How to apply risk management principles

From safety learner, Phumi; How could I apply ISSMEC risk management principles or steps, to manage job safety at work? Which standards apply?

This question is a typical annual oral exam question in my training course. My textbook says that ISSMEC is used mainly by safety practitioners when executing a management control function, with these six steps;

I – Identify work to be done
S – Set standards of performance
S – Set standards of accountability
M – Measure performance
E – Evaluate performance against standards
C – Correct [or Commend] performance or commands.

For example, if the work is ‘use of ladders and scaffolding’, how could I apply the remaining steps of this principle to managing job safety?

Updating ISSMEC rules editor SHEQafrica responds; Phumi, ISSMEC is an expanded version of the Plan Do Check management cycle of Deming, and was popular in the ‘mnemonic’ or ‘rule of thumb’ era in the 1970s, along with other set rules like ‘STEP or STOP’.

ISSMEC principles remain valid, and are included in ISO quality management and OHSAS safety management standards, but do not explicitly provide for pro-active management, and simplifies risk assessment.

In high risk jobs, like work at height, construction, mining, chemicals processes, transport, energy and many other sectors, single or even sets of tickbox type safety management applications are not adequate, and worse, lead many workers and operators into a false sense of security.

Insert another ‘I’ for ‘Identify Risk Profile’

Identification of work should be more specific than a class of work, like ‘scaffolding’, to focus job risk assessment, planning, equipment checking, toolbox talk, measurement and correction effectively on unusual and non-routine aspects of a job or work conditions.

After ‘Identify Work’, the work planner should also invoke, draft or update a work risk assessment or risk profile, using performance records of similar operators, with same and similar equipment and conditions, in own, rival and worldwide organisations.

A baseline risk assessment or profile should already exist, to use as a basis for specific job planning. Performance and incidents at other operators informs the risk profile of current work, to learn from others’ mistakes. This global risk profile would inform standards of performance and accountability, as well as measurement and correction.

Setting standards of performance must include legislation as a minimum, national standards, corporate standards, standard procedures, and global best practice. Regarding work at height, for example, draw from your legal register, including Construction Regulations, fall arrest standards, Institute of Work at Height procedures, equipment supplier manuals, external and in-house training material.

Set accountability relevant to skills

Setting accountability must include roles of officials appointed in terms of the OHS Act, MHS Act or other legislation. Trainers and HR officers would typically share some accountability, like having verified training and experience of employees, appointing suitably trained people to relevant jobs. HR and training officials are also involved in Evaluation and Correction.

Safety metrics pitfalls

Measuring Performance is a particularly problematic area, since outcomes of any one job, or a small number of jobs, do not predict outcome. Chance plays a large role in small numbers, and yields to predictability only in large numbers, as the insurance industry knows well.

What to Measure and what to Correct, in the ISSMEC rule, is subject to limitations of perception, limitations of training of observers, resources, management attitude, and ultimately corporate climate and industrial culture.

Measuring safety performance, instead of offering a snapshot of risk mitigation, is usually a snapshot of management quality itself.

The principle of measuring leading indicators of future performance is stressed in current safety practice, instead of measuring, reporting and celebrating what chance and operator innovation had achieved.

Metrics formats already reveal a lot about the maturity of safety management. We should use inceptions, audits, job risk assessments and leading indicators, as opportunities to improve our planning, accountability measures, training, management, interventions, and sometimes of our standards and measurements themselves.

Using risk management Measurement functions to assign relative scores or percentages to performance is futile and misleading. Instead, the work team should embrace the principle of continuous improvement. Basing praise and reward on performance measurement merely hogs the space that should be devoted to communication, including praise and reward, based on continuous risk re-assessment and interventions aimed at influencing leading indicators, like skills and cultural climate, in our favour.

Safety is seldom a tickbox procedure. The art of risk management and quality management should inform your ideal response to the question of how to apply safety management principles to high risk work.

Canadian BCRSP training

The Board of Canadian Registered Safety Practitioners, BCRSP, includes and praises the ISMEC approach in its sample questions and answers; “ISMEC is the acronym for Identification of work, Standards established, Measuring performance, Evaluating performance, Correcting deficiencies (and commending success).

“This [approach] illustrates an important change in accident theory between the earlier Bird theory, along with Heinrich’s original model of ‘blaming’ worker, for accidents, to a systems or management control model.” (BCRSP Guide to Registration; Accident Theory Study Guide, Bird’s up-dated accident sequence)

Two further Canadian registration multiple choice questions are relevant to this theme;

Safety practitioners approach risk management as;
A A management system directed at influencing worker behaviour, with emphasis on worker safety and health.
B A system designed to manage quality and process safety.
C A system-wide assessment of risks and risk control, with emphasis on worker safety and health.
D A responsibility for the safety practitioner to document all workplace related risks and develop controls for the identified risks.

Perceptions of risk may affect the tolerance for certain types of hazards. Which of the following may bias the judgement of one of the affected parties;
A Scientific evidence not containing sufficient evidence to support a potential for harm.
B Value assumptions; or, subjective interpretations of evidence based on personal or societal values.
C The principle of achieving a technically agreeable control measure.
D All occupational hazards should be measure using the ‘precautionary principle’.

The correct risk management approach is given in C. “Risk management has nothing to do with ‘influencing worker behaviour’ or ‘quality and process safety’. It is no longer acceptable to ‘blame the worker’ as a result of assessing risk. Nor does risk management direct the safety practitioner to ‘develop controls’ for all identified risks.” (BCRSP Guide to Registration; Risk Management (RM) Study Guide).

Risk tolerance is correctly stated in B, since it warns that behaviour is based on cultural and personal factors.

RM elements in ISO structure

Risk management (RM) elements appear in global ISO quality management and OHSAS health and safety management standards. The basic philosophy of Risk Identification and Control within in the Quality Management System consists of five steps, named ‘IEPIM’;

Identification of all hazards and risks
Evaluation of the risk element within each hazard
Planning of control measures and development of an action plan
Implementation of the control measures and action plan
Monitoring the progress & implementation on a periodical basis

These steps correspond to section 4.3.1 of OHSAS 18001 and ISO 14001 standards. To comply with the management control and continual improvement aspects (section 4) of OHSAS 18001 and ISO 14001, the ISMEC section of the model is applied;

Identification of the work to be performed
Standards, procedures and work instructions for activities at all operational levels within the organisation
Measurement of performance against these standards (external and internal)
Evaluation of the performance in comparison with the standards
Commendation for adherence, implementation of corrective and improvement actions.

Overall audit and review system consists of 18 elements:

Element 1: Loss Control Management
1.1. Integrated Loss Control policy
1.2. Management responsibility and objectives
1.3. Management meetings
1.4. Management tours
1.5. Leadership introduction

Element 2: Risk Assessment
2.1. Generic HI&RA on primary processes
2.2. Critical tasks identification (JSA)
2.3. Pre-job hazard analysis
2.4. Shutdown hazard analysis
2.5 Environmental aspects and significance

Element 3: Loss Control Planning
3.1. Long term (Improvement) planning
3.2. Loss control year plan
3.3. Standards, codes, laws and requirements
3.4. Loss Control KPI’s and Section KPI’s
3.5. Individual responsibility for Loss Control?
3.6 Environmental planning

Element 4: Organization and Responsibilities
4.1. Organisation charts and organisation
4.2. Overall Processes, procedures and practices
4.3. Jobs / task / authority descriptions
4.4. Standard Operating Procedures (SOP’s) Production

Element 5: Documentation and Records
5.1. Loss Control Management System manual
5.2. Document control (per section, external documentation)
5.3. Record keeping (what, where, retention time, custodian)
5.4. Technical Library
5.5 Electronic Data Management System

Element 6: Training and Education
6.1. General records
6.2. Training needs analysis (TTG system)
6.3. Training qualification and systems
6.4. General orientation/ induction
6.5. Job introduction
6.6. Training system evaluation
6.7. Critical task analysis
6.8 Contractor training

Element 7: Operational Health and Hygiene
7.1. Pre-employment medical examinations
7.2. Health Surveillance & prevention program
7.3. Record keeping and privacy
7.3. Health control in the workplace
7.4. Clinic facilities
7.5. Evaluation and preventive actions

Element 8: Engineering and Design
8.1. Design and development planning
8.2. Design input and output
8.3. Design verification and validation
8.4. Design changes, new products
8.5. Product liability, service and communication
8.6 HAZOP, what if studies etc.

Element 9: Procurement and Logistics
9.1. Procurement, specifications, requirements
9.2. Non conformities of product (QC)
9.3. Supply chain management
9.4. Contractor / supplier selection
9.5. Managing contractors’ work
9.6 Storage, Handling and Freighting of products

Element 10: Communication and Motivation
10.1. Dissemination of company information
10.2. Board meetings, section meetings, department meetings
10.3. Personal communication
10.4. Task instruction
10.5. External communication (Shareholders, Stakeholders, Royal Commission, Public)
10.6. Reports and notifications (Complaints procedure)

Element 11: Inspections, Housekeeping and Tests
11.1. Internal audits and inspections
11.2. Critical Loss Control equipment
11.3. Prestart -up Safety Review (PSSR)
11.4. Housekeeping tours
11.5. Preventive maintenance, corrective maintenance, breakdown maintenance
11.6. Receiving inspections and tests?
11.7. Material inspections and testing
11.8. Start-up and tests
11.9. (Test) Equipment calibration and measurement
11.10 Control and test emergency protection systems

Element 12: Management of Change
12.1. MOC Procedure, review and approval
12.2. Operations and work processes changes
12.3. Management of change in operations
12.4 Changes in key personnel
12.5. Critical Loss Control devises

Element 13: Rules, Permits and PPE
13.1. Operating Permit
13.2 General rules
13.3. Specific rules
13.4. Work Permit system
13.5. Rule education and review
13.6. Refusal to work
13.7. Signs, collars, indications
13.8. PPE
13.9 Industrial Security
13.10 Overriding safety protection systems (DCS, Interlocks, etc)

Element 14: Observation, Behavior, Discipline
14.1. Behaviour observation
14.2. Behaviour monitoring
14.3. Disciplinary actions
14.4. Rule promotion and recognition
14.5. Promotion activities

Element 15: Reporting and Investigation of Deviations
15.1. Accident, incident reporting & registration system
15.2. Non conformance reporting & registration system (internal / external)
15.3 Accident and incident investigation and participation
15.4. Incident announcements
15.5. Near-miss and condition reporting
15.6. Corrective and preventive actions
15.7. Report files and follow-up
15.8. Analysis of incident data, statistics

Element 16: Emergency Preparedness
16.1. Emergency analysis
16.2. Emergency Control Plan
16.3. Emergency communication
16.4. Alarms and rescue system
16.5. Emergency response team
16.6. Scenario Drills and ERT training
16.7. JAMAÁ / Civil Defence assistance
16.8. Post event planning
16.9 Decontamination and clean-up

Element 17: Monitoring and Evaluation
17.1. Safety monitoring
17.2. Health monitoring
17.3. Environmental monitoring
17.4. Quality monitoring
17.5. System monitoring
17.6. Problem solving teams

Element 18: Audits and Reviews
18.1. External audit plans
18.2. Internal audit plans
18.3. Management review (monthly, quarterly, bi-annual)

IMAGE; ISSMEC risk management principles and procedures were based on the domino theory of incidents, aiming to break loss incident causal chains. More recent theories recognise that multiple underlying, indirect and direct causes contribute to incident frequency and severity, and seek to change workplace conditions, as well as organisational behaviour and corporate cultural climate.

• See related reports in the window below.
• Comment in the Comment box below.

Leave a Reply

Your email address will not be published. Required fields are marked *


Safety business opportunity

SHEQafrica Corporate Services is selling all its domain names as part of its closing down sale. Below is a list of the domain names related to SHEQ and they are all available at the Final Closing Down price of R1 995,00 each. Some of the domains have active websites. […]

Cygma hands over SACS for outstanding hosting fees

Internet Service Provider,  Cygma has commenced with court action to claim liquidated damages from SHEQAfrica Corporate Services(Pty)Ltd for outstanding hosting fees. This comes after The High Option Ltd. withdraw their Line of Credit to SACS. THO has been guaranteeing the hosting fees for 12 months and has withdrawn its LOC with effect 21 March 2021. […]