In order to promote a safer workforce and to maintain compliance with regulatory agencies, such as the Occupational Safety and Health Administration (OSHA), Environmental Health and Safety (EHS) companies must quickly and effectively address and mitigate all incidents that take place. However, it can be difficult to determine which threats pose the most critical risk as opposed to which risks are less hazardous to the organization.

The result? The process of addressing risk may become time consuming and significant incidents could still slip through the cracks.

This is where automated Risk Management comes in.

An EHS system’s Risk Management tool provides a systematic method for handling all incidents. To mitigate risk and prevent its recurrence a good Risk Management system will incorporate the following traits:

        Repeatability: Risk Management processes must enable an organization to use the same methodology for categorizing all adverse events within the system, regardless of how and when they occurred. By having a repeatable tool for risk, you are able to apply it to any adverse event within the EHS and expect the same outcome.

        Objectivity: An organization needs a tool that systematically quantifies the necessary action to be taken as opposed to more subjective methods, which could differ depending on perceptions, human factors and similar constraints. By quantifying the results, you are able to not only eliminate the subjective factors, but you are also able to increase the efficiency of the decision-making process.

        Consistency: Much like having a repeatable process, ensuring the outcome is consistent is key to effective Risk Management. Risk tools are designed to produce an objective and consistent result, each and every time. An EHS system’s Risk Management tool enables organizations to improve safety by identifying and mitigating high-risk events. The Risk management tool improves safety and helps ensure that potential events are organized and stopped before they begin.

One these traits are in place, the next step is to define risk. This is where the Risk Matrix comes in.

Defining Risk with the Risk Matrix

Risk varies by organization and everyone views risk differently, which is why an organization will often spend a lot of time and money to define it. Even after an organization has defined risk, it must then determine which of those risks are most critical.

The Risk Matrix essentially takes hazards and harms and quantifies them by plotting them on a graph. It accomplishes this by defining verbal scales (e.g. severity and frequency) to represent the “x” and “y” axis of the graph and assign numerical values to the scales. The resulting calculation becomes the company’s risk.  Once risk levels have been defined and the matrix has been vetted for accuracy, an organization can apply this tool to its Risk Management process.

Where Risk Management is Applied within the EHS System

Once the Risk Matrix has been vetted, the EHS system’s integration capabilities can then be applied to the process to find risk across the enterprise in areas such as:

       Incidents:  EHS systems commonly track incidents that occur across an organization’s enterprise. Risk Management helps to streamline this process through filtering. Tools such as the Risk Register enable safety managers to filter incident data by level of risk by using the Risk Matrix. This filtering provides a systematic and repeatable method to make well-informed decisions on actions needed when handling incidents, as well as prioritizing critical issues.

       Job Safety Analysis:Risk Management provides consistent, quantitative benchmarking for Job Safety Analysis (JSA) by taking a proactive approach to job risk mitigation. JSA breaks down a job description into individual steps and lists the potential hazards that could occur at each step. Once hazards have been identified, the JSA implements controls for each step to prevent the hazard form occurring. This is where Risk Management comes in. Risk Management is an effective way of assessing the safety of each job step in the JSA. JSA looks at the potential job hazards and assigns a risk level to those hazards. Then, through the use of controls and Personal Protective Equipment (PPE), an organization can begin to reduce the risk level of that job step. This method not only improves the safety of each step, but eventually improves the safety of the job overall.

       Corrective Action: Like using Risk Management to manage incidents, the EHS system can apply Risk to the Corrective Action process, to determine whether a corrective action was truly effective. During the corrective action process, a root cause analysis is conducted to investigate an incident. Corrective action incorporates measures to correct the issue from the root cause, while verification and effectiveness are used to determine that the corrective action worked. Risk Management is used to benchmark the corrective action’s effectiveness.

Risk Management can also be used to measure residual risk to determine whether the corrective action reduced the risk to acceptable levels. If a high degree of risk is still present, the organization will know that the corrective action was not effective and it must take a different approach to lower the risk. This process is repeated until a satisfactory level of risk has been achieved.


The Risk Management system is an effective means of identifying risk, mitigating it and preventing it from recurring. Once an organization has applied Risk Management to its Environmental Health and Safety system, it will begin to reap the benefits of improved visibility into all incidents, faster response time to all events, and increased safety in the workforce.