Last week, Insurance News Net’s Trish Ennis examined the relationship between occupational health, safety risk management and reputational risk.
Texas City refinery. Upper Big Branch mine. Deepwater Horizon. Tazreen Fashions factory. Rana Plaza. Each of these tragedies was caused by a chain of events that included safety and health system deficiencies. They have something else in common, too: They all caused significant damage to the reputations of the organizations involved.”
Ennis highlights an emerging trend in not just OSH risk & compliance management, but in all silos of risk management. Rather than managing risk within only their department, risk management programs are being asked to assess risks on an enterprise scale. Companies need to consider a risk’s impact based on not only a departmental dimension, but also an enterprise dimension, which takes into account criteria pertaining to process complexity, control effectiveness, and the achievement of a company’s strategic objectives (like reputation management).
Where Ennis asks OSH professionals to consider a new set of questions – how risk will effect a company’s financial performance, operational efficiency, etc. – enterprise risk management would instead insist that these organizations adopt a single. standardized assessment criteria. A risk with minor OSH implications, but a large impact from an enterprise perspective, must be evaluated and elevated to appropriate decision makers. Evaluating risks on several different sets of criteria only complicates the process, because a risk must always be treated in accordance with the most significant impact it can bestow on the enterprise.
While this principle is relatively straightforward, it’s also misunderstood. Consider its comparison to risk’s second most popular assessment dimension, likelihood. Likelihood would never be assessed on multiple scales, and its absolute nature makes it far easier to compare against other risks. Impact must be addressed the same way, and the best way to accomplish this is by creating a centralized set of enterprise criteria that can be applied across all silos of risk management.
It's up to each individual organization to decide how a damaging reputational impact would compare to regulatory and financial impacts, which is where a Risk Management Software solution can be invaluable in documenting assumptions, capturing reasoning behind historical assessments, and relaying industry best practices & recommendations.
To develop risk assessments with an enterprise scale, read our eBook on "5 Steps for Better Risk Assessments."