ISO 14001 & OHSAS 18001 – Risks Management
The term “risk†is literally defined as the possibility of meeting danger or suffering harm or loss, or exposure to harm or loss. When defining risk, it is important to understand that there are three interrelated concepts that are used in determining risk:
• The probability that an event may occur
• A detrimental or undesirable consequence related to the event
• The severity of the potential harm of the event.
RISK ASSESSMENT
Relative risk and insurance risk are terms used when assessing a risk. Relative risk is judged by specific undesirable events along a broad scale of undesirability. For instance, an on the job injury could be a minor occurrence or it could be fatal. Both outcomes are undesirable. Obviously, the minor occurrence would be the better alternative. In this example, a person that has experienced a close call or injury will consider the probability and potential consequences and will adjust their behavior to minimize or alleviate the risk of such an event in the future.
Determining the probability of an occurrence and the effect that this occurrence has on the organization or components of the organization can assess risk. Risk assessment is expressed in various terms that allow for understanding of the data that is compiled.
Subjective terms can best be used to describe the probability of an occurrence. Examples of such terms would be: rare vs. high, one in ten and a numbered percentage. Undesirable consequences can be described in descriptive terms such as: “death,†“injury,†“disaster†or in more tangible terms as in “combined costs of payments†and “loss of productivity†stemming from a worker’s compensation injury or illness.
Probability and consequence can be combined and expressed mathematically as the product of loss probability. An example of this would be an insurance company might describe an asset as a two million dollar risk but have only a very small probability of loss. When discussing the probability of risk it is important to understand that risk probability is bi-directional. It illustrates the chance that something undesirable may occur and also the probable outcome rated on a scale of negative consequences. This concept will be reviewed later in this document. As an example: statistically we can predict the number of ambulance crashes that occur annually. We can also predict the number of injuries and fatalities that arise from the accidents. However, these statistics are not able to predict where or when an accident will occur, nor will they provide an assessment of the seriousness of the accident.
RISK MANAGEMENT
Risk management refers to activities that involve the comparison and/or evaluation of risks and to develop methods that will effect change in the probability or consequence of an act. Identification and evaluation of risks as well as the identification, selection and implementation of control measures make up the complete process of risk management.
With EMS being identified as having a key role in risk management there are multiple areas that will make more awareness of risks and promote prevention both in the community and the EMS organization. Examples of such areas would be
• Recognition of potentially hazardous situations.
• Understanding of medical emergencies.
• Effective response to emergencies.
Step One: Identify Risk – The purpose of identifying risk is to determine what types of things create risk. There is some potential for risk involved in all aspects of EMS. Generalized areas of risk are Personnel, Vehicles, Equipment and Facilities. Organizations should consider any and all risks and consider those that may be specific to the organization. When identifying risk, a good place to start is one’s organization/business. Use documentation that already exists, e.g., current injury reports, accident reports, and disciplinary or other action type reports. Neighboring organizations as well as a multitude of industry and trade journals are available to assist with the identification of risk.
Step 2: Risk Evaluation – To properly evaluate risk we must determine the probability or likelihood that a harmful event may occur. When evaluating probability, we look at the number of times a specific incident has occurred over a given period of time. What must not be misunderstood or underestimated is the fact that simply because an event has never occurred in an organization or region does not mean that this incident will never occur. Also, it is important to remember that usually the most severe incidents are the least common.
Step 3: Prioritizing Risk – After evaluating risk, the next step is to prioritize or rank the areas that need to be addressed. As a rule, the risks with the highest frequency and highest severity will be addressed first with the outcomes less likely to occur following.
Prioritizing risk is accomplished by determining the potential outcome based upon three factors: Severity (S), Probability (P) and Exposure (E)
Severity – What is the expected severity of an incident that could occur?
Probability – What are the chances that given an exposure to a hazard an accident will result?
Exposure – What is the exposure to the hazard?
When determining the risk for a given hazard the following formula may be utilized:
Total Risk = (S)everity x (P)robability x (E)xposure
When prioritizing risk the first step is to identify the hazard. When identifying the hazard, it is important to state what the hazard is and what the result could be.
Step 4: Determine and Implement Controls- Determining control measures is based upon the results found in risk potential and the prioritizing risk steps of the Risk Management table. Control measures must be determined prior to implementation so the cost and associated benefits may be considered. When determining controls, the following factors should be considered:
• Predicted Effect: What effect will occur when considered in conjunction with the cost to implement the control.
• Time: The time it would take to implement the control measure. Could the resources used to control the risk be used more efficiently and effectively during the implementation time period? Will any other efforts be compromised?
• Time to Results: What is the time period between the implementation of a control and the actual results from the implementation? If the control measure is a long-term goal then this should be clearly expressed in the proposal for the control.
• Effort: What is the ease or difficulty with which a control measure is implemented? Can the effort be better applied to other programs? Are there multiple solutions? Will less effort be required for one solution then another? The people that a risk affects the most should be involved in decision-making when more efficient ways to control a risk are addressed.
• Implementation Cost: What is the actual cost of implementation? What is the cost should the implementation not occur? Cost is often the deciding factor whether a measure is implemented or rejected. The cost for implementing a control measure will always affect the priority of the implementation.
• Insurance Cost: Does implementing the control measure reduce or increase the insurance cost? Estimating potential losses are how insurance costs are established. The costs are generally derived from reviewing losses in a generic sense from a common industry as well as reviewing customer specific losses.
• Funding: Funding for risk management can be expressed in two categories. Risk retention and risk transfer. Risk retention is dependent upon internal funding such as budgeted operating expenses, reserve funds for losses and borrowing funds to pay for unanticipated losses. Risk transfer includes: commercial insurance purchase and indemnity clauses.
• Cost/Benefit Analysis: Process by which risks are prioritized through some type of ranking system. A cost/benefit analysis almost always deals with the safety and health of personnel. However, if the implementation costs use real dollars then a “balance sheet†will have to be prepared that outlines the cost of the implementation and prospective savings from the implementation.
• Transfer- This step should be completed only after all risks of an operation have been identified. Risks during emergencies cannot be completely controlled. However, the severity of the risks can be addressed and minimized.
• Risk Avoidance is the complete elimination of a particular risk in order to prevent an undesirable event from occurring. An example of this would be avoiding an area with unstable roadways. Therefore, eliminating any potential risk. Although risk avoidance may be an accepted means to alleviate risk in some work places, the use of risk avoidance is impractical in the EMS field.
• Risk Reduction is accomplished by testing, planning, training and enforcement of safety and risk management related issues. The reevaluation of risk management programs and a proactive approach is essential to reducing risk.
• Risk transfer is the final means of mitigating risk potential. The concept of risk transfer is the complete removal of a risk by transferring this risk to separate party. Risk transfer can be utilized for any real hazards or for financial risk only. An example of risk transfer for a real hazard would be if an agency decided that a procedure was to dangerous to complete and an outside contractor would be hired to complete the task, thereby transferring and eliminating the potential risk. An example of risk transfer for a financial risk would be the purchase of insurance for the equipment and building of an organization thereby alleviating the financial risk. It should be understood that financial risk transfer does not eliminate or reduce the risk, but simply offers compensation should a loss occur.
Step 5: Evaluate and Revise- For a risk management program to be truly effective the need for evaluation and revision is essential. The intended efforts of a risk management program are the improvement of problems areas. Evaluation should mirror the points that were identified previously in risk identification, and there should also be some type of follow up to determine if the desired outcome was achieved.
Contact us at info@lakshy.com or visit www.lakshy.com or call our 24 hours customer care +91 9821780035 to get your organization ISO 9001:2008, ISO 14001:2004 and OHSAS 18001:2007 certified.