At its core, EHS/S (environmental, health, safety, and sustainability) management is a risk management endeavor and there are numerous ways these activities can be described and reported. Even though many companies have robust EHS/S risk management practices, it is sobering to hear risk professionals continue to report pessimism about their organization’s overall risk management efforts.
The February 2011 issue of Internal Auditor reports on three studies that indicate while there is continued focus on the importance of robust risk management, more times than not, it is not being done well. Research conducted by the Enterprise Risk Management (ERM) Institute at North Carolina State University found that only 28 percent of 460 ERM professionals surveyed described their current state of ERM implementation as “systematic, robust, and repeatable”; 42 percent described the process as immature; and 60 percent described the process as mostly informal and ad hoc.
Corporate board oversight of ERM is hit or miss. The Committee of Sponsoring Organizations of the Treadway Commission (COSO) reports that while directors give their boards high marks for ERM, less than one-half of the boards have ERM accountability assigned to a board subcommittee. Further, a survey of directors, conducted by Protiviti Inc., showed that only 13 percent consider ERM robust and mature. Internal Auditor reports that both of these studies point to challenges with risk reporting to the board.
EHS/S professionals and executives must reflect on how well they (1) do risk management and (2) report about it to their corporate board.
An EHS/S risk management baseline is established with management systems such as ISO 14001, OHSAS 18001 or ANSI/AIHA Z10. These approaches have become—or are becoming—the de facto template for EHS/S management. But are they enough to meet the wants and needs of corporate boards? The level of reporting needed, as indicated in the above studies, suggests not.
These studies suggest that a broader EHS/S risk perspective is needed, along with better metrics to capture the broader risk profile.
Data generated from EHS/S management systems can help explain part of the picture. Beyond this, a 360-degree, or full spectrum view of EHS/S risks needs to look at additional items, such as (1) EHS/S integration; (2) EHS/S strategic planning; and (3) strength of the EHS/S department culture (e.g., presence of learning organization skills), to name a few.
Actions EHS/S professionals and executives can take to improve this scenario include:
- Conduct a 360-degree assessment of their department with an eye toward the ways in which risk management can be strengthened.
- Get, read, and use the ISO 31000 Risk Management Standard as a way to organize and structure their EHS/S risk management activities.
- Develop a 360-degree EHS/S KPI for use on their corporate scorecard.
© Redinger EHS, Inc. (2010)