Integral to the business's direction and success is the identification of your processes in managing your business, their sequence, and their interaction.
A process approach requires the organization to identify the following and then determine the inputs and outputs for each process, its sequence, and its interaction, reviewing its risks and requirements.
Determine the following:
a. Management system processes (see Figure 12.1).
Outsourced processes (external providers).
b. Process map of sequence (high-level); you can also do drilled- down process maps (see Figure 12.2).
Review the inputs and outputs expected for each process.
c. Risks (quality, environment, health and safety) tied to each process for normal/abnormal/emergency, operational conditions, external provision of goods and services (outsourcing – if not already in place).
d. Comply with applicable legal and other requirements.
e. Customer satisfaction requirements.
f. Responsibilities and authorities for each process.
Ensure your managers have identified risks associated with process operations, tied to the bottom line (what, who, how, when, cost). Use a risk-based approach to determine the type and extent of controls that would be appropriate. A management system acts as a preventative tool addressing the risks (ensuring conformity of goods and services and customer satisfaction), as well as prevention or reduction of undesired effects and achievement of improvement or opportunities for improvement (OFI) to achieve its objectives.
These seven risks could affect the conformity of goods and services as well as customer satisfaction and impact:
2. Quality – customer requirements and customer satisfaction
3. Environment – prevention of pollution
Consider: air emissions, waste generation (reuse/recycle, solid, electronic), hazardous materials, water/sanitary sewer, ground water, consumption of resources (water, energy, materials), contamination of land/soil, etc.
4. Health and safety – prevention of OH&S hazards
Consider hazard areas: chemical, biological, mechanical, physical, ergonomic, fire, and special (related to weather, earthquakes, confined spaces, etc.)
6. Emergency preparedness
7. Change management
Employ management systems and procedures designed to prevent activities or conditions that pose a threat, to minimize risk, protect, and preserve.
Determine significance criteria used to determine risks, with legal being one factor and others being severity, frequency, and probability. This information needs to be reviewed in a team approach, with input from all levels to ensure process risks have been identified. This is an ongoing commitment for identification of risks, when new projects are developed, process or procedure changes occur, prior to implementing change.
When determining controls or considering changes to existing controls tied to occupational health and safety, the hierarchy outlined by OHSAS 18001 standard is excellent:
3. Engineering controls
4. Signage/warning and or administrative controls
5. Personal protective equipment
How are you as a leader letting others know that your company has identified its risks?
ISO 31000:2009 Risk Management – Principles and Guidelines (US adoption ANSI/ASSE Z690.2-2011), (CAN/CSA ISO 31000)
IEC 31010:2009 Risk Assessment Techniques (US adoption ANSI/ ASSE Z690.3-2011)
ISO Guide 73:2009 Vocabulary for Risk Management (US adoption ANSI/ASSE Z690.1-2011)