In many risk management contexts, managers, workers and interested parties lack a framework to determine what are the corporate and personal criteria for deciding risk tolerability. Any organisation not only needs standards for identifying and analysing risk but also requires a decision-making framework for knowing what risk levels are tolerable or acceptable. Policy makers need to establish a Tolerability Framework which contains risk tolerability criteria applicable to the organisation specifically, but also takes into account the standards of related industries as well as society generally. Safety laws of all kinds (OHS, Environment, etc.) require accountability for demonstrating that all reasonably practicable measures have been taken to control risk and ensure safety. A Tolerability Framework recently developed by the author provides the means for an organisation to demonstrate that it is diligently managing its risks.
This Tolerability Framework applies to aspects of the risk management process commonly referred to in AS / NZS 4360:1999 as ‘risk evaluation.’ Hence, the framework provides one of the practical means needed by an organisation to diligently cover its moral, legal, commercial, and industrial obligations by providing criteria for evaluating tolerability of business risk-taking. In particular, organisations need to define risk boundaries for :-
different categories of exposed persons, e.g. employees, public etc. and
different consequence severities, e.g. risk of fatality versus serious injury.
While this framework is specifically designed for personal safety risk management, its principles cover, and can be applied equally well to, all business risks. The framework has been practically applied as a vehicle for corporate cultural change. It is a positive proactive tool based on professional risk management not defeatism nor fatalism. It has been adopted as a business model for cultural change which - compared to the traditional ‘absolute safety or zero risk’ model - actually demands comprehensive risk understanding rather than uninformed risk taking.
The accurate perception of risk by all employees within an organisation of what the organisation regards as "tolerable" and "intolerable" is important for effective risk management. "Common sense" cannot be assumed nor automatically achieved without considerable discussion and argument to gain commonality and agreement amongst all interested parties on those risks which are "tolerable or acceptable" and those which are not.
How we manage and regulate all our risks is based on determining :-
whether the risk :-
is so great that it must be refused altogether, or
is, or has been made, so small as to be insignificant, or
falls between the two states specified in a) and b) above and
if the risk has been reduced to the lowest practicable level, bearing in mind the benefits resulting from its tolerance and taking into account the reasonableness of the costs of any further reduction.