Every organization faces unexpected and harmful risks that can harm the organization but effective risk management not just helps in minimizing the potential negative consequence of risks but allows the organizations to prepare for the unexpected risks.
Risk management aims at controlling the risks in the workplace. Of course, the best way to control risk is to eliminate it completely, though it is not possible to eliminate in most of cases and there will always be some level of residual risk.
Understanding specific types of risk
Identified risk: That risk that has been determined using analytical tools including the time and costs of analysis efforts, the quality of the risk management process, and the state of the technology involved in affecting the amount of risk that can be identified.
Unidentified risk: That risk that has not yet been identified as some risks are not identifiable or measurable. Blunders in the investigations may expose some unidentified risks.
Total risk: The sum of identified and unidentified risk comprises the total risk.
Acceptable risk: The part of the identified risk that is allowed to remain after controls are implemented and determined acceptable to an individual, organization or community.
Unacceptable risk: The part of the identified risk that cannot be tolerated, but must be either eliminated or controlled.
Residual risk: The part of total risk that remains after management efforts have been employed (the remaining risk after the control measures are in place). Residual risk comprises acceptable risk and unidentified risk.
Residual risk - the inherent risk in all organizational activities.
The presence of residual risks means that they cannot be eliminated. Consequently, strategies need to be employed to manage inherent danger, and workers need to be more vigilant because of it. Just as we can’t eliminate the risk of tripping on stairs or else we can’t remove all the stairs in the world. By replacing those with ramps could also lead to trips because the floor level rises. Even if we try to get rid of all stairs and ramps, and only had level flooring but still people could trip over their shoelaces and finally if we would remove shoelaces, but then also they could trip when their loose shoe falls down. So, if it’s noticed in some cases, removing one risk can instigate others.
Understanding residual risks
Residual risk can be studied with another example of the ladder. Ladders are not actually a working platform, and are not designed for work at height. They don't have full edge protection, and it is not much safe to climb a ladder and carry out tasks safely. However, for some short-duration work, it may not be possible, or practical, to bring in other equipment like scaffolding to change a light bulb or fit something. So yes, there is a residual risk while using a ladder and thereby the risk should be assessed if it is as low as is reasonable for that task ( ALARP Principle).
The general formula to calculate it is:
Residual risk = Inherent risk – Impact of control
Let us now understand the parameters in the formula:
- Inherent risk: The amount of risk that exists in the absence of controls or when other mitigating factors are not in place. It is also known as the gross risk or risk before controls.
- Impact of risk controls: The amount of risk eliminated, mitigated or limited by taking internal or external risk controls.
If we consider any task in the workplace, we find that some risks are just unavoidable despite of the controls in place. The key is, reducing risk as much as is reasonable and made acceptable. Controlling risks so that the residual risk remains low and is unlikely anyone would be harmed as this could be an acceptable level of residual risk (based on the ALARP principle). To control residual risk to its lowest achievable level, the best control measures must be chosen for the task. Note that if the residual risk is high, perhaps ALARP has not been achieved. Make certain that residual risk is communicated to the workforce and checked whether the planned treatment is sufficient.
Managing residual risk
1. When the level of risks is below the acceptable level, no action is needed.
2. When the level of risks is above the acceptable level, new ways to mitigate those risks shall be employed.
3. When the level of risks is above the acceptable level and the costs of decreasing such risks would be higher than the impact itself, then it is necessary to propose to the management to accept these high risks.
Residual risk can be managed by following any of these strategies
- Reduce it,
- Avoid it,
- Accept it, or
- Transfer it.
Since residual risk is often unknown, most of organizations choose either to accept or transfer it.
Avoid the Risk
If the organization is not ready to consider the residual risk or is willing to invest more budgets to lower the amount of risk, it should decide on any measures in order to eliminate any possible risks.
Reduce the Risk
When the residual risk is unacceptable other potential mitigating risk-reduction measures shall be taken into account such that new measures like employing more advanced and powerful firewall, sophisticated tools, or implementing more complicated multiple-factor authentication measures.
Transfer the Risk
Risk transfer refers to a technique in which risk is transferred to a third party. In other words, risk transfer is a technique where the potential loss from an adverse outcome faced by an individual organization or entity is shifted to a third party. Purchasing insurance is a good example of transferring risk from an organization to an insurance company where the financial risks are shifted to the insurance company. Insurance companies accept such risks by typically charging a fee – an insurance premium from the entity.
Accept the Risk
In some cases, the management decides that the best course of action is to accept the risk, thereby putting no effort to reduce or mitigate it. Organizations accept that the potential loss from the identified and accepted risk is considered bearable.
In today’s world, it’s always necessary to find better means to mitigate the risks, by reassessing the residual risk, by continuous monitoring and by calculating the risk levels and tolerance.
1 comment:
The concept of residual risk is new of its kind.
It is some times residual risks are inevitable due to various reasons.
We need to manage with risks and we can not remove them completely
The article is informative and educative for safety professionals and common
People. The article is superb.
Post a Comment