What does ERM mean?

Enterprise Risk Management (ERM) is becoming increasingly accepted as an integral part of business management processes within successful organisations.

ERM can be defined in many ways but whichever way it is defined, a key feature should be the integration of all of the risk functions across an organisation, including Workplace, Health & Safety (WHS). This blog addresses:

  1. What does integration of WHS and ERM mean?
  2. What value does a fully integrated WHS/ERM bring?
  3. How do you go about achieving integration

What does integration of WHS and ERM mean?

Workplace, Health & Safety as a discipline has been around longer than Enterprise Risk Management. In most organisations, it is a mature function and related legislation and guidance is equally as mature.

ERM is focused on managing all risks across an organisation in a consistent manner with the ability to report risks in an aggregated manner to management, committees and Board.

The integration of WHS and ERM involves the seamless connection between the WHS function and the ERM corporate function. 

What value does a fully integrated WHS / ERM bring?

The benefits and value created by this integration are as follows:

1. Consistency of data and reporting at all levels with drill down capability.

WHS data collected at the granular level becomes the single source of truth.  It is then linked to aggregated information categories including the WHS risk type, the risk cause type, the risk impact type and the control type. This allows complete consistency of reporting as the same information is used for multiple purposes at each level of the organisation. In addition, due to the linking of data, Board and Management reports can incorporated drill down capability to allow easy investigation and analysis of aggregated data. 

Say goodbye to spreadsheets and manage safety hazards, WHS incidents and inspections in a single system. Visit our WHS page!

2. Maximum efficiency

Integration leads to optimal efficiency as WHS processes are performed once, data is collected once yet it is used multiple times. Reporting to senior management and the board is seamless.  There is no dual keying of data and duplication of effort.

3. Greater transparency at senior level of the WHS function.

The aggregation of a range of WHS data to enable senior management and board reporting provides greater visibility of the WHS function. Senior management and Board are made aware of key of the key issues on an ongoing basis as part of their enterprise management risk management function. This can raise the profile of WHS and also ensure resources are made available for the key matters requiring attention. Read blog article: Understanding Workplace Health and Safety Risks.

4. Enhanced reporting of risk information.

The linking of WHS data through to ERM, especially the linkage of WHS information to risk event types, allows the enhancement of reporting through the ability to aggregate all available information to the risk type and report dynamically. We at Protecht refer to this as RiskInMotion.

whs+blog+image 01-1


Fig 1. Example of WHS Dashboard Reporting

How do you go about achieving integration?

There are a number of key elements to consider in achieving strong integration of WHS and ERM. These include:

1. Viewing and analysing WHS risks in a consistent manner as for other risks as part of your conceptual framework for occupational health and safety. A common methodology that can be applied to all risk is Risk Bow Tie analysis. This ensures that all risk types are treated consistently.

2. Ensuring that the various risk, hazard and control taxonomies used for WHS are mapped consistently to taxonomies used for ERM reporting. This would include taxonomies for:

  • Hazards
  • Root Causes
  • Risk Events
  • Risk Impacts
  • Controls


Fig 2. Example of Risk Event Taxonomy

This would then allow the linking of granular WHS risk events to ERM aggregated events at the corporate level.

3.  Mapping the categories of control used in WHS such as the hierarchy of controls to standard control categories used in ERM. For example, PPE (Personal Protective Equipment) would be mapped to “Corrective / Reactive” controls.

4. Align as far as possible the risk processes in WHS with the risk processes in ERM. For example:

  • Risk Assessments
  • Incident Management
  • Key Risk Indicators
  • Issues and Actions
  • Compliance

This ensures consistency of risk management for all risk types.

5. Use the same systems as far as possible. Your ERM system should cater not just for the WHS function with a WHS specialist module. This facilitates the integration seamlessly by supporting the WHS function for all of its processes yet provide the corporate view for senior management and board.

WHS is a critical component of ERM. In many organisations WHS is often the biggest risk. It is therefore critical that the workplace health and safety framework and the ERM function are fully aligned. Integration is the key as WHS needs its specialist processes, terminology and legislation while at the same time, ERM needs to consistently view all risk and more specifically be able to report aggregated information to senior management and board.

Up next

Insights from the next session: what is ERM framework designed to do and applying a risk management framework to WHS.


A Deep Dive into Workplace Health and Safety
Find Out More

 WHS ProtechERM

Related Articles

feature image
Compliance Management, Enterprise Risk Management, Operational Resilience

How resilient is Australia’s critical infrastructure?

Australia’s Department of Home Affairs issued a warning to critical infrastructure stakeholders in February 2022 in the wake of widespread...
Read more
feature image
Enterprise Risk Management

Cyber risk: Bringing resilience to remote working

Most businesses and security experts agree that the shift to remote work has encouraged malicious actors and opened new attack surfaces for them to...
Read more
feature image
Enterprise Risk Management, ERM

RMIA speaking session: Maturing ERM to the next level

Maturing ERM to the next level by focusing on dynamic, real-time, integrated risk management The agenda for our RMIA conference presentation on...
Read more