Better Workplace Safety with a Streamlined Approach to GRC
Health and safety risks can be debilitating to an organization, yet they frequently take a back seat in business strategies and budgets. Resource-constrained risk managers are tasked with managing not only multiple OSHA requirements across various operational units, but also with passing site inspections and completing remediation activities. To complicate this, health and safety risks often still operate in a silo, where functions like investigating and reporting on accidents, injuries and illnesses are often duplicated by different departments that have minimal to no communication with one another. This means that risk managers, who are also responsible for integrating enterprise-wide risk into strategic planning activities, should be spending less time filling out OSHA forms and more time fostering visibility into health and safety risks within the context of the enterprise. In this article, LockPath’s Sam Abadir explains why it is critical to view risks associated with health and safety within the context of an organization’s overall risk posture.
Businesses of all types are being transformed by technology, and so are the many kinds of workplaces that support their operations. Changing business strategies and increased productivity lead to rapid changes in process, which often means that executives lack a full understanding of the impact on the health and safety of employees and third parties. Workplace health and safety risks are among the most critical to address, as they can result directly in loss of life and limb — not to mention chronic injury and illness, work stoppage, lawsuits and damage to brand reputation.
Traditionally, workplace health and safety matters have been addressed by dedicated safety teams working apart from the business, and risk management teams relying on spreadsheets, checklists and incident reports as tools of the trade. As the number and interdependence of risk factors increases, this is no longer a sustainable approach — the cost of managing each regulation, requirement, change or incident out of siloed programs will continue to rise while effectiveness erodes.
The growing influence of international standards for risk management (e.g., ISO 31000, ISO 9001 and ISO 45001) and emphasis on integrated risk management as a key factor in cultivating business resiliency have created prime opportunities for workplace safety professionals to raise awareness of their role in risk management and of the impacts of accidents. With the right processes and technology, safety professionals can help protect their organizations from a range of negative outcomes, from employee absences to insurance premium increases to fines and lawsuits.
With this in mind, health and safety leaders, C-level executives and boards should be incorporating workforce well-being into strategic planning, corporate responsibility programs and risk maturity initiatives across the enterprise. Governance, risk management and compliance (GRC) efforts are not abstract – they are interrelated, and each function can be made stronger when addressed holistically. Carrying out integrated GRC initiatives (including health and safety programs) involves orchestrating and centralizing numerous interdependent policies, processes and reports.
Integrated risk management should raise continuous, data-driven improvement of health and safety measures to the same level as other operational risk measures (e.g., cybersecurity, outsourcing, fraud prevention). Supporting these efforts with a systematic and streamlined process and toolset for documentation, tracking, training, reporting and analysis is fundamental to incorporating them throughout the enterprise.
Integrated risk management processes help organizations foster accountability and collaboration, form a clear and complete picture of risk, cover compliance obligations more efficiently, reduce safety and health incidents and improve incident response. The longer problems remain unaddressed, the greater the liability and risk exposure. Ineffective responses to workplace health and safety issues can lead to repeat accidents, illnesses, absences, loss of productivity, higher fines, higher insurance premiums and increased scrutiny from regulators and business partners. The GRC processes that need to be optimized include: performing risk analysis and business impact analysis; maintaining and reviewing process and safety documentation; investigating and reporting on accidents, injuries, illnesses and near misses; analyzing injuries and issues by site to pinpoint and measure risk; automating generation of incident forms for outside agencies (e.g., OSHA and HSE); executing job hazard analyses; managing site inspections and remediation actions; and ensuring employees are aware of safety processes.
There are few excuses for the blind spots that lead to major workplace health and safety issues. If we integrate policies and controls with processes and systems across the enterprise, we can gather and analyze metrics on just about every aspect of operations, as well as incorporating employee input and best practice guidelines. GRC technology solutions that include a health and safety component can help automate and bring a new level of intelligence to the associated risk analysis.
Enterprise-wide data integration enables predictive analytics capabilities, making it possible to identify health and safety issues and communicate them to executive decision-makers before they turn into incidents and losses for the company. Data captured during risk or safety assessments, and investigations into near-misses and incidents generate insights to be incorporated into safety protocols and job training. The same types of analyses can be applied to vendor and supply chain management to improve health and safety outcomes throughout the value chain.
Data-driven safety programs should also include mechanisms for gathering input and feedback from the workforce. Whistleblower capabilities, responsive communications and reliable procedures for following up after an incident or near-miss cultivate a safety-first environment. The ability to reassure workers that their well-being is a management priority positively impacts everything from recruitment and retention to incident rates, productivity and corporate reputation.
Organizations cannot reach a mature, effective level of risk management without incorporating health and safety into their operational risk programs. An informed and comprehensive view of risk leaves enterprises better prepared for planned growth as well as unexpected opportunities and challenges. To strengthen business resiliency and sustain competitive advantage, executives must prioritize the continuous monitoring of health and safety risk and compliance across all business units, partners and vendors. Mature risk management not only saves lives, but also lowers insurance costs, increases productivity and protects the sizable investments companies make in acquiring, training and retaining their workforce.
Sam Abadir is Vice President of Industry Solutions at 
