Risk can have a serious impact on an organisation, its people and the communities in which it operates. ANDREW SHARMAN identifies various types of risk and how to deal with these.
How we identify and respond to risks will undoubtedly affect our organisational performance, including such safety aspects as, for example, a goal of reaching zero accidents. Our approach to risk will also affect how our organisations are viewed in the public eye. Effectively managing risk, therefore, is at the core of organisational success, no matter what industry sector we operate in. It’s the cornerstone of our work in safety, too.
“Risk” really means anything that prevents us from meeting our objectives. It can be typically broken down into three types:
Operational risks – the risks that may impact our intended day-to-day activities (including safety)
Strategic risks – those risks that may impinge upon our planning and decision-making processes
Compliance risks – risks that may prevent us from meeting our governance and regulatory obligations.
In simple terms, risk is a function of three critical components: probability (of a particular event occurring), the severity (of the consequence of the event), and exposure (to the opportunity of the event occurring). An easy way to express this is the formula:
Risk = Probability x Severity x Exposure
Each of the elements function individually as well as multiplicatively, so if we conclude that any one of probability, severity or exposure is zero, then, overall, the risk for that specific situation will disappear.
Assessing safety risks in the workplace is a tough challenge. Their breadth is one aspect – from the natural to technological, from physical to psychological. Within these themes, however, scales of tolerability – typically ranked in numbers or from “low” to “high” – exist. With this wild diversity, attempting to assess risks using one common approach is meaningless.
Putting it into perspective
We must be mindful that, when it comes to matters of risk, everything isn’t black and white: risk is all about perception. How probability, severity and exposure are viewed and assessed will depend upon each person’s own individual perspective and experience.
Within an organisational environment, groups of individuals will naturally hold differing views on risk due to their own personal sensitivities. Some people may be concerned about practically all workplace hazards, whereas others may appear indifferent. This variation is caused by each individual’s cognitive consideration of risk perception (the probability of an accident) and the emotive aspect (how worried or safe they feel when they think about a particular risk).
Most people are naturally biased when it comes to assessing risk. We use “reference points” anchored deep in our brains to compute the level of risk we believe we face. For example, one senior leader I worked with views all forklift truck operations as “very high risk”. It matters not to him that the drivers may be well trained, wearing seatbelts, and observing speed limits.
Instead, his reference point is an event several years ago when one of his employees suffered a fatal accident involving a forklift. As the site manager at that time, this event resonated deeply within him and created such a deep anchor that he now views all forklift activity at the same level of risk.
A strong safety culture consists of shared perceptions of risks related to safety and its management. This is a crucial point, as the level of risk perceived in any given task has the potential to alter the approach and level of safety management applied to it.
Perceptions of risk can negatively impact the risk management process. Let’s go back to the manager and the forklifts. His heightened sense of risk may, at first, be seen as a good thing, but, over time, it may come to be regarded as excessive by his peers. He continues with his focus and determination and validates his approach on the basis of there being no forklift accidents in his area of responsibility. Surely then his keenness is justified?
We should be aware that there’s a significant correlation between current accident rates and the perception of risk – both by workers and by leaders. Gradually reducing accident rates seem to foster a sense of comfort and confidence: as the numbers drop, so too does the perception of risk in the workplace. It’s here that we reach a tipping point, where confidence becomes over-confidence and leads to a false sense of security in the boardroom and encourages a perceived invincibility and short-cutting on the shop floor.
At the opposite end of the spectrum, there’s a culture of fear growing within our societies that encourages people to overestimate risk. It’s driven partly by the media (seeking sensational headlines for television and newspapers) and it’s amplified by the actions of common people who feel the need to wrap kids in cotton wool, remove overhead baskets of flowers from shopping streets (for fear of them falling on someone’s head) and organisations stopping the weekly staff five-a-side football game fear of an accident occurring.
So why is a culture of fear growing in organisations around the globe when it comes to matters of safety?
I suspect that it’s because we – the safety profession – don’t always sufficiently inform our leaders to allow them to be able to make appropriate decisions.
This lack of information fuels extreme reactions. Either over-confidence or risk aversion. When you train people to be risk-averse, you prepare the entire organisation to be reward-challenged.
Perhaps these extreme reactions are due to the pressure felt by organisations around their reputation. Risk impacts the continuing desire of customers in dealing with an organisation and “reputational risk” has become an area of increasing importance to all organisations as the process of globalisation breaks down barriers to business.
An organisation’s reputation can be damaged by things as diverse as supply chain issues (such as child labour involved in the production of clothing), ethical issues (like bribery or corruption), and operational issues (for example poor safety performance and fatal accidents).
Supply chain issues damaged the reputation of one of the world’s biggest supermarkets recently, when horsemeat was found inside the store’s brand of beef burgers and other chilled meals. The result for the chain was a significant drop in chilled and frozen food sales, and a direct impact on the corporation’s share price wiping almost GBP 300 million (around R5,4 billion) from its value.
Recently organisational attitudes to risk have undergone a seismic shift, thanks to deep research, myriad models and theories, and major public events (such as Deepwater Horizon and Rana Plaza in Bangladesh). A change in the average corporate attitude – from risk aversion to a sense of balanced risk-taking – can thankfully now be observed in many commercial sectors. Despite this, there remains further opportunity for organisations to undertake a more strategic approach to managing risk in an integrated way.
Robust policies and procedures are essential if we are to embed risk management across the organisation, though we must go beyond formal frameworks and consider how we communicate on risk.
Risk assessments are helpful, but the most effective risk management systems will be the ones where everyone within the organisation understands the risks in their operation, and what needs to be done to report and control them. This is becoming known as Enterprise Risk Management (ERM), where all risks are viewed together in a single coordinated framework as opposed to separate viewpoints for each risk type.
Having safety integrated to an ERM framework is good news for us as practitioners as it brings us closer to the heart of the organisation’s thought processes and decision-making and moves us away from the traditional view of safety as a “bolt-on” or remote service provision.*
Risk management – like our quest for zero accidents – is a continuous journey for every organisation. Simplicity and clarity of approach are central to effective risk management and control. The answer is not more paperwork, but indeed more effective dialogue, conversation, and communication that allow our organisation’s leaders and workers to embrace risk and manage it appropriately.
* If you’re interested in a more strategic approach to enterprise risk management have a look at the ISO31000 standard. It provides a set of principles, a solid framework and clear process for the effective management of risk.
Sharman on Safety is a series of extracts that SHEQ MANAGEMENT is running this year, from Andrew Sharman’s new book: From Accidents to Zero: a practical guide to improving your workplace safety culture. Andrew is an international member of the South African Institute of Occupational Safety and Health (SAIOSH) and chief executive of RyderMarshSharman – consultants on leadership and cultural excellence to a wide range of blue-chip corporates and non-government organisations globally. More at www.rydermarshsharman.com. SHEQ MANAGEMENT readers will receive 20 percent off the price of Sharman’s book at: www.fromaccidentstozero.com using the code SHEQSA.