INTEGRATED RISK MANAGEMENT SYSTEMS
I am offering the following opinion in the hope that others may benefit from my experience, gained in a working life of over thirty years as an industrial chemist in defence manufacturing.
For many years I have been aware that industrial incidents occur mainly as a result of management system failures and in particular the failure to integrate risk management strategies.
The introduction of ISO9000 type management system standards offer management system models aimed at managing the four main areas of industrial risk (quality, safety, environment and security) related to work processes. The difficulty lies in the fact that there are tradeoffs between the four areas. For example a simple process of electroplating high tensile screws with cadmium involves quality problems – some processes cause hydrogen embrittlement, safety problems – cadmium plating must be used to stop corrosion, it is toxic, the baths contain cyanide, both cadmium and cyanide present environmental problems, cyanide presents a security problem.
Substitution of any component of the process causes development of new problems. This combination is common in industry where hazardous substances are in use and must be extreme where radioactive substances are used. The management system must cope with this type of problem in a way, which is acceptable to its customers and society.
The ISO 9000 approach is for organisations to express their management policy in the form of a documented management system, and subject this system to continuous improvement through audit and team based problem solving activities. There are Australian Standards which relate to the four main areas of industrial risk , organisations which are certified to these standards are committed to ongoing risk management and improvement.
In my experience the implementation of ISO9000 management systems meets with opposition from middle managers, who understand that ‘if you do not state your policy on any subject, you can never be wrong’, and wish to manage on an ad hoc, directive basis. It is my contention that many managers in industry do not have formal training in risk management, do not know how to counsel staff, train staff, have only a rudimentary knowledge of industrial law ,and have poor problem solving skills.
A major improvement could be effected by introduction of requirements for management training and competency testing of supervisors and team coordinators. I suggest that direction of employees by incompetent supervisors is completely unacceptable. The fact is that under a directive management system employees can be directed to perform tasks, which place them at risk, with little redress.
This brings me to the matter of industrial democracy. ISO9000 type management systems encourage continuous improvement of processes and systems, this is difficult to achieve under a directive management system. I suggest that most certified organisations will embrace a participative management system, and will become the more competitive for it.
Employee involvement is of paramount importance for workplace safety, quality of product, protection of the environment, and security. I suggest that a major improvement would be implementation of tax incentives for employees to undertake salary sacrifice for the purposes of purchasing shares in their organisation. A simple expedient of discounting shares on the basis of productivity improvements would provide the incentive for employees to improve the efficiency of their organisation.
The key to integration of risk management systems lies in the work practice documentation (procedures, codes of practice, process specifications).The ‘process control’ element of ISO9001 requires performance of work under controlled conditions ,including documentation of work practices where lack of such documentation could adversely affect quality (safety, environment, security). This implies that where there is a reasonable expectation that an incident could occur due to a lack of administrative control that the process should be documented. The very act of documenting the process means that the process is visible to all and can be evaluated easily by any competent person.
The processes involved in manufacture of most products are decided during the design process. In industry it is quite common to design without proper configuration management. This means that there is no basis for systematic risk assessment. The modification of processes should be performed during development of prototype product and continued by the manufacturing team only under controlled conditions. By this I mean that design engineers should be trained in process application and have a basic understanding of toxicology so that ‘safe’ and ‘nonpolluting’ products are used in their designs.
Workplace teams should evaluate processes and determine whether the safety risks involved are acceptable to them. The need to consult with competent persons where hazardous substances are involved should be the subject of legislation.
The principle I have discussed may be simply put:
SAY WHAT YOU DO
DO WHAT YOU SAY
BE ABLE TO PROVE IT
BUT IF YOU CANT DO IT SAFELY, DON’T DO IT AT ALL
I suggest the place to start, in any organisation would be in the development of a six part Management Policy Manual . It should include mission and vision statement, administrative policies,and policies for the four risk areas. The policies should be based on International or Australian Standards where practicable, and involve a risk assessment and cost/benefit analysis for the safety, environment and security areas.
In doing this we may move up the "maturity model of organisations" from chaos, through managed and planned stages, to the integrated and even the optimised levels. I suggest we should ‘MANAGE FOR MAXIMUM BENEFIT WITH TOLERABLE RISK’.
In other words 'get the job done, do it right and make a profit, but don't injure any one, ruin the environment, or get ripped off, while we are doing it'.
Alan G. Cotterell
Acotrel Risk Management Pty Ltd
11th September 1998