Operational Risk Management (ORM)

ORM Overview

Why OESuite® for ORM Matters

The current view of Operational Risk Management (ORM) that seems to permeate the analyst community is primarily focused on traditional EHS compliance activities such as Audit, PHA, Incident Investigation, and Corrective Action Management. Other tools such as Bowtie analysis and work permitting are added into the viewpoint…but the focus is still firmly on traditional, siloed tactics specific to EHS or compliance activities. Because EHS and compliance do not focus on risk of production loss through inefficiencies, poor asset management, workforce competency, and conduct of operations, the typical EHS-first view of ORM doesn’t really address real risks that can have significant impact on an organization’s future.

OS comprehensively addresses all aspects of ORM in our Operational Risk Maturity Roadmap:

Maturity Roadmap graphic: 1. Ensure your basic ORM elements are in place; 2. Evolve to include core ORM elements; 3. Integrate advanced ORM elements

OESuite® Business Benefits for Operational Risk Management

Operational Risk Management Business Benefits graphic

OESuite® Mobile Applications

As the plant alignment and operational needs change, having an integrated mobile solution that enables EH&S, Maintenance, and Operations to collaborate is mission critical. From initiating work orders, to beginning an incident investigation, having access to information as conditions change, is critical to making the right decision, at the right time, in the field. The result is lower risk, safer startup, less delays in shutdowns, and improved efficiency and effectiveness.

OESuite® Integrations / Connectors

Connector icon graphic
ORM is an extension of PSM/RMP. Basic ORM as depicted in the maturity roadmap addresses core compliance activities including Work Permitting, Job Safety Analysis, Barrier Management and Management of Change. OESuite® integrations to support Basic ORM include: Incidents with MOCs; PHAs, Audits and Incidents with Corrective and Preventative Action (CAPA); and Barrier Management with Incident Investigation.

Additional integrations move to a single source of truth in the Core and Advanced maturity stages of ORM. For example, in the Core stage, a risk registry begins to take shape as a result of interoperability, with the Advanced stage leading to Asset Performance Management and Comprehensive Conduct of Operations.

OESuite integrations that support these maturity advancements include:

  • Procedures with Document Management and Process Safety Information for comprehensive Engineering Content Management
  • Organizational Change with MOC
  • Incident Management with Production Losses to enable Enterprise Loss Management
  • SIS and Alarm Management with PHA to complete the safety lifecycle
  • Spares Optimization as an extension of RCM
  • Asset Performance management as the result of Asset Strategy combined with Mechanical Integrity


At Operational Sustainability®, we help you devise a strategy for Operational Risk Management. From Process Safety, to cultural alignment coupled with ORM, we have you to ensure your privilege to operate is not at risk. We help create a comprehensive risk registry so that as threats emerge in real-time you are proactively notified so that you can evaluate mitigation options.

Operational Risk Management services graphic

ORM is a subset of Enterprise Risk Management (ERM). More specifically, Operational Risk Management (ORM) addresses operational and compliance risks and is thought of as an extension of process safety. The goal of ERM is to mitigate financial, operational and compliance risks to an acceptable level through policies, systems and procedures.

In effect as the market has moved away from compliance to risk management, ORM is an evolution of traditional EHS compliance.  In traditional ERM vs. ORM language, ORM is focused on everything that is non-financial in nature… although as we’ve discussed, in reality all types of risk have the potential for financial impact.

This shift has largely been driven by companies starting to plateau in safety and environmental performance (i.e. Total Recordable Incident Rate).  To make risk management more practical, companies are starting to broaden their view of risk management to include non-EHS areas such as supply chain, operations, maintenance, capital projects, and engineering.  The outcome is a risk registry that looks at all operational risks through a lens that creates a level playing field to properly prioritizing and actioning issues in real-time.  While EHS / PSM compliance are foundational to privilege to operate, having a comprehensive ORM framework goes far toward getting away from after the fact “reactive” compliance is key in identifying threats before they materialize.

Operational Risk Management Hazard/Consequence graphic

Key Factors that OS addresses in its Human Performance model include:

Graphic showing the 3 categories of Human Performance: Equipment Condition, Management Systems, People

In its simplest form, Enterprise Risk Management (ERM) is the holistic business approach an entity uses to manage the various threats and opportunities it encounters while accomplishing its mission. Risk is defined as any event that impacts a company’s ability to meet its objectives (losses and opportunities). So, creating an enterprise level system to manage risk (an ERM system) allows an organization to transparently communicate business risk to internal and external stakeholders… but it should not be confused with Operational Risk Management.

OESuite® Mobile Applications


Technical Content

OESuite® Integrations / Connectors

Webinars, Workshops, Tradeshows, and Training


For Industry