Risk assessment is a fundamental building block of any robust safety management system. The authors have successfully designed, developed and implemented safety management systems, including various risk assessment methodologies, throughout their careers. Additionally, the authors have audited safety management systems, both as Health, Safety and Environmental (HSE) leaders of a manufacturing organization, as well as casualty risk control consultants for an insurance broker. This broad perspective has offered an opportunity to identify a number of lessons learned and best practices, which will be reviewed in this paper.
Mr. Dix and Mr. Murray, have a combined HSE experience of over 25 years. They have also collaborated as colleagues for over half of their respective careers, which has allowed them to refine and continuously improve risk assessment strategies and tactics. These strategies and tactics have been successfully applied on a range of risk assessments, from task-based assessments to assessments on processes covered by the OSHA Process Safety Management (PSM) standard.
"Risk assessment" is a broad topic, which spans numerous industries and disciplines. From financial institutions to the United States Military the wide-ranging and flexible nature of risk assessment makes it a great tool for identifying, assessing and remediating risk. Although risk assessment is a commonly used term, the definition and application of risk assessment methods can vary widely. Even in the HSE discipline the term "risk assessment" can mean different things and encompass a range of criteria. This paper will review some of the common risk assessment methodologies utilized by HSE professionals and introduce a process called OSCAR, which can help identify a "right-sized" risk assessment approach to fit your needs.
What Is Risk Assessment – Why Is It Important?
Almost all of us are familiar with the term "risk assessment", but if asked, how many of us would be able to succinctly define it? Furthermore, how many of us would define it in the same terms?
According to ANSI-ASSE Z690.2-2011, risk assessment is defined as the "overall process of risk identification, risk analysis and risk evaluation"1. The standard further defines risk identification, as "the process of finding, recognizing and describing risks"; risk analysis, as "the process to comprehend the nature of risk and to determine the level of risk", and risk evaluation, as "the process of comparing the results of risk analysis with risk criteria to determine whether the risk and/or its magnitude is acceptable or tolerable" 2.