In the sustainability and corporate social responsibility (CSR) “space” there is increasing pressure to report on triple-bottom-line issues through reporting frameworks, such as the GRI G3. There is a trajectory toward quasi-mandatory reporting by value-chain stakeholders and actual mandatory reporting by regulatory-bodies. Quasi-mandatory reporting is seen with the inclusion of GRI sustainability reporting as tracked by Bloomberg’s Index and other financial indices. Mandatory reporting is seen in South Africa, Denmark, and France. Read More
9.15.2011
EHS/S and Risk Management Challenges
As part of my research this summer on relationships between EHS/S and risk management, I interviewed a group of EHS/S and risk management executives about various aspects of their activities. Prior to the interviews, the interviewees were given the Redinger EHS white paper titled, “360 Vision for Environmental Health, and Sustainability: Anticipate and Avoid Black Swan Events.” A series of questions focused on the needs and challenges of EHS/S and risk management departments. Some of the responses included:
- “I need to know as much as I can about the risks my company faces. I wrestle with having confidence that my team and I have a good understanding about risks that will bite us. I am not sure we have a good understanding about our EHS risks.” Read More
9.15.2011
Risk Management, EHS/S, Business Continuity, and the 360 Risk Management Check-Up™
It has been a while since I’ve posted. The summer has been full, working on developing the 360 Risk Management Check-Up™, a high-level diagnostic to measure the EHS/S and risk management function in organizations. Associated with this work, I have been conducting research on the evolution of organizational risk management and growing attention on non-financial risk management (NFRM).
Organizational risk management (RM) concepts and practices have been evolving from a singular focus on financial risk to a more broad focus on enterprise-wide and non-financial risks. Approaches such as enterprise risk management, strategic risk management, value risk management, etc. have been evolving into what is being called NFRM. Read More
6.30.2011
Risk Management and Business Continuity with an Integrated Management System
In my previous post, I briefly discussed the integrated quality, safety, and environmental management system (QSEMS) at the Cannes Convention Center. The trend toward integrated management systems, including ISO’s movement toward a generic management system model for wide application, will provide a new tool for organizational risk management.
As evolved as risk management methods and models are, organizations struggle with integrating risk management practices. A silo phenomenon challenges risk managers as it has EHS managers for many years. In current non-financial risk management writings and research, the need for risk management integration and “silo-busting” is highlighted. An integrated risk management system can provide a way to bust silos in an organization. Read More
6.22.2011
ISO 50001 Just Published – “Energy Management Systems – Requirements with Guidance for Use”
The much anticipated ISO management system for energy management was published on June 15. The ISO 50001 format closely follows ISO 14001 on environmental management. I will be posting comments over the next couple of weeks regarding things I see in it and issues that will help with implementation and integration.
At first glance, where an ISO 14001 or OHSAS 18001 management system is in place, integration of ISO 50001 will be somewhat straightforward.
A unique piece for 50001 is section 4.4.3 that addresses “energy review.” This is the equivalent of environmental aspects in 14001 and risk assessment in 18001. While this standard is new and interpretations will be fleshed out in the coming months and years, the interpretation of “energy” may not be trivial when considering conformance with 50001. The way it is defined will impact how the energy review requirements will be met. Read More
5.25.2011
Supercharging Your EHS/S MS Management Review – Developing a Strategic Risk Management MS
Many EHS/S management system experts believe that one of the most important components of an integrated MS is management review. Management review is the time during which the overall strategy of an integrated EHS/S MS is assessed. Said differently, it is a time to see if the MS’s purpose and desired outcomes are being fulfilled. Management review is commonly framed as a performance evaluation activity. While this is correct, I would suggest that there is much more available through management reviews—that is, these are strategic opportunities to impact an organization’s Strategic Risk Management (SRM) process, and possibly start developing an SRM MS.
Enterprise Risk Management and the evolution of Strategic Risk Management are relatively new in the domain of organizational and management science. While strong frameworks for financial risk management have evolved, this is not the case for overall non-financial risks and their management. In particular, there is an absence of a universally accepted management system approach in this arena. Yes, the ISO 31000 standard on risk management goes a long way toward helping, but it is not a management system, per say. Rather, it is intended to augment an existing MS framework. Read More
3.6.2011
ISO 28000 – Security Management, Risk Assessment, and ISO 14001 as a Foundation
The current issue of ISO Focus (February 2011) is dedicated to a wide range of security-related issues and highlights the ISO 28000 series on security risk management.
ISO 28000 was published in 2007 and provides guidance on security management. Its framework follows the ISO 14001 framework closely. 28000 is the core of the family, providing a specification management system standard. ISO 28004 provides implementation guidance in specific areas, such as 28005 (Electronic Port Clearance) and 20858 (Ships and Marine Technology). Read More
2.28.2011
Getting Your EHS/S Risk Management Metrics Right: Taking a 360-Degree View
At its core, EHS/S (environmental, health, safety, and sustainability) management is a risk management endeavor and there are numerous ways these activities can be described and reported. Even though many companies have robust EHS/S risk management practices, it is sobering to hear risk professionals continue to report pessimism about their organization’s overall risk management efforts.
The February 2011 issue of Internal Auditor reports on three studies that indicate while there is continued focus on the importance of robust risk management, more times than not, it is not being done well. Research conducted by the Enterprise Risk Management (ERM) Institute at North Carolina State University found that only 28 percent of 460 ERM professionals surveyed described their current state of ERM implementation as “systematic, robust, and repeatable”; 42 percent described the process as immature; and 60 percent described the process as mostly informal and ad hoc.
Corporate board oversight of ERM is hit or miss. The Committee of Sponsoring Organizations of the Treadway Commission (COSO) reports that while directors give their boards high marks for ERM, less than one-half of the boards have ERM accountability assigned to a board subcommittee. Further, a survey of directors, conducted by Protiviti Inc., showed that only 13 percent consider ERM robust and mature. Internal Auditor reports that both of these studies point to challenges with risk reporting to the board. Read More
3.26.2010
An Externalities Framework to Develop Sustainability and CSR Strategies
Since the 1987 Brundtland Report, which put sustainability on the business map, the Rio Conference in 1992 and its famous declaration, and the concept of a “triple bottom line” put forth by John Elkington in 1994, issues related to sustainability have expanded as a central topic in corporate boardrooms and business strategy. Along the way, sustainability ideas and concepts have morphed into the broader area of corporate responsibility (numerous terms are used to describe this: corporate citizenship, corporate social responsibility, and social responsibility).
As an important and rapidly evolving area, there is a wild-west quality to defining, executing, and measuring sustainability and CSR initiatives. Commonly identified sustainability issues include: reduction of energy use, carbon-generation, waste, etc. Some CSR norms, sustainability issues, child-labor issues, and good EHS practices have gained general acceptance—but CSR, especially, is still a very fluid area. The CSR (or SR) ISO activities (ISO 26000) might help, but it will take many years for this to fully flesh out. Read More
3.26.2010
Is Your EHS Audit Program Hitting The Mark?
Auditing is a difficult subject—the term rarely conjures pleasant thoughts, and it’s often a dreaded event for the auditee. For the EHS department, it is a complex endeavor, one that EHS professionals often don’t feel they fully have a handle on as they’re presented with issues of program validity and reliability. For internal audit programs in large companies, scheduling can be a nightmare, with auditors swamped by primary-non-audit duties. While EHS departments do complete their audits and generate reports for the C-Suite, Board of Directors, and External Third Parties, the EHS audit programs I’ve observed often miss the mark.
Some of the recent EHS audit program challenges I’ve observed include: (1) integrating EHS management system audits with existing compliance audits; (2) developing procedures to close the gap between EHS program/system upgrades and the audit tools measuring them; (3) training auditors how to audit the EHS management system; (4) identifying leading indicators that can shorten the audit process or be used in site/plant self-assessment activities. Read More