1 / 72

Operational Risk Management

Operational Risk Management. CAP Approach. Top-down leader backing Decentralized implementation Moderate implementation tempo Safety lead role for cross-functional implementation. CAP ORM Vision.

jaden
Download Presentation

Operational Risk Management

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Operational Risk Management

  2. CAP Approach • Top-down leader backing • Decentralized implementation • Moderate implementation tempo • Safety lead role for cross-functional implementation

  3. CAP ORM Vision “Create a Civil Air Patrol in which all personnel manage risk such that all operations are successfully completed at the least possible cost.”

  4. CAP ORM Mission “Enhance mission effectiveness at all levels while minimizing risk.”

  5. The CAP ORM Concept • All are responsible for using ORM. • Risk is inherent in all operations. • Risk can be controlled.

  6. The Compliance Culture • My job is to comply with the standard. • I am told what the standard is. • If I am not told, I don’t usually act. • When I am given a standard, the standard is my objective. • When I meet a standard, that’s it.

  7. The Performance Culture • My job is to optimize risk - to perform. • I’m given a standard, but that is only a baseline. I use ORM to exceed it. • Standards are only a start point. • Meeting a standard means little. I continuously improve.

  8. ORM Principles • Accept no unnecessary risks. • Make risk decisions at the appropriate level. • Accept risks when benefits outweigh costs. • Integrate ORM into doctrine and planning at all levels.

  9. Accept no unnecessary risk • What are the three main reasons that “unnecessary risks” are sometimes taken? • How can the taking of unnecessary risks be minimized? • Corollary is “Accept Necessary Risk”.

  10. Three reasons for taking unnecessary risks • #1 - Not aware of the risk. • #2 - An incorrect assessment of cost versus benefit. • #3 - Interpreting “bold risk taking” to mean gambling.

  11. Procedures for minimizing the taking of unnecessary risk • Improve hazard detection procedures and awareness of risks. • Improve risk decision making skills at all levels of the organization. • Train personnel at all levels regarding the risk management “credo” not“Mission accomplishment at any cost”, but “Mission accomplishment at the least cost.”

  12. Make risk decision at the appropriate level • What is the “appropriate” level? • How do field leaders know if they are the appropriate level? • Is the appropriate level a constant or does it change?

  13. Finding the appropriate level • Who will answer in the event of an accident? • Who is the senior person at the operational scene? • Who possesses best insight into the full benefits and costs of a risk? • Who has the resources to mitigate the risk? • What level makes the most operational sense? • What level makes these types of decisions in other operational activities?

  14. THE MAKING OF IMPORTANT RISK DECISIONS SHOULD BE PREPLANNED WHENEVER POSSIBLE

  15. ACCEPT RISKS WHEN BENEFITS OUTWEIGH COSTS

  16. What happens when organizations stop taking risks? It becomes “bureaucratized” WEBSTER: “BUREAUCRACY: A system of administration characterized by lack of initiative and flexibility, by indifference to human needs or public opinion, and by a tendency to defer decisions to superiors or to impede action with red tape.” • It loses its competitive position. • Innovation is minimized. • It becomes reactive to events. • Morale and esprit decline.

  17. The ORM 6 - Step Process 1. Identify the Hazards 6. Supervise and Review 2. Assess the Risks 5. Risk Control Implementation 3. Analyze Risk Control Measures 4. Make Control Decisions

  18. Using the ORM process • Apply the steps in sequence. • Maintain balance in the process. • Apply the process as a cycle. • Involve people fully.

  19. 1. Identify the Hazards 6. Supervise and Review 2. Assess the Risks 5. Risk Control Implementation 3. Analyze Risk Control Measures 4. Make Control Decisions STEP 1“HAZARD ID” Hazard: Any real or potential condition that can cause mission degradation, injury, illness, or death to personnel or damage to or loss of equipment or property.

  20. OVERALL MISSION Focus on the critical components of the mission. They will be primary targets for Hazard ID. MISSION TASK ANALYSISAction 1 What is at risk?

  21. Watch for issues between phases, at the interfaces. OPERATION ALPHA 1 2 3 4 5 6 PHASES START FINISH RISK LEVELS H L H M EH M USING AN OPERATIONS FLOW OR TIMELINE TO IDENTIFY HAZARDS

  22. FINDING THEIMPORTANT TARGETS • Review the mission statement. • Focus on key capabilities and the associated equipment. • Look at past patterns of mishaps to detect high impact issues. • Ask operational personnel what is important. • Use the timeline.

  23. LIST HAZARDSAction 2 • Sources of Information • The 7 Primary Hazard ID Tools

  24. BASIC SOURCES • There are three basic sources: - Experts and References - Traditional Techniques - (Inspections, Mishap Reports, Interviews, Audits) - Hazard Analysis Tools

  25. SOURCES AT UNIT • Unit personnel • A lessons learned database or file • A safety survey and/or fire inspection hazard inventory • An inventory of hazardous materials with locations • Mishap reports and Annual Mishap Analyses

  26. PRIMARY HAZARD IDENTIFICATION TOOLS • Operations Analysis • Preliminary Hazard Analysis • What If Tool • Scenario Process Tool • Logic Diagrams • Change Analysis • Cause and Effect Tool (See tutorial or AFPAM91-215 for more detail)

  27. LIST CAUSESAction 3 Use the 5M model to detect root (systemic) cause factors. Man root causes - Doesn’t know - Training, Doesn’t care - Motivation, Can’t do - Selection. Machine - Poor design, faulty maintenance, procedures. Media - Weak facility design, lack of provisions for natural phenomena. Management - Inadequate procedures, standards and controls. Mission - Poorly developed, weak understanding, incompatibilities.

  28. RISK ASSESSMENT 1. Identify the Hazards 6. Supervise and Review 2. Assess the Risks 5. Risk Control Implementation 3. Analyze Risk Control Measures 4. Make Control Decisions The Process which associates “hazards” with “risks”.

  29. Action 4: Complete assessment Action 3: Assess mission impact Action 1: Assess hazard exposure Action 2: Assess hazard severity ASSESS THE RISK

  30. HAZARD VERSUS RISK A description of a condition that can impair mission accomplishment. No indication of its mission significance. HAZARD A hazard for which we have estimated the severity, probability, and scope with which it can impact our mission. RISK

  31. EXPOSURE Action 1 Expressed in terms of time, proximity, volume, or repetition.

  32. SEVERITYAction 2 • What impact on mission? • What impact on people? • What impact on things (materiel, facilities, environment)?

  33. SEVERITY CATEGORIES CATASTROPHIC - Complete mission failure, death, or loss of system CRITICAL - Major mission degradation, severe injury, occupational illness, or major system damage MODERATE - Minor mission degradation, injury, minor occupational illness, or minor system damage NEGLIGIBLE - Less than minor mission degradation, injury, occupational illness or minor system damage

  34. PROBABILITYAction 3 • Use the cumulative probability of all causation factors. • Express in descriptive or quantitative terms. • Use experience data when possible. • Acknowledge uncertainty.

  35. PROBABILITY CATEGORIES • Frequent • Likely • Occasional • Seldom • Unlikely

  36. THE RISK ASSESSMENT INDEX Probability Frequent Likely Occasional Seldom Unlikely A B C D E S Extremely I Catastrophic E V II High Critical High High E R III Moderate Medium I T Low IV Negligible Y Risk Levels

  37. ASSESSMENT PITFALLS • Over-optimism • Misrepresentation • Alarmism • Indiscrimination • Prejudice • Inaccuracy

  38. THE RISK TOTEM POLE Biggest hazard By ranking the hazards, we can work them on a worst first basis. This is vital because risk control resources are always limited and should be directed at the big problems first to assure maximum bang for the buck. Least hazard worthy of action

  39. THE TOTEM POLE DEMOCRACY MOVEMENT In the fully mature ORM world, every individual benefits from the knowledge of the priority of hazards (totem pole) that exist in their life. A key obligation of leaders is to see that their subordinates possess this knowledge . Traditional RM - Personnel can’t name or prioritize hazards -- can only name generic hazards. ORM - Personnel can name and prioritize RISKS that impact them and their mission.

  40. 1. Identify the Hazards 6. Supervise and Review 5. Risk Control Implementation 4. Make Control Decisions 3. Analyze Risk Control Measures ANALYZE RISK CONTROL MEASURES 2. Assess the Risks

  41. ANALYZE RISK CONTROL MEASURES Action 3: Prioritize risk control measures Action 1: Identify control options Action 2: Determine control effects

  42. IDENTIFY CONTROL OPTIONS Action 1 • Tools Available: • The Major Risk Control Options • Risk Control Options Matrix

  43. MAJOR CONTROL OPTIONS • Reject • Avoid • Delay • Transfer • Spread • Compensate • Reduce

  44. CONTROL OPTIONS MATRIX • Engineer • Guard • Improve Task Design • Limit Exposure • Selection of Personnel • Train and Educate • Warn • Motivate • Reduce Effects • Rehabilitate

  45. DETERMINE CONTROL EFFECTS Action 2 • What is the impact on probability? • What is the impact on severity? • What will the risk control cost? • How will various risk control options work together?

  46. CONSIDERATIONS IN CONTROL EFFECTS • Some risk controls impede each other. Example: Security and Safety • Some risk controls reinforce each other. Example: Training & Motivation • When cost effective, use risk controls in depth. • Be sure to evaluate the full costs.

  47. PRIORITIZE RISK CONTROL MEASURES Action 3 • Get operator input. • Focus risk controls where they have maximum impact. • Benchmark already existing risk controls.

  48. MAKE CONTROL DECISIONS 1. Identify the Hazards 6. Supervise and Review 2. Assess the Risks 5. Risk Control Implementation 3. Analyze Risk Control Measures 4. Make Control Decisions

  49. MAKE CONTROL DECISIONS Action 1: Select Risk Controls Action 2: Make Risk Decision

  50. SELECT RISK CONTROLS Action 1 SOME IMPORTANT DECISION MAKING CONSIDERATIONS • Make decisions at the right time. • Make decisions at the right level. • Always make the mission supportive risk decision

More Related