VETTER E learning course (EN)

The fields of psychology and sociology have dominated risk research in the social sciences. These areas focus on how individuals perceive various risks, what factors enter into the estimation of risk and how people make risk-related choice. 

As awareness among risks appeared, specialists also started to develop theories and measures to overcome these situations. The development of Safeguarding began with the development of the Industrial Revolution, and it was in England where the first data on this topic as it is conceived today began to be collected.

In the context of organisations and work, there are currently profound, rapid and widespread processes of change. Of particular concern in the area of occupational health are the so-called emerging risks from a wide range of fields, such as new technologies, new production systems, new raw materials and new chemical and biological compounds new technologies, new production systems, new raw materials and new chemical and biological compounds. The concept of emerging psychosocial risks encompasses current, often newly emerging risks due to economic, social, organisational or occupational changes and which are undergoing a major change in their extent or intensity.

Risk assessment is an essential process within the workplace, which involves identifying, analysing and controlling hazards and risks. Risk assessment, together with risk communication (exchanging information) and risk management (proactive control and evaluation fo threats and risks to prevent them), are vital elements of the risk analysis, and they help make informed decisions on how to mitigate risks, for example. 

In order to assess enterprise risks, there are different theories and criteria to follow. Mind that not all the criteria available can be applied to every field, they may be adjusted to reflect the reality of any specific unit. 

The university of Standford uses the following criteria to assess enterprise risks, but are also applicable to a unit-specific risk assessment program:

Likelihood Ranking Criteria:

1. Negligible or Rare

2. Low or Unlikely

3. Medium or Possible

4. High or Likely

5. Extreme or highly likely

These criteria are marked by several factors, regarding the frequency of occurrence of the risk in the own enterprise or other organizations, how it is mitigated and if management plans take place. 

Impact Ranking Criteria:

1. Incidental Localized or No Impact

2. Minor Localized Impact

3. Moderate Organizational Impact

4. Major or High Organizational Impact

5. Extreme or Catastrophic Organizational Impact

These criteria are marked by several factors that vary between the effects and harm to the impact to the goals or the level of financial loss. 

Risk assessment has as a main objective to eliminate operational risks and to “improve the overall safety of the workplace”. To perform risk assessment is the employer’s responsibility when “new processes or steps are introduced in the workflow; changes are made to the existing processes, equipment and tools; or, new hazards arise.” Auditors can also perform this when planning an audit procedure for a business.

In order to properly assess risks, there are several steps to follow. These steps are considered important methodology while managing risks: 

1. Identifying hazards: in order to carry out a proper identification of possible hazards, we need to “Survey the workplace and look at what could reasonably be expected to cause harm, identify common workplace hazards, check manufacturers or supplier’s instructions or data sheets for any obvious hazards, review previous accident and near-miss reports. Efficiently identify hazards by using a hazard identification checklist”. These steps ensure that everything is covered and that we perform a proper hazard identification, in order to prevent risks from escalating. These two terms (risks and hazards) are often used interchangeably, but they refer to different elements of a potential incident. A hazard is “something that has the potential of causing harm to people, property, or the environment”, while a risk is “the likelihood of a hazard to actually cause harm or damage under defined circumstances.”

2. Evaluate the risks: in order to evaluate a hazard’s risk, you have to consider “how, where, how much and how long individuals are typically exposed to a potential hazard”. Using a risk matrix or performing an environmental analysis are tools that may help in this matter. It is important to use specific tools for specific functions, for example, different types of software in order to reduce risks or communicate any potential hazards in different areas of work. 

3. Decide on control measure to implement: after assigning a risk rating to an identified hazard, we need to “come up with effective controls to protect workers, properties, civilians, and/or the environment. Follow the hierarchy of controls in prioritizing implementation of controls.”

4. Document your findings: it is essential to have a formal record of risk assessments in order to help your organization to “keep track of hazards, risk, and control measures”. This documentation can include “a detailed description of the process in assessing the risk, an outline of evaluations, and detailed explanations on how conclusions were made”. There are templates available in order to ease this work. 

5. Review your assessment and update if necessary: it is very important to follow up with the assessments made and to ensure that the recommended controls have been taken.

Considering this, and to conclude, we have to remark that these are steps to a risk management plan. “A risk management plan documents potential risks to an organization, and the steps employees should take to keep those risks at acceptable levels. An organization will have many risk management plans to address different risks.” Despite this, most of the risk plans undertake the same structure, which has to be adapted for each specific situation. 

The steps to follow in a risk management plan are the following:

1. Set objectives: review business or project objectives.

2. Risk identification: review digital assets and identify possible risks corresponding to each. 

3. Risk assessment: assessing the known risks. 

4. Risk analysis: estimate the likelihood of the risk and the potential impact.

5. Determine risk tolerance

6. Create risk mitigation strategies

It is crucial to follow the steps in order. This can be used as a template in order to adapt it, as we have previously mentioned, to the pertinent circumstances.

To sum up, sociology is an important area at the time of dealing with risks. As we have seen, risks have a strong correlation with the individuals, and they also need to be studied through this view. Apart from this, it is important to deeply revise the risks that may appear and to establish the methods that we have reviewed at the time of dealing with them within an enterprise. Consider that, depending on the area of activity or the nature of the company, the risk plan and management needs to be adapted, so there is no single way to approach to this, yet there are some steps to follow.