An Introduction to Safety Management Systems, Risk Management, and Systems Thinking in Safety: An Interview with Pam Walaski

Risk Management Image

If you’ve had your ear to the ground for the past 10-15 years, you’ll know there’s been a bit of a seismic shift in occupational safety and health that involves a movement toward risk management, safety management systems, and systems thinking.

We wanted to learn more and pull together a nice introduction to all this, so who better to talk with than Pam Walaski? Chances are good you already know Pam by name and by her work, but if not, we encourage you to check out this article, to follow her on social media, and to catch her giving at presentation at an ASSP conference or elsewhere, as she’s a great source of information on this.

So, let’s get started. Many, many thanks to Pam for her time and insights. Also, a quick head’s-up that since we published this webinar/interview, Pam has also completed a second interview with us that focuses on 5 Easy Steps for Implementing Risk-Based Safety Approaches.

And, if you’re the type who’d rather listen to the spoken word than read text on a glowing screen, know we’ve included the audio of this discussion down at the bottom.

Safety Management Systems, Risk Management, and Systems Thinking in Safety

Convergence: Hi everybody and welcome. We’re really excited today, we have a great guest here at our recording/audio/podcast series. It’s Pam Walaski. Pam works for GAI Consultants. Over the years, I’ve had the good fortune of reading quite a few really great pieces that Pam’s put together, and I’ve learned a great deal from Pam, so thanks to Pam for that, and that’s why we got here to be on the show here, so that you can all share in everything that she’s sharing. And so with that I’m going to introduce Pam, thank Pam, and…Pam, thanks so much for being on the show with us.

Pam: Thanks, I appreciate it, Jeff, it’s good to talk with you today on one of my favorite topics, and we’ll get into that as we go along.

As you said, a little bit about myself, I’ve been a safety professional for 20+ years, 25 or something like that, if I got a calculator out I could tell you exactly how many, but I’m not sure. I’ve done a lot of work over the years, I’ve had my own practice, right now I am working for an environmental engineering consulting firm called GAI Consultants, so I’m an internal safety consultant right now, my responsibility is the 1,000 or so employees who work for GAI. We’ve got about 1,000 folks in 20-some offices, primarily in the eastern part of the United States. We do a lot of energy consulting, infrastructure consulting, design work, and we specialize in some really cool stuff like wetlands and species habitation surveys, and we have folks who are specialist in snakes and gopher tortoises and bats, so we have some really interesting stuff going on here. I’ve been with GAI for about three years now.

Convergence: Alright, great, that sounds pretty interesting, I didn’t know all that. Pam mentioned we’re going to talk about some pretty interesting stuff, and as a quick head’s-up, we’re going to be talking about issues related to risk management and safety, safety management systems and safety, and systems thinking and safety.

Pam, I’ve been reading you saying there’s a bit of a revolution going on in terms of how occupational safety and health professionals do their work. I wonder if you could kind of briefly speak to that and give us a quick overview before we dive into more granular, detailed looks at that.

Pam: Sure. So, I think any of us who have been around in occupational safety and health for a number of years can think back to sort of the early days of our career and what we were learning wherever we were getting our formal education, what we learned in those early years on the job, and things like Heinrich’s Pyramid, and the idea that 88% of our accidents are from unsafe acts and the remaining 12% were from unsafe conditions….all of those sacred tenants or sacred cows, if you will, they formed the foundation of my practice and the practice of lots and lots of people. I always joke that in the basement of my house I have overheads for overhead projectors that have those things on them, and they’ve been sitting in the basement for a really long time.

About ten years ago, I guess, maybe a few more than that, I started reading articles from leading thinkers and listening to presentations at conferences, and they all started talking about the same theme–that we were starting to see a flat-lining, if you will, of incident rates. In some areas they were even increasing. Fatalities and serious injuries, particularly, we just weren’t making progress. And they began to suggest that maybe those tenants of our practice, those sacred cows, maybe they weren’t correct, or maybe they weren’t working like we thought they were, because if they were we’d see better progress.

Over time, I think you began to hear more and more from those folks, and over time people joined in on that mainstream thinking, but at first they were pretty revolutionary, and I included myself in the group of people who would sort of listen with a skeptical ear, and there are still some folks who think that they’re pretty revolutionary, but I think over time their ideas and their thinking have become more accepted, and many more OSH professionals are beginning to revolutionize their thinking.

I think we are kind of in the middle of that revolution, if you will, if you think about the scale of it, but I also..from reading and attending conferences and things, I think we’re really working down the backside of it now, so more and more of us are beginning to really think differently about what we do and how we practice.

Convergence: Alright, great, that was a good intro. Thank you.

So if we’re currently moving, as you say, kind of away from (amongst other things) a compliance-based OSH management to something else, could you talk to us first about what exactly you might mean by compliance-based OSH management and explain what are some of the faults with it and why we’re moving away from it?

Moving from Compliance-Based OSH Management

Pam: Sure. Historically, I think the foundation of our OSH programs has been the mandatory regulations that have been established. And so complying with those regulations, or developing a program that is compliance-based, means that we look at those regulations, and that’s what we do. We read the regulation and we do what it says.

For OSH professionals, it typically means a federal- or state-based program, and for some of us who might also support our organization’s environmental program, the EPA or other state-related environmental groups. But it is a regulatory process. It’s what the law says needs to be done.

As for the problems with that approach, the first of course is that anybody who’s observed regulatory processes knows they are EXTREMELY slow to change. It can take 10-15 years just for a revision to an existing standard to make its way through the processes that are established before it becomes a law or a requirement. And so the thinking or information that may be new doesn’t find its way into regulations, it leaves us kind of behind the eight ball when we want to incorporate that new thinking into our programs, if we’re just relying on what the regulation says.

I think the other problem is that if you talk to any compliance officer from OSHA federal or state and ask them if being in compliance with OSHA means we can put up a flag and say “we are best in class,” they will all tell you no, that’s only the floor. All the regulations are intended to do is establish the ground floor about which you are intended to establish your programs. So if you’re an OSH professional, and want to lead your organization into safety excellence, you obviously have to go above and beyond that.

Third and probably the most important part of what we’re talking about today–a regulation is a stand-alone requirement. There’s no system to it. If you look up a regulation that covers your organization’s operations, like Respiratory Protection or Confined Space Entry, and you read through what it says you have to do to create a program that meets that requirement–now you have a program, a Confined Space Entry program, a Respiratory Protection program, but they don’t meet each other anywhere, so you have a bunch of separate components or silos, and they don’t lend themselves to any kind of integration in a systematic way.

So those are really the flaws, but before we leave that particular point, I always, whenever I talk about this, make it clear that I’m not advocating ignoring any regulatory requirements. We obviously cannot do that. But I am suggesting that complying with them, and believing we have good compliance going, is not going to get us where we want to be. And I also believe that if you implement an effective management system, which we’re going to talk about, if your OSH program is based upon systemic components and a management system process, I betcha you’re going to be in compliance with what the regulations say, it’s just going to happen. Except for things like putting up the OSHA poster or having your OSHA logs, those kind of things, but those are not the hard parts of complying with regulations.

Convergence: Alright, that was a good answer and well said. I couldn’t have said it as well myself. To kind of summarize, your point one was OSHA changes slowly; point two was you should think of OSHA requirements as a floor; and then point three was the “siloing” effect of having programs as opposed to systems.

To that second point, I’m an instructional designer who’s worked in safety for about ten years, but I’m no safety expert. So I continue taking courses, and I just took a course on industrial hygiene, and speaking of the OSHA requirements being a floor, it’s shocking how dangerous a lot of PELs are for certain hazardous chemicals.

Pam: Right. If you think about the OSHA regulations that we currently are dealing with, they were developed when OSHA came into being 40-plus years ago, and they took them from voluntary consensus standards, and those standards have marched on and been revised, but the regulations have not.

So if you look at the regulation and you look at the timing of when it was adopted, there are still some OSHA regulations that are 40 years old, and the PELs are an excellent example of situations where we know that exposure at the PEL doesn’t protect the worker at the point where they need to be, because we know more about the exposure and what it does, or on the other side, it’s way too low and needs to be changed. But I think the last year on the PELs as 1989, so that’s a good example.

Moving Towards Systems Thinking in Safety & Safety Management

Convergence: Alright. So if that’s what we’re moving away from, that kind of compliance-based focus, what are we moving towards?

Pam: We are moving to systems-based thinking. We are moving toward management of our organization’s operations with regards to occupational safety and health from a management perspective. So it’s OSH management systems. That’s what we are moving towards, that whole systemic approach, an approach that creates integrated pieces, that breaks down those silos, gets away from a program approach and looks more at occupational safety and health as systemic and systems-based.

Convergence: OK, and we’ll get more on that in just a little bit.

I’ve heard you write and talk about systems, and I’ve also heard you talk in a related manner about risk management and risk-based approaches to safety and health. Can you tell us about that as well and what that means?

Risk Management & Safety

Pam: Sure. So putting it together with the OSHA management system, a risk-management approach is how the organization approaches the risk from an occupational safety and health basis and how it manages them. And if you think about how management systems are, the Plan-Do-Check-Act cycle, the risk management part of it is the plan part, when an organization says “how do we figure out what the risks are to our workers and to our organization, how do we quantify those risks, how do we mitigate those risks in a systemic manner that assures we have some sort of continual improvement?”

You know, the overall goal is reducing that risk, of occupational safety and health hazards, to an acceptable level. So risk management is part of occupational safety and health management systems–it’s a critical part of it, it’s a big part of it, and it’s got to be a piece that’s integrated into any kind of an OSH management system.

Convergence: I like that and I want to call out one point that I’ve read you writing on as well. So if risk part of your OSH management approach, and if it’s the “P” (or plan) in your Deming P-D-C-A cycle, that’s true, but to call out one of the things that you wisely call out as well, and that’s that risk is actually a bigger thing than just safety, it applies to more than just safety, and one thing people can do in their organization is to partner up with people who might be experts in risk, maybe in finance for example. Is that true as well?

Pam: Sure. Risk is risk. And what many OSH professionals have found, those that take that risk-management approach, is that they find a lot of friends in their organization who are already approaching the organization’s processes and procedures and organizations from a risk approach. So financial risk, talk to you CFO or anyone in your accounting department, and how they manage the financial risks to the organization. They are identifying them, quantifying them, and mitigating them, just the way we are with someone getting hurt. We look at supply-chain risk, we look at business continuity risk, it’s all a risk-based approach. And the OSH management systems should fit into the overall risk management approach in the organization to whatever the risk are at the organization.

Convergence: Good answer, thanks. And I apologize for dragging you off over there, but I’ve appreciate that point I’ve seen you make in the past.

OK, really quickly then, if risk is this universal thing that can be applied at an organization in any number of ways, but it’s also kind of the “P” or “plan” within safety in that context, can you break down the process for using risk in safety, just give us a bird’s-eye view or road map for using risk in safety?

Pam: Sure, the standards which address risk management, which would be the ANSI/ASSP Z690 standard, which is an adoption of the ISO 31000 standard, has a really nice framework in it that lays it out very graphically in a simple way to look at risk management.

And the thing that you notice first about that graphic is that it has a lot of arrows that go back and forth between all of the pieces, which is that whole critical systemic approach. Those arrows go back and forth for a reason–because all of those systems are inter-related. It’s not a straight line from Step 1 to Step 2 to Step 3. It’s Piece A, which is connected to Piece B, connected to Piece C, etc.

So if you look at that framework, risk assessment is really the key piece of risk management, and it kind of occupies the center part of that framework. And risk assessment is risk identification–what are the hazards, what are the consequences of those risks, what is the source of energy of those risks, and identifying all of that process.

The second step of that is risk analysis. How do we figure out the severity of that risk in terms of how badly someone can get hurt? How do we figure out the likelihood of that risk and give it some kind of a score or a process of understanding where it fits in a hierarchy. And then the third part is the evaluation of the risk. How do we then take the controls that are available to us and mitigate it in some way, to take it from a score of 20 to a score of 3, or a red to a green, or however your organization organizes it.

That’s the center. That’s the big piece of it. But then it’s also complemented by the risk treatment part, which is: now that we’ve figured out how we’re going to mitigate that risk, what’s the plan for doing it? How will the controls be implemented? How will the controls be monitored and reviewed? How are we going to make sure the resources are developed to get those controls in place and to get them going?

And then on either side and on top of that framework are three other major components. At the top really, and you almost have to talk about it first, is establishing the context of the organization. So what parameters does the organization need to consider when it’s managing risk in determining the scope of its process. What are the threats and opportunities that the organization has to consider in terms of managing its risk? The context of an organization that performs construction, builds skyscrapers, that’s the key–the context of their risk is completely different than the context of the risk at GAI Consultants, where our employees are out in the field doing stream and wetland delineation. Completely different context but the same process is used.

Then the other sides of it includes the communication and consultation pieces, where an organization gathers information from external and internal stakeholders, consults with them, shares information, and uses that process to identify risks and implement the whole management process.

And then on the other side is the “check and act” process of the Plan-Do-Check-Act cycle, which is monitor and review. So, now that we’ve got this risk treatment plan in place, how are we observing it? Is it working? Are the controls effective? Are we achieving our objectives? How do we look for new and emerging risks to our organization, that process of surveilling out internally and externally?

And so that’s kind of risk management in a nutshell. Again, it’s very well laid our in the Z690 standard, ANSI/ASSP Z690. And it gives a very good process for plan-do-check-act, and for implementing that into your continual processes.

Side note: For more on this, check our Risk Management and Safety article.

Teaching Employees About Risk and Risk Management

Convergence: OK, good, thank you very much. And yes, we do recommend everyone go check out those standards, but that was a helpful overview.

We were just talking about risk and risk management, and one of the things you talk about is the importance of teaching employees about risk and and performing risk analysis and helping them manage risk on their own. I wonder if you could share with us any tips for teaching employees about risk, risk analysis, risk management, and so on?

Pam: Sure. I think it’s a process, just like OSH professionals have gotten to a place where they have learned about risk and understood risk, and understand how it can help an organization do what it needs to do. I think we as OSH professionals are responsible to lead our employees in that process as well. And so, when a worker comes to you as an OSH professional as a hazard that needs to be controlled or that they’re concerned about, you’re sitting around in a safety committee meeting, and people are talking about a particular brand-new process that’s being implemented in your organization, or you’re doing an incident investigation with your employees, that’s an opportunity to introduce the whole concept of risk and risk analysis. So, talking through the hazard, at those opportunities, and working with the groups of employees to help them understand the risk in terms of the likelihood, the consequence if it does occur, and begin to incorporate those ideas and concepts into that discussion. Then you’re focusing the conversation with employees on a risk-based approach. Doing the work that you’re already typically doing…incident investigations, JHA development, or walking the floor and somebody comes up to you with a concern or a safety suggestion, it achieves a lot of different objectives.

First, it sort of in a back-door approach teaches the worker about risk assessment. You don’t have to sit them down in a training course and say “Here’s risk assessment, everybody, this is how we do it.” Instead, you can actually do it when you have opportunities as you go throughout the day. It allows them to apply those concepts to a real-life hazard that they are exposed to, that they understand and can relate to in a very specific way.

The second thing I think it does is it gives them the ability then to approach hazards in the future in the same way. And that may be with your collaboration, or it may be on their own. Ultimately, we need to give employees the tools to learn how to approach hazards from a risk-based approach on their own. And giving them that tool by working with them, collaborating with them, and then allowing them to apply those concepts.

And then the third thing I think that’s the other piece, it’s a little more nuanced, is it changes the language that we use with our workforce-the language that says risk, severity, consequence, probability, and hierarchy of controls, and all of those terms that are just a big piece of risk management. It allows us to begin to change that language. And so we’re no longer talking about OSHA and what OSHA says, we’re talking about what risk is and how can we control it.

And so that ultimately begins the process of changing your system, or changing how the people who implement your system approach it from an occupational safety and health perspective.

Convergence: Alright, I like that. One of the things I liked was when you’re talking about how to teach employees about risk is that essentially you said “do it within the context of their job,” when you’re walking the floor, when they see something on the job, and that’s one of the big lessons from my field, of instructional design and training, is how important it is to be able to deliver training and instruction and feedback and discussion right in the context of the job as opposed to going off to the isolated training room, to have that discussion.

Pam: Yeah, we know about adult learning concepts, and we know how adults learn better. They learn by doing, they learn by applying, and they don’t learn very well by sitting in a training room with a PowerPoint in front of them. They learn in lots of different ways, and so this sort of learning by doing, if you want to incorporate risk management into what we do, there are a lot of great ways to help our employees understand those concepts. And it’s not hard to do–and once you begin by apply it to a real-life hazard, it’s much easier then to take that situation the next time, and do it either more independently or understand how to apply those concepts to different hazards, because risk is risk, hazards are hazards, and those concepts can be applied in lots of different ways.

Systems v. Programs for Safety Management

Convergence: So you talked about the importance of systems and management systems. Can you walk us through again how that’s related, what does that mean in the context of occupational health and safety management, and how exactly is that different than a program–systems as opposed to programs?

Pam: Sure, sure. So a management system is a set of inter-related policies, processes, procedures, and they are intended to address a particular function of an organization.

So an occupational safety and health management system is intended to address the occupational safety and health functions of the organization. But they also apply to things like financial management, supply-chain management, business continuity…those are the examples that we were just talking about a couple of moments ago.

But again, just to reinforce, and this concept can’t be overstated, the difference between a program and a system is that a program stands alone: a confined-spaced entry program, a fall protection program, a respiratory protection program, etc. While parts of a system, like risk assessment and communication and consultation and the monitoring that we do, all work together and those arrows on that framework that I was just alluding to, that’s what those mean.  Those arrows go back and forth because those pieces go together.

So, in an occupational safety and health management system, the objective very broadly is to reduce workplace injuries and illnesses to an acceptable level. Each organization has to figure out what the acceptable level of risk is, what the risk are that they’re exposed to, that’s establishing the context, and earlier I was talking about a couple of examples of completely different organizations and what their context might be, and to achieve those objectives, we solicit information about the risk from our stakeholders, whether they’re internal stakeholders or external stakeholders, though communication and consultation, dialogue and joint decision making. We figure out how our workers could get hurt, how badly hurt they could get, what’s the likelihood of it happening to them, and the whole risk assessment process. We implement a plan to reduce those risks through risk treatment. And then we check to make sure the plan is working, revise it if it isn’t, and then monitor and review.

So each of those pieces functions together and the whole cycle, that circular plan-do-check-act cycle that we talked about, it’s a critical piece of any kind of management system, whether it’s financial health, occupational safety, or whatever kind of system you’re dealing with.

Safety Management Systems Standards

Convergence: All right, great. I know that earlier, when we talked about risk, you gave us some specific examples of standards related to risk, and I wonder if you could call out a couple ISO or ANSI standards related to safety management systems as well?

Pam: Sure, and it’s important to talk about these, because as OSH professionals, many of us spend a lot of our time on, and looking at regulations. But if we’re going to lead our organization into this change, to a systems approach, through risk and occupational safety and health management systems, we have to know what these standards are, we have to understand them, and we have to be able to lead from that as our foundation. So it’s important to understand what they are, how they fit together, and how we can implement them.

So we talked already about ANSI/ASSP Z690, that’s the American adoption of the ISO 31000 standards on risk management. In addition, there are a couple of occupational safety and health management systems standards that people should be familiar with, if they’re not already. The newest kid on the block is the ISO 45001 standard, just published in March of this year, and that was a four-plus year process of developing and building consensus for that particular standard.

It is based upon several other standards–there are five or six of them out there–but the two that most OSH professionals might be familiar with are the ANSI/ASSP Z10 standard and the OHSAS 18001 standard. The former, Z10, is currently being reviewed by the ANSI-accredited standards committee, and I just literally got an email before I logged in here this morning that indicated that ANSI/ASSP Z10 is being approved and updated to align with ISO 45001. So those standards should mirror each other. They’re based on similar concepts, and that has been adopted by the Z10 committee.

And so for many of us who are familiar with that (Z10) standard–that’s been around for ten years or so–it provides a safety management system that is OSH-based, so it is specifically an occupational safety and health management system, that is used primarily in North America. It is not a standard that can be easily certified by a third party, but it  is a great standard for many organizations who want to self-certify themselves. They can use it as a benchmark to mark their safety management system against, or to implement or revise their system.

The other one, OHSAS 18001, was a big part of ISO 45001, it was one of the two foundational standards that was used (including Z10) to develop 45001. And that’s the British Standards Institution, the BSI. That standard is being sun-setted because it’s being replaced by BSI with ISO 45001, and by 2021, that particular standard will be gone. So organizations that are aligned with or certified through 18001 are currently in the process of transitioning to ISO 45001, and that will be done by 2021.

The last one to mention, which is one of those pieces that are part of occupational safety and health management systems, like risk management, is prevention through design. And that is ANSI/ASSP 590.3. That important part of prevention through design is that it focuses on mitigating occupational safety and health risks through prevention–controls that allow you to eliminate the risk rather than try to control it with PPE and training and work practices. And preventing through design is a really, really critical part of risk management when you’re doing with high-consequence risks, because what you’re trying to do is prevent that risk from occurring through a high-level control. And an organization that is serious about implementing a risk-management approach has to begin to focus on a preventative approach to the hazards, and preventative design gives you a lot of really good guidance on how to do that.

So if you think about the occupational safety and health management system as the “spoke” in the center, and Z590.3 and Z690 are parts of the wheel, if you will, they all kind of integrate together and work together to develop a systems-based approach.

Quick side-note: you can get a pretty comprehensive intro to ISO 45001 here from an interview with one of its developers.

Human Factors & “Operator Error”

Convergence: Great overview. So 18001 is being sunsetted because of 45001, Z10 is just now being updated to match 45001, as you said 45001 is new, and then you mentioned 590.3, which has to do with prevention through design, which is nice because we already talked about the hierarchy of controls, and it leads nicely into my next question.

In the context of moving safety and health management toward safety management systems and systems thinking in general, I wonder if you could talk to us about the problem having to do with earlier conceptions of human factors, including for those who are unfamiliar with that term defining what human factors are, and relying on the concept of operator error for explaining safety and health incidents at work.

Pam: Sure. So, you know, if you believe in the fundamental concepts of a management system, I think that you have to accept and understand that our workers operate in a system that is created and controlled by management. And if you know anything about Deming, the leader of the Plan-Do-Check-Act cycle, that was one of the things that he said. And our workforce operates in that system, it’s created and controlled by management, and management holds the key to changing the system. And if we want to prevent incidents, we have to approach it from a systems approach, and when we find incidents that can be prevented, our preventative approaches have to be systems-based.

The second thing is that if you want to approach your organization from a systems approach, you have to appreciate that worker behavior is part of every incident you look at: a fatality, a serious injury, a near-miss, a close call, property damage, whatever that is, worker behavior is a part of that. The worker did something that they weren’t supposed to do, or they didn’t do something that they were supposed to do.

And if you understand those two concepts, the organization has to understand and appreciate that when you investigate the incident, when you look at how to prevent that, when you begin to identify risks and figure out how to control them, you have to appreciate that the system creates the circumstance where the incident is either allowed or controlled, or where the risk is allowed to be in place. And you have to develop a corrective action plan that relies on changing the system while at the same time allowing the workforce to operate effectively within the system.

But I think what we see far too often is that the reduction of incidents to our controls, or the corrective action plans that come out of out investigations, are based upon the worker, operator error processes, contingent processes. And we think that we’re going to fix the risks or mitigate the risks by having processes that require 100% compliance by the workforce 100% of the time.  That’s just not feasible, it’s not practical, it’s not going to happen. People come into work every day with a lot on their mind, which interrupts their ability to maintain that 100% compliance. They have financial problems, perhaps they’re not feeling well, perhaps they didn’t get much sleep last night. Every day, workers come in to work in those kind of mindsets. The workplace is full of distractions that disrupt operations. Management creates processes that don’t work, that aren’t properly defined, that people aren’t trained well on. And so workers create a work-around in order to get that job done.

So we can investigate an incident and blame them and retrain them or discipline them or create even more foolproof processes, or we can do a risk assessment and say “OK, the way we’re going to manage this risk is to use PPE and training and we’re going to create a work practice or procedure, but those ways of approaching occupational safety and health risk are not going to work, and our incidents are evidence that they don’t work. We still have 5,000-ish fatalities every year, and that hasn’t changed much in the past 15 years. So we have to change the system that created the circumstances. And again, to just restate, we have to create opportunities for workers to work effectively within that system. That is where the training comes in–training workers to work within the system as opposed to training them to run the system.

And I would also add one last caveat on that, and that’s to say that I’m not suggesting enforcement when deliberate non-compliance occurs isn’t part of managing the risks of your organization. Employees who choose not to comply with basic rules that keep them and their coworkers safe may not be able to continue to work with their coworkers in that system, and that’s absolutely true. But that isn’t the first place we’re looking to reduce injuries and illnesses, and it isn’t the primary purpose of an occupational safety and health management system. It is a side-piece, and it needs to be part of it, but if you look at incident investigations, operator error can’t be the first, last, and only cause of what happened.

Convergence: And to that point, and maybe you don’t have these kind of statistics, maybe nobody does, but I’m assuming that (maybe nationwide, for example) if we have these kind of statistics, we would see operator error at the end of an incident investigation at a very high frequency–do you have any idea what kind of frequency that would be?

Pam: You know, I don’t have the numbers. But I’ll tell you, one of my favorite people in the world, who I think is sort of a legend in our community, is Fred Manuele. And he is one of the people I read a lot of back when I was really starting to understand more about systems and management. And in his book, Advanced Safety Management, it always struck me is that one of the things he did when he wrote that book, is he reached out to a lot of organizations and asked them to send him incident investigations–their completed incident investigation forms. And he went through more than 1,000 of those forms, and started tallying how many times operator error was listed as a cause of the incident, and he came up with an astonishing percentage of those incidents, and he talks about that at great length in that book, and uses it as a really important part of this whole concept we are talking about. And these were organizations that considered themselves to have very effective occupational safety and health programs. But that’s what they were doing with their incident investigations, and that’s what they were basing their corrective actions on. Retrain, retrain, retrain, change the JHA, better PPE, all of those kind of low-level controls that we know are not effective at true risk mitigation.

Convergence: All right, great, and I won’t drag you off into a different conversation, but that could lead us into an interesting conversation about people like Ron Gantt, who I know you like quite a bit, and I am guessing Todd Conklin, who you may be a fan of as well.

Pam: Oh yeah. Yeah, absolutely. Absolutely.

Convergence: Seeing the worker not as the problem but as the solution.

Pam: Absolutely.

Causes & Precursors of Fatalities & Serious Injuries

Convergence: OK, so earlier you said that as safety professionals we haven’t been able to drive down the rates of fatalities and serious injuries in quite some time really, and you’re proposing different approaches to safety in the hopes of being able to do that. Elsewhere, I’ve seen you give some really nice lists of common precursors of occupational fatalities and serious incidents and some common causes of the same, and I wonder if you could walk us through the lists you’ve identified?

Pam: Sure, sure, and to clarify, it’s not a list I personally identified, but I drew them from other writings “out there” where a lot of organizations have developed those, and they’re pretty common out there in terms of a lot of writings, but they come from….I first became aware of some of them, I was part of the planning committee for the Fatality Prevention Forum in 2012 that was put on by Indiana University of Pennsylvania and the Alcoa Foundation (and others). And there were a lot of really, really important people there talking about this whole idea that fatalities and serious injuries were not being reduced. Why was that? What was happening? But part of that conference focused on identifying precursors and causes of fatalities and serious incidents, and they came from large data sets that some of the organizations that participated had gathered, and they’ve sort of been corroborated over the years by other organizations that have done that, but I would also say that if you looked at your organization, I bet you would agree.

So an FSI cause obviously is when you look at an incident where a fatality or a serious injury occurred, what are those things that generally are the causes of those kind of incidents.

A precursor is a little different. It’s more of a forward-thinking concept, because it asks the organization to look at the activities or processes where the risk of a serious injury or fatality is high.

Either because the risk isn’t fully recognized by the organization, or controls that are put in place by the organization for managing the risk are not adequate–they’re low-level; they’re too complicated; they’re not well thought-out, they’re not well-followed, etc., etc.

And by looking at those two pieces–precursors and causes–you can begin to identify as an organization what are your highest risks. And if you’re going to approach managing occupational safety and health from a risk management approach, those high-risk FSI precursors and causes are the things that you want to be addressing first. Your organization may have 750 different tasks that you perform, but 60 of them have the potential for a fatality or serious injury. And so when you’re doing risk assessment, those are the 60 that you need to look at.

So, FSI causes generally tend to include:

  • Caught-by
  • Struck-by
  • Operation of/interaction with mechanical equipment
  • Falls
  • Contacts with high energy
  • Electrical contact
  • Explosions and fires

All of those kinds of that that, when you look at the BLS data set, you can see those kinds of causes are commonly part of the sets of data on serious injuries.

Precursors, though, are ways in which you can intervene ahead by identifying the things that might be happening at your organization. And we often see that non-routine work is a potential precursor for fatalities and serious injuries. The presence of high-energy sources, whether that’s electrical or thermal or whatever that may be. The use of contractors in your organization, either because you’re doing renovations or construction or they’re in your organization because you sub-out some of your work to other kinds of groups, those are people who may not be familiar with your organization, and they present risks to your workers. And then upsets in normal operations, so when things are smooth and humming along and your widgets are rushing off the line, that’s one thing, but when the line breaks down for one reason or another, that has the potential to create precursor situations, because workers are not necessarily dealing with upset conditions and may not have those kinds of controls in place.

So those are the kinds of things from a risk perspective that you want to identify first. And if you’re an organization that doesn’t really have a risk assessment in place, and you’re wondering where to start–that’s where you start. You identify where those are and you begin to mitigate those first, because those are the things that are going to cause fatalities and serious injuries in your organization.

Oh, one last point about that, I just thought about this as we were talking. FSI causes, and they’re helpful to understand and be familiar with, but one of the problems that a lot of organizations get caught with is that they may not have causal data. So for example, my organization has been around for sixty years, and we have had one fatality. If I look at that one fatality and say “OK, that’s the one thing  we really have to worry about,” we have a lot of occurrence data. And everything else that we’re doing must not be a problem, because nobody ever got seriously injured or killed, then I might have a tendency to downplay those causes, because nothing bad has ever happened. And if you think about some of the organizations where we’ve had tremendous catastrophes–Chernobyl, and Texas City, and Deepwater Horizon–those were organization that took their eyes off of those causes, because they never really happened. And when they do, the organization says “Wow, we never really thought about that before, because when we were assessing the risk of our operations, we were looking at causal data, and we said ‘Well, this has never happened before.'” So it gets a lower risk score, and that has a tendency to downplay that risk, and therefore downplay the importance of that control.

Closing Thoughts

Convergence: Alright. So good points about fatalities and serious injuries; good points about causes and precursors; and good points about checking the data but also not letting certain things lull you to sleep on issues as well.

So you have kindly agreed to do a second webinar, which we’re looking forward to, in which after introducing all this stuff on safety management and risk management and systems in safety, you’ll give some tips for implementing it. I’ve seen you write very well on that, so we look forward to that. And we’ll leave that for a different day.

But now that you’ve introduced this whole concept to us, is there anything else you’d like to tell us about that I didn’t ask but I should have, or is there anything else on your mind that you’d like to share?

Pam: You know, just to kind of bring it full-circle, if you will, this kind of thinking and management systems and this revolution in occupational safety and health, I try to remember and I encourage others to remember that it’s a process, it’s a journey, that as OSH professionals some of the things that we think are true may not be true, some of the things that we’ve used as a basis to do what we’ve done, from an honest perspective, may not be working anymore, and that part of our call, if you will, is to be willing as professionals to be introspective about what we’ve done as a profession, and how can we do better. So if we’re going to lead our organization through some fundamental changes, from a compliance-based approach to a risk-based approach, we have to claim responsibility for what happened, and some acknowledgement of flaws in our approach, but yet at the same time identify that path forward. And in my opinion, and the opinion of other folks, the path forward is to begin to work towards systems approaches. And it’s our job as safety professionals to take the lead on that, and we have to identify those systems, standards, understand them, read what other people like Ron Gantt and Todd Conklin are saying,  and take opportunities to network with folks like that, and then begin to develop our own way of thinking and modify our own thinking so that we can be the leaders that we need to be as we move from compliance to risk.

Convergence: That was well-stated. I think you talked about the importance of being self-critical and evaluating our own thinking, places where we might have been wrong, and that’s a really challenging thing. A lot of learning professionals talk about that in terms of a mental model or a schema….

Pam: Yeah, exactly.

Convergence:…going back to Senge, and those are really valuable, but one of the things you have to know if you have to continually re-evaluate those, and admit when they’re not working as well. Are you familiar with a guy named Arun Pradhan, an Australian learning professional?

Pam: No, what’s he written?

Convergence: He mostly writes magazine articles, there’s no big book out there, but he’s very interesting on these concepts of learning and mental models. The other thing you talked about, that I really liked too, and I think it’s one of the reason this stuff is a stumbling block for some people, is that this is a process and a journey and you may never wind up at that end state. I watched Ron Gantt having a conversation on LinkedIn with a guy about that, and it occurred to me that there’s an underlying thing in human behavior where you want to be teleological, where there’s this desired end goal. And I think that’s part of the attractive to something like zero harm or something. Ron Gantt was saying something like “Hey, this is a process,” and the other person said something like “Well, you never get anywhere!” And I think that’s an underlying mental model that we have to consider, which is why do we think that safety management has to have this end state?

Pam: Right. And the management system is based on Plan-Do-Check-Act, it’s based upon a cycle. It isn’t ever intended to end–it’s continual improvement. You can certainly look back and see that you’re better off today than you were last year, that you were five years ago, that, you know, at the progress that you made, but the nice thing about management systems is that they lend themselves to that looking backward and forward at the same time, you can really see where you have been when you have a systems approach, and you can see where you’re going when you have a systems approach, and as OSH professionals, we have to be right smack-dab in the middle of that, if that’s the road that we want to take, and I would argue that we do, that’s part of our job as professionals, is to be right in the middle, looking backward and forward, and continually improving.

Convergence: I guess, if I can ask one last question, and you may not have data on this, but you mentioned earlier this is not a new revolution, and organizations are in the process of making this change or some have. Do you have any sense of a percentage of organizations nationally in the US for example that have either made this change or are in the process of making this change, or again is there no data set on that?

Pam: I’m not familiar with any data. I can only tell you anecdotally. I’m a member of ASSP and I attend their events regularly. I’ve been attending for 15 years, and probably more than that. If you were to do a search on all of the sessions they offered 10 years ago, and looked for the words risk or systems in the title of the presentations, you wouldn’t have found very many. But what you see now is a lot of various sessions that focus on all of those concepts and ideas, and when you walk into the room, they are standing-room only. The various certification programs that ASSP offers on risk assessment and now on 45001, there are waiting lists every time they offer those courses. So what I would suggest is there’s a great hunger out there for that information, and a lot of folks out there that want to learn and understand. And so, if that’s any indication, given as I said that we’re sort of on the backside of the revolution where it’s becoming more mainstream now to be interested in and wanting to implement these kinds of approaches for the organizations we work for.

Convergence: Alright, great. Well thank you so much, Pam Walaski of GAI Consultants. That was a great intro to this kind newer thinking in safety revolving around risk and management systems and systems thinking. And we are really excited you have agreed to do a second webinar, which we’ll do later and which we’ll link to this one. I’ll also link to all sorts of stuff you’ve talked about, all the  management systems, once I’ve typed this up, and thank you for the credit, I didn’t know where all the FSI data was coming from, a fatality prevention forum from Alcoa and others, I didn’t know that.

I’d like to thank everyone out there for their attention and say thanks to Pam as well, so thanks so much and have a great day.

Pam: Uh huh, bye bye.
NOTE: As promised, here’s an audio recording of this discussion.

Conclusion: Making the Switch to Safety Management Systems, Risk Management and Systems Thinking in Occupational Safety and Health

Many thanks to Pam for taking the time to explain the movement toward risk management, systems thinking, and safety management systems in occupational safety and health. We definitely recommend you follow Pam on social media and try to catch her speaking on safety topics at conferences if you can.

Also, remember that she’ll be back here soon giving us a few simple tips for implementing this new thinking on safety at your workplace.

Until then, feel free to download the free guide below.

Online Safety Training Buyer's Guide Checklist

Online Safety Training Buyer’s Guide Checklist

Learn how to evaluate different online safety training solutions to find one that best fits your company’s needs with our FREE informative guide and checklist.

Download Free Guide

Online Safety Training Buyer's Guide Checklist
Jeffrey Dalto

Jeffrey Dalto

Jeffrey Dalto is an Instructional Designer and the Senior Learning & Development Specialist at Convergence Training. He's worked in training/learning & development for 20 years, in safety and safety training for more than 10, is an OSHA Authorized Outreach Trainer for General Industry OSHA 10 and 30, has completed a General Industry Safety and Health Specialist Certificate from the University of Washington/Pacific Northwest OSHA Education Center, and is a member of the committee creating the upcoming ANSI Z490.2 national standard on online environmental, health, and safety training.

Leave a Reply

Your email address will not be published. Required fields are marked *