Businesses of all types are being transformed by technology, and so are the many kinds of workplaces that support their operations. Changing business strategies and increased productivity lead to rapid changes in process, which often means that executives lack a full understanding of the impact on the health and safety of employees and third parties. Workplace health and safety risks are among the most critical to address, as they can result directly in loss of life and limb—not to mention chronic injury and illness, work stoppage, lawsuits, and damage to brand reputation.
Traditionally, workplace health and safety matters have been addressed by dedicated safety teams working apart from the business, and risk management teams relying on spreadsheets, checklists, and incident reports as tools of the trade. As the number and interdependence of risk factors increases, this is no longer a sustainable approach—the cost of managing each regulation, requirement, change, or incident out of siloed programs will continue to rise, while effectiveness erodes.
The growing influence of international standards for risk management (e.g., ISO 31000, ISO 9001 and ISO 45001), and emphasis on integrated risk management as a key factor in cultivating business resiliency have created prime opportunities for workplace safety professionals to raise awareness of their role in risk management and of the impacts of accidents. With the right processes and technology, safety professionals can help protect their organizations from a range of negative outcomes from employee absences to insurance premium increases to fines and lawsuits.
With this in mind, health and safety leaders, C-level executives, and boards should be incorporating workforce well-being into strategic planning, corporate responsibility programs, and risk maturity initiatives across the enterprise. Governance, risk management, and compliance (GRC) efforts are not abstract—they are interrelated, and each function can be made stronger when addressed holistically. Carrying out integrated GRC initiatives (including health and safety programs) involves orchestrating and centralizing numerous interdependent policies, processes, and reports.
Integrated risk management should raise continuous, data-driven improvement of health and safety measures to the same level as other operational risk measures (e.g., cyber security, outsourcing, fraud prevention). Supporting these efforts with a systematic and streamlined process and toolset for documentation, tracking, training, reporting, and analysis is fundamental to incorporating them throughout the enterprise.
Integrated risk management processes help organizations foster accountability and collaboration, form a clear and complete picture of risk, cover compliance obligations more efficiently, reduce safety and health incidents, and improve incident response. The longer problems remain unaddressed, the greater the liability and risk exposure. Ineffective responses to workplace health and safety issues can lead to repeat accidents, illnesses, absences, loss of productivity, higher fines, higher insurance premiums and increased scrutiny from regulators and business partners. The GRC processes that need to be optimized include: performing risk analysis and business impact analysis; maintaining and reviewing process and safety documentation; investigating and reporting on accidents, injuries, illnesses and near misses; analyzing injuries and issues by site to pinpoint and measure risk; automating generation of incident forms for outside agencies (e.g., OSHA and HSE); executing job hazard analyses; managing site inspections and remediation actions; and ensuring employees are aware of safety processes.
There are few excuses for the blind spots that lead to major workplace health and safety issues. If we integrate policies and controls with processes and systems across the enterprise, we can gather and analyze metrics on just about every aspect of operations, as well as incorporating employee input and best practice guidelines. GRC technology solutions that include a health and safety component can help automate and bring a new level of intelligence to the associated risk analysis.
Enterprise-wide data integration enables predictive analytics capabilities, making it possible to identify health and safety issues and communicate them to executive decision-makers before they turn into incidents and losses for the company. Data captured during risk or safety assessments, and investigations into near misses and incidents generates insights to be incorporated into safety protocols and job training. The same types of analyses can be applied to vendor and supply chain management to improve health and safety outcomes throughout the value chain.
Data-driven safety programs should also include mechanisms for gathering input and feedback from the workforce. Whistleblower capabilities, responsive communications, and reliable procedures for following up after an incident or near-miss cultivate a safety-first environment. The ability to reassure workers that their wellbeing is a management priority positively impacts everything from recruitment and retention to incident rates, productivity, and corporate reputation.
Organizations cannot reach a mature, effective level of risk management without incorporating health and safety into their operational risk programs. An informed and comprehensive view of risk leaves enterprises better prepared for planned growth as well as unexpected opportunities and challenges. To strengthen business resiliency and sustain competitive advantage, executives must prioritize the continuous monitoring of health and safety risk and compliance across all business units, partners, and vendors. Mature risk management not only saves lives, but also lowers insurance costs, increases productivity and protects the sizable investments companies make in acquiring, training, and retaining their workforce.