WIXLIB

EHS Risk Management Guidebook: A Practical How-To Guideanalyze high-risk events so you can identifytrends and unmanaged risks. EtQ’s experienceshows up to 1 in 3 near-misses may haveserious potential for harm, underscoring theneed to treat them as safety incidents (and notjust lucky breaks). Creating dashboard alerts for high-riskincidents and near-misses, as well as for whenkey incident management tasks are overdue. Linking high-risk incidents to corrective actionrequests. Integrated EHS Software routescorrective action requests automaticallythrough review, root cause analysis, actiontaken and verification. This prevents high-riskincidents from getting buried, also making iteasy to access the risk mitigation history forincidents.Corrective ActionChange ManagementFrom moving employees between production areasto installing new equipment, coordinated changemanagement is critical to reducing EHS risk. Manycompanies have learned the hard way that unmanagedchange can lead to disaster, even shutting downproduction for extended periods and costing millions ofdollars.At the same time, change is a necessity in order tobenefit from new opportunities. Change Managementtools within integrated EHS Software systems allowyou to make important changes while managing risk,ensuring business continuity so your company cangrow profitably with minimal risk of interruption.Important risk mitigation techniques to incorporate intoyour change management process include: Performing a risk assessment before you makea change in processes, people or equipment. Thiscould mean using a risk matrix to assess the riskof a particular hazard, or using a decision tree toanalyze the costs of various alternatives. Using Job Safety Analysis to identify hazardsassociated with new procedures or equipment. Youcan assess the risk of the procedure as a whole aswell as for individual steps, helping you pinpointareas for strategic risk reduction. Using integrated project planning tools withinthe EHS System to ensure costs and timelines don’tballoon out of control. Filtering corrective action requests by riskto ensure high-risk items receive priorityattention. Without risk-based filtering, youincrease the risk of recurrence and allowproblems to become systemic. Linking employee training requirements tochange management initiatives. People are yourbiggest variable when it comes to EHS risk, andemployee training is a common weakness aroundchange management. Collaborating on root cause analysis to reducesubjectivity of results. Incidents typicallyinvolve intersecting processes, and uncoveringthe true root cause often requires multipleviewpoints. Updating related documents such as protocolsand emergency response plans. Any changesto processes or equipment should triggerdocumentation updates, preferably within anintegrated, permissions-based Document Controlsystem.Too often, organizations use corrective action as apunitive tool rather than a continuous improvementprocess. This approach leads to underreporting andincreases risk, a key reason why companies must moveaway from assigning blame and towards identifyinghow to minimize the risk of recurrence.A robust technology-enabled corrective action processfocuses on corrective action effectiveness whileenabling a deeper understanding of the context andcauses of safety incidents. Key Risk Managementstrategies to boost effectiveness include: Measuring residual risk as a final verificationstep to ensure the corrective action reducedrisk to acceptable levels. Proactively applying lessons learned acrossthe enterprise. Root cause findings identifiedin one plant should be applied in all otherfacilities, reducing risk by preventing theproblem from occurring in other locations.Assets and EquipmentPreventive maintenance is more cost-effective and saferthan reactive maintenance. And while you don’t want totake equipment out of service too soon, waiting even aminute too long presents serious risks. Using integratedsoftware to automatically upload equipment data tothe EHS Management System lets you precisely monitorequipment needs, reducing costs and malfunction risks.www.etq.com 800.354.4476 info@etq.com

EHS Risk Management Guidebook: A Practical How-To GuideTools and capabilities to leverage within the EHSManagement System for reducing equipment-relatedrisks include: Creating risk dashboards with automatedalerts for when equipment needs calibrationor maintenance, or when monitoring systemsshow abnormal conditions. Integrating employee data to preventworkers who don’t meet certification ortraining requirements from operatingequipment. Filtering maintenance tasks by risk toensure the most important repairs andcalibration issues get priority attention. Tracking leading indicators aroundequipment maintenance and monitoringactivities. Smart sensors that feed data fromequipment to the EHS System can providepredictive data that allows you to stay ahead ofproblems.Critical risk mitigation activities to improve theeffectiveness of employee training programs include: Updating training requirements whenever keychanges are made to documents, processes orequipment, as well as when workers changedepartments or roles. Automating scheduling so that employees whoneed to take certain courses are automaticallyadded to the roster. Adding post-training assessments to ensurecompetence in key areas. Tracking leading indicators around employeetraining, such as analyzing how numberof training hours or course updates affectincidence rates. Generating new training requirements fromother functions within the EHS ManagementSystem, including Change Management,Document Control and Audit Managementmodules.AuditsAudits play a central role in EHS risk management.Due to the extensive preparation involved and findingsgenerated, however, many companies miss keyopportunities to mitigate risk throughout the auditprocess. Automated EHS Software makes audits moreeffective by eliminating busy work and helping youincorporate audit results into your risk managementstrategy.Key Risk Management tools and functions to focus onas part of your audit program include: Sorting noncompliances by risk so high-riskproblems get priority follow-up. Initiating corrective action requestsfrom the audit record so you can track riskmitigation history and make sure unsafeconditions aren’t allowed to persist.Employee TrainingWhen you look at safety incidents, it’s rare thataccidents are purely the result of mechanical failure.That’s because human behavior will always be thebiggest variable when it comes to operational risk.An EHS Management System mitigates this risk byautomating compliance with employee trainingrequirements, reducing safety incidents that result frominsufficient training. Monitoring leading indicators that relateto your audit program, such as number ofsignificant findings as a proportion of theoverall total, number of repeat findings andaverage time to corrective action closure.Regulatory ComplianceUnmanaged regulatory risks cost companies more than 143 million in OSHA penalties in 2014, with penaltyamounts set to rise as much as 80 percent on August1, 2016.6 The most frequent citations OSHA gives arewww.etq.com 800.354.4476 info@etq.com

EHS Risk Management Guidebook: A Practical How-To Guidefor hazard communication, respiratory protection andlockout/tagout procedures for controlling hazardousenergy.7Unfortunately, companies have thousands ofrequirements to comply with, and it’s often difficultto understand which regulations even apply to anorganization. Effective compliance tracking is a hugeissue, and a key area where EHS Software can reducerisk and minimize a company’s regulatory exposure.Top EHS performers typically adopt some version of thefollowing risk-based compliance process: Create a list of all applicable regulatoryrequirements in the EHS Management System(an integrated system will do this for you). Link each requirement to existing controlssuch as employee training or engineeringcontrols. Identify all requirements without controls,or where controls don’t sufficiently reduce risk. Conduct a risk assessment using your riskmatrix to identify high-risk gaps where youneed to focus on adding or improving controls.An integrated EHS Management System letsyou link regulatory gaps to Corrective Action,Employee Training and Document Controlsystems.Industrial HygieneIndustrial hygiene is a critical part of EHS management.Calculating time-weighted averages to stay withinOSHA’s Permissible Exposure Limits (PELs) can be acomplex task, however, given the fact that employeesoften move from one work area to another.Medical surveillance, while an essential part ofindustrial hygiene, is largely a rear-facing process thatuncovers health impacts of past exposures. Advancedtechnology and data collection strategies that enablemore proactive risk management around industrialhygiene include: Wearable devices connected to the Internetof Things (IoT ): While still in its infancy, thistechnology is poised to revolutionize industrialhygiene monitoring. From ergonomics togas concentrations to noise levels, wearabledevices can generate large volumes of highlyspecific, real-time data. Centralized Reporting: Feeding data fromwearable devices to an integrated EHSManagement System lets you go beyondsimple alerts to leverage advanced riskmitigation opportunities. For instance,exposure data can help you identify high-riskprocedures and work areas and how theychange over time. Linking the data to your RiskRegister allows you to verify that these areasare audited, appropriate controls are in placeand the controls effectively reduce risk. Hazard communication: EHS Softwaremitigates exposure risks with centralizedtracking of hazardous substances. This ensuresyour safety data sheets and labels meet newOSHA requirements that align with GloballyHarmonized System of Classification andLabeling of Chemicals (GHS). It also allowsyou to enter toxic substances into your RiskRegister so you can track them and identifysubstitutions.Contractor and Supplier ManagementContractors and suppliers introduce significant EHSrisk, with even a single mistake having the capabilityto cause a serious incident. In extreme cases, theseincidents can have long-term impacts on brand valueand even an entire industry’s reputation.Key steps for incorporating risk management intocontractor and supplier compliance programs include: Tracking compliance certificates to ensureall contractors and suppliers meet internal andregulatory standards. Identifying high-risk suppliers andcontractors through proactive compliancehistory tracking. Standardizing policies for how to handlesupplier issues. For example, a decision treeor risk matrix can help you identify whetheran incident calls for a corrective action,enhanced inspection rules or reevaluating therelationship entirely. Assigning corrective actions to partners withsecure, cloud-based access to the EHS Systemto engage suppliers and subcontractors in yoursafety process.SustainabilitySustainability monitoring is now a core businesspractice, with companies recognizing the risks ofinefficient resource use and unplanned releases.Conversely, investments in sustainability provide ameasurable boost to the bottom line. For example,www.etq.com 800.354.4476 info@etq.com

EHS Risk Management Guidebook: A Practical How-To GuideDow Chemical calculated that 1 billion in sustainabilityimprovements have delivered an overall return to thecompany of more than 5 billion.8The following elements can help you build asustainability program that proactively mitigates riskand reduces operational costs: Tracking environmental aspects, definingobjectives and using Centralized Reportingtools to watch long-term trends and progresstowards your goals. Identifying high-risk equipment orprocesses that require proactive equipmentmonitoring and special attention during audits.This can also improve overall equipmenteffectiveness and productivity. Standardizing equipment inspection rulesand centralizing inspection checklists withinthe EHS Management System. Setting dashboard alerts connected toequipment monitoring systems for whenemissions parameters approach or exceedthreshold limits. Linking smart sensors to the EHS Systemso equipment data isn’t just overwritten onthe device or dumped onto a spreadsheet.Integrated data management lets youmake connections between overall assetperformance and sustainability measures.Enterprise Risk ManagementRisk has become a universal language for helpingexecutives make decisions in all operational areas,from quality and safety to finance, security andhuman resources. EHS Software allows companiesto standardize risk management practices across theenterprise, improving consistency in how individualsidentify and mitigate risk.Enterprise Risk Management strategies to focus oninclude: Centralizing all risk items in a Risk Register.This gives you an easily accessible source forassessing risk across the organization. Establishing risk templates for differenttypes of risk items, including who isresponsible and what decision-making criteriaare. Creating roll-up reports that show risk acrossdifferent organizational areas to enable morestrategic decision-making. Linking risks in different areas to identifytrends and common underlying sources of risk.This can also help EHS teams secure neededinvestments in risk management initiatives thatimpact other areas of the organization.EHS Software ChecklistEvaluating EHS ManagementSystems and determiningwhether they meet yourorganization’s unique needsis a time-consuming process.This checklist provides someimportant considerations forany system under evaluation: Integration: Integrated systems provide morefunctionality than point solutions. It’s alsoimportant to consider whether your EHSSoftware is capable of directly integrating datafrom related systems such as quality, humanresources, manufacturing systems and finance. Automation: An automated system reduces therisk of human error and improves productivity,also reducing administrative overhead. Mobile: Mobile capabilities allow you to extendrisk management to the field. This helpsengage employees so you can capture more(and more detailed) safety data. The key ishaving a mobile platform for all EHS functions,not just a few mobile apps. Flexibility: You should be able to customize anEHS system to your business, not the otherway around. Ease of use is also a huge factor inuser adoption. Scalability: It’s important to evaluate howdifficult it is to scale up the system, since you’lllikely want to add new users and locations asyour business grows.Closing ThoughtsBig Data now allows companies to collect and analyzevast quantities of data faster, better and cheaper thanever before. For organizations to gain maximum benefitfrom these advances, an integrated approach is neededthat addresses the gaps created by disparate pointsolutions and outdated manual tracking systems.Ultimately, the key is building a system that tiestogether not just different EHS functions, but also theentire enterprise as a whole. Only then can companiesachieve a higher standard of protecting both workersafety and our shared environmental resources.www.etq.com 800.354.4476 info@etq.com

EHS Risk Management Guidebook: A Practical How-To GuideAbout EtQEtQ is the leading Quality, EHS, Operational Riskand Compliance management software provider foridentifying, mitigating and preventing high-risk eventsthrough integration, automation and collaboration.At the core of EtQ’s framework is a compliancemanagement platform that enables organizationsto implement best in class compliance processesconfigured to meet their existing processes, createnew compliance processes and automate and controltheir compliance ecosystem. EtQ’s product lineupincludes traqpath for individual compliance users,VERSE Solutions for small to medium sized businessesand Reliance for enterprise organizations. EtQ wasfounded in 1992 and has main offices located in theU.S. and Europe. To learn more about EtQ and itsvarious product offerings, visit www.etq.comor blog.etq.com.Sources1. Leavoy, P. (2015, April 24). Why RiskManagement Dominates EHS Priorities.Retrieved from minates-ehs-priorities2. National Association for EnvironmentalManagement. (2013). Approaches to Managing EHS& Sustainability Data.3. Fabius, R., et. al. (2013, September). The LinkBetween Workforce Health and Safety and theHealth of the Bottom Line. Journal of Occupationaland Environmental Medicine.4. Galt, D. (2012). How to Promote the BusinessValue of EHS. American Society of Safety EngineersProfessional Development Conference proceedings.5. U.S. Occupational Safety and Health Administration(OSHA). Business Case for Safety and Health.Retrieved from case/costs.html6. Butera, V. (2015, November 11). Employers Beware:OSHA Fines Are on the Rise for the First Time inTwenty-Five Years. Retrieved from ein-twenty-five-years/7. OSHA. Commonly Used Statistics. Retrieved 8. Campbell Institute. (2012). Defining World-ClassEHS.www.etq.com 800.354.4476 info@etq.com

www.etq.cominfo@etq.com800.354.4476516.293.0949EtQ Reliance is a trademark of EtQ, Inc. All other product names and company names are trademarks or registered trademarks of their respective owners.No endorsement of EtQ by such companies is intended or implied. Copyright 2017, EtQ, Inc.

tools to track risk management activities like risk assessments and audits. 2. This makes it difficult to gather information, creating a huge paperwork burden and limited functionality that allows EHS risks to go unmanaged. This white paper will provide a practical approach to EHS risk management from a technology perspective.