Session No.

511

The Future of Occupational Risk Management

Paul Esposito, CIH, CSP
President
STAR Consultants Inc.
Annapolis, Maryland

Introduction
Occupational risk management has become more and more the standard to which leading
companies aspire. Since before OSHA was created, most of the safety profession focused
on compliance and incident analysis. Insurance companies for years have been touting
incident and loss analysis as the basis for predicting the future trends in loss. In addition,
many risk managers have been focusing on transfer of risk, rather than risk reduction. While
incident trend analysis is a valuable exercise, as leading companies reduce the number of
losses, the value in using this data as a predictive index diminishes. In fact, we have seen
seminar after seminar and publication after publication espouse the value of looking at risk
for your predictive data.
The plethora of recent risk publications on the national and international levels further
supports the paradigm shift from the focus on managing to incidence rates to one where risk
reduction becomes the leading data points and targets. While risk assessment
methodologies have been around for years (MIL-STD-882D-1993/2000), more recently
publications from ISO (OHSAS 18001/2-1999/2007; 31000-2009) and ANSI (B11-TR32000; Z10-2005/2012; Z590.3-2011) have been proliferating (just to name a few). Safety
Management Systems, Like OHSAS 18001 and ANSI Z10 have made risk assessment one
of the fundamentals of planning (per the Deming Plan-Do-Check-Act cycle), so the data is
available for risk management (Do, Check, Act).
There are several keys to successful risk assessment, therefore, to also having the
right data available for risk management. However, some of these keys have not been
standardized, leaving confusion and variability for safety professionals to figure out. In its
simplest terms, there are two risk factors, severity (consequence) and probability (likelihood).
A matrix is used to determine the risk based on the product of these two factors. Once of
the challenges we face is that there is no one universal matrix. B11 uses a 44 matrix, Z10 a
45, and DoD a 54. Another key is the risk factor definitions. While terms like likely
or occasional are used to reference the potential frequency of an event or exposure, none
of the referenced documents further define these terms. Similarly, severity terms like
catastrophic or minor provide no clear direction how to classify events or exposures.
This leaves risk assessors with no standards or definitions from which to develop, let

alone compare, risks. Another weakness in terms of standardized guidance is what to do if

you have additive effects when multiple Severity or Likelihood factors exist. Process Safety
Management experts as well as others, use differing methods to measure these risk factors.
For example, STD 882D attempted to do this by combining the definitions in
their severity definition, so you only choose the worst case. Other organizations use a
multiplicative effect, where a loss exceeding $1M, but does not result in a death or
permanent total disability, receives some level less that Category I, but more that Category II
(see Table 1).

Description

Category

Environmental, Safety, and Health Result Criteria

Catastrophic

Could result in death, permanent total disability, loss exceeding

$1M, or irreversible severe environmental

Table 1. Definition of Catastrophic Category 1 (Source: MIL-STD 882D 1993/2000)

Another key is the application of the hierarchy of controls. Historically,

elimination/substitution have been the preferred controls or mitigations, with personal
protective equipment (PPE) being the item of last resort (least effective). STD 882D defines
the term safety critical as:
A term applied to any condition, event, operation, process, or item whose proper
recognition, control, performance, or tolerance is essential to safe system operation
and support (e.g., safety critical function, safety critical path, or safety critical
component).
From an application standpoint, high risk or most severe tasks or operations need
safety critical controls, i.e., controls that are more reliable like engineering, substitution
or elimination. The weakness seen is that this step is not typically prescribed, i.e., risk
assessors often automatically go to PPE to solve even high risk exposures. Another
weakness typically seen when applying the hierarchy of controls is the amount of risk
reduction gained from applying a lesser control (i.e., PPE, training, warnings). For
example, the severity posed by a Class IIIB laser is blindness. All the PPE in the world
does not change this fact. PPE will only reduce the likelihood of exposure. To reduce the
severity, we have to reduce the power of the laser. Often, risk assessors erroneously reduce
Severity based on the application of engineering controls or PPE. Another poorly defined
methodology is the synergies when applying multiple controls (e.g., defense in depth,
layers of protection). While a common practice among some industries, the definitions are
not as direct.
The recent publication of Z590.3 Prevention through Design highlighted another
Hierarchy of Control avoidance.
Risk Avoidance: Prevent entry of hazards into a workplace by selecting and

incorporating appropriate technology and work methods criteria during the design
processes.
This is viewed as superior to elimination, although along the same lines, but avoids the
entry of the hazard into the workplace altogether, like no more use of ladders.
Moving from risk assessment to risk management typically involves the application of
a framework.

Exhibit 1. Framework for Moving from Risk Assessment to Risk Management

(Source: ANSI Z-10 2005/2012)
ANSI Z-10 defines a framework (see Exhibit 1) and provides definitions of each. The concept
is that a written program defines the implementation strategy for each of the boxes above.
The goal goes way past the absence of injuries, or 0 injuries to the ongoing reduction of
risk (creating a safe and healthful workplace).
Under Monitoring and Review, one of the biggest concerns, or lack of consistent
published standards is the use of leading metrics. While almost every conference attended
during the last 10+ years has a topic of leading metrics, consistent examples have not been
forth coming from these publications. For example, Z690.3 says:
Monitoring. Continual checking, supervising, critically observing or determining
the status in order to identify change from the performance level required or expected.
Yet, the definitions for performance levels are left for your own interpretation. So, for
example, we see some companies measure the change from year to year of the number of high
residual risks, or catastrophic severity levels, as a new definition of safety performance.

The future of occupational risk management, therefore, is already the path

forward leading companies are using to define safety management and safety performance.
Addressing the specific weaknesses or inconsistencies listed above, standardizing and
defining these for your organization, will be essential to our profession.
The ASSE Risk Assessment Institute is attempting in part to provide industrial examples
of each of the above to help make safety professionals the professional of choice when
organizations perform risk assessments and implement risk management approaches.

Outline
The following learning objectives are thus presented to help organizations better define and
use the risk assessment and risk management concepts.
Design risk assessments to yield the accurate data
Assess internal processes for prevention through design efforts and
Use Risk Assessment data to develop leading metrics to drive risk reductions as a
function of management.

Risk Assessment Design and Data Output

Risk assessments follow a prescribed procedure as outline by the various references. In order
to provide many layers of data, and good data, most companies have found that
standardizing definitions for each step of the risk assessment process will help yield better data.
In looking at each of the risk assessment steps:
Step 1: Identify Hazards
OSHA Publication 3071, Job Hazard Analysis, provides a good list of potential hazards.
They include hazards like. Toxic Substances; Electrical Loss of Power; Excavation; Fall;
etc. The benefits of standardizing the hazard list is many, but most significantly 1) the risk
assessor now has an inventory list of hazards to identify, so hazards do not get overlooked,
and 2) we can now pareto the list of identified hazards and risk rank them, to develop a
better risk profile of an organization or department, so risk reduction targets can be better
determined.
Step 2: Identify Risk Factors
The two risk factors in particular are severity (consequence) and likelihood (probability). STD
882D has some good definitions for severity:

Table 2. Definitions of Severity (Source: MIL-STD 882D 1993/2000)

While STD 882D defines likelihood in a less user-friendly manner. For example:

Table 3. Definition of Likelihood (Source: STD 882D 1993/2000)

Unfortunately, this definition uses undefined terms (e.g., likely), and expects that
there are statistics available to determine the probability, both before and after controls
are in place. This occurrence data does not exist in the public published world that I can
find.
A more descriptive example of likelihood definitions may include the following:
Frequent

Probable

Near certain to occur or has occurred repeatedly, or/and task is

performed several times an hour, or/and duration may approach at least 4
hours in a day.
Has occurred more than once, or/and task is performed several times a
day, duration may approach 1 hour a day.

Occasional

Will occur on occasion, is performed several times a day, and/or in

typical durations under one hour.

Remote

Not likely to occur, or task is performed less than one or two times a
day, or duration may be under a few hours a month.
May occur only under exceptional circumstances, or so remote as to be near
zero in probability of exposure

Improbable

The above considers both occurrence and exposure potential.

Step 3: Risk Determination
Using a matrix to determine risk is certainly a classical approach. For example, STD 882D
uses a qualitative approach in a 45 matrix.

Probability
Frequent
Probable
Occasional
Remote
Improbable
High
Medium

Severity
Catastrophic
1
2
4
8
12
1-5
10-17

Critical
3
5
6
10
15

Marginal
7
9
11
14
17
Serious
Low

Negligible
13
16
18
19
20
6-9
18-20

Table 4. Matrix to Determine Risk (Source: MIL-STD 882D 1993/2000)

Step 4: Control or Mitigation Selection
Depending on the number of High or Serious residual risks, many companies are also
developing data to determine if the number of High or Serious Risks have or do not
have engineering, substitution or elimination controls. This data point is essential if a
company want to target high priority opportunities for risk reduction.
Step 5: New Mitigations or Controls.
The last step in the risk assessment process is the keep track of any new or improved
controls or safe work procedures. Here, action or improvement plans are assigned and
tracked to closure.

Assess Internal Processes For Prevention Through Design Efforts

Prevention through design was perhaps a landmark publication on the part of ANSI. It
is the process of identifying and eliminating potential hazards and their related risks during
the planning or design phase by redesigning work spaces, selecting appropriate
technology, and incorporating alternate work methods. It recommends that risk avoidance
be considered when:
New facilities, equipment, machinery, tools, technologies, materials, substances, and

processes are being planned, designed, acquired, or installed

Alterations are made in existing facilities, equipment, machinery, tools, technologies,
materials, substances, and processes.
Incident investigations are made and corrective and preventive actions are taken.
Demolition, decommissioning or reusing/rebuilding operations are undertaken.
For example: the decision to design a facility without the need to use ladders would
be a serious undertaking. However, considering the risk reductions, not to mention the ease
at which maintenance operations could be performed, seems like it could be worth the effort.

Use Risk Assessment Data to Develop Leading Metrics to Drive Risk

Reductions as a Function of Management
Finally, the risk assessment data, now that it is accurately recorded and appropriately
categorized by the hierarchy of controls and other consistent data points, yields data that
can be queried, sorted and presented as metrics. The current state Risk Profile now
becomes a plethora of baseline leading metrics from which to measure change. The
concept of measuring change is typically compared to the definition of insanity, doing
the same thing over and over again, but expecting a different result. Improvements do not
come from doing the same things over and over again, but from change, i.e., measuring
and targeting change, especially as engineering, substitution and elimination controls.
Using these change metrics as an accountability of management to prioritize and resource
change is what drives true risk reductions in design efforts.
Some of the key data we see leading companies use includes:

Exhibit 2. Hazard by Type and Risk Level

Exhibit 2 looks at both the number of serious hazards and hazard
types within an organization. Once identified, organizational can set targets based
on actual risk data, and measure risk reductions, on weekly and monthly basis if
desired.

Exhibit 3. Change between Year 1 and Year 2

Exhibit 3 compares change between years. Notice that we have had more
substitution and engineering controls identified. An alternate approach some companies
use is to measure the reduction on PPE required to be work.

Exhibit 4. Risk Profile

A risk profile measures the change from year to year, to confirm that the overall
risks are being reduced. Here, there are still some residual high risks that could be a
primary target for reduction.

Yr 1
Yr 2
Goal
Exhibit 5. Critical Control Conformance Rates
One of the primary metric leading companies use is critical control conformance
rate. If you have followed a defined methodology, you would be able to determine
where your critical controls are for your High Risks or Serious Severities. Inspection

and observation programs can then target the collection of this data, to include
verification of learning (i.e., was the communication part of risk management
successful?).
Closure Volume and Rates
If the new paradigm is to measure change, and risk reductions, then both the volume of
change and the closure rate of the associate action plans needs to be a one of our leading
metrics. We want volume of change, and we want closure. The rate of closure can be
measured any number of ways; i.e., closed on time, closed within 30 days, etc.

Summary
The future of risk management is upon us. More and more, leading companies are
measuring risk and risk reductions as their definition of safety performance.
Unfortunately, with the proliferation of risk related standards and publications,
consistently and definitions are becoming more widespread, instead of more succinct
and standardized. It is incumbent upon us as safety professionals to recognize these
inconsistencies, and help define them for our industry and organizations.

Bibliography
American National Standards Institute (ANSI). B11-TR3-2000. Risk Assessment and Risk
Reduction - A Guide to Estimate, Evaluate and Reduce Risks Associated with
Machine Tools.
________. Z 10-2005/2012. Occupational Health and Safety Management System.
________. Z 590.3 - 2011. Prevention through Design. Guidelines for Addressing
Occupational Hazards and Risks in Design and Redesign Processes.
American Society of Safety Engineers (ASSE). Risk Assessment Institute: Advancing
Excellence in OSH Risk Assessment and Management. (http://www.oshrisk.org/).
Department of Defense MIL-STD-882D-1993/2000. Standard Practice for System Safety.
Esposito, P. 2013. "Sustainability at any Speed. Getting to that Higher Level of Safety
Program Maturity." Presented at the ASSE Professional Development Conference, June
24-27, Las Vegas, NV.
________. Autumn, 2010. Building on Your VPP Success. The Leader, Voluntary
Protection Program Participants Association (VPPPA) quarterly publication.
International Organization for Standardization (ISO). ISO 31000-2009. Risk management
Principles and guidelines.
________. ISO Guide 73:2009. Risk management Vocabulary.

________. ISO/IEC 31010:2009. Risk management Risk assessment techniques. (Also ANSI
Z690.2).
Occupational Health and Safety Advisory Services (OHSAS). OHSAS 18001/2-1999/2007.
Occupational Health and Safety Management System (OHSMS).
Occupational Safety and Health Administration (OSHA). Publication 3071: 2002. Job Hazard
Analysis.