Professional Documents
Culture Documents
Note: Data represent total number of cases per 100 full-time employees
Source: U.S. Bureau of Labor Statistics, Occupational injuries and Illnesses in the United States by
Industry, annual
As with all the other costs of construction, it is a mistake for owners to ignore a significant category of
costs such as injury and illnesses. While contractors may pay insurance premiums directly, these costs are
reflected in bid prices or contract amounts. Delays caused by injuries and illnesses can present significant
opportunity costs to owners. In the long run, the owners of constructed facilities must pay all the costs of
construction. For the case of injuries and illnesses, this general principle might be slightly qualified since
significant costs are borne by workers themselves or society at large.
However, court judgments and insurance payments compensate for individual losses and are ultimately
borne by the owners.
The causes of injuries in construction are numerous. Table 13-2 lists the reported causes of accidents in
the US construction industry in 1997. A similar catalogue of causes would exist for other countries. The
largest single category for both injuries and fatalities are individual falls. Handling goods and
transportation are also a significant cause of injuries. From a management perspective, however, these
reported causes do not really provide a useful prescription for safety policies. An individual fall may be
caused by a series of coincidences: a railing might not be secure, a worker might be inattentive, the
footing may be slippery, etc. Removing any one of these compound causes might serve to prevent any
particular accident. However, it is clear that conditions such as unsecured railings will normally increase
the risk of accidents. Table 13-3 provides a more detailed list of causes of fatalities for construction sites
1
alone, but again each fatality may have multiple causes.
Various measures are available to improve jobsite safety in construction. Several of the most important
occur before construction is undertaken. These include design, choice of technology and education. By
altering facility designs, particular structures can be safer or more hazardous to construct.
Choice of technology can also be critical in determining the safety of a jobsite. Safeguards built into
machinery can notify operators of problems or prevent injuries. For example, simple switches can prevent
equipment from being operating when protective shields are not in place. With the availability of on-
board electronics (including computer chips) and sensors, the possibilities for sophisticated machine
controllers and monitors has greatly expanded for construction equipment and tools. Materials and work
process choices also influence the safety of construction.
Educating workers and managers in proper procedures and hazards can have a direct impact on jobsite
safety. The realization of the large costs involved in construction injuries and illnesses provides a
considerable motivation for awareness and education. Regular safety inspections and safety meetings
have become standard practices on most job sites.
Pre-qualification of contractors and sub-contractors with regard to safety is another important avenue for
safety improvement. If contractors are only invited to bid or enter negotiations if they have an acceptable
record of safety (as well as quality performance), then a direct incentive is provided to insure adequate
safety on the part of contractors.
During the construction process itself, the most important safety related measures are to insure vigilance
and cooperation on the part of managers, inspectors and workers. Vigilance involves considering the risks
of different working practices. In also involves maintaining temporary physical safeguards such as
barricades, braces, guy lines, railings, toe boards and the like. Sets of standard practices are also
important, such as:
Requiring hard hats on site.
2
Requiring eye protection on site.
Requiring hearing protection near loud equipment.
Insuring safety shoes for workers.
Providing first-aid supplies and trained personnel on site.
While eliminating accidents and work related illnesses is a worthwhile goal, it will never be attained.
Construction has a number of characteristics making it inherently hazardous. Large forces are involved in
many operations. The jobsite is continually changing as construction proceeds. Workers do not have fixed
worksites and must move around a structure under construction. The tenure of a worker on a site is short,
so the worker's familiarity and the employer-employee relationship are less settled than in manufacturing
settings. Despite these peculiarities and as a result of exactly these special problems, improving worksite
safety is a very important project management concern.
3
Uncertainty stemming from regulatory agencies, environmental issues and financial aspects of
construction should be at least mitigated or ideally eliminated. Owners are keenly interested in achieving
some form of breakthrough that will lower the costs of projects and mitigate or eliminate lengthy delays.
Such breakthroughs are seldom planned. Generally, they happen when the right conditions exist, such as
when innovation is permitted or when a basis for incentive or reward exists.
However, there is a long way to go before a true partnership of all parties involved can be forged.
During periods of economic expansion, major capital expenditures are made by industries and bid up the
cost of construction. In order to control costs, some owners attempt to use fixed price contracts so that the
risks of unforeseen contingencies related to an overheated economy are passed on to contractors.
However, contractors will raise their prices to compensate for the additional risks.
The risks related to organizational relationships may appear to be unnecessary but are quite real.
Strained relationships may develop between various organizations involved in the design/construct
process. When problems occur, discussions often center on responsibilities rather than project needs at a
time when the focus should be on solving the problems. Cooperation and communication between the
parties are discouraged for fear of the effects of impending litigation. This barrier to communication
results from the ill-conceived notion that uncertainties resulting from technological problems can be
eliminated by appropriate contract terms. The net result has been an increase in the costs of constructed
facilities.
The risks related to technological problems are familiar to the design/construct professions which have
some degree of control over this category. However, because of rapid advances in new technologies
which present new problems to designers and constructors, technological risk has become greater in many
instances. Certain design assumptions which have served the professions well in the past may become
obsolete in dealing with new types of facilities which may have greater complexity or scale or both. Site
conditions, particularly subsurface conditions which always present some degree of uncertainty, can
create an even greater degree of uncertainty for facilities with heretofore unknown characteristics during
operation. Because construction procedures may not have been fully anticipated, the design may have to
be modified after construction has begun. An example of facilities which have encountered such
uncertainty is the nuclear power plant, and many owners, designers and contractors have suffered for
undertaking such projects.
If each of the problems cited above can cause uncertainty, the combination of such problems is often
regarded by all parties as being out of control and inherently risky. Thus, the issue of liability has taken
on major proportions and has influenced the practices of engineers and constructors, who in turn have
influenced the actions of the owners.
Many owners have begun to understand the problems of risks and are seeking to address some of these
problems. For example, some owners are turning to those organizations that offer complete capabilities in
planning, design, and construction, and tend to avoid breaking the project into major components to be
undertaken individually by specialty participants. Proper coordination throughout the project duration and
good organizational communication can avoid delays and costs resulting from fragmentation of services,
even though the components from various services are eventually integrated.
Attitudes of cooperation can be readily applied to the private sector, but only in special circumstances can
they be applied to the public sector. The ability to deal with complex issues is often precluded in the
competitive bidding which is usually required in the public sector. The situation becomes more difficult
with the proliferation of regulatory requirements and resulting delays in design and construction while
awaiting approvals from government officials who do not participate in the risks of the project.
4
Types of Safety Inspections
There are several ways to perform safety inspections of a workplace, task or job. The most popular ways
include using checklists, general knowledge, and risk mapping. To be effective, safety inspections must
be individualized or tailored to meet the needs of a specific workplace, task or job.
Safety Checklist Inspections
A checklist is very good for the regular inspection of specific items. However, they may not be as useful
in identifying previously unrecognized hazards.
Many different checklists are available from a variety of sources. Unfortunately, since these readymade
checklists are generic, they rarely meet the needs of a specific workplace, task or job. However, you may
find them useful to inspect a part of your area. For instance, the owner's manual for a table saw may have
a checklist that works perfectly for inspecting the saw in a department shop. Taking parts of several
ready-made checklists and putting them together may be an easy method of beginning the development of
your customized checklist.
Risk Mapping Safety Inspections
The third inspection method is called risk mapping. It is a good method to use at a safety meeting where
everyone there is familiar with the workplace or process. This technique uses a map/drawing of the
workplace or a list of steps in a process. People in the group then tell the leader the hazards they
recognize and where they are located in the workplace or process. The leader uses different colors or
symbols to identify different types of hazards on the map or list of steps. This type of inspection is
valuable for involving all employees in identifying and resolving safety hazards.
Workplace Inspections Procedure
To outline the activities required to ensure a consistent, planned, systematic appraisal of the workplace to
identify hazards and/or review established controls.
Workplace inspections ensure that:
Identify hazardous conditions and review hazard control measures
monitor and evaluate the effectiveness of health and safety practices and procedures
Improve health and safety practices and procedures
Measure Occupation Health and Safety (OHS) compliance
Check new facilities, equipment, processes
Collect information that identifies potential new safety initiatives
Maintain interest in health and safety through consultation
Display management commitment to health and safety
Empower staff to ensure a safe work environment.
Managers, in consultation with their staff and the OHS representatives, are responsible for developing and
implementing a system of workplace inspections, consistent with the work area’s risk profile.
Workplace inspections involve the following steps:
Identifying the hazards
Assessing and rating the risks
Controlling the risks (using the Hierarchy of Control)
Implementing the risk controls
Monitoring and reviewing the risk controls
Documenting the results
Property has specific responsibility for inspecting building infrastructure, essential services, grounds
and walkways, plant and equipment and security.
DETERMINE THE WORKPLACE TO BE INSPECTED
Determine the workplace to be inspected and nominate an OHS Committee Workgroup.
Inspections will need to be undertaken:
Where equipment or layout of any work area is altered and increases risk
If a new plant or work process is introduced
Prior to commencement of work
The aim should be to complete a minimum of two inspections a year.
Individual work areas may elect to increase the number of inspections if there is an identified need or
increased risk profile.
OHS Committee
5
Workgroup
Form an Inspection Team
Form an inspection team which includes the following:
A staff member(s) familiar with the work area
A management representative or their delegate
An OHS representative
A delegate from the Health and Safety Unit.
At least one of the inspection team must be trained in the University process for workplace inspections.
Obtain Checklists
A range of Workplace Inspections Checklists is available to assist in the inspection process. The
checklists are based on the hazard register for each area and have been reviewed by staff in the relevant
area. They also assist in recording information and triggering questions during the inspection.
INSPECT THE WORKPLACE
Consider the following factors when inspecting:
Workplace Design (i.e. the physical workplace, both internal and external environment)
Is the area suited to the work being carried out?
Does it provide adequate space for occupants?
Ensure the design meets relevant legislative requirements.
Does it comply with the OHS Act and Regulations?
Systems of Work
Are Policies and Procedures available?
Are Safe Operating Procedures written and accessible?
Is important information available to workers re hazards eg Hazard Register, Material Safety
Data Sheets?
Environment
Behavior
Identify risks
Assess and rate a risk
Report
Document the outcomes of your risk assessments on the Risk
Assessment Form Prepare a Workplace Safety Inspection Summary Report to the Executive Dean/ Head
of Office for action.
Provide a copy of the report to the Central OHS Committee.
Document the results
Document all assessments on the Risk Register Form and forward this, along with copies of any
completed Checklists and/or notes to the following people:
Executive Dean
Head of Department
Health & Safety Unit
OHS Representative
Central OHS Committee Executive Dean/Head of Office
LO.3 Advice on implementation of control measures at the building and construction workplace
The best way to manage risks in international trade is to anticipate, reduce or avoid them. Seek legal
advise and develop a risk management plan that is shared with your staff.
Process
According to the standard ISO 31000 "Risk management – Principles and guidelines on implementation,
the process of risk management consists of several steps as follows:
6
Establishing the context
This involves:
Identification
After establishing the context, the next step in the process of managing risk is to identify potential risks.
Risks are about events that, when triggered, cause problems. Hence, risk identification can start with the
source of problems, or with the problem itself.
Source analysis - Risk sources may be internal or external to the system that is the target of risk
management.
Examples of risk sources are: stakeholders of a project, employees of a company or the weather over an
airport.
Problem analysis- Risks are related to identified threats. For example: the threat of losing money,
the threat of abuse of confidential information or the threat of accidents and casualties. The
threats may exist with various entities, most important with shareholders, customers and
legislative bodies such as the government.
When either source or problem is known, the events that a source may trigger or the events that can lead
to a problem can be investigated. For example: stakeholders withdrawing during a project may endanger
funding of the project; confidential information may be stolen by employees even within a closed
network; lightning striking an aircraft during takeoff may make all people on board immediate casualties.
The chosen method of identifying risks may depend on culture, industry practice and compliance. The
identification methods are formed by templates or the development of templates for identifying source,
problem or event. Common risk identification methods are:
Objectives-based risk identification- Organizations and project teams have objectives. Any event
that may endanger achieving an objective partly or completely is identified as risk.
Scenario-based risk identification - In scenario analysis different scenarios are created. The
scenarios may be the alternative ways to achieve an objective, or an analysis of the interaction of
forces in, for example, a market or battle. Any event that triggers an undesired scenario
alternative is identified as risk.
Taxonomy-based risk identification - The taxonomy in taxonomy-based risk identification is a
breakdown of possible risk sources. Based on the taxonomy and knowledge of best practices, a
questionnaire is compiled. The answers to the questions reveal risks.
Common-risk checking - In several industries, lists with known risks are available. Each risk in
the list can be checked for application to a particular situation.
Risk charting - This method combines the above approaches by listing resources at risk, threats to
those resources, modifying factors which may increase or decrease the risk and consequences it is
wished to avoid. Creating a matrix under these headings enables a variety of approaches. One can
7
begin with resources and consider the threats they are exposed to and the consequences of each.
Alternatively one can start with the threats and examine which resources they would affect, or
one can begin with the consequences and determine which combination of threats and resources
would be involved to bring them about.
Risk Assessment
Once risks have been identified, they must then be assessed as to their potential severity of impact
(generally a negative impact, such as damage or loss) and to the probability of occurrence. These
quantities can be either simple to measure, in the case of the value of a lost building, or impossible to
know for sure in the case of the probability of an unlikely event occurring. Therefore, in the assessment
process it is critical to make the best educated decisions in order to properly prioritize the implementation
of the risk management plan.
Even a short-term positive improvement can have long-term negative impacts. Take the "turnpike"
example. A highway is widened to allow more traffic. More traffic capacity leads to greater development
in the areas surrounding the improved traffic capacity. Over time, traffic thereby increases to fill available
capacity. Turnpikes thereby need to be expanded in a seemingly endless cycles. There are many other
engineering examples where expanded capacity (to do any function) is soon filled by increased demand.
Since expansion comes at a cost, the resulting growth could become unsustainable without forecasting
and management.
The fundamental difficulty in risk assessment is determining the rate of occurrence since statistical
information is not available on all kinds of past incidents. Furthermore, evaluating the severity of the
consequences (impact) is often quite difficult for intangible assets. Asset valuation is another question
that needs to be addressed. Thus, best educated opinions and available statistics are the primary sources of
information.
Once risks have been identified and assessed, all techniques to manage the risk fall into one or more of
these four major categories:
Risk avoidance
This includes not performing an activity that could carry risk. An example would be not buying a
property or business in order to not take on the legal liability that comes with it. Another would be not
flying in order not to take the risk that the airplane were to be hijacked. Avoidance may seem the answer
to all risks, but avoiding risks also means losing out on the potential gain that accepting (retaining) the
risk may have allowed. Not entering a business to avoid the risk of loss also avoids the possibility of
earning profits.
Hazard prevention
Hazard prevention refers to the prevention of risks in an emergency. The first and most effective stage of
hazard prevention is the elimination of hazards. If this takes too long, is too costly, or is otherwise
impractical, the second stage is mitigation.
8
Risk reduction
Risk reduction or "optimization" involves reducing the severity of the loss or the likelihood of the loss
from occurring. For example, sprinklers are designed to put out a fire to reduce the risk of loss by fire.
This method may cause a greater loss by water damage and therefore may not be suitable. Halon fire
suppression systems may mitigate that risk, but the cost may be prohibitive as a strategy.
Acknowledging that risks can be positive or negative, optimizing risks means finding a balance between
negative risk and the benefit of the operation or activity; and between risk reduction and effort applied.
Modern software development methodologies reduce risk by developing and delivering software
incrementally. Early methodologies suffered from the fact that they only delivered software in the final
phase of development; any problems encountered in earlier phases meant costly rework and often
jeopardized the whole project. By developing in iterations, software projects can limit effort wasted to a
single iteration.
Risk sharing
Briefly defined as "sharing with another party the burden of loss or the benefit of gain, from a risk, and
the measures to reduce a risk."
The term of 'risk transfer' is often used in place of risk sharing in the mistaken belief that you can transfer
a risk to a third party through insurance or outsourcing. In practice if the insurance company or contractor
go bankrupt or end up in court, the original risk is likely to still revert to the first party. As such in the
terminology of practitioners and scholars alike, the purchase of an insurance contract is often described as
a "transfer of risk." However, technically speaking, the buyer of the contract generally retains legal
responsibility for the losses "transferred", meaning that insurance may be described more accurately as a
post-event compensatory mechanism. For example, a personal injuries insurance policy does not transfer
the risk of a car accident to the insurance company. The risk still lies with the policy holder namely the
person who has been in the accident. The insurance policy simply provides that if an accident (the event)
occurs involving the policy holder then some compensation may be payable to the policy holder that is
commensurate to the suffering/damage.
Some ways of managing risk fall into multiple categories. Risk retention pools are technically retaining
the risk for the group, but spreading it over the whole group involves transfer among individual members
of the group. This is different from traditional insurance, in that no premium is exchanged between
members of the group up front, but instead losses are assessed to all members of the group.
Risk retention
Involves accepting the loss, or benefit of gain, from a risk when it occurs. True self insurance falls in this
category. Risk retention is a viable strategy for small risks where the cost of insuring against the risk
would be greater over time than the total losses sustained. All risks that are not avoided or transferred are
retained by default. This includes risks that are so large or catastrophic that they either cannot be insured
against or the premiums would be infeasible. War is an example since most property and risks are not
insured against war, so the loss attributed by war is retained by the insured. Also any amounts of potential
loss (risk) over the amount insured is retained risk. This may also be acceptable if the chance of a very
large loss is small or if the cost to insure for greater coverage amounts is so great it would hinder the
goals of the organization too much.
Select appropriate controls or countermeasures to measure each risk. Risk mitigation needs to be
approved by the appropriate level of management. For instance, a risk concerning the image of the
9
organization should have top management decision behind it whereas IT management would have the
authority to decide on computer virus risks.
The risk management plan should propose applicable and effective security controls for managing the
risks. For example, an observed high risk of computer viruses could be mitigated by acquiring and
implementing antivirus software. A good risk management plan should contain a schedule for control
implementation and responsible persons for those actions.
According to ISO/IEC 27001, the stage immediately after completion of the risk assessment phase
consists of preparing a Risk Treatment Plan, which should document the decisions about how each of the
identified risks should be handled. Mitigation of risks often means selection of security controls, which
should be documented in a Statement of Applicability, which identifies which particular control
objectives and controls from the standard have been selected, and why.
Implementation
Implementation follows all of the planned methods for mitigating the effect of the risks. Purchase
insurance policies for the risks that have been decided to be transferred to an insurer, avoid all risks that
can be avoided without sacrificing the entity's goals, reduce others, and retain the rest.
Initial risk management plans will never be perfect. Practice, experience, and actual loss results will
necessitate changes in the plan and contribute information to allow possible different decisions to be
made in dealing with the risks being faced.
Risk analysis results and management plans should be updated periodically. There are two primary
reasons for this:
1. To evaluate whether the previously selected security controls are still applicable and effective
2. To evaluate the possible risk level changes in the business environment. For example,
information risks are a good example of rapidly changing business environment.
Planning how risk will be managed in the particular project. Plans should include risk
management tasks, responsibilities, activities and budget.
Assigning a risk officer – a team member other than a project manager who is responsible for
foreseeing potential project problems. Typical characteristic of risk officer is a healthy
skepticism.
Maintaining live project risk database. Each risk should have the following attributes: opening
date, title, short description, probability and importance. Optionally a risk may have an assigned
person responsible for its resolution and a date by which the risk must be resolved.
Creating anonymous risk reporting channel. Each team member should have the possibility to
report risks that he/she foresees in the project.
Preparing mitigation plans for risks that are chosen to be mitigated. The purpose of the mitigation
plan is to describe how this particular risk will be handled – what, when, by whom and how will
it be done to avoid it or minimize consequences if it becomes a liability.
Summarizing planned and faced risks, effectiveness of mitigation activities, and effort spent for
the risk management.
10
LO.4 Establish and review communications and educational programs
Risk management and business continuity
Risk management is simply a practice of systematically selecting cost effective approaches for
minimizing the effect of threat realization to the organization. All risks can never be fully avoided or
mitigated simply because of financial and practical limitations. Therefore all organizations have to accept
some level of residual risks.
Whereas risk management tends to be preemptive, business continuity planning (BCP) was invented to
deal with the consequences of realized residual risks. The necessity to have BCP in place arises because
even very unlikely events will occur if given enough time. Risk management and BCP are often
mistakenly seen as rivals or overlapping practices. In fact these processes are so tightly tied together that
such separation seems artificial. For example, the risk management process creates important inputs for
the BCP (assets, impact assessments, cost estimates etc.). Risk management also proposes applicable
controls for the observed risks. Therefore, risk management covers several areas that are vital for the BCP
process. However, the BCP process goes beyond risk management's preemptive approach and assumes
that the disaster will happen at some point.
Risk communication
Risk communication is a complex cross-disciplinary academic field. Problems for risk communicators
involve how to reach the intended audience, to make the risk comprehensible and relatable to other risks,
how to pay appropriate respect to the audience's values related to the risk, how to predict the audience's
response to the communication, etc. A main goal of risk communication is to improve collective and
individual decision making. Risk communication is somewhat related to crisis communication.
Accept and involve the public/other consumers as legitimate partners (e.g. stakeholders).
Plan carefully and evaluate your efforts with a focus on your strengths, weaknesses,
opportunities, and threats (SWOT).
Listen to the stakeholders specific concerns.
Be honest, frank, and open.
Coordinate and collaborate with other credible sources.
Meet the needs of the media.
Speak clearly and with compassion.
11