ht+a's Podcast
[Audiobook] Workplace Essentials | Risk Assessment and Management
Have you ever wondered how a single oversight in risk management could unravel your entire business? Join us as we uncover the essentials of risk assessment and management, guaranteeing you the knowledge to prevent disasters, create safer work environments, and boost productivity. Discover the critical distinction between hazards and risks and follow our detailed guide to effective risk assessment, including invaluable employee consultations. Through the cautionary tale of Sean, a manager who disregarded employee warnings with dire consequences, we underscore the paramount importance of heeding employee feedback.
Transitioning to industry-specific risks, we break down how businesses from retail to pharmaceuticals can tailor their risk management strategies. Explore the benefits of departmental risk assessments and the key categories of risks—physical, location, human, and technology—that every organization should consider. Learn how to identify and mitigate common hazards, from workplace clutter to slip-and-fall areas, and prepare for external events such as supplier disruptions and environmental factors. We emphasize the necessity of evaluating potential problems and preparing for worst-case scenarios to ensure business resilience.
Our episode continues with practical strategies for managing business risks, from reducing and transferring them to avoiding and accepting them. Understand risk mitigation techniques, the role of insurance, and the pitfalls of overly cautious decision-making, illustrated by Cara's missed opportunity. Delve into the importance of general office safety, including accident reporting and response plans. Finally, we stress the need for disaster recovery plans and regular risk assessments, sharing real-life examples to highlight the critical steps for safeguarding business operations. This comprehensive guide is your roadmap to mastering risk assessment and management in your business.
Sign up for our self-paced courses or instructor-led workshops at www.ht-a.solutions
Sign up for our self-paced courses or instructor-led workshops at www.ht-a.solutions
Sign up for our self-paced courses or instructor-led workshops at www.ht-a.solutions
Have you ever wondered how a single oversight in risk management could unravel your entire business? Join us as we uncover the essentials of risk assessment and management, guaranteeing you the knowledge to prevent disasters, create safer work environments, and boost productivity. Discover the critical distinction between hazards and risks and follow our detailed guide to effective risk assessment, including invaluable employee consultations. Through the cautionary tale of Sean, a manager who disregarded employee warnings with dire consequences, we underscore the paramount importance of heeding employee feedback.
Transitioning to industry-specific risks, we break down how businesses from retail to pharmaceuticals can tailor their risk management strategies. Explore the benefits of departmental risk assessments and the key categories of risks—physical, location, human, and technology—that every organization should consider. Learn how to identify and mitigate common hazards, from workplace clutter to slip-and-fall areas, and prepare for external events such as supplier disruptions and environmental factors. We emphasize the necessity of evaluating potential problems and preparing for worst-case scenarios to ensure business resilience.
Our episode continues with practical strategies for managing business risks, from reducing and transferring them to avoiding and accepting them. Understand risk mitigation techniques, the role of insurance, and the pitfalls of overly cautious decision-making, illustrated by Cara's missed opportunity. Delve into the importance of general office safety, including accident reporting and response plans. Finally, we stress the need for disaster recovery plans and regular risk assessments, sharing real-life examples to highlight the critical steps for safeguarding business operations. This comprehensive guide is your roadmap to mastering risk assessment and management in your business.
Sign up for our self-paced courses or instructor-led workshops at www.ht-a.solutions
Sign up for our self-paced courses or instructor-led workshops at www.ht-a.solutions
Sign up for our self-paced courses or instructor-led workshops at www.ht-a.solutions
Risk Assessment and Management. Module 1. Getting Started. Risk assessment and management is essential for the success of any business. However, many companies do not always take the necessary precautions, which leads to disaster. Successfully managing risks will prevent mistakes, which leads to a safer work environment, happier employees and increased productivity. Following a few basic steps will place your organization on the path to success.
Speaker 1:Module 2. Identifying hazards and risks. Every organization has both hazards and risks. Identifying hazards and risks is necessary for risk management. Hazards and risks are often confused with each other. Determining the difference between a hazard and a risk will increase the effectiveness of the risk management. Hazards and risks are often confused with each other. Determining the difference between a hazard and a risk will increase the effectiveness of the risk management program.
Speaker 1:A hazard is any source of harm. This includes adverse health effects or loss to the organization or employee. Hazards are varied. They include materials, substances, sources of energy, processes, practices and conditions. Examples of hazards Sharp objects, high temperatures, electricity, slippery surfaces, asbestos, chemicals. Once hazards are identified, you can take the opportunity to identify the risks associated with each hazard in your facility. A risk is not a hazard. It is the chance of harm coming from a hazard. This applies to the health, bodily safety, equipment and property. For example, prolonged exposure to chemicals in the work environment increases the risk of health problems. Noise exposure can place an employee's hearing at risk. Identifying the hazards in an environment is the first step in risk assessment. The second step is to determine who is at risk from these hazards. The third step is to evaluate the risk and the final step is to determine the best way to control the risks and provide a safe working environment.
Speaker 1:Risk management is necessary to protect the company and the employees. Employees are the most valuable resource because risk management directly affects them and they have a unique understanding of day-to-day operations. It is important to consult employees with any change in the way work is done. When consulting with employees, it is imperative that you communicate clearly and honestly. Provide ample time for the conversation to take place. Finally, it is imperative that you pay attention to everything employees have to say. Do not simply pay attention to feedback that supports your current ideas. Examples of when to consult employees Safety inspections, purchasing or repairing equipment, workflow charts, internal layout, cleaning chemicals.
Speaker 1:The likelihood scale is used to determine the likelihood that an event will occur. For example, you would use it to determine the risk of an equipment malfunction. Each risk needs to be scored on the likelihood scale from 0 to 3. 0, impossible there is no possible way that an event can take place. This is rarely used. 1. Low possibility or remote possibility there is a slight risk 2% or less of something happening. 2. Medium possibility or possible the event is possible. It has between a 2 and 25% chance of occurring. 3. High possibility or probable there is a greater than 25% chance of occurring. 3. High possibility or probable there is a greater than 25% chance that something is going to happen. The event is likely going to occur soon. Scores should be based on the current data that you have. The reasons for your score should also be recorded.
Speaker 1:Example Risk hearing damage Score 1. Noise pollution is within safe parameters. Damage Score 1. Noise pollution is within safe parameters. The office does not have loud, consistent noises. Risk lab accident Score 3.
Speaker 1:Caustic chemicals are used daily along with dangerous equipment. There is the risk of human error. Each company will have different risks and scores. Risks with higher scores need to be addressed quickly. Sean is an outside hire to his new management position. He understands that risk management is important and he takes the time to go over the incident reports and inspect the facility. An employee tells him that one of the machines needs to be replaced. He says that several employees have come close to being injured while using it. He states the machine does not shut off properly. Sean believes that asking for new equipment this soon is not wise. He points out to the employee that there are no incident reports for the specific piece of equipment. The employee responds that the employees know to be extra careful on the machine, but it is just a matter of time before someone is injured. Sean ignored the request and the complaints from three other employees. He did nothing about the equipment. Two months later an employee thought the machine was turned off and got her hand caught in it.
Speaker 1:Module 3.
Speaker 1:Seeking out problems before they happen. Part 1. The purpose of a risk assessment is to seek out problems before they happen. This allows you to prevent accidents and emergencies, or you can at least be better prepared when emergency situations do occur. This requires an understanding of the business and vigilance. By paying attention to potential problems, you will improve the overall health and success of your business. Each business will have its unique set of problems. For example, the risk of a retail business will be quite different from the risks that a manufacturing company would face. Pharmaceutical companies would face different risks than financial institutions. Larger organizations that cover multiple areas may find it helpful to break down the potential problems for each department. There are some basic risk categories to consider when discovering what is unique to your business Basic risks, physical risks, the building equipment, chemicals, etc. Location risks, crime, natural disasters, etc. Human risks, intoxication, theft, fraud, human error, etc. Technology risks, power hacking, telecommunications, etc. Careful consideration will help identify unique problems so that you can address them before they happen.
Speaker 1:Identifying potential problems requires close inspection of the work area. In order to do this, you need to look at the environment carefully, inspect each area of the facility for hidden risks and hazards that can cause problems. This requires walking around the entire facility and making note of everything. It is essential to consider every possible use of an area, all materials used and each tool. Things to consider when walking, how tools are used, different methods used to complete tasks, purpose of each tool, materials used. Make a list of all problems as you notice them. Use this list to guide the risk assessment.
Speaker 1:When you are identifying potential problems and issues, always keep in mind the long and short-term implications. It is easy to focus on the short-term problems that require immediate attention. For example, missing safety equipment is the short-term problems that require immediate attention. For example, missing safety equipment is a short-term problem that has immediate consequences that needs to be addressed quickly. Focusing on short-term problems, however, can overshadow long-term problems. Long-term problems are problems that will develop over time and, because they are not immediate issues, they are easy to ignore. For example, exposure to noise pollution is a long-term problem that can lead to hearing loss if it is not addressed in a timely manner. Do not allow the short-term risks and problems to prevent you from addressing the long-term.
Speaker 1:When looking for potential problems, it is important to pay attention to common hazards and risks. Most organizations face these potential problems, regardless of the type of business they are. While each company will have its own risks and problems, beginning with the common issues will help you identify basic problems. Many common issues can be resolved by keeping the work area clean and tidy. Examples of common issues Slip and fall areas, clutter, extension cords, falling objects, indoor pollutants. The QRT manufacturing company was growing, profits were high and orders were up, but the company was still in the original space. The owner considered moving to a larger location, but he was not sure if it would be worth the cost. Workstations were placed closer together, clutter soon developed and parts had to be stacked higher and higher on shelves. One day, an employee tripped over some debris on the floor and fell into the shelving, knocking it on top of him. The employee was injured and damaged two pieces of equipment.
Speaker 1:Module 4. Seeking Out Problem before they happen Part 2. Problems can occur at any time. This is why you must always be prepared to address them. Seeking out problems before they occur requires you to ask questions. You must pay attention to the risks of external events and preparing for the worst-case scenario. The consequence scale may identify the potential problems.
Speaker 1:In seeking out problems, you need to consider every aspect of risks. The key is to look at a situation and ask what would happen if. For example, you may ask what would happen if the electricity went out in the middle of the workday. Once you ask what would happen, you will be able to determine what type of impact it would have on the organization. Each possible problem can be assigned a different level of impact. Only assign a possible impact if you have all the information. Assign these as need more information or needs to be determined. Levels of impact Low impact. If a problem occurs, it will have little impact on the business and can be easily remedied. Medium impact the problem is not critical, but it will have little impact on the business and can be easily remedied. Medium impact the problem is not critical, but it will have an impact on the organization. High impact this is a critical problem that will disrupt the business. Determining the level of impact will establish which problems need to be addressed first.
Speaker 1:No matter how prepared you are, problems are not always easy to predict. This is especially true of external events. You have more control over internal events, but external events are more unpredictable. With external events, you need to be prepared for every possible problem. These events are basically anything around the office that is not internal Types of External Events Suppliers, suppliers, bring external events with their own risks. Customers customers bring external events with their own risks. Visitors visitors bring external events with their own risks. Traffic traffic affects schedules and the ability to make deadlines. Parking, drivers and car maintenance affect parking. Environment, weather and other environmental factors are external events.
Speaker 1:Part of risk management is preparing for the worst-case scenario in every situation. Discovering the worst-case scenario goes beyond asking what. If you need to ask what is the worst that could happen, for example, you should ask what is the worst that could happen if the computers were hacked. The worst-case scenario is essentially what happens if everything were to go wrong. The worst-case scenario will vary according to the unique risks of each organization. A company that manufactures fertilizer, for example, will have a different worst-case scenario than a call center. Once the worst-case scenarios are defined, you will be able to anticipate them and develop the appropriate backup plans. Are defined, you will be able to anticipate them and develop the appropriate backup plans.
Speaker 1:Once you identify the risks and potential problems that the organization faces, you need to understand the severity of the consequences. The consequence scale can be used for every potential problem that you identify. Using the consequence scale allows you to assess severity and determine what the outcome of each risk will be. Consequence scale 1. Insignificant little impact on the organization, no injuries. 2. Minor a small impact. First aid is necessary. 3. Moderate a definite impact involves hospitalization. 4. Major a large impact may involve 1-3 deaths. 5. Catastrophic a crisis, multiple deaths reported.
Speaker 1:Jane carefully planned her risk assessment for every internal aspect of the business. She was certain that nothing would catch her off guard. One day, a supplier delivered an order and stacked it in the hallway. The boxes were not stacked securely and they fell over. Part of the order included cleaning supplies that broke and spilled in the fall. As the cleaning supplies mixed, they created a chemical reaction that produced noxious fumes. Several employees and customers became sick from the smell and people soon fled the building. Jane had no plan in place for the problem and she spent the next few days handling the damage from the accident.
Speaker 1:Module 5. Everyone's Responsibility. Managing risks does not stop with the management team. Everyone is responsible for the safety of them. The risks and potential problems that an organization faces must be clear to employees at all levels. If everyone works to prevent problems before they begin, everyone will enjoy a safe and smoothly run work environment. When everyone is responsible for risk management, it is necessary that they know how to report potential problems. A system should be in place to make reporting problems simple, and everyone must be aware of how that system works. Employees should be actively encouraged to report risks and potential problems. There should be no confusion about this expectation. Create a visual reminder by posting lists of risks that employees should watch out for, along with emergency contact information throughout the workplace. Common safety risks employees should report Unauthorized individuals, leaks, smells, broken locks, broken equipment, slippery floors.
Speaker 1:Safety is a primary concern for organization. A common mantra is if it's not safe, don't do it. This rule must extend to all employees. Safety standards and risk management programs are only effective if they are properly implemented, and leaders need to be an example of safety standards. Do not perform a task without the appropriate safety equipment and expect your employees to use theirs. Any leader who violates safety standards is sending the message that rules are not important. Additionally, listen to employees who believe that a work environment is not safe. Provide employees with stop work authority the authority to stop working if the environment becomes dangerous. Employees should not feel pressured to work in dangerous situations just to keep their jobs. Make sure that employees are taught the safety rules and that those rules are consistently followed.
Speaker 1:When you have identified the risk and problems, it is essential to take the appropriate precautions. The precautions that you need to take will be determined by the organization. Precautions will be based on the risks identified in each company. There are, however, basic safety precautions that every organization needs to take Common precautions, safety equipment, accessible exits, fire alarms, safety training, ergonomic workstations, security, ventilation.
Speaker 1:Risks and safety precautions need to be communicated to the entire organization. Everyone needs to be informed. The communication needs to inform, educate and prevent problems. When communicating, it is important to create a plan and follow it. Communication strategy Identify the information you need to communicate. Sift through the information and highlight everything that needs to be communicated. Consider the audience. Identify what the audience does and does not know about the topic and address any communication barriers. Create the communication. Tailor the communication to the needs of the audience. Choose communication methods Choose the communication methods for your audience. You may use more than one method of communication. Communication is ongoing. Once you communicate the information, evaluate its effectiveness and determine if any changes need to be made.
Speaker 1:Jake was in charge of implementing new safety standards in the repair company. The standards include wearing safety glasses and aprons, as well as proper ergonomics when working on jewelry. Additionally, hair needs to be covered to prevent accidents in the workroom. One day, a customer required a quick repair and Jake was in a hurry. He walked into the workroom and completed the repair without following the safety guidelines. There was no accident, and he occasionally broke the rules to save time. Employees soon followed his example. Soon an employee forgot to cover her hair and got it stuck in the Polish wheel Module 6.
Speaker 1:Tracking and Updating Control Measures. Control measures are essential to risk management. The risk assessment allows you to effectively track control measures. By tracking control measures, you will be able to update them as necessary. Updated control measures ensure that the work environment is safe for everyone and that it remains safe as changes occur within the organization.
Speaker 1:Most organizations have control measures in place. Control measures are actions or activities that are in place to limit or prevent risks. There are six basic types of control measures. The measures used depend on the risk that is involved and how easily then can be avoided. There is a basic hierarchy to control measures, with the top measures being the most desirable. Some risks will require multiple control measures. Control measure hierarchy Eliminate, remove the hazard. Substitute Trade for a lesser risk. Isolate, limit access to the risk. Engineered controls, designs to prevent access to risks and hazards. Administrative controls. Safe work practices and procedures. Protective equipment Personal protective equipment is worn around hazards.
Speaker 1:Every business has different needs. The needs of the business determine how you develop your business procedures and your control measures. Remember that every company is unique and must develop procedures independently. You cannot rely on common procedures and control measures. You need to determine what is best for your organization. Many business procedures are based on specific control measures. For example, inspecting equipment is a control measure. The policy and procedure for the inspection process will vary according to each organization. A busier organization will require more frequent and in-depth inspection. Additionally, certain piecesier organization will require more frequent and in-depth inspection. Additionally, certain pieces of equipment may require more frequent inspection than others.
Speaker 1:Control measures and procedures will need to change as the organization does. Measures that are necessary one year may not be necessary the next, or they may no longer be adequate to fill the company's needs. Determining if the established control measures and procedures are adequate requires frequent evaluation. When to conduct evaluations? At least once a year After new procedures are implemented. After any change in the organization. There are common methods of evaluation, but it is important that each company identify the most effective methods for the organization. Common methods of evaluation Surveys and checklists, employee interviews, changes in the number of incidents, performance indicators, performance standards as control measures are evaluated determine what, if any, changes need to be made to the controls or procedures.
Speaker 1:It is important to update control measures as necessary and maintain them once they are established or updated. Evaluating whether a control measure is adequate will determine what needs to be updated and when it needs to be updated. Changes in the external work environment will also require updating. For example, changes to government regulations would require updating the control measures. Once control measures are implemented or updated, they need to be maintained carefully. If control measures and procedures are not maintained, it is not possible to determine whether they are effective. Establishing basic quality assurances can do this, identify key activities for control measures and create checklists to determine that the measures are being maintained. Example Key activity understanding of expectations. Checklist training available. Written procedures are available. Documentation of completed training. The checklists provide consistency and routine. They also make it easier to identify when the measures are not being maintained. The BCD Corporation established control measures based on government regulations and current evaluations. The initial company reports after initiation showed a decrease in injuries and other unwanted events. Over the next few months the company saw massive growth due to increased sales. The control measures and procedures remained in place for the organization. Soon there was an increase in missing inventory and employees began to report the theft of personal items. The security measures remained in place, but they were obviously ineffective.
Speaker 1:Module 7. Risk Management Techniques. Once the risks are assessed, they must be managed carefully. There are four basic risk management techniques and your company probably uses all of them. The management technique that you use will vary according to the severity of the risk and the current stability of the organization. You will choose between reducing the risk, transferring the risk, avoiding the risk and accepting the risk when determining which technique to use.
Speaker 1:Risk reduction is a common technique used in business. It is necessary when there is no possibility of removing the risk, such as in using machines. When you reduce the risk, you limit the severity of the risk and the likelihood of the risk occurring. When determining how to best reduce the risk, it is necessary to establish which method of reduction will be the most effective. For example, one risk reduction technique best reduce the risk. It is necessary to establish which method of reduction will be the most effective. For example, one risk reduction technique may reduce the risk of loss more than others, but it could also be more expensive to implement. Examples of risk reduction Retrofit a building to prepare for severe weather, sprinkler systems with fire alarms, training programs, security system, machine maintenance.
Speaker 1:The act of transferring a risk is also called risk sharing. This is often done in business relationships. For example, working with contracting labor or vendors may require a transfer of risk. The transfer of risk does not remove all risk from you, but it does offer some protection. The most common method used to transfer the risk is insurance. The insurance company takes on the risk from the policyholder. When working with other parties, insurance is not enough to cover the liability. It is necessary to review contractual obligations. You do not want to take all of the risk in a contractual relationship. There are different ways to transfer the risk Indemnification Place the legal responsibilities on an established party. Certificates of insurance Require specific levels. Insurance Certificates are proof of specific coverage. Additional insurance status A business is added on to another company's policy. It offers protection if indemnification is lost and prevents subrogating.
Speaker 1:Avoiding risks is not always possible. When avoiding risks, however, the purpose is to eliminate the risk or simply not engage it. Risk avoidance occurs regularly. It occurs when you decide against a business proposition or refuse to expand the company. Eliminating risk by avoiding it may seem like the safe route, but it is not always practical. If you avoid every risk that comes along, you will also avoid great business opportunities. Always consider both the risks and rewards that a new situation brings. For example, expanding the business may be costly. There is always the chance, however, that the expansion will pay for itself and increase profits Before avoiding a risk, make sure that you are not overlooking an opportunity. The severity of the risk will help you determine if it is something that you truly need to avoid.
Speaker 1:There are times when it is necessary to accept risks. When you accept risks, it is necessary to choose small risks that will not have a large impact on the organization. The cost of the risk should be smaller than insuring or avoiding the risk. A common act of risk acceptance is refusing insurance. When accepting a risk, you are accepting full responsibility if something goes wrong. This includes legal and financial responsibility. There are two different types of acceptance. Active acceptance occurs when a risk is identified and a plan is established should you need to face the consequences of the risk. Creating a plan of action helps you determine the best plan of action without the emotional impact that comes with facing the consequences. Passive acceptance occurs when there is no plan in place for an accepted risk. Passive risk occurs when the risk is so small that it is not worth the time and energy to plan a course of action.
Speaker 1:Cara was known for her successful business strategies. She never walked into any situation blindly and managed to grow every company that she worked for over the past 10 years, cara was careful about every decision she made in her personal and professional life. After she started her own company, kara was offered the chance to expand by buying out her main competitor. She refused because of the financial risk. Someone else made the purchase. After six months, kara was having trouble meeting her projected goals. Her competition, however, saw exponential growth.
Speaker 1:Module 8. General Office Safety and Reporting. It is important not to overlook the importance of safety in the office setting. A large number of accidents occur in the seemingly safe office environment. While it is important to try and prevent accidents in the office, it is equally important to be prepared in the event that accidents occur. Planning and reporting are essential to risk management. Preparation will help create a safe working environment.
Speaker 1:Accidents are inevitable in every workplace and they need to be reported immediately or within 24 hours of the accident. Make sure that all accidents are reported. Even if the employee does not believe that they are injured, it is possible for injuries to become apparent after the initial incident. Accident reports must follow local guidelines. Regardless of the local regulations, the report must include why the report is being filed and how the incident occurred. The accident report is essential if the employee needs workers' compensation or develops medical work restrictions. There are three different sections of the accident report Employee, supervisor, medical provider. The employee and supervisor must complete their portions of the report, regardless of whether medical treatment is sought. In the event that an employee requires medical treatment, the provider must fill out the accident report. A doctor's note should be provided along with the completed accident report report. A doctor's note should be provided along with the completed accident report.
Speaker 1:Accident response plans are put in place to help prevent accidents from happening again. An accident report requires an investigation. The results of an investigation will provide information to improve the safety of the work environment. When creating an accident response plan, it is essential that everything that needs to be done in the event of an accident is outlined. Plan elements Establish the chain of command. Determine procedures for different level of accidents, from minor to catastrophic. Collect evidence and information, including witness statements, reports and photographs. Make sure that the scene of the accident is secure. Analyze the evidence and draft a report explaining the incident. The report will be used to determine the exact cause and which changes are necessary to prevent repeat occurrences.
Speaker 1:Every office building requires an emergency action plan. Emergency action plans are implemented in case of an emergency such as a fire or major machine malfunction. Emergency action plans need to be written and accessible to employees In small groups under 10, the action plan may be communicated to employees verbally. What to include in an emergency action plan Procedures to report emergency Evacuation procedures. Critical employee procedures. Accounting for employees after evacuation, rescue and medical procedures. Titleing for employees after evacuation, rescue and medical procedures. Title of the employee who informs others of their duties in the plan.
Speaker 1:Each employee must be trained to evacuate and assist other employees. The employer must review the action plan with employees when they are hired, when there are changes and when employee roles change. Everyone in the office needs to be educated about safety risks and trained to avoid them. The education and training need to begin with new hires. Any risk that employees may face in the office should be made clear from the beginning and new training programs should be added when new risks are identified. The needs of the organization will determine which safety topics require further training. There are, however, typical safety topics that most office employees need to be aware of. Typical safety topics for training Electrical safety, housekeeping, falls Awareness, ergonomics, fire safety.
Speaker 1:Sharon worked in a safe office environment that was free of incidents and injuries, which is why she was surprised when a box fell off of a shelf in the supply closet and on her shoulder. Her manager panicked and made her sit down for a few minutes. Sharon decided that she suffered no serious damage because there was only a small bruise on her shoulder, but it hardly hurt. Her manager asked if they needed to bother with an accident report. Sharon decided that a report was not necessary. Two days later, sharon woke up to discover that she had trouble moving her shoulder and neck. The doctor told her that she had whiplash and needed treatment.
Speaker 1:Module 9. Business Impact Analysis. The business impact analysis is used to calculate the consequences of potential disruptions and it determines what is necessary for a company to recover. The risk assessment identifies the potential losses that the organization faces, as well as severe risks. Combining the information of the risk assessment with the business impact analysis will allow you to prepare for risks and overcome the impact that they have on the organization.
Speaker 1:Conducting a business impact analysis requires gathering information. The information gathered must be very specific. For example, the data for a sales department would focus on the selling process, roles, responsibilities, etc. The typical methods for gathering information are used in the business impact analysis Reports, research, interviews, questionnaires, conference calls. Interviews and questionnaires are the main sources of information because they provide the opportunity to create questions specific to the topic you are researching. When creating questions for interviews and questionnaires, you may want to consult an expert in the critical area. For example, you could consult an IT expert to gather data about internet security.
Speaker 1:Every organization has threats and vulnerabilities. The risks identified in the risk assessment will facilitate the identification of threats. The threats to the company that can affect the operations of the organization become vulnerabilities. Vulnerabilities are potential emergencies. The process of identifying vulnerabilities requires listing threats and considering how your critical processes are vulnerable to these threats. Threat tornado Vulnerability, structural damage and power outage. Threat hacking Vulnerability, leaked information and damage to computer system. Threat economic change Vulnerability loss of financial control. Once the vulnerabilities are identified, you can determine how they can affect the organization and plan accordingly.
Speaker 1:Once you have gathered information and identified vulnerabilities, you may analyze information to determine your priorities. The first step to analyzing information is validating it. You can validate the data you gathered by conducting face-to-face interviews with the participants who provided the information. After the information is verified, use it to prioritize your actions. Ask the following questions how would losing this function affect the business? What would losing this function cost? Do other systems rely on this function? The answers to these questions will reveal which functions are priorities.
Speaker 1:Once the information is analyzed, draft a report based on your findings. The report should include the recommendations. In order for the recommendations to be implemented, you need the buy-in of superiors. Successful implementation requires a few basic steps Identify the best venue for implementation. Review recommendations. Confirm commitment from participants. Schedule the implementation process. Confirm commitment from participants. Schedule the implementation process. After implementing the recommendations, you need to communicate with everyone involved and review the results of scheduled.
Speaker 1:Alec had a business in an area prone to severe weather. He realized that the weather was a threat, but he never established the ways that his business was vulnerable. A large tornado swept through the city but missed Alec's business. He was relieved, but damage to the city's infrastructure led to flooding. A foot of water stood in the building for two days while Alec could not reach it. Soon mold was growing in the walls. Alec never considered the possibility of flooding and was not sure what to do. He did not have flood insurance or a plan. He was not sure what to start working on first.
Speaker 1:Module 10. Disaster Recovery Plan. Every organization needs a disaster recovery plan. The disaster recovery plan outlines the procedures that need to be followed in the event of a disaster. By considering the consequences of disasters ahead of time, the recovery plan will mitigate their effects. The disaster recovery plan is established for different disasters, including natural and man-made disasters, such as severe weather or technology crashes.
Speaker 1:Disaster recovery plans are not easy to make. They take time and commitment, but they are essential to success in a disaster. Remember that 10% of businesses do not recover from disaster situations. The disaster recovery plan needs to be written ahead of time. You need to make it before you need it. By making the disaster recovery plan before it is necessary, you will be aware of the factors necessary for the company's survival. Necessary factors, people, facilities, technology, data Suppliers, policies and procedures. All of these factors need to be considered when establishing strategies to create a disaster recovery plan.
Speaker 1:Once a disaster recovery plan is created, the aspects of it need to be tested. For example, you may want to test your IT security. After testing the plan, make the necessary updates and adjustments. Repeat this process regularly, because both the business and the potential disasters will change over time. Establishing a testing system, choose the purpose of the test and what is being evaluated. Determine objectives and measurements, collect results, evaluate results, update the plan. Always record the tests and updates that you make to the plan. Be sure that you have the most current plan recorded.
Speaker 1:There are three basic disaster recovery sites for IT and technology. They are hot, warm or cold sites. Hot sites are very similar to the pre-disaster site. They are hot, warm or cold sites. Hot sites are very similar to the pre-disaster site. They are coordinated with the existing site and fully stocked. They allow business to continue practically without interruption. Cold sites are minimal backup sites that do not resemble the normal work sites. They are simply locations used for emergencies. There are also warm sites, which are between the hot and cold sites. Warm sites are not as spartan as cold sites, but the transition to the warm site is not seamless. The disaster recovery needs of an organization will help determine which type of site is chosen. Many companies, however, choose warm sites because they offer more protection than cold sites, but they are less expensive than hot sites.
Speaker 1:It is important to thoroughly document the disaster recovery plan. When creating the document, keep the formatting and wording simple. Make the message of the plan very clear. There is a basic outline that can be used to guide documenting a disaster recovery plan. Information to document. Objective Assumptions. Criteria to invoke the plan. Roles and responsibilities, contingency procedures. Resource plan. Procedures for returning to the original space. Procedure for information recovery.
Speaker 1:Sean transferred the client lists, ordering system and inventory to the computer. He was so focused on the transition that he neglected to plan for potential disasters. He was sure that the transition to electronic data would provide him with added protection, as long as he installed virus software and chose useful passwords, which he did. A month after the transition, sean discovered that he was the victim of a hacker. The entire computer system was taken offline. When Sean turned it back on, the letters were Cyrillic. Sean had no way to work after the cyber attack and the information was compromised.
Speaker 1:Module 11. Summary of Risk Assessment. The risk assessment is essential to risk management and many other strategies. This requires an understanding of risk assessment and risk assessment strategies. The ability to apply risk assessment techniques in the office will improve safety for employees and the organization.
Speaker 1:The first step in a risk assessment is identifying hazards. Each organization will face its own unique set of hazards. Different methods are used to identify hazards and many have already been introduced. Methods of identification Talk to employees, walk around the workplace, evaluate operations, read operation manuals, examine company records, consider long-term and short-term hazards, keep a list as you identify different hazards, Review the list for any overlap and to evaluate the hazards you identified. Once hazards are identified, it is important to identify who might be harmed by the hazard. You must be aware of customers, employees, vendors, etc. Employees may be directly harmed by a hazard or indirectly harmed. For example, handling chemicals can cause direct harm. Inhaling the fumes from another room is indirect harm. Additionally, you must be aware of people who may be at increased risk Pregnant women, the elderly, children, people with disabilities, inexperienced employees. After determining who might be harmed, you need to consider how they could be harmed by the hazards. The control measure hierarchy was previously introduced.
Speaker 1:Control measures are necessary for the risk assessment and they will depend on the hazard of the organization. Each hazard will have its own control measure. For example, chemical hazards would have a control measure of personal protective equipment. Evaluating the control measures will determine if they are sufficient. Evaluations need to be done when there are any changes in the organization or each year. Sufficient control measures will provide control over hazards and they will meet government regulations. Control measures are not always sufficient. In fact, you may find that some hazards do not even have control measures. For example, a new piece of equipment has a hazard of flying debris. It requires a PPE personal protective equipment control measure. When you discover that control measures are not sufficient, you must change them. Once you determine how to alter the control measures, you must communicate the measures and implement them, monitor the measures for their effectiveness and evaluate the results to determine if they are sufficient. They will need to meet government regulations and provide the safest environment possible.
Speaker 1:Jean took the time to identify hazards in the department. She made a list of the hazards and how they could cause damage. This information was used to create control measures. The measures were created with well-trained, young and strong employees in mind. Jean forgot to consider people who have a higher risk of injury and members of the public, such as customers and vendors. Eventually, an elderly customer with limited mobility had difficulty navigating slippery floors. She fell and injured her arm. Module 12. Wrapping Up. Although this workshop is coming to a close, we hope that your journey to understanding risk assessment and management is just beginning. We wish you the best of luck on the rest of your travels. Words from the wise Theodore Roosevelt Risk is like fire if controlled, it will help you. If uncontrolled, it will rise up and destroy you. Max Bazerman, when our leaders accept the status quo, we run the risk of disaster. Cicero To make a mistake is only human. To persist in a mistake is idiotic. George Santayana, those who cannot remember the past are doomed to repeat it.