Acceptable Levels of Risk

Image

Aircraft Carrier Operations (Image courtesy of US Navy)

 

Accepting Risk?
One of the most difficult things to do in the realm of risk management and safety is to establish any sort of concrete framework for what is being deemed an acceptable level of risk overall, or acceptable risk in a particular area. It is not only a structurally and technically daunting concept, it’s also a scary one. After all, any attempt to establish some decided level of acceptable risk (beyond zero risk, which is an impossible concept, as will be discussed in another article) results in certain hazards (and their attendant outcomes) being viewed as “OK” even though those outcomes by their very nature are going to result in some sort of losses over time. The acceptance of exposure to some low level of loss over time is pretty much an absolute, but getting specific about that in terms of quantity or quality is often considered too daunting (or even crass, though the opposite is closer to true) to address, or subject to very lengthy and involved processes when there is an organizational motivation to determine that level.

Decisions Deliberate and Implicit
So here is the hard-to-deal-with truth: every organization (and individual, and family, for that matter…) is making decisions about what is an acceptable level of hazard risk in a given area every day, just not in ways that are always deliberate or obvious.  Some of the same factors that cause reluctance to explicitly accept any particular given level of risk can even work to keep the hazard risk implications out of the mind and discussions of the decision-makers, but those risk decisions are being made either way. The difference is whether the decisions are made in a conscious, deliberate, or programmed way, versus being made by default and without specific attention. Yet for the most part, implicit decisions have the same results as decisions made deliberately.

How is Risk Accepted?
When an organization chooses to set up its business in a particular way, acceptance (or rejection) of all manner of risks is part of the set of decisions that that are made. Note that even if the risk perspective is not explicitly considered, the risk picture is still affected. Some of the particular junctures that greatly affect the risk picture include decisions to:
– Engage (or not engage in) in a certain type of business
– Operate in a certain geographical location
– Build a certain type of facility
– Outfit a facility with certain fixtures, equipment, and tools
– Establish certain work practices
– Hire with certain criteria
– Train in a particular way
– Guide, oversee, and manage workers in a given way
– Engage in formal and informal discipline, incentives, and recognition
– Communicate certain information and results to workers

Risk Acceptance in Practice
Here’s an example: Restaurant chains A and B both offer a similar core menu item. This item requires a certain cut of meat as part of the recipe. Chain A decides to order their meat in the form of a larger, more complete “primal” cut that requires complex knife work by kitchen personnel to break down into final usable form. Chain B decides to get the meat already cut into recipe-ready size and shape from their supplier, so that no cutting is required.

Knife safety and cut prevention in restaurants is certainly a significant issue almost everywhere. It’s clear how the scenario above very significantly affects the risk picture, at least as far as preparation of that core menu item is considered. But it’s also quite possible that both chain A and chain B came to their respective decisions about how to order and prepare the meat with considerations other than safety and risk in mind. In the real-world environment these examples were taken from, the prominent factors actually in play centered on, in the case of chain A:
-Food cost
-Flexibility of regional supply options
-Food quality

…and in the case of chain B:
-Consistency of final product
-Reduced skill level needed for kitchen staff
-Faster prep time

You will note that neither chain had risk or safety as one of their noted criteria. Still, the two approaches have huge risk implications. Another concept in play is the idea that the accepted baseline risk is only half of the equation; the risk controls in place are the other half. It may seem confusing that the first couple of spots on the traditional risk control hierarchy (elimination and substitution) occur up above the level of decided risk consideration mentioned above, so for the purposes of this discussion, it may be easier to consider controls employed to address recognized hazards.

 

Image

Lighting Striking Skyscrapers (Image by B.W. Townsend)

So, Just What Is An Acceptable Level of Risk?
It should be clear that the answer to this is that there is no one answer. Circumstances and environments vary, as well as organizational “appetite” for risk. Some parts of a framework for boundaries in that regard can be considered, and we’ll talk about that more in other articles.  The more complex the environment and the greater the severity and impact potential of the identified risks, the more likely that quantification would be warranted or even necessary. Less complex environments and operations can’t simply be content to leave risk levels unconsidered.  The key point here is that organizational and business decisions imply acceptance or rejection of hazard risk in many, many cases. If these are identified and analyzed early enough, there is much opportunity for the risk picture to be considered in a constructive way.

Putting This to Use
The risk manager, the safety manager, and the operating manager concerned with hazard risk (which is all operating managers, right?) have an opportunity to be proactive, but it might not be easy. The opportunity is to weigh in earlier in the business planning and decision making process. A few companies have someone in the position of “Chief Risk Officer,” and fewer still have a position of “Chief Safety Officer.” Some of those that do have these positions subordinate them one level from the traditional C-Suite positions, while in the case of the Chief Risk Officer, other types of risk other than hazard risk are often dominant in the role.

So here lies the challenge: Whether the risk manager or head safety position truly has a seat at the senior leadership table, there is an opportunity to insert into business planning discussions earlier and with a more strategic approach. The risk manager or safety professional has the chance to speak to the perspective of greater or lesser risk created by the various business decisions that are being made, and the earlier the better. It is sometimes difficult to do this, and it can be a great test for just how seriously risk and safety is taken by the senior leadership of an organization.

An Example
I had the opportunity to see  the impact of this in an urban beautification project conducted by a municipality, where the development process kept the risk and safety professionals out of the discussion of the project until it was approved, conceptualized, and a fair distance into the design and engineering process. Risks that needed to be controlled or eliminated were identified when the later review did take place, but the budgetary, logistic, and user experience impact of addressing those items at such a late stage led to difficulty. In short, issues that could have been corrected very easily in the conceptual stage became much more daunting once construction was very much underway. Controls were indeed put in place, and some hot-button risks were eliminated, but the time, effort, and resources required were much greater than if earlier intervention were accomplished.

How good are we at judging risk around us?

“I’ve never had a problem before, and I’ve been doing this for years!

You hear it regularly, and perhaps even say it ourselves. We use our own incident-free experience as justification for the acceptability of an activity. Here’s the problem with that: We are notoriously bad at judging many categories of risk around us. The reason is simple. “Getting away” with a risky behavior does not really prove anything, because the relative probability of an incident or injury can vary widely and still have the same result in the very limited sample that is our own experience.

Here is an example: Terry grew up in a home where his mother would cook a meal and leave the remaining food to cool on the stove, and often not refrigerate it for hours afterwards. Terry continued the practice when he began to live and cook on his own. A woman he began dating noticed the tasty batch of stew that he’d made her for dinner was left on the stove (without the burner on) not only after dinner but all the way through the rather lengthy movie that they watched. She said “Are you not keeping the leftovers?” He said, “Why would you ask that? Wasn’t it good? There’s a lot left.” She replied, “It’s just that it’s been sitting out since 7, and it’s nearly midnight now.” Terry’s answer? “It’s fine.”

In his mind it was fine. But here are some facts to consider:
– The meaty stew he cooked was clearly and demonstrably likely to have far more growth of pathogens that could cause foodborne illness when cooled that slowly and held at room temperature
– Thorough reheating of the stew, as was his common practice, could kill many types of pathogens and result in no ill effects, on two conditions 1. That heating is truly thorough, sustained, and to a sufficient temperature and 2. That there are no toxins or toxic byproducts associated with the particular organisms that affected the stew
– Terry’s own childhood and youth contained relatively frequent episodes of what his family called “stomach flu” even though the actual nature of the illness and cause were never really understood.
– Terry didn’t think that the gastrointestinal issues that he’d experienced were out of the ordinary for a typical family, largely because none were particularly severe, and perhaps more importantly because he didn’t really have any sense of how often other families experienced these illnesses.

Do you see how “It’s fine” is really not true in this case?

Knowledge is Power (When Applied!)

This is the kickoff of my new site, riskconfidence.com, where I will write about the understanding of and control of workplace (and other forms) or risk. My main premise will be this: Many business owners and managers understand the need to take properly calculated risks when it comes to business development and financial issues, but are in the dark when it comes to non-speculative risk of loss. Developing an understanding and application of that type of risk is essential to sound business. I’ll help guide you through that process.