Add to collection(s) Add to saved
  1. Business
  2. Management

1-SO-03 Building a Risk Profile

advertisement 
Building a Risk Profile
Start
1.0 - Collect and
analyse information
2.0 - Draft a Terms
of Reference
document
3.0 – Convene Risk
Profile Workshop
4.0 - Complete risk
profile template
1-SO-03
March 31, 2012
Page 1 of 8
1.0 - Collect and analyse information
 Canvass subject matter experts and staff on areas of
concern in their areas, and interview senior managers
to identify their key business concerns. These concerns
do not need to be directly related to safety;
 Examine internal and external audits, procedural
documents, etc. to understand the strategic and day-today performance of the organization; and
 Identify which issues meet the definition of a hazard or
SSD, and which of these appear the most frequently.
2.0 - Draft a Terms of Reference document
Include:
 The purpose of the workshop and required outcomes;
 Who is required to attend the workshop (senior
managers from all departments, the SMS Manager, and
a secretary, as a minimum);
 The date, time, and location of the meeting; and
 Additional tasks that must be completed prior to the
workshop, and who is responsible for completing them.
3.0 - Gather Decision Makers and Stakeholders to finalise
list of Key Management Issues
 Review and discuss the management issues presented
in the Terms of Reference;
 Identify additional management issues and supporting
evidence for the inclusion of these issues;
 Identify how each management issue could result in
increased safety risk;
 Determine whether any of the management issues are
themselves symptoms of higher-level problems;
 Assess the significance of each issue; and
 Identify existing or new mitigation to manage each
issue.
4.0 - Complete risk profile template
 Complete the template found in Appendix A.
Finish
Figure 1 – Risk Profile Development Process
Building a Risk Profile
1-SO-03
March 31, 2012
Page 2 of 8
Introduction
This user guide provides Certificate Holders with guidance on completing a Risk Profile, and
provides a template with which to document a completed Risk Profile for internal use and for
submission to BDCA as part of the SMS Acceptance process.
Background
One of the key building blocks of a sound Safety Management System (SMS) is a prioritized list
of safety-related management issues. This list, hereafter referred to as a Risk Profile, makes
setting priorities for improvement initiatives easier, thereby ensuring that issues get addressed
at a pace commensurate with their significance to safety-risk.
When completing a Risk Profile, it is important to understand the concepts of hazard, risk,
system safety deficiency (SSD) and mitigation. Refer to document 1-SO-02 Safety Management
Definitions for BDCA’s definitions of these ideas.
Purpose
A Risk Profile identifies the systemic management issues that hinder an organization’s ability to
manage safety risks to a level as low as reasonably practicable.
Recommended Approach
The process of developing a Risk Profile is nearly as important as the profile itself. By working
collaboratively to generate the list of high-priority safety issues within an organization, managers
gain a better understanding of the overall health of the organization, and they gain insight into
the difficulties and concerns of managers operating in other parts of the organization. This
understanding can help to improve cohesiveness and teamwork, and can lead to better
organizational efficiency and effectiveness.
Therefore, it is recommended that as many people (managers, subject matter experts and staff)
as possible be involved in the development of the Risk Profile. This does not mean that
everyone in the company should be brought into a meeting together to discuss management
issues: in organizations of more than 10 people, such an approach would make it impossible to
arrive at consensus. Instead, feedback from key personnel should be solicited before gathering
a small group of decision-makers to discuss and agree on the key management issues.
Openness is critical for such an approach to be effective. In order to give honest input, staff
must be comfortable that their opinions will remain de-identified and not be counted against
them in future. This should be clearly communicated to staff before soliciting their input.
During the Risk Profile Workshop, it is important to ensure that the discussion is not dominated
by a single person. If it is, then the Risk Profile may not be accurate, as it will be biased toward
Building a Risk Profile
1-SO-03
March 31, 2012
Page 3 of 8
whatever concerns the dominant person feels to be most pressing. Therefore, the Risk Profile
Workshop should be facilitated by a strong individual who will ensure that all voices are heard.
Ideally, this person should be as independent as possible from the ultimate decisions regarding
priority. The SMS or QA manager can be a good person for this role.
Steps to Complete a Risk Profile
Figure 1 depicts BDCA’s recommended process for developing a Risk Profile, described in
further detail in the paragraphs that follow.
1.0 - Collect and analyse information
The first step is to identify the key management issues the organization faces. Management
issues are those high-level concerns that have widespread impact on the safety-risk
management performance of the company. They can be technical (e.g., aging equipment, poor
spare parts availability, or lack of suitable fuel suppliers), financial (e.g., pressure to reduce
spending on maintenance or on improvement initiatives brought on by a decrease in revenue),
or organizational (e.g., lack of skilled workers in the area, succession planning, retirement of key
individuals).
Key management issues are the top 5 to 12 issues in terms of significance (see next section on
rating significance). Smaller organizations should typically focus on fewer key management
issues than larger organizations.
To identify management issues, the person assigned responsibility to complete the risk profile
should:



Canvass subject matter experts and staff on concerns in their areas. Ask them questions
about the efficacy of policies, processes, procedures, practices and resources in their
areas. This can be accomplished through interviews or questionnaires (paper or
electronically based);
Interview senior managers. A key question for senior managers might be “What
business concerns keep you up at night?” These concerns do not need to be directly
safety related: key concerns will affect decision making, and could have an indirect
impact on safety performance; and
Examine documents and files related to the strategic and day-to-day performance of the
organization. This could include internal and external audits, procedural documents, etc.
Analyse the information that has been gathered. Look for items that fit the definition of a hazard
or of a SSD. Look for recurring themes, identify which concerns occur most frequently, and look
for items that could have the greatest impact on safety (either because they affect a critical
area, or because they affect many areas within the organization). If you identify several similar
Building a Risk Profile
1-SO-03
March 31, 2012
Page 4 of 8
hazards, gather additional information (through interviews or further research) to identify the
underlying SSD(s) that is either creating those hazards, or allowing those hazards to exist.
2.0 - Draft a Terms of Reference document
The Terms of Reference document prepares decision makers for the Risk Profile Workshop. It
summarizes the results of the initial information gathering and analysis, and covers the logistics
of the meeting. Completing a Terms of Reference document is a good tool to ensure that all
important elements are considered before carrying out the Risk Profile Workshop.
The Terms of Reference document should clearly communicate:




The purpose of the workshop and required outcomes;
Who is required to attend the workshop. Minimum attendance should include senior
managers from all departments, the SMS Manager, and a secretary;
The date, time, and location of the meeting; and
Additional tasks that must be completed prior to the workshop, and who is responsible
for completing them.
3.0 – Risk Profile Workshop
The purpose of the Risk Profile Workshop is to openly and thoroughly discuss the organization’s
key management issues so that they can be prioritised based on risk. This process is intended
to enhance communication and understanding amongst decision makers, and establish the
organization’s priorities for the near- to mid-term.
The workshop is facilitated in order to ensure that all voices are heard. The steps in the meeting
include:







Reviewing and discussing the management issues presented in the Terms of Reference;
Identifying additional management issues and supporting evidence related to these
issues;
Identifying and listing how each management issue could result in increased safety risk;
Identifying the mitigation that is currently in place to manage the issue and assessing the
effectiveness of this mitigation;
Determining whether any of the management issues are themselves symptoms of
higher-level problems (i.e., SSDs);
Assessing the significance of each issue (using the guidance in the next section); and
Identifying a few general activities that will be undertaken to mitigate or manage each
high-level concern.
Based on the ratings of significance, identify the top 8 – 12 safety management issues that will
be included in the final Risk Profile.
Building a Risk Profile
1-SO-03
March 31, 2012
Page 5 of 8
4.0 - Complete Risk Profile template
Using the information from the Risk Profile Workshop, document the key management issues, in
order of significance. This can most easily be done in a table like the one in Appendix A. Under
the heading Mitigation, record 2 – 3 activities that have been or will be undertaken to address
each key issue selected (for example, if one of the Management Issues is “Unavailability of
replacement parts”, mitigation could include “Establish parts pooling arrangements with other
local AMOs”, and “Develop policy on robbing serviceable parts”).
To ensure that a record of the decision-making process is maintained for future information, it is
advisable to supplement the Risk Profile table with a short report outlining the discussions that
occurred in the Risk Profile Workshop. This report should provide sufficient explanation for
readers to understand each item in the risk profile and why each item is a safety-management
concern.
Generating a Risk Profile will generate positive tension and a desire to begin addressing the key
management issues. Following the completion of the table and report, it is worthwhile identifying
ways in which the momentum generated by completing the risk profile can be used to begin
addressing key issues. This should be done as close as possible to the Risk Profile Workshop,
and no more than a week after completing the report: if actions are not initiated promptly, people
will focus their attention on other concerns. Actions should be focussed on improving existing
mitigation that was identified as being weak, or on taking additional mitigation to eliminate or
manage the management issues identified.
Rating Significance
It is vital that the management issues are ranked in terms of significance from a risk
perspective. By identifying which issues are the most significant, it becomes possible to
prioritise action plans, minimising the chance that new risks will be introduced by expending
time and resources on the wrong items.
Ratings of significance are assigned by assessing (i) the Importance of each management
issue, and (ii) the Urgency with which it should be addressed. A numeric value is assigned to
each.
Refer to the tables of Importance and Urgency on the following page.
Building a Risk Profile
1-SO-03
March 31, 2012
Page 6 of 8
Importance
A rating of “A” (very important) to “C” (of little importance) is assigned. An issue will be very
important if it significantly impacts safety performance or management. For instance, a finding
that a project safety plan was not implemented would be judged “A” - very important - because it
has the potential to negatively impact future safety management and performance. An
assignment of “A” or “B” might also be assigned if it impacted one or more lines-of-defence.
Categories of Importance
Category
Descriptor
Description
A
High
The consequences are either
widespread or severe
B
Moderate
The consequences could soon attain
significance in either scope or severity
C
Low
There is little foreseeable impact from a
risk perspective
Urgency
Urgency relates to how quickly an issue needs to be addressed in order to adequately mitigate
the associated risk. A rating of 1 to 5 is assigned to indicate increasing urgency.
Categories of Urgency
Category
Descriptor
Description
1
Immediate
Immediate attention is warranted to
achieve immediate results
2
High
Prompt attention is warranted to
achieve long-term results
3
Moderate
An action plan needs to be developed
and implemented
4
Low
Action should be taken when
appropriate
Building a Risk Profile
Appendix A
1-SO-03
March 31, 2012
Page 7 of 8
Risk Profile Template
MANAGEMENT ISSUE
IMPORTANCE
URGENCY
MITIGATION
1.
2.
3.
4.
5.
6.
7.
8.
Page 7 of 8
Building a Risk Profile
Appendix A
1-SO-03
March 31, 2012
Page 8 of 8
Page 8 of 8
Related documents
National History Day Guidelines
National History Day Guidelines
Roberta Bondar
Roberta Bondar
Kotter,_John_(2007)_-_Our_iceberg_is_melting
Kotter,_John_(2007)_-_Our_iceberg_is_melting
SUMMARY OF IMPACTS of proposed Project
SUMMARY OF IMPACTS of proposed Project
Microsoft Word - Current Events Speech and Rubric
Microsoft Word - Current Events Speech and Rubric
Task Hazard Analysis Worksheet
Task Hazard Analysis Worksheet
Download
advertisement