Académique Documents
Professionnel Documents
Culture Documents
Management
Felix Redmill
Redmill Consultancy
22 @ N10 3JU
UK
Felix.Redmill@ncl.ac.uk
Abstract
The risks posed by management are neither addressed by risk
analysis nor included in safety cases. Yet they have been
shown to be significant contributors to accidents. This paper
argues for more attention to be paid to them and for the
development of a risk-analysis method to address them. The
paper examines the aspects of management risk that it might
cover and offers a set of proposals for its design.
Introduction
Given that the risks posed by management can have significant effects on
the functional safety of systems that are developed, operated, or disposed
of by or within a company, and that they are currently not included in risk
analyses, what might be done about them? Four possibilities are
considered.
2.1
Do Nothing
2.2
One option is to focus on reducing risk rather than analysing it. And one
way of doing this is by improving managements awareness of safety risk,
and of risk issues in general with the added exhortation to manage the
risks. Certainly, the raising of awareness is an essential starting point, no
matter what is to follow. Happily, this step has already been taken, and in a
manner that is visible to most companies in the UK.
In its guidance on Internal Control (ICAEW 1999), the Institute of
Chartered Accountants in England and Wales requires boards of company
directors to identify and analyse the significant risks faced by the
company and to disclose that there is an ongoing process for identifying,
evaluating and managing them. The Institute also invites directors to
provide information in their annual reports to assist understanding of the
companys risk management processes and system of internal control.
Thus, boards of directors are enjoined not only to be aware of their risks,
including safety risks, but also to analyse, understand and manage them,
and, further, to demonstrate to shareholders and other interested parties
that they are doing so effectively. The Institute also calls on companies
boards of directors to adopt a risk-based approach to establishing a sound
system of internal control, which is a requirement for boardroom-led
systems based on risk management. For those companies that develop,
operate or dispose of systems, the functional risks posed by those systems
are risks faced by the company and require to be managed within the
companys system of risk-based internal control.
Thus, boardroom management is already required to be aware of its
significant risks. More than that, it is required to accept responsibility for
managing them and for demonstrating that it is doing so effectively.
However, compliance with even legal requirements cannot be guaranteed,
and where it exists it is certain to be inconsistent across companies and
industry sectors (Ramsay and Hoad 1997), so the Institute has published
advice for directors (Jones and Sutherland 1999) on the processes necessary
for meeting the requirements. Moreover, taking a risk-based approach at
the top of a company, and ensuring that the same is done at all lower
levels, requires not merely an awareness of what is required but also a
change of culture in senior management (Elliott et al 2000). For the benefit
of companies for which significant risks are the functional risks of their
systems, the Health and Safety Commission has issued advice to directors,
urging them to include health and safety issues in their annual reports
(HSE 2001).
Many companies have introduced risk-based systems of internal control
(Page and Spira 2005), but it is not known to what extent a risk-based way
of thinking has led managers to examine the risks that they themselves
pose - in their policies, decisions, and the cultures implicit in their
leadership. Thus, general awareness is not enough to ensure that one of the
major sources of safety risk is understood and managed. Nor is it sufficient
to appeal to phrases like significant risks facing the company, for
managers new to the discipline of risk management are unlikely to
recognise such risks as potentially arising from their own decisions, actions
and negligence. Additionally, it is necessary to create a process of getting to
grips with the risks that are of interest in the present context.
2.3
Another way of reducing safety risk, without carrying out risk analysis, is,
at least in theory, by improving an organisations safety culture. This is
expressed by the attitude and behaviour of staff, and should be defined,
developed and nurtured by management. If this is to be done
systematically, according to a plan to develop a good culture as well as a
strong one (Levene 1997), it must necessarily include the raising of
managements awareness, as discussed in the previous sub-section. Thus,
improving culture is taking a step beyond the mere raising of awareness.
There has been a great deal of research into the subject of safety culture,
with literature reviews being carried out, for example, by Guldenmund
(2000) and the Health & Safety Laboratory (2002). Both the terms safety
culture and safety climate are used, and, while some authors make a
point of distinguishing between them, others use them interchangeably
(Health & Safety Laboratory 2002). Universal agreement on definitions is
therefore lacking. Indeed, Guldenmund (2000) points out that, although
safety culture and climate are generally acknowledged to be important
concepts, not much consensus has been reached on their cause, content and
consequences. He further states that there is a lack of models specifying the
relationship of the two concepts either with safety and risk management or
with safety performance.
On the assumption that good culture is a good thing, and a way of
attempting to improve safety, industry as well as academe has invested in
it. The nuclear industry was perhaps the first to address the issue of safety
culture (International Nuclear Safety Advisory Group 1991), and the same
industry has prepared practical guidelines for the development and
maintenance of such a culture (International Nuclear Safety Advisory
Group 2001). Guidelines with the same intent have been produced in other
large safety-related industry sectors, such as the railways and off-shore oil
and gas exploration, and, more generally, for the Health and Safety
Executive (2002). There has also been an attempt to define the development
of a safety culture maturity model (The Keil Centre 2001).
Thus, there is already a continuing attempt to define, improve and
measure safety culture. Yet, even with increased awareness and improved
safety culture, and even if these do lead to improved safety, how can the
adequacy of safety, with respect to risks posed by management, be
demonstrated? Pointing out that awareness is high and culture good is not
sufficient. Completeness also requires the inclusion of such risks in risk
analyses, which may then inform safety cases.
2.4
3.1
Levels of Management
3.2
Management Systems
3.3
Organisational Culture
A management system promotes safety and defines the route to it. But it is
the culture of staff that determines whether or not the route is
systematically taken. Methods of measuring an organisations safety
climate or safety culture, based on questionnaires that test the attitudes of
members of the organisation, have been developed (e.g. Cooper and
Phillips 1994, The Keil Centre 2001). It could be possible to reflect the
results of such measurements as levels of risk, and research could be
conducted into ways of doing so. This, however, is not within the
objectives of this paper and will not be discussed further.
3.4
3.5
Decision Making
4.1
A Representation of Management
model, which may be created from block diagrams, flow charts, the unified
modelling language (UML), or a number of other representations. Figure 1
shows a simple process in which three activities, A, B and C, acting
sequentially, transform an input into an output. The boundary of the
process is defined (around the three activities); the input, as well as
resources and data, are derived from outside of the boundary, across which
the output is transferred.
A policy or strategy is usually expressed textually, as an intention or
instruction, but its implications, including the way in which it would be
applied and its likely or potential consequences, may be determined and
laid out as a set of processes. Similarly, a significant decision and its
implications may also be laid out as a process, though with a greater
variety of possible paths and perhaps with less certainty.
A method designed for the analysis of processes would not depend on
the pre-existence of a suitable representation of the management issue
under consideration, for an expression in terms of a process could be
created for the purpose of analysis.
Representing the processes defined or implied in the creation and
implementation of management systems, decisions, plans, policies, and
proposals for change would not only allow their analysis for safety and
other risks in advance, but also allow management to assess the
mechanisms and effects of their implementation. It would indicate where
improvement is necessary and offer guidance to auditors on where to
concentrate their efforts most effectively.
Thus, an initial proposal is to represent management as a set of
processes and to design a method for their risk analysis.
Resources
Input
Data
Output
4.2
Testing Assumptions
Resources
Input
Data
Output
4.3
4.4
4.5
4.6
A Compliment to Audit
4.7
Confidence Levels
Being concerned with the future, the results of risk analysis must contain
uncertainty. Their accuracy, or reliability for the purpose in hand, must be
expressed in terms of the level of confidence placed in them, for their level
of correctness cannot be known. Yet statements of confidence seldom
accompany risk analyses.
Confidence in a risk analysis depends on the completeness and accuracy
of the information on which it is based, which in turn depend on the
representativeness and pedigree of the sources of information. It also
depends on other factors, such as the means of interpretation of the past
information into predictions of the future and the assumptions involved.
Analysts should understand these matters sufficiently well to determine
the confidence levels that they can reasonably place on their results, and
rules in the intended method will require them to do so.
There is also the problem of consistency in the determination of
confidence levels. What confidence can there be that two analysts, given
the same information, would claim the same confidence level? Or that the
same standards would be employed by different analysts to arrive at their
4.8
Coverage
4.9
Composition
Discussion
References