Development and Validation of Plain English Interpretations of the Seven Elements of the Risk Management Process
Abstract
:1. Introduction
- black box—a document that is current and references other current documents;
- white box—a document that is superseded but still available through SAI Global and not clearly marked as superseded;
- grey box—a document that is current but references superseded documents;
- solid line—a current document referenced by a current document;
- dotted line—a current document referenced by a superseded document, and
- dashed line—a superseded document referenced by a current document.
2. Aim
- Establishing the Context;
- Risk Identification;
- Risk Analysis;
- Risk Evaluation;
- Risk Treatment;
- Communication and Consultation, and
- Monitoring and Reviewing
3. Method
3.1. Participants
- The ‘social desirability effect’ and this was addressed in that participants were advised that responses were confidential and anonymous;
- the ‘halo effect’ and the way this was addressed was to not shape participants ideas before seeing the survey and
- the ‘yae/nae saying acquiescence’ and this was addressed by using balance in the questioning, that is no leading questions [37].
3.2. Procedure and Materials
3.3. Analysis Strategy
4. Results
4.1. Feedback Provided by Risk-Experts
A Case Study Showing the Development of the Risk Treatment PEI as Informed by Risk-Experts
- Added an initial short definition of risk treatment that included two risk treatment outcomes—(1) eliminate or reduce the risks that are unacceptable or intolerable and (2) accept or increase the risk or opportunities that are acceptable or tolerable
- Added ‘accepting the risk’ to the tolerating the risk strategy because it was important to highlight that risk was not necessarily negative
- Deleted ‘removing the risk source’ from the treating the risk strategy because it actually belongs in the termination strategy
- Added ‘passing on’ to the transferring the risk strategy to differentiate from ‘sharing’ the risk
- In the first paragraph ‘with consideration of the hierarchy of controls’ was added because it was thought to be an important and often forgotten part of the risk management process
- In the second outcome ‘accept or increase risk’ was separated, to highlight their differences better—so that there were now three separate outcomes
4.2. Feedback Provided by Operators/Workers
4.3. Discussion
4.3.1. Risk Identification PEI
4.3.2. Risk Analysis PEI
4.3.3. Risk Evaluation PEI
4.3.4. Risk Treatment PEI
4.3.5. Monitoring and Reviewing PEI
4.4. Conclusions
Author Contributions
Funding
Conflicts of Interest
References
- Standards Australia and Standards New Zealand. AS/NZS 4360:2004 Risk Management; NZS: Wellington, New Zealand, 2004. [Google Scholar]
- Standards Australia and Standards New Zealand. ISO 31000:2009 Risk Management–Principles and Guidelines; NZS: Wellington, New Zealand, 2009. [Google Scholar]
- Standards Australia and Standards New Zealand. HB 436:2013, Risk Management Guidelines–A Companion to AS/NZS ISO 31000: 2009; Sydney, NZS: Wellington, New Zealand, 2013. [Google Scholar]
- Standards Australia and Standards New Zealand. HB 246:2010-Guidelines for Managing Risk in Sport and Recreation Organizations; Sydney, NZS: Wellington, New Zealand, 2010. [Google Scholar]
- Standards Australia and Standards New Zealand. AS/NZS 4024.1201:2014-Safety of Machinery-General Principles for Design-Risk Assessment and Risk Reduction; NZS: Wellington, New Zealand, 2014. [Google Scholar]
- Standards Australia and Standards New Zealand. HB 167:2006 Security Risk Management; NZS: Wellington, New Zealand, 2006. [Google Scholar]
- Standards Australia and Standards New Zealand. AS 61508.1-2011 Functional Safety of Electrical/electronic/Programmable Electronic Safety-Related Systems-General Requirements; NZS: Wellington, New Zealand, 2011. [Google Scholar]
- Standards Australia and Standards New Zealand. ISO GUIDE 73:2009, Risk Management–Vocabulary Sydney; NZS: Wellington, New Zealand, 2009. [Google Scholar]
- Standards Australia and Standards New Zealand. AS/NZS 3931:1998 Risk Analysis of Technological Systems–Application Guide; NZS: Wellington, New Zealand, 1998. [Google Scholar]
- Standards Australia and Standards New Zealand. IEC/ISO 31010:2009 Risk Management–Risk Assessment Techniques; NZS: Wellington, New Zealand, 2009. [Google Scholar]
- Standards Australia and Standards New Zealand. HB 89:2010 Risk Management-Guidelines on Risk Assessment Techniques; NZS: Wellington, New Zealand, 2010. [Google Scholar]
- Standards Australia and Standards New Zealand. ISO/IEC GUIDE 51:2014 Safety Aspects–Guidelines for Their Inclusion in Standards; NZS: Wellington, New Zealand, 2014. [Google Scholar]
- Hardy, J. Enterprise Risk Management: A Guide for Government Professionals; Josey-Bass: San Francisco, CA, USA, 2014. [Google Scholar]
- Meshkat, L.; Su, P. A Common Risk Language; The Aerospace Corporation: El Segundo, CA, USA, 2004. [Google Scholar]
- Haimes, Y.Y. On the complex definition of risk: A systems-based approach. Risk Anal. 2009, 29, 1647–1654. [Google Scholar] [CrossRef] [PubMed]
- Knight, K. 21 years of risk management standardisation-past, present and future. Presented at the Queensland Chapter of RMIA, Brisbane, QLD, Australia, 22 October 2012. [Google Scholar]
- Aven, T. On the new ISO guide on risk management terminology. Reliab. Eng. Syst. Saf. 2011, 96, 719–726. [Google Scholar] [CrossRef]
- Cross, J. Risk. In The Core Body of Knowledge for Generalist OHS Professionals; HaSPA (Health and Safety Professionals Alliance); Safety Institute of Australia: Tullamarine, VIC, Australia, 2012. [Google Scholar]
- Hubbard, D.W. The Failure of Risk Management: Why It Is Broken and How to Fix It; John Willey & Sons, Inc.: Hoboken, NJ, USA, 2009. [Google Scholar]
- Hillson, D.; Murray-Webster, R. Understanding and Managing Risk Attitude; Gower Publishing Co.: Aldershot, QLD, Australia, 2005. [Google Scholar]
- Breakwell, G.M. The Psychology of Risk; Cambridge University Press: Cambridge, UK, 2007. [Google Scholar]
- Hopkins, A. Lessons from Longford: The trial. Spec. Issue J. Occup. Health Saf. 2002, 18, 3. [Google Scholar]
- Calman, K.C.; Royston, G.H.D. Personal paper: Risk language and dialects. Br. Med. J. 1997, 315, 939–942. [Google Scholar] [CrossRef] [PubMed]
- Kaplan, S.; Garrick, B.J. On the quantitative definition of risk. Risk Anal. 1981, 1, 11–27. [Google Scholar] [CrossRef]
- Fischoff, B.; Watson, S.R.; Hope, C. Defining risk. Policy Sci. 1984, 17, 123–139. [Google Scholar] [CrossRef]
- McNamee, D. Targeting business risk. Intern. Audit. 2000, 57, 45–51. [Google Scholar]
- Espersen, D. The language of risk. Intern. Audit. 2007, 64, 69. [Google Scholar]
- Von Känel, J.; Cope, E.W.; Deleris, L.A.; Nayak, N.; Torok, R.G. Three key enablers to successful enterprise risk management. IBM J. Res. Dev. 2010, 54, 1. [Google Scholar] [CrossRef]
- Miccolis, J.A. Toward a universal language of risk. Risk Manag. 1996, 43, 45. [Google Scholar]
- Hogganvik, I.; Stølen, K. Risk analysis terminology for IT-systems: Does it match intuition? In Proceedings of the 2005 International Symposium on Empirical Software Engineering, Noosa Heads, Australia, 17–18 November 2005. [Google Scholar]
- Hopkin, P. Institute of risk management. Fundamentals of Risk Management; Kogan Page Publishers: London, UK, 2014. [Google Scholar]
- Pill, J. The Delphi method: Substance, context, a critique and an annotated bibliography. Socio-Econ. Plan. Sci. 1971, 5, 57–71. [Google Scholar] [CrossRef]
- Oh, K.H. Forecasting through Hierarchical Delphi. Ph.D. Thesis, The Ohio State University, Columbus, OH, USA, 1974. Unpublished. [Google Scholar]
- Hsu, C.C.; Sandford, B.A. The Delphi technique: Making sense of consensus. Pract. Assess. Res. Eval. 2007, 12, 1–8. [Google Scholar]
- Witkin, B.R.; Altschuld, J.W. Planning and Conducting Needs Assessment: A Practical Guide; Sage Publications, Inc.: Thousand Oaks, CA, USA, 1995. [Google Scholar]
- Ludwig, B. Predicting the future: Have you considered using the Delphi methodology? J. Ext. 1997, 35, 1–4. [Google Scholar]
- Farnsworth, B. What Is Participant Bias? (And How to Defeat It). Available online: https://imotions.com/blog/participant-bias/ (accessed on 18 December 2017).
- Dalkey, N.C. The Delphi method: An experimental study of group opinion. In Studies in the Quality of Life: Delphi and Decision-Making; Dalkey, N.C., Rourke, D.L., Lewis, R., Snyder, D., Eds.; Lexington Books: Lexington, MA, USA, 1972; pp. 13–54. [Google Scholar]
- Ludlow, J. Delphi inquiries and knowledge utilization. In The Delphi Method: Techniques and Applications; Linstone, H.A., Turoff, M., Eds.; Addison-Wesley Publishing Company: Reading, MA, USA, 1975; pp. 102–123. [Google Scholar]
- Ludwig, B.G. Internationalizing Extension: An Exploration of the Characteristics Evident in a State University Extension System that Achieves Internationalization. Ph.D. Thesis, The Ohio State University, Columbus, OH, USA, 1994. Unpublished. [Google Scholar]
- Douglas, D.C. A Comparative Study of The Effectiveness of Decision Making Processes Which Utilize the Delphi and Leaderless Group Methodologies. Ph.D. Thesis, The Ohio State University, Columbus, OH, USA, 1983. Unpublished. [Google Scholar]
- Rowe, G.; Wright, G. The Delphi technique as a forecasting tool: Issues and analysis. Int. J. Forecast. 1999, 15, 353–375. [Google Scholar] [CrossRef]
- Helmer, O.; Rescher, N. On the epistemology of the inexact science. Manag. Sci. 1959, 6, 25–53. [Google Scholar] [CrossRef]
- Adams, S.J. Projecting the next decade in safety management: A Delphi technique study. Prof. Saf. 2001, 46, 26–29. [Google Scholar]
- Delbecq, A.L.; van de Ven, A.H.; Gustafson, D.H. Group Techniques for Program Planning; Scott, Foresman, and Co.: Glenview, IL, USA, 1975. [Google Scholar]
- Ulschak, F.L. Human Resource Development: The Theory and Practice of Need Assessment; Reston Publishing Company, Inc.: Reston, VA, USA, 1983. [Google Scholar]
- Hayes, K. Uncertainty and Uncertainty Analysis Methods; Report EP102467; CSIRO: Hobart, TAS, Australia, 2001. [Google Scholar]
Rounds | Establish Context | Risk Identification | Risk Analysis | Risk Evaluation | Risk Treatment | Communication & Consultation | Monitoring & Reviewing |
---|---|---|---|---|---|---|---|
Round 1 | 60% | 60% | 75% | 85% | 65% | 95% | 65% |
Round 2 | 95% | 80% | 85% | 100% | 95% | 100% | 90% |
∆ Rounds 1 and 2 | 35% | 20% | 10% | 15% | 30% | 5% | 25% |
Second-Cut PEIs | Third-Cut PEIs |
---|---|
‘Risk treatment’ is the process of determining ‘risk mitigation strategies’ to:
| ‘Risk treatment’ is the process of determining further risk mitigation strategies, with consideration of the hierarchy of controls, to:
|
Rounds | Establish Context | Risk Identification | Risk Analysis | Risk Evaluation | Risk Treatment | Communication & Consultation | Monitor & Review |
---|---|---|---|---|---|---|---|
Round 2 (risk-experts) | 95% | 80% | 85% | 100% | 95% | 100% | 90% |
Round 3 (operators/workers) | 83% | 88% | 92% | 83% | 83% | 92% | 92% |
∆ Rounds 2 and 3 | −12% | 8% | 7% | −17% | −12% | −8% | 2% |
Finalised PEIs |
‘Establishing the context’ is the process of evaluating the external and internal environment in which your organisation operates with respect to the specific objective you are trying to achieve. This includes legal and regulatory frameworks, political, economic, cultural, commercial (including financial), technological and operational elements of your organisation. From this broad-based perspective, a strategic approach to risk can be mapped for your organisation, including establishing the criteria against which risk will be evaluated and defining the analysis structure. This results in a starting plan and scope for the other six parts of the process that can be applied at a strategic, tactical and operational level, as appropriate. |
‘Risk identification’ is the process of identifying the opportunities or hazards (sources of harm) and describing the types of credible risks that could affect your organisation. It involves a thorough examination of your organisation’s activities and the potential events that could occur and those that have occurred in similar circumstances. These events can be planned or unplanned. This results in a comprehensive list of well-defined risks, albeit there may be some uncertainties and ambiguities, unique to your organisation and its operational environment. |
‘Risk analysis’ is the process of determining the relative effect individual risks are likely to exert on your organisation/role. Risks to your organisation are analysed in terms of the likelihood of the event(s) occurring (e.g., ranging from rare to almost certain) and consequence(s) if the event occurs (e.g., ranging from minor to catastrophic). Events can be planned or unplanned. This results in data that can then be used to prioritise risk for management action as part of ‘risk evaluation.’ |
‘Risk evaluation’ is the process of comparing estimated levels of risk against the criteria defined earlier when ‘establishing the context.’ It then considers the balance between potential benefits and adverse outcomes, to determine if the risk is acceptable or tolerable based on the quality of the controls in place. This results in decisions being made about the current and potential future risk mitigation strategies and their priorities to ‘as low as reasonably practicable’ principles. |
‘Risk treatment’ is the process of determining further risk mitigation strategies, with consideration of the hierarchy of controls, to:
|
‘Communication and consultation’ is the process of sharing or obtaining information and engaging in dialogue with persons or organisations that can affect, be affected by or perceive themselves to be affected by, a decision or activity. It happens at each stage of the risk management process with a particular focus on the outcomes of managing and controlling the risk. It should also include consideration of lessons learned from within and external to the business. This results in giving or receiving feedback for consideration in the other elements of the risk management process. |
‘Monitoring’ is the process of checking, supervising and critically observing planned controls. These activities are undertaken at appropriate frequencies, depending on the nature and scope of the particular risk. This results in establishing that planned controls are in place and remain in place and whether the operating environment and thus risk, has changed. ‘Reviewing’ is the process of determining the suitability, adequacy and effectiveness of the implemented controls to achieve established objectives that were defined earlier in ‘establishing the context.’ This results in establishing a cycle of continuous improvement including considering new and/or more appropriate controls. |
© 2019 by the authors. Licensee MDPI, Basel, Switzerland. This article is an open access article distributed under the terms and conditions of the Creative Commons Attribution (CC BY) license (http://creativecommons.org/licenses/by/4.0/).
Share and Cite
Marling, G.; Horberry, T.; Harris, J. Development and Validation of Plain English Interpretations of the Seven Elements of the Risk Management Process. Safety 2019, 5, 75. https://doi.org/10.3390/safety5040075
Marling G, Horberry T, Harris J. Development and Validation of Plain English Interpretations of the Seven Elements of the Risk Management Process. Safety. 2019; 5(4):75. https://doi.org/10.3390/safety5040075
Chicago/Turabian StyleMarling, Garry, Tim Horberry, and Jill Harris. 2019. "Development and Validation of Plain English Interpretations of the Seven Elements of the Risk Management Process" Safety 5, no. 4: 75. https://doi.org/10.3390/safety5040075