Session No. 511
The Future of Occupational Risk Management
Paul Esposito, CIH, CSP. President
STAR Consultants Inc.
Annapolis, Maryland
Introduction:
Occupational Risk Management has become more and more the standard to which leading companies
aspire. Since before OSHA was created, most of the safety profession focused on compliance and
incident analysis. Insurance companies for years have been touting incident and loss analysis as the
basis for predicting the future trends in loss. In addition, many risk managers have been focusing on
transfer of risk, rather than risk reduction. While incident trend analysis is a valuable exercise, as
leading companies reduce the number of losses, the value in using this data as a predictive index
diminishes. In fact, we have seen seminar after seminar and publication after publication espouse
the value of looking at risk for your predictive data.
The plethora of recent risk publications on the national and international levels further supports the
paradigm shift from the focus on managing to incidence rates to one where risk reduction becomes
the leading data points and targets. While risk assessment methodologies have been around for years
(MIL-STD-882D-1993/2000), more recently publications from ISO (OHSAS 18001/2-1999/2007;
31000-2009) and ANSI (B11-TR3-2000; Z 10 – 2005/2012; Z590.3-2011) have been proliferating
(just to name a few). Safety Management Systems, Like OHSAS 18001 and ANIS Z10 have made
Risk Assessment one of the fundamentals of Planning (per the Deming “Plan-Do-Check-Act” cycle),
so the data is available for Risk Management (Do, Check, Act).
There are several keys to successful risk assessment, therefore, to also having the right data available
for risk management. However, some of these keys have not been standardized, leaving confusion
and variability for safety professionals to figure out. In its simplest terms, there are two risk factors,
Severity (Consequence) and Probability (Likelihood). A matrix is used to determine the risk based
on the product of these two factors. Once of the challenges we face is that there is no one universal
matrix. B11 uses a 4X4 Matrix, Z10 a 4X5, and DOD a 5X4. Another key is the Risk Factor
definitions. While terms like “Likely” or “Occasional” are used to reference the potential frequency
of an event or exposure, none of the referenced documents further define these terms. Similarly,
severity terms like “Catastrophic” or “Minor” provide no clear direction how to classify events or
exposures. This leaves risk assessors with no standards or definitions from which to develop, let
alone compare, risks. Another weakness in terms of standardized guidance is what to do if you have
additive effects when multiple Severity or Likelihood factors exist. Process Safety Management
experts as well as others, use differing methods to measure these risk factors.
1|Page
For example, STD 882D attempted to do this by combining the definitions in their Severity
definition…
Description
Category
Environmental, Safety, and Health Result Criteria
Catastrophic
I
Could result in death, permanent total disability, loss exceeding
$1M, or irreversible severe environmental
… so you only choose the worst case. Other organizations use a multiplicative effect, where a loss
exceeding $1M, but does not result in a death or permanent total disability receives some level less
that Category I, but more that Category II.
Another key is the application of the hierarchy of controls. Historically, elimination/substitution
have been the preferred controls or mitigations, with personal protective equipment (PPE) being the
item of last resort (least effective). STD 882D defines the term “Safety Critical”, as being:
A term applied to any condition, event, operation, process, or item whose proper recognition,
control, performance, or tolerance is essential to safe system operation and support (e.g.,
safety critical function, safety critical path, or safety critical component).
From an application standpoint, high risk or most severe tasks or operations need safety critical
controls, i.e., controls that are more reliable like engineering, substitution or elimination. The
weakness seen is that this step is not typically prescribed, i.e., risk assessors often automatically go
to PPE to solve even high risk exposures. Another weakness typically seen when applying the
hierarchy of controls is the amount of risk reduction gained from applying a lesser control (i.e., PPE,
training, warnings). For example, the severity posed by a Class IIIB laser is blindness. All the PPE
in the world does not change this fact. PPE will only reduce the likelihood of exposure. To reduce
the severity, we have to reduce the power of the laser. Often, risk assessors erroneously reduce
Severity based on the application of engineering controls or PPE.
Another poorly defined
methodology is the synergies when applying multiple controls (e.g., defense in depth, layers of
protection). While a common practice among some industries, the definitions are not as direct.
The recent publication of “Z590.3 Prevention through Design” highlighted another Hierarchy of
Control – avoidance.
Risk Avoidance: Prevent entry of hazards into a workplace by selecting and incorporating
appropriate technology and work methods criteria during the design processes.
This is viewed as superior to elimination, although along the same lines, but avoids the entry of the
hazard into the workplace altogether, like “no more use of ladders”.
Moving from Risk Assessment to Risk Management typically involves the application of a
Framework. ANSI Z-10 defines a Framework as…
2|Page
…and provides definitions of each.
The concept is that a written program defines the
implementation strategy for each of the boxes above. The goal goes way past the absence of injuries,
or “0 injuries” to the ongoing reduction of risk (creating a safe and healthful workplace).
Under “Monitoring and Review”, one of the biggest concerns, or lack of consistent published
standards is the use of leading metrics. While almost every conference attended during the last 10+
years has a topic of leading metrics, consistent examples have not been forth coming from these
publications. For example, Z690.3 says:
Monitoring. Continual checking, supervising, critically observing or determining the status
in order to identify change from the performance level required or expected.
Yet, the definitions for performance levels are left for your own interpretation. So, for example, we
see some companies measure the change from year to year of the number of high residual risks, or
catastrophic severity levels, as a new definition of safety performance.
The future of Occupational Risk Management, therefore, is already the path forward leading
companies are using to define safety management and safety performance. Addressing the specific
weaknesses or inconsistencies listed above, standardizing and defining these for your organization,
will be essential to our profession.
The ASSE Risk Assessment Institute is attempting in part to provide industrial examples of each of
the above to help make safety professionals the professional of choice when organizations perform
risk assessments and implement risk management approaches.
Outline
The following learning objectives are thus presented to help organizations better define and use the
risk assessment and risk management concepts.
3|Page
 Design risk assessments to yield the accurate data
 Assess internal processes for prevention through design efforts and
 Use Risk Assessment data to develop leading metrics to drive risk reductions as a function of
management.
Risk Assessment Design and Data Output.
Risk Assessments follow a prescribed procedure as outline by the various references. In order to
provide many layers of data, and good data, most companies have found that standardizing
definitions for each step of the risk assessment process will help yield better data.
In looking at each of the risk assessment steps:
Step 1: Identify Hazards
OSHA Publication 3071, Job Hazard Analysis, provides a good list of potential hazards.
They include hazards like…. Toxic Substances; Electrical Loss of Power; Excavation; Fall; etc. The
benefits of standardizing the hazard list is many, but most significantly 1) the risk assessor now has
an inventory list of hazards to identify, so hazards do not get overlooked, and 2) we can now pareto
the list of identified hazards and risk rank them, to develop a better risk profile of an organization or
department, so risk reduction targets can be better determined.
Step 2: Identify Risk Factors
The two risk factors in particular are Severity (Consequence) and Likelihood (Probability).
STD 882D has some good definitions for Severity:
4|Page
While STD 88D defines Likelihood in a less user friendly manner. For example:
Unfortunately, this definition uses undefined terms (e.g., likely) and expects that there are
statistics available to determine the probability, both before and after controls are in place. This
occurrence data does not exist in the public published world that I can find.
A more descriptive example of Likelihood definitions may include the following:
F
Frequent
Near certain to occur or has occurred repeatedly, or/and task is performed several
times an hour, or/and duration may approach at least 4 hours in a day.
P
Probable
Has occurred more than once, or/and task is performed several times a day,
duration may approach 1 hour a day.
O
Occasional
Will occur on occasion, is performed several times a day, and/or in typical
durations under one hour.
R
Remote
I
Not likely to occur, or task is performed less than one or two times a day, or
duration may be under a few hours a month.
Improbable May occur only under exceptional circumstances, or so remote as to be near zero
in probability of exposure
The above considers both occurrence and exposure potential.
Step 3: Risk Determination
Using a matrix to determine risk is certainly a classical approach. For example, STD 882D
uses a qualitative approach in a 4X5 Matrix.
Probability
Frequent
Probable
Occasional
Remote
Improbable
High
Medium
Severity
Catastrophic
1
2
4
8
12
1-5
10-17
Critical
3
5
6
10
15
Marginal
7
9
11
14
17
Serious
Low
Negligible
13
16
18
19
20
6-9
18-20
Step 4: Control or Mitigation Selection:
Depending on the number of High or Serious residual risks, many companies are also
developing data to determine if the number of High or Serious Risks have or do not have engineering,
5|Page
substitution or elimination controls. This data point is essential if a company want to target high
priority opportunities for risk reduction.
Step 5: New Mitigations or Controls.
The last step in the risk assessment process is the keep track of any new or improved controls
or safe work procedures. Here, action or improvement plans are assigned and tracked to closure.
Assess Internal Processes For Prevention Through Design Efforts
Prevention through design was perhaps a landmark publication on the part of ANSI. It is the process
of identifying and eliminating potential hazards and their related risks during the planning or design
phase by redesigning work spaces, selecting appropriate technology, and incorporating alternate
work methods.
It recommends that risk avoidance be considered when:
 New facilities, equipment, machinery, tools, technologies, materials, substances, and processes are
being planned, designed, acquired, or installed
 Alterations are made in existing facilities, equipment, machinery, tools, technologies, materials,
substances, and processes.
 Incident investigations are made and corrective and preventive actions are taken.
 Demolition, decommissioning or reusing/rebuilding operations are undertaken.
For example: the decision to design a facility WITHOUT the need to use ladders would be
a serious undertaking. However, considering the risk reductions, not to mention the ease at which
maintenance operations could be performed, seems like it could be worth the effort.
Use Risk Assessment Data to Develop Leading Metrics to Drive Risk Reductions as a
Function of Management.
Finally, the risk assessment data, now that it is accurately recorded and appropriately categorized by
the hierarchy of controls and other consistent data points, yields data that can be queried, sorted and
presented as metrics. The current state Risk Profile now becomes a plethora of baseline leading
metrics from which to measure change. The concept of measuring change is typically compared to
the definition of insanity, “doing the same thing over and over again, but expecting a different result”.
Improvements do not come from doing the same things over and over again, but from change, i.e.,
measuring and targeting change, especially as engineering, substitution and elimination controls.
Using these change metrics as an accountability of management to prioritize and resource change is
what drives true risk reductions in design efforts.
Some of the key data we see leading companies use includes:
Hazard by Type and Risk Level
6|Page
100
Total
50
Serious
0
Caught In
Overexertion
Struck By
This table looks at both the number of serious hazards and hazard types within an
organization. Once identified, organizational can set targets based on actual risk data, and measure
risk reductions, on weekly and monthly basis if desired.
Number of New Engineering, Substitution or Elimination controls
100%
80%
60%
40%
20%
0%
Yr 1
Yr 2
This Table compares change between years. Notice that we have had more substitution and
engineering controls identified. An alternate approach some companies use is to measure the
reduction on PPE required to be work.
Risk Profile
Overall Initial Risk vs Current Risk
100%
50%
Initial
Residual
0%
A Risk Profile measures the change from year to year, to confirm that the overall risks are
being reduced. Here, there are still some residual high risks that could be a primary target for
reduction.
7|Page
Critical Control Conformance Rates
100
80
Yr 1
Yr 2
Goal
One of the primary metric leading companies use is critical control conformance rate. If
you have followed a defined methodology, you would be able to determine where your critical
controls are for your High Risks or Serious Severities. Inspection and observation programs can then
target the collection of this data, to include verification of learning (i.e., was the communication part
of risk management successful?).
Closure Volume and Rates
If the new paradigm is to measure change, and risk reductions, then both the volume of
change and the closure rate of the associate action plans needs to be a one of our leading metrics.
We want volume of change, and we want closure. The rate of closure can be measured any number
of ways; i.e., closed on time, closed within 30 days, etc.
Summary
The future of Risk Management is upon us. More and more, leading companies are measuring risk
and risk reductions as their definition of safety performance. Unfortunately, with the proliferation of
risk related standards and publications, consistently and definitions are becoming more widespread,
instead of more succinct and standardized. It is incumbent upon us as safety professionals to
recognize these inconsistencies, and help define them for our industry and organizations.
Bibliography
Department of Defense MIL-STD-882D-1993/2000. Standard Practice for System Safety.
Occupational Health and Safety Advisory Services OHSAS 18001/2-1999/2007. Occupational
Health and Safety Management System (OHSMS).
International Standards Organizations ISO 31000-2009. Risk management – Principles and
guidelines.
International Standards Organizations ISO/IEC 31010:2009. Risk management – Risk assessment
techniques. (Also ANSI Z690.2)
International Standards Organizations ISO Guide 73:2009. Risk management – Vocabulary.
8|Page
Occupational Safety and Health Administration (OSHA) Publication 3071: 2002. Job Hazard
Analysis.
American National Standards Institute (ANSI) B11-TR3-2000. Risk Assessment and Risk
Reduction - A Guide to Estimate, Evaluate and Reduce Risks Associated with Machine Tools.
American National Standards Institute (ANSI) Z 10 – 2005/2012.
Safety Management System.
Occupational Health and
American National Standards Institute (ANSI) Z 590.3 - 2011. Prevention through Design.
Guidelines for Addressing Occupational Hazards and Risks in Design and Redesign Processes.
Esposito, P. 2013. "Sustainability at any Speed. Getting to that Higher Level of Safety Program
Maturity". ASSE National Conference Proceedings.
Esposito, P. Autumn, 2010. “Building on Your VPP Success.” The Leader, Voluntary Protection
Program Participants Association (VPPPA) quarterly publication.
American Society of Safety Engineers (ASSE): Risk Assessment Institute: Advancing Excellence
in OSH Risk Assessment and Management. (http://www.oshrisk.org/).
9|Page