In previous blogs, we introduced the concept of risk and the common steps of the PDCA process of risk management.
Figure 1 shows an application of the input-process-output model of systems control to risk management. The input is a risk, the PDCA cycle is the process and the mitigated risk is the output (figure 1). In other words, the safely performed business (operation) is the output of risk management.
This blog clarifies the input data of the PDCA process. This risk data only refers to the raw data of hazards, incidents, or observations at the work site and does not include any management performance data, although this can be critical for risk control as well.
How do you collect the original data input for risk management? What is it? Through this blog, you will be able to understand some commonly used data sources from the worksite and find an efficient way to collect risk data for your organization.
As all EHS professionals know, hazard identification is the start of the process of risk analysis. Therefore, the most common risk data is the hazard data in the work site. However, risk refers not only to the description of the hazard, but also events, exposed humans, equipment, environment, and even the potential consequences for risk assessment.
Everyone at the workplace commonly participates in risk (hazard) identification since hazards directly relate to operators and equipment. Different approaches can apply to this process. For example, an Oil & Gas company collects the information of hazards associated with primary activities during operations and the hazards associated with the equipment via hazard registration forms. These are mandatory tasks for employees. Another example of a water company, the HSE department applies a safety walk-around to document safety hazards at the workplace.
Many techniques facilitate the collection of hazard information. Some of them also include a simple risk assessment process, such as HAZID (HAZard Identification), LMRA (Last Minute Risk Analysis), etc. You don’t need to use all methods to collect hazard information in the work site. You only need to choose a prevalent one that fits the industry and the regime. For example, ICAO recommends some worksheets for risk mitigation and defines the objective and criteria of hazard and risk assessment. These uniform worksheets can formulate the hazard data in the aviation field and it is efficient when you or other experts research into aviation hazards on a larger scale.
Objective of Hazard identification and Risk Assessment:
Describe the hazard identification system and how such data are collated. Describe the process for the categorization of hazards/risks and their subsequent prioritization for a documented safety assessment. Describe how the safety assessment process is conducted and how preventive action plans are implemented. – ICAO Doc 9859
Incident reporting is the process of documenting all incidents and these reports are also data sources for risk management. Reporting systems facilitate both internal and external learning from incidents.
What is the input data of this reporting system and how can you collect this from the work site?
In the Deloitte white paper workplace safety analytics, incident raw data includes event data, roster data, equipment data, qualitative (survey). This information is commonly collected via incident report forms. The following pictures show the different types of incidents, and also the possible entities involved in the incident. Unsafe condition, unsafe act, near miss, and accident are the main incident types. To register them requires various information, including the description of the scenario and a simple risk assessment associated with the incident event.
Similar to data collection of hazard information, everyone from the organization can report the incident. The only difference is the event of an incident has already happened, but the event in the hazard identification sheet can be a potential event. When you collect the incident data, you still need to design the reporting form based on the guidelines or best practices of the incident report in your industrial field and regime.
Observation is also a way to identify the hazard. Sometimes it can be a tool for workplace risk assessment as well. You (e.g. the line manager, EHS advisor) observe the risk situation when you implement a walk-around.
According to Heikki (2010), the observation items can be divided into 7 groups: (1) safety behavior, (2) order and tidiness, (3) machine safety, (4) industrial hygiene, (5) ergonomics, (6) gangways and (7) first-aid and fire safety. Besides, some companies design some observation forms and collect the fill-outs frequently, such as daily, weekly, etc. These forms are filled out by most frontline engineers, supervisors, contractors, etc.
The observation form sometimes can be the same as the incident/near-miss report form. Likewise, it can be a replacement for a hazard identification form as well. Thus, you don’t need to apply all techniques to collect information at the worksite because applying multiple ways for risk information can easily cause information overlaps and reduce efficiency.
As there are many safety-critical (inherently hazardous) processes in industries, for example, maintenance, hot work, confined space entry, etc., you need a permit to work system to control them. Within this system, the participants can encounter risks; therefore, they need to register these risks. The process is almost the same with hazard identification and risk assessment. The participants need to identify the potential exposure to hazards and estimate the risks. Then you achieve the risk registration in PTW.
You even can apply the same form with the other above methods because this is just another entrance to the registration of risk. For example, the LMRA worksheet can be an attachment to the permit to work to manage risk. In conclusion, the risk register in PTW is part of the procedure, do not misinterpret them or duplicate the risk registration.
Last but not least, many other types of data, such as operational data (e.g. monitoring data), safety oversight data (e.g. audit data), etc. also influence on or directly relate to risk. Their impact on risk control sometimes is more complex, and you need to develop the data model from the operational level to the management level for analysis. Therefore, this has been left out of this blog.
All in all, through this blog we hope that you recognize some practical methods that are used to collect risk data from the work site. This data mainly contains hazard information since the hazard is the most critical information for further risk control or mitigation. But the risk is not just the description of hazards. You need to define the content and design the format of the data, which contributes to the effectiveness and efficiency of the risk data process. For example, misbehavior in an operation (as content) can be collected in an observation worksheet or via an incident report (as format). The content normally considers the exposure to the hazard (contact, interaction, close proximity, etc) and the potential/actual impact of this hazard. With this information, you can perform a simple risk assessment. The format of the risk data varies in accordance with the best practices of the industry and regime.
Regardless of paper-based data or digital data collection, an organization needs to understand all the sources of risk data, optimize the process and choose a suitable method according to the real situation of the work site. A good format of the risk data will benefit modern digitalized risk management in the near future.
© CGE Risk. 2021 – The copyright of the content of this blog belongs to CGE Risk Management Solutions B.V.
