ADMINISTRATIVE RISK CONTROL AND PROCESS ANALYSIS
Administrative control of risk is used in industry in many forms, it appears as ‘use lists’ such as may be attached to petrol and LPG dispensers to define the way the equipment is to be used for safety reasons. Other examples include use of a recipe by cooks, laboratory methods, process specifications, and other forms of documented work instructions.
Risk in the workplace of an organisation, generally arises from exposure to a hazard. The magnitude of the risk is associated with the likelihood of an incident occurring (causing loss or injury), and the potential consequences (including adverse public perceptions or ‘outrage’, which can greatly magnify the risk to an organisation), of the incident.
These ‘operational risks’ are probably best controlled through application of a ‘hierarchy of controls’. In the case of ‘safety risk’, the following hierarchy is in general use:
When the first three levels of the hierarchy of controls are applied there is ‘residual risk’, administrative control copes with this by defining the work practice in documented form.
Administrative risk control is called up under the ‘process control’ element of AS/NZS ISO 9000 (Quality Management Systems). This states in effect, that work shall be performed under controlled conditions, including use of process documentation, where lack of such documentation could reasonably be expected to adversely affect quality (safety, environment, security).
ISO9004.1 (Guide to ISO9000) defines ‘requirements of society’ as – quality, safety, protection of the environment, security, and conservation of energy and natural resources, and states that these should be considered when developing and documenting a Management System.
ISO1400 – Environmental Management Systems, and AS4804 – OHS Management Systems have requirements for Risk Assessments to be performed, and the ‘hierarchy of controls’ to be applied, which includes administrative risk control.
(All of the above standards are compatible with each other, and a new standard AS4581:1999 – Management System Integration, provides guidance on integrating quality, safety, environment and security management systems.)
The application of administrative risk control is essential where hazardous substances are in use. The very act of documenting a process means that it is visible to all, and measures can be taken to minimise exposure to hazards to a level which is tolerable to all stakeholders.
The principle espoused in Standards Australia Miscellaneous Publication MP34:1978 titled Guide to the Layout and Preparation of Standard Methods of Chemical Analysis, puts this quite succinctly when it says ‘If there are risks of explosion, fire or toxicity (including carcinogenicity) for which special precautions are necessary, a cautionary statement in bold type shall be included at the appropriate step in the procedure. Reference should be made to appropriate standards or regulations.’
DESCRIBING THE PROCESS
Everything we do is part of a process. A process is simply bringing resources together to produce an outcome. As the outcomes or results of a process vary, we need to constantly need to find more efficient ways of doing what we do.
Central to this unending search for process improvement is the need to examine the process, for we cannot improve a process we do not clearly understand.
We use the flow chart as a tool to help us systematically analyse process design and the customer model, to define the quality (safety, environmental effects, security) of the process. Together these tools provide a means of identifying opportunities for improvement within the process.
THE FLOW CHART
The Flow Chart shows in diagrammatic form how a process is carried out. Those actually working in the process either draw up flow charts themselves, or a person who has been specially selected to prepare flow charts is given the information he/she requires to construct one.
A flow chart contains the following key elements:
A fifth element may be used to denote documentation outputs, which has a different symbol, however for the present considerations, we do not need this.
For reference purposes during analysis, we number each stage from beginning to end – 1 for the first stage, 2 for the second, and so on. (As we change the process we may need to renumber the stages).
There is often a lot of information written on the top of flow charts. It identifies the process, the process owner, the intent of the process, and when and by whom the chart has been completed. This information should be written in, every time.
We need to ask a number of questions before we draw up a flow chart:
At what level shall we analyse the process? (macro, mini, micro)
We define levels in the following way:
Macro processes are made up of many mini processes, and mini processes are made up of many micro processes. There may also be a number of levels of mini processes within a macro process.
What boundaries should we have?
Where does the process we are examining start and where does it finish? Processes are usually more complex, contain more steps and alternative courses of action than we realise, and extend further than we expect.
It will help us if we break processes up into manageable ‘chunks’ or sub processes for purposes of analysis. For example each A4 sheet will take up to about 10 symbols before it becomes overcrowded. 10 stages is a practical upper limit to aim for in each process (20 stages, if an A3 sheet is used).
A manageable sized sub-process can begin at any point and end at any point. However you should ensure that the commencing activity of one sub-process on a flow chart corresponds with the concluding activity for the previous sub-process. The point at which a process moves from one section or department to another, is a useful place to conclude a sub-process. We should be able to establish quality (safety, environmental, security) characteristics that are needed by a customer (external or internal) at that point.
Please remember, that if you simply try to fix one subprocess without, at some time in your investigation, relating that subprocess to the other subprocesses, that make up the big process, you may improve that subprocess but at the expense of the process as a whole.
This is particularly relevant where Hazardous Substances are involved in a process. A process may be ‘safe’ as far as potential to injure workers, but not provide the quality, environmental effects, or security outcomes required by the customer.
We may find it necessary, or desirable to alter the boundaries as you proceed, and to divide one process into a number of small processes to make examination more manageable.
What is the process intent?
What are we seeking to achieve with the process? What is the objective, or desired outcome? In other words, what is the Process Intent?
It is not a description of what happens, but a statement of what results we want from the process for ourselves, and our customers.
For example:
‘Enter all details on the Work Order’ – is a description of the process.
‘Provide accurately completed Work Orders to client departments within 48 hours of receipt’ –may be the process intent.
It assumes the process is working perfectly, and so provides us with a means of judging how effective a process is.
The Process Intent provides us with a unique opportunity to:
It is not something we draw up quickly, but something we carefully consider and discuss with those involved in the process. It may take a few hours, or even longer, and involve a re-thinking of our whole approach to the process.
Once an accurate statement of Process Intent is agreed, write it down at the top of the flow chart. Whenever the team reviewing the process meets, refer to the Process Intent at the outset, so that it serves to focus your efforts. Of course you may find it necessary to modify the Process Intent over time, as a result of your investigations and/or improvement activities.
Who is the process owner?
Each process, or subprocess should be assigned a ‘process owner’. The process owner is responsible for making sure that action planned for the process is, in fact, carried out, and that the process is reviewed at regular intervals.
The process owner is generally the person most responsible for the outcomes of the process, and would normally have authority to make changes to the process. (However sometimes the end customer of the process is made the owner). An outsider, with no vested interest in the process, has sometimes been assigned the role of process owner.
In some cases two or more managers might compete for process ownership. They may determine between themselves who will be the process owner – if not, the manager to whom the other two ultimately report should take on the role.
PROCEDURE
Drawing up a flow chart takes time. For a large process it can take many hours. It shows how a process is actually carried out – not how it is supposed to be carried out (except when we wish to draw up or ‘imagineer’ a flow chart of the way a process should be carried out when it has been improved).
As a general rule, try to deal with manageable ‘chunks’ of a process at any time. You will find processes more complex than you thought, there are more decision points than you imagined, and more alternative courses of action.
Pay particular attention to the actions that follow when things go wrong in a process, e.g. we find ourselves out of a stock of an important part or material, when the computer says we should have some. These are sources which may lead to incidents causing waste, error or injury.
Flow charts are valuable documents. They should be carefully stored as permanent records. The process number should be written in the top right-hand corner. It is suggested each process be numbered for reference purpose, filing etc.
IDENTIFYING THE CUSTOMER
We define quality (safety, environmental effects, security) in terms of performance that pleases the customer (and other stakeholders). Ultimately that customer (society) pays the bill. In other words we must first discover what the customer’s requirements are. We need to identify our customers, both external and internal, construct customer models to determine performance requirements that we must deliver to please them, and if necessary redefine the desired intent or outcome of the process, in the light of our findings.
Our primary responsibility is to please (satisfy) the external customer. Ultimately that customer pays the bill. Ultimately too, that customer defines the quality of performance that we must deliver, if we are to remain in business.
It is not sufficient in today’s competitive environment to simply produce to the customer’s requirements. We must endeavour to exceed that expectation because.
Services and product that please the customer result from:
We must therefore:
The requirements of the external customer are of great importance. We also learn how important it is to recognise that we all have customers within the organisation. Indeed the next process is the customer.
In other words, we need to please the operator(s) in the next process with what we produce, and this we do by providing them with goods and services that meet or surpass their requirements – so that they, in turn can produce defect-free work.
THE CUSTOMER MODEL
It is important that you have direct discussions with customers and suppliers. On the basis of these discussions we can then draw up Customer Models for our customers – at each stage, as well as at the end of the process. This helps to ensure that only acceptable inputs will enter the process and only acceptable outcomes will leave it.
The Customer Model is obtained by actually asking each customer of a process, or stage of a process, what they need to enable them to do a perfect job themselves. Every significant characteristic is written down.
In constructing a customer model, do not be content with vague generalities. You will need to probe and discuss to construct a worthwhile model. As a result of the probing and discussion, you will generally find that you gain a new understanding of the process and uncover new avenues for investigation and new opportunities for improvement.
Try to quantify the customer’s requirements wherever possible. For example, do not be content with ‘delivered in good time’ as a customer requirement. Look for a specific time of the day, week or month, or a certain number of days, prior to the next step of the process commencing.
THE PROCESS SPECIFICATION
The Process Specification (Operating Procedure) is a textual document based on the flow chart of a process. It provides an auditable guideline for operations, and provides a basis for training new operators.
It should define the scope and application of the work practise it documents, and reflect management policies in the major risk areas (quality, safety, environment, security). These management policies should reference Australian Standards, call for risk assessments where appropriate, proactive implementation of controls and cost benefit analyses for any controls to be implemented.
It may be expressed:
Say what you do
Do what you say
But if you can’t do it safely, don’t do it at all.
Alan Cotterell
Acotrel Risk Management Pty Ltd
30th August 1999