently risking failure,” she says. “Risk can have consequences in terms of economic performance and reputation, as well as environmental and societal outcomes, so managing risk effectively helps organizations perform well in an environment full of uncertainty.”