Hazard identification and control is one of the primary driving forces for current SHE programs and management systems. The assessment of identified hazards is the road map that guides SHE professionals through the myriad of regulated and recommended control strategies that need to be considered and implemented by an organization. The term "Hazard" is defined as a source of potential harm, which triggers the expectation that exposure to these sources, need to be controlled, mitigated or eliminated (ANSI/ASSE 2011b, p.11). The control measures that will be selected to minimize this exposure are often based upon the existence of the hazard as opposed to the level, or likelihood, of hazard exposure.
Risk management, which includes risk identification, assessment and treatment, is one of the cornerstones of modern business management. The use of a "risk-based" approach to guide strategic planning and decision-making processes is a philosophy that has been adopted by high risk (critical hazard) industries and organizations focused on becoming industry leaders. The basis of this approach is to identify credible risk sources that will be encountered by the organization so that appropriate risk treatment (control) strategies can be adopted. What is a "credible" risk and what is an "appropriate" risk treatment is based upon the risk objectives (principles) of the organization and the level of risk that can be tolerated (e.g. the company risk evaluation criteria). The risk management principles and framework needed to adopt this approach is captured in ISO 31000:2009 – Risk Management Principles and Guidelines which has now been promulgated in both Canada (CAN/CSA 31000:2011) and the USA (ANSI/ASSE Z690.2-2011).
While the adoption of a risk-based approach to manage the activities and operations conducted by a business is logical, there are challenges that need to be considered prior to implementation. Will this change in philosophy be defendable within a regulatory environment that still uses a "hazard-based" approach to control sources of potential harm or loss? What are the organizational barriers to adopting a risk-based approach? What level(s) of risk can be tolerated (ALARA or ALARP)? How will the risk management principles be applied throughout the organization? To address these challenges, the basic principles of a risk management system will be reviewed and examples of how to apply these principles will be provided.
