Start talking risk rather than compliance

By: Travis Rhoden

Publication: Workplace Safety Regulatory Alert

Date Posted: 10/29/2020

Getting upper managements attention for hazard control and safety enhancements

Most safety professionals have at some point in their career handed upper management a list of hazards or “compliance issues” that were found in an audit. In response, it’s very likely upper management handed the list back and said “So, what does this mean?”

Too often, the safety professional will respond to upper management’s question by mentioning the possibility of the company being inspected by OSHA and fined a few thousand dollars for each violation. Or, perhaps the safety professional will list the regulations that are being violated, “29 CFR 1910.147(c)(2) says we need to …”

While that type of approach may eventually get to the heart of the matter, it’s not the most direct route. Instead, safety professionals should be speaking in a language that upper management commonly uses, which in this case is “risk”.

“Safety professionals have historically used compliance language, quoting CFRs and regulations, and using lots of acronyms and slang terms when communicating with upper management,” according to Bruce Lyon, P.E., CSP, ARM, SMS, CHMM, chair of the U.S. Technical Advisory Group (TAG) for the ISO/TC 262 risk management technical committee.

This can really be a turn-off to upper management, he says.

“They don’t really understand it, they don’t have time to try to learn it, and it doesn’t really help them any.”

Instead, Lyon advises that safety professionals must be better at learning the language of upper management and being able to put what the safety professional offers, i.e., guidance and advice on controlling hazards, into terms upper management understands.

To illustrate the point, Georgi Popov, Ph.D., CSP, ARM, SMS, QEP, CMC, FAIHA, and vice-chair of the ISO/TC 262 risk management technical committee, says to imagine asking upper management for a $500,000 investment to keep from getting a $7,000 fine. “You’re probably not going to get far,” he says.

“If you talk to them with risk management tools, you’ll explain that you have analyzed all the risks, and prioritized which ones should be addressed first. Further, you discuss the financial implications.”

Financial implications include suffering operational delays, which directly impact the number of products a company might produce, for example, and could result in direct financial consequences.

Risk is one of the common languages we have, Lyon points out, “Business owners, every CEO, CFO, they manage risk every day. They understand risk.”

“When we put hazards and hazard risks into that language, they start to see ‘Okay, that makes sense, we need to manage that, and we need your help to manage it.’ And that’s what our role is.”

That all sounds good, but…

Many safety professionals haven’t had formal training in risk management, so learning the concepts may take some time. But it doesn’t have to be daunting. Tools are available to help.

In fact, a new technical report published by the American Society of Safety Professionals provides safety professionals with the latest techniques and implementation strategies to combat risk and better protect workers.

ASSP TR-31010-2020 Risk Management – Techniques for Safety Practitioners is designed to assist safety practitioners and company decision-makers in understanding, assessing, and managing risk in all industries so organizations can achieve their business objectives. The guidance document was developed by the U.S. TAG for the ISO/TC 262 risk management technical committee. The report’s techniques expand on the principles and processes of ANSI/ASSP/ISO 31000 Risk Management and other workplace risk standards.

The technical report provides expert guidance on the selection, modification, combination and application of 50 risk management techniques used to help improve the way risk and uncertainty are managed. It includes basic techniques for industry newcomers and complex methods for seasoned safety professionals. The safety resource explains the fundamentals of risk assessment and risk treatment and covers prevention-through-design practices that are applicable throughout the life cycle of a system. Safety professionals can apply the techniques to a range of occupational settings, situations and operational stages of a business.

“Risk management techniques should be used by an organization within all steps of the risk management process,” said Popov. “That systematic course of action includes establishing context, identifying and analyzing risk, evaluating and treating risk, monitoring and reviewing risk, recording and reporting risk, and communicating risk.”

Examples of some of the 50 tools covered by the Technical Report include:

  • ALARP – Getting to a risk level that is “as low as reasonably practicable” by classifying risks into specific categories;
  • Risk Hierarchy – A comprehensive risk portfolio of risks organized by type;
  • Causal Mapping – Identifies causality by mapping interactions between risks;
  • Ishikawa (Fishbone) Analysis/Cause and Effect Analysis – A team-based approach using a pictoral displays to help consider all possible scenarios and causes of a specific effect; and
  • Business Impact Analysis – A method to evaluate effects of incidents on critical business operations.

The Technical Report contains a table that provides information on the complexity of each of the 50 tools, along with guidance on how each may or may not apply to different situations a safety professional might encounter.

For example, ALARP is a medium complexity tool strongly applicable to determining risk context, as well as for risk evaluation. However, it is not very applicable to risk analysis. On the other hand, Risk Hierarchy is low complexity and strongly applicable to communicating risk, but not as applicable to analysis.

The good thing for safety professionals: you don’t have to learn all 50 tools at once.

“When you start out, you’ll pick maybe five tools,” Popov says, “That’s how you’ll communicate with your next level manager.”

“But as you progress and are invited into decision-makers’ meetings, you’ll learn about other tools they start talking about.”

That’s when you can go back to the Technical Report and learn more about that topic, Popov says.

“Then, next time, you’re part of the solution.”

Then, as you get into upper-level safety and start communicating with the CEO, there are tools in the report to help, focusing on enterprise-wide risk management.

What this all means

In an ever-changing world, where risk is becoming a huge focus, the safety professional should be armed with the necessary risk information in order to get upper management’s attention for hazard control and safety enhancements. Additionally, as safety professionals become more adept at using risk tools, they can be a part of the solution to many risk-based decisions, some that are enterprise wide. But that likely won’t happen if the focus stays solely on compliance and hazards. Risk must be a language that safety professionals can speak.