The American Society of Safety Engineers (ASSE) has become a strong voice in the worker protection community for moving away from a focus on incidents and toward a concentration on risk. The challenge for many who are striving to make such a shift is determining what is acceptable and how to mitigate potential risks.
ASSE suggests that organizational leaders “need to understand that true business success requires understanding and effective management of all risks.” The society recommends five steps for risk-based decision making.
- Identify and clarify decision parameters. Determine and define the context of a decisions and its parameters. This includes defining the type of decision, identifying stakeholders, and considering potential options.
- Assess the risk. Determine and define the data you need and identify sources for obtaining it.
- Make the decision. Gather and evaluate the risk-based information in the context of the decisions to be made. Decision makers discuss and review options with an eye to risk-reduction potential, costs, and other benefits.
- Monitor effectiveness. Once a decision is made, it is monitored and effects are documented using tools such as business impact analysis. Monitoring and analysis are compared to unexpected outcomes to assess whether the decision was successful.
- Facilitation communication and consultation. ASSE says successful risk-based decision making depends on input, feedback, and exchange of information from stakeholders. Throughout the process, risk-based information should be provided in clear terms, and any decisions or further actions should be communicated to stakeholders within and outside the organization.