Compliance is moving to a risk management focus
As we get more complex, our safety cultures change — sometimes from a cultural, regional perspective, but also from a company culture perspective. Growth and expansion also give rise to increases in a variety of environmental regulations and requirements; companies need to address their impact on both safety and the environment as they grow. There is a disconnection in how we organize our compliance to Environmental Health and Safety (EHS) initiatives as we expand in complexity.
Risk management is how many organizations are now streamlining compliance in an objective and systematic way. Risk is pervasive throughout all areas within an organization. It spans everything from quality to EHS to financial and the supply chain. Risk is the umbrella that spans the enterprise, making it so powerful in concept. We can use risk as a universal methodology for benchmarking compliance within the organization.
However, while risk can be used throughout the organization, it is important to know the difference between risk management and risk assessment tools.
Risk management misconceptions
Oftentimes when people think about risk management, they are really thinking about the risk assessment tools. The tools are important, but they are only one piece of the whole. The content behind them is the most critical aspect.
We use tools like risk assessment to identify known hazards…but how do we know what our unknown or unidentified hazards are?
Tools don’t help find the unknowns — a risk management process does. Similarly, the tool is a fixed point that assesses the risk, but you need to look at the content and context of your operations to adjust the risk levels and make changes to guidance as you encounter new hazards and potential risks.
It’s important to understand the limitations of risk tools. People are not inherently good at assessing risk. Here are just some reasons why:
1. People are not as perceptive as they think they are: We are not adept at expecting things we cannot perceive — in other words, we can’t anticipate unexpected events.
2. People are not good at recording information: When we do encounter hazardous events, our ability to record the event is flawed. Humans are not recording machines; we take events and attempt to reconstruct them as we see them, and perception is not as good as actuality.
3. People see patterns where none exist: We tend to see patterns in random events — we look for order when we cannot find one, and it becomes subjective.
4. People think they understand more than they do: We also think we have a deep knowledge of all processes, when in fact we only have a basic understanding — we often insert our own understanding into a process and come to a subjective conclusion.
5. People will inherently follow a group mentality: Finally, we tend to group-think — what happens is that we all follow a similar consensus to an issue, so it must be the right decision. The point is that without true structure and process, using tools alone can lead to subjective errors in risk recording.
It is important to realize that prediction is hard — even the experts don’t always get it right. We need to make sure that we understand the limitations and limit ourselves on how much we predict versus what is presented to us as hard evidence. We need to take a more objective and structured approach when looking at decision-making.
The structured approach is in risk management, not risk assessment. As I said before, you can’t have one without the other — risk management needs risk assessment, and vice versa. But the key here is that risk management is the process in which we systematically come to the right conclusions, using risk assessment within the overall process. We need to use the process to help eliminate the subjectivity, and maximize the effectiveness of the tools within the process.
Risk assessment tools for EHS compliance
In EHS solutions, risk is found throughout the business operations. When we look at the EHS operation, we find areas where risk assessment makes sense as a viable tool.
As you design processes for EHS, you can build risk in an operational context in processes around job safety, such as building risks at each level of the job steps, and rolling up risk to determine what the overall risk of that job truly is.
As you impact management of change in your organization, risk is a powerful tool in determining the impact of that change from a risk standpoint. During normal EHS operations, incidents and accidents will happen. And when you encounter these adverse events, risk assessment can serve as a decision-making agent to help filter the severity and criticality of those events, and help to make better, more informed decisions. Risk assessment can help to determine the level of at-risk behaviors, and help to prioritize and measure the level and severity of behaviors to the organization.
Any organization is looking to foster continuous improvement — it drives the business to be more efficient and operate in a more streamlined and compliant manner. When we talk about building risk into continuous improvement initiatives, we can see sustainability reporting as having an element of risk — what areas within the sustainability of the organization pose the highest risk, and how can we mitigate it? Similarly, internal audits will also measure the effectiveness of your EHS, and building risk into the auditing process will help to prioritize the level and nature of the audit report.
These are just some examples in which we see risk assessment being measured within EHS operations.
I would leave you with this. Risk management, if not already started in your organization, starts now. What this means is that compliance is moving toward a risk management focus, and building in risk technologies and tools is a great way to benchmark and measure compliance.
Risk is common for all levels of compliance. It is a universal language that is applicable to many operational areas. This is because it provides an objective and systematic way to filter and prioritize adverse events, and, in this complex and fast-paced world we live in, we need to improve the speed and quality of our decision-making capabilities. Risk terminology offers a common understanding of complex operational issues, and can easily be interpreted at all levels of the organization.
If your EHS operation can speak risk, you can drastically improve your ability to make an impact on compliance within your business.