June 10, 2020
In my post, “Operational Risk Management Taking on Heightened Importance," I talked about what operational risk management (ORM) is. I explained why it is critical, especially now with COVID-19 being such an issue. I also covered that the differences between ORM and Enterprise Risk Management (ERM), where business leaders tend to be focused these days, revolve around ERM's financial centricity versus ORM's holistic operational approach. As enterprises strive to bridge the process and organizational silos, they must have a playbook or plan to succeed. Yet, merely having the playbook isn't enough. There must be mechanisms in place to ensure that the plans are followed. Developing the ORM playbook and making sure it is followed is what will allow a business to mitigate risks to an acceptable level known as an “As Low As Reasonably Possible” (ALARP) level within their ORM program, while meeting core business objectives.
A successful ORM program, as noted in my initial post, must be comprehensive in nature. While it has at its foundation EHS elements such as audit, incident investigation, management of change, document management, and compliance reporting, it must also provide analysis capabilities and support applications across all disciplines, implying the need for mobility and scalability. ORM has an embedded strategy element, as well. Whether it is asset strategy, operations strategy, compliance strategy, or workforce strategy, a good ORM solution allows an organization to manage risk in multiple domains. While privilege to operate is a fundamental component of ORM, part of the paradigm shift to achieve optimal efficiency and profitability comes from focusing on operations and assets, not just “compliance.”
This is an adaptation of the Reason’s Model* and is not meant to be exhaustive or comprehensive and is used for demonstration purposes only to convey the relationship of hazards, risks, and controls.
(*Reason’s et al)
Since strategy is inherent in a successful ORM program, it dictates that planning – defined as formulating strategy, defining objectives and measurements, deriving tactics, then deploying forces and executing – is essential. The way to ensure ORM success, then, is to:
Central to the selection of the right technology is defining the systems of record, which serve as the enforcement mechanism, allowing ORM to become endemic.
For many organizations, one of the biggest hurdles is having too many scattered ORM pieces. Be they paper based, document and spreadsheet based, or scattered throughout the many applications deployed for operational control such as EHS, MES, APM, RCM and the other dozens of acronym soup solutions, many organizations often have many multiples of ways of doing the same tasks. This variety makes it virtually impossible for an organization to address its challenges. It is appropriate that the expression "less is more" is associated with the architect Ludwig Mies van der Rohe, since architecturally from an IT perspective, that is what is needed to be successful with ORM. Minimizing the number of disparate tools used to deliver your ORM capabilities is one of the surest paths to success. Without interoperability enabled through an ORM strategy, it will be difficult to improve efficiencies and support the real-time proactive decisions required to address the dynamic nature of risk.
You may contact the author at firstname.lastname@example.org
To learn more about Operational Sustainability LLC’s breadth of ORM capabilities and how they support your ORM efforts, visit our ORM page.