View
39
Download
11
Category
Tags:
Preview:
DESCRIPTION
open university malaysia
Citation preview
5/24/2018 Risk Management Study Guide
1/53
STUDY GUIDE SMRK5103 Risk Management
1
CENTRE FOR GRADUATE STUDIES
STUDY GUIDE
SMRK5103Risk Management
Writer: Dr Mohd Rafee Baharudin Open University Malaysia
Developed by: Centre for Instructional Design and TechnologyOpen University Malaysia
First Edition, August 2012
Copyright Open University Malaysia (OUM), August 2012, SMRK5103All rights reserved. No part of this work may be reproduced in any form or by any meanswithout the written permission of the President, Open University Malaysia.
5/24/2018 Risk Management Study Guide
2/53
STUDY GUIDE SMRK5103 Risk Management
2
5/24/2018 Risk Management Study Guide
3/53
STUDY GUIDE SMRK5103 Risk Management
3
Contents
Course Introduction .......................................................................................5 Course Synopsis ..................................................................................5 Course Aims .........................................................................................5 Course Outcomes ................................................................................6 Course Load .........................................................................................6
Course Resources and Requirements .........................................................8 Set Textbook(s) ....................................................................................8 Essential References ...........................................................................8 Additional Recommended Readings ....................................................9 My Virtual Learning Environment (myVLE) ..........................................9 OUM Digital Library Resources ............................................................ 9
Assessment ..................................................................................................10 Assessment Format ...........................................................................10 Late Submission of Assignment(s) .....................................................10
Topics ...........................................................................................................11 Topic 1 Introduction to Risk Management .......................................11 Topic 2 Risk Strategy ......................................................................14 Topic 3 Risk Assessment ................................................................17 Topic 4 Risk and Organisations ......................................................20 Topic 5 Risk Response ...................................................................23
Topic 6 Risk Assurance and Reporting ...........................................26 Topic 7 The Cost of Human Error ...................................................29
Assessment Guide .......................................................................................31 Assignment ..............................................................................................31 Do Not Plagiarise .....................................................................................32 Avoid Plagiarism ......................................................................................32 Documenting Sources ..............................................................................33 Referencing ..............................................................................................33
Appendix A ...................................................................................................35
Sample Assignment ................................................................................35
Appendix B ...................................................................................................36 Learning Support .....................................................................................36
Appendix C ...................................................................................................37 Study Paths for Success in the Course ...............................................37
5/24/2018 Risk Management Study Guide
4/53
STUDY GUIDE SMRK5103 Risk Management
4
5/24/2018 Risk Management Study Guide
5/53
STUDY GUIDE SMRK5103 Risk Management
5
COURSE INTRODUCTION
Study Guide
The course SMRK5103 Risk Management is one of the required courses for
the OUM Master of OSH Risk Management (MOSHRM) programme. The
course assumes some prior knowledge and experience of face-to-face
teaching in a classroom and of curricular aspects of courses you have
taught. For this reason, you are encouraged to read widely and to tap into
your work experience to get the most out of the course.
Course Synopsis
The course introduces the subject of risk assessment and control with acomprehensive perspective on risk concepts, tools and techniques. Itdemonstrates critical understanding of the principles and practices of riskassessment and control.
Course Aims
The course aims to equip students with advanced knowledge and skills in
assessing and managing the risks involved in an industry towards creating a
specialised workforce.
Course Outcomes
By the end of this course, you should be able to:
1. Describe the concept of risk management;
2. Discuss the steps involved in conducting risk assessment;
3. Critically assess risk using different types of tools in evaluating risks;and
4. Conduct risk assessment and control in various industries.
5/24/2018 Risk Management Study Guide
6/53
STUDY GUIDE SMRK5103 Risk Management
6
Course Load
It is a standard OUM practice that learners accumulate 40 study hours forevery credit hour. As such, for a three-credit hour course, you are expected
to spend at least 120 hours of learning. Table 1 gives an estimation of howthe 120 hours can be accumulated.
Table 1:Allocation of Study Hours
Activities No of Hours
Reading the course guide and completing the exercises 60
Attending 5 seminar sessions (3 hours for each session) 15
Engage in online discussion 10
Completing assignment 20Revision 15
Total 120
It is important to know that this STUDY GUIDE is organised around anumber of TOPICS, LEARNING OUTCOMES, FOCUS AREAS and
ASSIGNED READINGS. This is illustrated in the figure below.
TOPICS
LEARNING
OUTCOMES
FOCUS
AREAS
ASSIGNED
READINGS
STUDY GUIDE
Figure 1:Organisation of the Study Guide
To achieve the learning outcomes for the course, five TOPICS are includedin the Study Guide. Each of these topics is to be covered in depth, based onreadings from the assigned textbook and supplementary materials for thecourse. You are expected to spend about 12 hours of learning time on eachtopic. Ideally, a topic should be covered during each seminar.
5/24/2018 Risk Management Study Guide
7/53
STUDY GUIDE SMRK5103 Risk Management
7
Secondly, each topic comprises a number of LEARNING OUTCOMES,FOCUS AREAS and ASSIGNED READINGS. Each topic is guided by topic-related learning outcomes which essentially tell you what ought to be
achieved at the end of a topic. The focus areas demonstrate sub-topics thatare to be learnt, understood, applied and evaluated through deliberation. Inaddition, these focus areas will be covered in the assignment and theexamination for the course.
Finally, assigned readings cover the core content for each topic. You willhave to read allof what is assigned.
An important point to be raised here is that while the selected topics for thecourse SMRK5103 cover a substantial amount of information, your readingsand deliberations should not be limited to these topics or to the assigned
readings. The assigned readings and the focus areas merely tell you aboutcore content, representing the minimumamount of information to cover. Asin all graduate courses, a wide selection of readings is recommended for fullunderstanding of the area, which in this case, includes models and strategiesof instruction used by teachers all over the world. It would be worth yourwhile to read the recommended texts and to search OUMs digital library forother books and articles related to the course.
The pages that follow outline a list of topics and related learning outcomes,focus areas as well as assigned readings for the course. Throughout theduration of the course, your course facilitator will use these topics as a guide
for all face-to-face interaction, class participation and group or onlinediscussion. At the end of the course, your knowledge and comprehension ofthe areas under these topics will be assessed.
5/24/2018 Risk Management Study Guide
8/53
STUDY GUIDE SMRK5103 Risk Management
8
COURSE RESOURCES AND REQUIREMENTS
Set Textbook(s)
Hopkin, P. (2010). Fundamentals of risk management: Understanding,evaluating and implementing effective risk management. United States:Kogan Page Limited.
Essential References
Bartlett, J. (2004). Project risk analysis and management guide. UnitedKingdom: APM Publishing.
British Standard Institute. (2008). BS31100:2008, Principle of risk
management. United Kingdom: British Standard Institute (BSI).
DOSH. (2008). Guidelines for hazard identification, risk assessment and riskcontrol (HIRARC). Retrieved from http://www.dosh.gov.my/doshv2/phocadownload/guidelines/ve_gl_hirarc.pdf
Goetsch. (2011). Occupational Safety and Health for Technologies,Engineers and Managers(7th ed.). Pearson. Pg. 3 9.
HM Treasury. (2004). Theorange book: Management of risk principles andconcepts. Retrieved from http://www.hmtreasury.gov.uk/d/orange_
book.pdf
International Standard IES/FDIS 21010. (2009). Risk management Riskassessment techniques. Retrieved from www.iso.org
IRM. (2002).A risk management standard. Retrieved from http://www.theirm.org/publications/documents/Risk_Management_Standard_030820.pdf
ISO. (2009). ISO 31000: 2009 Risk management principles and guidelines.Retrieved from http://www.iso.org/iso/catalogue_detail?csnumber=43170
The Institute of Internal Auditors. (2004). The role of internal auditing inenterprise wide risk management. Retrieved from www.theiia.org.
Vance, B., & Makomaski, J. (2007). Enterprise risk management fordummies. New Jersey: Wiley Publishing.
5/24/2018 Risk Management Study Guide
9/53
STUDY GUIDE SMRK5103 Risk Management
9
Additional Recommended Readings
Association of Insurance and Risk Managers. (2006). Insurance buyersguide. Retrieved from www.airmic.com
COSO. (2004). Enterprise risk management integrated framework:Executive summary. Retrieved from www.coso.org
Ericson, C. A. (2005). Hazard analysis techniques for system safety (2nded.). Wiley-Interscience.
Health and Safety Executive. (2005). A review of safety culture and safetyclimate literature for the development of the safety culture: Inspectiontoolkit research report 367. Retrieved from http://www.hse.gov.uk/research/rrpdf/rr367.pdf
Occupational Safety and Health Master Plan for Malaysia 2015 by Ministry ofHuman Resources Malaysia.
United States Government. (2004). Every business should have a plan.Retrieved from www.ready.gov
My Virtual Learning Environment (myVLE)
Online Discussion
Learners are required to participate in online discussions.
Assignment
Learners are required to surf the Internet, visit OUM digital library resources,and read the recommended textbooks and journals to complete theassignments.
OUM Digital Library Resources
For the purpose of referencing materials and doing library-based research,OUM has a comprehensive digital library. For this course, you may use thefollowing databases: ProQuest, CINAHL Plus, Springer Link and InfoSciBooks. From time to time, materials from these databases will be assignedfor additional reading and activities.
5/24/2018 Risk Management Study Guide
10/53
STUDY GUIDE SMRK5103 Risk Management
10
ASSESSMENT
Assessment Format
Refer to myVLE.
Late Submission of Assignment(s)
Failure to submit an assignment by the due date without the granting of anofficial extension of time by your course tutor will incur a penalty.
5/24/2018 Risk Management Study Guide
11/53
STUDY GUIDE SMRK5103 Risk Management
11
Topics
Topic 1: Introduction to Risk ManagementLearning Outcomes
By the end of this topic, you should be able to:
1. Describe a range of definitions of risk and risk management, and theusefulness of the various definitions;
2. List the characteristics of a risk that need to be identified in order to
provide a full risk description;3. Describe options for classifying risks according to the nature, source
and timescale impact;
4. Outline the options for the attachment of risks to various attributes ofan organisation and the advantages of each approach;
5. Use a risk matrix to represent the likely impact of risk materialising interms of likelihood and magnitude;
6. Outline the principles (PACED) and aims of risk management and itsimportance to operations, projects and strategy;
7. Describe the nature of hazard, control and opportunity risks and howorganisations should respond to each type;
8. Outline the development of the discipline of risk management, includingthe various specialist areas and approaches;
9. Describe the key benefits of risk management in terms of compliance,assurance, decisions and efficiency/efficacy (CADE3);
10. Describe the key stages in the risk management process and the maincomponents of a risk management framework; and
11. Describe the key features of the best-established risk management
standards and frameworks.
5/24/2018 Risk Management Study Guide
12/53
STUDY GUIDE SMRK5103 Risk Management
12
Focus Areas Assigned Readings
1.1 Approaches to Defining
Risk
1.2 Impact of Risk
Organisations
1.3 Types of Risks
1.4 Development of Risk
Management
Hopkin, P. (2010). Fundamentals of risk
management: Understanding, evaluating and
implementing effective risk management. United
States: Kogan Page Limited.
Chapter 1 Approaches to Defining Risk
Definitions of risk.
Types of risks.
Risk description.
Inherent level of risk.
Risk classification systems.
Risk likelihood and magnitude.
Chapter 2 Impact of Risk on Organisations
Risk importance.
Impact of hazard risks.
Attachment of risks.
Risk and reward.
Risk and uncertainty.
Attitude to risk.
Chapter 3 Types of Risks
Timescale of risk impact. Hazard, control and opportunity risks.
Hazard tolerance.
Management of hazard risks.
Uncertainty acceptance.
Opportunity investment.
Chapter 4 Development of Risk Management
Origins of risk management.
Insurance origins of risk management.
Specialist areas of risk management.
Enterprise risk management.
Levels of risk management
sophistication.
Risk maturity models.
5/24/2018 Risk Management Study Guide
13/53
STUDY GUIDE SMRK5103 Risk Management
13
1.5 Principles and Aims of
Risk Management
1.6 Risk Management
Standards
Chapter 5 Principles and Aims of Risk
Management
Principles of risk management.
Importance of risk management.
Risk management activities.
Efficient, effective and efficacious.
Perspective of risk management.
Implementing risk management.
Chapter 6 Risk Management Standards
Scopes of risk management standards.
Risk management process.
Risk management framework.
COSO ERM cube.
Features of risk management standards.
Control environment approach.
Guidelines for Hazard Identification, Risk
Assessment and Risk Control (HIRARC) by
DOSH Malaysia, Ministry of Human Resources
Malaysia 2008.
Pg. 5 16.
Risk Management Concept in Malaysia
Basic Concepts
Planning and Conducting of HIRARC
Control
Study Questions
1. Discuss the PACED concept.
2. Discuss the options of classifying risks according to the nature, source
and timescale impact.
3. Discuss the nature of hazard, control and opportunity risks and how
organisations should respond to each type.
5/24/2018 Risk Management Study Guide
14/53
STUDY GUIDE SMRK5103 Risk Management
14
Topic 2: Risk Strategy
Learning Outcomes
By the end of this topic, you should be able to:
1. Describe the main parts of risk management policy and the importanceof each part;
2. Explain the key components of the risk architecture, strategy andprotocols (RASP) for an organisation and how these fit together;
3. Describe the range of risk documentation and records that could berequired and the function of each different type;
4. Describe the nature, content and use of a risk register, citing examples;
5. Outline the key roles and responsibilities of risk management in relationto job roles and key departments, including the role of CRO;
6. Describe suitable risk architecture for a range of organisations,including the importance of risk committees and risk communication;
7. Describe the key features of a risk-aware culture (LILAC) and how thekey components can be measured;
8. Describe the components of evaluating risk maturity of an organisation(4Ns) and the benefits associated with greater risk maturity; and
9. Outline the importance of risk training and risk communication,
including the use of a risk management information system (RMIS).
Focus Areas Assigned Readings
2.1 Risk Management Policy
Hopkin, P. (2010). Fundamentals of risk
management: Understanding, evaluating and
implementing effective risk management.
United States: Kogan Page Limited.
Chapter 7 Risk Management Policy
Risk architecture, strategy
and protocols.
Risk management policy.
Risk management
architecture.
Risk management strategy.
5/24/2018 Risk Management Study Guide
15/53
STUDY GUIDE SMRK5103 Risk Management
15
2.2 Risk Management
Documentation
2.3 Risk Management
Responsibilities
2.4 Risk Architecture and
Structure
Risk management protocols.
Risk management
guidelines.
Chapter 8 Risk Management Documentation
Record of risk management
activities.
Risk response and
improvement plans.
Event reports and
recommendations.
Risk performance and
certification reports.
Designing a risk register. Using a risk register.
Documenting HIRARC
Responsibility and Accountability
Documenting Process
Guidelines for Hazard Identification, Risk
Assessment and Risk Control (HIRARC) by
DOSH Malaysia, Ministry of Human Resources
Malaysia 2008.Pg. 16 17.
Chapter 9 Risk Management Responsibilities
Allocation of responsibilities.
Risk management and
internal audit.
Range of responsibilities.
Statutory responsibilities of
management.
Role of risk manager.
Chief Risk Officer (CRO).
Chapter 10 Risk Architecture and Structure
Risk architecture.
Corporate structure.
Risk committees.
5/24/2018 Risk Management Study Guide
16/53
STUDY GUIDE SMRK5103 Risk Management
16
2.5 Risk-Aware Culture
2.6 Risk Training and
Communication
Risk communications.
Risk maturity.
Alignment of activities.
Chapter 11 Risk Aware Culture
Styles of risk management.
Defining risk culture.
Components of a risk-aware
culture.
Measuring risk culture.
Risk culture and risk
steategy.
Establishing the context.
Chapter 12 Risk Training and
Communication
Risk training and risk culture.
Risk information and
communication.
Shared risk vocabulary.
Risk information on an
intranet.
Risk Management
Information System (RMIS).
Consistent response to risk.
Study Questions
1. Discuss the key features of a risk-aware culture (LILAC) and how thekey components can be measured.
2. Discuss the main parts of a risk management policy and theimportance of each part.
5/24/2018 Risk Management Study Guide
17/53
STUDY GUIDE SMRK5103 Risk Management
17
Topic 3: Risk Assessment
Learning Outcomes
By the end of this topic, you should be able to:
1. Describe the importance of risk assessment as a critically importantstage in the risk management process;
2. Outline the range of risk assessment techniques that are available andthe advantages/disadvantages of each technique;
3. Describe the importance of risk classification systems and the keyfeatures of the best-established systems;
4. Provide examples of the use of a risk matrix, including using it toindicate the dominant risk response in each quadrant;
5. Use a risk matrix to indicate the risk appetite of an organisation andwhether the organisation is risk averse or risk aggressive;
6. Describe the main components of loss control as loss prevention,damage limitation and cost containment and provide practicalexamples;
7. Demonstrate the use of loss-control actions to reduce the impact of anevent that has a large magnitude before mitigation;
8. Outline the alternative approaches to define the upside of risk and thepractical application of these approaches for strategy, projects and
operations;
9. Outline the importance of business continuity planning and disasterrecovery planning and provide practical examples;
10. Describe the approach taken during a business impact analysis andhow the analysis supports business continuity planning; and
11. Describe the key features of a business continuity plan, as set out inestablished business continuity standards, such as BS 25999.
5/24/2018 Risk Management Study Guide
18/53
STUDY GUIDE SMRK5103 Risk Management
18
Focus Areas Assigned Readings
3.1 Risk AssessmentConsiderations
3.2 Risk Classification Systems
3.3 Risk Likelihood and Impact
Hopkin, P. (2010). Fundamentals of risk
management: Understanding, evaluating and
implementing effective risk management.
United States: Kogan Page Limited.
Chapter 13 Risk Assessment Considerations
Importance of risk
assessment.
Approaches to risk
assessment.
Risk assessment
techniques.
Risk matrix. Risk perception.
Risk appetite.
Chapter 14 Risk Classification Systems
Short, medium and long-
term risks.
Purpose of risk classification
systems.
Examples of risk
classification systems.
FIRM risk scorecard.
PESTLE risk classification
system.
Hazard, control and
opportunity risks.
Chapter 15 Risk Likelihood and Impact
Application of a risk matrix.
Inherent and current level of
risk.
Control confidence.
4Ts of risk response.
Risk significance.
Risk capacity.
5/24/2018 Risk Management Study Guide
19/53
STUDY GUIDE SMRK5103 Risk Management
19
3.4 Loss Control
3.5 Defining the Upside Of Risk
3.6 Business Continuity Planning
Chapter 16 Loss Control
Risk likelihood.
Risk magnitude.
Hazard risks. Loss prevention.
Damage limitation.
Cost containment.
Chapter 17 Defining the Upside of Risk
Upside of risk.
Opportunity assessment.
Riskiness index.
Upside in strategy. Upside in projects.
Upside in operations.
Chapter 18 Business Continuity Planning
Importance of BCP and
DRP.
Business continuity
standards.
Successful BCP and DRP.
Business impact analysis
(BIA).
BCP and ERM.
Civil emergencies.
Study Questions
1. Discuss the range of risk assessment techniques that are available aswell as the advantages and disadvantages of each technique.
2. Discuss the key features of a business continuity plan.
5/24/2018 Risk Management Study Guide
20/53
STUDY GUIDE SMRK5103 Risk Management
20
Topic 4: Risk and Organisations
Learning Outcomes
By the end of this topic, you should be able to:
1. Describe the key features of a corporate governance model and thelinks to risk management in different types of organisations;
2. Describe the different types of stakeholders of a typical organisationand the influence of these stakeholders on risk management;
3. Describe a simplified business model and the different types of coreprocesses that need to take place in an organisation;
4. Provide a brief description of the project life cycle and the importanceof risk management at each stage, using the 4As approach;
5. Describe the key features of a project risk management system, suchas the Project Risk Analysis and Management (PRAM) approach;
6. Outline the key features of operational risk as practised in financialinstitutions, such as banks and insurance companies;
7. Describe the key sources of operational risk in financial institutions andprovide examples of how these risks are managed;
8. Describe the importance of the supply chain and the contribution ofsupply chain risk management to the success of the organisation; and
9. Give examples of the risks associated with outsourcing and how theserisks can be successfully managed.
Focus Areas Assigned Readings
4.1 Corporate GovernanceModel
Hopkin, P. (2010). Fundamentals of risk
management: Understanding, evaluating and
implementing effective risk management.
United States: Kogan Page Limited.
Chapter 19 Corporate Governance Model
Corporate governance.
OECD principles of
corporate governance.
LSE corporate governance
framework.
5/24/2018 Risk Management Study Guide
21/53
STUDY GUIDE SMRK5103 Risk Management
21
4.2 Stakeholder Expectations
4.3 Analysis of the BusinessModel
4.4 Project Risk Management
4.5 Operational Risk Management
Corporate governance for a
bank.
Corporate governance for a
government agency. Evaluation of board
performance.
Chapter 20 Stakeholder Expectations
Range of stakeholders.
Stakeholder dialogue.
Stakeholders and core
processes.
Stakeholders and strategy.
Stakeholders and tactics. Stakeholders and
operations.
Chapter 21 Analysis of the Business
Model
Simplified business model.
Core business processes.
Efficacious strategy.
Effective processes.
Efficient operations.
Reporting performance.
Chapter 22 Project Risk Management
Introduction to project risk
management.
Development of project risk
management.
Uncertainty in projects.
Project life cycle.
Opportunity in projects.
Project risk analysis and
management.
Chapter 23 Operational Risk Management
Operational risk.
Definition of operational
risk.
5/24/2018 Risk Management Study Guide
22/53
STUDY GUIDE SMRK5103 Risk Management
22
4.6 Supply Chain Management
Basel II.
Measurement of operational
risk.
Difficulties of measurement. Development in operational
risk.
Chapter 24 Supply Chain Management
Importance of the supply
chain.
Scope of the supply chain.
Strategic partnerships.
Joint ventures.
Outsourcing of operations. Risk and contracts.
Study Questions
1. Discuss the project life cycle and the importance of risk management ateach stage, using the 4As approach.
2. Discuss the key features of a project risk management system, such asthe PRAM approach.
5/24/2018 Risk Management Study Guide
23/53
STUDY GUIDE SMRK5103 Risk Management
23
Topic 5: Risk Response
Learning Outcomes
By the end of this topic, you should be able to:
1. Provide alternative definitions of Enterprise Risk Management (ERM);
2. Identify the key features of an enterprise-wise approach;
3. Describe the ten steps in the implementation of a successful ERMinitiative;
4. Outline the importance of risk appetite as a planning tool in theimplementation of a risk management initiative;
5. Describe the relationship between risk appetite, risk exposure and risk
capacity and the interface with operations, projects and strategy;6. Describe risk response options in terms of tolerate, treat, transfer and
terminate, and how these can be shown on a risk matrix;
7. Describe the types of controls that are available, in terms of Preventive,Corrective, Directive and Detective (PCDD) controls;
8. Explain how to determine whether controls are cost effective, howcontrols change loss expectancy and how to learn from controls;
9. Provide practical examples of the control of selected hazard risks,including risks to finances, infrastructure, reputation and marketplace;
10. Describe the importance of insurance and the circumstances in whichinsurance is purchased, including the involvement of a captiveinsurance company; and
11. Explain the importance of the insurance purchasing process of cost,coverage, capacity, capabilities, claims and compliance.
5/24/2018 Risk Management Study Guide
24/53
STUDY GUIDE SMRK5103 Risk Management
24
Focus Areas Assigned Readings
5.1 Enterprise Risk Management
5.2 Importance of Risk Appetite
5.3 Tolerate, Treat, Transfer andTerminate
5.4 Risk Control Techniques
Hopkin, P. (2010). Fundamentals of risk
management: Understanding, evaluating and
implementing effective risk management.United States: Kogan Page Limited.
Chapter 25 Enterprise Risk Management
Enterprise-wide approach.
Definitions of ERM.
ERM in practice.
ERM and business
continuity.
ERM in energy and finance.
Future development ofERM.
Chapter 26 Importance of Risk Appetite
Risk capacity.
Risk exposure.
Nature of risk appetite.
Cost of risk controls.
Risk management and
uncertainty.
Risk appetite and lifestyle
decisions.
Chapter 27 Tolerate, Treat, Transfer and
Terminate
The 4Ts of hazard
response.
Risk tolerance.
Risk treatment.
Risk transfer.
Risk termination.
Project and strategic
response.
Chapter 28 Risk Control Techniques
Hazard risk zones.
Types of controls.
5/24/2018 Risk Management Study Guide
25/53
STUDY GUIDE SMRK5103 Risk Management
25
5.5 Control of Selected HazardRisks
5.6 Insurance and Risk Transfer
Preventive controls.
Corrective controls.
Directive controls.
Detective controls.
Chapter 29 Control of Selected Hazard
Risks
Risk control.
Control of financial risks.
Control of infrastructure
risks.
Control of reputational
risks.
Control of marketplacerisks.
Learning from controls.
Chapter 30 Insurance and Risk Transfer
Importance of risk transfer.
History of insurance.
Type of insurance cover.
Evaluation of insurance
needs.
Purchase of insurance.
Captive insurance
companies.
Study Questions
1. Discuss the importance of risk appetite in an organisation.
2. Discuss the applications of PCDD control measures in managing risks.
5/24/2018 Risk Management Study Guide
26/53
STUDY GUIDE SMRK5103 Risk Management
26
Topic 6: Risk Assurance and Reporting
Learning Outcomes
By the end of this topic, you should be able to:
1. Describe the purpose and nature of internal control and the contributionthat internal control makes to risk management;
2. Outline the importance of the control environment in an organisationand provide a structure of evaluating the control environment (CoCo);
3. Describe the activities of a typical internal audit function and therelationship between internal audit and risk management;
4. Describe the activities involved in the ERM initiative and how these canbe allocated to internal audit, risk management and line management;
5. Outline the importance of risk assurance and identify the sources ofrisk assurance that are available to the board/audit committee;
6. Discuss the importance of risk reporting and the range of risk reportingobligations placed on companies, including Sarbanes-Oxley;
7. Provide examples of risk reporting approaches adopted by differenttypes of organisations, including companies, charities and governmentagencies;
8. Describe the importance of corporate social responsibility as acomponent of corporate governance and outline the range of topics
covered; and
9. Describe the steps involved in the successful implementation of a riskmanagement initiative, together with the barriers and actions.
5/24/2018 Risk Management Study Guide
27/53
STUDY GUIDE SMRK5103 Risk Management
27
Focus Areas Assigned Readings
6.1 Evaluation of the ControlEnvironment
6.2 Activities of the Internal AuditFunction
6.3 Risk Assurance Techniques
6.4 Reporting on RiskManagement
Hopkin, P. (2010). Fundamentals of risk
management: Understanding, evaluating and
implementing effective risk management.United States: Kogan Page Limited.
Chapter 31 Evaluation of the Control
Environment
Nature of internal control.
Purpose of internal control.
Control environment.
Features olf the control
environment.
CoCo framework of internal
control.
Risk aware culture.
Chapter 32 Activities of the Internal Audit
Function
Scope of internal audit.
Financial assertions.
Risk management and
internal audit.
Risk management outputs.
Role of internal audit.
Management
responsibilities.
Chapter 33 Risk Assurance Techniques
Audit committees.
Role of risk management.
Risk assurance.
Hazard, control and
opportunity risks.
Control of risk self-assessment.
Benefits of risk assurance.
Chapter 34 Reporting on Risk Management
Risk documentation.
5/24/2018 Risk Management Study Guide
28/53
STUDY GUIDE SMRK5103 Risk Management
28
6.5 Corporate SocialResponsibilities
6.6 Future of Risk Management
Sarbanes-Oxley Act of
2002.
Risks reported by US
companies. Charities risk reporting.
Public sector risk reporting.
Government report on
National Security.
Chapter 35 Corporate Social
Responsibilities
CSR and corporate
governance.
CSR and risk management. CSR and reputational risk.
CSR and stakeholder
expectations.
Supply chain and ethical
trading.
CSR reporting.
Chapter 36 Future of Risk Management
Review of benefits of risk
management.
Steps to successful risk
management.
Changing fact of risk
management.
Concept of risk appetite.
Concept of upside of risk.
Future developments.
Study Questions
1. Discuss the activities of a typical internal audit function and therelationship between internal audit and risk management.
2. Discuss the steps involved in the successful implementation of a riskmanagement initiative, together with the barriers and actions.
5/24/2018 Risk Management Study Guide
29/53
STUDY GUIDE SMRK5103 Risk Management
29
Topic 7: The Cost of Human ErrorLearning outcomes
By the end of this topic, you should be able to:
1. Describe the key features of a risk-aware culture (LILAC); and
2. Explain how the key components can be measured.
Focus Area Assigned Readings
7.1 Learning from the Past
7.2 The Need for Safety
7.3 Safety Culture
Goetsch. (2011). Occupational Safety and
Health for Technologists, Engineers andManagers(7th ed.). Pearson. Pg. 3 9.
Safety and Health Movement, Then and Now
Developments Before the Industrial
Revolution
Milestones in the Safety Movement
Tragedies that have Changed the Safety
Movement
OSH Current Situation
Rates of Occurrence of Occupational
Accidents and Fatalities
Comparison of OSH Performance Profilesbetween Malaysia and Other Countries in
East Asia
National Competitiveness Index Versus
National Occupational Fatality Occurrence
Rate
OSH Contribution to the Malaysian Quality
of Life
OSH Culture Establishment
Long Term Vision for OSH in Malaysia
Safety Culture A Tool in Sustaining
Productive Human Capital
Occupational Safety and Health Master Plan for
Malaysia 2015 by Ministry of Human Resources
Malaysia.
5/24/2018 Risk Management Study Guide
30/53
STUDY GUIDE SMRK5103 Risk Management
30
7.4 Understanding Human
Error
Goetsch. (2007). Occupational safety and
health for technologists, engineers and
managers(7th ed.). Pearson. Pg. 34 36.
Human Factors Theory of Accident Causation
Overload
Inappropriate Response and Incompatibility
Inappropriate Activities
Huma Factors Theory in Practice
Study Questions
1. Explain how workplace tragedies have affected the safety movement.
Give examples.
2. Discuss the importance for organisations to establish safety culture.
3. Using your organisation as an example, explain how it is able to realise
OSH-MP15.
5/24/2018 Risk Management Study Guide
31/53
STUDY GUIDE SMRK5103 Risk Management
31
Assessment Guide
Refer to myVLE.
Assignments
There is one assignment in this course. Commonly, the assignment will befocusing on the application of OSH legal requirements for the purpose of anorganisations relevant legal compliance. The assignment questions will beassessed from OUM`s Virtual Learning Environment (myVLE). It is yourresponsibility to make sure that your assignment reaches the coursecoordinator within the time frame.
The objective of the assignment is mainly to give you an opportunity toexplore and analyse OSH legal requirements in depth. You are encouragedto use critical thinking in your assignment especially for the application oftheories into practice. The assignment is guided by the contents of therecommended textbook and recent journals.
As mentioned earlier, graduate students must demonstrate that they haveread widely and researched their topic well. It is NOT sufficient to rely oninformation in the assigned textbook or in the Course Guide to complete yourassignment. Using a variety of references will give you a broader perspectiveon the various topics and will provide a deeper understanding of the subject.
The criteria for the assessment of this assignment cover content, structureand thinking skills. In general, you are required to write clearly, using correctspelling and grammar. You also have to submit a paper that shows evidenceof the following:
(a) Reflection: Reflect critically on issues raised in the course.
(b) Deliberation: Consider and appreciate a range of points of view,including those included in the course material.
(c) Application: Develop your own view with regard to application of theconcepts and focus areas covered in the course.
(d) Argument: State your argument clearly with supporting evidence fromrelated research and demonstrate appropriate referencing of sources.
5/24/2018 Risk Management Study Guide
32/53
STUDY GUIDE SMRK5103 Risk Management
32
(e) Integration: Draw on your own experiences and integrate theinformation in the course assignment.
Do Not Plagiarise
As a graduate student, remember that your own thinking and the knowledgeyou construct as a participant in a course are integral to learning. Tosucceed in the course, you should never resort to plagiarism or copying atany level whatsoever. Plagiarism refers to any form of deception in awritten paper(such as assignments or essays) by a student. It is intendedto deceive the instructor about the students abilities or knowledge or theamount of work that is actually contributed by the student. Here are some
examples sourced from a local site (www.ppl.upm.edu.my).
1. Copying large sections of a paper from the Internet or print sources and
not acknowledging these sections as quotations.2. Paraphrasing or restating someones argument without acknowledging
the author. Remember that detailed arguments from clearly identifiablesources must always be acknowledged.
3. Purchasing or buying essays or papers written by other students.
4. Taking credit for work produced by someone else. This includesphotographs, charts, graphs, drawings, statistics, video clips, audioclips, verbal exchanges such as interviews or lectures, performanceson television and texts printed on the web.
5. Taking double credit by submitting the same essay for two or morecourses.
Avoiding Plagiarism
Here are some ideas from www.ppl.upm.edu.myfor avoiding plagiarism inyour assignments and essays.
1. Insert quotation marks around "copy and paste" clauses, phrases,sentences or paragraphsandcite the original source.
2. Paraphrase clauses, phrases, sentences or paragraphs in your own
wordsandcite your source.3. Adhere to the American Psychological Association (APA) stylistic
format, when citing a source and when writing out the bibliography orreference page.
4. Write independently without being overly dependent on informationfrom others.
5/24/2018 Risk Management Study Guide
33/53
STUDY GUIDE SMRK5103 Risk Management
33
5. Original work. Read a text, put it away and then write about what yourhave read in your own words.
6. Educate yourself on what may be considered common knowledge (nocopyright necessary), public domain (copyright has expired or not
protected under copyright law), or copyright (legally protected).
Documenting Sources
Remember that when you quote, paraphrase, summarise or refer tosomeones work you are required to cite the source. Here are some of themost commonly cited forms of material (See www.jfklibrary.org,
library.duke.edu/research/citing andwww.ppl.upm.edu.my).
Direct citationusing quotationmarks
Simply having a list of thinking skills is no assurance thatchildren will use it. In order for such skills to become partof day-to-day behaviour, they must be cultivated in anenvironment that values and sustains them. Just aschildrens musical skills will likely lay fallow in anenvironment that doesnt encourage music, learnersthinking skills tend to languish in a culture that doesntencourage thinking (Tishman, Perkins and Jay, 1995,p.5).
Indirect Citation
using referential
According to Wurman (1988), the new disease of the
21
st
century will be information anxiety, which has beendefined as the ever-widening gap between what oneunderstands and what one thinks one shouldunderstand.
Referencing
All sources that you cite in your paper should be listed in the REFERENCEsection at the end of your paper. Below are some suggestions, as listed in
library.fayschool.org/ Pages/Citation_Guide.htm
From a Journal Brown, E. (1996). The lake of seduction: Silence,hysteria, and the space of feminist theatre. JTD:Journal of Theatre and Drama, 2, 175-200.
From an OnlineJournal
Evnine, S. J. (2001). The universality of logic: On theconnection between rationality and logical ability[Electronic version]. Mind, 110, 335-367.
5/24/2018 Risk Management Study Guide
34/53
STUDY GUIDE SMRK5103 Risk Management
34
Retrieved January 12, 2008, from PsyCARTICLESdatabase.
From aWebpage
National Park Service. (2003, February 11). AbrahamLincoln Birthplace National Historic Site. RetrievedFebruary 13, 2003, from http://www.nps.gov/abli/
From a Book Fleming, T. (1997). Liberty! The American Revolution.New York: Viking.
From an Articlein a Book
Cassel, J., & Zambella, B. (1996). Without a net:Supporting ourselves in a tremulous atmosphere.In T. W. Leonhardt (Ed.), "LOEX" ofthe West: Teaching and learning in a climate ofconstant change (pp. 75-92). Greenwich, CT: JAIPress Inc.
From a PrintedNewspaper
Holden, S. (1998, May 16). Frank Sinatra dies at 82:Matchless stylist of pop. The New York Times, pp.
A1, A22-A23.
5/24/2018 Risk Management Study Guide
35/53
STUDY GUIDE SMRK5103 Risk Management
35
Appendix A
Assignment
SMRK5103 RISK MANAGEMENT
Objective:
The purpose of this assignment is to analyse organisational risks based ondifferent RAM.
The task
You are given TWOarticles entitled:
1. A semi-quantitative assessment of occupational risks using bow-tierepresentation.
2. Appraisal of a new assessment model for SME.
Read the articles given and answer the following questions.
For each article, DISCUSSthe methodology used in assessing risks. Yourdiscussion should include but is not limited to:
(i) The suitability of the method in assessing risks;
(ii) Coverage or scope of risks;
(iii) The advantage of the Risk Assessment Matrix (RAM) used;
(iv) The limitation of the RAM used; and
(v) Suggestions to further improve the risks assessment methodology.
(60 marks)
5/24/2018 Risk Management Study Guide
36/53
STUDY GUIDE SMRK5103 Risk Management
36
Appendix BLearning Support
SMRK5103 RISK MANAGEMENT
Seminars
There are 15 hours of face-to-face facilitation provided for the course. Therewill be FIVE seminars of three hours each. You will be notified of the dates,times and location of these seminars, together with the name and e-mailaddress of your facilitator, as soon as you are allocated a group.
Discussion and Participation
Besides the face-to-face seminars, you have the support of onlinediscussions in myVLE with your facilitator and your coursemates. Yourcontributions to the online discussion will greatly enhance yourunderstanding of course content, and help you do the assignment andprepare for the examination.
Feedback and Input from Facilitator
As you work on the activities and the assigned text, your course facilitatorwill provide assistance to you throughout the duration of the course. Thefacilitator will also mark your assignment and give you feedback on yourperformance. At any time that you need assistance, do not hesitate todiscuss your problems with your facilitator. The seminars and the onlineforum can also be used for any of the following situations:
When you have difficulty with the contents of the textbook or if you do notunderstand the assigned readings.
When you have a question or problem with the assignment.
Bear in mind that communication is important for you to be able to get themost out of this course. Therefore you should, at all times, be in touch withyour facilitator and coursemates, and be aware of all the requirements forsuccessful completion of a course.
5/24/2018 Risk Management Study Guide
37/53
STUDY GUIDE SMRK5103 Risk Management
37
Appendix C
Study Paths for Success
Time Commitments for Study
You should plan to spend about six hours of study time on each topic, whichincludes the time spent doing all assigned readings and activities. You mustschedule your time to discuss the work online and spend enough time oneach topic for this course. It is often more effective to distribute the studyhours over a number of days rather than spending the whole day studyingone topic. You have some flexibility as there are 10 topics spread over aperiod of 15 weeks.
Study Strategy
The following is a proposed strategy for working through the course. If youhave difficulty following the strategy, discuss your problems with yourfacilitator either through the online forum or during the seminars.
(i) The most important step is to read the contents of this Course Guidethoroughly.
(ii) Organise a study schedule. Take note of the amount of time you spendon each topic, as well as the dates for submission of the assignmentsand seminars.
(iii) Once you have created a study schedule, make every effort to stick toit. One reason students are unable to cope with postgraduate coursesis that they delay their course work.
(iv) To understand the various dimensions of the course, do the following:
Study the Course Overview and the entire list of topics. Thenexamine the relationship of a topic to other topics.
Complete all assigned readings and go through the supplementarytexts to get a broad understanding of course content.
Do all activities and read the Scenarios in the assigned textbook tounderstand the various concepts and facts presented in a topic.
5/24/2018 Risk Management Study Guide
38/53
STUDY GUIDE SMRK5103 Risk Management
38
Draw ideas from a large number of readings as you prepare for theassignment. Work on the assignment as the semester progressesso that you are able to systematically produce a commendableportfolio or paper.
(v) When you have completed a topic, review the Learning Outcomes forthe topic to confirm that you have achieved them and are able to dowhat is required.
(vi) After completing all topics, review the course content to prepare for thefinal examination. Review the Learning Outcomes of the course to seeif you have covered all the relevant parts of the course.
5/24/2018 Risk Management Study Guide
39/53
Appraisal of a new risk assessment model for SME
M. Fera, R. Macchiaroli *
Dipartimento di Ingegneria Aerospaziale e Meccanica, Seconda Universit di Napoli, Real Casa dellAnnunziata, Via Roma, 29, 81041 Aversa (CE), Italy
a r t i c l e i n f o
Article history:
Received 9 November 2009
Received in revised form 21 April 2010
Accepted 14 May 2010
Keywords:
Risk assessment
Safety at work
FMECA
SCEBRA
AHP
a b s t r a c t
The identification, assessment and reduction of the risks is among of the most important issues of t
safety at work. This papers goal is to demonstrate the effectiveness of a new risk assessment method p
posed by the authors and presented in the past (Fera and Macchiaroli, 2009). In general, one can deal w
risk assessment using different methods: quantitative, qualitative or a mix; however, the typical modproposed in the literature are difficult to implement in SMEs. The method proposed in this paper i
mixed one whose effectiveness is demonstrated through an application study carried out in differe
industrial systems, like a steel industry or a logistic services provider.
2010 Elsevier Ltd. All rights reserv
1. Introduction
The injuries statistics (Table 1) released by the International
Labour Organization (ILO) for 2007 are very significant.
They show how health and safety problems are very far frombeing solved. It is well known that an effective approach to healthand safety at work needs a suitable risk assessment phase, the
adoption of prevention and protection actions and the implemen-tation of a severe safety audit phase. However, less attention has
been paid to these phases in the practice, using non-appropriate
tools and methodologies which are either too complex to manage
or too simple and subjective, thus not suitable to recognize hazards
and reduce the corresponding risks.
The aim of this paper is to assess the effectiveness of a new and
reliable assessment model presented in Fera and Macchiaroli
(2009), able to face the aforesaid applicability difficulties of the
models developed so far and to show, through its application to
several industrial plants, how an improvement in safety condition
can actually be achieved. The proposed model is based on knowntechniques, such as Failure Modes and Effects Criticality Analysis(FMECA), Scenario Based Risk Assessment (SceBRA) and Italian
standard UNI 7249:2007. These techniques are integrated within
a procedure composed by seven steps, some quantitative and some
qualitative. This model also includes the Analytic Hierarchy Pro-
cess (AHP) decision making technique, which as well known
is useful to minimize inconsistencies in experts judgments, within
the subjective phases of risk assessment.
The paper is organized as follows. After discussing the main fe
tures of relevantmodels presentedin theliteratureand theopen
sues in risk assessment, Section3contains a brief overview of t
AHP technique in order to underline its importance in the propos
model. Afterwards, the proposed model is described in detincluding a discussion about its main features and advantages. Bfore concluding, we also report the results from an experimen
campaign carried in three manufacturing and services firms.
2. Literature review and open issues
The identification and choice of a suitable risk assessment mo
el has been felt as a crucial issue for decades. So far, models usedthe practice were developed for different applications and adapt
for health and safety at work. A possible classification is presentinTable 2.
Please note that qualifying methods as quantitative or qu
itative does not mean they are objective or subjective. So, in t
paper we refer to quantitative or qualitative to indicate whetha method makes use of numerical data or not, while we refer
a subjective method when it mainly relies on experts judgme
Since the judgment, in turn, can be qualitative or quantitative,
the last case we also refer to the corresponding method as qua
quantitative.
Thus, subjective methods are focused on the experts contribtion. Experts are responsible to predict the possible interactio
between workers, machines and work environment. Subjectmodels cannot be implemented in all kind of firms, because of th
intrinsic uncertainty which makes them not suitable for seve
applications; think, in example, to risk assessment in the chemi
0925-7535/$ - see front matter 2010 Elsevier Ltd. All rights reserved.
doi:10.1016/j.ssci.2010.05.009
* Corresponding author. Tel.: +39 0815010339; fax: +39 0815010204.
E-mail address:roberto.macchiaroli@unina2.it(R. Macchiaroli).
Safety Science 48 (2010) 13611368
Contents lists available at ScienceDirect
Safety Science
j o u r n a l h o m e p a g e : w w w . e l s e v i e r . c o m / l o c a t e / s s c i
5/24/2018 Risk Management Study Guide
40/53
or oil & gas industry, where generally sophisticated reliabilitymodels can and must be applied, and normally lead to a wide ex-
tent of success. Instead, subjective models can be used with good
results in the non industrial environments. In the international lit-
erature there are some contributions about risk assessment for
fishing vessels (Piniella et al., 2009), using a check-lists method,
or for large transport networks and urban systems (Chen et al.,
2009). Other authors (Van Duijne et al., 2008) developed a subjec-
tive assessment model based on the European guidelines RAPEX,
used for food quality and safety assurance. Another subjective
method example is the DELPHI analysis, which is a structuredmethod that gives a hierarchy of the decisions to be evaluated
and achieves a final decision through verbal experts judgements.These models are often used in SMEs due to their simplicity,
although in some cases their application can be misleading, as
underlined by many authors (Hetherington et al., 2006; Wirth
et al., 2008; Lingard et al., 1997).
Quantitative models, both objective and subjective, are widely
used in many fields, like in large industrial firms or in the oil and
gas industries. These models make an extensive use of reliability
analysis and, thus, are based on process decomposition techniques
and failures likelihoods knowledge. Indeed, several works are
based on the Bayesian approach for fault tree analysis or for event
trees analysis (Martn et al., 2009; Doytchev et al., 2008). The sta-
tistical approach is also used for other types of risk assessment
models, as for the Bow-Tie ones (Ale et al., 2008). The Bow-Tiemodels are based on the identification of a link between causes
and effects of events, and identify a direct quantitative relation be-tween risk sources and risk consequences. A likelihood is associ-
ated to all possible paths from a cause to an effect, that is, an
expression of the relative importance of a specific risk as connected
to a risk source. Objective methods are used to assess risks in the
chemical industry (Glickman et al., 2007; Brito et al., 2009) or in
the coal mines (Sari et al., 2009); in these sectors safety is often re-
lated to specific possible accidents, whose severity justifies the
adoption of quantitative evaluation techniques.
Existing literature reports some works using mixed quali-quan-
titative methods. Some authors apply typical techniques of knowl-edge analysis, as fuzzy theory (Grassi et al., 2009), trying to
formalize and quantify subjective aspects, treated as fuzzy vari-
ables. Other contributions on this issue are given by the application
of techniques such as the well known HAZOP method and the FSA,
that was developed and suggested to be applied in the maritime
field by International Maritime Organization (IMO) (IMO, 2002)
The FSA is a structured and systematic approach to assess complex
situations. Examples of its application are reported in the literature
(Hu et al., 2007; Wang, 2002; Ventikos and Psaraftis, 2004). The
FSA method is a structured and costly method, therefore as
underlined by several authors it was mainly used in the maritime
sector, but its application to other, less capital intensive sectors, isnot easily justifiable. Among the works appeared in the literature
it is worth to mention the contribution by Hu et al. on 2007, whopropose an integration between the FSA and fuzzy methods.
Starting from our first need, i.e., to create a model suitable and
effective for SMEs, that goes beyond the objective and quantitative
models complexity and the non-effectiveness of subjective models
we explored the possibility to create a model for this kind of firms
based on an approach which represents a compromise between the
different models. The absence in the existing literature of a such a
model and the need for an improvement in existing safety assess-
ment tools for SMEs, convinced us that there is space for working
on mixed quali-quantitative methods. The lack of such approaches
can be due, in our opinion, to the little attention paid so far to
safety in the small and medium enterprises (SMEs) by researchersand practitioners. This fact, in turn, might be due to the higherinterest paid by them to larger industrial firms, which in a first
analysis could be identified as a major risk source, while all sta-tistics show, instead, that most part of injuries and deaths are more
likely to occur in SMEs. For all the reasons mentioned so far, the
purpose of this work is to propose a mixed risk assessment meth-
od, able to overcome the practical difficulties generally found by
SMEs in the application of objective and quantitative techniques
(also due to the higher skills required to this aim) and to fill the
gap between the results obtained by the application of subjective
approaches, generally employed, and the need for a reliable risk
assessment.
One of the foreseen advantages of the proposed method is that,without using costly objective or mixed methods, it allows to
achieve a good match between the results of the risk assessmentand actual risk relevance. In other words, this means that the pro-
posed method achieves better results using similar resources.
3. The Analytic Hierarchy Process (AHP) framework
The AHP (Saaty, 2000) is a technique used in decision making
Based on the contribution of different experts, it aims at the crea-
tion of a unique priority index for each possible decision, that sum-
marises all experts judgments, minimizing their inconsistency. In
general, the procedure, given an objective and given a set of possi-ble choices and/or decisions to achieve that goal, calls the experts
to express a relative judgment of relevance of each choice, when
compared to all the others.
The main difference between AHP and the DELPHI methodmentioned before, is that the AHP technique is not simply based
on verbal judgements but also makes use of quantitative
evaluations.
So, given a set of possible decisions, D= [D1,D2, . . . ,Dn], the ex-
pert has to indicate a relevance judgment of each decision com-
pared with all the others, examined one by one. Each expert
gives a relevance judgment, that could be named jkil, where k and
i are the counter of all the decisions belonging to the set D and lis the counter of the lth expert. All judgments for each couple of
decisions (Dk,Dj), will be synthesized using a geometrical mean
through(1).
jkiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffijki1jki2 . . .jkin
n
q 1
Table 1
Worldwide 2007 injuries and deaths.
Type of injury Number of injuries
Workplace injury 250.000.000 inj/year
8 inj/s
Children workplace injuries 12.000.000 inj/year
Deaths 1.300.000 death/year
Table 2
Methods for the health and safety risk assessment.
Qualitative
What if? analysis
Safety review
Check lists
Quantitative
Fault tree analysis
Events tree
Bow-Tie model
Quali-Quantitative
Hazards and Operability Study (HAZOP)
Failure Methods and Critical Analysis (FMECA)
Formal Safety Assessment (FSA)
1362 M. Fera, R. Macchiaroli/ Safety Science 48 (2010) 13611368
5/24/2018 Risk Management Study Guide
41/53
The use of the geometrical mean for the collection of different
judgments is fundamental, because it has been demonstrated
(IMO, 2002) that its use minimizes the inconsistency of the com-
parison matrix C(see forward), for the reason that the unanimity
and homogeneity properties are respected. The unanimity prop-
erty states that, when all the experts give the same judgment x,
the resulting overall judgment should bex. The homogeneity prop-
erty states that when individuals give a judgement u times larger
than another, the resulting overall judgment should be utimes lar-ger too. A mathematical formulation of the unanimity and homo-
geneity properties is reported in (2) and (3)
fx;x;. . . ;x x 8x 2 X 2
fux1;ux2;. . . ; uxn ufx1;x2;. . . ;xn 8 x;ux2 X; u2 R 3
Once the resulting overall judgments are computed, through Eq.
(1), they are inserted into a square matrix (nxn), named compari-
son matrix, C.
C D1 D2 . . . . . . DnD1
D2
. . .
. . .
Dn
j11 j12 . . . . . . j1n
j21 j22 . . . . . . j2n
. . . . . . . . . . . . . . .
. . . . . . . . . . . . . . .
jn1 jn2 . . . . . . jnn
0
BBBBBB@
1
CCCCCCAA fundamental condition to be respected for the applicability of
the AHP methodology is that the comparison matrix Cis consis-
tent. We say that a matrix A = (aij) is consistent if the transitivity
and symmetric properties are satisfied, as expressed in (4) and (5).
aijajk aik where i;j; k 1; 2;. . . ; n 4
aijaji 1 wherei;j 1; 2;. . . ; n 5
To maximize the consistency index of matrixC, besides the fact
that elements with k=i always equal 1, the elements with k i
should respect the condition reported in(6).
jik 1
jki6
In real applications, however, it is possible that relation (6)is
not satisfied. This implies that an inconsistency may occur. For
the correct applicability of the AHP methodology, it is important
that the inconsistency of the comparison matrix C is less than
10%, i.e., the number of times in which relations(4)are not verified
has to be less than 10%.
The ranking of the possible decisionsDi, as stemming from the
judgments of experts, can be computed from the entriesj ik of the
comparison matrix C. To each row, corresponding to a decision
Di, is assigned a priority index pi, computed as the ratio between
the sum of the entries of that row (P
kjki) divided by the sum of
all entries inC(P
kP
ijki), as reported in(7).
pi Xk
jki
,Xk
Xi
jki 7
4. The proposed risk assessment model
The proposed model is divided in three phases and each phase
is divided into steps, that involve, alternatively, methods like FME-
CA, SCEBRA, standard UNI 7249:2007 and AHP. In Table 3, we re-
port the methods used for each step.The first aims at the creation of the work team and the classifi-
cation of major risks; this is achieved using the SceBRA and theAHP techniques. In the second phase the risk assessment is focused
on the risk criticality calculation, and this is achieved using t
Italian UNI standard and the FMECA technique. The last pha
deals with the identification and classification of preventive a
protective actions to minimize the risks; this task is achieved usi
again the AHP and some safety economic measurement te
niques. Refer to Fig. 1 for a schematic sketch of the propos
model.
The SceBRA technique is mostly used in the management fie
especially when an analysis of different development scenarios
needed. Just in a few cases SceBRA has been used for the safe
risks analysis. In our model, it is used to overcome the probleof the risks identification.
The literature reports some contributions that use FMECA to
sess safety problems. Indeed, in practice it is quite easy to find
the FMECA modules columns reserved to the maintenance acti
ties safety. In turn, in our model the FMECA is just used as a refe
ence to evaluate the criticality of each risk.
UNI 7249:2007 is an Italian standard that illustrates the calc
lation methods for the frequency and consequence indexes, sta
ing from the injuries data available in each firm.
AHP has been selected to reduce the subjectivity of steps 2 a
6. AHP permits to give relative judgements of relevance among dferent risks, not just using numerical values, but also with ver
statements (indeed, a translation table from verbal statementsnumerical values is also present). Refer to former Section 3 fo
deeper introduction to that technique. It is important to note ththe choice of the AHP, instead of other structured methods such
the DELPHI one, was due to the more reliable analysis of the AH
that is conducted using mathematical tools.
In the following part of the paper we analyse and describe
better detail the seven steps of the model used to perform r
assessment.
4.1. Phase 1 major risk identification
The first step, i.e., team building, is very important, because i
the main element to ensure an adequate reliability of the asse
ment. Team composition could be deduced from the safety fiorganization, that is imposed, largely, by national safety law
Our will is to build a new assessment model, also respectful
safety laws in force. The minimal team composition should b
(i) the safety responsible, (ii) a work medicine expert and (iii
production worker expert.
The second step, i.e., risk identification, is carried out with t
application of the AHP technique. For each couple of risks, expe
will give a judgement of relative importance. Each risk is assess
comparing itself with all the others; in other words, experts m
specify how much the analysed risk is relevant compared with
the others. The relative importance judgement given by experts
each risks couple are collected in a geometrical mean, which bcomes an element of the general comparison matrix, used to qua
tify priorities between all risks. The hierarchy used to determi
priorities between all possible firms risks is reported inFig. 2.
Table 3
Methods used for each step.
Phase Step Description Method
1 1 Team work identification SceBRA
2 Major events identification SceBRAAHP
2 3 Frequencies calculation FMECAUNI 7249
4 Conse quences calculation FMECAUNI7249
5 Criticality calculation FMECA
3 6 Improvement actions priorization AHP
7 Improvement action verifying Mixed technique
M. Fera, R. Macchiaroli/ Safety Science 48 (2010) 13611368 1
5/24/2018 Risk Management Study Guide
42/53
4.2. Phase 2 risk assessment
Once the results of the second step, i.e., the risks priority, are
obtained, it is possible to proceed to the third and fourth steps.Here the model proposes the calculation of the frequency and con-
sequence indexes, which are computed referring to Italian national
standard, UNI 7249:2007 (this standard is available also in English
as Statistics on occupational injuries). The equations used to cal-
culate both of them are reported in(8) and (9).
FIA Im
Eh 10
6 8
CIGT IGP IGM
E 10
3
IGT 7500
Pg
100
7500 m
E 103 9
In(8), IA is the number of injuries causing an inability lasting
more than a day, Imis the number of deaths and Eh is the worked
hours. In(9), IGT, IGP, IGMare respectively the off-work days due to
(i) a temporary injury, (ii) to an injury with permanent conse-quences and (iii) to a death injury, and Eis (iv) the total number
of workers employed in the specific work sector. All these dataare, normally, available in the firms injury registration book.
Please note that in the proposed procedure Fand Care not an
estimate, possibly given by the risk auditor, of, respectively, the
probability of occurrence of the dangerous event and of the impor-
tance of the damage caused, as it usually occurs in typical riskassessment procedures. In the proposed modelFand Care simply
computed using historical data.After this step, the procedure starts to implement the fifth step
i.e., the calculation of the general criticality index that integrates
the results obtained in previous steps. The equation used to calcu-
late the evaluation index is reported in(10).
Ik Fk Ck pk DF C
Fk Ck pk F Cmax F Cmin 10
In(10),FkandCkare, respectively, the frequency and the conse-quence indexes for the kth risk analysed, as computed in steps 3
and 4, andpkis the priority index, as computed in step 2. So, again,Ikaccounts for the importance of thekth risk, as it results from the
firms history. The second term of the sum has been introduced
to assess all risks that do not have a history, i.e., for those risks
for which it is impossible to determine the frequency and the con-
sequence indexes. It is important to notice how the second term
gives a more specific evaluation of the typical risks of a firm; in
fact, thepkindex is calculated comparing each risk with the others
in specific working environment, while the difference D(F C) can
be seen as a reference scale, that gives an idea of the overall risk
level of a firm.
Willing to explain why the method proposes to evaluate the in-
dexIk as in expression(10), we could say that the attempt was to
introduce an evaluation method able to take into account, from onehand, the history of a firm, thus accounting not only for occurred
injuries (through the evaluation ofC) but also for not occurred ones(ifFhas a low value, that could mean also that prevention and pro-
tection measures in place might have been effective, despite of the
possible severity of the damage), from the other hand, the judg-
ments of experts, filtered through a method as AHP, as in tradi-
tional risk assessment schemes. In other words, we recognized
that relying only on experts traditional assessment methods could
lead to relying too much on their experience and not to pay enough
attention to the specific firm point of view, thus leading to empha-
size too much the consequences of an accidents and to underesti-
mate both the probability of occurrence and the prevention andprotection measures already in place.
Let us give an example. In real cases it could happen that a spe-cific hazard has never lead to the occurrence of an accident: think
1)Team work
identification
2) Major events
identification
S
C
EB
R
A
3) Frequencies
calculation
4) Consequences
calculation
5) Criticality
calculation
FM
E
CA
-
U
N
I
F
M
E
CA
SC
EB
R
A
-
AH
P
6) Improvementactions priorization
A
H
P
7) Improvement
action verifying
M
I
X
Phase 1 Phase 3Phase 2
Fig. 1. Assessment model.
Fig. 2. Risks hierarchy.
1364 M. Fera, R. Macchiaroli/ Safety Science 48 (2010) 13611368
5/24/2018 Risk Management Study Guide
43/53
in example, to a fire in a paper mill plant. When evaluating the fire
risk using our method, since the product F Cequals 0, it might
happen that the proposed method evaluates it as less relevant
compared to other risks; an expert, instead, could see the fire risk
as the most relevant risk, simply because of the serious conse-
quences of fire accident occurrence. So, which is the right way to
watch to the problem? In our opinion, clearly, the right way to as-
sess the risk is the one proposed here. In fact, the gravity of the fire
risk is accounted for with the second term of Eq. (10), while, if noaccident happened in the history of a firm, this means that the cor-
responding safety level is acceptable and, specifically, the preven-tion actions in place are effective. A conclusion which we might
draw from this example is that, if the prevention and protection
measure in place in a firm produced a history with no accidents,
this has to force the attention of the auditor not only towards risks
with major consequences but also towards other risks, more rele-
vant in that firm and, as retrievable from the firms safety history,
not properly managed in the past.
Another example, quite different, regards a risk that occurred in
one of the test cases presented afterwards in this paper. Let us con-
sider the risk stemming from the exposure to severe indoor climate
conditions in a service company dealing with logistics of flowers. A
traditional approach could lead to underestimate indoor climaterisk when compared with other risk, like in example mechanicalrisk, possibly because of their higher consequences. With our ap-
proach, the importance of the consequences of such risks is takeninto account through the second term of Eq. (5), but meanwhile
the analysis of the firms history leads to a relevant value of factor
Ffor the indoor climate risk (if that risk factor actually caused trou-
bles to employees health) in the first term of the equation, thus
allowing to balance different factors and to assess that risk prop-
erly. In other words, in this case, what the proposed method is able
to stress and take account for is the actual occurrence of a damage
and/or an injury and not only its probability, as estimated by an
expert.
Willing to draw up some conclusions, we might say that theproposed method defines a procedure to reduce the impact of a
wrong risk perception by experts. In particular:
the criticality index for a risk that has never been happened,
is composed by a term that is zero (i.e., the first term in Eq.
(10)) and by a term composed by the relevance judgement
of the experts, derived by the AHP method application
(i.e.,pk) and by an index that is specific to the firm analysed
in the assessment (i.e., D(F C)); the result is a mitigation of
the possible overemphasis resulting from a too high estima-
tion of the risks consequences that also takes into account
prevention and protection measures in place, and
the criticality index for a risk that occurred often is com-
posed by a term that properly takes into account the fre-
quency of occurrence (i.e., factor F in the first term of Eq.(10)) and by a term composed by the relevance judgement
of the experts, as before; the result is a mitigation of thepossible underestimation of the risk, that takes into account
the actual occurrence frequency of the corresponding dam-
ages and/or injuries.
Finally, let us propose a comment on how to apply the method
when the safety auditor is analysing a start-up company; in this
case the first term of Eq. (10)is equal to zero, not because the spe-
cific risk never lead to accidents, but because the firm has not got a
history. This problem could be overcome using external statistics
referred to the specific sector of the start-up firm. For example,in Italy the public work injuries insurance agency (INAIL) produces
the summary of the frequencies and consequence for the differentoperative sectors each year. So, using these statistics, the method
could be used also for the start-up firms. It must be claimed, ho
ever, that the best performance of the proposed method is actua
achieved in firms with a safety history.
4.3. Phase 3 improvement actions
Once a criticality has been defined for all risks, the model pr
ceeds with the sixth step, i.e., the identification of preventive aprotective measures used, respectively, to reduce the frequen
of occurrence and the consequences of the dangerous event. Th
step is implemented through a team meeting, as defined in st
1, and trough a new application of AHP. For each risk, the expe
will define some actions, and afterwards they will express their rative judgements between the proposed actions. The calculati
procedure to obtain the actions priorities is the same of stepThe improving actions hierarchy is shown inFig. 3.
The innovation of the method for the identification of preve
tion and protection actions is centered on the use of AHP, that pe
mits to reduce inconsistencies of the decisions regard
implementation priorities for the different corrective actio
decided for each risks. In other words, when defining priorit
among corrective actions, it may happen that some inconsisten
occurs or, more simply, that their scheduling does not respo
effectively to actual needs. The application of AHP allows to redu
this circumstance, simply because the AHP mathematical approa
is able to minimize inconsistencies among relative priority jud
ments given by experts to corrective actions.
Once prevention and protection actions, as defined in step 6, aimplemented, it is necessary to evaluate their effectiveness. This
the goal of step 7. To this aim we propose the use of an ind
named DOE, which has been created by the US Department Of E
ergy, and whose definition is reported in(11).
DOE10
2 106 D5 10
5 T2103 LWC10
3 WDL4102 WDLR2 10
3 NF
Eh
In(11), D is the number of deaths, Tis the number of injurwith total disability, LWCis the number of accidents with an injuWDLis the number of work absence days, WDLRis the number
days in which a production sector has to work in a limited mo
NFCis the number of near miss and Ehis the number of total wo
ing hours. Using this index over an appropriate time horizon, it
possible to measure the safety system improvement. If the ind
shows an increase from a period to another, i.e., the difference
the values it assumes over two periods is positive or equals ze
Fig. 3. Improving actions hierarchy.
M. Fera, R. Macchiaroli/ Safety Science 48 (2010) 13611368 1
5/24/2018 Risk Management Study Guide
44/53
it means that the assessment and the improvement actions were
not adequate, thus another implementation of the procedure is
required.
Notice how the application of the method finds its natural best
performance when it is applied in a continuous improvement
framework, such as the Deming wheel (Fig. 4), i.e., where there is
a continuous improvement led by the cyclic application of phases:
(i) plan, (ii) do, (iii) check, (iv) act. This is typical of all ManagementSystems that pursue continuous improvement strategies, like
Quality or Safety Management Systems planned as in ISO EN9001:2008 or OSHAS 18000.
5. The experimental campaign
To test the performance of the proposed method and its ability
to easily and properly assess risks and, consequently, to identify
effective prevention and protection measures, an experimentalcampaign was performed in three enterprises classified as SMEs.
The enterprises belong to two different sectors, the steel workindustry and the logistic services; in particular, two belong to the
first sector and one to the other one.
Before describing and commenting the results, let us explain
the method we used to validate the proposed model. The results
of the experiments, as stemming from the application of the pro-
posed method to the three firms, were compared with:
the results of traditional methods used to assess safety at work
in these firms and
the risk classification, as calculated from the injuries statisticsavailable for the industrial sector who they belong to.
The reason for not relying solely on firms available data is that
they could suffer from underreporting (think about missed acci-
dents) and limited exposure (so that real hazards may not have
materialized yet and hence not being represented in the statistics
but may still pose a significant risk). The use aggregated data, spe-
cific of an industrial sector, rather than data for individual firms,can possibly give a better, or at least a wider, picture of the risk
than company-specific data. Still, the use of company-specific data
helps in analysing and underlining special features which might bepresent within particular firms.
The effectiveness of the proposed method was assessed throughan index named reliability index computed as the distance be-
tween the ranking of each risk, available from the injuries registry
and from the national statistics for the sector, and the ranking
resulting from the application of the old and new methods; each
position in the ranking equals one distance unit; so, the best per-
formance is achieved if the distance index equals zero, while the
more the index grows, the more we can say that the proposed
method achieves misleading results compared to the actual risk
classification.
The first experiment was conducted in a steel working factory.It is an assembly line, operating on 3 shifts for 24 h. The working
activities include machines set-up, feeding of material to the ma-
chines and machine control. In the production line workers also
manipulate chemical products, as flammable or noxious
substances.
All the risks were identified and assessed using the new meth-
od. The criticality indexes, for the production line analysed, areshown inTable 4.
Fig. 4. The Deming wheel.
Table 4
Criticality index for the risks in the assembly line analysed.
Risk Criticality indexes
Mechanical 33,64
Knife parts contact 10,14
Material in movement contact 6,69
Electric 6,38
Noise 4,24
Fire 1,32
Vibrations 1,11
Table 5
Old and new assessment model risk prioritization compared with real data for first experiment.
Ne w assessment method Specific firm statistics Industrial sector national statistics Old assessment method
Mechanical Mechanical Material in movement contact Noise
Knife parts contact Knife parts contact Knife parts contact Fire
Material in movement contact Material in movement contact Mechanical Mechanical
Electric Electric Vibrations Electric
Noise Vibrations Noise Vibrations
Fire Fire Fire Material in movement contacts
Vibrations Noise Chemical Knife parts contact
Chemical Chemical Electric Chemical
Table 6
Reliability indexes for the assessment method analysed.
Distances New assessment
method
Old assessment
method
Compared to specific firm
statics
4 21
Compared to national
statistics
12 25
Table 7
Criticality indexes for the second experiment.
Risks Criticality indexes
Mechanical 25.12
Manual handling contact 6.79
Knife contacts 3.90
Noise 2.44
Electrical 1.76
Fire 1.03
Mechanical handling contact 0.74
Vibrations 0.62
Chemical 0.39
Micro-climate 0.31
Explosions 0.27
1366 M. Fera, R. Macchiaroli/ Safety Science 48 (2010) 13611368
5/24/2018 Risk Management Study Guide
45/53
Table 5 reports the risk priority ranking for respectively, the
proposed assessment model, the actual data available in the spe-
cific firm, the statistics data from the industrial sector as reported
by the Italian Health and Safety Insurance Institute (INAIL) and the
traditional assessment model used in the firm so far. As shown, the
new model matches actual d
Recommended