430 likes | 539 Views
RISK MANAGEMENT PROCESS. SAFETY TRAINING. Corporate Safety Training For Supervisors and Affected Employees. WELCOME. ABOUT THIS COURSE.
E N D
RISK MANAGEMENT PROCESS SAFETY TRAINING Corporate Safety Training For Supervisors and Affected Employees WELCOME
ABOUT THIS COURSE Risk Management is a Process of Identifying exposures and Determining Treatments. (Insurance is only one small aspect of the process) Risk Management procedures, properly applied will assist you in preparing for problems as well as controlling the impact of these events. It is a tool which may be used by Individuals as well as Businesses, and assists in the implementation of a plan which reduces your chance of having a loss as well as the amount of loss which may result.
COURSE OBJECTIVES • Introduce the Risk Management Process. • Discuss the Basics of the Risk management Process. • Introduce the Corporate Business Continuity Program. • Discuss the Need for a Corporate Disaster Recovery Plan.
BASIS FOR THIS COURSE • Life Safety. • Corporate Stability. • Statistically, Risk Management Results in Prevention. • OSHA Requirements. • EPA Requirements.
RISK MANAGEMENT PROCESS 1. Obtain Senior Management Buy-in and Support. 2. Assign Roles and Responsibilities. 3. Inventory Assets. 4. Assess Risks. 5. Safety and Health Plan. • Business Continuity Plan (BCP) • Business Impact Analysis (BIA) • Develop Countermeasures • Development/Implementation • Testing of the Plan • Plan Awareness and Training • Maintenance of the Plan • Audit • Policies/Procedures • Incident Reporting • Incident Investigation • Awareness • Follow up
Define Environment & Assets Monitoring, Testing & Audits Risk Analysis & Assessment The Process Awareness & Administration Policies, Stds, Procedures Design & Implementation RISK MANAGEMENT PROCESS Continued
RISK MANAGEMENT PROCESS Continued Impacts: • Loss of Revenue - Corporate Income • Legal Problems - Fines, Penalties • Goodwill - Client & Stockholder Confidence • Note: Losses May Not Be Dollars.
PROGRAM COMPONENTS 1. Risk Analysis & Risk Assessment 2. Safety and Health Program 3. Business Continuity Program
RISK OVERVIEW Ten Steps • Organize and Define the Scope • Identify and Value the Assets • Identify Applicable Threats • Identify and Describe Vulnerabilities • Establish Pairings (relationships) • Determine the Impact of Threat Occurrence • Measure Existing Countermeasures • Determine Residual Risks • Recommend Additional Countermeasures • Prepare a Risk Analysis Report Risk Analysis
RISK OVERVIEW Continued Advantages: • In-depth risk assessment brings peace of mind. • You get a comprehensive picture of business and technical processes. • You Identify current opportunities for process enhancements and/or re-engineering. • You have planning data for rapid, smooth recovery. • “Insurance Policy” for staying in business. Risk Analysis
RISK OVERVIEW Continued 1. Risk Analysis & Risk Assessment Risk Analysis - The process of identifying and documenting vulnerabilities and applicable threats to assets. Risk Analysis Risk Assessment - Projecting losses, assigning levels of risk, and recommending appropriate measures to protect assets.
RISK OVERVIEW Continued Foundation of All Risk Management Programs: • Snapshot in time. • Discover compliance with existing policies. • Basis for selecting cost-efficient, most appropriate protection measures for assets. • Equilibrium- asset loss to countermeasures • Provide information on likelihood of threat occurrence and asset impact. • Federal government and most states mandate. • Ensure reasonable steps are taken to prevent loss of assets. Risk Analysis
RISK OVERVIEW Continued Risk Analysis Vs Business Impact Analysis: • Risk Analysis & Assessment (RAA) - (Proactive) • Initial process that identifies critical processes, evaluates current standards and countermeasures, determines cost-effective mitigation of identified risks. Risk Analysis • Business Impact Analysis (BIA) - (Reactive) • Quantifies risks to include exposure results such as financial loss, client good will, public confidence, etc.
RISK OVERVIEW Continued Risk Management Jargon: • Assets - Anything of value worth protecting or preserving. • Threats - Events or actions which always exists and can generate undesirable impacts or loss of assets. Can be either human or environmental. • Vulnerabilities - The “windows of opportunity” which allow threats to materialize. Exposures. Conditions of weakness. • Countermeasures - (Safeguards, Controls) - Devices, processes, actions, procedures that canreduce vulnerabilities. Prevention, Detection, Correction. • Risk - Potential for a threat to exploit a vulnerability. • THREAT + VULNERABILITY = RISK Risk Analysis
RISK OVERVIEW Continued The Basics: • Assets identified. • Threats identified. • Vulnerabilities identified. • Asset Losses identified. • Protective measures identified and proposed. Risk Analysis
RISK OVERVIEW Continued Quantitative VS Qualitative • Quantitative • Objective Numeric Values • Asset Valuation • Precise Impact • Frequency of Threats • Countermeasure Cost-Effectiveness • Use of Complex Calculations (probabilities) • Qualitative • Descriptive, Immeasurable Values • Rough Characteristics • No Quantifiable Data • Yes/No; Low/Medium/High; Vital/Critical/Important; good/bad • Rankings based on judgment
QuantifiableJudgments RISK OVERVIEW Continued In Reality. . . Risk Analysis Involves Both Risk Analysis • Quantifiable measurements. • Judgments based on experience and knowledge.
RISK OVERVIEW Continued Types of Threats: • Human -Intentional or Unintentional. • Environmental (technological) - From on or off site event. • Environmental (natural) - Earthquakes etc. Risk Analysis
TYPES OF COUNTERMEASURES • Prevention • Detection • Correction Risk Analysis
CORPORATE KNOWLEDGE BASE Analysts Need to: • Know current and historical internal environment. • Know current and historical external environment. • Understand dependencies and vulnerabilities. • Understand threat profiles. • Understand countermeasure choices and related costs. • Be able to apply cost-benefit analysis to risks and countermeasures. Risk Analysis
PROGRAM COMPONENTS 1. Risk Analysis & Risk Assessment 2. Safety and Health Program 3. Business Continuity Program
HUMAN ASSET PROTECTION 2. Safety and Health Program To quantify it involves: - Gathering information from available sources. - Conducting baseline screening surveys to determine which jobs, areas or processes need a closer analysis. - Performing risk analyses of the work areas/processes with identified risk factors. - After implementing control measures, conducting periodic surveys and follow-up to evaluate changes. Safety
HUMAN ASSET PROTECTION Continued Eight Steps: 1. Management Sponsorship and Support. 2. Organize and Define the Scope. 3. Risk Analysis. 4. Policies and Procedures. 5. Workplace Safety Controls. 6. Accident Reporting and Investigation. 7. Safety Awareness Training. 8. Monitoring and Follow-up. Safety
HUMAN ASSET PROTECTION Continued • PRINCIPAL QUESTIONS TO BE ANSWERED: • WHO? • WHAT? • WHY? • WHEN? • WHERE? • HOW? Safety
HUMAN ASSET PROTECTION Continued WHO? • Who could be injured? • Who controls that particular work environment? • Who can render first aid or medical treatment? Safety
HUMAN ASSET PROTECTION Continued WHAT? • What is the past accident history of the area? • What is the exact nature of previous injuries? • What do the employees routinely do? • What operations are performed? • What hazardous/nonhazardous materials are used? • What safe-work procedures have been provided? Safety
HUMAN ASSET PROTECTION Continued WHAT? • What personal protective equipment are used? • What PPE is required? • What elements can contribute to an accident? • What machine guards are available but not used? • What negative environmental conditions exist? • What related safety procedures need revision? • What shifts do the employee’s work? • What ergonomic factors are involved? Safety
HUMAN ASSET PROTECTION Continued WHEN? • When do accidents historically occur? • When do employee start his/her shifts? • When was job-specific training received? • When (how often) do supervisors visit the job? Safety
HUMAN ASSET PROTECTION Continued WHY? • Why do the accidents occur? • Why do employee’s do what they do? • Why do co-workers do what they do? • Why are the specific tool/equipment selected? Safety
HUMAN ASSET PROTECTION Continued WHERE? • Where do accident’s occur? • Where are employee’s positioned? • Where is the supervisor stationed? • Where is first aid stationed? Safety
HUMAN ASSET PROTECTION Continued HOW? • How do accidents occur? • How many employee’s work in specific areas? • How do employee’s get injured (specifically)? • How can the injuries be avoided? • How can witnesses help better? • HOW CAN THE COMPANY IMPROVE SAFETY? Safety
HUMAN ASSET PROTECTION Continued WHAT'S NEXT - AFTER RISK ANALYSIS? • Instruct employee in proper behaviors. • Warn employee of potential hazards. • Supply appropriate safeguards. • Supply appropriate PPE. • Eliminate known unsafe conditions. • Repair or modify known unsafe conditions. • Implement procedural changes. Safety
HUMAN ASSET PROTECTION Continued Some Road Blocks to Safety: • Lack of Sufficient Budget. • Lack of Written Procedural Guidance. • Lack of Resources - Management Support, Staff. • Lack of Awareness. • Lack of Tools. • Lack of Training. Safety
PROGRAM COMPONENTS 1. Risk Analysis & Risk Assessment 2. Safety and Health Program 3. Business Continuity Program
RECOVERY Continued 3. Business Continuity Program BCP - Spells out what, who, how, and when for a quick and smooth restoration of critical operations after a catastrophic disruptive event, minimizes losses, and eventually returns to business as normal. Important - The BCP can incorporate or reference other corporate plans required by outside regulatory agencies. BCP
RECOVERY Twelve Steps 1. Pre-planning (Senior Mgmt Commitment/Support, Policies) 2. Risk Analysis 3. Business Impact Analysis 4. Identify Resources and Requirements Needed 5. Emergency Response 6. Coordination with Public Authorities 7. Public Relations and Crisis Communications 8. Strategic Alternatives 9. Plan Development/Implementation 10. Testing/Exercises 11. Awareness 12. Maintenance BCP
RECOVERY Continued Goals • Identify weaknesses and implement a disaster prevention program. • Minimize the duration of a serious disruption to business operations. • Facilitate effective co-ordination of recovery tasks; and reduce the complexity of the recovery effort. BCP
RECOVERY Continued • Corporate - Business Continuity Plan • Corporate - Business Resumption Plan • FEMA - Natural Disaster Recovery Plan • OSHA - Facility Emergency Action Plan • EPA - Risk Management and Contingency Plan • Law Enforcement - Crisis Management Plan BCP
RECOVERY Continued • Business Impact Analysis (BIA): • Foundation of BCP • Establishes the value of each major organizational function as it relates to the whole. • Provides the basis for identifying the critical resources required to develop a business recovery strategy. • Establishes priority for restoring the functions of the organization in the event of a disaster. BCP
RECOVERY Continued Six Steps to BIA: 1. Identify the Critical Business Functions. 2. Prioritize Critical Business Functions. 3. Identify Dependencies and Resources Needed. 4. Identify Points of Failure for Each Function. 5. Estimate Probable Impact of Loss for Each Point of Failure. 6. Determine if a Contingency Plan is Required. BCP
RECOVERY Continued Staying Current: • List (know) functions having a critical impact on mission. • Ensure a plan is developed for each critical function. • Continue to test and evaluate plans at least once a year. • Keep personnel responsibilities current and test for readiness. • Involve key personnel in operational planning. • Train, Train, Train. BCP
LAST WORDS DISASTERS ARE SOMETIMES INEVITABLE SURVIVAL ISN’T