Protecht.ERM Showcase: Manage all your risks with an easy to use and configurable system
Watch Now

Enterprise Risk Management (ERM) is becoming increasingly accepted as an integral part of business management processes within successful organisations.

ERM can be defined in many ways but whichever way it is defined, a key feature should be the integration of all of the risk functions across an organisation, including WHS. This blog addresses:

  1. What does integration of WHS and ERM mean?
  2. What value does a fully integrated WHS/ERM bring?
  3. How do you go about achieving integration

What does integration of WHS and ERM mean?

Workplace, Health & Safety (WHS) as a discipline has been around longer than Enterprise Risk Management (ERM). In most organisations, it is a mature function and related legislation and guidance is equally as mature.

ERM is focused on managing all risks across an organisation in a consistent manner with the ability to report risks in an aggregated manner to management, committees and Board.

The integration of WHS and ERM involves the seamless connection between the WHS function and the ERM corporate function. 

What value does a fully integrated WHS / ERM bring?

The benefits and value created by this integration are as follows:

1. Consistency of data and reporting at all levels with drill down capability.

WHS data collected at the granular level becomes the single source of truth.  It is then linked to aggregated information categories including the WHS risk type, the risk cause type, the risk impact type and the control type. This allows complete consistency of reporting as the same information is used for multiple purposes at each level of the organisation. In addition, due to the linking of data, Board and Management reports can incorporated drill down capability to allow easy investigation and analysis of aggregated data. 

Say goodbye to spreadsheets and manage safety hazards, WHS incidents and inspections in a single system. Visit our WHS page!

2. Maximum efficiency

Integration leads to optimal efficiency as WHS processes are performed once, data is collected once yet it is used multiple times. Reporting to senior management and the board is seamless.  There is no dual keying of data and duplication of effort.

3. Greater transparency at senior level of the WHS function.

The aggregation of a range of WHS data to enable senior management and board reporting provides greater visibility of the WHS function. Senior management and Board are made aware of key of the key issues on an ongoing basis as part of their enterprise management risk management function. This can raise the profile of WHS and also ensure resources are made available for the key matters requiring attention. Read blog article: Understanding Workplace Health and Safety Risks.

4. Enhanced reporting of risk information.

The linking of WHS data through to ERM, especially the linkage of WHS information to risk event types, allows the enhancement of reporting through the ability to aggregate all available information to the risk type and report dynamically. We at Protecht refer to this as RiskInMotion.

whs+blog+image 01-1

Fig 1. Example of WHS Dashboard Reporting

How do you go about achieving integration?

There are a number of key elements to consider in achieving string integration of WHS and ERM. These include:

1. Viewing and analysing WHS risks in a consistent manner as for other risks. A common methodology that can be applied to all risk is Risk Bow Tie analysis. This ensures that all risk types are treated consistently.

2. Ensuring that the various risk, hazard and control taxonomies used for WHS are mapped consistently to taxonomies used for ERM reporting. This would include taxonomies for:
  • Hazards
  • Root Causes
  • Risk Events
  • Risk Impacts
  • Controls
 whs-blog-image-02-Example+of+Risk+Event+Taxonomy
 
Fig 2. Example of Risk Event Taxonomy
 
This would then allow the linking of granular WHS risk events to ERM aggregated events at the corporate level.

3.  Mapping the categories of control used in WHS such as the hierarchy of controls to standard control categories used in ERM. For example, PPE (Personal Protective Equipment) would be mapped to “Corrective / Reactive” controls.

4. Align as far as possible the risk processes in WHS with the risk processes in ERM. For example:
 
  • Risk Assessments
  • Incident Management
  • Key Risk Indicators
  • Issues and Actions
  • Compliance
This ensures consistency of risk management for all risk types.

5. Use the same systems as far as possible. Your ERM system should cater for the WHS function with a WHS specialist module. This facilitates the integration seamlessly by supporting the WHS function for all of its processes yet provide the corporate view for senior management and board.

WHS is a critical component of ERM. In many organisations WHS is often the biggest risk. It is therefore critical that WHS and the ERM function are fully aligned. Integration is the key as WHS needs its specialist processes, terminology and legislation while at the same time, ERM needs to consistently view all risk and more specifically be able to report aggregated information to senior management and board.
 

WHS FORTNIGHTLY WEBINAR SERIES
A Deep Dive into Workplace Health and Safety
Find Out More

 WHS ProtechERM
 
 
 

Related Articles

feature image
Enterprise Risk Management, Operational resilience

Operational resilience

Over the past ten years, consumer banking behaviours have significantly changed. Today, the majority of customers engage banks via digital channels....
Read more
feature image
Health & Safety, Webinars, Protecht.ERM, WHS

Understanding Workplace Health and Safety Risks

Protecht’s eleven part complimentary webinar series focusing on a comprehensive and deep dive into workplace health and safety, kicked off on 23 July...
Read more
feature image
Compliance Management, Enterprise Risk Management, Protecht Culture, Compliance Professionals

It all starts with sound Risk Management

This interview was featured in the Forge Magazine. You can access the full publication here.  Too many organisations view risk management as a...
Read more