Moving From Compliance to Risk-Based Systems

Five Tips to Help OSH Professionals Make the Big Switch

By Pam Walaski
Walaski is an instructor for ASSE’s Risk Assessment Certificate Program seminar coming up at SeminarFest. Learn more about it here.

This article was first distributed in Professional Safety in November 2016.
To see the full article with images, charts and figures, click here.

5 tips for risk approach

Click here to view infographic

Many OSH professionals are aware that a shift in how we practice is occurring. The genesis of this shift began about 10 years ago when many thought leaders began to notice, among other things, that the number of serious injuries and fatalities (SIFs) was no longer decreasing, even for organizations with what many would refer to as best-in-class OSH programs.

In the next 5 years, many large organizations began studying the trend and postulated that the flaws in most OSH programs included:

  • the tendency to treat all incidents equally, leading to a failure to identify the subset that were more likely to have a significant outcome;
  • the use of Heinrich’s injury pyramid to advance the claim that reducing frequency also reduces severity;
  • the predominant focus on after-the fact approaches (e.g., incident investigations, lagging indicators to measure an organization’s performance) instead of proactive activities that could prevent future incidents;
  • the tendency to blame the worker for incidents along with the increase in popularity of behavioral observation programs, which ultimately reduced the likelihood of evaluating the system that created the error-provocative condition in the first place;
  • the use of low-level controls (e.g., PE, training, standard operating procedures) contingent on worker compliance to address high-severity risks.

In the past 5 years, a groundswell of OSH professionals, including Fred Manuele, P.E., CSP, Tom Krause, Ph.D., Rick Pollock, CSP, ASP, Kathy Seabrook, CSP, CFIOSH, EurOSHM, Fay Feeney, CSP, ARM, Ron Gantt, CSP, CET, and many others, has begun to promote a substantially different approach to OSH. ASSE President Tom Cecich, CSP, CIH, shared his thoughts on the topic in the August 2016 issue of Professional Safety, where he encouraged OSH professionals to make the shift from a compliance based approach to one that focuses on risk and safety management systems.

Although it is gratifying that many OSH professionals have signed on to these paradigm shifts, the overwhelming nature of where we begin to impact the necessary changes can admittedly be paralyzing. One way to unfreeze ourselves from this paralysis is to think of the adage about how to eat an elephant—one bite at a time. In keeping with that approach, this article advocates five relatively simple starting points that any OSH professional can undertake, regardless of the size of an organization or specific level of professional experience.

These five tips will not take a lot time or deplete scarce resources, but will help OSH professionals begin to lay the groundwork for the more intensive work to follow.

Tip 1: Become the Expert

Become the expert on risk in your organization. If you have not had the opportunity to work in an organization that emphasizes a risk-based approach, some of the critical concepts and implementation strategies may not be as familiar to you. To help lead your organization through the shift, however, you must be recognized for your expertise.

The simplest place to start is by reading. Dive into the ANSI/ASSE Z690 series: Z690.1, Vocabulary for Risk Management; Z690.2, Risk Management Principles and Guidelines; Z690.3, Risk Assessment Techniques; and TR-31004, Guidance for the Implementation of ISO 31000. Read, reread and imagine how it might work in your organization. Consider deepening your understanding by also becoming familiar with ANSI/ ASSE Z590.3, Prevention Through Design, and ANSI/ASSE Z10, Occupational Health and Safety Management Systems. Both standards describe a systemic way to think about any organization, and systems thinking is where OSH professionals need to be.

Take your learning one step further and find other professionals who are talking and writing about risk and systems thinking. The list of individuals noted is a good start. They can all be found on LinkedIn, and most post regularly to various LinkedIn groups where discussions of these concepts occur almost daily: ASSE, Safety Differently and ISO 31000 Risk Management Standard. The next time you attend a major conference, take part in sessions that address risk approaches. Reach out to the speaker after the session, get some resources from him/her, exchange business cards and get connected.

Tip 2: Stop Saying “OSHA Says”

To reframe the discussion, OSH professionals must stop relying on compliance with regulations to ground our recommendations. The next time someone in your organization asks your opinion on the safest way to approach a work task, avoid beginning the conversation by quoting OSHA regulations.

Please do not misunderstand this point. OSHA’s requirements are mandatory and OSH professionals are expected to help ensure that their organizations are in compliance. This article does not advocate abandoning this duty. But to encourage the workforce to think about risk and not compliance, help employees approach tasks from that perspective. Help them identify the risks of the tasks, then work with them to reduce the risk to an acceptable level by identifying the appropriate controls. If you were successful with Tip 1, this step is easier and will not only become the way you practice but will begin the process of changing the way people think about the work they do.

It is important for OSH professionals to change their language and approach to the workforce, but even more important when interacting with senior management. The profession has been stressing the importance of engaging the C-level executives for some time with limited success, in part because the language of OSH has been filled with hazard and OSHA and compliance.

The good news is that when the profession begins talking about risk and risk management it will resonate because it is how business is already being conducted. The ANSI/ASSE Z690 standards are not intended to be exclusively applied to OSH risk, but to all organizational risk, from supply chain management to business continuity to financial administration. Since the C-suite is already engaged in risk management, helping them incorporate OSH risk management is much simpler and cleaner.

Tip 3: Identify & Promote One New High-Impact Leading Metric This Year

As noted, most organizations (including the author’s) still rely primarily on lagging indicators as the key measures of OSH program success. Unfortunately, OSH professionals have promoted this concept for far too long so changing the long-standing mindset will not be easy. We will need to think through how to present the idea that days without a lost-time injury is not a measure of workplace safety.

Remembering the elephant concept, you can begin to make the transition by identifying one way to measure the organization’s success with a leading indicator and promote it in every way possible. Display it on the company intranet. Incorporate it into annual OSH goals. Make it part of whatever communication method is used: safety newsletters, e-mail blasts, the safety minute before the start of meetings.

At the same time, reduce the number of times you talk about lagging indicators and the places it is displayed. Once you have succeeded here, find another leading metric and get started on promoting that one, and so on.

Tip 4: Deep Dive Into the Data

We now know the belief that all incidents are created equal is flawed. But what are the precursors that can be used to identify the types of incidents? Reviews of large sets of data have led to a common recognition that the precursors for SIFs include unusual and nonroutine work, nonproduction activities, in-plant modification/construction operations, outage work, the presence of high-energy sources and upset conditions. How many of these apply to the work performed by your organization? How many were the direct cause of the most serious incidents? If you are working for a smaller organization and do not have a lot of incident data, look to sources such as Bureau of Labor Statistics, National Safety Council’s Injury Facts or trade associations.

This data review will help OSH professionals become familiar with the work that poses the highest risk. Once there, begin to build a risk management framework around assessing and mitigating the higher risks first. It will not be easy and will take time to create a risk management framework, but knowing where to start is important. Remember the elephant.

Tip 5: Find a Few Risk Champions

As we deepen our professional understanding of risk-based approaches, identify our organizations’ high-risk work and shift from compliance to risk thinking, OSH professionals should also identify like-minded people in our organizations.

Be on the lookout for employees who have risk management experience from previous employment, either from involvement with OSH risk management or from endeavors in related areas such as finance, marketing or stakeholder relations. Even if they lack experience in risk approaches, they may intuitively understand the goals of risk management. Think of those individuals as risk champions and look to them to be critical allies when shifting the organization. They can help you eat the elephant.


Changing from a compliance-based system to one that focuses on risk will not be easy, especially since OSH professionals have been preaching Heinrich, measuring lagging indicators and telling senior leadership that OSHA compliance would keep our workforce safe for more than 40 years. We cannot expect to change well-ingrained mindsets that we created overnight.

But we cannot let the overwhelming nature of the task cause us to freeze. Regardless of an organization’s size, our own professional risk expertise and how far we have to go, we can all start somewhere by remembering the elephant.

I leave you with a quote from Tom Cecich’s President’s Message (PS August 2016, p. 6):

The OSH profession is transforming. While regulatory standards will always be part of OSH programs, we deliver the greatest value to our organizations and clients when we use our technical knowledge to identify and assess risks, then apply our business skills to develop and communicate effective solutions. By doing so, we protect workers and ultimately contribute directly to our organizations’ success.