I probably need to develop a deliberate risk assessment. who would lead that?

Risk assessment and management was established as a scientific field some 30–40 years ago. Principles and methods were developed for how to conceptualise, assess and manage risk. These principles and methods still represent to a large extent the foundation of this field today, but many advances have been made, linked to both the theoretical platform and practical models and procedures. The purpose of the present invited paper is to perform a review of these advances, with a special focus on the fundamental ideas and thinking on which these are based. We have looked for trends in perspectives and approaches, and we also reflect on where further development of the risk field is needed and should be encouraged. The paper is written for readers with different types of background, not only for experts on risk.

Ranking or prioritizing hazards is one way to help determine which risk is the most serious and thus which to control first. Priority is usually established by taking into account the employee exposure and the potential for incident, injury or illness. By assigning a priority to the risks, you are creating a ranking or an action list.

There is no one simple or single way to determine the level of risk. Nor will a single technique apply in all situations. The organization has to determine which technique will work best for each situation. Ranking hazards requires the knowledge of the workplace activities, urgency of situations, and most importantly, objective judgement.

For simple or less complex situations, an assessment can literally be a discussion or brainstorming session based on knowledge and experience. In some cases, checklists or a probability matrix can be helpful. For more complex situations, a team of knowledgeable personnel who are familiar with the work is usually necessary.

As an example, consider this simple risk matrix. Table 1 shows the relationship between probability and severity.

Severity ratings in this example represent:

• High: major fracture, poisoning, significant loss of blood, serious head injury, or fatal disease
• Medium: sprain, strain, localized burn, dermatitis, asthma, injury requiring days off work
• Low: an injury that requires first aid only; short-term pain, irritation, or dizziness

Probability ratings in this example represent:

• High: likely to be experienced once or twice a year by an individual
• Medium: may be experienced once every five years by an individual
• Low: may occur once during a working lifetime

The cells in Table 1 correspond to a risk level, as shown in Table 2.

These risk ratings correspond to recommended actions such as:

• Immediately dangerous: stop the process and implement controls
• High risk: investigate the process and implement controls immediately
• Medium risk: keep the process going; however, a control plan must be developed and should be implemented as soon as possible
• Low risk: keep the process going, but monitor regularly. A control plan should also be investigated
• Very low risk: keep monitoring the process

Let's use an example: When painting a room, a step stool must be used to reach higher areas. The individual will not be standing higher than 1 metre (3 feet) at any time. The assessment team reviewed the situation and agrees that working from a step stool at 1 m is likely to:

• Cause a short-term injury such as a strain or sprain if the individual falls. A severe sprain may require days off work. This outcome is similar to a medium severity rating.
• Occur once in a working lifetime as painting is an uncommon activity for this organization. This criterion is similar to a low probability rating.

When compared to the risk matrix chart (Table 1), these values correspond to a low risk.

The workplace decides to implement risk control measures, including the use of a stool with a large top that will allow the individual to maintain stability when standing on the stool. They also determined that while the floor surface is flat, they provided training to the individual on the importance of making sure the stool's legs always rest on the flat surface. The training also included steps to avoid excess reaching while painting.

Risk is inherent in all tasks, training, missions, operations, and in personal activities no matter how routine. The most common cause of task degradation or mission failure is human error, specifically the inability to consistently manage risk. ORM reduces or offsets risks by systematically identifying hazards and assessing and controlling the associated risks allowing decisions to be made that weigh risks against mission or task benefits. As professionals, Navy personnel are responsible for managing risk in all tasks while leaders at all levels are responsible for ensuring proper procedures are in place and that appropriate resources are available for their personnel to perform assigned tasks. The Navy vision is to develop an environment in which every officer, enlisted, or civilian person is trained and motivated to personally manage risk in everything they do. This includes on- and off-duty evolutions in peacetime and during conflict, thereby enabling successful completion of any task and mission. Navy commands and activities accomplish this by executing a four pillar strategy.

It is required that all NPS Personnel take ORM training when they come on board, and every three years thereafter.

• Individual Managing Your Risk (CIN - CPPD CPPD-ORM-MYR-1.0). This training has a mandatory triennial completion requirement for all Navy personnel.
• Supervisor Managing Your Team’s Risk (CIN - CPPD-ORM-MYTR-1.0). This training is required upon initial assignment of supervisory responsibilities and every 36 months while assigned at command. 

In addition to these triennial trainings, there is an annual ORM Refresher training.  It is required for all individuals (Civilian and Military) per OPNAVINST 3500.39D.

Methods of training:

• NEW MOBILE APP!!  This is by far the easiest way to complete your ORM training requirements. After you complete the training, you will be prompted to input the DoD ID Number from the back of your CAC. The training will then be documented as completed in ESAMS but it may take a week for it to show. You may download the app for Android and Apple devices:
• ESAMS - All NPS Staff and Faculty (but not Students) should have an active ESAMS account.  If you are unable to log in, contact [email protected] 

The most common idea of what ORM is revolves around a simple five-step process that is most frequently used in planning, or at the Deliberate Level. These five steps are:

Step 1. Identify hazards - A hazard is any condition with the potential to negatively impact mission accomplishment or cause injury, death, or property damage. Hazard identification is the foundation of the entire RM process. If a hazard is not identified, it cannot be controlled.Step 2. Assess the hazards - For each hazard identified, determine the associated degree of risk in terms of probability and severity. The result of the risk assessment is a prioritized list of hazards, which ensures that controls are first identified for the most serious threat to mission or task accomplishment. Combine the severity with the probability to determine the risk assessment code (RAC) or level of risk for each hazard, expressed as a single Arabic number. Although not required, the use of a matrix (such as the one below) is helpful in identifying the RAC. In some cases, the worst credible consequence of a hazard may not correspond to the highest RAC for that hazard. For example, one hazard may have two potential consequences. The severity of the worst consequence (I) may be unlikely (D), resulting in a RAC of 3. The severity of the lesser consequence (II) may be probable (B), resulting in a RAC of 2. Therefore, it is important to consider less severe consequences of a hazard if they are more likely than the worst credible consequence, since this combination may actually present a greater overall risk.

Which is the best example of the deliberate level of risk management?

What's the first step of the deliberate ORM process?

Who is responsible for applying the ORM process within the command?

What are the three factors in the assess step of risk management?