Risk and its management involve predicting the likelihood of a harmful event and putting in place mechanisms to avoid these detrimental events from occurring.
Photo credit: Photo by Jay K. Bradish/IFPA
This is truly a complex question. As we have done in previous articles, let’s break this question down into its fundamental issues.
To start, we tackle the issue of how your fire department should evaluate and mitigate risk. In other words, how can you reduce the chance of legal action due to action, or lack of action, regarding workplace safety? What are the legal ramifications of failure-to-act?
Essentially, this question comes down to managing organizational risk. Risk management is a staple of private industry in its efforts to reduce insurance costs associated with property damage and injury claims, reduce workers’ compensation claims and promote a safe workplace for employees. However, risk-management concerns of the private sector differ little from those of the public sector.
The interchangeable use of the term “risk” is often applied in ways that have different meanings. Our definition of risk is rather simple – risk and its management involve predicting the likelihood of a harmful event and putting in place mechanisms to prevent these detrimental events from occurring. For our discussion, we will leave out the concepts of probability and consequence to predict loss and significance. Risk management comprises the entire process of identification and evaluation of risks as well as the identification, selection and implementation of measures that may reduce the impact or occurrence of a harmful event. A common term applied to managing risk in the workplace in the private sector is loss control.
The fireground and beyond
Many in the fire service generally associate risk management within the context of the fireground or field operations. For the most part, the fire service has done an admirable job in reducing risk to its first responders in these settings. Though managing risk on the fireground is important, it accounts for only one view of managing risk for the entire organization. Risk management is global; it is comprehensive, touching on the many facets of organization management.
Risk management from the global perspective addresses issues such as employment status, respectful and drug-free workplace, discriminatory behavior, workers compensation and compliance with mandated laws. The responsibility of the fire chief to safeguard the assets of the organization are equally applicable to an emergency response agency as to a private-sector company. The concept of managing community risk through pre-planning, response, mitigation and recovery can be applied to areas of concern identified above.
Risk management incorporates a full range of measures that may be used to limit, reduce or eliminate the probability that an undesirable outcome will occur. And as we have stated, managing organizational risk is not unique to fire departments and is considered by most to be a dynamic and continual effort to reduce or eliminate undesirable events. Any system for managing risk must provide for three fundamental steps that include the identification of risk, evaluation of the “consequence” or potential magnitude of the undesirable event and control measures; how to reduce or eliminate the loss.
Many loss-control experts use as a starting point the following categories of technology, process and people when attempting to control a potential loss or liability. Before we delve into this concept, let’s briefly look at loss and loss control.
Loss control is one component of risk management. The goal of loss control is as stated – to limit or eliminate the consequences associated with a loss. Losses can be subdivided into these general areas:
- Property loss involves those physical assets of the agency such as vehicles, equipment and facilities
- Personnel loss is injury, illness or death to a member of the organization
- Lost-time loss entails business down time
- Liability losses are acts or omissions that result in legal action, civil or criminal, such as a lawsuit against the organization
In one way or another, any of these losses can devastate the organization in terms of cost, productivity, morale and stature. Following the identification of a particular risk and evaluating the probability and consequence of its occurrence, the use of technology, process and people as control measures helps risk managers identify strategies to reduce the likelihood of occurrence. These are also sometimes referred to as engineering, administrative and personnel controls. Let’s look at each and then apply them to a known risk such as vehicle accidents.
• Technology (engineering) controls – These refer to mechanisms that are used to control a hazard, often using technology as its base. For example, we use passive- and active-restraint technology as controls in reducing the risk of injury from vehicle accidents. The vehicle design incorporates the restraint design into the vehicle. Through testing and experience, we have determined this is an effective or correct control measure and that, if used, will reduce injury and death to occupants during vehicle crashes.
• Process (administrative) controls – These involve the management of risk through written and practiced guidelines. Frequent audits to ensure compliance and workability are important to address shortcomings in individual application of work rules. Personal protective equipment (PPE) is also considered a process control in that through work rules we require seatbelts to be worn in moving vehicles.
• People (personnel) controls – These are dependent on initial and on-going education and training of those performing a task. Practical experience tells us that of the three control areas (technology, process and people), modifying behaviors through education and training is often the most complex and challenging. Correctly choosing people for the assignment is vital since not all of us share or are proficient with the same skill sets. Increasing awareness through personnel meetings, stating expectations and offering education is a proven strategy for successful risk reduction. In our safe-driving example, assessing skills related to driving larger apparatus as well as having a defined, comprehensive and documented driver education and qualification program is a good first step in reducing future litigation and liability. These actions coupled with safe-driving guidelines, continuing driver education and annual driver re-qualification requirements enhance your risk-management program.
Two other risk-control areas include the elimination of the problematic area that may increase risk potential and by substitution. Substitution requires that we find a comparable replacement for the identified risk area. In our example, perhaps we prevent certain individuals from driving large apparatus due to poor eyesight or other validated medical conditions or eliminate certain driving practices. Substitution may involve finding an alternative to sending a large apparatus to certain types of incidents where a smaller utility type vehicle would suffice – and reduce risk.
National consensus standards-setting organizations such as the National Fire Protection Association (NFPA) offer guidelines on adopting a risk-management plan for fire departments. Standards such as NFPA 1250, Recommended Practice in Fire and Emergency Service Organization Risk Management, and NFPA 1500, Standard on Fire Department Occupational Safety and Health Program, offer insight into developing and managing an effective risk-management program.
Managing community risk is our mission. The mission of a fire department also includes managing internal or organizational risks associated with accomplishing its primary calling. When we efficiently manage our internal exposures, we become more effective to those we serve.