After the Australian’s risk management standard (AS/NZS 4360:2004) walked on ISO’s world stage in 2009, management system users from other countries have shrugged their shoulders over the need to determine the context BEFORE getting into the familiar plan-do-check-act (PDCA) cycle. However, what lies between the organization and meeting its objectives is uncertainty.
Uncertainty can be found in the context as opportunities and threats. The environmental and occupational health & safety (EHS) management systems apply within the organization. The context defines the basic parameters within which risks must be managed and sets the scope for the risk management process.
There are three contexts for an organization to consider: the external context; the internal context; and the risk management context.
Establish the External Context
Organizations must assess their external operating environment to determine and characterize the crucial influences and factors that might support or impair their ability to manage the opportunities and threats that are identified. Using a PESTLE tool, it is possible to determine the key drivers and trends exerting positive and negative consequences that affect the attainment of EHS objectives. The organization also must look at relationships with external stakeholders, along with their perceptions, values, and interests.
Establish the Internal Context
Understanding the internal context prepares the organization for managing the opportunities and threats originating within its operations. A TECOP methodology widely used in the project management field provides a set of influences that are useful for scanning the internal operating environment. Key areas include the organization’s culture, its internal stakeholders, its structure capabilities in terms of resources, objectives and the strategies that are in place to achieve them. It is important to be aware of organizational factors that may influence decisions about EHS risk including existing work practices and procedures
Establish the Risk Management Context
Establishing the EHS risk management context includes understanding the purpose of EHS management in the organization’s culture and planning processes. This involves consideration of external factors such as the requirements of EHS legislation, and community concerns over EHS incidents inside and outside of the facility. There may be specific organizational standards and policies related to EHS. Specific stakeholders in EHS need to be identified along with their interests in EHS. The EHS objectives need to be understood as part of the risk management context.
The scope of the risk management activities that are needed should be defined and the remainder of the process planned. The risk management process may be applied to this preliminary planning process to define the priorities and plan the program for managing the risks in a logical manner. Using the three contexts, the risk management program is then likely to include many EHS and risk management studies looking at the opportunities and threats found in these three contexts. Then is it time to scope the PDCA activity.
Bio:
Robert B. Pojasek, Ph.D.
Harvard University & Pojasek & Associates LLC
Risk Management & Organizational Sustainability
rpojasek@sprynet.com
(781) 777-1858 Office
(617) 401-5708 Mobile & Text
www.linkedin.com/in/bobpojasek
Organizational Risk Management and Sustainability:
A Practical Step-by-Step Guide
Now available as an e-book
http://tiny.cc/xz3fhy
Also available as an online action learning course
Expert as environment, health & safety, and sustainability professional with a record of providing leadership, training and operational support to all levels of the organization; Implements new and revised management systems to drive EHS/sustainability program conformance throughout the operation; Integrates organizational systems of management using the ISO harmonized high-level structure; Provides support for organizations implementing sustainability/risk management practices featured in my book.