Professional Documents
Culture Documents
MID Term
MID Term
Introduction
• ISO 20400 Sustainable procurement provides guidance to organizations, independent of
their activity or size, on integrating sustainability within procurement. It is intended for
stakeholders involved in, or impacted by, procurement decisions and processes.
• The standard was developed by project committee ISO/PC 277, which started work in the
year 2013. The first edition of ISO 20400 was published on 21 April 2017.
• The standard provides guidance for any organisation of any size or type that needs to deliver
sustainable outcomes through their supply chains. It is relevant to anybody in an
organisation who contributes to procurement decisions and/or works with suppliers
(including sub-contractors).
• Sustainable procurement is procurement that has the most positive environmental, social
and economic impacts possible across the entire life cycle and that strives to minimize
adverse impacts.
Overview of Sustainable Procurement. Describes Scope and Principles of Sustainable Procurement.
Why should Orgs undertake SP.
• Concept of Sustainable Procurement
• Principles of Sustainable Procurement
• Core Subjects of Sustainable Procurement
• Drivers for Sustainable Procurement
• Key Considerations for Sustainable Procurement
Principles
• Accountability
• Transparency
• Ethical Behavior
• Full and Fair Opportunity
• Respect for Stakeholder Interests
• Respect for Human Rights, the Rule of Law and Intl Norms of Behavior
• Innovative Solutions
• Focus on Needs
• Integration
• Life Cycle
• Continual Improvement
Guidance about how sustainable considerations should be integrated at a strategic level within
Procurement Function.
1. Committing to Sustainable Procurement
2. Clarifying Accountability
3. Aligning Procurement with Organizational Objectives & Goals
4. Setting Procurement Policies
5. Managing Implementation
• Designed to be high level structure integrated with ISO9001 and ISO140001 and existing
management systems
Scope
• This document specifies requirements for an occupational health and safety (OH&S)
management system, and gives guidance for its use, to enable organizations to provide safe
and healthy workplaces by preventing work-related injury and ill health, as well as by
proactively improving its OH&S performance
• Ensuring processes for consultation and participation of workers are established and
implemented
• Top Management: “Person or group of persons who direct(s) and control(s) an organization
at the highest level”.
Performance evaluation
• The organization shall evaluate the OH&S performance and determine the effectiveness of
the OH&S management system.
• The organization shall ensure that monitoring and measuring equipment is calibrated or
verified as applicable, and is used and maintained as appropriate.
• Top management shall review the organization’s OH&S management system, at planned
intervals, to ensure its continuing suitability, adequacy and effectiveness.
Improvement
• The organization shall establish, implement and maintain a process including reporting,
investigating and taking action, to determine and manage incidents and nonconformities.
• Corrective actions shall be appropriate to the effects or potential effects of the incidents or
nonconformities encountered
Environmental and social safeguards aim to avoid, reduce or compensate for negative effects of
activities. While there is no universal definition of safeguards, generally one can say that they
consist of:
● Rules (such as policies, laws, regulations) that reduce the environmental and social risk and
negative impact of activities.
● Institutions that implement those rules
Why we need Safeguards?
● Environmental and social safeguards help ensure that planned activities are successful. They
can reduce conflict, optimize benefits, and help ensure that activities do not result in
unintentional harm to people or ecosystems.
Performacne standard
Risk Management
Labor
Resource efficiency
Community
Land resetllment
Bio diversity
Indigeous People
Cultural Heritage
Conducting site inspections and interviews of client personnel and relevant stakeholders,
where appropriate
Analyzing the business activity’s environmental and social performance in relation to the
requirements of the Performance Standards and provisions of the World Bank Group
Environmental, Health and Safety Guidelines or other internationally recognized sources, as
appropriate
Identifying any gaps therewith, and corresponding additional measures and actions beyond
those identified by the client’s in-place management practices
Case Study - Implementation of Environmental and Social Safeguards
● Project - Baku-Tbilisi-Ceyhan Pipeline Project
● Assessment of Environment and Social Impact by the project
● Operational policies by safeguards
● Initiatives-
○ Proper checks were followed so that none of the human rights are violated where
the project is coming up
ISO 31000 RISK Management
Why should organisations manage risk?
▪ Organizations of all types and sizes face external and internal factors and influences that
make it uncertain whether they will achieve their objectives.
▪ Managing risk assists organizations in setting strategy, achieving objectives and making
informed decisions.
Managing risk is part of governance and leadership, and is fundamental to how the organization is
managed at all levels. It contributes to the improvement of management systems
Introduction
● ISO 31000 is a standard which provides guidelines on managing risk faced by organizations.
● The standard provides a common approach to managing any type of risk and is not industry
or sector specific.
● The standard defines risk as - “effect of uncertainty on objectives” and
risk management as - “coordinated activities to direct and control an organization with
regard to risk”
● Previous version of the standard was 2009. The main changes compared to the previous
edition are as follows:
● review of the principles of risk management, which are the key criteria for its success;
highlighting of the leadership by top management and the integration of risk management,
starting with the governance of the organization;
● greater emphasis on the iterative nature of risk management, noting that new experiences,
knowledge and analysis can lead to a revision of process elements, actions and controls at
each stage of the process;
● streamlining of the content with greater focus on sustaining an open systems model to fit
multiple needs and contexts.
● The standard specifies - Principles, Framework and Process for risk Management
ISO 31000 has defined the following principles to be followed by any organisation for effective risk
management -
▪ Integrated : Risk management is an integral part of all organizational activities.
▪ Structured and comprehensive : A structured and comprehensive approach to risk
management contributes to consistent and comparable results.
▪ Customized : The risk management framework and process are customized and
proportionate to the organization’s objectives.
▪ Inclusive : Appropriate and timely involvement of stakeholders enables their knowledge,
views and perceptions to be considered. This results in improved awareness and informed
risk management.
▪ Dynamic : Risks can emerge, change or disappear as an organization’s external and internal
context changes.
▪ Best available information : The inputs to risk management are based on historical and
current information, as well as on future expectations. Risk management takes into account
any limitations and uncertainties associated with such information and expectations.
▪ Human and cultural factors : Human behaviour and culture significantly influence all aspects
of risk management at each level and stage.
▪ Continual improvement : Risk management is continually improved through learning and
experience.
Framework
Purpose: To assist the organization in integrating risk management into significant activities and
functions.
Framework development encompasses integrating, designing, implementing, evaluating and
improving risk management across the organization.
Leadership and Commitment: Top management and oversight bodies should ensure that risk
management is integrated into all organizational activities and should demonstrate leadership and
commitment.
Integration: Everyone in an organization has responsibility for managing risk. Risk management
should be a part of, and not separate from, the organizational purpose, governance, leadership and
commitment, strategy, objectives and operations
Design:
▪ Understanding the organization and its context: organization should examine and
understand its external and internal context
▪ Articulating risk management commitment: demonstrate and articulate their continual
commitment to risk management through a policy, a statement or other forms that clearly
convey an organization’s objectives and commitment to risk management.
▪ Assigning organizational roles, authorities, responsibilities and accountabilities: ensure that
the authorities, responsibilities and accountabilities for relevant roles with respect to risk
management are assigned and communicated at all levels of the organization
▪ Allocating resources: ensure allocation of appropriate resources for risk management
▪ Establishing communication and consultation: establish an approved approach to
communication and consultation in order to support the framework and facilitate the
effective application of risk management. Communication involves sharing information with
targeted audiences. Consultation also involves participants providing feedback with the
expectation that it will contribute to and shape decisions or other activities.
Implementation:
▪ Successful implementation of the framework requires the engagement and awareness of
stakeholders
▪ Takes care of existing risks as well as new uncertainities
▫ Developing an appropriate plan
▫ Identifying actors, place and time of various decision making
▫ Modifying the DM processes where necessary
▫ Ensuring that the organization’s arrangements for managing risk are clearly
understood and practised
Evaluation:
▪ Evaluate the effectiveness of the risk management framework
▫ Periodic measurement of framework against its purpose, plans, indicators and
expectations
▫ determine whether it remains suitable to support achieving the objectives of the
organization
Adopting
▪ The organization should continually monitor and adapt the risk management framework to
address external and internal changes.
▪ In doing so, the organization can improve its value
Continually Improving
▪ The organization should continually improve the suitability, adequacy and effectiveness of
the risk management framework and the way the risk management process is integrated.
▪ Organization should develop plans and tasks as per gaps and assign them to those
accountable for implementation.
▪ These improvements contribute to the enhancement of risk management
Process
▪ Systematic application of policies, procedures and practices to the activities of
communicating and consulting, establishing the context and assessing, treating, monitoring,
reviewing, recording and reporting risk
▪ The risk management process should be an integral part of management and decision-
making and integrated into the structure, operations and processes of the organization.
▪ It can be applied at strategic, operational, programme or project levels
▪ Risk Analysis - The purpose is to comprehend the nature of risk and its characteristics. It
involves a detailed consideration of uncertainties, risk sources, consequences, likelihood,
events, scenarios, controls and their effectiveness
▪ Risk Evaluation - The purpose is to support decisions. Risk evaluation involves comparing the
results of the risk analysis with the established risk criteria to determine where additional
action is required.
▪ Risk Treatment - The purpose of risk treatment is to select and implement options for
addressing risk
▪ Selection of risk treatment options : It involves balancing the potential benefits
derived in relation to the achievement of the objectives against costs, effort or
disadvantages of implementation. Risk treatment options are not necessarily
mutually exclusive or appropriate in all circumstances.
▪ Preparing and implementing risk treatment plans : Its purpose is to specify how the
chosen treatment options will be implemented, so that arrangements are
understood by those involved, and progress against the plan can be monitored.
▪ Monitoring and Review - Its purpose is to assure and improve the quality and effectiveness
of process design, implementation and outcomes. Monitoring and review should take place
in all stages of the process. Monitoring and review includes planning, gathering and
analysing information, recording results and providing feedback
▪ Recording and Reporting - The risk management process and its outcomes should be
documented and reported through appropriate mechanisms. Its aim is to :
▪ Communicate risk management activities and outcomes across the organization.
▪ Provide information for decision-making
▪ Improve risk management activities
▪ Assist interaction with stakeholders, including those with responsibility and
accountability for risk management activities.
ISO 37106 Sustainable Cities and Communities
ISO 37106 helps cities deliver their vision for a sustainable future
Published in August 2018,it follows a five year process of research and engagement with city leaders
to:
❏ Defines a smart operating model for cities, which enables them to operationalize
their vision, strategy and policies at a faster pace, with greater agility and with lower
delivery risk
❏ Provides a toolkit of smart practices for managing governance, services, data and
systems across the city in an open, collaborative, citizen-centric and digitally-
enabled way
❏ Provides proven tools that cities can deploy when operationalizing the vision,
strategy and policy agenda developed following the adoption of the management
system for sustainable development of communities.
ISO 37106 is a part of integrated suite of ISO standards that cover:
❏ ISO 37101: The management system for sustainable development of communities, includes
vision, strategy and policy agenda
❏ ISO 3712X: The city indicators into governance processes of the city
❏ ISO 3715X: The standards on smart city community infrastructure
❏ Gives guidance for leaders in smart cities and communities (from the public, private and
voluntary sectors) on how to develop an open, collaborative, citizen-centric and digitally-
enabled operating model for their city that puts its vision for a sustainable future into
operation
❏ Focus on the enabling processes by which innovative use of technology and data, coupled
with organizational change, can help each city deliver its own specific vision for a sustainable
future in more efficient, effective and agile ways.
The standards are categorised as follows:
❏ Strategic-level standards - provide guidance to city leadership on the process of developing
a clear and effective overall smart city strategy, identifying priorities, and developing a
practical implementation roadmap and an effective approach to monitoring and evaluating
progress
❏ Process-level standards - cover good practice in procuring and managing
cross-organisational and cross-sectorial smart city projects, including guidance on putting
together appropriate financing packages
❏ Technical specifications - cover the practical requirements for products and services to
ensure that they achieve the results needed.
Main benefits reported by users include:
❏ Holistic nature of the standard
❏ Citizen-centric approach
❏ Addresses the organizational barriers to getting real benefit out of city data and smart
technologies
❏ Highly supportive of the city’s local strategy
❏ Not a one-size-fits all approach
❏ Flexible to meet local needs
❏ Provides a common framework for action across multiple city stakeholders
❏ Modular and pragmatic structure of ISO 37106 means cities can choose where to start, then
implement further aspects of the standard over time
ISO 26000 Guidance on Social responsibility
● ISO 26000 is an International Standard giving guidance/recommendations about how any
organization can improve its Social Responsibility and thus contribute to sustainable
environmental, social and economic development.
● ISO 26000 is not certifiable, as it does not contain requirements. Its appeal is to those who,
for whatever reasons, seek to improve their operating processes and impacts through
socially responsible behaviour.
● It is designed to work in all organizational and cultural contexts – in any country or region
● It is flexible and the user decides how to use it
● It incorporates the real-life experiences of its many contributors, and at the same time
builds on international norms and agreements related to Social Responsibility
Social Responsibility (SR) is the responsibility of an organization for the impacts of its decisions and
activities on society and the environment through transparent and ethical behaviour that:
● Contributes to sustainable development, including the health and welfare of society
● Takes into account the expectations of stakeholders
● Is in compliance with applicable law and consistent with international norms of behavior,
and
● Is integrated throughout the organization and practised in its relationships.
● Guidance and recommendations on how to structure, evaluate, and improve their social
responsibility, including stakeholder relationships and community impacts.
● Provides organizations with a set of societal expectations of what constitutes responsible
behaviour, based on authoritative international instruments
● Increasing social responsibility contributes to a “virtuous cycle” where each action
strengthens the organization and the community, encouraging sustainable development
Manufacturing NTPC
Social Issues/Risks across Value Chain
● Site: Health risks on communities due to pollution arising from power generation activities
like burning of coal, transportation and waste.
● Community health and safety: noise, vibration, dust creation, odour, traffic movements,
emissions and air quality. Coal burning also releases particulate matter, sulphur dioxide,
nitrogen oxide and mercury, damaging health.
● Disruption of social / community cohesion and exclusion of vulnerable groups: Breakdown
of social networks and structures, Socio-economic exclusion of ethnic minorities and
indigenous peoples.
● Loss of livelihood: economic displacement, job competition, conflict between local and
outside workers, land use and property.
● Land acquisition: loss of access and displacement, temporary and permanent land
acquisition and use of natural resources.
● Employee health and safety, and labour issues: employment and poor labour standards,
working conditions, child labour and other human rights issues.
● Strain on infrastructure and public nuisance: overuse of local infrastructure.
Environmental Issue across Value Chain
● Coal Mining: Radiation, air pollution, water pollution, biodiversity loss, land subsidence
(earth sinking as a result of a disturbance to its foundation) etc.
● Coal crushing: exposure of radioactive element, asbestos etc into air
● Coal burning:
○ release of sulphur in air → acid rain
○ increase in greenhouse gases like NOx, SO2
○ heavy particulates → increase in ppm
○ toxins and coal dust → numerous respiratory, cardiovascular, and cerebrovascular
effect
● Water
○ Water for coal leaching → release of Acid Mine Drainage
○ Formation of highly toxic , untreatable and semi solid waste called as Slurry
○ Water for cooling → impact on aquatic biodiversity as thermal pollution of water
decreases oxygen supply in water
● Ash Disposal/Utilization of both fly ash, bottom ash
○ If ends up in ponds, lakes, landfills → rain filters through ash pits year → leaching
toxic metals into the local environment
Initiatives by NTPC to control risk
● Zero Liquid Discharge (ZLD) in all NTPC stations.
● Use of Air Cooled Condensers to reduce dependence on water.
● Increasing renewable capacity to reduce dependence on fossil fuels - target to achieve 32
GW of renewable energy by 2032
● Adoption of Flue Gas desulphurization
● Drafted Water policy which aims to (1) comply with legal requirements, (2) minimize water
footprint, and (3) maintain desired water quality during processes and discharges.
● Has laid down various policies like safety policy to maintain safe environment for the
employees, biodiversity policy to preserve the biodiversity, among others.
● Also, the ash produced at NTPC as a byproduct is stored and utilized for other purposes like
in cement industry.
System
● NTPC has an Enterprise Risk Management Framework (ERM)
● Risk Management Committee reviews risks and formulates strategies and action plans for
risk mitigation on short-term and long-term basis
● RMC responsibilities:
○ Finalization of risks
○ Monitor and review risk management framework
○ Implementation of risk management plan/framework
○ Information to the Board on quarterly basis about the risk assessed and action
required to be taken /already taken for mitigating the risks
● Risk assessment method incorporates social and environmental issues with economic
considerations
● The identified risks/opportunities are then mapped with stakeholders’ concern and
organisations priority
● These risks/opportunities are prioritised and action plans are developed at different levels
Manufacturing sector – Mining
Environmental Impacts
● Water accessibility and quality - Tailings and acid mine drainage affects the water source
through dissolved mined metals and contaminant leaching flowing into the water sources
● Air quality - Major sources are drilling, blasting, hauling, and transportation
● Land disturbance - Metal mining removes top soil, impacting fertility of soil. Sediments
directly flows to surface water and brings change in drainage pattern
● Biodiversity loss - Metal mining impacts wild fauna through the removal of vegetation and
topsoil, ecosystem destruction, the release of pollutants, and the generation of noise
● Noise pollution - Major sources are from blasting crushing, draglines, conveyors and process
plants
Social Impacts
● Housing displacements - Entire communities may be uprooted and forced to shift elsewhere,
often into purpose-built settlements not necessarily of their own choosing
● Resettlements - Forced resettlement can be particularly disastrous for indigenous
communities who have strong cultural and spiritual ties to the lands of their ancestors
● Health and Safety - Hazardous substances and wastes in water, air, and soil can have serious,
negative impacts on public health
● Habitat Loss - Many wildlife species are highly dependent on vegetation growing in natural
drainages. Any activity that destroys vegetation near ponds, reservoirs etc reduces the
quality and quantity of habitat essential for many terrestrial species
● Socio political conflicts - If communities feel they are being unfairly treated or inadequately
compensated, mining projects can lead to social tension and violent conflict
Practices Followed
1. Plan to obtain ISO 14001 certification at all our units and as of now 40 out of 45 units are ISO
14001 certified
2. Water Consumption
a. Minimising the amount of fresh water consumption by reusing as much water as
possible in our processes
b. Water withdrawal in all the operations is less than 5% of capacity of the source
3. Biodiversity
a. UN Environment Programme’s Integrated Biodiversity Assessment Tool (IBAT) to
screen for risk
b. Assessments are applied to develop Biodiversity Management Plans(BMPs)
4. Energy and Climate Change
a. Allow accreditation to the energy standard ISO 50001
5. Air Quality
a. Air emissions monitoring include both Ambient Air Quality Monitoring (AAQM) as
well as stack emissions monitoring
6. Waste
Priority is given to avoidance and minimisation of waste generation followed by recovery, reuse and
recycling
ITC
Key issues
● Sustainable & accelerated growth in livelihoods and farm incomes
● Know-how on improvement of productivity and profitability
● Capacity development for further investment
● Easy, affordable and reliable access to inputs such as quality seeds, fertilisers and pesticides
● Regeneration and replenishment of common property resources like water, village
commons, biomass and biodiversity
Consultation Mechanism
Social Risk
Environmental Risk
Environmental Risk
Social Risk
Environmental Risk
Environmental Risk
Environmental Risk
● The project will wipe out 2,646 trees, which environmentalists say will destroy Mumbai’s
“green lungs” and the floodplains of Mithi river.
● The proposed site falls in the catchment area of the Mithi river and could flood parts
surrounding the Mumbai airport and Chakala.
● The removal of trees in the ecologically sensitive zone in the vicinity of Sanjay Gandhi
National Park will destroy the last natural open green space in Mumbai.
● Aarey is a natural buffer zone and home to many birds and wild animals.
Social Risk
Scenario
⊷ Government was planning to move at least four lakh slum dwellers into 109 acres of Aarey
land
⊷ Social Due Diligence Report submitted to ADB by MMRDA
“Most of the affected structures are hutments of temporary nature built on the land having no clear
title or ownership. After opting for resettlement under the policy of MMRDA, these affected people
are found happy with great satisfaction. Now, they are enjoying their clear title for the property with
good amenities at resettlement site in multistory building.”
Risks
⊷ Land acquisition and Rehabilitation & Resettlement
⊷ Associated reputational risk and litigation risk
⊷ Costs of redesign and re-siting are high in event of unexpected court judgements
● Felling of trees will destroy the aesthetic canopy of the area and given their complicated,
intertwined natural growth, these trees will not respond well to transplantation and
ecological richness will be lost forever.
● It is stated that Aarey colony was chosen because the location allows further expansion
which means further loss of green cover.
“The MMRC claimed it had already planted around 24,000 trees at Aarey and the neighbouring SGNP
to limit the environmental impact of the felling. However, afforestation plans would not compensate
for the loss. Trees are being planted so close to each other that they may not survive when they
grow. It would also take years to grow that long”
Solutions
⊷ Company may choose to develop a Biodiversity Action Plan (BAP), either as a stand-alone
management system or, preferably, integrated into the broader Social and Environmental
Management Systems (SEMS)
At its gold and iron mines in Brazil, Rio Tinto has worked closely with NGOs and other stakeholders to
develop Biodiversity Action Plans (BAPs) that consider the whole life cycle of the projects and the site-
specific context to ensure that any business decisions maximize the biodiversity value of the area. The
BAP includes plans to relocate habitats and species within the site, restoration and use of offset
compensation, and recognition of the needs of local communities.
Business Risk
Metro Line 3 connects the most densely populated business and residential regions SEEPZ, Marol,
Airport, BKC, Dharavi and Central and South Mumbai. Development of metro shed could be done in
Aarey or Kanjurmarg.
If given in the pressure of activists, below are the business risks faced:
⊷ Shifting the metro car shed to Kanjurmarg will increase the cost of the project by a few
thousand crore rupees
⊷ Shifting the car shed will also result in the delay of the project by 1–2 years. The project itself
is delayed by 7-8 years.
⊷ The daily operational cost of having the metro shed in Kanjurmarg will be significantly more
than having it in Aarey
⊷ A line is already planned from Kanjurmarg to Jogeshwari. Extending the metro 3 line to
Kanjurmarg (extra 10 kms) to run parallel to the JVLR line will mean wastage of money.
⊷ The land available in Kanjurmarg is already owned by private owners and hence is no more
available
⊷ According to MMRC, there is a loss of Rs. 4.2 crores per day of delay - losses to be borne by
govt - thus indirectly by the tax payers..
Poor Air quality in Delhi NCR
● Air quality index (AQI) in several areas in Delhi fell to the 'very poor' category
● Center-run System of Air Quality and Weather Forecasting And Research (SAFAR) have
advised people of the sensitive category to avoid morning walks and any other outdoor
activities.
Trends in Air Pollution in Delhi
● High peak in early October, at the onset of winter and then a smog episode in early
November, coinciding with Diwali, crop burning Punjab and wind-storms from western Asia.
There is an inverse relation between the PM2.5 concentration and the wind speed. That implies that
when wind speed is low, air quality gets worsened
How does pollution affect businesses in Delhi?
● Delhi’s polluted environment could drive away top corporate executives and push talent to
work in other cities in India or abroad.
● The worsening air quality situation is discouraging foreigners from coming to Delhi, while
many Delhi residents, including expats, simply take long vacations during particularly acute
periods of air pollution.
● Decreased workplace efficiency during periods of acute pollution due to employee sickness
and absences.
● Increased costs for air purification systems and maintenance in office places.
● While it is difficult to measure the impact on economic output specifically on Delhi, the
World Bank estimated in 2016 that air pollution in India cost the country US$80 billion per
year, roughly 5.7 percent of the country’s GDP
Impact on Businesses
● Automotive Industry : R&D to improve fuel efficiency, BS VI migration
● Ban on the usage of DG sets in the industry
● Delay in the approval of construction projects since it is the major contributor to PM 2.5
● Action on Industrial Combustion - Usage of Cleaner Fuels, Standards, enforcement of
emission standards using CEMS
Steps taken by Delhi Govt. in previous years to combat air pollution
Every business and organization faces the risk of unexpected, harmful events that can cost the
company money or cause it to permanently close. Risk management allows organizations to attempt
to prepare for the unexpected by minimizing risks and extra costs before they happen.
Importance
By implementing a risk management plan and considering the various potential risks or events
before they occur, an organization can save money and protect their future. This is because a robust
risk management plan will help a company establish procedures to avoid potential threats, minimize
their impact should they occur and cope with the results. This ability to understand and control risk
will allow organizations to feel more confident about their business decisions. Furthermore, strong
corporate governance principles that focus specifically on risk management can help a company
reach their goals.
Other important benefits of risk management include:
Creates a safe and secure work environment for all staff and customers.
Increases the stability of business operations while also decreasing legal liability.
Provides protection from events that are detrimental to both the company and the
environment.
Protects all involved people and assets from potential harm.
Helps establish the organization's insurance needs in order to save on unnecessary premiums.
The importance of combining risk management with patient safety has also been revealed. In most
hospitals and organizations, the risk management and patient safety departments are separated;
they incorporate different leadership, goals and scope. However, some hospitals are recognizing that
the ability to provide safe, high-quality patient care is necessary to the protection of financial assets
and, as a result, should be incorporated with risk management.
In 2006, the Virginia Mason Medical Center in Seattle, Washington integrated their risk management
functions into their patient safety department, ultimately creating the Virginia Mason Production
System (VMPS) management methods which focuses on continuously improving the patient safety
system by increasing transparency in risk mitigation, disclosure and reporting. Since implementing
this new system, Virginia Mason has experienced a significant reduction in hospital professional
premiums and a large increase in the reporting culture.
Risk management strategies and processes
All risk management plans follow the same steps that combine to make up the overall risk
management process:
Establish context. Understand the circumstances in which the rest of the process will take place.
The criteria that will be used to evaluate risk should also be established and the structure of the
analysis should be defined.
Risk identification. The company identifies and defines potential risks that may negatively
influence a specific company process or project.
Risk analysis. Once specific types of risk are identified, the company then determines the odds
of it occurring, as well as its consequences. The goal of risk analysis is to further understand each
specific instance of risk, and how it could influence the company's projects and objectives.
Risk assessment and evaluation. The risk is then further evaluated after determining the risk's
overall likelihood of occurrence combined with its overall consequence. The company can then
make decisions on whether the risk is acceptable and whether the company is willing to take it
on based on its risk appetite.
Risk mitigation. During this step, companies assess their highest-ranked risks and develop a plan
to alleviate them using specific risk controls. These plans include risk mitigation processes, risk
prevention tactics and contingency plans in the event the risk comes to fruition.
Risk monitoring. Part of the mitigation plan includes following up on both the risks and the
overall plan to continuously monitor and track new and existing risks. The overall risk
management process should also be reviewed and updated accordingly.
Risk management strategies should also attempt to answer the following questions:
1. What can go wrong? Consider both the workplace as a whole and individual work.
2. How will it affect the organization? Consider the probability of the event and whether it will
have a large or small impact.
3. What can be done? What steps can be taken to prevent the loss? What can be done recover if a
loss does occur?
4. If something happens, how will the organization pay for it?
Risk management approaches
After the company's specific risks are identified and the risk management process has been
implemented, there are several different strategies companies can take in regard to different types
of risk:
Risk avoidance. While the complete elimination of all risk is rarely possible, a risk avoidance
strategy is designed to deflect as many threats as possible in order to avoid the costly and
disruptive consequences of a damaging event.
Risk reduction. Companies are sometimes able to reduce the amount of effect certain risks can
have on company processes. This is achieved by adjusting certain aspects of an overall project
plan or company process, or by reducing its scope.
Risk sharing. Sometimes, the consequences of a risk is shared, or distributed among several of
the project's participants or business departments. The risk could also be shared with a third
party, such as a vendor or business partner.
Risk retaining. Sometimes, companies decide a risk is worth it from a business standpoint, and
decide to keep the risk and deal with any potential fallout. Companies will often retain a certain
level of risk if a project's anticipated profit is greater than the costs of its potential risk.
Limitations
While risk management can be an extremely beneficial practice for organizations, its limitations
should also be considered. Many risk analysis techniques -- such as creating a model or simulation --
require gathering large amounts of data. This extensive data collection can be expensive and is not
guaranteed to be reliable.
Furthermore, the use of data in decision making processes may have poor outcomes if simple
indicators are used to reflect the much more complex realities of the situation. Similarly, adopting a
decision throughout the whole project that was intended for one small aspect can lead to
unexpected results.
Another limitation is the lack of analysis expertise and time. Computer software programs have been
developed which simulate events that might have a negative impact on the company. While cost
effective, these complex programs require trained personnel with comprehensive skills and
knowledge in order to accurately understand the generated results. Analyzing historical data to
identify risks also requires highly trained personnel. These individuals may not always be assigned to
the project. Even if they are, there frequently is not enough time to gather all their findings, thus
resulting in conflicts.
Other limitations include:
A false sense of stability. Value-at-risk measures focus on the past instead of the future.
Therefore, the longer things go smoothly, the better the situation looks. Unfortunately, this
makes a downturn more likely.
The illusion of control. Risk models can give organizations the false belief that they can quantify
and regulate every potential risk. This is not true because it is impossible to expect the
unexpected. Furthermore, there is no historical data for new products, so there's no experience
to base models on.
Failure to see the big picture. It's difficult to see and understand the complete picture of
cumulative risk.
Risk management is immature. There is still a long way to go before techniques and models are
developed that truly fit the risk management purpose.
Risk management standards
Since the early 2000s, several industry and government bodies have expanded regulatory
compliance rules that scrutinize companies' risk management plans, policies and procedures. In an
increasing number of industries, boards of directors are required to review and report on the
adequacy of enterprise risk management processes. As a result, risk analysis, internal audits and
other means of risk assessment have become major components of business strategy.
Risk management standards have been developed by several organizations, including the National
Institute of Standards and Technology (NIST) and the International Organization for
Standardization (ISO). These standards are designed to help organizations identify specific threats,
assess unique vulnerabilities to determine their risk, identify ways to reduce these risks and then
implement risk reduction efforts according to organizational strategy.
The ISO 31000 principles, for example, provide frameworks for risk management process
improvements that can be used by companies, regardless of the organization's size or target sector.
The ISO 31000 is designed to "increase the likelihood of achieving objectives, improve the
identification of opportunities and threats, and effectively allocate and use resources for risk
treatment," according to the ISO website. Although ISO 31000 cannot be used for certification
purposes, it can help provide guidance for internal or external risk audit, and it allows organizations
to compare their risk management practices with the internationally recognized benchmarks.
The ISO recommended the following target areas, or principles, should be part of the overall risk
management process: