CRSP - Risk Management

IEDIM Acronym from Det Norske Veritas. What does it Mean?

I - Identify E - Evaluate D - Develop I - Implement M - Monitor & Review

The Advisory Standard defines a systematic workplace health and safety risk management process within a series of basic steps

I.A.D.I.M. Identify Hazards Assess Risks Decide on Controls Implement and Control Monitor and Review

Bird's risk Control

IEDIM Identify Evaluate Develop Implement Monitor and review

Standards that are audited

ISO 9000, 14000, 45001 HSAS 18001

ISMEC stands for?

Identification of work Standards established Measuring performance Evaluation performance Commending or correcting

Continuity of Management

In the event of an emergency, a chain of command is maintained, succession plans are in place, and there is provision for setting up in alternate facilities.

the steps under Canadian Standards Association (CSA): CSA-Q850 risk management

Initiation Preliminary Analysis/ Hazard Identification Risk Estimation Risk Evaluation Risk Control Action / Monitoring

De minimis

Insignificant risk level. The numerical definition of 'de minimis' varies from place to place across a range of values from 10-6 (1 in million) to 10-4 (1 in 10,000) for a working lifetime.

types of Security Threats

Internal theft White collar crime Robbery & burglary Vandalism Arson Sabotage Bombs Industrial espionage Assaults Looting Public liability

Standards that are not audited

International Labour Organization / Occupational Safety and Health Systems.

responsibility of management

Introducing hierarchy controls and reinforcing their effectiveness

What is the definition of Security?

It is the protection of personal, assets, & information from non-business losses arising from DELIBERATE acts.

International Standards Organization (IOS) 9000 - Quality Management 14000 - Environmental Management are legally enforceable?

No. They are Standards, and used as benchmarks.

Pure Risk

Offers an organization an opportunity for only a loss. No gain.

Risk posture

One's ability to accept (or handle) exposure to defined levels of uncontrolled risk.

An OHSMS of the ISO-type is based on?

PDCA

Which model did Deming pioneer decades ago that later became known as ISO 9000?

PDCA

gloves, respirators, protective clothing, and ear plugs and eyewear

PPE

The GHS categorizes hazards into

Physical Environmental Health

PDCA

Plan — includes Policy, Planning, and Hazard Identification and Risk Assessment Do — includes Implementation and Operation Check — includes Performance Assessment (active monitoring and reactive incident reporting) Act — includes Review and Continual Improvement

Key elements of OHS management

Policy, organizing, planning and implementation, measuring performance, and audit and review.

What is the ISO standard that provides guidance on the development of occupational health and safety management systems?

There isn't one.

Hazard Communication (US)= Occupational Health and Safety Administration

WHMIS (Canada)= Workplace Hazardous Materials Information System

Key components of a workplace violence prevention program

a workplace violence prevention policy; violence risk assessment; violence risk control worker education and training; and response to incidents

Workplace violence and harassment prevention plan - Specific Personal Changes

if there has been a history of violent or threatening behavior from an individual or group of employees.

Unified Command

incident command system with 2 or more commanders - usually when there are two or more jurisdictions or departments involved.

responsibility of workers and unions

promote hierarchy controls implementation

Risk Management Role

provide a framework for decision-making. This includes a method for prioritizing safety and health issues.

major purpose of performance measures

providing information answering questions decision making addressing different information needs

The six key steps in the risk management process under the CSA-Q850: Step 3 Risk Estimation attempts to?

quantify the amount of health risk incurred by various levels of exposure (or frequency of exposure incidents). The risk estimation step includes three essential activities: 1) dose-response assessment; 2) exposure assessment; and 3) risk characterization. The risk characterization summarizes the estimated amount of risk as calculated according to the strength (potency) of the harmful agent and the level (extent) of exposure to the agent. In addition to a numerical risk estimate, a narrative describing the key sources of evidence and the remaining scientific uncertainties are also provided.

Risk Decision Making: De minimis is a legal concept and is not quantifiable. It is a level that, at or below, a?

reasonable person in the circumstances would consider insignificant and non-actionable.

Risk Control

risk avoidance - eliminating risk altogether loss prevention - preventing incidents loss reduction - reducing size of loss risk transfer - passing the responsibility e.g. wcb Controls before and after an event/loss, from A to Z

key issues required for effective risk management

risk avoidance, loss prevention, loss reduction, risk transfer

Core activities in the risk management process

risk estimation risk evaluation risk control loss prevention vs loss control

Key process to risk management

risk estimation, risk evaluation, risk control

precautionary principle

scientific evidence is incomplete or contradictory. the preliminary scientific evidence, while incomplete, must at least provide a sufficient weight-of-evidence to support a plausible inference of potential harm. (what should we do about it)

behavioural management

strategies to alter workers' knowledge, beliefs, attitudes and behaviours regarding occupational hazards, these may be seen as manipulative or intrusive by workers or their unions, as part of a 'blaming-the-victim' culture within autocratic organizations

Workplace violence and harassment prevention plan - Points of Interactions

tension related, or are more likely to result in an incident, can they be modified in structure to minimize and reduce the likelihood or consequences of an event.

Risk

the chance (probability) that someone or something will be adversely affected in a particular way by unintended exposure to the hazard the likelihood of death, injury or illness that could result from exposure to a hazard = frequency x severity

Risk

the chance that someone or something will be adversely affected in a particular way by unintended exposure to the hazard

Risk defined

the chance that someone or something will be adversely affected in a particular way by unintended exposure to the hazard.

Risk management

the concept of 'safety' in terms of risks to human health that are sufficiently small to be deemed 'acceptable' to the exposed individuals.

Workplace violence and harassment prevention plan - Administrative Design

the hours of operation schedule may be optimized to provide lower risk work times. Security attendants may shift the frequency of their patrol to minimize risks

The six key steps in the risk management process under the CSA-Q850: Step 6 Implementation and Action/Monitoring comprises?

the implementation of regulatory or voluntary actions, and monitoring compliance with and effectiveness of the actions.

Hazard

the inherent property of a substance, process, or activity that predisposes it to the potential causing harm or health, safety, or human welfare.

Hazard defined

the inherent property of a substance, process, or activity that predisposes it to the potential for causing harm to health, safety or human welfare.

When distinguishing between hazard and risk, a risk is usually a statement consisting of what two parts?

the likelihood and a specific harm

Risk Controls

the methods and strategies an organization can use to protect itself from risk exposure and potential loss.

The six key steps in the risk management process under the CSA-Q850: Step 1 Initiation defines?

the overall context of the problem and the organizational structure by which a specific risk management problem will be addressed

The six key steps in the risk management process under the CSA-Q850: Step 2 Preliminary Analysis / Risk Identification assesses?

the scientific evidence that a substance or process constitutes a potential health hazard, and the probable health consequences

The consequences of discrete or continuous hazards exposure

the severity of adverse health effects to workers. Example a minor burn vs an extreme consequence such as a worker's death.

Discrete hazards

those that are either present or absent from the exposed worker—such as electrical faults, unsafe mechanical devices, or fire hazards

why is an Emergency Preparedness and Response Plan (EPRP) needed

to minimize the impacts and outcomes of a significant event. These include the minimization of the effect on: • The health and livelihood of the public, • employees of the facilities, • the natural environment, • facilities, equipment and the built environment, and • the operations and business of the economy

The four T's of risk management

treat, tolerate, terminate, transfer.

System Activities

types of hazards to be managed type of organization range of technology legislative and other applicable corporate standards

Discrete hazards

usually defined as the probability (or likelihood) that a harmful incident might occur in the present workplace, keeping in mind existing control measures

Federal Emergency Preparedness and Response System

you city/municipality county provincial federal

why measure performance

you cant manage what you cant measure.

how to measure performance / key steps in developing a performance measurement system

~ identify key processes ~ analyze key management & risk control systems to produce a map or flow chart ~ identify critical measures for each management arrangement & risk control system ~ establish baselines ~ assign responsibilities for collecting and analyzing data ~ compare actual performance against targets ~ decide on corrective actions ~ review the measures

Workplace violence

• Threatening behaviour - such as shaking fists, destroying property, or throwing objects. • Verbal or written threats - any expression of intent to inflict harm. • Harassment - any behaviour that demeans, embarrasses, humiliates, annoys, alarms, or verbally abuses a person and that is known or would be expected to be unwelcome. This includes words, gestures, intimidation, bullying, or other inappropriate activities. • Verbal abuse - swearing, insults, or condescending language. • Physical attacks - hitting, shoving, pushing, or kicking

Management Systems are

"Continual Improvement" Process **Plan - Do - Check - Act

An approach where decisions about risk are based strictly on scientific and technical criteria is called?

"trust the experts"

the U.S. Occupational Safety and Health Administration (OSHA) Evacuation Planning Matrix tool identifies certain workplaces as being more likely targets of an event on the basis of

"vulnerability", an estimate of value of the site as a target for a terror event. For example, sites that contain hazardous materials, provide essential services to the public, high-rise buildings that have limited means of egress, and transportation carriers such as ships and airplanes. "threat" an estimate of the presence of an adversarial person or group with the intent to harm, "significant impact" and estimate of the "perceived success" of an attack, in terms of casualties, media attention, civil disruption, and terror.

The six key steps in the risk management process under the CSA-Q850: Step 5 Risk Control seeks to (3)?

(1) identify control options; (2) evaluate control options; and (3) provide for a stakeholder assessment of options. The final option selection task will necessarily involve value judgments on such issues as the acceptability of residual small risks and the reasonableness of the incremental costs of control.

What is the Reasonable Relationship Principle in the management of Risks?

- Establish a reasonable relationship between what is insured and what is financially the owner's responsibility.

Decision Criteria for the Risk Management Process

-Weight of Evidence - Precautionary Principle - Sound Science - ALARA Principle - Reasonable Relationship

The two major elements of GHS

1. Classification of the hazards of chemicals according to the GHS rules 2. Communication of the hazards and precautionary information using Safety Data Sheets and labels.

Managing Risk (risk management framework)?

1. Identify all loss exposures. 2. Evaluate the risk in each exposure. 3. Develop a Plan: Terminate, Treat, Tolerate, Transfer. 4. Implement the plan. 5. Monitor and Review the system.

Business continuity includes three key elements:

1. Resilience 2. Recovery 3. Contingency

Three common approaches used in scientific evidence:

1. The weight of evidence (WOE) 2. The precautionary principle 3. Reducing risks to as low as reasonably achievable (ALARA)

CCHOS estimates that every year in Canada, approx. 1 out of ______ workers suffer an injury.

16

Operational Risk Management (ORM)

A decision making tool used to systematically identify operational risks and benefits and determine the best course of action. Occupational health and safety risk management is an element of ORM.

The four T's of risk management: treat risk?

A method of controlling risk through actions that reduce the likelihood of the risk occurring or minimize its impact prior to its occurrence.

Incident Command System (ICS)

A systematic methodology designed to apply to any emergency response event. This includes a command structure and a set of policies

Key components of a workplace violence prevention program include what 5 things?

• a workplace violence prevention policy; • violence risk assessment; • violence risk control; • worker education and training; and • response to incidents.

Essential Decision-Making Steps in the Risk Management Process

Analysis, assessment and communication

Effective OSHMS must include four essential elements:

Continual Improvement, System Activities, Stakeholder Involvement (Internal and External), and Auditing/Verification

CSA Z1660

Emergency Management and Business Continuity. It is harmonized with the U.S. National Fire Protection Association's (NFPA) 1600.

local ventilation systems to reduce the exposure to vapors and particles in the air at a worksite, using a fume hood and glovebox for dangerous material handling situations, or using noise reduction dampers in environments where hearing loss is possible.

Engineering Controls

A risk management process

Ensures that appropriate steps are taken in all stages of the estimation, evaluation, and control phases. This includes an adequate investigation of causes and effects, control strategies, costs and that appropriate communication is conducted throughout the assessment.

Environmental Hazards

Environmentally Damaging

Physical Hazards

Explosives, Flammable, Oxidizing, Compressed Gas, Corrosive

consequences: how severely could it affect health and safety

Extreme - death or permanent dismemberment Major - serious bodily injury or work related illness Moderate - injury or illness requiring casual treatments Minor - injury or illness requiring first aid ONLY, no lost time

Risk Components?

Frequency Exposure

A Risk that Occurs All the Time at Varying Levels of Exposure is What?

Fundamental Risk.

Any behaviour that demeans, embarrasses, humiliates, annoys, alarms, or verbally abuses a person and that is known or would be expected to be unwelcome. This includes words, gestures, intimidation, bullying, or other inappropriate activities is defined under workplace violence as?

Harassment

the steps under Health Canada - Health Protection Branch: (HPB) Risk Determination

Hazard Identification Risk Estimation Development of Options Options Analysis Decision / Implementation Monitoring & Evaluating Review

what lies behind achieving ALARA

Hierarchy of controls; Elimination, substitution, Engineering, Administrative, PPE

schedule workers in short shifts to minimize their exposure to undesirable conditions such as high heat or poor air quality, training workers about hazards in the specific environment and providing adequate labels and signage to create an awareness of the hazards, policies and procedures

Administrative Controls

Workplace violence

Any act in which a person is abused, threatened, intimidated, or assaulted in his or her employment.

ALARA

As Low As Reasonably Achievable

sound science

Assumes that appearances can often be deceiving if they are based on incomplete or biased information or inadequate scientific studies.

Incident Command Systems (ICS) structure

Command, Operations, Planning, Logistics, Finance

help minimize the damages and allow the business to re-start with a minimum of downtime and lost revenue

Business Continuity Planning

The PDCA model was first developed by?

Deming

ERP, Site Evacuation and Shelter-In-Place includes

Communication Procedures, maps, and directions, emergency drills, Employee accounting and personal information Assembly areas Shelter in place

The Health Canada HPB risk management framework has been used widely due to its involvement in decision-making under?

CEPA (Canadian Environmental Protection Act) HPB know for its use for dealing with environmental issues such as hazardous chemicals

Recognized Standards for Business Continuity Planning

CSA Z1660, ISO 22301 and NFPA 1660.

CCHOS stands for?

Canadian Centre for Occupational Health and Safety

most influential Canadian risk frameworks

Canadian Standards Association (CSA): CSA-Q850: Risk Management: a guideline for decision-makers Health Canada - Health Protection Branch: (HPB): Risk Determination: a model for risk assessment and risk management, 1990

Gallagher Classification

Category 1 - innovative / safe person SOPHISTICATED BEHAVIOURAL Category 2 - innovative / safe place ADAPTIVE HAZARD MANAGERS Category 3 - traditional / safe person UNSAFE ACT MINIMIZERS Category 4 - traditional / safe place TRADITIONAL ENGINEERING AND DESIGN

Corporate climate vs corporate culture

Corporate climate is influenced by short-term changes that can often be achieved quite rapidly by introducing new management systems; corporate culture is often entrenched by historical circumstances and thus requires the longer-term evolution of changes) Climate is used to describe the tangible outputs of an organization's health and safety culture as perceived by individuals and work groups at a given point in time.

Risk control

Deals with the identification and selection of possible risk control options, and their appropriate means of implementation.

Risk estimation and economic analyses are sometimes combined in a process called _____ or _____?

Risk Analysis or Quantitative Risk Assessment

Core activities in the Risk Management Process

Risk Estimation: An attempt to quantify the amount of risk. Risk Evaluation: Addresses less quantifiable non-scientific aspects of the risk. Risk Control: Deals with the identification & selection of possible risk control options. Risk Communication: enabling the active informed participation of all concerned parties, including stakeholder consultation within the decision-making process.

The application of risk management concepts to new technologies or hazards of global significance is called?

Risk Governance

CAN/CSA-Q850-97 (Reaffirmed 2002)

Risk Management Guideline for Decision-Makers

CAN/CSA-ISO 31000-10

Risk Management — Principles and Guidelines

The three key steps in risk management

Risk estimation, risk evaluation, and risk control. Also risk communication is becoming predominant.

examples of workplace violence

Rumours, swearing, verbal abuse, pranks, arguments, property damage, vandalism, sabotage, pushing, theft, physical assaults, psychological trauma, anger-related incidents, rape, arson, and murder

The three focal points of chemical management

Segregation, fire protection, and containment

A Typical Risk Financing Tool is?

Selling assets to pay for losses after the fact.

The six key steps in the risk management process under the CSA-Q850 definitions?

Step 1 Initiation Step 2 Preliminary Analysis / Risk Identification Step 3 Risk Estimation Step 4 Risk Evaluation Step 5 Risk Control Step 6 Implementation and Action/Monitoring

Value assumptions

Subjective interpretations and judgements of evidence that are based on personal or societal values

Event Tree Analysis

The Event Tree is based on a single primary event that generates subsequent secondary and tertiary events. *looks at what lead to the event in multiple causes aspects. (like a tree with branches)

Auditing

The assessment of an OSH process through periodic sampling of corporate documentation, procedures and records, carried out by a competent person or organization independent of that process.

Reasonable Relationship

The costs of control for environmental or occupational hazards should bear a "reasonable relationship' with respect to the corresponding reduction in health risk that are likely to be achieved.

A system

The deliberate linking and sequencing of processes to create a repeatable and identifiable way of managing OHS. (Plan, Do, Check, Act).

Likelihood

The frequency or probability over a period of time that an event may occur. In risk analysis, likelihood is defined differently for discrete hazards as opposed to continuous hazards

Hazard

The inherent property of a substance, process, or activity that predisposes it to the potential for causing harm to health, safety, or human welfare

Incident Command Systems (ICS) Action Plans should incude

The objectives, the strategy for accomplishing the objectives, and specific tactics and resources that may be required in the plan. It should state the individual responsibilities, the mode and timeliness of communications, and the course of action if someone is injured.

(OSHA) Evacuation Planning Matrix

This planning tool identifies certain workplaces as being more likely targets of an event on the basis of 1) "vulnerability", an estimate of value of the site as a target for a terror event. 2) "threat", an estimate of the presence of an adversarial person or group with the intent to harm, 3) "significant impact" and estimate of the "perceived success" of an attack, in terms of casualties, media attention, civil disruption, and terror.

Risk governance

This process attempts to define appropriate policy development and regulation for risks that extend outside of traditional governing structures.

Health Hazards

Toxic, Corrosive, Irritant, Health Hazard (specific cell mutagens and sensitizers)

areas where and when violence may occur

Travelling to and from work, whether driving, parking, walking to and from your place of work. When working alone, When dealing with irate customers, During the act of crime such as robberies, When securing the transfer money, During labor disputes, and During personnel corrective actions and dismissal

Four T's

Treat Tolerate (not accept) Transfer Terminate

International Labour Organization (ILO) is the backbone of risk management standards

True

True or False Precautionary Principle and Sound Science are often seen to be in dynamic opposition with each other

True

True or False most Canadian provinces, the management of workplace violence is a legal requirement under OHS legislation or part of the employer's responsibility to provide a safe and healthy workplace.

True

Risk evaluation

addresses less quantifiable non-scientific aspects of the risk problem—the economic, social, and legal factors.

Risk Management

administrative and managerial function that results in planning, leading, organizing, and controlling the activities of the organization to minimize the effects of loss from the pure risks the organization may face in its day to day operation.

A management system

allocation of accountabilities, responsibilities, and resources from senior management through all employees to enable decisions to be made on OHS matters.

Workplace violence and harassment prevention plan - Physical Environment

an appropriately designed service waiting space can alleviate many tensions and stress in service areas. A spacious room, with seating, adequate lighting and clear service directions such as "position in line numbering" may serve to limit tension associated with long line-ups in of public service locations. Protective glass may be used at service desks as a protective transparent barrier.

Workplace Violence

any act in which a person is abused, threatened, intimidated, or assaulted in his or her employment.

Plan Do Check Act

approach of monitoring, audit, and review, central in respect to a systematic approach. Principles of quality assurance and continuous improvement (Demming)

Continuous hazards

are those that occur all the time at varying levels of exposure

Risk estimation

attempts to quantify the amount of risk pertaining to a given health hazard, using scientific information on the nature of the hazard and analytical methods to calculate the estimated degree of risk in the exposed population.

~ supervise evacuation drills. ~ operate firefighting equipment (extinguishers and hoses) ~ provide emergency scene first aid and CPR if needed. ~ conduct inspections ~ implement emergency shutdown procedures.

basic responsibilities that should be fulfilled by an industrial fire brigade as per NFPA 600.

The Risk Measurement Matrix

calculated as the product of two key variables: 1) the likelihood of effects and 2) severity of effects. Risk = Frequency x Severity

The four T's of risk management: transfer risk?

can be achieved through the use of various forms of insurance, or the payment to third parties who are prepared to take the risk on be half of the organization

Risk

chance for gain or loss

communication to relate the history, current status, and issues associated with the emergency

command transfer

impact analysis, recovery strategies, plan development, testing & exercises

components of the business continuity plan

difference between Hazard & Risk

condition or practice with the potential for accidental loss. vs the chance of loss when exposed to a hazard.

Weight-of-evidence approach

considering the evidence about the existence and magnitude of a risk is scientifically defensible. supports the conclusion that a serious hazard may exist. (what should we do about it)

Elements required for a successful HSE Management System

continual improvement, activities, stakeholder involvement auditing/verification

dusts, toxic chemicals, noise levels, and radiation; are samples of

continuous hazards

Reasonable Relationship

control for environmental or occupational hazards should bear respect to the corresponding reduction in health risk.

Positive Safety Culture 4 C's

control, communication, cooperation, competence

Loss prevention

controls BEFORE (preventing) an event/loss

Loss Control

controls ONLY after an event/loss

In risk decision-making, the "reasonable relationship" principle refers to the relationship between?

cost of control and reduction in risk

risk perception

could play a major role in the subjective risk tolerance, bias judgement.

Re-evaluating the risk situation on a continuous basis is called?

cyclical evaluation

When ranking severity of consequences in risk assessment, "extreme" means?

death or permanent disablement

Safety hazards tend to be ____ hazards while heath hazards tend to be ____ hazards.

discrete, continuous

risk management process ensures that appropriate steps are taken in

estimation, evaluation, and control

Incidence Rate

expressed as the frequency of reported injuries (or illnesses) within a specified number of workers

Cumulative Burden

expressed as the number of days lost due to accidents and sick days due to work-related illnesses

The six key steps in the risk management process under the CSA-Q850: Step 4 Risk Evaluation performs a review of?

factors not readily quantifiable—such as social, political, economic, and legal factors. Often the balance of the expected economic costs and health benefits is projected, either informally by consensus, or formally by cost-benefit analysis and similar quantitative methods.

Workplace violence and harassment prevention plan - Employee and Supervisor Training

include appropriate response procedures in the event of an incident, and ensure the plan is understood and effected. In the event of a incident, there is a requirement for accurate records to be created and maintained to document the incident(s). In addition, the organization has to respond appropriately in the time after and event occurs, including investigations and corrective actions to minimize repeat events. The employee also has a responsibility to provide medical care and counseling to victims in a hostile event.

• Contact with the public. • Exchange of money. • Delivery of passengers, goods, or services. • Having a mobile workplace (such as a vehicle). • Working with unstable or volatile people. • Working alone or in small numbers. • Working late at night or during early morning hours. • Guarding valuable property or possessions. • Working in community-based settings

increased risk for workplace violence

Four basic types of elements to monitor OHSMS performance

input - measure the hazard burden process - measures of success output/outcome - measure of failures through reactive monitoring, AND health and safety culture - culture

Elements to measure to examine health and safety performance?

inputs, process, outputs and culture

Incident Commander

is in charge, has authority

Workplace violence and harassment prevention plan - Review

is needed on a periodic basis.

The four T's of risk management: terminate risk?

is the simplest and most often ignored method of dealing with risk. It is the approach that should be most favored where possible and simply involves risk elimination.

Re-evaluating the risk situation on a review on a periodic basis is called?

iterative evaluation

Financing risk falls within

loss prevention

In the risk measurement matrix, a score of 6 or 7 means?

low risk; address when time permits

The four T's of risk management: tolerate risk is where?

no action is taken to mitigate or reduce a risk. This may be because the cost of instituting risk reduction or mitigation activity is not cost-effective or the risks of impact are at so low that they are deemed acceptable to the business.

Pure Risk

offers an organization an opportunity for only a loss, no gain.

All of the key OHSMS activities should be in the form of ____ benchmarks that can be evaluated by an ____ process according to predefined ____ criteria.

performance, audit, goal-setting

Workplace violence and harassment prevention plan

physical environment, administrative design, point of interactions, specific personal changes, employee and supervisor training, review

Emergency Response Plan

• state the types of emergency that require evacuation, for example fires, chemical spills and gaseous releases, and dangerous site conditions • a designation of primary and secondary evacuation routes complete with signage, appropriate emergency-ready lighting, • maintenance of pathways, corridors, and stairwells in a clear and accessible manner. • designation of wardens that will manage the evacuation, attend to those that need assistance, and assist in accounting of employees.