5 Easy Steps to Begin Implementing a Risk-Based Approach to Occupational Safety: An Interview with Pam Walaski


Risk-Based Safety Management Image

In an earlier interview, Pam Walaski gave us an introduction to Systems Thinking, Risk Management, and Safety Management Systems. If you haven't seen that one, we recommend you check it out either before or after reading this article.

And in this article, we're excited because Pam has agreed to come back and continue the conversation, giving us 5 easy tips to follow to begin making the change from a compliance-based OSH strategy to a risk-based OSH strategy.

This should be a very helpful article for occupational safety and health managers and professionals who are looking to take those first steps toward a systems that's less focus on purely compliance and more focused on risk and risk management.

We've got an audio recording of the discussion immediately below. If you'd prefer to read instead of listen, just click the MORE button to see the transcript. Also, feel free to download the free guide to risk-based approaches to occupational safety and health management at the bottom of this article.


Implementing Risk Management for Occupational Safety

Convergence Training: Hi, everybody! This is Jeff Dalto of Convergence Training. This is part of a Convergence Training webcast series we've been doing on issues related to safety, training, and safety training. And we've got a special guest today, one who has been with us in the past. It's Pam Walaski of GAI Consultants, so my first tip to you is if you have not yet heard the earlier podcast with Pam talking about moving from compliance-based safety systems to systems that incorporate systems thinking, risk thinking, and safety management, you should definitely check that out, and we'll include a link to get you from here to there.

But today she's going to be giving some really practical tips about how to implement that at work. She's going to give us five tips about how to start this up.

So with that, let me say hello and welcome to Pam, and of course hi to everyone out there, and Pam, how are you doing today?

Pam Walaski: I'm great, Jeff, how are you?

Convergence Training: I am well, thank you. Thanks again for coming onboard and talking with us about this. We had a lot of great reaction to the first time around, so we're excited you're going to give us some practical tips.

Before we get into that, for people who are new to this webcast series or who are new to you, can you tell us who you are and what you do and why we should find your thoughts on this interesting?

Pam Walaski: OK. So, as you mentioned, I work for an engineering firm called GAI Consultants. We do environmental, energy-based engineering and construction work. We're based in Pittsburgh, PA, which is where I'm sitting right now at our headquarters office, but we have about 20 offices, primarily throughout the eastern part of the United States, from Green Bay, WI to Palm Beach Gardens, FL. We have lots of engineers, we have lots of field staff who are out doing wetlands delineation and species habitation surveys and monitoring construction of roads and bridges, and also we do a lot of support for a number of other energy clients.

I'm the health and safety director here, so my responsibility is our staff, about 1,000 of them as I said, and anywhere from 300-400 of them are out in the field every day, and those are the ones that I primarily pay attention to. I've been in occupational health and safety for about 25 years now, I've had a variety of different positions with a variety of different companies. Primarily, as I've worked over the years, I've gone from sort of a standard kind of health and safety commodity work to more systems thinking and risk management work.

I'm also fairly actively involved with the American Society of Safety Professionals, which is a big group that has most of the occupational safety and health folks involved. I'm currently serving a three-year term as an at-large member of the Board of Directors, and that just started in July, so that's very exciting. I get to participate in sort of helping to shape and form some of the organizational activities for the next couple of years. And that's me.

Convergence Training: Hey, that's great. I didn't know that about the Board of Directors, congratulations!

Pam Walaski: Yeah, thank you. It's a very exciting time for the organization and I'm really looking forward to the next three years.

Convergence Training: Well, speaking of the ASSP, just to toot your horn one last time before we get into our questions, Pam frequently writes for the ASSP's Professional Safety magazine, that's where I first came across Pam in a really excellent article on issues related to today's conversation, and also speaks at a lot of ASSP conferences and other things, so look for Pam in safety journals and at safety conferences and that will be worth your time.

Alright, so let's get right it. Pam, if this whole webinar is about moving away from compliance-based safety and into risk-based safety, maybe you could tell us what you mean by compliance and risk, and why one would move from compliance-based to risk-based safety management?

What Does It Mean to Be Compliance-Based or Risk-Based in Safety?

Pam Walaski: Sure. So, just to sort of recap that conversation we had before, a compliance-based focus is where we take a regulation and we read what it says we're supposed to do and then we do it. And so it's kind of a line-by-line, regulation-by-regulation approach to developing workplace health and safety programs. For most of us, it's OSHA. Some of us also have responsibilities for environmental things, so we're paying attention to the EPA, some of us have responsibilities for transportation, so we may be aware of what DOT says--those kinds of things.

Risk-based approaches are approaches that focus our energy on the risk of the tasks that we do and a constant and continuous drive to reduce the risk of our tasks to the lowest, most acceptable level for our organization.

When we rely on compliance and regulations, we end up in a couple of different problems situations. The first one is that regulations don't change very quickly. And so when new and different thinking comes on the horizon, those regulations don't often catch up with it. So if you rely only on regulations to base our programs, we're not really looking at newer thinking.

The second problem is that compliance has always only been intended to be the ground floor, the basic. And so if you're complying with what the regulations say, that's not really saying much about your organization.

And then the third one is the notion of a regulation being a stand-alone requirement. There's no systems basis to it. You may have a confined space entry program, or a PPE program, or a fall protection program, but when you have tasks that involve confined space and heights and PPE all at the same time, you now have three different documents that you have to manipulate to work on that particular task. So the important thing about systems-based or risk-based safety is that it's designed to work together, and that everything kind of smoothly and seamlessly overlaps and moves back and forth.

So that's kind of what we're talking about when we talk about risk-based or management-based approaches to occupational health and safety.

Convergence Training: Great, and before we move forward, just in case anyone out there has some warning lights flashing red in their head at this point, picking up stuff I've read from you in the past, you're not arguing to ignore compliance, and what you're saying is that compliance will come as a side-effect of the safety management, is that correct?

Pam Walaski: Sure. So if you think about fall protection, and you think about what OSHA says you should do in terms of fall protection, if you are doing a risk-based approach, you are going to be working on getting workers working at the lowest possible level, or designing out systems where they don't have to work at heights at all, and if they have to work at heights, you are going to make sure that they are wearing the proper systems and everything works together.

So, as you say, doing a risk- or systems-based approach to safety ends up complying with most regulatory frameworks anyway. Except for the things that don't have to d with risk, like posting the OSHA poster, the Recordkeeping Standard--those kind of things that aren't tied as directly to risk but still need to be done.

Implementing Risk-Based Safety Management One Bite at a Time

Convergence Training: Good addition. So, you've been kind enough to agree to come in and give us a five-step road map for implementing risk-based safety and health management systems. And I wonder if, before you dig into each of those steps in detail, if you could give us a bird's-eye view and a road map of that process.

Pam Walaski: The process of moving from one system to another is what you're asking? So, sometimes that feels very overwhelming. You sit down and think about where you might be now in your organization versus where you think some other organizations who are doing this now are, you can look at that gap between the two and it seems insurmountable.

But if you think of that adage about "how do you eat an elephant?," that's usually the way I try to get people to think about it. You eat an elephant one bite at a time. And while it may be overwhelming and impossible to eat an elephant, any major initiative or project (or eating an elephant) can be broken down into manageable pieces or bites. And once you start to do that, you can find that path forward. It's like any other large project, when you begin to break it out into individual tasks and create a plan for yourself, that's how you get to that point.

Each step may not be consequential, and at first they are baby steps and little things. But you get closer and closer and closer. And at the same time as you begin to do that, I think you begin to create a momentum that gets you to the place where you're ready to turn that ship in a different direction. So that's the way I like to think about making these types of changes.

The first bigger, overarching change that I think we have to make has to do with some of the paradigms or some of the paradigms. Most particularly, the one that told us that if we reduce the frequency of incidents, we would reduce the severity of them as well. And we know now from data, from looking at incident reviews and other kinds of data that is out there, that that really isn't true. We know there's a percentage of all incidents that have a potential to be a severe incident--a serious injury, a fatality, major property damage, or whatever factor you might want to think about. And so we need to rethink that and come up with a different way to approach it, and a risk-based approach allows you to begin to look at severity first, rather than frequency, by looking at higher-risk tasks first.

One way to do that is to look at those kinds of precursor situations and causes that are unique to your organization. Every organization has them--you need to figure out what they are. We need to get ourselves away from chasing those kind of trivial situations, elevating the trivial near-misses where we spend hours and hours of time looking at all of our near-miss reports and trying to investigate each and every single one of them. We need to really look at those near-miss reports and say "Which one of these had the potential to cause a serious injury or fatality?", and that's the one that we want to focus our time on, and shift ourselves to those kind of incidents, those kind of tasks, those kind of hazard assessments. And again, it's going to be unique to your organization. We'll talk some more as we go through our time together about how to begin to make that shift and to identify those.

But like the OSHA parallel that we were just talking about, we are not talking about ignoring minor injuries or first aid cases. We are not saying we don't care if somebody has a minor recordable or has a minor injury that doesn't result in lost time. But we have to start somewhere, and so back to the elephant analogy, we can't keep doing the things that we have been doing, so we have to begin in a different place.

And similarly, I think, when we begin to really attack the kind of situations that have the potential to cause a SIF (serious injury and fatality) or FSI (fatality and serious injury) or whatever acronym you choose to use, we can then turn our attention to less-serious incidents, and in the same time I think the cascade effect of the risk-based approach will also have a natural effect of reducing those other kind of non-serious injuries and first-aid cases as well.

Convergence Training: OK, that's a nice way to look at a couple of things. One is the move from Heinrich's Pyramid or Heinrich's Safety Pyramid, with a focus on minor issues in the hopes that doing so will prevent serious incidents, and then kind of a step towards using risk-based approaches as well.

I've seen you write about a five-step process that involves:

  • Becoming the expert
  • Stop saying "OSHA says"
  • Adopting a leading metric
  • Taking a deep dive into data
  • Finding a few risk champions

Would that five-step process be a good place to begin taking a deep dive now at this point?

Step 1: Becoming an Expert in Risk Management for Occupational Safety and Health

Pam Walaski: Yeah. I think it's helpful for people to identify those baby steps and identify things they can do. So if you have nothing at all, where do you start? And these are five things that anybody, regardless of your understanding and knowledge and expertise in risk and safety management systems, these are easy things that you can begin to do right now, with limited time and limited resources, while you begin to start to each that elephant.

Convergence Training: Great. Tell us more then, if you will, about step one: becoming the expert.

Pam Walaski: If your familiarity is with OSHA regulations, you may be a real expert in them. You can spout of the number and citation and all of those wonderful things that are in there. So what I'm asking you to do is to do the same thing with the various voluntary consensus standards that are out there, and become that kind of expert on them.

Unfortunately, they're not available like the OSHA standards are by going to OSHA.gov. You have to buy them--they're available for purchase. ASSP obviously is one organization that sells them, but other organizations do as well, depending upon who published them. So you've got to buy them and you've got to read them. And not just the standard itself, because I think you'll see once you start to get familiar with them, the standards are not prescriptive at all, they're not going to tell you how to do things, they're going to give you an end point and tell you "this is where you need to be." So the standard itself is a pretty brief part of the document--it may only take a couple of brief pages to talk about one particular aspect of the standard. Each one of them has addenda at the end of the standard that is designed to give you guidance or explore a particular issue. They may provide you wish resources like a risk management report format or a management of change policy. And those are all samples that you can take and adopt or manipulate to meet your organization's needs. They have commentaries that allow you to explore the sections and resources that include things like books and websites and articles and other kinds of things.

So, once you think of the individual standard as kind of like a "hub," the "spokes" off of that standard are all kind of different things that you can begin to take a look at as you begin to deepen your understanding of one particular standard or one particular issue. It may take you a while, but you've just got to jump in there with both feet and start getting yourself really deep into those and start looking around. And then your natural curiosity is going to take you other places as well.

[In terms of the specific standards], the biggest one in Risk Management is the ANSI/ASSP Z690 series of standards, and there is the ISO version of them as well, and there are three of them. Z690.1, which is also ISO guide 73, and that's the vocabulary for risk management; Z690.2, the ISO version is ISO 31000, and that's the principles and guidelines behind risk management; and then Z690.3, or ISO 31010, which is the techniques (of risk management), and that's a description of the different risk tools that are available to you.

Side note: Here's a good intro to Risk Management and Safety for you.

In addition to that, and built into the the safety management piece would be either ANSI/ASSP Z10, which is the North American version of an occupational safety and health management standard, or the recently published ISO 45001, which is more geared toward organizations that want a global standard or may want to be certified by ISO for their safety management system.

Side note: See these articles for more on ANSI Z10 and ISO 45001.

And then last but not least is ANSI/ASSP Z590.3, which is prevention through design. And the importance of that particular standard is that if you're really serious about reducing the risk of your organization's tasks and activities, you're going to have to focus on higher-level controls, which means getting away from PPE and training and administrative practices. And prevention through design gives you a road map for how to get to that process, so that's a good one to tuck into your back pocket as well.

Convergence Training: Great, thanks. That's a good list. So we've got Z690 for risk, Z10 and ISO 45001 for safety management, and Z590.3 for prevention through design. And I really liked that you mentioned the appendices or annexes of these standards. I am working on the ANSI/ASSP Z490.2 standard myself, and by far my favorite part is the annexes, and that was true with Z10, I thought the Z10 annexes were really helpful. And I think the other thing I'd remind people out there is that you should get these standards for sure, and you should read them for sure. But there are other places to learn as well, including from people like Pam, and Pam, I am sure that you could tell me if I'm right or wrong that places like the ASSP offer continuing education on topics like risk as well. Is that true?

Side note: Read this overview of the in-progress Z490.2 and its appendices.

Pam Walaski: Sure. ASSP offers certificates in risk assessment and a certificate in ISO 45001. They offer global training certificates and a whole variety of training resources if you want to deepen your expertise and your resume if you will on those topics kinds of things.

I'll also mention I spend a fair amount of time on LinkedIn. I know a lot of people have developed profiles and then never gone back because they think it's not the greatest place in the world. But if you're very targeted about who you follow and what you do, I think there are some really good resources there. For example, I follow a group called ISO 31000 Risk Management Standards. And that group is a very active group. There are threads that are being added to every day, there are new things being posted there every day, there a lot of good things there. There's another good group there called Safety Differently, which I think you're familiar with as well, and it focuses on some of the work Sydney Dekker started years and years ago. It's great because a lot of the articles, discussions, and postings there really get you to think about safety differently, and to me that begins to broaden your thinking processes and your approaches and gets you chewing on some of that new and different stuff.

I also like to pay attention to some people like Ron Gantt, who I know you know; there's a Dutch gentleman Carsten Busch who writes some really interesting things; Todd Conklin is a great guy to really get you thinking and wondering if maybe you really need to rethink your philosophy, he really gives you some clear understanding of that. And I also follow an organization called Krause-Bell Group, which is Tom Krause's consulting group, he partnered up with Kristen Bell, and they do some interesting content as well.

So LinkedIn can be a really good resource if you pay attention to certain people and to certain groups. It can give you a lot of good information.

And the last thing I always tell people is that when you go to conferences, speakers are generally always happy to chat with you after the session. Seek them out, ask them a question, share a business card, connect after the event so that you can begin to sort of develop that network of people who have thinking around risk and safety management so that you can build on that. Those are great people to go to when you have a question, when you want to explore something in a little greater detail, that's what you need to begin to build. So become the expert, read the stuff on paper, but also get to know the experts, the people experts, and get to know them a little bit, which is an important piece of this process.

Convergence Training: Good call. There's also a nice LinkedIn group on ISO 45001, put together by Chris Ward, who helped create that standard as well.

Step 2: Stop Saying "OSHA Says"

Convergence Training: OK, so if that's how to become the expert, both on your own and also using the expert community at large, what can you tell us about step 2, stop saying "OSHA says."

Pam Walaski: Step 2 is about pivoting, and remembering and retraining ourselves to answer questions differently. If a staff person who is running a CNC machine comes up to you and wants to talk to you about a particular hazard he or she is concerned about, or a senior leader nabs you walking down the hall and wants to discuss a particular recommendation that you are making about spending some money to improve the organizational workplace safety program, we have to pivot away from OSHA regulations, we can't run to the online standards, because every time we answer that way, we perpetuate the notion that that's where the answers are. And, we have to retrain our workforce and the people we work with to think differently. And so when those kind of questions come up, we have to be prepared to talk to workers and to senior leadership and our middle leadership from a risk-based approach. We begin to talk about how to answer a question about a hazard on a machine by talking about risk, and by focusing on that factors regarding probability and severity, and helping that worker begin to address it from that perspective. Eventually, obviously, the goal is to have that worker learn how to apply those kinds of concepts on their own, so the next time they're faced with a hazard, they begin to think about a risk-based way of approaching it rather than what OSHA says about it.

Same thing about management. When you talk to them about things, when you talk about needing to spend $500,000 because OSHA says, you see their face just sort of glaze over, but when you begin to talk to them about the return of risk reduction that that particular expense will provide, and how it will get your organization to those kinds of things, they can better understand the recommendation. I have a whiteboard here in my office, and one of the things it says on that white board is "Occupational Safety and Health Risk Management IS Business Risk Management." And I think it's really helpful to remember that, because that's what our organizations are doing. The risk management approach that they're taking is no different than the risk management approach we should be taking for occupational safety and health.

Convergence Training: And I've read you speaking about that last point, and essentially I think what you're saying is that "safety" currently speaks a different language than the rest of the business organization, and if safety starts adopting risk management procedures and talking in risk language, they will align themselves with the rest of the organization. Is that correct?

Pam Walaski: Yeah, absolutely. It's already happening, and we want that seat at the table, we want to be part of the C-suite, we want to be respected--all of those kinds of things, the business case for safety, all those phrases that we have been talking about for years, I think we have a better shot of getting to those objectives by talking risk. Because that's the way our organizations run. Whether it's financial risk, or supply-chain risk, or enterprise risk management, we are part of that. And that gets us where we need to be with our organization.

Step 3: Identify and Promote One New High-Impact Leading Indicator/Metric

Convergence Training: Alright, great. Tip 2 was stop saying "OSHA says," and tip 3 is identifying and promoting one new high-impact leading metric this year. And I wonder if you could start that discussion by telling us the difference between a lagging indicator and a leading indicator, and maybe giving us an example of a leading indicator.

Pam Walaski: Sure. Lagging indicators are the ones that we are familiar with. They typically center around incidents and rates associated with incidents, so we might have a total recordable incident rate, or a days away (dart) rate, or a lost-time rate, or a severity rate. Those are the kinds of lagging indicators that are commonly used to demonstrate that we're doing well or not doing well.

Sometimes you also look at things like the number of completed inspections, like "we completed 25 inspections out of the 25 that we had to do, and isn't that wonderful," or "we had 762 near-miss reports this quarter, and our goal was 750, and isn't that wonderful?" Again, those are things that already happened. They tell us how somebody has gotten hurt. But sometimes they just tell us how lucky we were. Inspections tell us about the hazards that were there at one specific time--it doesn't tell us anything about how well our fire protection system is working, it doesn't tell us anything about how well the systems that we're focusing on are working. It doesn't mean we shouldn't be doing them, but they're not getting us to that systems-based, risk-based approach.

Leading indicators tend to look at proactive initiatives, proactive activities. And so it allows us to spend our time on moving the organization into a proactive focus rather than a reactive focus. So, some of the things that organizations might look at is not just how many near misses we had, but what we did with those near misses, how they were triaged and what kind of corrective actions came out of those near misses. We may not look at just inspections, but we might begin to track how many different findings we came up with during those inspections and what we're doing with those findings. Or how many corrective actions were closed in the time frame we identified--so we had an inspection that found five things that need to be corrected, and they were all supposed to be done in 30 days, and we then track that data to find that yes, they were all corrected. Perhaps we're looking to see if maintenance tasks were completed on time, or maybe some organizations might look at reductions in the use of PPE. That tells us we're starting to use higher-level controls to control the risk. If we had 100 people who were using respirators in 2017 and our goal is to get to 40 people by the end of 2018, we can track that kind of progress.

Side note: Read more about leading indicators for safety measurement here.

So those are leading indicators, and those are the kinds of things that we need to get our organization more focused on. The problem, of course, is that we've told everybody for many, many years that leading indicators are very, very important. We've told them that they're an indication of how safe our workplace is. And so now, if we want to get back to our senior leaders and say "You know what? They really aren't." They're not what we told them they were--you're going to get that face that we were just talking about a few minutes ago.

So I like to think about weaning an organization off of lagging indicators and moving them toward the use of leading indicators. And like eating the elephant, you can't do that all at once. But if you can say, in the next three or six months, find one leading indicator that you think is really impactful for your organization--figure out a way to create it, to track it, and then begin to promote that over the next 3, 6, or even 12 months. Everywhere you can, talk about it. If you have an intranet, make sure it's there. Incorporate in all your safety messages and meetings. People should be able to have a real good line of sight on that particular indicator, so that they begin to think about it and know it just like they know where your DART rate was and just like they know how long it's been since you had a recordable.

At the same time, I'm not saying to pull the lagging indicator out from everybody. You can certainly leave it up there. Just downplay it a little more, don't focus on it so much. If somebody asks you a question about it, answer it, but don't offer it. As your leading indicator gets more traction, then you can begin to find another one, and another one, and so you will begin to slowly move your organization to focus on leading indicators and not lagging ones.

There's another adage out there about what gets measured gets done. And if you're measuring lagging indicators, that's what people are going to focus on. And if you're measuring leading indicators, then that's what people are going to focus on.

I'm not suggesting we get rid of lagging indicators completely. At my organization, for example, our clients pay very close attention to those right now and they're benchmarks that they use to determine whether we continue to work with them or whether we respond to RFPs. So, we do have to pay attention to them, because for our organization, lagging indicators not doing well is a business risk. But there's a balance out there, so perhaps you want to have both indicators at first and work your organization toward leading indicators. And that may take several years.

Convergence Training: And I wonder if you have any guidance for a company that wants to make that first step into using leading indicators. Maybe one or a couple you might suggest, or is it such an individual, case-by-case decision that each organization will have to make that decision on their own?

Pam Walaski: It is an individual one. I think a lot of organizations do near-miss reporting in some shape or form. And so one suggestion I would have if you're doing that is, instead of just establishing some quota you're trying to achieve, focus a little  bit more on the content of those near misses, and going back to that issue of severity potential, finding those near misses and finding a way to triage those near misses and elevating those that have the potential for serious injury. And then, take a look at what comes out of that near miss--we decide we're going to do A, B, and C, and then the thing that you want to track or promote is how quickly do we correct A, B, and C. You know, maybe you an expectation that 50% of the corrective actions get closed out within the time frame identified, and that's your first start at a leading indicator. That tells you you're moving your organization forward and not backwards. So that's one example that I think is common to a lot of organizations. So that's one I would suggest you start to look at.

Convergence Training: Great. And this is not a prepared question, so if you don't have a snappy answer, feel free to say "That's very interesting, Jeff, but I don't have a prepared answer, so let's move on." I think it's important for organizations to learn, and one of the best ways to learn is from their mistakes and failures and communicating about those. And you can see there's an opportunity for that kind of thing in safety when you tell management or all employees "we've been focusing on lagging indicators and we really should not have focused on that exclusively, or we should have focused more on leading indicators." I wonder if you have any thoughts about the difficulty of owning up to, or if you have stories you may be familiar with that you can share of people doing that and having it go well.

Side note: Read more about learning and learning to learn.

Pam Walaski: I think it's fair for safety professionals to say to their organizations or their leadership "Look, we are evolving as a profession. We may have thought that this was important. But as we began to take a closer look in the past ten years, we realize that while that may have been helpful before, and it was, it's not helping us now. And if you understand the issue well enough, if you've done the research and you've done your reading, you can make a very good case for why you need to make that switch to the organization.

I don't think it does us any good to just pretend that we weren't doing it all those years, I think it's very important for us to own up to it and to say we're evolving, and to say this is what we now think is important and this is why we think this is important, and this is why I think it will help our organization. So I think that's a message you can easily develop and deliver without making it look like you were making big mistakes or you had it all wrong for so many years, because I don't think that's true, I just think we've evolved as a profession over the years, as most professions do.

Step 4: Take a Deep Dive Into Data

Convergence Training: Great. Next step, following at least partly in a logical manner from the previous step about moving from lagging to leading indicators, is to take a deep dive into the data. What do you mean by that?

Pam Walaski: We all keep all kinds of data, right? We have reports and investigations and there's just all kinds of things out there. And whether your organization has a real fancy dashboard that you use to display it, or whether you're still using things on Excel spreadsheets, or maybe not even as sophisticated as all that, we all have it. We have incident reports, we have near-miss reports, we have inspections, training sessions, JHAs, we get loss ones from our worker's comp carriers, there's internal data like that, there's external data at BLS, National Safety Council has accident stats, NIOSH has FACE reports...there's just a lot of data out there that will allow us to really take a look at our organization and begin to think about where we are and what kind of information we need to be gleaning from that. It's what's in the numbers that we need to be taking a closer look at.

So, it kind of goes back to that idea of identifying those precursors, those tasks and activities that pose the highest risk. And when we look at that data, and we can begin to pull out that top 20% if you will, and that's where we need to begin to pay attention.

We did a survey within our organization, and we looked at the past five years of incident reports--our lost-time incidents and other kinds of things. Because we were looking specifically for "Did this have the potential to be a serious injury or fatality?" And we wound up with about 16% of the incidents had that potential. So we were close to the 20%, we were a little below, but we don't do a lot of really high-hazard tasks at GAI like confined space entry or trenching and excavation, so that made sense to us. But then we said, "What did we do about those particular incidents? Did we just record them and investigate them and move on to the next one? Or did we use those incidents and investigations to make incremental, systems-based changes within our organization?" And so that's what I would suggest that organizations begin to do--don't treat all data the same, internal data and external data has the potential to provide you with the information you need. And once you find out where the highest risk are, the risks that are specific to your organization, now you are getting into a position where you're better able to manage those risk those a risk-based management process.

Convergence Training: I like the idea of looking at data as opposed to looking at your gut or whatever. I had a recent conversation with a guy you mentioned earlier, Ron Gantt, about that word data, and I used it maybe too loosely, and he was cautioning me about focusing solely on data at, I think, the risk of excluding other evidence, non-data evidence, experience and stories, and I may be able to tease more out of him on that in the future. But I love your point about using data to track and consult.

Step 5: Find a Few Risk Champions at Work

Your last point step 5, is find a few risk champions at work. We've touched on that a little before, but maybe you can give us a little additional insight into that.

Pam Walaski: Sure. If I use the term "safety champions," we all pretty much know what that means. Those are those folks in our organization who really have that passion for workplace safety. They're always willing to participate in an initiative or sit in on a committee, they are always bringing good suggestions, they're not afraid to have those difficult conversations with coworkers about something unsafe they've been doing, and they do that in a very concerning and coaching way.

There are risk champions as well, they're a similar and parallel group of people, and safety champions can also be risk champions. But they are the people who will help you approach workplace safety from a risk perspective. So you can find a professional network on LinkedIn or in conferences or your professional association, and that's great, but you need an internal network as well. Because the change you're talking about is a heavy lift, and you're not going to be able to do it by yourself. You've got to find people within your organization that you can count on to help carry the message, and to talk about risk and to talk about the kinds of changes that are being made, and to help approach that with the workforce. Because if there's just one of you or two of you, or three of you, and 5,000 of them, you need a team to help.

They may not understand risk management, but I think you probably know you can teach them that, you can help them understand those concepts, because it fits into their philosophy of work and how they approach work. So, I would say you have got to to start looking for those folks, begin to find them, and begin to work with them to get them to be your champions within the organization, so that as you begin to implement these kinds of things, you'll have some people who can help you do that.

Some of them can be workers, line staff or front-line workers, but they can also be in support roles. They can be in support roles; they can be in your supply chain process, people who understand the risks of certain products they buy. They can be in insurance, so your organization may have a risk manager whose job it is address insurance perspectives. You may have some financial people who look at risk from a financial perspective. So, all of those folks provide opportunities for you to create a team if you will, and I think that's really important for you to create a team, and the sooner you begin to do that the better.

Convergence Training: I like that idea of creating cross-departmental learning teams where you're working together on something like risk. Have you ever been a part of a cross-departmental effort like that, where you have a bit of a learning infrastructure with cross-departmental teams to learn about something, maybe like a lunch and learn or something?

Pam Walaski: We do a lot of work here at my company, in the group that I work with, which is corporate support, we have eight different directors, and it's everything communications, human resources, health and safety, project management, and we focus on team projects. Because most of the things that we do touches various parts of the organization. And so we find ourselves working in teams of 2, 3, or even all 8 of us on a particular enterprise initiative that touches a lot of different parts of the organization, and we all have a piece of that. There may be one person who's the manager of that part of the project, but we rely on one another to help implement different pieces of that project. So that happens a lot here, and I think that's a fairly common approach that a lot of different organizations who have learned to break down those silos approach projects that way.

Additional Resources for Learning More about Risk-Based Approaches to Safety Management

Convergence Training: Great. My next question for you is something we might have already covered. I was going to ask if you could recommend any resources--standards, books, websites, people--where people can learn more, and I think you've already done that well. But does anything come to mind that we have not mentioned yet that you'd recommend if someone wants to make the next step and learn even more?

Pam Walaski: Yeah, I would bring some of those back and add to it and expand on it a bit.

I think there are four people whose body of work really deserves people's attention. We talked about Carsten Busch, he's got a break book out there, it's called Safety Myths 101, it takes 101 safety myths, and when you read that book, it will challenge you to think differently about all kinds of things that you think and that you hold dear. And in fact, if you look on his website, the cover of the book says "Caution: reading this book or parts thereof may seriously harm your professional beliefs and habits." Carsten takes a really kind of tongue-in-cheek and interesting approach. He's just fund to read and to listen to, and he does does webinars and different things.

We talked about Todd Conklin. You know his Pre-Accident Investigation podcast series is based on a book which is an excellent book, and he's got some newer stuff out on workplace fatalities. He appears in lots of places, keep an eye out for him.

Obviously, Sydney Dekker, who coined the term "safety differently." He's got a lot of great books out there, he just revised his book on Just Culture, and it's on my reading list, I haven't read it yet, it just got released a couple of months ago.

And then the last one, we talked about him before, and that's Fred Manuele, who is a gentleman who has been a thought leader in our industry for a lot of years. Check out Advanced Safety Management and On the Practice of Safety, they're great books. He's very well written and published.

Then, on the other side of it, I think there are some other folks who are worth paying attention to. Bruce Lyon and Georgi Popov have been doing a lot of work on risk management, and they just published a book--ASSP published it--called Risk Management Tools for Safety Professionals. I haven't read it yet--again, it's on my reading list--but it's a really nice primer on risk management, and if you learn by reading books, it's one I recommend.

And then if you want to get a little bit off direct stuff, I would recommend a couple of folks. Daniel Kahneman, who wrote Thinking: Fast and Slow. It is a different way of approaching the way we do things and why we do things. Another older book by a gentleman named Ian Ayers, called Carrots and Sticks--both of those will help wean you off the 'operator error' approach to incidents, and have you really begin to think differently about human behavior, and why they do what they do, and I think that's fundamental to making those changes in how you approach workplace safety, because if you approach it from the expectation that employees are going to fix it, then that's kind of where you get off on the wrong track. And those people I think will get you to, not in a direct workplace safety way, but a side way, get you thinking about those kinds of things.

Those are my recommendations.

Side note: The topic of the Carrots and Sticks book is similar to the topic of this book focused on employee motivation.

Convergence Training: Great. I learned two things I did not know. A couple of things I'd throw out, in that group of "new looks at safety," I would mention Erik Hollnagel, and you mentioned Ron Gantt and his Safety Differently website.

For those who don't know, Kahneman is a behavioral economist, and some other things to look at along those lines is the entire Freakonomics series and also Daniel Ariely, all of whom delve into why people do what they do.

OK, that's our discussion. What questions should I have asked that I didn't, Pam?

One Step at a Time in an Evolution of Safety Management Based on Risk Principles

Pam Walaski: I think you got it all, Jeff. I really don't know of anything else. I think the most important takeaway from this time together is that if you're interested in making a change in your organization, don't panic. Just think about it in bits and pieces, find a couple of things you can do right now, within the next month, that aren't going to take too much time--you know, you've still got to do your job while you're trying to make these changes, so it's not like you have 40 hours a week to work with--but if you can find some smaller things to get you started, you get those wheels moving in the right direction, you get that momentum and begin to read and think, and the more you learn the more you come up with (you gave me a couple of names I had not heard of before), and it becomes a spiral that gets you moving in the right direction. As a profession, we have evolved and we're evolving, as we should be, and so this is an evolution that we're going through, or a revolution.

Convergence Training: OK, if those are a whole bunch of great people to learn from, I've tipped my hat multiple times that I have learned a lot from you as well. If people want to follow my lead and learn from you, how can they follow you, how can they connect with you, where should they look for you, are you speaking at any conferences anytime soon, anything like that?

Pam Walaski: Sure. I am on LinkedIn, and I'm happy to connect with anybody. I am also on Twitter, my profile is @safetypam. So I try to keep some things that I focus on in those two places, that is kind of my social media. I do teach risk assessment for ASSP, so whenever they offer that course, I may be one of those instructors, and I'd love to have anybody who's listened to me participate. We have a session coming up at the end of January at something called SeminarFest, which is ASSP's sort of seminar extravaganza. Sixty different seminars, anywhere from one to three days, there's a lot of stuff there on risk and I'll be there for a good chunk of it. Another place that I'll be is the ASSP Leadership Conference in October. And I'm happy to share my email, it's p.walaski at GAI Consulants.com, and I'm happy to hear from anybody.

Convergence Training: Great, great. Well, that's going to wrap up it. I'd like to thank anybody out there who listened or read. I hope you learned some great stuff, I'm sure you did. I'd like to remind you we were talking with Pam Walaski with GAI Consultants, and I do encourage you to seek her out in publications and social media and conferences as she just discussed, and Pam I'd like to thank you very much as well. Thanks so much.

Pam Walaski: OK, thanks Jeff, bye bye.

Convergence Training: Bye.
Note: The audio recording of the conversation is immediately below if you prefer to listen.

Conclusion: Implementing a Risk-Management Approach to Occupational Safety in 5 Steps

We hope you enjoyed and found helpful this article on implementing risk management methods for occupational safety and health management, and we'd like to thank Pam Walaski again for this interview and for the earlier interview explaining Risk Management, Safety Management Systems, and Systems Thinking in Occupational Safety and Health Management.


Want to Know More?

Reach out and a Vector Solutions representative will respond back to help answer any questions you might have.