Executives and board members are confronted with strategic decisions to ensure the success or simply the survival of their business. During Enterprise Risk Management (ERM) processes, these business leaders strive to gain information and insight into the risk status and certainty to achieve strategic objectives. On the other side of the hierarchical chain, millions of workers who are exposed to occupational risks and hazards on a daily basis are simply asking to be able to perform their job in safety and return to their families without any injury at the end of each day.
An age-old phenomenon that still occurs today is making decisions under full or partial pressure, a situation that is unfavorable to say the least. And although AI technology currently allows us to predict or anticipate trends to relieve us from this pressure, it is not yet a tool available to all people and businesses. There is always a degree of uncertainty or risk that corporations and businessmen are willing to take, the same cannot be said of workers.
What is the link between decision making and risk management in the area of occupational health and safety (OHS)?
Enterprise Risk Management (ERM) is a management concept and function within corporations that emerged in the mid-1990s. Following several recent high-profile business scandals and failures, investors and governments have demanded improved corporate governance and risk management techniques. Managers are now increasingly required to report on their internal risk control systems. This is done either through legislation, such as in Germany through the ‘‘Control and Transparency in Entities’’ Law, or voluntary codes, as the Turnbull Guidelines in the UK.
The 2020 global pandemic has reminded us that worker health and safety plays a central role in the survival of a business. We have seen companies and organizations trying to anticipate and respond to an unprecedented level of uncertainty. We witnessed the troubles and the bankruptcy of some, while others seemed to have been thriving. The modern world has never experienced this level of uncertainty, we have to learn lessons from companies that survived and flourished when the economy seemed to spiral out of control in order to rebuild and to face the current economic downturn.
What is an Enterprise Risk Management (ERM)?
Enterprise risk management is a methodology that looks at risk management strategically from the perspective of the whole business or organization. It is a top-down strategy that seeks to identify, assess, and prepare for losses, hazards, and other potential threats that could interfere with the organization's operations and objectives and/or result in losses.
In contrast to the traditional risk management, which focuses on identifying and analyzing loss exposures and taking steps to minimize the financial impact of the risks they impose, ERM addresses all types of risks across an organization, including Workplace, Health & Safety (WHS). Enterprise risk management takes a holistic approach and requires executive-level decision-making that doesn't necessarily make sense for an individual business unit or segment. It forces management to decide which risks to actively manage. As opposed to risks being siloed across a company, a company sees the bigger picture when using ERM.
The objective-centric risk management approach
Enterprise Risk Management (ERM) is gradually becoming a requirement for organizations and international standards bodies are constantly reviewing their guidelines to improve the approach to ERM. We have seen this with the International Standard Organization (ISO 31001) which is a reference in this field and the Committee of Sponsoring Organizations’ (COSO), the committee that provides guidelines to help organizations improve their performance by developing leadership that strengthens internal control, risk management, governance and fraud deterrence.
One of the most noticeable progresses in the approach to ERM in recent years has been the recognition that an objective-centric approach yields better results than the traditional taxonomic approach (organizing or grouping similar or related risk categories into larger categories). In 2017, COSO published the Guidance on Enterprise Risk Management—Integrating with Strategy and Performance. The white paper provides insightful guidelines on IRM, but Tim Leech, founder of the Objective-Centric Risk Management approach says that:
“…what it (COSO Guidance) does not simply and bluntly state is that the fact that the vast majority of ERM frameworks in place in the world today really do not integrate very well with strategy and performance and, of even more importance, why that unsettling fact is true.”
Tim Leach explains that the main reason why most ERM frameworks currently don't mesh well with strategy and performance is very simple. The majority of ERM frameworks in place are “risk-centric,” not “objective-centric.”. When an ERM framework begins with the primary goals of creating and sustaining value in an organization as its foundation (i.e., is “objective-centric”), it naturally forces integration both with strategy and performance and ideally leads to better decision making.
Aligning the ERM framework with your Workplace Health and Safety (WHS)
The integration of ERM and WHS requires a transparent connection between the WHS function and the ERM corporate function. As ERM focuses on managing all risks across your organization in an objective-centric approach, it is important to have a structure that makes it possible to systematically signal risks to executives and management boards. Here are 4 important points to consider:
An efficient communication channels
The WHS information system must be efficient and optimal, it must be run only once to avoid double data entry or duplication of effort. The data must be collected at once but their exploitation can be done as much as necessary. The communication of reports to senior management and the board of directors must be transparent and traceable.
The data collected must be consistent with the reports at all levels
The system must be able to convey WHS data while protecting it from any form of modification, disruption or loss because it will be the only source of truth. This information will later be linked to categories of aggregate information, including its impact on the objectives of the organization, type of cause, control measures. The idea is to ensure complete reporting consistency, as the same information is used for multiple purposes at each level of the organization.
A transparency of the WHS data
The organization must develop a system that is able to organize WHS data while providing visibility of the WHS function to senior management and the board. Managers are thus constantly informed of the main issues as part of their risk management function. An approach to ensure WHS resources are made available for key issues requiring specific equipment or expertise.
In-depth reports of risk information
Implementing a system that links WHS data to the organization's ERM, enables improved reporting quality through the ability to aggregate all available information to the objective and strategy of the company.
Align ERM with WHS through Digitalization
Studies show that the common traits shared by companies that have survived and thrived during the pandemic and the economy spiraling out of control are technology investment, decentralized decision-making, directional thinking. The investment in the digitalization of processes has been and still is a masterpiece move. The ability to invest in technology that turns information into data and analysis is a key success factor in today’s world.
As we have seen earlier, there are a number of key elements to consider in achieving strong integration of WHS and ERM. The use of a digital IRM (Integrated Risk Management) software enables automated and centralized management of the entire risk management cycle. Here is how this tool will help your organization adopt an objective-centric approach to risk management by aligning the ERM framework with your occupational health and safety (WHS):
- Centralized data on a single platform: The ERM system must not only integrate the WHS function, it must integrate other risks such as financial, environmental, etc. The use of a single digital platform facilitates a transparent integration that supports all forms of risks and companies’ objectives, while providing a synoptic view to general management and the board of directors.
- Viewing and analyzing WHS risks based on your organization's top value creation and preservation objectives and your conceptual framework for occupational health and safety.
- Development of strategic risk mapping: Ensure that the various risk, hazard and control used for WHS are mapped consistently to organization’s objectives for ERM reporting. A function that enables the linking of WHS risk events to ERM aggregated events at the corporate level.
- Analysis and mapping of risk control levels: Mapping the categories of control used in WHS such as the hierarchy of controls to standard control categories used in ERM.
- Standardized approach through all ERM risks: Standard management of your organization’s admissible risks using standardized template and dashboard for risk Assessments, key Risk Indicators, incident Management, etc. A function that ensures consistency of risk management for all risk types.
WHS risk has become one of the most important ERM risks in many organizations. It is essential that the occupational health and safety framework and the ERM function are fully aligned. Integration is key as WHS requires acute processing while at the same time ERM must be focused on risk governance objectives and be able to report aggregate information on risk status to executives and boards.
> Discover the application about Integrated Risk Management software