Executives and board members are confronted with strategic decisions to ensure the success or simply the survival of their business. During Enterprise Risk Management (ERM) processes, these business leaders strive to gain information and insight into the risk status and certainty to achieve strategic objectives. On the other side of the hierarchical chain, millions of workers who are exposed to occupational risks and hazards on a daily basis are simply asking to be able to perform their job in safety and return to their families without any injury at the end of each day.
An age-old phenomenon that still occurs today is making decisions under full or partial pressure, a situation that is unfavorable to say the least. And although AI technology currently allows us to predict or anticipate trends to relieve us from this pressure, it is not yet a tool available to all people and businesses. There is always a degree of uncertainty or risk that corporations and businessmen are willing to take, the same cannot be said of workers.
What is the link between decision making and risk management in the area of occupational health and safety (OHS)?
Enterprise Risk Management (ERM) is a management concept and function within corporations that emerged in the mid-1990s. Following several recent high-profile business scandals and failures, investors and governments have demanded improved corporate governance and risk management techniques. Managers are now increasingly required to report on their internal risk control systems. This is done either through legislation, such as in Germany through the ‘‘Control and Transparency in Entities’’ Law, or voluntary codes, as the Turnbull Guidelines in the UK.
The 2020 global pandemic has reminded us that worker health and safety plays a central role in the survival of a business. We have seen companies and organizations trying to anticipate and respond to an unprecedented level of uncertainty. We witnessed the troubles and the bankruptcy of some, while others seemed to have been thriving. The modern world has never experienced this level of uncertainty, we have to learn lessons from companies that survived and flourished when the economy seemed to spiral out of control in order to rebuild and to face the current economic downturn.
Enterprise risk management is a methodology that looks at risk management strategically from the perspective of the whole business or organization. It is a top-down strategy that seeks to identify, assess, and prepare for losses, hazards, and other potential threats that could interfere with the organization's operations and objectives and/or result in losses.
In contrast to the traditional risk management, which focuses on identifying and analyzing loss exposures and taking steps to minimize the financial impact of the risks they impose, ERM addresses all types of risks across an organization, including Workplace, Health & Safety (WHS). Enterprise risk management takes a holistic approach and requires executive-level decision-making that doesn't necessarily make sense for an individual business unit or segment. It forces management to decide which risks to actively manage. As opposed to risks being siloed across a company, a company sees the bigger picture when using ERM.
Discover the application about Risk prevention program (RPP) Software
Enterprise Risk Management (ERM) is gradually becoming a requirement for organizations and international standards bodies are constantly reviewing their guidelines to improve the approach to ERM. We have seen this with the International Standard Organization (ISO 31001) which is a reference in this field and the Committee of Sponsoring Organizations’ (COSO), the committee that provides guidelines to help organizations improve their performance by developing leadership that strengthens internal control, risk management, governance and fraud deterrence.
One of the most noticeable progresses in the approach to ERM in recent years has been the recognition that an objective-centric approach yields better results than the traditional taxonomic approach (organizing or grouping similar or related risk categories into larger categories). In 2017, COSO published the Guidance on Enterprise Risk Management—Integrating with Strategy and Performance. The white paper provides insightful guidelines on IRM, but Tim Leech, founder of the Objective-Centric Risk Management approach says that:
“…what it (COSO Guidance) does not simply and bluntly state is that the fact that the vast majority of ERM frameworks in place in the world today really do not integrate very well with strategy and performance and, of even more importance, why that unsettling fact is true.”
Tim Leach explains that the main reason why most ERM frameworks currently don't mesh well with strategy and performance is very simple. The majority of ERM frameworks in place are “risk-centric,” not “objective-centric.”. When an ERM framework begins with the primary goals of creating and sustaining value in an organization as its foundation (i.e., is “objective-centric”), it naturally forces integration both with strategy and performance and ideally leads to better decision making.
The integration of ERM and WHS requires a transparent connection between the WHS function and the ERM corporate function. As ERM focuses on managing all risks across your organization in an objective-centric approach, it is important to have a structure that makes it possible to systematically signal risks to executives and management boards. Here are 4 important points to consider:
The WHS information system must be efficient and optimal, it must be run only once to avoid double data entry or duplication of effort. The data must be collected at once but their exploitation can be done as much as necessary. The communication of reports to senior management and the board of directors must be transparent and traceable.
The system must be able to convey WHS data while protecting it from any form of modification, disruption or loss because it will be the only source of truth. This information will later be linked to categories of aggregate information, including its impact on the objectives of the organization, type of cause, control measures. The idea is to ensure complete reporting consistency, as the same information is used for multiple purposes at each level of the organization.
The organization must develop a system that is able to organize WHS data while providing visibility of the WHS function to senior management and the board. Managers are thus constantly informed of the main issues as part of their risk management function. An approach to ensure WHS resources are made available for key issues requiring specific equipment or expertise.
Implementing a system that links WHS data to the organization's ERM, enables improved reporting quality through the ability to aggregate all available information to the objective and strategy of the company.
Discover the application about Risk prevention program (RPP) Software
Studies show that the common traits shared by companies that have survived and thrived during the pandemic and the economy spiraling out of control are technology investment, decentralized decision-making, directional thinking. The investment in the digitalization of processes has been and still is a masterpiece move. The ability to invest in technology that turns information into data and analysis is a key success factor in today’s world.
As we have seen earlier, there are a number of key elements to consider in achieving strong integration of WHS and ERM. The use of a digital IRM (Integrated Risk Management) software enables automated and centralized management of the entire risk management cycle. Here is how this tool will help your organization adopt an objective-centric approach to risk management by aligning the ERM framework with your occupational health and safety (WHS):
WHS risk has become one of the most important ERM risks in many organizations. It is essential that the occupational health and safety framework and the ERM function are fully aligned. Integration is key as WHS requires acute processing while at the same time ERM must be focused on risk governance objectives and be able to report aggregate information on risk status to executives and boards.
> Discover the application about Integrated Risk Management software