Professional Documents
Culture Documents
ETQ EHS Risk Management Guidebook 0422
ETQ EHS Risk Management Guidebook 0422
• Risk assessment to prioritize which risks need You then plot the numbers on a matrix or chart,
controls. This is essential for efficient and with each square calculated as the product of the
effective allocation of resources. corresponding frequency and severity level.
• Implementing controls such as additional It allows you to quantify the risk associated with
training or engineering controls. a given hazard. Each hazard falls into one of the
following areas on a color-coded risk matrix:
• Monitoring of controls and measurement of
residual risk to ensure controls are effective. Green: Low or generally acceptable risk.
1. Risk Matrix
The next step is interpreting the results and
The risk matrix is the most commonly used tool
deciding how to act. That requires your company to:
in EHS management, and it allows you to quantify
the risk associated with a hazard and set clear • Agree on a definition of risk. Everyone at
guidelines on whether the risk is acceptable. each business level must share a common
How it works: To create a risk matrix, you first understanding of what defines high risk and
break out different levels of probability and impact low risk.
into verbal scales, assigning each level a numeric • Vet the risk matrix with historical data. By
value: plotting past incidents on the risk matrix, you
SEVERITY can pinpoint the division between acceptable
Verbal Numeric Description and unacceptable risks.
Catastrophic 5 Likely result in death
Critical 4 Potential for severe injury • Create decision-making guidelines.
Moderate 3 Potential for moderate injury
Company policy should dictate the specific
Minor 2 Potential for minor injury
Negligible 1 No significant risk of injury number or range that requires new controls to
be implemented before proceeding.
FREQUENCY
Verbal Numeric Description
2. Decision Tree
Frequent 5 Hazard likely to occur
Probable 4 Hazard will be experienced A decision tree outlines possible decision paths or
Occasional 3
Some manifestation of the
hazards will occur
outcomes for a given situation. It’s less commonly
Remote 2
Manifestations of the hazard used than the risk matrix, but it helps teach
are possible
Manifestations of the hazard
employees how to apply company policy in a
Improbable 1
are unlikely
situation that contains many variables.
How it works: The decision tree asks a series of Automated EHS software also creates opportunities
questions that lead the reader to a specific action. in key areas such as:
The decision tree below uses a chemical spill on the
shop floor as an example: • Tracking leading indicators - Traditional
EHS risk management focuses on lagging
You can use this risk model for many EHS scenarios
indicators like incidence rates and injury costs.
requiring special procedures, including confined
Better linking of larger amounts of valuable
space entry, hazardous material disposal, and
data allows you to identify leading indicators
lockout/tag-out (LOTO).
with stronger predictive capabilities.
3. Bowtie Risk Assessment • Leveraging Big Data - Leading systems make
Companies use bowtie risk assessment to mitigate it easy to integrate vast quantities of EHS data
the risk of rare but potentially catastrophic with business intelligence tools like Cognos
events. It allows them to visualize complex risk
and QlikView.
environments..
• Performing advanced modeling - Integrated
Threat Preventive
Controls
Recovery
Controls
Consequence systems create robust datasets that enable
Threat Preventive Undesired Event Recpvery Consequence advanced modeling, such as Monte Carlo
Controls (Hazard) Controls
simulations.
Threat Preventive Recovery Consequence
Controls Controls
likelihood of recurrence. Essential risk management The following risk management strategies can
software tools and functions that improve your effectively boost effectiveness:
incident management process include:
• Filtering corrective action requests by
• Using a risk matrix to prioritize high-risk risk - Ensures that high-risk items receive
incidents for corrective action. priority attention. Without this kind of risk
• Tracking near-misses to improve predictive triage, problems can become systemic, and
capabilities and prevent incidents. Mandatory recurrence is more likely.
near-miss reporting allows you to analyze • Collaborating on root cause analysis to reduce
high-risk events to identify trends and the subjectivity of results - Incidents typically
unmanaged risks. ETQ’s experience shows involve intersecting processes and uncovering
that up to one in three near-misses may have the true root cause often require multiple
serious potential for harm, underscoring the viewpoints.
need to treat them as genuine safety incidents. • Measuring residual risk as a final verification
• Creating dashboard alerts for high-risk step to ensure the corrective action reduced
incidents, near-misses, and when key incident risk to acceptable levels.
management tasks are overdue. • Proactively applying lessons learned across
• Linking high-risk incidents to corrective action the enterprise and not siloing that data - Root
requests. Integrated EHS software routes cause findings identified in one plant should
corrective action requests automatically be applied in all other facilities, reducing risk
through review, root cause analysis, actions by preventing the problem from occurring in
taken, and verification. That prevents high- other locations.
risk incidents from getting buried, making it
easy to access the risk mitigation history for Change Management
incidents.
From moving employees between production
areas to installing new equipment, coordinated
Corrective Action change management is critical to reducing EHS
Many organizations use corrective action as a risk. Many companies have learned the hard way
punitive tool rather than a continuous improvement that unmanaged change can lead to disaster – in
process. This unhelpful approach leads to fact, 60-70% of all change initiatives undertaken in
underreporting issues and incidents, thus increasing organizations fail.
risk. It’s a key reason why companies must move Regardless, it’s important to remember that change
away from assigning blame and toward minimizing is necessary to benefit from new opportunities.
the risk of incident recurrence. Change management tools within integrated EHS
Utilizing technology to create a robust corrective software systems allow you to make important
action process ensures the appropriate action is changes while managing risk, ensuring business
taken and enables a deeper understanding of the continuity so your company can grow profitably
context and causes of safety incidents. with minimal risk of interruption.
Important risk mitigation techniques to incorporate equipment. That means you won’t take equipment
into your change management process include: out of service too early while dramatically reducing
worker risk.
• Performing a risk assessment before you
Tools and capabilities to leverage within the EHS
change processes, people, or equipment.
management system for reducing equipment-
That could mean using a risk matrix to assess
related risks include:
the risk of a particular hazard or using a
decision tree to analyze the costs of various • Creating risk dashboards with automated
alternatives. alerts for when equipment needs calibration,
• Using Job Safety Analysis to identify maintenance, or monitoring systems show
hazards associated with new procedures or abnormal conditions.
equipment. You can assess the risk of the • Integrating employee data to prevent workers
procedure as a whole and for individual steps, who don’t meet certification or training
helping you pinpoint areas for strategic risk requirements from operating equipment.
reduction.
• Filtering maintenance tasks by risk to ensure
• Using integrated project planning tools within the most important repairs and calibration
the EHS System to ensure costs and timelines issues get priority attention.
don’t balloon out of control.
• Tracking leading indicators around equipment
• Linking employee training requirements maintenance and monitoring activities. Smart
to change management initiatives. People sensors that feed data from equipment to the
are your biggest variable for EHS risk, and EHS system can provide predictive data that
employee training is a common weakness in allows you to stay ahead of problems.
change management.
• Updating related documents such as protocols Employee Training
and emergency response plans. Any changes
Believe it or not, it’s rare that accidents are purely
to processes or equipment should trigger
the result of mechanical failure. Human behavior is
documentation updates, preferably within always the biggest variable for operational risk, and
an integrated, permissions-based Document the average worker could make anywhere from 10
Control system. to 12 errors every hour.
Key steps for incorporating risk management into different organizational areas enables more
contractor and supplier compliance programs strategic decision-making.
include: • Linking risks in different areas to identify
trends and common underlying sources of risk.
• Tracking compliance certificates to ensure all
That can also help EHS teams secure needed
contractors and suppliers meet internal and
investments in risk management initiatives
regulatory standards.
that impact other areas of the organization.
• Identifying high-risk suppliers and contractors
through proactive compliance history tracking.
Emergency Preparedness
• Standardizing policies for how to manage Application
supplier issues. For example, a decision tree
ETQ Reliance includes an Emergency Preparedness
or risk matrix can help you identify whether
(EP) application as part of the Enterprise Risk
an incident calls for corrective action, Management solution set. EP is a planning and
enhanced inspection rules, or reevaluating the preparation tool to document, approve and test an
relationship entirely. organization’s response plans for ensuring business
• Assigning corrective actions to partners continuity in the face of various emergencies.
with secure, cloud-based access to the Risk management and mitigation are key quality
EHS system to engage suppliers and functions, and especially important in emergency
subcontractors in your safety process. planning. To improve your organizational response
to events, it is critical to define precisely how
an organization will react during an emergency.
Enterprise Risk Management
The Reliance EP application will guide you in
For anybody making business decisions – whether critical areas of prep from documenting plans,
quality and safety, finance, security, HR, or otherwise policies, and procedures, to training employees
– risk has become a major element to factor in on emergency plans, and running drills to ensure
and make decisions around. EHS software allows preparedness. Part of these plans should define how
and where employees would work remotely if the more functionality than point solutions. It’s
organization’s primary locations were unusable. also important to consider whether your EHS
Emergency Preparedness helps organizations software is capable of directly integrating
manage risk with disaster recovery and business data from related systems such as quality,
continuity planning and can be applied to several human resources, manufacturing systems and
scenarios, including: finance.
• Automation: An automated system reduces
• IT failures
the risk of human error and improves
• Executive disruption productivity, also reducing administrative
• Medical and healthcare emergencies overhead.
• Natural disaster • Mobile: Mobile capabilities allow you to
• Political disruptions extend risk management to the field. This
helps engage employees, so you can capture
• Fire
more (and more detailed) safety data. The
• Bomb Threat key is having a mobile platform for all EHS
• Chemical Spills functions, not just a few mobile apps.
Ensuring employee, customer and other stakeholder • Flexibility: You should be able to customize
safety is paramount. As part of our Enterprise Risk an EHS system to your business, not the other
Management Solution, this critical EP process way around. Ease of use is also a huge factor in
enables customers to: user adoption.
• Scalability: It’s important to evaluate how
• Create and approve emergency response
difficult it is to scale up the system, since you’ll
plans, policies, and procedures
likely want to add new users and locations as
• Track employee training on these plans
your business grows.
• Set reviews and complete drills on their plans
to ensure organizational readiness
Closing Thoughts
• Link associated response plans, policies,
Big Data now allows companies to collect and
procedures and work instructions with the analyze vast quantities of data faster, better, and
Corrective Action (CAPA/SCAR) records cheaper. For organizations to gain maximum benefit
from these advances, an integrated approach
EHS Software Checklist is needed that addresses the gaps created by
disparate point solutions and outdated manual
Evaluating EHS management systems and
tracking systems.
determining whether they meet your organization’s
unique needs is a time-consuming process. The Ultimately, the key is building a system that ties
checklist provides some important considerations together singular EHS functions and the enterprise.
for any system under evaluation: Only then can companies achieve a higher standard
of protecting both worker safety and our shared
• Integration: Integrated systems provide environmental resources.
About ETQ
ETQ, part of Hexagon, is the leading provider of quality, EHS and
compliance management SaaS software, trusted by the world’s
strongest brands. More than 600 customers globally, spanning
industries such as pharmaceuticals, electronics, heavy industry,
food and beverage, and medical devices, benefit from ETQ to secure
positive brand reputations, enable higher levels of customer loyalty
and enhance profitability. ETQ Reliance offers built-in best practices
and powerful flexibility to drive business excellence through quality.
Only ETQ lets customers configure industry-proven quality processes
to their unique needs and business vision. ETQ was founded in 1992
and has main offices located in the U.S. and Europe. To learn more
about ETQ and its various product offerings, visit www.etq.com.