3 Things To Do Before You Can Measure EHS&S Risk

Denny Lerch
December 3, 2018
Sponsored by: Haley & Aldrich Inc.
Risk assessment
There's no shortage of advice on how to measure risk. When I asked Google "how to measure risk," I got about 317 million results, including many opinions about how risk really can't be measured. All of this philosophizing can make things difficult for environment, health and safety, and sustainability (EHS&S) professionals when we try to have frank conversations about risk within our own organizations.

With so many different viewpoints, it's understandable that many organizations develop risk management strategies that just don't work, or don't work, as well as they should. However, because you can't accurately assess something you can't measure, finding the right way to measure EHS&S risk is crucial for organizations.

My colleague Danyle Hepler put it best:

"While there is no concrete way to know exactly what will happen, organizations can develop a method to evaluate and understand their risks by understanding their threats and opportunities across their enterprise."

Nutshell? You can measure risk. But measuring enterprise risk requires prep work.

We always advise our clients that before you measure risk, do these three things:

1. Understand your customers and stakeholders: What are you protecting?

Historically, organizations only cared about checking EHS&S compliance boxes. But these days, EHS&S risk management is no longer only about compliance. Don't get me wrong; compliance is still essential, especially when it comes to a company's brand reputation. Today, to truly understand your organization's EHS&S risk and protect its reputation, you must understand what your customers and stakeholders value most.

It all comes down to people.

In the EHS&S world, those people include the product end-use customer and the organization's community stakeholders, along with internal stakeholders, such as employees and contractors. Failing even one of these groups can hurt a brand's reputation, which will have a negative impact on everyone from the executive suite to the mail room.

The driving forces behind today's EHS&S risks require companies to go beyond compliance to achieve a solid risk management plan. That means considering everything from natural disaster recovery and keeping workers safe to emerging environmental trends and social media. Enterprise risk management strategies that focus only on staying compliant fall short in today's EHS&S world.

Unfortunately, when employees work in different silos with different goals, it's impossible to gain a systems-wide consensus about the best way to serve all customers. That's why it's so crucial to communicate with everyone, so together, departments can develop a shared understanding. This lets organizations move forward, making decisions that deliver critical value.

Truly knowing the needs of customers and stakeholders will help keep everyone and everything safe, from downstream users and front-line workers to the company's reputation and stock price.

2. Understand where things are: Does everyone have an accurate picture of the current state?

Tools such as safety questionnaires, employee engagement surveys, and town hall meetings are all designed to make an organization better. Some companies have programs in place where they can get feedback, such as sending employees a once-a-year survey.

For EHS&S professionals, knowing what is happening in every part of the company is critical. Developing a comprehensive risk management plan requires good intel from everyone, especially the folks on the front line who work dangerous jobs and could face perilous outcomes if risk management isn't aligned with reality.

To get this 360-degree, bird's-eye view, companies do things like schedule inspections, have workers go to informational meetings, and make everyone fill out questionnaires about safety policies and procedures. Leaders measure risk and make decisions based on the information they get from these employee engagements.

The problem is, the information might not be accurate.

Companies often base decisions on reporting and metrics, which is the whole point of reporting and metrics. But when the reports have no context and aren't reflective of the current state, you can't make the right decisions.

For example, when a floor manager uses a weekly report to inspire and motivate employees, it can often just make employees feel pressured to hide "minor" problems or incidents. Meanwhile, the decision-maker in the C-suite has never been to the front line and takes the performance report at face value.

Reports and metrics are great, but they must be combined with boots-on-the-ground knowledge and a transparent communication environment.

All of this can only happen if you excel at #3.

3. Understand each other: Communication is the only path to seeing the whole system

Until each stakeholder is honest and has a realistic view of risk, it's not possible to measure it. It's imperative to engage all stakeholders to get different perspectives - and perceptions. What seems like no big deal to one employee can be a huge deal to many others.

Thorough, honest communication across all departments will also help everyone align to achieve the same goal. When each department operates in a silo, each department has a different goal, and they all compete. When each stakeholder knows where the other is coming from, and a systems-wide view of the organization becomes clear, you have the building blocks to assess, understand, and measure EHS&S risk.

Now more than ever, EHS&S professionals need to be risk management leaders to help their organizations focus on risk across the entire enterprise. Rethinking risk management to look beyond compliance helps to protect business continuity while increasing the value of EHS&S.

About the Author

Denny Lerch
Haley & Aldrich
Denny Lerch, PE, has more than 25 years of experience in environmental permitting and regulatory compliance across a diverse set of industries, from electric utilities to pharmaceutical and chemical manufacturers, consumer goods and steel manufacturers. His technical expertise includes air permitting and compliance, EHS program development, environmental compliance auditing, regulatory interpretation and guidance, compliance plan development and agency negotiations. Denny earned a B.S. in Chemical Engineering from Rutgers University and is a member of multiple professional organizations in the fields of EHS&S risk management and compliance.

Email Sign Up