Risk-Based Auditing PDF
Document Details
Uploaded by StablePraseodymium
Jazan University
Tags
Summary
This document discusses risk-based auditing, risk management, underwriting policies, and related concepts in the insurance industry.
Full Transcript
Risk-Based Auditing Risk-based auditing prioritizes the use of an organization's limited internal audit resources in areas that pose the greatest risk to the organization. It emphasizes three principles: auditing to business objectives, focusing on materiality of risk, and i...
Risk-Based Auditing Risk-based auditing prioritizes the use of an organization's limited internal audit resources in areas that pose the greatest risk to the organization. It emphasizes three principles: auditing to business objectives, focusing on materiality of risk, and identifying threats to business goals and objectives. Risk Management and Organizational Alignment Risk management involves providing insurance and risk management solutions to control or contain losses and satisfy customers. Common objectives for risk management include balancing risk and reward, supporting decision making, and achieving goals such as tolerable uncertainty, legal and regulatory compliance, survival, business continuity, earnings stability, profitability, growth, and social responsibility. Underwriting Underwriting helps insurers develop and maintain a growing, profitable book of business by minimizing adverse selection, ensuring adequate policyholders' surplus, and enforcing underwriting guidelines. Underwriters select insureds, classify and price accounts, recommend or provide coverage, manage a book of business, support producers and insureds, and support the achievement of the insurer's marketing objectives. Staff Underwriters Staff underwriters research the market, formulate underwriting policy, revise underwriting guidelines, evaluate loss experience, develop coverage forms, review rates, arrange reinsurance, assist with complex accounts, and conduct underwriting audits. Underwriting Policy Underwriting policy is a guide to individual and aggregate policy selection that supports an insurer's mission statement. Essential Knowledge for Underwriters Successful underwriters possess knowledge about insurance principles and practices, loss exposures and pricing, insurance rates, loss analysis, and internal and external information sources. Rating Rating involves applying an applicable rate and rating plan to an exposure and performing necessary calculations to determine the policy premium. Moral Hazard Moral hazard is a condition that increases the likelihood of intentional loss or exaggeration. Property Application Underwriters examine crucial information in a property application, including loss history, COPE elements, and property values. Supplemental Information Supplemental information, such as risk management programs, financial statements, risk control reports, and property valuation guides, helps underwriters further assess the quality of a property account. COPE and Loss Run COPE elements include construction, occupancy, protection, and external exposures, which are analyzed by commercial property underwriters. A loss run is a report detailing an insured's history of claims that have occurred over a specific period. Morale Hazard Morale hazard is a condition of carelessness or indifference that increases the frequency or severity of loss. Fire Protection and Division Underwriters analyze loss exposures posed by immediate neighboring properties or the surrounding area. A fire division is a section of a structure that is well protected and cannot spread fire to another section or vice versa. Public and Private Fire Protection Public fire protection refers to equipment and services made available through governmental authority to all properties within a defined area. Private fire protection refers to measures taken by property owners to protect their assets from loss by fire. Residential and Occupational Loss Exposures Underwriters should evaluate residential loss exposures by considering hazards that can increase liability losses from invited guests. Personal insurance applications include questions about occupation or employment to determine potential loss frequency and severity. Rating Plan A set of directions specifying criteria for exposure base, exposure unit, and rate per exposure unit to determine premiums for a particular line of insurance. Combined Ratio A combined ratio of less than 100 means the insurer is making a profit from underwriting insurance. A combined ratio of more than 100 means the insurer is not making an underwriting profit. Nonfinancial Measures Used to monitor underwriting results, including: o Selection o Product or line of business mix o Pricing o Retention ratio o Hit ratio o Customer service o Premium volume Retention Ratio The percentage of expiring policies an insurer renews. Retaining policies is more profitable than acquiring new business because most of, if not all, the underwriting investigation work has been completed for existing policies. A low retention rate may indicate a problem with the insurer's service, such as customer dissatisfaction with claims service. Hit Ratio Determines how well underwriters are meeting sales goals by comparing the number of policies written with applications that have been quoted. Physical Controls Used to limit an individual's physical access to protected information or facilities, e.g., locks, doors, fences. Technical Controls Also called logical controls, implemented in the computing environment, e.g., operating systems, application programs, database frameworks, firewalls. Directive Control Specifies expected employee behavior, often in the form of policies and guidelines, e.g., acceptable use policy. Deterrent Control Discourages individuals from violating security policies because of the effort to circumvent it or the negative consequences of doing so, e.g., CCTV monitoring. Preventative Control Stops a security incident, e.g., background screenings. Compensating Control Implemented when the system cannot provide protection required by policy, to mitigate the risk down to an acceptable level, e.g., an acceptable agreed exceptional process. Detective Control Alerts the security professional to the attempted security violation. Corrective Control Responds to the security violation to reduce or eliminate the impact, e.g., escorting unauthorized persons offsite. Hazard A condition or activity that has the potential for harm. Risk The chance or probability of occurrence of an injury, loss, or hazard. Incident An event in which a work-related injury, illness, or fatality occurred or could have occurred. Risk Response Strategies Four strategies: o Avoidance o Transfer o Retention o Reduction Risk Assessment The overall process of risk identification, risk analysis, and risk evaluation. ALARA and ALARP ALARA: As Low As Reasonably Achievable. ALARP: As Low As Reasonably Practical. Loss Control Measures Examples include: o Hazcom training o Machine guards o Confined space programs Domino Theory All accidents are caused by a chain of events, and the removal of any chain of events can prevent the accident. Petersen's Accident/Incident Theory Causes of accidents/incidents are human error and/or system failure. Risk Analysis vs. Risk Management Risk Analysis: a scientific activity that estimates risk. Risk Management: determines whether the risk is acceptable and what methods will be used to reduce the risk to an acceptable level. Hazard Analysis Categories Three categories: o Environmental issues that create stress o Inherent properties that create hazards o Failures of people and materials Primary Methods for Reducing Accidents Two methods: o Prevention (loss control) o Financial (cost reduction) Objectives of Risk Management For a business, objectives include: o Reducing anxiety prior to a loss o Meeting responsibilities as a good corporate citizen o Continued growth after suffering a loss Poka-Yoke A lean manufacturing technique that focuses on prevention or detection of errors, mistake-proofing methods aimed at designing fail-safe systems that minimize human error. Kaizen A Japanese term for continuous improvement. 5-S An effective housekeeping technique that includes: o Sort o Straighten o Scrub o Systematize o Standardize Risk Management Techniques Risk control: measures to prevent or reduce losses Risk financing: purchasing insurance to help pay for losses that do occur Risk Management Examining the feasibility of risk management techniques involves financial and non- financial considerations Financial considerations include forecasted losses, insurance types, and deductibles Non-financial considerations include business operations, customer and employee safety, and reputation Implementing Risk Management Techniques Risk financing techniques are implemented by risk management professionals Risk control techniques are implemented by operations managers, involving communication and training Insurance Rating plan: a set of directions specifying criteria for exposure base, exposure unit, and rate per exposure unit to determine premiums Combined ratio: a ratio of less than 100 indicates an underwriting profit, while a ratio of more than 100 indicates no underwriting profit Non-financial measures used to monitor underwriting results include selection, product or line of business mix, pricing, retention ratio, hit ratio, and customer service Underwriting Retention ratio: the percentage of expiring policies an insurer renews Hit ratio: determines how well underwriters are meeting sales goals by comparing policies written with applications quoted Underwriting elements include limits of liability, deductibles, and underlying insurer Loss severity, rather than frequency, is the primary underwriting concern Reinsurance Reinsurance: transferring some of the risk to another insurer through a contractual agreement Facultative reinsurance: reinsurance of individual loss exposures, where the primary insurer chooses which loss exposures to submit Underwriting Guidelines Underwriting guidelines: a written manual communicating an insurer's underwriting policy and specifying the attributes of an account that an insurer is willing to insure Qualitative and Quantitative Risk Assessment Qualitative assessment: uses categorical or non-numeric values to estimate risk Quantitative assessment: uses numerical estimates based on historical occurrences of incidents and likelihood of risk re-occurrence Methods include Delphi Method, Facilitated Risk Analysis Process (FRAP), and Operationally Critical Threat, Asset and Vulnerability Evaluation (OCTAVE) Risk Assessment Formulas ARO (Annual Rate of Occurrence): estimates the number of times an identified event or threat will occur within a year EF (Exposure Factor): the potential percentage of loss to an asset if a threat is realized SLE (Single Loss Expectancy): the impact of the event, calculated by multiplying the Exposure Factor by the Asset Value EPA Human Health Risk Assessment Four steps: hazard identification, dose-response assessment, exposure assessment, and risk characterization Underwriting Elements Underwriters can require higher limits of liability and deductibles for certain loss exposures. The underlying insurer is an important underwriting element to consider, with some insurers only providing umbrella or excess coverage over their own primary policies. Loss Analysis Underwriters need a thorough understanding of the insured's operations to identify loss exposures and determine whether the existing loss experience is appropriate for the insured's operations. Loss severity, rather than frequency, is the primary underwriting concern in umbrella and excess liability underwriting. Underwriters also analyze catastrophe loss exposures. Reinsurance Reinsurance is a process where an insurer transfers some of its risk to another insurer through a contractual agreement. Facultative reinsurance involves the primary insurer choosing which loss exposures to submit to the reinsurer, who can accept or reject any submitted losses. Underwriting Guidelines Underwriting guidelines are written manuals that communicate an insurer's underwriting policy and specify the attributes of an account that an insurer is willing to insure. Hazard and Risk Management A hazard is a condition that increases the frequency or severity of a loss. Premium audits are methodical examinations of a policyholder's operations, records, and books of account to determine the actual exposure units and premium for insurance coverages already provided. Telematics involves the use of technological devices to transmit data via wireless communication and GPS tracking. Predictive Modeling Predictive modeling is a process that blends historical data based on behaviors and events with multiple variables to construct models of anticipated future outcomes. Catastrophe models are computer programs that estimate losses from future potential catastrophic events. Insurance Types Catastrophe insurance is for low-probability, high-cost events. Reinsurance is between a primary insurer and secondary insurer, where the secondary agrees to cover all or part of the losses of the primary insurer. Retrocession is the portion of risk or amount of insurance the company chooses not to retain. Human Factors Theory The Human Factors Theory by David Yates categorizes accident causes into three broad categories: overload, inappropriate worker response, and inappropriate activities. Vicarious Liability and Incident Investigation Vicarious liability assigns liability for an injury to a person who did not cause the injury but has a particular legal relationship to the person who did act negligently. The front-line supervisor is responsible for conducting an incident investigation. The Hierarchy of Controls includes elimination, substitution, engineering controls, warnings, administrative controls, and personal protective equipment. Underwriting Elements Underwriters can require higher limits of liability and deductibles for certain loss exposures. The underlying insurer is an important underwriting element to consider, with some insurers only providing umbrella or excess coverage over their own primary policies. Loss Analysis Underwriters need a thorough understanding of the insured's operations to identify loss exposures and determine whether the existing loss experience is appropriate for the insured's operations. Loss severity, rather than frequency, is the primary underwriting concern in umbrella and excess liability underwriting. Underwriters also analyze catastrophe loss exposures. Reinsurance Reinsurance is a process where an insurer transfers some of its risk to another insurer through a contractual agreement. Facultative reinsurance involves the primary insurer choosing which loss exposures to submit to the reinsurer, who can accept or reject any submitted losses. Underwriting Guidelines Underwriting guidelines are written manuals that communicate an insurer's underwriting policy and specify the attributes of an account that an insurer is willing to insure. Hazard and Risk Management A hazard is a condition that increases the frequency or severity of a loss. Premium audits are methodical examinations of a policyholder's operations, records, and books of account to determine the actual exposure units and premium for insurance coverages already provided. Telematics involves the use of technological devices to transmit data via wireless communication and GPS tracking. Predictive Modeling Predictive modeling is a process that blends historical data based on behaviors and events with multiple variables to construct models of anticipated future outcomes. Catastrophe models are computer programs that estimate losses from future potential catastrophic events. Insurance Types Catastrophe insurance is for low-probability, high-cost events. Reinsurance is between a primary insurer and secondary insurer, where the secondary agrees to cover all or part of the losses of the primary insurer. Retrocession is the portion of risk or amount of insurance the company chooses not to retain. Human Factors Theory The Human Factors Theory by David Yates categorizes accident causes into three broad categories: overload, inappropriate worker response, and inappropriate activities. Vicarious Liability and Incident Investigation Vicarious liability assigns liability for an injury to a person who did not cause the injury but has a particular legal relationship to the person who did act negligently. The front-line supervisor is responsible for conducting an incident investigation. The Hierarchy of Controls includes elimination, substitution, engineering controls, warnings, administrative controls, and personal protective equipment. Hazard Analysis Hazard Analysis is a process to identify hazards and recommend risk reduction alternatives in procedurally controlled activities during all phases of intended use. Preliminary Hazard Analysis (PHA) is the most commonly used systems safety analysis technique. Inductive and Deductive Reasoning Inductive reasoning is specific to general, e.g., FMEA, FHA, or ETA. Deductive reasoning is general to specific, e.g., FTA. Fault Tree Analysis (FTA) FTA is a deductive analysis/technique that selects an undesired outcome (top-level event) and all possible modes of happenings. In a FTA, an undesired event is selected, and all possible happenings that can contribute to the event are diagrammed in the form of a tree. The branches are continued until independent events are reached. Probabilities are determined for the independent events, and after simplifying the tree, both the probability of the undesired event and the most likely chain of events leading up to it can be computed. Hazard and Risk A condition or activity that has the potential for harm is a hazard. Risk is the chance or probability of occurrence of an injury, loss, or a hazard or potential hazard. Incident and Risk Response Strategies An incident is an event in which a work-related injury, illness, or fatality occurred or could have occurred. The four risk response strategies are Avoidance, Transfer, Retention, and Reduction. Risk Assessment and Evaluation Risk Assessment is the overall process of risk identification, risk analysis, and risk evaluation. ALARA means As Low As Reasonably Achievable. ALARP means As low as reasonably practical. Loss Control Measures and Domino Theory Examples of loss control measures include Hazcom training, machine guards, and confined space programs. The Domino Theory states that all accidents are caused by a chain of events. Other Risk Management Concepts SWOT (Strengths, Weaknesses, Opportunities, and Threats) analysis is a way to evaluate risks, geared more toward business strategy in general. Job Safety Analysis (JSA) measures the inherent risk of each step in a work process and assigns risk levels to each step and ways to minimize the risk. Safety benchmarking is a technique for measuring a company's safety program to identify best practices. Risk Management Program Circumstances may require revision to a risk management program, such as new loss exposures or new developments in existing loss exposures. Risk Identification and Analysis Various tools and methods can be used to identify and analyze an organization's risks, including: o Loss histories o Checklists o Audits o Computer software o Team approaches o Flowcharts and organizational charts o Personal inspections o Company documents or records o Risk registers o Risk maps o Root cause analysis Risk Treatment Techniques The primary techniques for treating loss exposures are: o Avoid the risk o Modify the risk o Transfer the risk o Retain the risk Risk Control Techniques Risk control techniques aim to reduce the frequency or severity of a loss, including: o Avoiding a risk o Modifying a risk o Loss prevention techniques Risk Financing Techniques Risk financing techniques involve planning to pay for losses, including: o Retention (planning to generate funds to pay for losses) o Transfer (shifting financial responsibility for losses to another party through a contract) Selecting Risk Management Techniques The most appropriate risk management techniques are those that support and reinforce, rather than prevent or undermine, achievement of a personal objective. How Organizations Select Risk Management Treatments Organizations analyze their losses by frequency and severity. Severity is the amount of a loss, typically measured in dollars. Frequency is the number of losses that occur within a specified period. Personal and Advertising Injury Liability Loss Exposures Personal and advertising injuries can result from various offenses, including false arrest, wrongful eviction, slander, libel, invasion of privacy, and copyright infringement. Liability for personal and advertising injury is a commonly covered commercial loss exposure. Medical Payments Loss Exposures Medical payments coverage pays necessary medical expenses for anyone injured while on the insured's property or because of the insured's activities. Real Property (Realty) Real property includes land, structures permanently attached to the land, and whatever is growing on the land. Ethical Principles Ethical principles for risk management include: o Fair presentation o Confidentiality o Due professional care o Independence o Evidence-based approach o Risk-based approach Pure Risk Pure risk is a risk that presents the chance of loss but no opportunity for gain. Other Concepts Whole person theory is a method of evaluating a person's ability after an injury. Indemnity is the benefit associated with wage replacement. Wage loss theory is a method of evaluating a person's lost wages after an injury. A life care plan is a comprehensive report that identifies a person's medical condition and ongoing care requirements. Residual risk is the risk remaining after risk treatment. Retained risk is the risk that an organization chooses to retain. A Pareto analysis chart is used to rank items in order of severity or frequency. ISO 19011 outlines seven principles for auditing, including integrity, fair presentation, and confidentiality. Risk Management Risk: Uncertainty about whether a loss will occur, consisting of two key elements: uncertainty and loss. Risk Management: Process to best handle uncertainty about whether losses will occur, trying to decrease the frequency or severity of losses, and/or paying for those losses that occur despite an individual's or business' best efforts. Types of Risk Pure Risk: Can result only in a loss or no loss, presents no opportunity for gain. Example: owner of an apartment building faces the risk of a fire loss. Speculative Risk: Can result in loss, no loss, or gain. Must be managed differently than pure risk. Risk Management Frameworks Enterprise Risk Management (ERM): Emphasizes the interrelationship of risks from many different sources and a coordinated strategy to manage risks, and it assesses and treats risks to maximize value to the organization's stakeholders. Common Risk Frameworks: Risk IT Framework - ISACA, ISO31000, Enterprise Risk Management - Integrated Framework (COSO), Risk Management Framework (NIST) Risk Assessment Methods Qualitative Assessment: An asset valuation approach that uses categorical or non- numeric values rather than absolute numerical measures. Quantitative Method: Numerical based estimate on the historical occurrences of incidents and the likelihood of risk re-occurrence. Delphi Method: Qualitative assessment of risk involving questioning a panel of independent experts to obtain asset value forecasts. FMEA (Failure Modes and Effect Analysis): A method for identifying various possible outcomes. Risk Assessment Steps Identify the hazard or risk Decide or determine who could be affected Assess or evaluate how they might be affected Record the results or findings Review the results on a recurring basis Risk Management Guidelines Construct your risk management program around a process of analysis, prioritization, response, and monitoring and measuring. Integrate Risk Management into larger framework of governance, risk management, and compliance (GRC) to simplify and improve all three processes. Follow the phases of the Risk Analysis Process to identify the impact of risk to your organization. Comprehensively identify all your assets that are susceptible to risk. Place value on your assets using one or more valuation methods. Identify how each asset is vulnerable. Identify the threats to each vulnerable asset. Assess risk using Qualitative or Quantitative language, depending on the context of the risk and the business needs of your organization. Prioritize risks so larger risks are addressed more quickly and thoroughly than smaller ones. Respond to risk in different ways depending on context: avoid, mitigate, transfer, or accept risks. Risk Management Techniques Risk financing is handled by insurance, with insurance professionals suggesting appropriate limits, coverages, endorsements, and other options. Organizations analyze their losses by frequency and severity, where frequency is the number of losses that occur within a specified period, and severity is the amount of a loss, typically measured in dollars. Transfer of Risk A risk financing transfer shifts financial responsibility for losses from one party to another through a contract. Personal Umbrella Policy An umbrella policy provides an additional level of protection for large liability losses by adding to the liability limits above existing policies. It might also cover claims that underlying policies do not cover at all. Underwriting A personal umbrella policy requires a certain amount of underlying coverage, so one of the first things an underwriter does after receiving an application is to check whether the underlying requirements are met. Physical and Technical Controls Physical controls limit an individual's physical access to protected information or facilities, e.g., locks, doors, fences. Technical controls, also called logical controls, are implemented in the computing environment, e.g., in Operating Systems, application programs, database frameworks, firewalls. Types of Controls Directive Control specifies expected employee behavior and often takes the form of policies and guidelines. Deterrent Control discourages individuals from violating security policies because of the effort to circumvent it or the negative consequences of doing so. Preventative Control stops a security incident. Compensating Control is implemented when the system cannot provide protection required by policy in order to mitigate the risk down to an acceptable level. Detective Control alerts the security professional to the attempted security violation. Corrective Control responds to the security violation to reduce or completely eliminate the impact. Recovery Control is used to return the system to an operational state after a failure to protect the CIA triad. Consequences in Modern Management Theory Consequences must be positive or negative. Consequences must be immediate or future. Consequences must be certain or uncertain. Consequences must be a very powerful motivator. Risk Definition and Analysis Risk is defined as a combination of severity and probability. Risk remaining after risk treatment is termed Residual Risk. Residual risk can contain unidentified risk and can also be termed Retained Risk. Analysis Techniques Pareto analysis chart is used for ranking in the order of severity or frequency. Failure Modes and Effects Analysis (FMEA) or Failure Modes, Effects, and Criticality Analysis (FMECA) is a bottom-up system safety technique. Fault Tree Analysis (FTA) is used to evaluate a product's safety and can be used in conjunction with FMEA. Fault Hazard Analysis (FHA) follows an inductive reasoning approach to problem- solving. Common Cause Failure Analysis is used to evaluate multiple failures that may be caused by a single event or causal factor common to or shared by multiple components. Dynamic Risk Assessments Workers who commonly use dynamic risk assessments include emergency service workers, tradespeople, care workers, retail staff, and security operatives. Formal Hazard Analysis There are two types of formal hazard analysis: inductive and deductive. Inductive analysis: bottom-up, future, hypothetical based on experience and conclusions; examples include FEMA, FEMCA, and FHA. Deductive analysis: top-down, future behavior concluded from a number of premises; examples include FTA, Fishbone, and General to Specific. Cost Types Tangible costs: costs that are seen instantly, such as purchasing products, paying employees, equipment maintenance, and employee salaries. Intangible costs: indirect costs that are not seen but have effects perceived later in the future, such as risk. Risk Management Definition: the eradication or minimization of the adverse effects of risks to which an organisation is exposed. Risk homeostasis: theory that people compare their perceived risk level with their target level and adjust their behavior to eliminate any discrepancies. System availability: a measure of the degree to which an item is in an operable and committable state. Analysis Techniques Fault tree analysis: an example of deductive analysis that starts with a top-level event and logically determines its specific causes. No single method can be used to completely evaluate a product. Control Measures Examples of control measures include: o Avoidance of identified hazards o Engineering or design to eliminate or control hazards o Limiting the number of personnel and the amount of time they are exposed to hazards o Providing protective clothing, equipment, and safety devices o Providing warning signs and signals Risk Management Process Key steps: hazard identification, hazard assessment, development of controls and decision-making, implementation, and supervision and evaluation. Types of controls: educational, physical, and avoidance. Insurance Reinsurance: insurance between a primary insurer and secondary insurer where the secondary agrees to cover all or part of the losses of the primary insurer. Retrocession: the portion of risk or amount of insurance the company chooses not to retain. Human Factors Theory David Yates' theory: when quantifying accident causes, there are three broad categories: overload, inappropriate worker response, and inappropriate activities. Incident Investigation The front-line supervisor is responsible for conducting an incident investigation. Accident/Incident Theory Petersen's theory: causes of accidents/incidents are human error and/or system failure. Vicarious Liability Assigns liability for an injury to a person who did not cause the injury but who has a particular legal relationship to the person who did act negligently. Risk Communication Seven Cardinal Rules of Risk Communication (Covello and Allen 1988): o Accept and involve the public as a partner. o Plan carefully and evaluate your efforts. o Listen to the public's specific concerns. o Be honest, frank, and open. o Work with other credible sources. o Meet the needs of the media. o Speak clearly and with compassion. Principles and Concepts Peter Principle: people are promoted to their level of incompetence Parkinson's Principle: work expands to fill allotted time Pareto Principle of Mal-distribution: "80/20" Rule, where 20% of employees are responsible for 80% of work/accidents System Safety Fail Safe Passive: equipment stops operating when it fails, e.g. circuit breakers and fuses Fail Safe Active: emergency systems that continue to function during a failure, e.g. emergency lights Fail Safe Operational: design that prioritizes safety, e.g. feed water valve, co-pilot, and autopilot Statistical Concepts Z score (Z): determines the location of a single score in a normal distribution, and the percentage of area under the curve T-test (t): compares the population mean to a sample mean, typically used for data sets with less than 30 samples Chi Square (X2): measures the "goodness of fit" between observed and expected frequencies, often used with frequency tables Standard Deviation 1 SD: +/- 68% 2 SD: +/- 95% 3 SD: +/- 99.7% Poka Yoke A Japanese term that means "mistake-proofing" or "inadvertent error prevention" A mechanism that helps prevent or detect errors in a process Process Safety Management ANSI/AIHA Z10: a standard that helps establish OSH management systems to improve employee safety, reduce workplace risks, and create a better working environment Similar to OHSAS 18001, except for policy Criteria for Controls Support: availability of adequate personnel, equipment, supplies, and facilities Standards: clear, practical, and specific guidance and procedures Training: adequate knowledge and skills to implement controls Leadership: competent supervisors and managers to implement controls Individual: safety and health programs that help businesses prevent workplace injuries and illnesses, improve compliance, reduce costs, engage workers, and enhance social responsibility Risk Assessment and Management All risk assessments follow a general process: identify hazards, determine who could be affected, assess how they might be affected, record the results, and review the results regularly NIOSH's three-step process for conducting occupational risk assessments: identify hazards, assess exposure-response relationships, and characterize workplace risks EPA's Human Health Risk Assessment: hazard identification, dose-response assessment, exposure assessment, and risk characterization Types of risk assessment: generic, specific, and dynamic Dynamic risk assessment: an ongoing process that identifies hazards, assesses risk, takes action, monitors, and reviews in rapidly changing circumstances Risk Analysis Techniques Event tree analysis (ETA): an inductive technique that explores different responses to "challenges" Naked man: a technique that envisions a "primitive" or unprotected system and evaluates the effect of adding controls Six-step process to analyze and control human errors: select an event, identify tasks, separate behaviors, assign basic error rates, and more Change analysis: a technique that provides formal documentation and feedback of safety analyses performed on changes throughout the life cycle FMEA: a technique used to analyze a single failure or a single unit failure, often used with fault tree analysis Failure: when a system, subsystem, component, or part departs from its intended design parameters Insurance and Liability Reinsurance: the insurance between a primary insurer and secondary insurer, where the secondary insurer covers all or part of the losses of the primary insurer Retrocession: the portion of risk or amount of insurance that a company chooses not to retain Catastrophe insurance: a type of insurance that covers losses due to catastrophic events Vicarious liability: assigns liability for an injury to a person who did not cause the injury, but who has a particular legal relationship to the person who did act negligently Human Factors and Incident Investigation David Yates' Human Factors Theory: three broad categories of accident causes - overload, inappropriate worker response, and inappropriate activities Petersen's Accident/Incident Theory: causes of accidents/incidents are human error and/or system failure Front-line supervisors are responsible for conducting incident investigations Seven Cardinal Rules of Risk Communication: accept and involve the public, plan carefully, listen to concerns, be honest, work with credible sources, meet the needs of the media, and speak clearly and with compassion Safety Through Design Defined as the integration of hazard analysis and risk assessment methods early in the design and engineering stages As Low As Reasonably Practicable (ALARP) and As Low As Reasonably Achievable (ALARA) promote a management review to achieve acceptable risk levels Best Available Control Technology (BACT) requires the use of the most effective controls for new sources in attainment areas Maximum Achievable Control Technology (MACT) is used to reduce emissions from major hazardous air pollutants (HAP) sources Risk Management and Safety The goal of risk management is to help managers decide where to apply funds to achieve the greatest risk reduction, and departments should be ranked from highest composite score to lowest. The ABCs of Behavior: Antecedent, Behavior, Consequence Types of Controls Controls can be categorized into three main categories: educational, physical, and avoidance. Educational controls: based on knowledge and skills of employees, implemented through individual and collective training to ensure performance to a standard. Physical controls: include barriers, guards, signs, special controllers, and supervisory personnel to warn employees and prevent hazards. Avoidance controls: involve taking positive action to prevent contact or exposure with identified hazards. System Safety Fail Safe Passive: equipment stops operating, e.g. circuit breakers and fuses Fail Safe Active: emergency lights Fail Safe Operational: safest for people, e.g. feed water valve, co-pilot, autopilot Statistics Z-score (Z): determines the location of a single score in a normal distribution, percentage area under the curve T-test (t): compares population mean to sample mean, used for data sets < 30 Chi Square (X2): measures "goodness of fit" between observed and expected frequencies Standard Deviation (SD): o 1 SD: +/-68% o 2 SD: +/-95% o 3 SD: +/-99.7% Poka Yoke and Process Safety Management Poka Yoke: Japanese term meaning "mistake-proofing" or "inadvertent error prevention", used to prevent or detect errors in manufacturing processes Process Safety Management: used in materials, construction, piping, and electrical industries to improve employee safety and reduce workplace risks Criteria for Controls Support: availability of personnel, equipment, supplies, and facilities Standards: clear, practical, and specific guidance and procedures Training: adequate knowledge and skills to implement controls Leadership: competent supervisors and managers Individual: self-disciplined employees Control Measures Avoidance of identified hazards Engineering or design to eliminate or control hazards Limiting exposure to hazards Providing protective clothing, equipment, and safety devices Providing warning signs and signals Risk Management Risk: chance or probability of occurrence of an injury, loss, or hazard Risk assessment: process of assessing risks associated with identified hazards to make decisions and implement controls Hazard: condition with potential to cause injury, illness, or death, damage to equipment or property, or mission degradation Hazard identification: process of examining work areas to identify hazards associated with each job or task Probability: likelihood of an event occurring Severity: degree of undesired consequences Risk Management Process Five basic steps: 1. Hazard identification 2. Hazard assessment 3. Development of controls and decision-making 4. Implementation 5. Supervision and evaluation Residual Risk Preventive controls: reduce probability of risk Detective controls: reduce likelihood of risk occurrence or consequences Remedial controls: reduce consequences of risk that has occurred Pure and Speculative Risk Pure risk: risks beyond human control, resulting in a loss or no loss, e.g. natural disasters Speculative risk: risks taken on voluntarily, resulting in profit or loss, e.g. gambling Safety and Health Programs Main goal: prevent workplace injuries, illnesses, and deaths Recommended practices: proactive approach to managing workplace safety and health, starting with basic programs and simple goals Benefits of implementing safety and health programs: o Prevent workplace injuries and illnesses o Improve compliance with laws and regulations o Reduce costs, including workers' compensation premiums o Engage workers o Enhance social responsibility goals o Increase productivity and enhance overall business operations Catastrophe Insurance Reinsurance is an insurance between a primary insurer and secondary insurer where the secondary agrees to cover all or part of the losses of the primary insurer. Retrocession is the portion of risk or amount of insurance that the company chooses not to retain. Human Factors Theory The Human Factors Theory by David Yates categorizes accident causes into three broad categories: Overload, Inappropriate Worker Response, and Inappropriate Activities. Incident Investigation The front-line supervisor is responsible for conducting an Incident Investigation. Accident/Incident Theory Petersen's Accident/Incident theory states that causes of accidents/incidents are human error and/or system failure. Vicarious Liability Vicarious Liability assigns liability for an injury to a person who did not cause the injury but who has a particular legal relationship to the person who did act negligently. Risk Communication The Seven Cardinal Rules of Risk Communication are: o Accept and involve the public as a partner. o Plan carefully and evaluate your efforts. o Listen to the public's specific concerns. o Be honest, frank, and open. o Work with other credible sources. o Meet the needs of the media. o Speak clearly and with compassion. Risk Calculation Compensation cost is calculated as gross / Profit margin %. Loss ratio is calculated as losses / (E modifier X Manual premium). CBA Ratio is calculated as Benefits / Cost. Experience Modification Rate An experience modification rate less than 1 is considered very good. Behavior-Based Safety Process Steps involved in the Behavior-Based Safety process: o Form assessment team(s) o Extract behaviors that were involved in past accidents/incidents o Develop definitions that describe the safe behavior o Compile datasheet using identified behaviors o Determine observation boundaries o Train observers o Gather data o Determine barrier removal process o Form barrier removal teams Conditions for Success Five conditions that dramatically increase the likelihood of success: o Safety Leadership o Established Integrated Safety Management System o Employee Empowerment and Participation in Safety o Organization's Safety Culture o Measurement and Accountability Resources for Extraction of Critical Behaviors Resources used for extraction of critical behaviors include: o Accident / Incident Reports o Job Safety Analysis, Job Hazard Analysis, and PPE Assessments o Task Observations o Employee Interviews o Brainstorming Consequences Consequences have the greatest impact on employee behavior when they are: o Soon o Certain o Positive Modern Management Theory Modern management theory recognizes that consequences must be: o Positive or negative o Immediate or future o Certain or uncertain ISO 19011 The seven principles for auditing according to ISO 19011 are: o Integrity o Fair presentation o Confidentiality o Due professional care o Independence o Evidence-based approach o Risk-based approach Insurance Occurrence insurance covers incidents that occur during the policy period. Claims-made insurance covers incidents based on the date that the insured becomes aware of the claim and notifies the insurance carrier. Miscellaneous ASTM International stands for American Standards for Testing and Materials. ANSI stands for American National Standards Institute. NFPA stands for National Fire Protection Association. IARC stands for International Agency for Research on Cancer. Dry ice has a vapor pressure of 844 PSIA. An indemnification agreement is a contract that protects one party of a transaction from the risks or liabilities created by the other party of the transaction. Risk Management and Controls The goal of ranking departments by composite score is to help managers decide where to apply funds to achieve the greatest risk reduction. The ABCs of Behavior: Antecedent, Behavior, Consequence. Types of Controls Educational controls: based on knowledge and skills of employees, implemented through individual and collective training. Physical controls: include barriers, guards, signs, and special controllers or supervisory personnel. Avoidance controls: involve supervisors and managers taking positive action to prevent contact or exposure with identified hazards. Management Principles Peter Principle: people are promoted to their level of incompetence. Parkinson’s Principle: work expands to fill allotted time. Pareto Principle of Mal-distribution (80/20 Rule): 20% of employees are responsible for 80% of work and accidents. System Safety Fail Safe Passive: equipment stops operating, e.g., circuit breakers and fuses. Fail Safe Active: emergency lights. Fail Safe Operational: safest for people, e.g., feed water valve, co-pilot, autopilot. Statistics Z-score (Z): determines the location of a single score in a normal distribution, and provides the % area under the curve. T-test (t): compares population mean to sample mean (used for data sets < 30), e.g., compares two groups. Chi Square (X2): measures "goodness of fit" between observed and expected values, usually in a frequency table. Poka Yoke Poka yoke is a Japanese term meaning "mistake-proofing" or "inadvertent error prevention". It involves mechanisms in a process that help operators avoid mistakes and defects. Process Safety Management ANSI/AIHA Z10: a standard that helps establish OSH management systems to improve employee safety, reduce workplace risks, and create a better working environment. Criteria for Controls Support: availability of adequate personnel, equipment, supplies, and facilities. Standards: clear, practical, and specific guidance and procedures. Training: adequate knowledge and skills to implement a control. Leadership: competent supervisors and managers to implement control. Individual: health and safety benefits, and non-health and safety benefits (savings) that should be included in the CBA as an offset to the duty-holders' costs. Risk Categories Pure risk: risks beyond human control that result in a loss or no loss with no possibility of financial gain, e.g., fires, floods, natural disasters. Speculative risk: risks taken on voluntarily that can result in a profit or loss, e.g., gambling. Safety and Health Programs The main goal is to prevent workplace injuries, illnesses, and deaths, and the suffering and financial hardship that can result. Recommended practices use a proactive approach to managing workplace safety and health. Dynamic Risk Assessments Used by emergency service workers, tradespeople, care workers, retail staff, and security operatives. Formal Hazard Analysis Inductive analysis: bottom-up, future, and hypothetical, based on experience and observations, e.g., FEMA, FEMCA, FHA. Deductive analysis: top-down, future behavior concluded from premises, e.g., FTA, Fishbone. Berlo's Model Source --- Message --- Channel --- Receiver. Cost Classification Tangible cost: seen instantly, e.g., purchasing products, paying employees. Intangible cost: not seen but its effects are perceived later, e.g., risk, which can be subjective or numerical. Risk Management Eradication or minimization of the adverse effects of risks to which an organization is exposed. Risk homeostasis: theory that people adjust their behavior to eliminate discrepancies between perceived and target levels of risk. System Availability A measure of the degree to which an item is in an operable and committable state. Independent and Mutually Exclusive Events Independent events do not affect the probability of other events. Mutually exclusive events cannot happen together. Analysis Techniques Fault tree analysis: a deductive analysis that determines specific causes of a top-level event. System hazard analysis: a formal analysis to identify hazards within a system and suggest ways to reduce and control them. Common cause failure analysis: identifies a single event or causal factor common to multiple components. Sneak circuit analysis: determines unintended energy routes that can allow undesired functions to occur. FMEA (inductive analysis) and FTA (deductive analysis) are used to identify possible effects and causes, respectively. Preliminary Hazard Analysis A technique used to conduct an initial hazard evaluation to make informed decisions about a product's design and manufacture. Success and Failure Rates Success Rate = successes / attempts Failure Rate = 1 failure / attempts Critical Incident Technique Identifies errors and unsafe conditions that contribute to potential and actual injurious accidents within a population. Control Measures Employees are expected to implement control measures to reduce risks, including avoidance of hazards, engineering or design to eliminate hazards, limiting personnel exposure, providing protective equipment, and warning signs. Risk Management Risk is defined as the probability of an injury, loss, or hazard occurring. Risk assessment is the process of evaluating risks associated with identified hazards to implement appropriate control measures. Hazard is a condition that can cause injury, illness, or death, or damage to equipment or property. Hazard identification involves examining each work area to identify hazards associated with each job or task. Probability is the likelihood of an event occurring, while severity is the degree of undesired consequences. The five basic steps in the risk management process are hazard identification, hazard assessment, development of controls and decision-making, implementation, and supervision and evaluation. Types of Controls There are three main categories of controls: educational, physical, and avoidance. Key Elements of Risk Management A key element of developing control measures is to specify who, what, when, where, and how each control is to be used. A key element of risk decision is determining if the risk is justified. Critical check for control implementation is to ensure that controls are converted into clear, simple instructions. Risk Exposure Total risk exposure is the total number of dollars estimated to be at risk as a result of a particular hazard being evaluated. Societal risk is the estimation of the chances of people being harmed by an industrial incident. Individual risk is the probability of a single consequence occurring to an individual in a given year. Risk Analysis Management Oversight and Risk Tree (MORT) is an analytical procedure for determining causes and contributing factors. Fault Tree Analysis (FTA) is a method used to identify possible causes of a failure. CBA (Cost-Benefit Analysis) helps duty holders make judgments on whether further risk reduction measures are reasonably practicable. Types of Risk Pure risk refers to risks that are beyond human control and result in a loss or no loss with no possibility of financial gain. Speculative risk is a category of risk that can be taken on voluntarily and will either result in a profit or loss. Safety and Health Programs The main goal of safety and health programs is to prevent workplace injuries, illnesses, and deaths, as well as the suffering and financial hardship these events can cause. Recommended practices use a proactive approach to managing workplace safety and health. System Hazard Analysis System hazard analysis is a formal analysis of a system and its interrelationships to determine the real and potential hazards within the system. Failure Analysis Common cause failure analysis is an analysis technique used to identify a single event or causal factor common to multiple components. Sneak circuit analysis is a technique used to determine an unintended energy route that can allow an undesired function to occur. Inductive and Deductive Analysis Inductive analysis methods start from known causes and identify possible effects. Deductive analysis methods start from known effects and seek possible causes. Preliminary Hazard Analysis Preliminary hazard analysis is a technique used to conduct an initial hazard evaluation that can then be used to make informed decisions about the product's design and manufacture. Failure Rate and Success Rate Failure rate is the ratio of the number of failures to the total number of attempts. Success rate is the ratio of the number of successes to the total number of attempts. Critical Incident Technique Critical incident technique is a method of identifying errors and unsafe conditions that contribute to both potential and actual injurious accidents. Insurance Reinsurance is the insurance between a primary insurer and secondary insurer where the secondary agrees to cover all or part of the losses of the primary insurer. Retrocession is the portion of risk or amount of insurance that the company chooses not to retain. Human Factors Theory David Yates' Human Factors Theory categorizes accident causes into three broad categories: overload, inappropriate worker response, and inappropriate activities. Incident Investigation The front-line supervisor is responsible for conducting an Incident Investigation. Petersen's Accident/Incident Theory Causes of accidents/incidents are human error and/or system failure. Vicarious Liability Assigns liability for an injury to a person who did not cause the injury but who has a particular legal relationship to the person who did act negligently. Risk Communication The Seven Cardinal Rules of Risk Communication by Covello and Allen (1988) emphasize the importance of involving the public, planning carefully, listening to concerns, and being honest and compassionate. Risk Management and Controls Departments should be ranked from highest composite score to lowest to determine where to apply funds to achieve the greatest risk reduction. The ABCs of Behavior: Antecedent, Behavior, Consequence. Types of Controls Educational controls: based on knowledge and skills of employees, implemented through individual and collective training to ensure performance to a standard. Physical controls: barriers, guards, signs, special controllers, or supervisory personnel to prevent hazards. Avoidance controls: supervisors and managers take positive action to prevent contact or exposure with identified hazards. Principles and Concepts Peter Principle: people promoted to their level of incompetence. Parkinson's Principle: work expands to fill allotted time. Pareto Principle of Mal-distribution: 20% of employees responsible for 80% of work/accidents (80/20 rule). System Safety Fail Safe Passive: equipment stops operating in a 0 energy state (e.g., circuit breakers, fuses). Fail Safe Active: emergency systems (e.g., emergency lights). Fail Safe Operational: safest for people (e.g., feed water valve, co-pilot, autopilot). Statistical Concepts Z score (Z): determines the location of a single score in a normal distribution. T-test (t): compares population mean to sample mean (data sets < 30). Chi Square (X2): goodness of fit between observed and expected (frequency table). Standard Deviation (SD): 1 SD = +/-68%, 2 SD = +/-95%, 3 SD = +/-99.7%. Poka Yoke and Process Safety Management Poka Yoke: Japanese term for "mistake-proofing" or "inadvertent error prevention". Process Safety Management: used in materials, construction, piping, and electrical to prevent or detect errors. Criteria for Controls and Safety Programs Criteria for effective controls: support, standards, training, leadership, and individual safety and health. Safety programs help businesses: prevent workplace injuries, improve compliance, reduce costs, engage workers, enhance social responsibility, and increase productivity. Risk Assessment All risk assessments follow the general steps: identify hazard, decide who could be affected, assess how they might be affected, record results, and review results. NIOSH's three-step process: identify hazard, assess exposure-response relationship, and characterize workplace risk. EPA Human Health Risk Assessment: hazard identification, dose-response assessment, exposure assessment, and risk characterization. Types of Risk Assessment Applications Generic vs. specific vs. dynamic risk assessments. Dynamic risk assessment: continuous process of identifying hazards, assessing risk, and taking action to eliminate or reduce risk. Other Concepts Descriptive epidemiology: observation of outcomes among study groups, followed by an examination of dose-response relationships. ASTM International: American Standards for Testing and Materials. ANSI: American National Standards Institute. NFPA: National Fire Protection Association. IARC: International Agency for Research on Cancer. Risk Communication Seven Cardinal Rules of Risk Communication: 1. Accept and involve the public as a partner. 2. Plan carefully and evaluate efforts. 3. Listen to the public's specific concerns. 4. Be honest, frank, and open. 5. Work with other credible sources. 6. Meet the needs of the media. 7. Speak clearly and with compassion. Insurance and Liability Occurrence insurance: covers incidents that occur during the policy period. Claims-made insurance: covers incidents based on the date the insured becomes aware of the claim and notifies the insurance carrier. Reinsurance: insurance between a primary insurer and secondary insurer. Retrocession: the portion of risk or amount of insurance the company chooses not to retain. Indemnification agreement: a contract that protects one party of a transaction from the risks or liabilities created by the other party. Human Factors and Accident Theories Human Factors Theory by David Yates: three broad categories of accident causes: overload, inappropriate worker response, and inappropriate activities. Petersen's Accident/Incident theory: causes of accidents/incidents are human error and/or system failure. Vicarious liability: assigns liability for an injury to a person who did not cause the injury but who has a particular legal relationship to the person who did act negligently. Management Principles Peter Principle: people are promoted to their level of incompetence Parkinson’s Principle: work expands to fill the allotted time Pareto Principle of Mal-distribution (80/20 Rule): 20% of employees are responsible for 80% of work and accidents System Safety Fail Safe Passive: equipment stops operating in 0 energy state, using circuit breakers and fuses Fail Safe Active: emergency lights Fail Safe Operational: safest for people, using feed water valve, co-pilot, and autopilot Statistics Z score (Z): determines the location of a single score in a normal distribution, showing the % area under the curve T-test (t): compares population mean to sample mean, used for data sets < 30 Chi Square (X2): determines the "goodness of fit" between observed and expected, often used in frequency tables Standard Deviation (SD): o 1 SD: +/-68% o 2 SD: +/-95% o 3 SD: +/-99.7% Error Prevention Poka yoke manufacturing: "mistake-proofing" or "inadvertent error prevention" to prevent or detect errors ANSI/AIHA Z10: standard for establishing OSH management systems to improve employee safety and reduce workplace risks Control Measures Criteria for Controls: o Support: availability of personnel, equipment, and facilities o Standards: clear, practical, and specific guidance and procedures o Training: adequate knowledge and skills o Leadership: competent supervisors and managers o Individual: self-disciplined employees Examples of control measures: o Avoiding identified hazards o Engineering or designing to eliminate or control hazards o Limiting personnel exposure to hazards o Providing protective clothing and equipment o Providing warning signs and signals Risk Management Risk: chance or probability of injury, loss, or hazard Risk assessment: process of assessing risks to make decisions and implement control measures Hazard: condition with potential to cause injury, illness, or death, or mission degradation Hazard identification: process of examining work areas to identify hazards Probability: likelihood of an event occurring Severity: degree of undesired consequences Types of controls: o Educational o Physical o Avoidance Residual risk: preventive, detective, and remedial controls o Preventive: reducing probability of risk o Detective: reducing likelihood of risk occurrence o Remedial: reducing consequences of risk Pure risk: risks beyond human control, resulting in loss or no loss with no financial gain Speculative risk: voluntary risk that can result in profit or loss Safety and Health Programs Main goal: preventing workplace injuries, illnesses, and deaths Recommended practices: o Proactive approach to managing workplace safety and health o Focusing on achieving goals, monitoring performance, and evaluating outcomes Risk Analysis Techniques Chi-square statistic: measures probability of error Event tree analysis (ETA): explores different responses to challenges Naked man technique: evaluates effect of adding controls to a primitive system Six-step process to analyze and control human errors Change analysis: provides formal documentation and feedback of safety analyses on changes Uncertainty of risk: exposure, consequence, and likelihood Categories of hazards: o Environmental issues o Human and material failure o Inherent properties FMEA (Failure Mode and Effects Analysis): analyzes single failure or single unit failure FTA (Fault Tree Analysis): evaluates a product's safety ETA: method for identifying possible outcomes Human Factors Theory David Yates' theory: quantifying accident causes into three categories o Overload o Inappropriate worker response o Inappropriate activities Accident Investigation Front-line supervisor is responsible for conducting an incident investigation Petersen's Accident/Incident theory: causes of accidents/incidents are human error and/or system failure Liability Vicarious liability: assigns liability for an injury to a person who did not cause the injury but has a legal relationship to the person who acted negligently Reinsurance: insurance between a primary insurer and secondary insurer, covering all or part of the losses Retrocession: portion of risk or amount of insurance the company chooses not to retain Risk Communication Seven Cardinal Rules of Risk Communication (Covello and Allen 1988) o Accept and involve the public as a partner o Plan carefully and evaluate efforts o Listen to the public's specific concerns o Be honest, frank, and open o Work with other credible sources o Meet the needs of the media o Speak clearly and with compassion Risk Reduction and Controls Departments should be ranked from highest composite score to lowest to achieve the greatest risk reduction. The ABCs of Behavior: Antecedent, Behavior, Consequence. Types of controls: educational, physical, and avoidance. Control Categories Educational controls: based on knowledge and skills, implemented through individual and collective training. Physical controls: barriers and guards, signs, special controllers, and supervisory personnel. Avoidance controls: supervisors and managers taking positive action to prevent contact or exposure with hazards. Management Principles Peter Principle: people are promoted to their level of incompetence. Parkinson’s Principle: work expands to fill allotted time. Pareto Principle of Mal-distribution: 20% of employees are responsible for 80% of work/accidents. System Safety Fail-Safe concepts: Passive (0 energy state, circuit breakers, and fuses), Active (emergency lights), Operational (safest for people, feed water valve, co-pilot, autopilot). Statistics Z score (Z): determines the location of a single score in the normal distribution, % area under the curve. T-test (t): compares population mean to sample mean, used for data sets < 30. Chi Square (X2): "goodness of fit" between observed and expected, usually for frequency tables. Poka-Yoke and Process Safety Management Poka-Yoke: mistake-proofing or inadvertent error prevention, used in manufacturing to prevent or detect errors. Process Safety Management: used in materials, construction, piping, and electrical, helps establish OSH management systems. Criteria for Controls Support: availability of personnel, equipment, supplies, and facilities. Standards: clear, practical, and specific guidance and procedures. Training: adequate knowledge and skills. Leadership: competent supervisors and managers. Individual: risk management determines acceptable risk and methods for reduction. Analysis Techniques Event Tree Analysis (ETA): explores different responses to "challenges". Naked Man Technique: envisions a "primitive" or unprotected system and evaluates the effect of adding controls. Change Analysis: formal documentation and feedback of safety analyses performed on changes. Failure Mode and Effects Analysis (FMEA): analyzes single failure or unit failure, often used with Fault Tree Analysis. Operating and Support Hazard Analysis: identifies hazards and recommends risk reduction alternatives. Single Failure Point: a single item of hardware, failure of which would lead to loss of life, vehicle, or mission. Safety and Hazard Analysis System Hazard Analysis: formal analysis of a system and its interrelationships to determine hazards and suggest ways to reduce them. Common Cause Failure Analysis: identifies a single event or causal factor common to multiple components. Sneak Circuit Analysis: determines unintended energy routes that can allow undesired functions to occur. Inductive analysis methods: start from known causes and identify possible effects (FMEA). Deductive analysis methods: start from known effects and seek possible causes (FTA). Safety Management Preliminary Hazard Analysis: initial hazard evaluation, used at the beginning stages of product development. Success Rate: successes / attempts. Failure Rate: 1 failure / attempts. Series R failure: sum of R. Parallel failure: R1XR2…..RN. Safety Performance Metrics Compensation cost: gross /Profit margin %. Loss ratio: losses /(E modifier X Manual premium). CBA Ratio: Benefits /Cost, should be above 1. Behavior-Based Safety Process: form assessment teams, extract behaviors involved in past accidents, develop definitions, compile datasheets, determine observation boundaries, train observers, gather data, and determine barrier removal process. Five conditions for success: Safety Leadership, Established Integrated Safety Management System, Employee Empowerment and Participation in Safety, Organization’s Safety Culture, and Measurement and Accountability. Auditing Principles ISO 19011: seven principles for auditing, including Integrity, Fair presentation, Confidentiality, Due professional care, Independence, Evidence-based approach, and Risk-based approach. Insurance Insurance for low probability, high-cost events.
