Georgi Popov - Risk Assessment

It is the authors’ opinion, that the United States has fallen behind other parts of the world in the use of formal risk assessments, partially due to the fact that most OSHA standards do not include specific requirements to do so. However, there is a growing interest in the use of risk assessment taking shape in consensus standards, and industry practices.

Even though compliance standards are not the current driving force for risk assessment, there is a movement toward formal risk assessments in several key consensus standards and technical reports. These include:

ANSI/ASSP Z10.0‐2019, Occupational Health and Safety Management Systems;

ANSI/ASSP/ISO 45001‐2018 Occupational Health and Safety Management Systems ‐ Requirements with Guidance for Use;

ANSI/ASSP Z590.3‐2011(R2016) Prevention through Design;

ANSI/ASSP/ISO 31000‐2018 Risk Management;

ANSI/ASSP/ISO 31010‐2019 Risk Management – Risk Assessment;

ANSI B11.0‐2020, Safety of Machinery;

ASSP TR‐31010‐2020 Technical Report: Risk Management – Techniques for Assessing Risk.

As the standard states, risk assessment is essential to an organization’s occupation health and safety management system. To begin, a clear understanding of occupational health and safety management systems (OHSMS) is necessary. The American National Standard, ANSI/ASSP Z10.0‐2019, Occupational Health and Safety Management Systems , defines such a systems as “a set of interrelated elements that establish and/or support occupational health and safety policy and objectives, and mechanisms to achieve those objectives in order to continually improve occupational health and safety.” In essence, it is a business system employed by the organization to effectively manage operational risks to enable the organization to achieve its business objectives.

The ANSI Z10 standard was originally approved and published in 2005, and recently revised in 2019. It is consistent with other OHSMS models. Z10 dedicates significant emphasis to risk assessment in sections 6.2 Assessment and Prioritization, 8.3 Risk Assessment, and Annex E8.3 Risk Assessment (informative). Requirements are identified by the word “shall,” while the recommended practices or explanatory notes are described by the word “should.” It requires an organization to establish a risk assessment process as part of an OHSMS.

In section 6.2 of ANSI Z10, it states that “the organizations shall establish a process to assess, prioritize and address its OHSMS issues on an ongoing basis …” The standard goes on to state that organization shall do this by “establishing priorities based on factors such as hazards identified, level of risk, potential for system improvements, fatal and serious injury and illness potential, standards, regulations, feasibility and potential positive and negative business consequences, and identifying causes and contributing factors related to system deficiencies and that lead to hazards and risks” (ANSI Z10.0 2019).

Section 8.3, Risk Assessment specifically states that an organization “shall establish and implement a risk assessment process(es) appropriate to the OHSMS issues identified in Section 8.2 to determine the level of risk and enable prioritization for appropriate actions” (ANSI Z10.0 2019). The standard outlines requirements for identifying and documenting high‐risk jobs and activities and recommends the use of well‐defined qualitative and quantitative methods appropriate for the organization. Annexes E6.2, Assessment and Prioritization and E8.3 Risk Assessment provide informative sections on the risk assessment process and select risk assessment methods.

ANSI Z10 is a consensus standard, meaning that ANSI has verified that the requirements for due process, consensus, and approval criteria have been met in the development of this standard. The use of consensus standards is voluntary; however, they are often incorporated into regulatory compliance standards and citations. ANSI Z10 is an important reference for the safety professional defining the minimum requirements for a health and safety management system with its primary purpose to reduce the risk of occupational injuries, illnesses, and fatalities.

In 2018, the International Organization for Standardization (ISO), a global federation of national standards bodies released ISO 45001, Occupational Health and Safety Management Systems – Requirements with Guidance for Use. The standard was adopted by ANSI as ANSI/ASSP/ISO 45001 also in 2018.

Similar to ANSI Z10, ISO 45001 is a management systems consensus standard based on the continual improvement process of plan‐do‐check‐act. In the standard’s “Planning” section, it includes requirements for hazard identification and assessment (6.1.2). Section 6.1.2.1 Hazard identification requires an organization to “establish, implement, and maintain a process(es) for hazard identification that is ongoing and proactive.” In the following section (6.1.2.2) the standard states requirements for assessing risks to include “methodology(ies) and criteria for the assessment of OH&S risks shall be defined with respect to their scope, nature and timing to ensure they are proactive rather than reactive and are used in a systematic way.” (ANSI/ASSP/ISO 45001 2018)

Other related elements addressed by the standard include: eliminating hazards and reducing OH&S risks using the hierarchy of controls; MOC; procurement; contractors; outsourcing; and emergency preparedness and response.

The American National Standard, ANSI/ASSP/ISO 31000‐2018 Risk Management standard and ANSI/ASSP/ISO 31010‐2019 Risk Management – Risk Assessment are fundamental consensus standards for the practice of managing risk. Specifically, ANSI/ASSP/ISO 31000 provides guidance on the principles, framework, and process for risk management (as shown in Figure 2.1), while ANSI/ASSP/ ISO 31010 is a standard for current good practices in risk assessment as part of the risk management process (shown in Figure 2.2).

Figure 2.1 Risk Management Principles, Framework and Process.

Source: Adopted from ANSI/ASSP/ISO 31000‐2018.

Figure 2.2 The Risk Management Process.

Source: Adopted from ANSI/ASSP/ISO 31000‐2018.

The ISO risk management standards were first published in 2009. These standards were nationally adopted by ANSI in 2011 and include:

ANSI/ASSP Z690.1‐2011, Vocabulary for Risk Management

ANSI/ASSP Z690.2‐2011, Risk Management Principles and Guidelines

ANSI/ASSP Z690.3‐2011, Risk Assessment Techniques

ISO 31010 Risk Assessment standard was first approved in 2011 by the American Society of Safety Professionals (ASSP) in the United States as ANSI/ASSP Z690.3. The standard has since been revised by ISO in 2019 and adopted in the United States as ANSI/ASSP/ISO 31010 Risk Management – Risk Assessment .

ISO 31010 is exclusively about the assessment of risk within the framework and process established in ISO 31000. The risk management perspective on risk assessment is generally broader and higher level than the occupational health and safety perspective. However, the process is essentially the same. ISO 31010 provides guidance on the risk assessment phase of the overall risk management process. The purpose is to provide evidence‐based information and analysis to make informed decisions on how to treat particular risks.