Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
Business risk management (BRM) is The requirement for a BRM approach Effective internal controls safeguard
a strategic process which helps and is highlighted in the Turnbull stakeholder and shareholder investment
supports decision making at both Committee’s guidance,1 which and organisational assets, especially
strategic and operational levels in an requires organisations listed on the when they are risk-based and embedded
organisation. Improved understanding UK stock market to identify, record into the organisation’s management
and management of all risks likely to and manage their significant risks systems – in other words, built in,
affect the organisation will lead to in a suitable manner. Systems for not bolted on. The growth of socially
better performance and competitive regular review of risks and review or responsible investing indices (eg
advantage, especially when hazards amendment of internal controls must FTSE4Good) allows potential investors to
and threats are identified, and the risks be in place, together with statements choose organisations that demonstrate
assessed and controlled, in the same in company annual reports confirming good corporate social responsibility3 and
way as for opportunities and rewards. the effectiveness of these systems. this includes their health and safety and
environmental performance.
BRM may therefore be defined as ‘the Health and safety hazards and controls
eradication or minimisation of the adverse are included where they represent In essence, a BRM process therefore
effects of pure and speculative risks to significant operational and compliance highlights the importance of risk
which an organisation is exposed’. risks within the scope of Turnbull. assessment and control to the
Often such risks are associated with board and senior management of
Note that ‘pure’ risks can result only wider financial and reputational organisations, and ensures that both
in preservation of the status quo losses, such as those sustained by BP cost and risk are taken into account
or loss to the organisation – for and Lehman Brothers. Also, under the when management decisions are taken
example injury, disease, damage or Statement of Recommended Practice and implemented. Making sure that
death. ‘Speculative’ risks may result in (SORP),2 trustees of charities must all significant corporate risks, including
either gain or loss – as in the phrase state the controls in place to minimise health and safety risks, are effectively
‘speculate to accumulate’. Hence BRM operational and financial risks. managed is an essential part of the
is used in organisations to: role of directors or their equivalents.
- consider the possible impacts of
foreseeable significant risks on the
organisation’s performance
- respond appropriately to internal
and external changes in risk
perception
- devise strategic options for
eliminating or controlling all
significant risks and their impacts
- link these options to the general
decision and control framework
used by the organisation.
01
2 Health and safety and the holistic approach to BRM
IOSH’s vision is ‘a world of work which The model clearly demonstrates that systems with those used to manage
is safe, healthy and sustainable’ and its health and safety management is an environmental impacts or quality,
mission clearly states that it champions integral part of BRM. The model also which are other key factors affecting
‘pragmatic, risk management, based indicates that business risks should the reputation, and thus the ultimate
on professional advice’. be treated as a whole rather than on success, of the organisation.
a piecemeal or compartmentalised
Figure 1 shows how IOSH’s vision and basis. It’s vitally important – using The evolution of holistic BRM has seen
mission supports the BRM process and the holistic approach – to recognise the bringing together of loss control
demonstrates how it’s evolved along the interrelationships and impacts, (risk reduction), insurance (risk transfer),
with IOSH since 1945. both positive and negative, of the good corporate governance, and formal
various types of pure and speculative integration of systems. This clearly
The model highlights: risk. Managing health and safety demonstrates the value of health and
- the historical development of BRM risks should never be undertaken safety professionals making functional
- the ‘speculative’ and ‘pure’ risks in in isolation, because poor health alliances with other departments.
overall organisational management and safety management can have a
– corporate governance negative impact on other business
- the fluidity of elements of BRM risks, such as brand, reputation,
- that health and safety and insurance, business continuity and
environment are integral to BRM financial wellbeing. This is one reason
- the role for health, safety and why some organisations integrate
environment professionals in BRM. their health and safety management
Figure 1: The
development of
BRM since 1945
02
3 Key elements of the BRM process
The BRM process comprises Risk evaluation (or measurement) can - Risk reduction involves the ongoing
identification, evaluation and control, be based on economic, social and management of risk in the
plus the monitoring, audit and legal considerations, together with organisation by implementing a
review stages common to all effective the probability and frequency of each programme designed to protect the
management systems. occurrence and the severity of the organisation’s assets from wastages
outcome of the event being assessed. caused by accidental loss. The
There are many techniques available components of such a loss control
for risk identification (typically referred Risk control strategies may be classed programme should include:
to in the health and safety context as into four main areas (see Figure 2 on occupational safety, health and
hazard identification), most of which page 04): hygiene
are well known to the health and - Risk avoidance involves the environmental protection
safety profession, for example: conscious decision by an damage control
- application of standards4,5 organisation to avoid a particular transport risk management
- checklists, inspections and audits risk by discontinuing the operation fire prevention and control
- workforce involvement and producing that risk. security, anti-fraud and anti-
consultation - Risk retention involves managing terrorism measures
- accident and loss investigations the risk within the organisation, IT systems protection
- task analysis with any loss arising from poor personnel and competence
- scenario planning risk management being totally retention
- stakeholder consultation. financed from within. This option product or service safety and
may be followed consciously or quality assurance
Organisations with mature health unconsciously – it’s what happens if public safety and liability
and safety management but limited risks aren’t fully identified. business continuity.
experience of wider BRM issues can - Risk transfer involves the legal
adapt their existing health and safety assignment of the costs of certain During the later monitoring, audit and
processes and recording format to cover potential losses from one party to review processes:
other key risks – this is an example of another. The most common way of - the risk controls should be
the integration described in section 2. doing this is by insurance, but other monitored for their effectiveness
Health and safety professionals can forms of contractual risk transfer - the identification and evaluation
contribute to techniques such as SWOT6 include sales contracts and employing processes should be reviewed
(strengths, weaknesses, opportunities, third parties, eg contractors. regularly and whenever significant
threats) and PESTLE7 (political, economic, change occurs
sociological, technological, legal, - the BRM process should be audited
environmental) analysis, Porter’s Five periodically to make sure weaknesses
Forces8 and the European Foundation are identified and addressed and to
for Quality Management model,9 which enable continual improvement.
your organisation may already be using.
03
Risk reduction
or control
Risk acceptance
or retention
4 IOSH’s position
IOSH believes it’s important for health value in the wider BRM context. We
and safety professionals to build encourage IOSH members to develop
links and to co-operate with others an understanding of the language and
involved in the BRM process. As noted tools used by business managers and
in section 3, this may include using to take every opportunity to make sure
tools and competences originally that significant health and safety and
developed to support good health and environmental risks are firmly on their
safety management, adapted to add organisation’s BRM agenda.
04
More information
05
IOSH IOSH is the Chartered body for health and safety
The Grange professionals. With more than 44,000 members
Highfield Drive in over 120 countries, we’re the world’s largest
Wigston professional health and safety organisation.
Leicestershire
LE18 1NN We set standards, and support, develop and
UK connect our members with resources, guidance,
events and training. We’re the voice of the
t +44 (0)116 257 3100 profession, and campaign on issues that affect
www.iosh.co.uk millions of working people.
twitter.com/IOSH_tweets
facebook.com/IOSHUK IOSH was founded in 1945 and is a registered
tinyurl.com/IOSH-linkedin charity with international NGO status.
Institution of Occupational
Safety and Health
Founded 1945
Incorporated by Royal Charter 2003
Registered charity 1096790 FS 60566