Operational Risk Management Taking on Heightened Importance
May 28, 2020
By Dan Miklovic, Founder and Principal Analyst at Lean Manufacturing Research, LLC; and a member of The Analyst Syndicate
Operational risk, according to the widely accepted EU solvency directives, is “the risk of a change in value caused by the fact that actual losses, incurred for inadequate or failed internal processes, people and systems, or from external events (including legal risk), differ from the expected losses.” Operational risk applies to virtually every industry, especially asset-intensive industries like oil & gas, petrochemicals, mining, infrastructure, and utilities. Unfortunately, operational risk cannot be eliminated in hazardous enterprises, at least as long as people, processes, and technology are imperfect. This means the only way to succeed as a business is to successfully manage operational risks, hence Operational Risk Management (ORM).
Another risk management approach is Enterprise Risk Management (ERM) which focuses primarily on the financial aspects of risk as it relates to capital and earnings. In the current COVID-19 pandemic environment much of the emphasis on ERM has been related to the risk that the coronavirus is generating. ORM is receiving less attention in most cases (i.e. staff working remotely instead of eyes in the field, less people in plants). This results in less granularity in the ORM risk profile because the organization is overwhelmed by the risks at the enterprise level. As the pandemic goes on and industry begins to resolve the risks associated with COVID-19, enterprise will discover that in many cases they are running a much riskier operation than previously realized. As a result of this coming revelation, companies need to re-baseline and develop ORM tools to enable visualization of the risks to the organization that occur outside of the factory floor. Organizations need to conduct technical reviews virtually (e.g. audits, PHAs) so that they can keep up with the operation. Companies can use this time to make changes so they don’t fall back into the old normal. For example, companies have to provide technical enhancements to the workforce to be able to maintain compliance and risk reduction activities with reduced and/or remote staffing.
ORM is About Leadership
Quality and management guru W. Edwards Deming noted, “the aim of leadership should be to improve the performance of man and machine, to improve quality, to increase output, and simultaneously to bring pride of workmanship to people. Put in a negative way, the aim of leadership is not merely to find and record failures of men, but to remove the causes of failure: to help people to do a better job with less effort.” It seems self-evident that ORM, performed well, is a primary mechanism to achieving that goal. It is, therefore, a leadership imperative to understand and execute ORM effectively. Effective ORM requires leaders to make operational excellence a core competency.
ORM Must Span Process and Organizational Silos
For ORM to deliver the intended results, it must be managed across an entire enterprise. Pursuing ORM in silos will not work because reducing risks in one area, without consideration for upstream, downstream, or adjacent area impacts, introduces additional risks into the overall system.
Traditional thinking is that ORM is focused on compliance with environmental, health and safety (EHS) regulations and practices and other risk areas are viewed in the context of their impact on EHS. This view is short-sighted since processes like Reliability-Centered Maintenance (RCM), loss prevention, and process safety mitigate risks other than those associated with EHS. Enterprises need to take a more holistic view of ORM. One such view is characterized by Operational Sustainability, LLC’s ORM maturity model shown in Figure 1. This presents a far more comprehensive view of ORM.
Disparate tools and information systems hinder an organization’s ability to manage risk. If different functions and organizational units are not using the same tools, to analyze the same data, it is unrealistic to think they will all end up at the same point. It means they will likely spend time debating whose information is correct instead of focusing on the root causes of the problem and how to fix it and remove or reduce the risk. Interoperability is the key to enabling proper tie backs that leads to enhanced efficiency and effectiveness. Without interoperability, companies will not realize the full transformational benefits of the maturity model.
ORM is More Important Now (Than Ever)
In many industries, ORM has been one component of those industries’ pursuit of operational excellence, particularly asset-intensive and hazardous industries. With COVID-19 upending virtually every business in 2020, ORM needs to become a core competency of any business. The new operational risks that the coronavirus is introducing into every aspect of business necessitates that organizations invest in ensuring they understand and can effectively execute ORM. For some industries, such as the energy sector, the additional economic challenges that started even before COVID-19 will further increase the urgency to manage risk.
Until COVID-19 vaccines are available and herd immunity materializes, the risks are even higher. While industrial accidents are never a good thing, injuries requiring medical treatment now put workers at further risk when they seek treatment as the healthcare system represents a COVID-19 exposure risk. Likewise, an environmental incident that impacts respiratory function, either inside your plant or outside your plant might have greater impact on those individuals that either have or are susceptible to COVID-19 consequences.
Beginning the ORM Competency Journey
ORM, like any business initiative, takes time to implement and to become proficient in. Also, like any journey, it starts with the first step. A fundamental understanding of what ORM is and how it ties to operational excellence is the first step for many enterprises. For those who already are practicing ORM but recognize they need to step up their game, the next step should be getting everybody on the same ORM page by investing in an integrated ORM platform. Whether it comes from a single vendor or is put together using components from best-in-class providers is a decision that organizations must make, but regardless of their approach, setting standards and driving to transparency and commonality is key. Today the focus is on “safety” but the reality is we all need to manage risk.
You may contact the author at firstname.lastname@example.org
To learn more about Operational Sustainability LLC’s single platform and their ORM maturity model that can support your ORM efforts, visit our ORM page.