The Quest for Global Risk Agility

149746_481c_2

Man-made risks, such as cyberrisk, physical security threats and climate change—are the driving forces in the global threat landscape. Unlike natural risk, which remains a central preoccupation, man-made risks have agency. Simply put, a tornado does not pre-plan where and who it will strike. A cyberattack, by contrast, is generally not a random event. While large organizations can often shield themselves from the financial consequences of many risks, the ensuing reputational harm can irrecoverably erode market share and stakeholder trust. Small- to mid-sized enterprises confront these challenges as an existential threat.

The quest for global risk agility is principally a management framework aimed at changing the way organizations and senior leaders think about risk. Rather than making risk an object of “passive control” and something to be feared, agile decision makers make risk an object to be understood—with a healthy dose of respect—and properly harnessed. There is a risk in doing nothing at all in these turbulent times. Organizations, large or small, can no longer afford to remain on the sidelines.

Organizations tend to be far too passive vis-à-vis their approach to risk management. Risk does not wait for a board to have a quorum among its members before it strikes. Risk also does not recognize the annual planning, strategy or budgetary cycles that are the drumbeat of large enterprises. Too few of these organizations—particularly publicly-listed firms—are marching to the drumbeat and, therefore the short-termism, of the stock market. In the era of man-made risks, decisions need to be framed around longevity and optimization, as opposed to short-term performance and maximization. It is only through this that organizational resilience and a spirit of collective survival will take hold.

The best place to start is to create greater awareness of man-made risk in the context of global risk analysis. Too often, boards and senior decision-makers do not know what questions they should ask of each other, or necessarily where to obtain the right answers. This reality is confounded by the individual silos or domains over which senior leaders reign, largely in indifference to and with independence from their colleagues in the C-suite. The first step is to acknowledge that they may not have all the answers, particularly within the context of long-range planning. It is every global firm’s duty and obligation to develop their own “foreign policy” with respect to operating in international markets. Of course, this also applies to operating domestically, where a rare breed of organization puts its value systems front and center in all decisions, large or small.

Businesses will never be outside the reach of controllable and uncontrollable risk—all they can do is attempt to manage them in a reasonable and effective fashion. In the era of man-made risk, which often clashes with natural risk, many firms need to greatly strengthen their organizational resilience and risk management procedures, or to consider getting into another line of business in another location. Some prime examples are those firms with high profiles and/or a lot of money (that may attract the attention of cybercriminals), those that operate in strategic sectors (that may attract the attention of nationalistic governments), and those located in flood-prone areas or that function in areas of the world particularly prone to terrorism. The intersection between man-made and natural risk will only grow with time, with increasingly profound potential implications.

If 2016 was the year of cyberrisk maturity in that there is not an organization in advanced markets that is not sensitized to their exposure, 2017 will be the year of decision opacity. In other words, decision-makers from large and small enterprises, and across sectors, will be confounded by a world that is increasingly difficult to read and, therefore, to make long-range plans for inventory, investments, hiring and market expansion. Risk can be measured, but uncertainty cannot: Uncertainty creates bank runs, erodes consumer and investor confidence and trust in counterparties and institutions. 2017 will mark a year of intense uncertainty. Those firms already seeking global risk agility—and actively devoting resources to and making decisions consistent with that objective—stand the best chance of actually achieving organizational resilience in the face of such uncertainty.

This post was originally published on the Risk Management Magazine

Applying risk management tools

Dice

In the environmental, health and safety industry, emphasis is placed on reducing job-related incidents and increasing the level of workplace safety and compliance. Anything that jeopardizes those priorities needs to be contained and prevented from happening again. Risk management tools provide a systematic method for handling such events with consistency and objectivity.

Using a risk matrix – a tool that quantifies hazards based on severity and frequency – is the first step in that systematic process. A risk matrix defines numerical scales for the frequency and severity of possible incidents to determine how large of a risk that event is. For example, if something has high severity and high frequency, it is considered high risk. If something is low in both of those areas, it is considered low risk. This information helps EHS professionals make decisions across a number of areas.

Applying risk management to EHS organizations

Although the risks will be different for every organization, some applications of risk management are beneficial to all EHS organizations.

Incident management: EHS systems need to track any adverse incidents such as injuries, illnesses and chemical spills, among others. Documenting incidents and collecting data helps you contain the effects, get back into compliance and ensure the incidents do not happen again. Using a risk management tool such as a risk matrix helps prioritize these critical issues. It provides a systematic process to follow, which makes it easier to make decisions about handling the situation.

Job safety analysis: Risk management provides a benchmark for JSA, breaking down the individual pieces of a job description and analyzing them with the same methods as an adverse event. Once potential hazards are revealed, the organization can take steps to prevent or decrease the risk through protective equipment or safety regulations specific to the job. Knowing what incidents could possibly occur leads to prevention, which decreases the chance of the incident actually happening.

Corrective action: EHS systems can also apply risk to the corrective action process to determine if a corrective action was effective. The risk values of an incident after the corrective action measures the residual risk to see if the corrective action worked. This can be repeated as many times as necessary, until the risk has been reduced to an acceptable level.

Enterprise reporting: Having an automated EHS system that collects data is not enough. You need a tool that reports the data in a comprehensive manner, determining general trends and overall impacts. Risk management tools give executives fuel to make informed decisions and changes with support from data. They can connect the root causes of incidents that happen in different departments and look at the EHS enterprise as a whole.

There’s more

Risk management tools are invaluable for EHS professionals in other areas: emissions tracking, energy management, Safety Data Sheets, aspects, objectives and targets, and crisis management – just to name a few. Incorporating risk management tools to all of your EHS operations will help you make informed decisions and get on a path of constant improvement.

What is Risk Management? And Why Should you Care?

149746_481c_2

Risk management is the process of identifying, assessing and controlling threats to an organization’s capital and earnings. These threats, or risks, could stem from a wide variety of sources, including financial uncertainty, legal liabilities, strategic management errors, accidents and natural disasters. IT security threats and data-related risks, and the risk management strategies to alleviate them, have become a top priority for digitized companies. As a result, a risk management plan increasingly includes companies’ processes for identifying and controlling threats to its digital assets, including proprietary corporate data, a customer’s personally identifiable information and intellectual property.

Risk management standards

Since the early 2000s, several industry and government bodies have expanded regulatory compliance rules that scrutinize companies’ risk management plans, policies and procedures. In an increasing number of industries, boards of directors are required to review and report on the adequacy of enterprise risk management processes. As a result, risk analysis, internal audits and other means of risk assessment have become major components of business strategy.

Risk management standards have been developed by several organizations, including the National Institute of Standards and Technology and the ISO. These standards are designed to help organizations identify specific threats, assess unique vulnerabilities to determine their risk, identify ways to reduce these risks and then implement risk reduction efforts according to organizational strategy.

The ISO 31000 principles, for example, provide frameworks for risk management process improvements that can be used by companies, regardless of the organization’s size or target sector. The ISO 31000 is designed to “increase the likelihood of achieving objectives, improve the identification of opportunities and threats, and effectively allocate and use resources for risk treatment,” according to the ISO website.  Although ISO 31000 cannot be used for certification purposes, it can help provide guidance for internal or external risk audit, and it allows organizations to compare their risk management practices with the internationally recognized benchmarks.

The ISO recommended the following target areas, or principles, should be part of the overall risk management process:

  • The process should create value for the organization.
  • It should be an integral part of the overall organizational process.
  • It should factor into the company’s overall decision-making process.
  • It must explicitly address any uncertainty.
  • It should be systematic and structured.
  • It should be based on the best available information.
  • It should be tailored to the project.
  • It must take into account human factors, including potential errors.
  • It should be transparent and all-inclusive.
  • It should be adaptable to change.
  • It should be continuously monitored and improved upon.

The ISO standards and others like it have been developed worldwide to help organizations systematically implement risk management best practices. The ultimate goal for these standards is to establish common frameworks and processes to effectively implement risk management strategies.

These standards are often recognized by international regulatory bodies, or by target industry groups. They are also regularly supplemented and updated to reflect rapidly changing sources of business risk. Although following these standards is usually voluntary, adherence may be required by industry regulators or through business contracts.

Risk management strategies and processes

All risk management plans follow the same steps that combine to make up the overall risk management process:

  • Risk identification. The company identifies and defines potential risks that may negatively influence a specific company process or project.
  • Risk analysis. Once specific types of risk are identified, the company then determines the odds of it occurring, as well as its consequences. The goal of the analysis is to further understand each specific instance of risk, and how it could influence the company’s projects and objectives.
  • Risk assessment and evaluation. The risk is then further evaluated after determining the risk’s overall likelihood of occurrence combined with its overall consequence. The company can then make decisions on whether the risk is acceptable and whether the company is willing to take it on based on its risk appetite.
  • Risk mitigation. During this step, companies assess their highest-ranked risks and develop a plan to alleviate them using specific risk controls. These plans include risk mitigation processes, risk prevention tactics and contingency plans in the event the risk comes to fruition.
  • Risk monitoring. Part of the mitigation plan includes following up on both the risks and the overall plan to continuously monitor and track new and existing risks. The overall risk management process should also be reviewed and updated accordingly.

Risk management approaches

After the company’s specific risks are identified and the risk management process has been implemented, there are several different strategies companies can take in regard to different types of risk:

  • Risk avoidance. While the complete elimination of all risk is rarely possible, a risk avoidance strategy is designed to deflect as many threats as possible in order to avoid the costly and disruptive consequences of a damaging event.
  • Risk reduction. Companies are sometimes able to reduce the amount of effect certain risks can have on company processes. This is achieved by adjusting certain aspects of an overall project plan or company process, or by reducing its scope.
  • Risk sharing. Sometimes, the consequences of a risk is shared, or distributed among several of the project’s participants or business departments. The risk could also be shared with a third party, such as a vendor or business partner.
  • Risk retaining. Sometimes, companies decide a risk is worth it from a business standpoint, and decide to retain the risk and deal with any potential fallout. Companies will often retain a certain level of risk a project’s anticipated profit is greater than the costs of its potential risk.

The Importance of Conducting Safety Audits

man-pen-and-reports

Organizations conduct safety audits to comply with laws or regulations and to provide a safe workplace for everyone. A safety audit identifies different levels of risk in each work area of an organization. An audit’s findings can also include how an organization can remediate potential threats to employees and visitors. When an organization follows through on the findings of a safety audit, the workplace will be safer, and there will be a reduced likelihood of worker injury, illness, and death.

A systematic approach is a vital ingredient for a safety audit. Including the following components will make a safety audit more effective:

1. Research safety conditions that should exist in each work area. Look up appropriate laws and rules of practice

2. Create an audit checklist. Include minimum safety standards for each work area and possible safety issues. If an organization has a safety management system, it may be possible to print a safety audit form for each program area. Extensive research helps an auditor to refine his audit checklist.

3. Conduct a preliminary inspection of all work areas. Use additional paper, if needed, to note unsafe conditions, including surfaces and equipment that need maintenance, repair, or replacement and areas where employees need better personal protective equipment. An organization can consult with experts to address safety issues that are outside the range of experience of the management team.

4. Inspect safety records of each program area. Read all safety policies and procedures, safety meeting agendas, Material Safety Data Sheets, previous inspection reports, and reports of accidents and injuries. A well-designed audit demonstrates how an organization has performed since the most recent inspection.

5. Conduct a formal inspection by visiting all work areas again. If a work area is not compliant with an item on the checklist, it’s important to record that finding. An auditor must also ask questions of on-duty managers and workers to ensure that enough information is collected to prepare a complete report.

6. Prepare an official version of the formal inspection that summarizes the audit’s findings. A summary includes comments addressing the changes that management has taken to increase safety since the most recent audit.

7. Provide a copy of the audit to management. Program managers need the auditor’s contact information if they have questions about how to correct problems summarized in your report.

What is Contractor Management?

Definition of Contractor Management

Contractor management refers to the managing of outsourced work performed for an individual company. It is increasingly common for industries to rely upon independent contractors for specialized skills and knowledge. By utilizing outside contractors, companies can achieve three main goals: accessing specialized expertise that is not continuously or routinely required, supplementing limited company resources during periods of unusual demand, and providing staffing increases without the overhead cost of direct-hire employees.

Challenges Associated with Contractor Management

Because independent contractors are not a regular component of the company for whom they work, there are some unique challenges that must be addressed by companies conducting contractor management. Increasingly, companies rely on outsourced contractors for field service work. This poses challenges in maintaining consistency in service delivery and customer experience, as well as in maintaining visibility and sufficient control over scheduling and other facets of service.

Some of the most common day-to-day challenges associated with contractor management include:

  • Senior leadership commitment
  • Project managers’ understanding of their roles
  • Team members’ understanding of expectations
  • Scheduling and task management
  • Control over labor costs

Companies also must determine how to access the independent contractor population and minimize costly penalties that often result from improper classification of workers and independent contractors. Moreover, companies need to consider how to evaluate independent contractors. On-boarding and administration programs must be in place for successful contractor management.

Other aspects of contractor management that must be considered are risk assessment and identification, issuing 1099s on behalf of the client, and document completion, collection, and maintenance. Many challenges associated with contractor management can be overcome by employing best practices for contractor management.

Best Practices for Contractor Management

Freelancing and independent contracting especially are popular among small businesses. Independent contractors are able to fulfill needs that the small business workforce otherwise could not. Contractor management is necessary because of the nature of the independent contractors’ work; independent contractors, particularly field service contractors, often work away from the office and are not under direct supervision. Under these circumstances, even experienced CEOs may find it difficult to manage independent contractors. There are some best practices that help companies and executives handle their contractor management:

  • Clearly define the services that you need to have provided
  • Draft a job description to serve as a reference point when drawing up a contract
  • Determine payment schedules and compensation rates ahead of time
  • Set up a straightforward and clear written agreement at the contract’s start
  • Ensure that you are firmly within legal grounds and document a work arrangement meticulously so that you are correctly classifying your independent contractor
    • Keep in mind that experts recommend that you determine the what and the contractor determines the how – you outline specific goals, but the contractor must provide his own tools, equipment, and facilities to complete the work
  • Guide productivity and ensure that the contractor will produce high quality work while meeting key deadlines by specifying the deliverables in the agreement, making yourself available to answer follow-up questions, and scheduling regular meetings for progress updates

Communication is Key to Contractor Management

Independent contractors, program managers, and company executives not only have a professional duty to communicate effectively, but they must communicate in a way that ensures the contracted work is completed well and in a timely manner. Effective communication is a key component of contractor management throughout the business relationship, from defining services and writing the agreement, to meeting with the contractor throughout the project’s completion. There are several solutions for contractor management available, including mobile management software and solutions, to connect everyone and ensure successful contractor management.

With comprehensive contractor management practices offering visibility and control over the complete service chain, enterprises managing field service contractors and other independent contractors are able to reduce labor costs, obtain proof-of-service, gain real-time visibility into the status of jobs and tasks, and ultimately, provide a more consistent experience that increases end customer satisfaction.

How Financial Goals Could be Directly Impacting Employee Safety

sda_102314

According to new research in the Journal of Accounting and Economics, financial goals may be more important than employee safety.

UCLA Anderson of Management Associate Professor of Accounting Judson Caskey and UT Jindal School of Management Assistant Professor of Accounting N. Bugra Ozel collaborated on a study that examined 14 years of data on workplace safety from the OSHA, documenting any data that might show correlation between analysts’ forecasts and injury/illness rates.

Caskey and Ozel found that any changes in operations or production that are meant to increase earnings impacted the number of injuries in the company. Specifically, an increase in employee workloads and in abnormal reductions of discretionary expenses caused a rise in injury/illness rates when analyst forecasts were met or exceeded.

“Managers can indirectly, and perhaps inadvertently, detract from safety by increasing workloads, hours, or the desired speed of work flow,” the authors said. “For example, rushed employees may have more accidents, and increased workload and hours without additional rest and recovery time can increase stress-related injuries. Managers can also directly impact safety by cutting safety-related expenditures.”

Researchers also noted that the relation between benchmark beating and workplace safety is stronger when there is less union presence, when workers’ compensation premiums are less sensitive to injury claims and among firms with less government business.

Incident Management and its Importance

shutterstock_336348647

The purpose of incident management is to reinstate normal service operations as fast as possible and mitigate the negative impact on business operations, thus making sure that the agreed levels of service quality are maintained. The operational state where CIs and services are performing within their agreed service parameters and operational levels is called ‘Normal service operation’.

There are two main aims of the incident management process:

– To restore services back to normal operation as fast as possible
– To mitigate the adverse effect of critical incidences on business operations.

ITIL Incident Management

According to ITIL terminology, an ‘incident’ is described as an unplanned interruption.

Incident management, as the name suggests, is the process that is used to manage the lifecycle of all incidents. Incidents can be identified by technical staff, reported and detected by event monitoring tools, be conveyed by communications from users (usually through a telephone call to the service desk), or reported by third-party suppliers and partners.

 

Objectives

The main objectives of the incident management process are as follows:

– Make sure that standardized procedures and methods are used for prompt and efficient response, documentation, analysis, reporting of incidents, and ongoing management.
– Improve the communication and visibility of incidents
– Improve the business perception of IT with the help of a professional approach, so that incidents will be resolved and reported quickly
– Line up incident management activities and prioritize them accordingly
– Enhance and maintain user satisfaction without losing the quality of IT services

Scope

Incident management includes any event which disrupts, or something which is capable of causing a disruption to the service. This includes events which are communicated directly by users – through an interface from event management to incident management tools – or through the service desk.

Value of incident management

– Ability to mitigate the risk of unplanned costs and labor for both  business and IT support staff
– Ability to detect and resolve incidents, which in turn results in lower downtime to the business, which means increased availability of the service
– Ability to line up IT activity to real-time business priorities
– Ability to identify the potential areas of improvement

 

Policies

– Incidents and their status must be reported in a timely manner.
– Incidents resolution should be within the timeframes acceptable to business.
– Maintaining Customer satisfaction is very important.
– Incident handling and processing should be in line with overall service levels and objectives
– All incidents should be managed and stored in a single management system
– All incidents should subscribe to a standard classification schema which is consistent across the business enterprise
– All incident records should be audited in regular intervals to ensure that entries are categorized correctly

Principles and Basic concepts

There are some basic things that need to be taken care of when considering incident management.

Timescales

Timescales should be agreed upon for all incident handling stages, based upon the overall incident response and the resolution targets within SLAs

Incident models

Many incidents are not new; there are some incidents which happen recurrently. For this reason, many organizations find it very helpful to predefine ‘standard’ incident models, so that they can be referred to when needed and applied to incidents as they occur.

The Basics of Surviving a Management Audit

man-pen-and-reports

There are many reasons for conducting audits, but following are the four most frequent reasons

Regulatory compliance audits

In market sectors such as Financial, Behavioral Health, Medical, and Pharmaceutical, periodic audits are the norm and the guidelines are clear. In any given year, a Behavioral Health clinic in NY State, for instance may be required to undergo 4 separate audits including Medicaid, HIPAA, OMH (Office of Mental Health), and OASAS (Office of Alcohol and Substance Abuse Services). In many of these cases, the auditors show up unannounced or on very short notice.

Compliance audits aren’t technically management audits, but the scores on such audits are certainly a direct reflection of management’s performance. Would your policies, practices, procedures, and documentation measure up to the scrutiny to which a Behavioral Health clinic is subjected?

Performance audits or ‘What’s wrong with our IT operation?’

Often, members of the IT management and staff think they are doing a spectacular job but the customers and executive management disagree vehemently. In the worst cases, end users are preparing their pitchforks and torches in case the audit doesn’t bring about some positive performance outcomes. These audits are tough; the IT staff is defensive and they all assume that the consultants are there to fire them.

During these audits, employees sometimes resign even before the final report is released. This is unfortunate because poor performance is a reflection of management rather than staff. At other times, excellent employees leave because they have had their fill of ineffective management. Frustrations become bitter tears dripping on the conference room table, even from managers.

New management

Sometimes, incoming executives want an X-Ray of organizational performance and requesting an audit is an intelligent professional move. They want a clear distinction between the previous management’s practices and their own and they use the final report to establish a program of organizational change.

IT is too expensive

Occasionally, IT audits are conducted because executive management considers the IT operation too expensive. They want an independent audit and a strategic plan that shows all the viable options.

4 tips for a lower stress audit

If the auditors are coming next week, there probably isn’t much you can do to improve the outcome, but there is plenty you can do to make the process more comfortable for everyone involved.

Answer binary questions with binary answers

When questions requiring a Yes or No answer are met with lengthy explanations, it is a clear indication of a problem. When I ask if you have documentation of your daily security log validation, just say yes or no! If you don’t have the required documentation, no amount of explanation is going the help. Also, I am not really interested that you are going to begin implementing your security program next month. Good for you, but I only care about what your actual practices are at the time I ask.

Don’t lie, embellish, or bury information

I always walk into audits and assessments taking a neutral, objective stance and I appreciate clients who don’t try to pre-program me. I will selectively ask for evidence or documentation for every statement you make and false statements will certainly damage your credibility. When subjects provide evasive or ambiguous answers, my inner Columbo puts on his trench coat. Equivocation and rationalization drive me to keep searching until I get the answer. Just tell the truth.

Instruct your staff to cooperate politely

I recall one compliance audit where a staff member served up every document request with a plate full of anger and hostility. The odd thing about it was that all her ducks were in a row, which is pretty unusual. So, why the anger? Don’t unleash it on the consultants.

I remember several engagements where the IT staff tried to tell me that their IP addressing schemes and Visio diagrams were secret. Huh? As soon as I retrieved my jaw from the floor, I went over their heads and arranged for delivery of the requested information. These events created suspicion and hostility that weren’t required.

In two organizations I contracted with, staff members claimed their Security Policies were secret! How does that work? These sorts of behaviors are indicators of significant departmental and organizational problems.

Prepare documentation in advance

All documentation including policies, procedures, infrastructure documentation, logs, hardware and software inventories, PSA system reports, etc. should be readily available for the consultants. They will ask to see it. I generally ask for all this information before I go on site for the first time and I am always appalled by the number of organizations that have none of the documents that are generally accepted to be components of a solid Information Technology Governance program. Sometimes these data dumps include reams of irrelevant information in the hope that I won’t find the smoking gun.

Auditing for organizational culture

I include a frank assessment of departmental and organizational culture in my reports and it is sometimes less than flattering. Delivering this information to executives and managers generally creates a tense silence while they try to chew and swallow that particularly tough piece of meat. They rarely argue because they know it’s true, but few have dared to state the obvious out loud. A realistic and objective assessment of company culture is required to address the root causes of problems. Bad management, inefficiency, malfeasance and incompetence have often been enabled for years before an audit is finally initiated. Interdepartmental politics, turf wars, jealousy, meddling and backstabbing all contribute to the problems at hand and managers throughout the organization are responsible.

In many cases, executives and managers have worked in large, bureaucratic organizations for their entire careers and they can’t see the signs of broken company culture. They think bad behavior and dysfunction are the norm.

The final report

If the final report is not a testimonial of glowing praise for your IT operation, I urge you to sit back and reflect carefully before lashing out. The report is a mixture of data, facts, and input from your coworkers and end users. I always base part of my conclusions on both formal and informal interviews with end users and managers from every department in an organization. What ends up in the report is a reflection of what your colleagues really think about your operation. My career started with a four-year stint in army intelligence and I actually do cross examine and interrogate. The natural inclination of some IT Directors is to argue and pick apart every statement and conclusion in the report, but this is definitely the wrong approach.

A nearby local government entity with which I am familiar recently received a failing audit from a state regulatory agency. It wasn’t a first-time fail and the endemic problems have been simmering for decades. Several executives from this entity made statements to the press that the audit “was a gotcha audit. It’s all about paperwork and there is nothing real here. We’re providing excellent services.” Talk about denial! I believe they will come to regret those statements since the infractions were extremely serious and they will likely have to return millions of dollars to Medicaid. They may call a missing signature “a gotcha,” but Medicaid calls it fraud. Their culture is so broken that they really need a turnaround expert and complete replacement of the management, but they haven’t reached rock bottom yet, apparently.

In recovery

The correct response to a failing audit is to contemplate the report carefully and develop a proactive remediation plan immediately. Humility may save your job, but you can’t step off onto the recovery road until you admit you have a problem.

Ask for help. Operations that have been dysfunctional for years can’t be turned around overnight. Organizational culture may inhibit a turnaround and objective, external assistance may be required.

Listen to what your colleagues and objective auditors had to say and take it seriously. Don’t go swimmin’ in denial.

How Technology Can Shape the Future of EHS – Part 2

ehs-future-technologies

In Last week’s article we discussed some of the new evolving technologies that could – and are starting to – shape the future of EHS, this week we continue to discuss more technologies that have potential for being part of future EHS /OHS systems and software suites.

Beacons and Sensors

Beacons and sensors are devices that either broadcast data to nearby portable electronic devices, or detect events and changes in their environment and then correspond with the appropriate response

Beacons and sensors are already being widely used in many EHS applications, here is a look at some of the most frequent ones:

Safety Alerts. An example of thi would be a worker entering a hazardous area of where work is being done that releases chemical fumes. The worker can then be equipped with an electronic device that picks up the signal from a beacon. As a result, the worker receives an alert or reminder on the electronic device asking him to make sure he is wearing a specific piece of safety equipment.

Detection of hazardous Chemical Releases. A Sensor can detect that a chemical spill has taken place, and then send an alert in real-time to electronic devices carried by workers, warning them to stay away from that area or to take special safety precautions.

Equipment Performance Statuses. Sensors can monitor the real-time performance of equipment or assets, So if the equipment is not functioning correctly, or is about to malfunction, it can send a real-time alert to warn workers. LNS Research has written a lot about this and the link between Overall Equipment Effectiveness (OEE) and EHS.

Augmented Reality (AR)

Augmented Reality is a real-time direct or indirect view of a real-world environment whose elements are augmented or supplemented by computer-generated sensory input such as sound, video, graphics or GPS data. Games like the world-famous Pokémon Go are good examples of the use of AR. Some of the applications of Augmented Reality in EHS include:

Safety Smart Glasses. A pair of smart glasses can be programmed to view real-time environmental information such as airborne chemical and particulate concentrations, or oxygen levels in a confined space.

Virtual Safety Data Sheets. A worker scans a chemical storage area with a smartphone’s camera and the screen gets populated with virtual Safety Data Sheets (SDSs) above each chemical for convenient access to safety information.

Smart Helmets. A helmet can be equipped with a retractable visor capable of overlaying work instructions, system performance metrics, and temperature readings on the user’s field of view.

Virtual Reality (VR)

Virtual Reality is a technology that uses software to generate realistic images, sounds and other sensations that simulates a real environment, as well as the user’s physical presence in this environment by enabling the user to interact with this space and depicted objects.

Safety Training. Instead of traditional classroom training, pictures and video to educate workers about a hazardous environment, VR allows full immersion into the environment without having to leave the room. According to a study by Verdantix, having “real” experience before being actually exposed to a hazard is invaluable, and could reduce unsafe behaviors, incidents, injuries and fatalities.

.

How Technology Can Shape the Future of EHS – Part 1

ehs_for_technology_companies_ehsxtech

As technology evolves everything evolves with it, and we can expect that a few years from now the EHS profession will look very different . Like all industries, Environmental Health & Safety softwares will also be affected by the emerging technologies that are changing fundamentally the way people perform their tasks.

An example of this would be mobility and the concept of cloud-based softwares. Today, there are many companies that use smartphones or tablets to report incidents and near misses, or use cloud-based applications to perform various EHS functions.

Since technology evolves quickly, this is a good time to look at the other ways in which technology will change EHS. Rather than using buzzwords, or writing yet another article about a specific technology, we will share with you specific applications in EHS that have been talked about. Therefore you will already have a look into the technology-enabled future of EHS. The post is divided by technology area and includes examples of applications and links to articles.

Wearables

Wearable are miniature computers or electronic devices that are worn by users. With Smartwatches and fitbit being the most known wearable devices. Let’s look at a few applications of wearables in EHS.

Reporting Incidents Using Smartwatches. A smartwatch can enable workers to report a near miss or an incident through speech recognition.

Smart Glasses. Since Smart Glasses came out many developers and software companies started creating applications for them, so of the applications of smart glasses in EHS are:

1) Displaying a list of work instructions to ensure that tasks are performed safely using both hands;

2) Recording or displaying videos of risky conditions that can lead to an incident;

3) Capturing a live video of a near miss or incident as it’s taking place, and using the video during the incident investigation.

Health-Monitoring Wearables. Wearables (belt, wrist band, etc.) monitor a worker’s vital signs (blood rate, temperature, blood pressure, breathing, etc.). If there is something abnormal, an alert is sent to the worker and/or his supervisor indicating that the worker may be under strain, which could increase the risk of incidents. As a result, the worker stops his activity.

Environment-Monitoring Wearables. Another similar application is where the wearable alerts the worker if he has a high exposure to hazardous chemicals, is exposed to toxic gases, or is exposed to unsafe noise levels.

 

Internet of Things (IoT)

The IoT is the internetworking of physical devices, vehicles, connected devices, smart devices, buildings and other items embedded with electronics, software, sensors and network connectivity that enable these objects to collect and exchange data.

Some scenarios make use of both wearables and the IoT, or beacons/sensors and the IoT. Therefore some items in this post under other sections could also have been placed in this section.

Let’s look at a few applications of the IoT in EHS:

Emissions Monitoring. Sensors monitor air emissions, collect data and send it over the Internet. The data can be used for reports, or to measure the environmental footprint of an enterprise throughout all facilities.

Water Management. According to Metcalfe, smart sensors that capture data will be used more often in water management, as opposed to water meters, because, as water becomes an increasingly scarce resource, there will be a greater need to monitor water in the natural environment.

Grid-Based Data Collection on Chemical Spills. Geographic information systems using grid-based data collections are also seeing progress. Collecting data using grids is less time-consuming than collecting data manually, Metcalfe says. For example, during a chemical spill, the areas where a chemical spill has occurred and that require an immediate cleanup response can be identified visually and more effectively.

Drones

Drones are currently being used in everything from food delivery to aerial inspection and monitoring. Let’s look at a couple of applications of drones in EHS.

Inspections. Drones can be used to inspect and identify problems, instead of putting human workers at risk during inspections, some of examples of this are:

  • Communication industries are increasingly using drones to inspect towers and antennas, instead of risking workers safety.
  • In the oil and gas industry, drones can inspect flare stack heads, and detect and locate leaks.
  • Many construction businesses has started using drones to perform roadway inspections.
  • Drones could be used to identify problems in enclosed areas, for example in sewers, before workers are sent into a potentially hazardous situation.

In addition to the scenarios above, another application would consist of using drones to monitor and inspect vast networks composed of thousands of kilometers of pipelines in the oil and gas industry.

Work at Elevation. The EHS Daily Advisor article also raises the possibility that drones could eventually be designed to perform the same work that robots currently do, but at elevation (e.g. welding, drilling), thus reducing the need to expose workers to fall hazards.