Risk Profiling. An essential tool in helping to determine the acceptable level of risk
Risk Profiling An essential tool in helping to determine the ‘acceptable’ level of risk
Oliver Sanandres Head of Health Safety & Wellbeing City of Lo...
Risk Profiling An essential tool in helping to determine the ‘acceptable’ level of risk
Oliver Sanandres Head of Health Safety & Wellbeing City of London Corporation
Risk Profiling Aim: •
Understand the definitions and purpose of risk profiling
•
Risk Profiling Process - simple risk assessment as the foundation for risk profiling •
To demonstrate how risk profiling integrates with service delivery and your Safety Management Systems
•
The City’s TopX process
What is Risk Profiling A systematic and structured approach to risk management.
•
risk elements of its operations
•
effectiveness of the controls
•
as well as a framework for assurance and monitoring
Every organisation will have its own unique risk profile.
Risk Profiling
Easy as Ice Cream!
Why do we need Risk Management? The only alternative to risk management is crisis management - and crisis management is much more expensive, time consuming and embarrassing. JAMES LAM, Enterprise Risk Management, Wiley Finance 2003
Without good risk management practices, government cannot manage its resources effectively. Risk management means more than preparing for the worst; it also means taking advantage of opportunities to improve services or lower costs.
Sheila Fraser, Auditor General of Canada
“A prudent man foresees the difficulties ahead and prepares for them; the simpleton goes blindly on and suffers the consequences.” Proverbs 22:3 5
Why do WE need Risk Management? Unique organisation…
Why Health & Safety • Of the total cost in 2010/11, workplace illness cost society an estimated £8.2 billion; • workplace injury (including fatalities) an estimated £5.2 billion. • £5.76 billion of the total cost in 2010/11 represents financial costs; the remaining £7.66 billion represents the monetary value given to individuals’ ‘pain, grief and suffering’.
Somewhat just under half of the costs were shared between employers and government.
Why bother with RM? • Increase risk awareness • Increase understanding of risk – sensitivities • Promote a “healthy” risk culture – It’s safe to talk about risk. Open and transparent – Set appetite
• Develop a common and consistent approach to risk across the organisation • Not intuition based – Evidence Based 9
Risk Profiling – Risk Assessment The Law Regulation 3 Risk assessment (1) Every employer shall make a suitable and sufficient assessment of(a) the risks to the health and safety of his employees to which they are exposed whilst they are at work; and (b) the risks to the health and safety of persons not in his employment arising out of or in connection with the conduct by him of his undertaking… (3) Any assessment such as is referred to in paragraph (1) or (2) shall be reviewed by the employer … who made it if(a) there is reason to suspect that it is no longer valid; or (b) there has been a significant change in the matters to which it relates; and where as a result of any such review changes to an assessment are required, the employer or selfemployed person concerned shall make them.
Risk Profiling Process • Risk profiling involves gathering information about operations and process, using existing risk assessments, and risk assessment methodology to evaluate risks, and developing a suitable means for monitoring and providing assurance • Other intelligence e.g. reactive (near miss/accident data) as well as proactive data (audits / inspections)
Risk Profiling – Risk Assessment So how does all this translate into service delivery operations? What does GOOD look like?? •
Task Register
•
Risk Assessments – Audit Trail
•
•
Meetings / Research
•
Asking Staff – Minutes of team meetings, etc
•
More detailed as risk or severity increases
Risk Register
Outputs– Risk Assessment Task Register - (Record)
Risk Assessments - (Intelligence)
Accidents Inspections Risk Register – (Mechanism)
What should a Risk Profile Contain? • A summary of the key strategic & operational health and safety risks for the organisation • Quantification of these risks, in terms of likelihood and potential impact • Identification of the current controls, their effectiveness and improvement potential • A framework for monitoring and assurance, including a prioritised action plan
Safety Management System Integration HSG65 – Managing for Successful Health and Safety • PDCA – Deming Cycle • Risk Profiling – Doing part of the cycle Interconnectedness of risk(s) / H&S part of overall business risk profile
RISK ASSESSMENT
MECHANISMS
FRAMEWORK
City of London – SMS - TopX
Our Rules… •
Risk profiling/TopX should be a ‘live’ process
•
Review and on-going reassessment is critical – dynamic nature of risk
•
Identified actions must be addressed and evaluated within the timescales identified in the associated action plans
•
Risk profiling includes significant contracted risk = part of our undertakings
•
Communicate openly
TopX - Risk Profiling Make them mean something… KPI’s Monitor them Report them • Systems • Processes • Responsibilities
Risk Profiling Lead Empower Trust Leaders Ownership Consequences Competence Overview Implementation of Controls
Questions? Oliver Sanandres Head of Health Safety & Wellbeing City of London Corporation @Sanandres6914
I hugged safety close to my chest and kissed risk full on the lips Betsy Cañas Garmon