Mar 25, 2013 - Organizing and managing an enterprise involves ... Risk management, risk evaluation, sustainable development, ISO 31000:2009, strategic ...
2014 International Conference on Production Research – Africa, Europe and Middle East 3rd International Conference on Quality and Innovation in Engineering and Management
A PROPOSED FRAMEWORK FOR THE RISK MANAGEMENT EVALUATION L. Ivascu, A. Draghici, G. Fistis, I. Harpan, Z. Farkas Department of Management, Politehnica University Timisoara, 14 Remus str., 300191 Timisoara, Romania
Abstract Modern organizations continuous development and change requires business planners to rethink the way they organize and manage their businesses for sustainability. Organizing and managing an enterprise involves also, risk mitigation, and the risk should be managed according to the enterprise internal and external environment dynamics. Based on enterprise environment constrains and the European priorities in the field of occupational health and safety, the paper presents a framework for the risk management. The framework structure takes into consideration ISO 31000 requirements that is centered on the risk management, but also some additional elements. Finally, in the paper is presented a framework model for the risk management, being shown the ins and outs of the re-design risk assessment system. Keywords: Risk management, risk evaluation, sustainable development, ISO 31000:2009, strategic management.
1 INTRODUCTION Enterprises today needs to integrate sustainability and risk management into their strategies, not only to minimize potential losses, but to exploit new opportunities arising from the international and national sustainability agenda [1]. Risk is an inherent component, which occurs in business activities at all levels. Risk concept does not reflect negative aspects of a process; risks occurrences are essential in a system evolution and their management failures are key elements of learning. Different approaches of the phenomena analysis have concluded that the risk involves two elements: the probability of undesirable outcome and/or likelihood of developing opportunities. The process by which the enterprise is directed and coordinated risks are concerns to the risk management subject. It is the process of identifying loss exposures in order to select the most appropriate techniques for treating each exposure separately [2]. Critical to these decisions are the process of understanding each risk category and mainly, how it affects the whole system. If this approach is early applied, risk management can expose potentially crippling areas in systems engineering part. Successfully engineering today’s systems requires deliberate and continuous attention to the risk management. This is an activity designed to improve the way systems processes and activities will be completed on time, with low costs, and by meeting performance indicators and capability objectives [3]. Modern organizations continuous development and change requires business planners to rethink the way they organize and manage their businesses for sustainability. Currently a common concern, both nationally and internationally, is regarding sustainability. Problems affecting sustainability are opposite between population growth needs on the one part and the planet limited and scarce resources, the continuous degradation of the environment and new technologies, on the other part. The origin of the concept of sustainable development is rooted in Greek and Roman philosophy (where the relationship man - nature is respected). Only in the last four decades, the concept has been systematically defined as organizations long-term development that is ”viable only understanding the respect for the environment, social justice and economic profitability” [4]. In this context, the sustainable enterprise will be characterized by its ability to achieve a proper balance between the long-term production capacities (product with
the generic sense) and its own available, limited resources from the environment. This company will be involved in supporting local and regional sustainable development, too and will have to integrate itself in the horizontal and vertical development of the economic environment [5]. The European Commission launched on April 2000 the tool of triple basis line on the request of measuring their value, having as subordinated issues: 1. The environment: indicators measuring the impact of the campaign activities on the environment broadly – natural resources usage, rejecting the entire nature, territory occupation; 2. Economic: indicators collecting financial performances, their impact on the economic growth in their field of activity and obeying the ethical principles in business; 3. Social: indicators measuring the social consequences of the company as a whole its representatives: employees, solicitors, clients, local community [6]. In this context, sustainable development and risk management have to be integrated in order to achieve organization's strategic objectives. This approach will be considered and presented in the following. 2 OHS IS A PART OF RISK MANAGEMENT 2.1 Occupational health and safety Each enterprise operates through processes that are developed basically, by its human resources involvement. Therefore, the human resources could develop risks and thus we introduce Occupational Health and Safety (OHS) as a concept to be taken into consideration in the proposed framework. In the organization, all management areas interact. Sometimes OHS is just seen from the perspective of the accidents and incidents, inspections and audits, hazard management, and OHS policies and procedures [6]; but in fact, OHS is an integrative part of the risk management strategy and it has a role in all organizational areas including maintenance, training, purchasing, work system design, engineering process and production planning. Enterprises, which successfully deal with OHS, integrate it into the management systems used to support all business processes. 2.2 Priorities The European Union (EU) priorities regarding occupational risks are formulated in OSHA report [7] of January 2014. The report’s objective was to identify priorities for OSH research in the next period, in accordance with the Europe
2020 Strategy and the Horizon 2020 programme and their priorities and key objectives of smart, sustainable and inclusive growth and excellent science - competitive industries - better society. Occupational risk strategic directions proposed at the European level are summarized in Table 1. Based on EU priorities regarding occupational risk, we proposed the integration of these requirements into the structure of the new framework for the risk management. It will be based on these key priorities but also, in alignment with the organization's overall sustainable development objectives. This will create a realistic risk assessment framework by strongly integrating OHS into the risk management strategy. Both risks perspectives, its management (integrated OHS) and sustainable development are key concepts in the enterprise longevity. 3 DEVELOPMENT OF THE PROPOSED FRAMEWORK STRUCTURE 3.1 ISO 31000:2009 on risk management ISO 31000 [9] is focused on framework structure of risk management, but there are some elements omitted in this proposal. Therefore, ISO 31000:2009 becomes the main pillar for the risks evaluation and management at the enterprise level. ISO 31000 was developed in 2009, and the standard is associated with risk management. It can be deployed and implemented in any enterprise, regardless of its sector and can be applied to any type of risk mitigation process. Among the advantages of this standard are [10]. • Achieving the objectives in high proportions; • Possibility to identify hazards associated with the process enterprise; • Increased confidence of the interested parties (stakeholders); • Developing a stable basis for decision making and planning; • Sustainability of the enterprise; • Improving operational efficiency and effectiveness; • Minimizing losses; • Strengthening organizational resistance. Figure 1 presents a schema of the risk management according to ISO 31000:2009 standard. In order to eliminate the redundancy generated by the great number of standards, representatives of European risk management associations have disputed the need for an ISO standard since the idea was proposed over 10 years ago. Instead, they have promoted the idea of guidelines, which are, in ISO terminology, less acute than standards. In the meantime, varieties of standards or standard-like documents (guide, framework, etc.) have been developed to address specific risk management areas and received wide acceptance [11]. In Europe, under the name of Risk Management Standard in 2002 appeared a guide carried out by a team of specialists who came from big organizations of risk management in United Kingdom: The Institute of Risk Management - IRM, The Association of Insurance and Risk Managers – AIRMIC and The National Forum for Risk Management in the Public Sector - ALARM. In addition, this standard is a result of the collaboration with a lot of other specialists from different domains, interested in risk
management, during a long period of consultations and opinions exchange. The Federation of European Risk Management Associations (FERMA) has adopted the Risk Management Standard published in the United Kingdom in 2002. Versions in several languages of this pan-European standard of best practice in risk management are available free for risk managers [11]. The terminology used by the Risk Management Standard is the one defined by the International Organization for Standardization (ISO) in the document Guide 73 Risk Management - Vocabulary - Guidelines for use in standards worked out in 2002 [11]. Risk Management Standard is not dedicated only to corporations and public organizations, but it can be used in any type of activity, on long or short term. It endorses the idea that benefits and opportunities do not have to be seen only in the context of the activity itself, but also in relation with the multitude and the variety of the involved stakeholders. Furthermore, the fact that risk management is both interested in positive and negative aspects of the risk. The standard takes in consideration the risk in two perspectives - opportunities and threats [11]. This standard has not the mission to offer prescribed solutions or to establish a certifying process. By using it, organizations will possess an instrument with which they can measure the degree in which the risk management framework is implemented and functions [11]. 3.2 The proposed approach The requirements of ISO 31000:2009 standard do not refer exactly to the risk management framework structure (what it should contain). However, both from the standard and other actual documents and researches in the field, a useful structure can be developed as a first step to clarify a systematic and holistic approach in risk management [12]. In addition, the structure of a framework for risk management should take into consideration the requirements of the global sustainable development [13]. In the first stage, such a structure can be seen as a black box having input data and information, a working area and an output area, as it is shown in Figure 2. In the proposed approach for the framework structure, the black box model has two types of inputs:
Normal activities associated inputs (input routine) inputs triggered by uncertain events, input from feedback, inputs from the business environment (competition, suppliers, interactions, customers);
Inputs generated by the legal environment as, regulations, norms, and standards (legal inputs). These consists of compliance with legal documents, opinions of external stakeholders, managerial inputs, inputs generated by health and safety at work norms and standards, but also, priorities of the European Union on OHS and sustainable workplaces development. The design model outputs are defined by elements of the base of risk management process, OHS management and risk management optimization. This framework structure involves several theoretical principles that can be addressed by integrating the approach in the overall management system of the enterprise. The implications assessments of the generally valid principles are presented in Table 2.
2014 International Conference on Production Research – Africa, Europe and Middle East 3rd International Conference on Quality and Innovation in Engineering and Management
Figure 1 : The risk management process based on ISO 31000: 2009 [11].
Figure 2: The proposed framework structure. The model of such a structure can be developed as in Figure 2. It can be seen that in the proposed model, there are two entrances for the framework structure: • A managerial input is related to knowledge management in the sustainable enterprise the implements the framework structure and involves defining official policies on risk management (there are constantly changing because each replacement / improvement of the process involves modifying activities), the implementation of these policies and empowering temporary management staff and / or experts in the risk management process; • Generic input - clearly determined by the specific action of the enterprise risk, materialized by unforeseen events and by the impact of OHS on the framework structure and thus also on the risk management process of the feedback corresponding to this impact.
The framework structure is in fact an information system able to gather, process, store and disseminate useful information for the enterprise and the environment in which it works. By using appropriate information technologies its operation can get more efficient. In addition, to the results generated within the enterprise, the proposed framework structure have included external outputs related to: 1. Important external stakeholders at the societal level – that receive key performance indices as permitted by the laws and by the enterprise impact on sustainable development; 2. The general report of risk management that support the sustainable development of the society and can discover, identify new priority directions in the European Union.
Table 1: Overview of the research priorities (adapted after [8]) Proposed direction The economic, societal and policy contexts
The economic dimension of OHS
OHS communication and risk communication
Demographic change — sustainable work for healthier and longer working lives
Globalization and the changing world of work
• • • • • • • • • • • • • • • • • • • • • •
OHS research for safe new technologies
• • • •
New or increasing occupational exposure to chemical and biological agents
• • • •
Actions The economic dimension of occupational safety and health - work is an economic activity Transversal issues. Demographic change — sustainable work for healthier and longer working lives Globalization and the changing world of work. Occupational safety and health and new technologies. Develop further the methodologies for estimating the socio-economic costs of occupational diseases, work-related stress and violence at work. Strengthen research on the economic dimension. Decision-making at the company level under OSH. Decision-making at the company level under OSH. Identify and characterize stakeholder and target groups. Evaluate the communication channels and media. Investigate the possibilities to use the new technologies. Develop risk communication. Develop comprehensive intervention models and strategies. Evaluate the association of work, health, work ability and work motivation with work participation. The age of the employees. Women at work and gender aspects in occupational health and safety research. Migrant workers and other vulnerable groups. Health inequalities and work. Major health problems. Health management in restructuring. Changing organizations, new employment and work patterns, and psychosocial risks. Violence and harassment at work. OSH in small enterprises. Risks in green technologies. Information and communication technology: opportunities and risks in the working environment. Electromagnetic Risk. Unknown risks of technology. Chemical Risk and Biological Risk. Management Risk. Mixed exposures in complex workplace settings.
Table 2: Principles of the risk management with interpretations 1.
2.
1.
2.
3.
Principle Risk management contributes to achievement of the objectives Risk management is a mandatory pillar in the general management Risk management - an essential element in decisionmaking Risk management involves uncertainty Risk management is dynamic, iterative responsive to change, and sustainable
Application of the principle from the perspective of the proposed framework Implementation of framework structure should lead to optimal management of losses caused by risks and developing opportunities by accepting moderate risk. An integration of the framework structure with other management tools of the enterprise is achieved. Because risk management is an essential element of the decision making process it must provide decision making scenarios of "what if" which should integrate reality and comply with the enterprise activity. By analogy with fuzzy systems, we define a coefficient of uncertainty which weights the risk assessment, coefficient that can be static - elected from the start and updated as needed. Framework structure is by definition a static approach - updated continuously but unitary implemented initially. The dynamic nature of framework structure must be given by its use by all the staff categories. The sustainability of the framework is given by the balance achieved during the process between the environments: social, economic and environmental.
2014 International Conference on Production Research – Africa, Europe and Middle East 3rd International Conference on Quality and Innovation in Engineering and Management
Figure 3: Framework structure model. 4 CONCLUSIONS The actual needs and requirements for a standardized procedure or methodology in the field of risk management is justified because there have been identify many efforts to develop and introduce, during the last few years, integrated risk management frameworks in organizations. The financial crisis has underscored the fact that significant improvements in risk management organizations and capabilities are required. The business community, the research and academia communities have recognized that the risk management standards have an important role in improving the effectiveness of the risk management integration into organizations general strategy. Furthermore, a great number of standards directed and undirected related with risk management are perceived like obstacles in increasing risk management effectiveness and efficiency. In this context, the creation of an ISO standard for general guidance in risk management, although without the intention for use as a certification procedure (as the ISO 9000 standard for the quality management does), is seen as an appropriate way to formalize the process and to harmonize all the evaluation risk methods. A framework structure for the risk management provides the policies, procedures and organizational arrangements that will embed risk management throughout the organization at all levels. Risks can be assessed at a enterprise level, at a departmental level, for projects, individual activities or specific risks.
Different tools and techniques may be appropriate in different activities (these will be our research objectives for the future). The risk assessment proposed framework provides a systematic approach for risks understanding together with their causes, consequences, and their occurrence probabilities (based on the suggested causeseffects analysis that should be developed for all risk evaluation process). The proposed framework implementation process has a first step in analyzing the sustainable management strategy of the enterprise. Having pre-defined a model for risk management, there can be followed the next step of the risk evaluation by identifying the appropriate information technology solution in order to automate the whole evaluation process. Finally, by integrating key elements as the risk management system, OHS and sustainability development strategy, there are created optimal environment conditions for the achievement of the enterprise objectives (performance indicators) and sustainable global support. Future researches and developments will proof these. Through the implementation of the proposed framework, organizations are able to evaluate their own practices from the perspective of the risk management depending on a recognized referential (best practices and examples that could be found in the ISO 31000:2009 community) at international level, offering rigorous principles for an effective management. Business executives, managers have to support to risk management evaluation process in their company using
the ISO 31000:2009 standard, but cumulating the new perspectives proposed by the new framework. These will conduct to move their enterprise toward established goals. At the organizational level, the risk management new evaluation framework enhances transparency and a global vision. The identified weaknesses (associated with risky situations) that may contribute to vulnerability can be done in early stages and this will support safety, efficiency, and discipline in the company and its processes. The scope and application of such new framework need to be assessed in the context of an organization’s overall development strategy and tailored to individual organization circumstances. A successful implementation requires support and leadership from executive management, a strong culture of risk management into organization, resources and time planning, a correlation of the risk management standard with others standards during implementation process, a continuous improvement and updating on the latest developments. 5 REFERENCES 1.
2.
3.
4.
Yilmaz, A.K., Flouris T., Managing corporate sustainabaility: Risk Management Proces based Perspective, African Journal of Business Management, vol. 4(2), pp. 162-171, (2010). Rejda, R.J., Principles of Risk Management And Insurance, Prentice Hall Publisher, 11th Edition, London, (2008). Izvercian, M., Ivascu,L., Miclea, S., Radu, A., Hazard Identification and Risk assessment in Sustainable Enterprise, 3rd International Conference on E-business, Management and Economics, Vol. 52, Hong Kong, China, pp. 58-61, (2012). World Commison on Enviromment and Development – Our Common Future, (1987).
5.
6.
7.
8.
9. 10.
11.
12. 13.
Ping-Kwan Lau, A., The “Great” Model for Sustainability and High Performance of SMEs, Asian and Pacific Centre for transfer of Technology, Pollince Hilling Pub., Honk-Kong, pp.24-30, (2010). European Commission, http://ec.europa.eu/index_ro.htm, last updates 25.03.2013. Forazin, M., Joia, L.A., Dimension of Analysis for Health Informatics in Brazil, CENTERIS 2013 Conference on ENTERprise Information Systems / PRojMAN 2013 - Health and Social Care Information Systems and Technologies, pp. 13441350, (2013). European Agency for Safety and Health at Work, Priorities for occupational safety and health research in Europe for the years 2013-2010, Publication Office of the European Union, (2014) Ball, J.D., Ball-King, L., Public Safeti and Risk Management: Improving Decision making, (2014). Duojia, L., Xiaohong, G., An Integrated Implementation of ISO 31000 - Standard Practices, (2013). Ciocoiu, C.N., Dobrea R.C., The Role of Standardization in Improving the Effectiveness of Integrated Risk Management, chapter 1, in: Nota G. (Ed.) Advances in Risk Management, published in August 17, 2010 under CC BY-NCSA 3.0 license, (2010). Standard Australia, AS/NZS ISO 31000:2009, Risk management- Principles and guidelines Sousa V., Almeida M.N., Dias A.L., Risk-based management of occupational safety and health in the construction industry, Background knowledge Safety Science, vol. 66, pp.75-86, (2014).
