RISK MANAGEMENT PROCESS

SAFETY TRAINING
Corporate Safety Training
For Supervisors and Affected Employees

WELCOME
 ABOUT THIS COURSE

Risk Management is a Process of Identifying exposures

and Determining Treatments. (Insurance is only one small
aspect of the process) Risk Management procedures,
properly applied will assist you in preparing for problems
as well as controlling the impact of these events.

It is a tool which may be used by Individuals as well as

Businesses, and assists in the implementation of a plan
which reduces your chance of having a loss as well as the
amount of loss which may result.
 COURSE OBJECTIVES

 Introduce the Risk Management Process.

 Discuss the Basics of the Risk management Process.
 Introduce the Corporate Business Continuity Program.
 Discuss the Need for a Corporate Disaster Recovery Plan.
 BASIS FOR THIS COURSE

 Life Safety.
 Corporate Stability.
 Statistically, Risk Management Results in Prevention.
 OSHA Requirements.
 EPA Requirements.
 RISK MANAGEMENT PROCESS

1. Obtain Senior Management Buy-in and Support.

2. Assign Roles and Responsibilities.
3. Inventory Assets.
4. Assess Risks. Business Continuity Plan (BCP)
 Business Impact Analysis (BIA)
5. Safety and Health Plan.
 Develop Countermeasures
 Audit  Development/Implementation
 Policies/Procedures  Testing of the Plan
 Incident Reporting  Plan Awareness and Training
 Incident Investigation
 Maintenance of the Plan
 Awareness
 Follow up
RISK MANAGEMENT PROCESS
Continued

Define Environment
& Assets

Monitoring, Risk Analysis

Testing & Audits & Assessment
The
Process

Awareness Policies, Stds,

& Administration Procedures
Design &
Implementation
 RISK MANAGEMENT PROCESS
Continued

Impacts:
 Loss of Revenue - Corporate Income
 Legal Problems - Fines, Penalties
 Goodwill - Client & Stockholder Confidence
Note: Losses May Not Be Dollars.
 PROGRAM COMPONENTS

1. Risk Analysis & Risk Assessment

2. Safety and Health Program
3. Business Continuity Program
 RISK OVERVIEW
Ten Steps
Risk Analysis

 Organize and Define the Scope

 Identify and Value the Assets
 Identify Applicable Threats
 Identify and Describe Vulnerabilities
 Establish Pairings (relationships)
 Determine the Impact of Threat Occurrence
 Measure Existing Countermeasures
 Determine Residual Risks
 Recommend Additional Countermeasures
 Prepare a Risk Analysis Report
 RISK OVERVIEW
Continued

Advantages:
Risk Analysis

 In-depth risk assessment brings peace of mind.

 You get a comprehensive picture of business and
technical processes.
 You Identify current opportunities for process
enhancements and/or re-engineering.
 You have planning data for rapid, smooth recovery.
 “Insurance Policy” for staying in business.
 RISK OVERVIEW
Continued

1. Risk Analysis & Risk Assessment

Risk Analysis

Risk Analysis - The process of identifying and

documenting vulnerabilities and applicable threats to
assets.
Risk Assessment - Projecting losses, assigning
levels of risk, and recommending appropriate
measures to protect assets.
 RISK OVERVIEW
Continued

Foundation of All Risk Management Programs:

Risk Analysis

 Snapshot in time.
 Discover compliance with existing policies.
 Basis for selecting cost-efficient, most appropriate
protection measures for assets.
 Equilibrium- asset loss to countermeasures
 Provide information on likelihood of threat occurrence
and asset impact.
 Federal government and most states mandate.
 Ensure reasonable steps are taken to prevent loss of
assets.
 RISK OVERVIEW
Continued

Risk Analysis Vs Business Impact Analysis:

Risk Analysis

 Risk Analysis & Assessment (RAA) - (Proactive)

Initial process that identifies critical processes, evaluates
current standards and countermeasures, determines
cost-effective mitigation of identified risks.

 Business Impact Analysis (BIA) - (Reactive)

Quantifies risks to include exposure results such as
financial loss, client good will, public confidence, etc.
 RISK OVERVIEW
Continued

Risk Management Jargon:

Risk Analysis

 Assets - Anything of value worth protecting or preserving.

 Threats - Events or actions which always exists and can
generate undesirable impacts or loss of assets. Can be either
human or environmental.
 Vulnerabilities - The “windows of opportunity” which allow
threats to materialize. Exposures. Conditions of weakness.
 Countermeasures - (Safeguards, Controls) - Devices,
processes, actions, procedures that can reduce
vulnerabilities. Prevention, Detection, Correction.
 Risk - Potential for a threat to exploit a vulnerability.
THREAT + VULNERABILITY = RISK
 RISK OVERVIEW
Continued

The Basics:
Risk Analysis

 Assets identified.
 Threats identified.
 Vulnerabilities identified.
 Asset Losses identified.
 Protective measures identified and proposed.
 RISK OVERVIEW
Continued

Quantitative VS Qualitative
Quantitative Qualitative
Objective Numeric Values Descriptive, Immeasurable Values
 Asset Valuation  Rough Characteristics
 Precise Impact  No Quantifiable Data
 Frequency of Threats  Yes/No; Low/Medium/High;
Vital/Critical/Important; good/bad
 Countermeasure Cost-Effectiveness
 Rankings based on judgment
 Use of Complex Calculations
(probabilities)
 RISK OVERVIEW
Continued

In Reality. . .
Risk Analysis

Risk Analysis Involves Both

 Quantifiable measurements.
 Judgments based on experience and knowledge.

Quantifiable Judgments
 RISK OVERVIEW
Continued

Types of Threats:
Risk Analysis

 Human - Intentional or Unintentional.

 Environmental (technological) - From on or off site event.
 Environmental (natural) - Earthquakes etc.
 TYPES OF COUNTERMEASURES
Risk Analysis

 Prevention
 Detection
 Correction
 CORPORATE KNOWLEDGE BASE

Analysts Need to:

Risk Analysis

 Know current and historical internal environment.

 Know current and historical external environment.
 Understand dependencies and vulnerabilities.
 Understand threat profiles.
 Understand countermeasure choices and related
costs.
 Be able to apply cost-benefit analysis to risks and
countermeasures.
 PROGRAM COMPONENTS

1. Risk Analysis & Risk Assessment

2. Safety and Health Program
3. Business Continuity Program
 HUMAN ASSET PROTECTION

2. Safety and Health Program

To quantify it involves:
Safety

- Gathering information from available sources.

- Conducting baseline screening surveys to determine

which jobs, areas or processes need a closer analysis.

- Performing risk analyses of the work areas/processes

with identified risk factors.

- After implementing control measures, conducting

periodic surveys and follow-up to evaluate changes.
 HUMAN ASSET PROTECTION
Continued

Eight Steps:
1. Management Sponsorship and Support.
Safety

2. Organize and Define the Scope.

3. Risk Analysis.
4. Policies and Procedures.
5. Workplace Safety Controls.
6. Accident Reporting and Investigation.
7. Safety Awareness Training.
8. Monitoring and Follow-up.
 HUMAN ASSET PROTECTION
Continued

PRINCIPAL QUESTIONS TO BE ANSWERED:

 WHO?
 WHAT?
Safety

 WHY?
 WHEN?
 WHERE?
 HOW?
 HUMAN ASSET PROTECTION
Continued

WHO?
 Who could be injured?
 Who controls that particular work environment?
Safety

 Who can render first aid or medical treatment?

 HUMAN ASSET PROTECTION
Continued

WHAT?
 What is the past accident history of the area?
Safety

 What is the exact nature of previous injuries?

 What do the employees routinely do?
 What operations are performed?
 What hazardous/nonhazardous materials are used?
 What safe-work procedures have been provided?
 HUMAN ASSET PROTECTION
Continued

WHAT?
 What personal protective equipment are used?
 What PPE is required?
Safety

 What elements can contribute to an accident?

 What machine guards are available but not used?
 What negative environmental conditions exist?
 What related safety procedures need revision?
 What shifts do the employee’s work?
 What ergonomic factors are involved?
 HUMAN ASSET PROTECTION
Continued

WHEN?
 When do accidents historically occur?
Safety

 When do employee start his/her shifts?

 When was job-specific training received?
 When (how often) do supervisors visit the job?
 HUMAN ASSET PROTECTION
Continued

WHY?
 Why do the accidents occur?
Why do employee’s do what they do?
Safety


 Why do co-workers do what they do?
 Why are the specific tool/equipment selected?
 HUMAN ASSET PROTECTION
Continued

WHERE?
 Where do accident’s occur?
Where are employee’s positioned?
Safety


 Where is the supervisor stationed?
 Where is first aid stationed?
 HUMAN ASSET PROTECTION
Continued

HOW?
 How do accidents occur?
 How many employee’s work in specific areas?
Safety

 How do employee’s get injured (specifically)?

 How can the injuries be avoided?
 How can witnesses help better?
 HOW CAN THE COMPANY IMPROVE SAFETY?
 HUMAN ASSET PROTECTION
Continued

WHAT'S NEXT - AFTER RISK ANALYSIS?

 Instruct employee in proper behaviors.

 Warn employee of potential hazards.
Safety

 Supply appropriate safeguards.

 Supply appropriate PPE.
 Eliminate known unsafe conditions.
 Repair or modify known unsafe conditions.
 Implement procedural changes.
 HUMAN ASSET PROTECTION
Continued

Some Road Blocks to Safety:

 Lack of Sufficient Budget.
Safety

 Lack of Written Procedural Guidance.

 Lack of Resources - Management Support, Staff.
 Lack of Awareness.
 Lack of Tools.
 Lack of Training.
 PROGRAM COMPONENTS

1. Risk Analysis & Risk Assessment

2. Safety and Health Program
3. Business Continuity Program
 RECOVERY
Continued

3. Business Continuity Program

BCP - Spells out what, who, how, and when for a
BCP

quick and smooth restoration of critical operations

after a catastrophic disruptive event, minimizes
losses, and eventually returns to business as
normal.

Important - The BCP can incorporate or reference

other corporate plans required by outside
regulatory agencies.
 RECOVERY
Twelve Steps
1. Pre-planning (Senior Mgmt Commitment/Support, Policies)
2. Risk Analysis
BCP

3. Business Impact Analysis

4. Identify Resources and Requirements Needed
5. Emergency Response
6. Coordination with Public Authorities
7. Public Relations and Crisis Communications
8. Strategic Alternatives
9. Plan Development/Implementation
10. Testing/Exercises
11. Awareness
12. Maintenance
 RECOVERY
Continued

Goals
 Identify weaknesses and implement a disaster prevention
BCP

program.
 Minimize the duration of a serious disruption to business
operations.
 Facilitate effective co-ordination of recovery tasks; and
reduce the complexity of the recovery effort.
 RECOVERY
Continued

 Corporate - Business Continuity Plan

 Corporate - Business Resumption Plan
BCP

 FEMA - Natural Disaster Recovery Plan

 OSHA - Facility Emergency Action Plan
 EPA - Risk Management and Contingency Plan
 Law Enforcement - Crisis Management Plan
 RECOVERY
Continued

Business Impact Analysis (BIA):

Foundation of BCP
BCP

 Establishes the value of each major organizational

function as it relates to the whole.

 Provides the basis for identifying the critical resources

required to develop a business recovery strategy.

 Establishes priority for restoring the functions of the

organization in the event of a disaster.
 RECOVERY
Continued

Six Steps to BIA:

1. Identify the Critical Business Functions.
BCP

2. Prioritize Critical Business Functions.

3. Identify Dependencies and Resources Needed.
4. Identify Points of Failure for Each Function.
5. Estimate Probable Impact of Loss for Each Point of Failure.
6. Determine if a Contingency Plan is Required.
 RECOVERY
Continued

Staying Current:
 List (know) functions having a critical impact on mission.
BCP

 Ensure a plan is developed for each critical function.

 Continue to test and evaluate plans at least once a year.
 Keep personnel responsibilities current and test for readiness.
 Involve key personnel in operational planning.
 Train, Train, Train.
LAST WORDS

DISASTERS
ARE SOMETIMES
INEVITABLE
SURVIVAL ISN’T