The underlying notion is that organisations are exposed to risks at every level of the organisation, from strategic level risk, operational or technological risk, disaster risk emanating from natural hazards to external risks such as global influences and of course the notorious ‘black swans’.
In this thinking piece, Aurecon's Simon van Wyk introduces a concept dubbed ‘B4Risk’, which introduces a conceptual risk mitigation model centred round the well-known quote by Desiderius Erasmus: “Prevention is better than cure”. The variety of available risk assessment tools is such that there may be a number of tools potentially appropriate for a given circumstance, and the choice of which to use has perhaps become more a matter of taste (Reniers et al. 2005).
Traditional models centred round risk reduction tend to focus on ‘reactive’ measures as opposed to ‘proactive’ measures. To delineate this point, Simon refers to the example of the Chilean Mine shaft collapse of 2010. On 5 August 2010, a gold and copper mine in Chile, near the northern city of Copiapó, caved in, trapping 33 miners in a chamber about 780 metres below the surface. Initially, the miners attempted to escape through a ventilation shaft, however the ladder was incomplete rendering the miners at the mercy of emergency rescue efforts, which resulted in success some two months after the shaft collapse.
Organisations of all types and sizes face internal and external factors and influences that create uncertainty around whether and when they will achieve their objectives. The effect of this uncertainty on an organisation's objectives is defined as “risk” according to ISO 310001. The definition of B4Risk comprises “proactive measures that are designed and implemented by an organisation commensurate with its activities, products and/or services through positive integration of globally accepted tools and processes to obviate or reduce the magnitude of risks, should they realise”.
The following diagram was developed by Aurecon South Africa’s Risk Management professionals to depict the B4Risk concept.
The B4Risk concept is illustrated as a pyramid with three legs that represent strategic solutions, system solutions and risk solutions. The legs rest on three spheres: enterprise risk management, integrated management systems and integrated risk management. Each sphere shows the core elements that should be proactively developed into attributes of the organisation. These range from strategic level concerns through systems focused on Health & Safety, environmental, quality and asset (HSEQ&A), to areas of risk such as security, technological or project risk.
While it can be argued that many organisations develop and implement such ‘solutions’ for risk, the fact of the matter is that few organisations integrate them which, in effect, creates silos diluting the synergy value. To illustrate this point, consider a hypothetical example in the South African context, of a transport organisation (Referred to as Org-A) comprising rail services, that takes measures to reduce the potential impact and likelihood of risks. Org-A identifies a need to address HSEQ&A risks and therefore aligns itself with internationally recognised management systems such as BS OHSAS 180012, ISO140013, ISO 90014 and ISO 550005, as well as a local standard SANS 3000-16. Org-A decides to develop each management system as an independent project, which results in five stand-alone management systems achieving ISO/BS/SANS certification.
The acceptability of the above scenario would no doubt be supported by many readers as Org-A can now boast it is benchmarking against international and local standards, but there is a disconnect in that management of risk is firstly managed in silos, with the added risk that impacts may be cross-cutting that have no redundancy built into the ‘solution’, ultimately placing Org-A in a questionable position given the resilience capacity of Org-A to proactively deal with risks that transcend multiple aspects within the organisation. To illustrate this, assume Org-A has a rail incident involving a locomotive derailing as a consequence of a collision with a maintenance crew. The impact of the collision causes fatalities, asset damage, release of diesel and the loss and contamination of the commodity that was being hauled. In this instance, Org-A has five separate emergency response procedures/protocols7 to enable, since each management system has a specific emergency preparedeness and response mechanism designed to handle either a quality impact, asset impact, environmental impact and/or health and safety impacts. It is prudent to reiterate that each management system was designed independently of the other systems. Consequently, the execution of the emergency response procedures has been designed to be resourced and executed in an uncoordinated manner.
It is such scenarios that emphasise the need to consider B4Risk solutions.
Figure 2 below depicts B4Risk as a matrix based on a four tier approach, commencing with defining the boundaries, establishing a integrated context moving through a consultative process to applying the integrated solution. The B4Risk Matrix is further governed by a dual system of ‘application’ vs. ‘checking’. The rationale for the governing system ensures measures are in place to achieve the centrally common principle of all the management systems, namely ’continual improvement’.
Each of the B4Risk Matrix steps involve solutions that can be tailored to an organisation’s unique needs. However, as a basic high-level structure, the B4Risk Matrix is universally applicable to all organisations.
Risk management, in the truest sense, encompasses an even greater paradigm shift from reactive measures than those which underpin the notion that ‘prevention is better than cure’ (Van Wyk & Joyce, 2012). B4Risk is based on achieving a fundamental change in approach by proactively developing and implementing solutions, whether strategic, management system or risk driven. Ultimately, reducing the magnitude of a risk will rely on the mechanisms and resources that an organisation has put in place. Overwhelming evidence exists indicating that preventing incidents is best achieved by implementing a management system designed to control losses (Germain et al., 1998). It stands to reason that integrating a solution, or solutions into a practical mechanism can reduce the magnitude of a risk, as an organisation would be equipped far better than not having addressed such a risk ahead of its occurrence. B4Risk provides a proposed structured approach with a key focus on proactively developing and implementing measures to curb HSEQ&A risks.