CRSP - Risk Management
IEDIM Acronym from Det Norske Veritas. What does it Mean?
I - Identify E - Evaluate D - Develop I - Implement M - Monitor & Review
The Advisory Standard defines a systematic workplace health and safety risk management process within a series of basic steps
I.A.D.I.M. Identify Hazards Assess Risks Decide on Controls Implement and Control Monitor and Review
Bird's risk Control
IEDIM Identify Evaluate Develop Implement Monitor and review
Standards that are audited
ISO 9000, 14000, 45001 HSAS 18001
ISMEC stands for?
Identification of work Standards established Measuring performance Evaluation performance Commending or correcting
Continuity of Management
In the event of an emergency, a chain of command is maintained, succession plans are in place, and there is provision for setting up in alternate facilities.
the steps under Canadian Standards Association (CSA): CSA-Q850 risk management
Initiation Preliminary Analysis/ Hazard Identification Risk Estimation Risk Evaluation Risk Control Action / Monitoring
De minimis
Insignificant risk level. The numerical definition of 'de minimis' varies from place to place across a range of values from 10-6 (1 in million) to 10-4 (1 in 10,000) for a working lifetime.
types of Security Threats
Internal theft White collar crime Robbery & burglary Vandalism Arson Sabotage Bombs Industrial espionage Assaults Looting Public liability
Standards that are not audited
International Labour Organization / Occupational Safety and Health Systems.
responsibility of management
Introducing hierarchy controls and reinforcing their effectiveness
What is the definition of Security?
It is the protection of personal, assets, & information from non-business losses arising from DELIBERATE acts.
International Standards Organization (IOS) 9000 - Quality Management 14000 - Environmental Management are legally enforceable?
No. They are Standards, and used as benchmarks.
Pure Risk
Offers an organization an opportunity for only a loss. No gain.
Risk posture
One's ability to accept (or handle) exposure to defined levels of uncontrolled risk.
An OHSMS of the ISO-type is based on?
PDCA
Which model did Deming pioneer decades ago that later became known as ISO 9000?
PDCA
gloves, respirators, protective clothing, and ear plugs and eyewear
PPE
The GHS categorizes hazards into
Physical Environmental Health
PDCA
Plan — includes Policy, Planning, and Hazard Identification and Risk Assessment Do — includes Implementation and Operation Check — includes Performance Assessment (active monitoring and reactive incident reporting) Act — includes Review and Continual Improvement
Key elements of OHS management
Policy, organizing, planning and implementation, measuring performance, and audit and review.
What is the ISO standard that provides guidance on the development of occupational health and safety management systems?
There isn't one.
Hazard Communication (US)= Occupational Health and Safety Administration
WHMIS (Canada)= Workplace Hazardous Materials Information System
Key components of a workplace violence prevention program
a workplace violence prevention policy; violence risk assessment; violence risk control worker education and training; and response to incidents
Workplace violence and harassment prevention plan - Specific Personal Changes
if there has been a history of violent or threatening behavior from an individual or group of employees.
Unified Command
incident command system with 2 or more commanders - usually when there are two or more jurisdictions or departments involved.
responsibility of workers and unions
promote hierarchy controls implementation
Risk Management Role
provide a framework for decision-making. This includes a method for prioritizing safety and health issues.
major purpose of performance measures
providing information answering questions decision making addressing different information needs
The six key steps in the risk management process under the CSA-Q850: Step 3 Risk Estimation attempts to?
quantify the amount of health risk incurred by various levels of exposure (or frequency of exposure incidents). The risk estimation step includes three essential activities: 1) dose-response assessment; 2) exposure assessment; and 3) risk characterization. The risk characterization summarizes the estimated amount of risk as calculated according to the strength (potency) of the harmful agent and the level (extent) of exposure to the agent. In addition to a numerical risk estimate, a narrative describing the key sources of evidence and the remaining scientific uncertainties are also provided.
Risk Decision Making: De minimis is a legal concept and is not quantifiable. It is a level that, at or below, a?
reasonable person in the circumstances would consider insignificant and non-actionable.
Risk Control
risk avoidance - eliminating risk altogether loss prevention - preventing incidents loss reduction - reducing size of loss risk transfer - passing the responsibility e.g. wcb Controls before and after an event/loss, from A to Z
key issues required for effective risk management
risk avoidance, loss prevention, loss reduction, risk transfer
Core activities in the risk management process
risk estimation risk evaluation risk control loss prevention vs loss control
Key process to risk management
risk estimation, risk evaluation, risk control
precautionary principle
scientific evidence is incomplete or contradictory. the preliminary scientific evidence, while incomplete, must at least provide a sufficient weight-of-evidence to support a plausible inference of potential harm. (what should we do about it)
behavioural management
strategies to alter workers' knowledge, beliefs, attitudes and behaviours regarding occupational hazards, these may be seen as manipulative or intrusive by workers or their unions, as part of a 'blaming-the-victim' culture within autocratic organizations
Workplace violence and harassment prevention plan - Points of Interactions
tension related, or are more likely to result in an incident, can they be modified in structure to minimize and reduce the likelihood or consequences of an event.
Risk
the chance (probability) that someone or something will be adversely affected in a particular way by unintended exposure to the hazard the likelihood of death, injury or illness that could result from exposure to a hazard = frequency x severity
Risk
the chance that someone or something will be adversely affected in a particular way by unintended exposure to the hazard
Risk defined
the chance that someone or something will be adversely affected in a particular way by unintended exposure to the hazard.
Risk management
the concept of 'safety' in terms of risks to human health that are sufficiently small to be deemed 'acceptable' to the exposed individuals.
Workplace violence and harassment prevention plan - Administrative Design
the hours of operation schedule may be optimized to provide lower risk work times. Security attendants may shift the frequency of their patrol to minimize risks
The six key steps in the risk management process under the CSA-Q850: Step 6 Implementation and Action/Monitoring comprises?
the implementation of regulatory or voluntary actions, and monitoring compliance with and effectiveness of the actions.
Hazard
the inherent property of a substance, process, or activity that predisposes it to the potential causing harm or health, safety, or human welfare.
Hazard defined
the inherent property of a substance, process, or activity that predisposes it to the potential for causing harm to health, safety or human welfare.
When distinguishing between hazard and risk, a risk is usually a statement consisting of what two parts?
the likelihood and a specific harm
Risk Controls
the methods and strategies an organization can use to protect itself from risk exposure and potential loss.
The six key steps in the risk management process under the CSA-Q850: Step 1 Initiation defines?
the overall context of the problem and the organizational structure by which a specific risk management problem will be addressed
The six key steps in the risk management process under the CSA-Q850: Step 2 Preliminary Analysis / Risk Identification assesses?
the scientific evidence that a substance or process constitutes a potential health hazard, and the probable health consequences
The consequences of discrete or continuous hazards exposure
the severity of adverse health effects to workers. Example a minor burn vs an extreme consequence such as a worker's death.
Discrete hazards
those that are either present or absent from the exposed worker—such as electrical faults, unsafe mechanical devices, or fire hazards
why is an Emergency Preparedness and Response Plan (EPRP) needed
to minimize the impacts and outcomes of a significant event. These include the minimization of the effect on: • The health and livelihood of the public, • employees of the facilities, • the natural environment, • facilities, equipment and the built environment, and • the operations and business of the economy
The four T's of risk management
treat, tolerate, terminate, transfer.
System Activities
types of hazards to be managed type of organization range of technology legislative and other applicable corporate standards
Discrete hazards
usually defined as the probability (or likelihood) that a harmful incident might occur in the present workplace, keeping in mind existing control measures
Federal Emergency Preparedness and Response System
you city/municipality county provincial federal
why measure performance
you cant manage what you cant measure.
how to measure performance / key steps in developing a performance measurement system
~ identify key processes ~ analyze key management & risk control systems to produce a map or flow chart ~ identify critical measures for each management arrangement & risk control system ~ establish baselines ~ assign responsibilities for collecting and analyzing data ~ compare actual performance against targets ~ decide on corrective actions ~ review the measures
Workplace violence
• Threatening behaviour - such as shaking fists, destroying property, or throwing objects. • Verbal or written threats - any expression of intent to inflict harm. • Harassment - any behaviour that demeans, embarrasses, humiliates, annoys, alarms, or verbally abuses a person and that is known or would be expected to be unwelcome. This includes words, gestures, intimidation, bullying, or other inappropriate activities. • Verbal abuse - swearing, insults, or condescending language. • Physical attacks - hitting, shoving, pushing, or kicking
Management Systems are
"Continual Improvement" Process **Plan - Do - Check - Act
An approach where decisions about risk are based strictly on scientific and technical criteria is called?
"trust the experts"
the U.S. Occupational Safety and Health Administration (OSHA) Evacuation Planning Matrix tool identifies certain workplaces as being more likely targets of an event on the basis of
"vulnerability", an estimate of value of the site as a target for a terror event. For example, sites that contain hazardous materials, provide essential services to the public, high-rise buildings that have limited means of egress, and transportation carriers such as ships and airplanes. "threat" an estimate of the presence of an adversarial person or group with the intent to harm, "significant impact" and estimate of the "perceived success" of an attack, in terms of casualties, media attention, civil disruption, and terror.
The six key steps in the risk management process under the CSA-Q850: Step 5 Risk Control seeks to (3)?
(1) identify control options; (2) evaluate control options; and (3) provide for a stakeholder assessment of options. The final option selection task will necessarily involve value judgments on such issues as the acceptability of residual small risks and the reasonableness of the incremental costs of control.
What is the Reasonable Relationship Principle in the management of Risks?
- Establish a reasonable relationship between what is insured and what is financially the owner's responsibility.
Decision Criteria for the Risk Management Process
-Weight of Evidence - Precautionary Principle - Sound Science - ALARA Principle - Reasonable Relationship
The two major elements of GHS
1. Classification of the hazards of chemicals according to the GHS rules 2. Communication of the hazards and precautionary information using Safety Data Sheets and labels.
Managing Risk (risk management framework)?
1. Identify all loss exposures. 2. Evaluate the risk in each exposure. 3. Develop a Plan: Terminate, Treat, Tolerate, Transfer. 4. Implement the plan. 5. Monitor and Review the system.
Business continuity includes three key elements:
1. Resilience 2. Recovery 3. Contingency
Three common approaches used in scientific evidence:
1. The weight of evidence (WOE) 2. The precautionary principle 3. Reducing risks to as low as reasonably achievable (ALARA)
CCHOS estimates that every year in Canada, approx. 1 out of ______ workers suffer an injury.
16
Operational Risk Management (ORM)
A decision making tool used to systematically identify operational risks and benefits and determine the best course of action. Occupational health and safety risk management is an element of ORM.
The four T's of risk management: treat risk?
A method of controlling risk through actions that reduce the likelihood of the risk occurring or minimize its impact prior to its occurrence.
Incident Command System (ICS)
A systematic methodology designed to apply to any emergency response event. This includes a command structure and a set of policies
Key components of a workplace violence prevention program include what 5 things?
• a workplace violence prevention policy; • violence risk assessment; • violence risk control; • worker education and training; and • response to incidents.
Essential Decision-Making Steps in the Risk Management Process
Analysis, assessment and communication
Effective OSHMS must include four essential elements:
Continual Improvement, System Activities, Stakeholder Involvement (Internal and External), and Auditing/Verification
CSA Z1660
Emergency Management and Business Continuity. It is harmonized with the U.S. National Fire Protection Association's (NFPA) 1600.
local ventilation systems to reduce the exposure to vapors and particles in the air at a worksite, using a fume hood and glovebox for dangerous material handling situations, or using noise reduction dampers in environments where hearing loss is possible.
Engineering Controls
A risk management process
Ensures that appropriate steps are taken in all stages of the estimation, evaluation, and control phases. This includes an adequate investigation of causes and effects, control strategies, costs and that appropriate communication is conducted throughout the assessment.
Environmental Hazards
Environmentally Damaging
Physical Hazards
Explosives, Flammable, Oxidizing, Compressed Gas, Corrosive
consequences: how severely could it affect health and safety
Extreme - death or permanent dismemberment Major - serious bodily injury or work related illness Moderate - injury or illness requiring casual treatments Minor - injury or illness requiring first aid ONLY, no lost time
Risk Components?
Frequency Exposure
A Risk that Occurs All the Time at Varying Levels of Exposure is What?
Fundamental Risk.
Any behaviour that demeans, embarrasses, humiliates, annoys, alarms, or verbally abuses a person and that is known or would be expected to be unwelcome. This includes words, gestures, intimidation, bullying, or other inappropriate activities is defined under workplace violence as?
Harassment
the steps under Health Canada - Health Protection Branch: (HPB) Risk Determination
Hazard Identification Risk Estimation Development of Options Options Analysis Decision / Implementation Monitoring & Evaluating Review
what lies behind achieving ALARA
Hierarchy of controls; Elimination, substitution, Engineering, Administrative, PPE
schedule workers in short shifts to minimize their exposure to undesirable conditions such as high heat or poor air quality, training workers about hazards in the specific environment and providing adequate labels and signage to create an awareness of the hazards, policies and procedures
Administrative Controls
Workplace violence
Any act in which a person is abused, threatened, intimidated, or assaulted in his or her employment.
ALARA
As Low As Reasonably Achievable
sound science
Assumes that appearances can often be deceiving if they are based on incomplete or biased information or inadequate scientific studies.
Incident Command Systems (ICS) structure
Command, Operations, Planning, Logistics, Finance
help minimize the damages and allow the business to re-start with a minimum of downtime and lost revenue
Business Continuity Planning
The PDCA model was first developed by?
Deming
ERP, Site Evacuation and Shelter-In-Place includes
Communication Procedures, maps, and directions, emergency drills, Employee accounting and personal information Assembly areas Shelter in place
The Health Canada HPB risk management framework has been used widely due to its involvement in decision-making under?
CEPA (Canadian Environmental Protection Act) HPB know for its use for dealing with environmental issues such as hazardous chemicals
Recognized Standards for Business Continuity Planning
CSA Z1660, ISO 22301 and NFPA 1660.
CCHOS stands for?
Canadian Centre for Occupational Health and Safety
most influential Canadian risk frameworks
Canadian Standards Association (CSA): CSA-Q850: Risk Management: a guideline for decision-makers Health Canada - Health Protection Branch: (HPB): Risk Determination: a model for risk assessment and risk management, 1990
Gallagher Classification
Category 1 - innovative / safe person SOPHISTICATED BEHAVIOURAL Category 2 - innovative / safe place ADAPTIVE HAZARD MANAGERS Category 3 - traditional / safe person UNSAFE ACT MINIMIZERS Category 4 - traditional / safe place TRADITIONAL ENGINEERING AND DESIGN
Corporate climate vs corporate culture
Corporate climate is influenced by short-term changes that can often be achieved quite rapidly by introducing new management systems; corporate culture is often entrenched by historical circumstances and thus requires the longer-term evolution of changes) Climate is used to describe the tangible outputs of an organization's health and safety culture as perceived by individuals and work groups at a given point in time.
Risk control
Deals with the identification and selection of possible risk control options, and their appropriate means of implementation.
Risk estimation and economic analyses are sometimes combined in a process called _____ or _____?
Risk Analysis or Quantitative Risk Assessment
Core activities in the Risk Management Process
Risk Estimation: An attempt to quantify the amount of risk. Risk Evaluation: Addresses less quantifiable non-scientific aspects of the risk. Risk Control: Deals with the identification & selection of possible risk control options. Risk Communication: enabling the active informed participation of all concerned parties, including stakeholder consultation within the decision-making process.
The application of risk management concepts to new technologies or hazards of global significance is called?
Risk Governance
CAN/CSA-Q850-97 (Reaffirmed 2002)
Risk Management Guideline for Decision-Makers
CAN/CSA-ISO 31000-10
Risk Management — Principles and Guidelines
The three key steps in risk management
Risk estimation, risk evaluation, and risk control. Also risk communication is becoming predominant.
examples of workplace violence
Rumours, swearing, verbal abuse, pranks, arguments, property damage, vandalism, sabotage, pushing, theft, physical assaults, psychological trauma, anger-related incidents, rape, arson, and murder
The three focal points of chemical management
Segregation, fire protection, and containment
A Typical Risk Financing Tool is?
Selling assets to pay for losses after the fact.
The six key steps in the risk management process under the CSA-Q850 definitions?
Step 1 Initiation Step 2 Preliminary Analysis / Risk Identification Step 3 Risk Estimation Step 4 Risk Evaluation Step 5 Risk Control Step 6 Implementation and Action/Monitoring
Value assumptions
Subjective interpretations and judgements of evidence that are based on personal or societal values
Event Tree Analysis
The Event Tree is based on a single primary event that generates subsequent secondary and tertiary events. *looks at what lead to the event in multiple causes aspects. (like a tree with branches)
Auditing
The assessment of an OSH process through periodic sampling of corporate documentation, procedures and records, carried out by a competent person or organization independent of that process.
Reasonable Relationship
The costs of control for environmental or occupational hazards should bear a "reasonable relationship' with respect to the corresponding reduction in health risk that are likely to be achieved.
A system
The deliberate linking and sequencing of processes to create a repeatable and identifiable way of managing OHS. (Plan, Do, Check, Act).
Likelihood
The frequency or probability over a period of time that an event may occur. In risk analysis, likelihood is defined differently for discrete hazards as opposed to continuous hazards
Hazard
The inherent property of a substance, process, or activity that predisposes it to the potential for causing harm to health, safety, or human welfare
Incident Command Systems (ICS) Action Plans should incude
The objectives, the strategy for accomplishing the objectives, and specific tactics and resources that may be required in the plan. It should state the individual responsibilities, the mode and timeliness of communications, and the course of action if someone is injured.
(OSHA) Evacuation Planning Matrix
This planning tool identifies certain workplaces as being more likely targets of an event on the basis of 1) "vulnerability", an estimate of value of the site as a target for a terror event. 2) "threat", an estimate of the presence of an adversarial person or group with the intent to harm, 3) "significant impact" and estimate of the "perceived success" of an attack, in terms of casualties, media attention, civil disruption, and terror.
Risk governance
This process attempts to define appropriate policy development and regulation for risks that extend outside of traditional governing structures.
Health Hazards
Toxic, Corrosive, Irritant, Health Hazard (specific cell mutagens and sensitizers)
areas where and when violence may occur
Travelling to and from work, whether driving, parking, walking to and from your place of work. When working alone, When dealing with irate customers, During the act of crime such as robberies, When securing the transfer money, During labor disputes, and During personnel corrective actions and dismissal
Four T's
Treat Tolerate (not accept) Transfer Terminate
International Labour Organization (ILO) is the backbone of risk management standards
True
True or False Precautionary Principle and Sound Science are often seen to be in dynamic opposition with each other
True
True or False most Canadian provinces, the management of workplace violence is a legal requirement under OHS legislation or part of the employer's responsibility to provide a safe and healthy workplace.
True
Risk evaluation
addresses less quantifiable non-scientific aspects of the risk problem—the economic, social, and legal factors.
Risk Management
administrative and managerial function that results in planning, leading, organizing, and controlling the activities of the organization to minimize the effects of loss from the pure risks the organization may face in its day to day operation.
A management system
allocation of accountabilities, responsibilities, and resources from senior management through all employees to enable decisions to be made on OHS matters.
Workplace violence and harassment prevention plan - Physical Environment
an appropriately designed service waiting space can alleviate many tensions and stress in service areas. A spacious room, with seating, adequate lighting and clear service directions such as "position in line numbering" may serve to limit tension associated with long line-ups in of public service locations. Protective glass may be used at service desks as a protective transparent barrier.
Workplace Violence
any act in which a person is abused, threatened, intimidated, or assaulted in his or her employment.
Plan Do Check Act
approach of monitoring, audit, and review, central in respect to a systematic approach. Principles of quality assurance and continuous improvement (Demming)
Continuous hazards
are those that occur all the time at varying levels of exposure
Risk estimation
attempts to quantify the amount of risk pertaining to a given health hazard, using scientific information on the nature of the hazard and analytical methods to calculate the estimated degree of risk in the exposed population.
~ supervise evacuation drills. ~ operate firefighting equipment (extinguishers and hoses) ~ provide emergency scene first aid and CPR if needed. ~ conduct inspections ~ implement emergency shutdown procedures.
basic responsibilities that should be fulfilled by an industrial fire brigade as per NFPA 600.
The Risk Measurement Matrix
calculated as the product of two key variables: 1) the likelihood of effects and 2) severity of effects. Risk = Frequency x Severity
The four T's of risk management: transfer risk?
can be achieved through the use of various forms of insurance, or the payment to third parties who are prepared to take the risk on be half of the organization
Risk
chance for gain or loss
communication to relate the history, current status, and issues associated with the emergency
command transfer
impact analysis, recovery strategies, plan development, testing & exercises
components of the business continuity plan
difference between Hazard & Risk
condition or practice with the potential for accidental loss. vs the chance of loss when exposed to a hazard.
Weight-of-evidence approach
considering the evidence about the existence and magnitude of a risk is scientifically defensible. supports the conclusion that a serious hazard may exist. (what should we do about it)
Elements required for a successful HSE Management System
continual improvement, activities, stakeholder involvement auditing/verification
dusts, toxic chemicals, noise levels, and radiation; are samples of
continuous hazards
Reasonable Relationship
control for environmental or occupational hazards should bear respect to the corresponding reduction in health risk.
Positive Safety Culture 4 C's
control, communication, cooperation, competence
Loss prevention
controls BEFORE (preventing) an event/loss
Loss Control
controls ONLY after an event/loss
In risk decision-making, the "reasonable relationship" principle refers to the relationship between?
cost of control and reduction in risk
risk perception
could play a major role in the subjective risk tolerance, bias judgement.
Re-evaluating the risk situation on a continuous basis is called?
cyclical evaluation
When ranking severity of consequences in risk assessment, "extreme" means?
death or permanent disablement
Safety hazards tend to be ____ hazards while heath hazards tend to be ____ hazards.
discrete, continuous
risk management process ensures that appropriate steps are taken in
estimation, evaluation, and control
Incidence Rate
expressed as the frequency of reported injuries (or illnesses) within a specified number of workers
Cumulative Burden
expressed as the number of days lost due to accidents and sick days due to work-related illnesses
The six key steps in the risk management process under the CSA-Q850: Step 4 Risk Evaluation performs a review of?
factors not readily quantifiable—such as social, political, economic, and legal factors. Often the balance of the expected economic costs and health benefits is projected, either informally by consensus, or formally by cost-benefit analysis and similar quantitative methods.
Workplace violence and harassment prevention plan - Employee and Supervisor Training
include appropriate response procedures in the event of an incident, and ensure the plan is understood and effected. In the event of a incident, there is a requirement for accurate records to be created and maintained to document the incident(s). In addition, the organization has to respond appropriately in the time after and event occurs, including investigations and corrective actions to minimize repeat events. The employee also has a responsibility to provide medical care and counseling to victims in a hostile event.
• Contact with the public. • Exchange of money. • Delivery of passengers, goods, or services. • Having a mobile workplace (such as a vehicle). • Working with unstable or volatile people. • Working alone or in small numbers. • Working late at night or during early morning hours. • Guarding valuable property or possessions. • Working in community-based settings
increased risk for workplace violence
Four basic types of elements to monitor OHSMS performance
input - measure the hazard burden process - measures of success output/outcome - measure of failures through reactive monitoring, AND health and safety culture - culture
Elements to measure to examine health and safety performance?
inputs, process, outputs and culture
Incident Commander
is in charge, has authority
Workplace violence and harassment prevention plan - Review
is needed on a periodic basis.
The four T's of risk management: terminate risk?
is the simplest and most often ignored method of dealing with risk. It is the approach that should be most favored where possible and simply involves risk elimination.
Re-evaluating the risk situation on a review on a periodic basis is called?
iterative evaluation
Financing risk falls within
loss prevention
In the risk measurement matrix, a score of 6 or 7 means?
low risk; address when time permits
The four T's of risk management: tolerate risk is where?
no action is taken to mitigate or reduce a risk. This may be because the cost of instituting risk reduction or mitigation activity is not cost-effective or the risks of impact are at so low that they are deemed acceptable to the business.
Pure Risk
offers an organization an opportunity for only a loss, no gain.
All of the key OHSMS activities should be in the form of ____ benchmarks that can be evaluated by an ____ process according to predefined ____ criteria.
performance, audit, goal-setting
Workplace violence and harassment prevention plan
physical environment, administrative design, point of interactions, specific personal changes, employee and supervisor training, review
Emergency Response Plan
• state the types of emergency that require evacuation, for example fires, chemical spills and gaseous releases, and dangerous site conditions • a designation of primary and secondary evacuation routes complete with signage, appropriate emergency-ready lighting, • maintenance of pathways, corridors, and stairwells in a clear and accessible manner. • designation of wardens that will manage the evacuation, attend to those that need assistance, and assist in accounting of employees.