One of the most difficult things to do in the realm of risk management and safety is to establish any sort of concrete framework for what is being deemed an acceptable level of risk overall, or acceptable risk in a particular area. It is not only a structurally and technically daunting concept, it’s also a scary one. After all, any attempt to establish some decided level of acceptable risk (beyond zero risk, which is an impossible concept, as will be discussed in another article) results in certain hazards (and their attendant outcomes) being viewed as “OK” even though those outcomes by their very nature are going to result in some sort of losses over time. The acceptance of exposure to some low level of loss over time is pretty much an absolute, but getting specific about that in terms of quantity or quality is often considered too daunting (or even crass, though the opposite is closer to true) to address, or subject to very lengthy and involved processes when there is an organizational motivation to determine that level.
Decisions Deliberate and Implicit
So here is the hard-to-deal-with truth: every organization (and individual, and family, for that matter…) is making decisions about what is an acceptable level of hazard risk in a given area every day, just not in ways that are always deliberate or obvious. Some of the same factors that cause reluctance to explicitly accept any particular given level of risk can even work to keep the hazard risk implications out of the mind and discussions of the decision-makers, but those risk decisions are being made either way. The difference is whether the decisions are made in a conscious, deliberate, or programmed way, versus being made by default and without specific attention. Yet for the most part, implicit decisions have the same results as decisions made deliberately.
How is Risk Accepted?
When an organization chooses to set up its business in a particular way, acceptance (or rejection) of all manner of risks is part of the set of decisions that that are made. Note that even if the risk perspective is not explicitly considered, the risk picture is still affected. Some of the particular junctures that greatly affect the risk picture include decisions to:
– Engage (or not engage in) in a certain type of business
– Operate in a certain geographical location
– Build a certain type of facility
– Outfit a facility with certain fixtures, equipment, and tools
– Establish certain work practices
– Hire with certain criteria
– Train in a particular way
– Guide, oversee, and manage workers in a given way
– Engage in formal and informal discipline, incentives, and recognition
– Communicate certain information and results to workers
Risk Acceptance in Practice
Here’s an example: Restaurant chains A and B both offer a similar core menu item. This item requires a certain cut of meat as part of the recipe. Chain A decides to order their meat in the form of a larger, more complete “primal” cut that requires complex knife work by kitchen personnel to break down into final usable form. Chain B decides to get the meat already cut into recipe-ready size and shape from their supplier, so that no cutting is required.
Knife safety and cut prevention in restaurants is certainly a significant issue almost everywhere. It’s clear how the scenario above very significantly affects the risk picture, at least as far as preparation of that core menu item is considered. But it’s also quite possible that both chain A and chain B came to their respective decisions about how to order and prepare the meat with considerations other than safety and risk in mind. In the real-world environment these examples were taken from, the prominent factors actually in play centered on, in the case of chain A:
-Flexibility of regional supply options
…and in the case of chain B:
-Consistency of final product
-Reduced skill level needed for kitchen staff
-Faster prep time
You will note that neither chain had risk or safety as one of their noted criteria. Still, the two approaches have huge risk implications. Another concept in play is the idea that the accepted baseline risk is only half of the equation; the risk controls in place are the other half. It may seem confusing that the first couple of spots on the traditional risk control hierarchy (elimination and substitution) occur up above the level of decided risk consideration mentioned above, so for the purposes of this discussion, it may be easier to consider controls employed to address recognized hazards.
So, Just What Is An Acceptable Level of Risk?
It should be clear that the answer to this is that there is no one answer. Circumstances and environments vary, as well as organizational “appetite” for risk. Some parts of a framework for boundaries in that regard can be considered, and we’ll talk about that more in other articles. The more complex the environment and the greater the severity and impact potential of the identified risks, the more likely that quantification would be warranted or even necessary. Less complex environments and operations can’t simply be content to leave risk levels unconsidered. The key point here is that organizational and business decisions imply acceptance or rejection of hazard risk in many, many cases. If these are identified and analyzed early enough, there is much opportunity for the risk picture to be considered in a constructive way.
Putting This to Use
The risk manager, the safety manager, and the operating manager concerned with hazard risk (which is all operating managers, right?) have an opportunity to be proactive, but it might not be easy. The opportunity is to weigh in earlier in the business planning and decision making process. A few companies have someone in the position of “Chief Risk Officer,” and fewer still have a position of “Chief Safety Officer.” Some of those that do have these positions subordinate them one level from the traditional C-Suite positions, while in the case of the Chief Risk Officer, other types of risk other than hazard risk are often dominant in the role.
So here lies the challenge: Whether the risk manager or head safety position truly has a seat at the senior leadership table, there is an opportunity to insert into business planning discussions earlier and with a more strategic approach. The risk manager or safety professional has the chance to speak to the perspective of greater or lesser risk created by the various business decisions that are being made, and the earlier the better. It is sometimes difficult to do this, and it can be a great test for just how seriously risk and safety is taken by the senior leadership of an organization.
I had the opportunity to see the impact of this in an urban beautification project conducted by a municipality, where the development process kept the risk and safety professionals out of the discussion of the project until it was approved, conceptualized, and a fair distance into the design and engineering process. Risks that needed to be controlled or eliminated were identified when the later review did take place, but the budgetary, logistic, and user experience impact of addressing those items at such a late stage led to difficulty. In short, issues that could have been corrected very easily in the conceptual stage became much more daunting once construction was very much underway. Controls were indeed put in place, and some hot-button risks were eliminated, but the time, effort, and resources required were much greater than if earlier intervention were accomplished.