Risk Management: Use of ANSI/ASSE/ISO Standards in the Middle East [Professional Safety]

PS: You recently presented on the ANSI/ ASSE/ISO risk management standards at the ASSE Middle East Chapter's professional development conference in Bahrain. In what ways are these standards used in the Middle East?

Jim: Most conference attendees with whom I interacted were only aware of the ANSI/ASSE/ ISO risk management standards, and a few were actively using them in their organizations. Khaled Bu-Allay, an officer with the Royale Bahraini Air Force, snared that he was using the risk management standards in his Ph.D. dissertation research on errors in military aviation. Also, several papers were presented at the conference on related topics, such as the use of risk assessment and risk matrixes.

The risk assessment tools in the ANSI/ASSE/ IEC/ISO 31010 standard were of particular interest. It seems that many companies in the Gulf region are requiring their risk management and safety staffs to conduct risk assessments of work areas and processes, much of which is in context with process safety management.

PS: Do you feel the U.S. could make better use of these standards? Is the Middle East using them in ways not seen in the U.S.?

Jim: I have seen minimal acceptance and utilization of the ANSI/ASSE/ISO risk management standards in the U.S., although I was pleased to discover that they have been incorporated into the Institute of Internal Auditors' risk management review process. I was pleasantly surprised to see use in some areas in the Gulf region as well. The standards combine differing ideas about risk management from around the globe together in a cohesive manner. They present a utilitarian set of methodology for management to improve its decision-making process.

PS: What will help build momentum for the use of these standards?

Jim: These risk management standards will gain traction where there is pressure in legislation for organizations to establish effective due diligence and corporate social responsibility controls. The ANSI/ASSE/ISO risk management standards offer an effective corporate governance framework that organizations can use to fulfill legislative obligations they must meet. Thanks to their well -written universality, the standards can be used at both the macro and micro level, and will help any organization, its project or its task articulate appropriate information to decision makers. Unfortunately, the standards do not offer the same level of qualifications for international trade as some ISO standards because no certification process exists. Nonetheless, they provide best practice guidelines that international markets could rely on as credible business-screening practices for international trade.

PS: What new ideas or best practices from the Middle East conference can you apply to your own risk management work?

Jim: One idea I espoused was that you can take any part(s) of the ANSI/ASSE/ISO risk management standards and use them at whatever level your organization or projects are able to accept. In that respect, I have already taken an issue that I want my management to address and have applied a risk assessment instrument from ANSI/ ASSE/IEC/ISO 31010 in preparation to sell my suggestion for a needed improvement. I may be going against the grain with the idea that you can use parts of the standard that suit you, but I believe that it is better to use at least part of the standards then none at all.

PS: How has ASSE's Risk Management/ Insurance Practice Specialty worked to promote use of the ANSI/ASSE/ISO risk management standards?

Jim: The practice specialty's involvement in promoting these standards has been somewhat organic. By responding to requests for information, we have elevated our knowledge about the standards. One benefit the standards provide is a great set of tools for examining risks that need to be addressed across the board.

PS: You are also a member of the U.S. Technical Advisory Group (TAG) for Risk Management. What are the TAG'S plans for the year? Will any new standards be added to the ANSI/ASSE/ISO series?

Jim: Exciting things are coming. For example, the first international conference on the ISO 31000 standard was held in Paris during May 2012, and there is continued development of our implementation guide, "ISO 31004," which should be complete next year. The implementation guide will help risk management personnel and organizations better understand how to use the risk management framework and integrate it into the decision-making process.

PS: In the U.S., much debate surrounded technical issues in the ANSI/ ASSE/ISO standards, such as the definition of risk appetite. Do SH&E professionals in the Middle East express concern for similar technical issues?

Jim: The people I interacted with in the Middle East were less aware of the history of enterprise risk management and the varying models that have been developed around the globe over the years. They seemed more concerned with using aspects of the standards within the context of process safety, for example, and how that can advance their work practices.

PS: Did your visit to the Middle East give you some new ideas as to how the ANSI/ASSE/ISO standards could be revised and improved in the long run?

Jim: I look forward to the implementation standard, as the standard in its current form is framed in an organizational context. The organizational setup is not very practical for the engineers and safety practitioners who are looking for practical tools they can use on the job. In this regard, I extolled the notion that various parts of the standard can be used at the micro level and are convenient when used in a context associated with specific objectives and with the right risk-assessment tool. This can provide management with information at the project and task level that incorporates the limitations of the analysis, from both a time and a resource perspective. Many expressed that time and resources were in short supply, and that projects needed to move along at a more acceptable pace. When we discussed the details of the risk process, the "risk evaluation" piece provided a way for me to explain that when they communicate to management, they need to be truthful about their risk assessment work products.

I have to admit that I learned more about how to make these standards work in a practical way that fits the user than I did about how to revise them. It will be important for organizations and practitioners to have a guide to help them with implementation since it is heady material and requires top-level organizational leadership buy-in as well as risk-management expertise. However, as you get acquainted with the standards, you will see that they provide a landscape of accountability and transparency, which can lead to exceptional and credible decision making.

PS: How do risk management philosophies and concepts in the Middle East differ from those in other countries?

Jim: The Middle East has a diverse workforce and international commerce. From my perspective, risk management there is used at a practical level and needs to find its way into upper levels of organizations where big decisions are made. Power is autocratic in the Middle East and somewhat absolute at top levels, so bringing risk-based thinking to the decision makers is a bit idealistic.

Contrary to this viewpoint, I have heard that ACWA Power, a powergenerating and desalinated water production company in Saudi Arabia, has adopted the standard, as well as ISO 14001, Environmental Management Systems. According to my source, ACWA Power says the link between corporate governance and business is key to meeting its expansion plans.

Jim Newberry has 30 years' experience in commercial insurance company loss control. He started his career in loss control at Employers Mutual Casualty Co. and worked for Home Insurance Co., Zurich Insurance Co. and Fireman's Fund. He is currently assistant vice president and risk control manager for Island Insurance Co. Newberry is administrator of ASSE's Risk Management/ Insurance Practice Specialty. He is also a recipient of the ASSE Hawaii Chapter's Safety Professional of the Year Award. Newberry holds a B.S. in Environmental Safety and Safety Management from Indiana State University.