Help Protect Your Organization With a Risk Management System
Ask anyone in your organization and likely everyone would tell you that they did not show up to have an accident. So, if no one wants to have an accident, why do they still happen?
The Psychology of an Accident
Risk management professionals have been trying to solve that problem for many years now, and it is not an easy one to solve. This is because many variables contribute to a single accident, and those variables are not static. From one person to the next, and one day to the next, variables are constantly moving and shifting. Examples of variables include the following:
- Environmental Conditions
- Organizational Cultures
- Equipment Condition
- Weather Conditions
- Organizational Management Structures
- Light Levels
- Walking/Working Surface Conditions
It would be far easier if the variables stayed put, hence the reason we look to safety and risk management controls for assistance. The controls, however, only get us as far as the level at which they are implemented.
Perhaps, a large portion of the “accident problem” is connected to the different value perceptions a person maintains from one situation to the next. To put it another way, from the President/CEO on down, what does each person in an organization hold of higher value in any given situation they encounter? Simply put:
Values + Actions = Behavior
Whatever a person values most will ultimately form their actions, which helps shape an individual’s behavior. Behavior is what we attempt to understand to impact overall safety and wellbeing within our organizations.
Simply put, an individual will most likely behave in a manner that is most consistent with what they value. The higher the value placed on that “something” will likely result in a higher intensity of the resulting behavior. Sometimes, this results in “risky” behaviors, even though we do not mean any harm by them. If the perceived value is higher than the potential result of risky behavior, then we must just consider it worth the risk. Engage in risky behaviors enough times and the law of statistics will eventually catch up. Now imagine if everyone in an organization engaged in risky behaviors. Accidents would be virtually guaranteed.
Why do people do this? Perhaps it is because, in the moment, we tell ourselves things that justify the behavior such as the following:
- It will never happen to me.
- It’s just this one time.
- No one is watching so I won’t get caught.
- It’s a dumb rule anyway.
- If I don’t get this done, my supervisor will be upset with me.
- I will have to stay later if I don’t.
- No one cares.
This tends to reduce our mindfulness of behavior in the present moment and think abstractly.
The “Why” of Implementing a Risk Management System
The implementation of an effective risk management system is the difference between a collection of written policies and procedures versus a successful risk management program. This is because, when implemented correctly, a risk management system organizes everyone’s efforts into a focused pattern of consistent behaviors that leads to accident prevention.
A risk management system achieves positive results that are measurable through the application of proactive measurements versus reactive controls. Imagine preventing an accident versus waiting for one to happen before acting. A risk management system establishes safety as a core organizational value that is the responsibility of everyone.
The adage of “What gets measured gets done” is true, and a risk management system measures safety performance for successful results. Without one, it is very difficult for you to know for certain if controls are working, or if your organization is just lucky.
To sum up the “Why” of risk management systems, they are the difference between “knowing” your organization is operating safely rather than “hoping” that your people behave safely. Organizational leadership should not settle for the latter of the two.
Overview of Risk Management System Components
The following is not intended to be a complete list of all components needed at your organization. It is possible that you may not need every one of these. However, it is important that you conduct an honest assessment of your operations to determine what is needed and what is not. This is best accomplished by a team of people representing every area of the organization. Only then can you be most confident in the data you are collecting.
Begin with Management Leadership.
Your organization’s executive leadership must fully understand the risks associated with all operations to set the proper tone, and they must take measures to reinforce their message. This part is so critical that you will likely never realize the full benefit of a risk management system without it. Executive leadership must buy in to the “Why” of the system and understand the benefits of its successful implementation to the preservation of the organization.
Not only is it a matter of the protection of life and property, but it is also a matter of the financial impact on revenue versus expense. A risk management system is an investment in the organization and its people, which yields a return over time. This is realized through reductions in expenses associated with operating a business such as:
- Decreased operations and programs;
- Increased insurance costs;
- Improved morale;
- Decreased legal expenses;
- Reduced turnover; and
- Reduced sick leave requests.
Neglecting to address a potential loss exposure for the sake of saving money could be significantly more expensive in the long run. A risk management system helps organizational leadership know that investments are being made in the most efficient and effective means possible.
The first step in this component is to create an overall Management Commitment to Safety Policy. The policy needs to clearly establish that your organizational leadership values risk management in the same vein as any other key operational component and that there will be zero tolerance for failures to follow established policies and procedures. The policy should be signed by all leaders of your organization, and it should be communicated to everyone in your organization.
The second step in establishing the Management Leadership component is to Delegate Responsibility and Authority to the necessary positions that will enforce the policy. This may sound like harsh language, but it really is not. As an executive leadership team, you should oversee the following:
- Provide appropriate financial, human and organizational resources to support the risk management system.
- Assign responsibilities while establishing accountability and delegating authority to appropriate personnel.
- Drive implementation of the risk management system into all business systems and processes.
Develop Employee Participation.
Another critical component of your risk management system is the inclusion of employees in the system. This step cultivates a sense of inclusion, fostering a feeling of ownership rather than one of exclusion and enforcement. Participation should be throughout all phases of the system, including:
- Implementing; and
Examples of ways in which you can include employees include, but are not limited to the following:
- Create a process for employees to report hazards and make suggestions.
- Create committees with oversight over processes, hazards, suggestions, or other types of improvement projects (i.e., Vehicle Accident Review, Employee Incident Review, Visitor Incident Review, etc.).
- Create working teams to carry out specific tasks (i.e., Hazard control, inspections and audits).
Take measures to ensure that that your methods of cultivating participation stay fresh. Rotate members of committees and teams on and off to avoid complacency or burnout. Be sure to recognize accomplishments and contributions as well.
After implementing processes for employee participation, you will then be ready to begin the Planning phase. During this phase, your team will work together to answer the question of what needs to be done and how your organization will complete tasks. There are multiple steps within this component, and it is important not to rush the process, as you could fail to identify all the risks to your organization.
There is risk associated with any operation. Some levels of risk are acceptable while others are not. Adequately identifying and determining the level of risk associated with an activity is a key factor in the transfer of risk.
Below are some recommendations on what to plan for:
- Develop a method of identifying organizational risks. This should include a series of inputs from representatives from each operational area. Examples of inputs can include the following:
- Analysis of loss information. Trending data such as accident reports, insurance loss runs, costs associated with injuries and accidents.
- Analysis of physical site assessments.
- Analysis of employee suggestions.
- Operational reviews for risk identification.
- Develop a system to prioritize the identified risks.
- Consideration of frequency and severity should guide risk level assignments.
- Frequency is the number of times the risk is anticipated to occur during a given timeframe.
- Severity is the anticipated result of the risk and how severe the outcome will be.
- High frequency and severity risks should take top priority.
- Consideration of frequency and severity should guide risk level assignments.
- Identify objectives of the risk management system based on prioritized risks.
- Implement controls to accomplish objectives.
Implementation and Operations is the next phase of your system. In this phase, you will begin to implement planning components that support the accomplishment of these objectives. There are four (4) main implementation categories:
- Operational Elements
- Risk and Hazard Assessment/Analysis
- Identify tasks within programs and their related hazards.
- Recognize hazards associated with human errors.
- Identify risks associated with purchased products, raw materials, other goods and services. Establish requirements for these and ensure conformance.
- Establish an accident/incident reporting process.
- Implement controls using a Hierarchy of Controls.
- Review applicable regulatory standards.
- Manage Change process to existing processes.
- Procure resources.
- Obtain contractors as needed.
- Implement processes for Emergency Preparedness.
- Risk and Hazard Assessment/Analysis
- Education, Training, Awareness and Competence
- Determine competencies needed to maintain safe environments.
- Develop an annual risk management training calendar.
- Create a process for tracking training assignments and completions.
- Train new staff members before they begin work tasks.
- Utilize multiple forms of training, including practical demonstration.
- Utilize posters and signs.
- Create paycheck memos.
- Conduct risk management refreshers.
- Focus on different topics in each month of the year.
- Maintain records of all training and communications.
- Include dates, attendees, subject matter presented and quiz results.
The next component of a risk management system is Evaluation and Corrective Action. Now that you have identified risks, developed/implemented controls, and trained/communicated with staff, it is time to establish measurement so that you can determine the success of the components.
Predictive and Results-Oriented:
- Predictive = Micro Level Measurements (Middle/Lower-Level Management and Workers)
- Need to be installed at mid-level and employee level.
- Results-Oriented = Macro Level Measurements (Upper Management/Board Level)
- Lost Time Injury Rate
- This should be used with the board and upper-level management, as well as mid-management.
- Begin tracking what types of injuries are leading to Lost Time Accident numbers so that this information can be utilized for emphasis.
Examples at Mid-Management Level:
- Safety meetings with supervisors. Content should be on prevention topics regarding top loss causes. Meetings should be logged and recorded as well as measured.
- Monitor the quality of work by subordinates. This is done by regular supervisor checks. Provide a checklist of “critical” checks that are directly tied to loss contributors. This should be tracked and measured.
- Roll-up of subordinate performance. Checks should be made on each supervisor’s safety performance. This would include verification that supervisor inspections, safety talks, etc. are being completed. These should be tracked and measured.
Examples at Lower Management/Worker Level:
- System of Counting and Rating Accident Prevention Effort (SCRAPE Rate).
- Supervisor Site Safety Inspections. In addition to overall conditions to observe, Safety would provide a checklist of “critical” checks that are directly tied to LTI injury contributors. This performance would be tracked and logged.
- Supervisor Safety Talks. These talks should be an extension of the mid-management level/supervisor talks and should be on prevention topics regarding top LTI causes. These should be periodically checked for quality control purposes. Meetings should be logged and recorded as well as measured.
- Site Safety Inspections. Independent department providing QC of safety performance on job sites by conducting inspections. This performance would be tracked and logged.
- Safety Sampling. Watch workers working on sites to determine if they are working in safe manners. Measures the quality of communication between supervisor and worker. Sampling would be conducted by a 3rd party consultant to remove the opportunity for bias. This performance would be tracked and logged.
Examples of Automotive Safety Measurements:
- Driving Complaints. Called in by members of the public. Verified by GPS. Complaints would be tracked and logged.
- Vehicle Inspections. On a random basis pulling vehicles for equipment/operation to be sure it is not being used in an unsafe manner. This would be tracked and logged.
- Monthly Speeding Citation Checks. Checks would be run monthly to determine if speeding citations were issued to employees while driving for the organization. This would be tracked and logged.
- Third-Party Driver Observation/Sampling Program. Employ a third-party organization periodically to conduct observations of driver safety. Observations such as speed, behavior, cell phone usage, turn indicator usage, load stabilization, etc. would be established, recorded, and documented.
Other Examples for Measurements:
- Safety Suggestions
- Hazard Identifications
- Observations of safe work practices by safety personnel.
Example of Tracking Chart:
|Passing Safety Assessment
|Passing Vehicle Inspections
The final component of a risk management system is Management Review.
Management Review Process (Annual Executive Leadership review). Inputs include the following:
- Progress in the overall reduction of risk.
- Effectiveness of the processes to identify, assess, and prioritize risk and system deficiencies.
- Effectiveness in addressing underlying causes of risks and system deficiencies.
- Input from staff.
- Status of corrective and preventive actions and changing circumstances.
- Follow-up on assessments and previous management review items.
- The extent to which objectives have been met.
- The overall performance of the system relative to established objectives.
Management Review Outcomes at Conclusion of the Review
- Future direction of the risk management system based on business strategies and conditions.
- Need for changes to the organization’s policy, priorities, objectives, resources, or other risk management system elements.
- Hold staff accountable for performance as needed.
Reward and Incentivize Successes
It is important to take time to recognize and celebrate success along the way. This does not have to be complicated or expensive, and most staff members are happy with praise and appreciation. Here are some examples of incentives:
- Individual praise for good performance.
- Formal recognition in the organization.
- Opportunity to work on a desired activity or project.
- “Perks” related to the performance area (e.g., attending a loss control conference in a desirable location.)
For additional Loss Control guidance, please visit the Plan & Protect safety hub.