ISM Code Internal Auditor

Training Course

Risk & Management Systems

v1.2, 20 August 2014 1

Risk Management Concepts
Management

 An integrated process by which

authorized individuals create,
maintain, and operate an
organization in the selection and
accomplishment of its aims.
Risk Management Concepts
System

 A series of interrelated or interacting elements

Management System

 A series of interrelated or interacting elements that

provide coordinated activities directing and controlling an
organization
Risk Management Concepts
Hazard

 Activity or situation with a potential for harm in terms of

human injury or ill health, damage to property, damage
to the environment, or a combination of these.

Harm

 Physical or psychological
injury or damage
Risk Management Concepts
Risk

 The combination of the likelihood and the

consequence of a specified hazardous
event (accident or incident).

 The “hazard” releasing the “harm”

Risk Management Concepts
Risk Management

 The systematic activities

directed towards
identifying risks and
providing controls
and actions
to mitigate
the effects
of these risks.
Risks Affect Every Organization
Focus had always been given to:

 Risks related to the

security of assets
and personnel

 Risks related to the

appropriation and
use of money
Risks Affect Every Organization
Today, businesses are paying attention to…

 Risks related to product or service QUALITY.

 Risks related to damage to the ENVIRONMENT by

an organization’s activities.

 Risks related to the HEALTH and

SAFETY of personnel.
Risks Affect Every Organization
And recently…

 Risks related to the security of INFORMATION

 Risks related to FOOD SAFETY

 Risks related to the security of goods

moved through the SUPPLY CHAIN

 Losses related to the inefficient

use of ENERGY
Business & Risk Exposures
SAFETY & ENVIRONMENT
 Injury/ Fatalities TECHNICAL
 New products/ processes
 Releases to air/water/ground
 Ageing Technology
 Fire/ Explosion
 Marketing
 Property Damage
 Community Impact

NATURAL HAZARDS FINANCIAL

 SEISMIC  Exchange Rates
 Extreme weather  Revenue
 Tsunami  Market

SECURITY
 Internal OPERATIONAL
 Reliability
 External  Quality
 Intellectual Property  Production Impacts
 Strategic Information

RISK LEADS TO LOSS

Standards and Risk Management
 ISO 9001 focuses on the management of quality related risks

 ISO 14001 focuses on the management of environment

related risks

 OHSAS 18001 focuses on the management of health and

safety related risks

 ISM Code focuses on the safe management and operation

of ships and for pollution prevention

 ISO 50001 focuses on continual improvement of energy

performance
Risk Management
 Identify the hazards

 Evaluate the risk

 Organize and authorize

actions against the identified
prioritized risks

 Implement and operate

responses to the risks

 Monitor effectiveness of the responses

 Review and evaluate effectiveness and identify improvement

Management Systems
Emphasis

 Essential basic elements:

– Plan TQM
– Do

– Check Continual Improvement

– Act

 Philosophy must be applied to every

element/expectation/performance standard of a MS
Management Systems
Continual Improvement

- Quality

- Safety

- Occupational health
P D
QA A C - Environment
Customer
- Security Community
Procedures
Expectation
- Energy performance
Internal auditing
 Management Systems
Philosophy
 People’s behavior is strongly influenced by the
system they operate in

 The organization controls the system through the

management systems they set up

 By changing management systems

the organization can change people’s
behavior
 Management Systems
Activities That An Organization Needs to 11-12
Perform Well

 Proactive analysis of potential problems

 Integrated management systems that cover all

activities

 Solution of problems through RCA/incident

investigation
 Management Systems

PROACTIVE ANALYSIS MANAGEMENT SYSTEMS 12

Perform proactive analysis to identify Set up systems to manage equipment
significant risks and safeguards to prevent and human behavior to adequately OPERATIONS
and mitigate the associated consequences control risk. Examples of management
· What could go wrong? system elements include: Operation of the
· What are the consequences of these · Equipment design facility in
incidents? · Maintenance strategies, methods, and accordance with
· What could cause these consequences? procedures the management
· How likely are these consequences? · Administrative processes system
· Training
· Employee screening

Recommendations Recommendations

REACTIVE ANALYSIS (Incident Investigation/Root Cause Analysis)

Perform reactive analysis to identify improvements in the safeguards to prevent and mitigate the INCIDENT OCCURS
associated consequences to adequately control risk
· What did go wrong? Unacceptable
· What were the consequences of these incidents? failures, losses, and
· What caused these consequences? inefficiencies
· What changes should be made to the proactive analysis process and the management system
to adequately control risk?
 Management Systems
Idealized Operation
INPUTS SYSTEM OUTPUTS

Raw Desired
materials products

Equipment
Associated
Energy waste
products

People
External
conditions
Management Systems Loss Events
 Management Systems
Elements of a Management System

 Establish commitments to take appropriate action

 Define purpose/ establish plan

 Ensure capability to perform in support of objectives

 Continually evaluate, learn and improve

Integrated Management Systems
Common Approach
 ISO 9001, ISO 14001, ISO 50001, OHSAS 18001 and
the ISM Code share a common approach

■ PDCA cycle is followed

■ Focus on pro-active rather than reactive
 Management Using PDCA
Plan + Do
 Plan what to do
 Do what is planned
 Do it right, first time
 Prevent problems, errors, mistakes,
unsafe conditions and accidents
 Assure requirements are met
 Management Using PDCA
Do + Check / Study
 Detect problems, errors, mistakes, unsafe conditions &
accidents that do occur
 Correct them, whenever possible
 Record results for future use
 Management Using PDCA
Study + Act
 Collect feedback data on system
performance
 Analyze data to find causes
 Improve systems to prevent recurrence
of problems, errors, mistakes, unsafe
conditions & accidents
 Increase confidence in system
 Management Using PDCA
Evaluate, Learn & Improve
 Measure & monitor performance
 Conduct internal audits & management
reviews
 Apply continuous improvement
process to improve the
organization
 Communicate & report
activities and results
 Integrated Systems Approach
A Rational and Effective Approach

IF IT IS A RISK WE MANAGE IT!

And we manage all these risks by

operating ONE management system
addressing health, safety, quality and environmental
risks, and energy performance.
 Integrated Systems Approach
One Documented System
 use the principles of “good risk management practice”
defined within the ISO, ISM and OHSAS standards to
form:

1 documented system
covering all requirements

avoid…
“This way for Environment and this other way for
Health and Safety and then this other way for Quality
and then this way for managing Energy performance”
 Integrated Systems Approach
Process Approach

 Change of attitude from departmentalizing the

requirements of the standards to recognizing and
adopting a “process approach”

 EXAMPLE:
The efficiency of vessel operations relies on the
support of shore based departments such as
Purchasing and Crewing.
 Integrated Systems Approach
Internal Benefits

 Systems documentation provide the framework for

consistency of approaches;
approaches

 Efficiency of actions and cost savings associated from

preventive rather than reactive management

 Elimination, or at least, minimizing risk of profit loss

and reputation damage due to customer complaints,
accidents and environmental incidents

 Employee motivation and satisfaction - cost saving

of staff “turnover”
 Operational Excellence

“ The first duty of business is to

survive and the guiding principle
of business economics is not the
maximization of profit – it is the
avoidance of loss”
loss

Peter
Drucker
 The ABS “HSQEEn” Guide
The ABS Guide for Marine Health,
Safety, Quality, Environmental
and Energy Management
 developed with the objective of improving
safety & environmental performance in
the management and operation of
vessels.
 The ABS “HSQEEn” Guide
 provides the maritime industry
with a tool for enhancing marine
management practices and
further supporting
implementation of management
systems concerned with these
issues.
 The ABS “HSQEEn” Guide
The requirements are derived from the sound
management principles found in…

 OHSAS 18001:2007 – Occupational Health & Safety

management systems (H)

 ISM Code – International Safety Management Code

(S)

 ISO 9001:2000 – Quality Management Systems

requirements (Q)

 ISO 14001:2004 – Environmental Management

Systems (E)

 ISO 50001:2011 – Energy Management Systems (En)

 The ABS “HSQEEn” Guide

The HSQEEn Guide is principally a

Management System Model for
occupational health, safe operation,
prevention of pollution, preservation of
the environment, energy performance
and quality concerns.
www.absacademy.org

34