Management System Success is Management Success


 Looking for SUCCESS? In safety, or in any other area?

To find out more, go to the Succes in Safety page to find out more.

[1] Risk Management, Safety and Control of Loss - Protecting Your Organization

[2] Making Your Future - In Business and in Other Parts of Life 



My books Success in Safety Improvement Model Management System Success Improvement Process 17-Step Process Improvement Process Rating Management System Structure Management System Content Improving the Management System The Audit Management System Rating International Safety Rating System Accidents and Incidents Accident Investigation Protocol Safety Opinion Survey

Risk Management

If you want to manage something, you first want to know what it is. So, in case of Risk management, you first want to know what the risks are. You also want to know how large they are, or rather: can be, so you can prioritize them for further processing. The first step then will be the identification and evaluation of risk. After that, Risk Management can grossly be divided into two main areas: control of risk and risk financing.

Control of risk includes the elimination of risks as well as the reduction, in event frequency as well as type and size of consequences. Control of risk has an important influence of the financing of risk irrespective of whether that will be out-of-pocket, through insurance or otherwise. 

Risk control can be divided into two areas: organizational and technical. Preference will  often be given to technical (hardware) solutions since those - if well done - do not normally depend on the direct influence of people. Organizational measures, apart from work procedures, administrative controls and decision making, include the designing and building technical systems, maintenance and change management to keep them in safe operating conditions. Organizational issues are at the heart of the risk management system and the focus of this website.

Organizational Control: the heart of Risk Management 

Risk management is Safety management

Making the difference between risk management and safety management is by choice rather than by reason. It boils down to the definitions of risk and accident and depends very much how you want to see these in your organization. If you want, there is a difference in time: a risk is the chance that something will happen while an accident is something that did happen; the accident was a risk before it the unwanted event occurred.  

Risk management is Loss Control management

Here too, there is really no difference between risk management and loss control or loss control management. Depends on the definitions that your are using. The only difference again is the time factor: loss is the result of an unwanted event. One could say that risk management also includes the financing of risk but in essence this risk financing is financing of losses that do or may happen as the result of unwanted events.

Risk, problem, accident, loss or whatever you wish to call these all are related to unwanted events and they are all related to what people do or not do.  

Risk management is problem solving and very similar to the basic problem solving sequence - see picture below where I replaced the word "Problem" by "Risk". Risk is a potential problem, something that can happen in the future. If the risk materializes then we have a loss. So the difference between risk and loss is the time factor: if the hazard is there, the risk will materialize sooner or later. The consequence or loss - type and size - will depend on the circumstances that exists at the time that the event takes place. Murphy's law popular version: "If anything can go wrong, it will" or "What can happen, will happen".  



Risk Management Process


In the problem solving sequence below, replace the words "problem" by "risk" and you have the risk management process to include:


  1. can there be a problem? In risk management terms called "risk identification" - is there a hazard? 

Problem or Risk evaluation in terms of event frequency (how often?) and possible consequences (how much?). In risk management terms called "risk assessment". 

  1. is the (potential) problem small enough to be ignored? If not - go to step 3.

Problem or Risk control 

  1. can the problem be eliminated? If so, that may be the preferred option.

  2. if not, we will have to live with it and take action to reduce the risk at an acceptable level which relates to the frequency of occurrence of the unwanted event as well as to its possible consequences in terms of monetary, human, environmental or business loss.

  3. cause analysis - what are the various causes that can lead to an accident, incident and other unwanted event that transforms hazard to risk? We can only control it if we know what the causes are.

  4. what are the possible event frequencies and consequences related to the various causes?

  5. establish alternatives to control the risk, a combination of technical and organizational measures - prevention (directed at event frequency) and limitation of consequences, including risk financing.

  6. choice of best combination of technical, organizational and risk financing measures. Identification of what needs to be done and setting Standards or criteria for these control activities. This actually forms the PLAN to control risks or problems as one step in the platform model.

  7. implement or DO of the selected control measures by properly Trained and informed people.

  8. periodic evaluation of the control activities -  Measurement and Evaluation of activities carried out - are they meeting criteria set?

  9. Correction if control activities are not carried out properly. Loop back to 7.

  10. evaluation of results - are control activities producing desired results? If not, altering or extending of those activities may be required or other/additional control measures may have to be introduced. Loop back to 5/6 etc.

  11. learn from what goes wrong and feed that learning experience back into the process. Loops back to 5/6  and 7 etc.

The above sequence represents a process with several loops depending on implementation of choices and results obtained.

You may have noted that the risk management or problem solving process described above includes the standing plan or management system, the PLATFORM model Plan-Train-Do and the management control function steps ISMEC (see terminology)  

Ideally, any activity we undertake should start with hazard identification and risk assessment and then develop from there. If that route is followed, the PLAN or management system (which is at the heart of this website) will be developed in relation to the residual risks or problems that remain after termination, elimination and reduction efforts have taken place. The process above is based on need of activities to be carried out (steps 1 - 4), execution of those activities (5 - 7) and periodic evaluation of execution and results (8 - 10).

In the approach to management system development as given through this website, the same caution has been built-in through the structure that is present in each of the management system activity areas. That structure starts with a need assessment for the activity concerned and ends with the periodic evaluation of activities and their results.

I have also visualized the risk management process in a different manner as an event or decision tree, as follows:


Safety - or Risk Management Trees were developed by the SSDC (System Safety Development Center) for the US Department of Energy. The better known tree is MORT (Management Oversight and Risk Tree - see Risk Management Resources).

NEXT PAGE is Risk Identification

If you want to read my website pages from the beginning go to: THE HOME PAGE



View Willem Top's profile on LinkedIn  
Search website
© Copyright 2001/2012 Willem Top