Tackling issues before they have a chance to grow and spread throughout an enterprise helps to ensure the best potential outcome. For those in Environmental Health and Safety, the ability to be proactive when it comes to the prevention or cleanup of incidents plays a major role in the company’s image and safety overall.

In order to promote as safe of a workplace as possible, the Occupational Safety and Health Administration (OSHA) sets a focus on reducing job-related incidents. Risk management is one effective method for doing so. Incorporating risk management into the EHS system will help foster a quicker response time when it comes to mitigating incidents. It improves safety within the job force, promotes active risk mitigation and enforces a quicker response time to high-level events.

Risk management for EHS organizations allows an organization to identify risks and take systematic steps to eliminate them throughout processes. Addressing adverse safety events helps to mitigate the risk of recurrence and provides visibility into top events.

To set the stage for successful risk management, an organization must have a systemic approach to handling all events. Three traits to look for in an automated system include:

  • Repeatability: Risk management processes must use the same methodology for categorizing all events within the system and organization, regardless of how or when the event occurred. With repeatable tools for minimizing risk, users are able to apply the same standards to any adverse events and receive a similar outcome.
  • Objectivity: An EHS organization needs a tool that systematically quantifies the necessary actions that need to be taken as opposed to a more subjective method. Subjective methods could differ depending on different perceptions, human factors and similar constraints. When you quantify risks, the results are able to not only eliminate subjective factors, but are also able to increase the efficiency of the decision making process. 
  • Consistency: Much like repeatability, consistency is the key to effective risk management. Risk tools are designed to produce an objective and consistent result each time to avoid detrimental events and ensure consistency.


Once the framework for a risk management system is set, the organization is the ready to start defining its risks. This is no easy task, and when looking to identify and quantify risk, a tool like the risk matrix is invaluable. 


Tools for Identifying Risk 


The risk matrix helps define risk and determine which events are most critical. Essentially, it takes hazards and harms and quantifies them by plotting findings on a graph. It defines verbal scales (for example, severity and frequency), to represent the “x” and “y” axis of the graph and then assigns numerical values to these scales. The resulting calculation of severity and frequency becomes the organization’s risk.

A high severity and high frequency threat will result in high risk. A low severity and low frequency threat will result in a low risk. Defining risk with the risk matrix is easy. It’s in the defining “gray areas” where organizations are faced with confusion. In order to define gray areas, an organization can benefit from using As Low as Reasonably Practicable (ALARP). After all gray areas are defined and identified using ALARP, the organization will be able to begin plotting risk.

Once risk levels have been identified and vetted for accuracy and effectiveness, the risk matrix can then be applied to the risk management process. After, an organization can start to incorporate integration capabilities of the EHS system to identify other risks throughout the enterprise.

Integrating risk management with the EHS system has a direct impact on the efficiency of many processes within the system.

Risk management is typically applied within areas like:

Incident Management: EHS systems track and identify any adverse safety incidents across an enterprise. This helps prevent harm in the shape of injury, illness, fires, explosions, chemical spills etc... It is necessary to collect as much information as possible to thoroughly document any incidents to OSHA. Risk tools help streamline the process of managing incidents through filtering. Risk tools enable organizations to filter incidents data by risk level, using the risk matrix. This ensures a systematic and repeatable method for making well-informed decisions on actions that need to be taken when handling incidents.

Job Safety Analysis: Risk management is able to provide consistent, quantitative benchmarking for Job Safety Analysis (JSA). It takes a proactive approach to the mitigation of job risks by taking a job description and breaking it down into several steps. From there, it lists potential hazards that could occur within each of those steps. Once hazards are made evident, the JSA implements controls for each step in order to prevent the hazard from occurring.

Risk management is effective as it examines each step of a job in the JSA. This tool can look at potential hazards in a job and assign a risk level to those hazards. From there, Personal Protective Equipment (PPE) and other controls can begin to reduce the level of harm at each step. Reviewing job steps by risk and mitigating those risks at a granular level not only improves the safety of each step, but the safety of the overall job.

Corrective Action: Similar to using risk management to manage incidents, the EHS system can apply risk to the corrective action process. This determines if the actions that were corrected were done so in a truly corrective manner. During the corrective action process, a root cause analysis is conducted to investigate an incident. Corrective Action incorporates measures to correct the issue from the root cause, while verification and effectiveness are used to determine that the corrective action worked. Risk management is one of the methods for benchmarking the corrective action’s effectiveness.

Reporting: Automating and streamlining EHS processes through an integrated EHS system is beneficial. However, an organization also needs to report on data in order for that information to offer continual improvement. A total enterprise EHS system provides important data for all levels of an organization. Executives and key decision makers within the organization will often level risk as the benchmark for challenges and improvement areas within the enterprise. Risk data allows executives to make decisions based on the top risks to an organization. 


Closing Thoughts 


There are three questions to ask when it comes to taking on Risk. Is the process repeatable? Is it consistent? Is it objective? Once the proper framework is built, you will then have the ability to define risk for your organization. Automated risk management helps foster a faster response time to high-risk events. The right tools guide an organization through the necessary steps. It draws correlations between events that happen in one department to events that happen in another, helping to get to the root cause of the risk and stopping systemic events from occurring.

Quantitative risk management technology provides a standardized and objective means of building risk into all processes. Once an organization has applied risk management into their processes they will benefit from improved visibility, better informed decision making and continuous improvement across their enterprise.