Administrative control of risk is used in industry in many forms, it appears as ‘use lists’ such as may be attached to petrol and LPG dispensers to define the way the equipment is to be used for safety reasons. Other examples include use of a recipe by cooks, laboratory methods, process specifications, and other forms of documented work instructions.

Risk in the workplace of an organisation, generally arises from exposure to a hazard. The magnitude of the risk is associated with the likelihood of an incident occurring (causing loss or injury), and the potential consequences (including adverse public perceptions or ‘outrage’, which can greatly magnify the risk to an organisation), of the incident.

These ‘operational risks’ are probably best controlled through application of a ‘hierarchy of controls’. In the case of ‘safety risk’, the following hierarchy is in general use:

• Elimination of the hazard.
• Substitution of a lesser hazard.
• Engineering control (e.g. isolation, guarding, ventilation, automated systems).
• Administrative control (such as rosters to reduce exposure, and policies and operating procedures which specify the work practice and precautions for a process).
• Personal Protective Equipment (which may be called up in operating procedures).

When the first three levels of the hierarchy of controls are applied there is ‘residual risk’, administrative control copes with this by defining the work practice in documented form.

Administrative risk control is called up under the ‘process control’ element of AS/NZS ISO 9000 (Quality Management Systems). This states in effect, that work shall be performed under controlled conditions, including use of process documentation, where lack of such documentation could reasonably be expected to adversely affect quality (safety, environment, security).

ISO9004.1 (Guide to ISO9000) defines ‘requirements of society’ as – quality, safety, protection of the environment, security, and conservation of energy and natural resources, and states that these should be considered when developing and documenting a Management System.

ISO1400 – Environmental Management Systems, and AS4804 – OHS Management Systems have requirements for Risk Assessments to be performed, and the ‘hierarchy of controls’ to be applied, which includes administrative risk control.

(All of the above standards are compatible with each other, and a new standard AS4581:1999 – Management System Integration, provides guidance on integrating quality, safety, environment and security management systems.)

The application of administrative risk control is essential where hazardous substances are in use. The very act of documenting a process means that it is visible to all, and measures can be taken to minimise exposure to hazards to a level which is tolerable to all stakeholders.

The principle espoused in Standards Australia Miscellaneous Publication MP34:1978 titled Guide to the Layout and Preparation of Standard Methods of Chemical Analysis, puts this quite succinctly when it says ‘If there are risks of explosion, fire or toxicity (including carcinogenicity) for which special precautions are necessary, a cautionary statement in bold type shall be included at the appropriate step in the procedure. Reference should be made to appropriate standards or regulations.’

DESCRIBING THE PROCESS

Everything we do is part of a process. A process is simply bringing resources together to produce an outcome. As the outcomes or results of a process vary, we need to constantly need to find more efficient ways of doing what we do.

Central to this unending search for process improvement is the need to examine the process, for we cannot improve a process we do not clearly understand.

We use the flow chart as a tool to help us systematically analyse process design and the customer model, to define the quality (safety, environmental effects, security) of the process. Together these tools provide a means of identifying opportunities for improvement within the process.

THE FLOW CHART

The Flow Chart shows in diagrammatic form how a process is carried out. Those actually working in the process either draw up flow charts themselves, or a person who has been specially selected to prepare flow charts is given the information he/she requires to construct one.

A flow chart contains the following key elements:

• A rectangle, representing a ‘stage’ or particular activity in the process that does not involve decision making.
• A diamond, that represents an activity that does involve decision making.
• A circle, that represents some other process to which the process we are dealing with relates, but which we are not dealing with in detail in this flow chart (the circle is also used to denote start and finish of a process), and
• An arrow, showing the direction of flow of the process.

A fifth element may be used to denote documentation outputs, which has a different symbol, however for the present considerations, we do not need this.

For reference purposes during analysis, we number each stage from beginning to end – 1 for the first stage, 2 for the second, and so on. (As we change the process we may need to renumber the stages).

There is often a lot of information written on the top of flow charts. It identifies the process, the process owner, the intent of the process, and when and by whom the chart has been completed. This information should be written in, every time.

We need to ask a number of questions before we draw up a flow chart:

We define levels in the following way:

• Macro: A general management or ‘helicopter’ view of the process, giving a broad overview. Cross-departmental or cross-sectional, involving numbers of people.
• Mini: A departmental manager’s or supervisor’s perspective. Involves two or more people. It is the most common level for analysis of the process.
• Micro: A very detailed analysis of a procedure. Carried out by one person only as a rule.

Macro processes are made up of many mini processes, and mini processes are made up of many micro processes. There may also be a number of levels of mini processes within a macro process.

Where does the process we are examining start and where does it finish? Processes are usually more complex, contain more steps and alternative courses of action than we realise, and extend further than we expect.

It will help us if we break processes up into manageable ‘chunks’ or sub processes for purposes of analysis. For example each A4 sheet will take up to about 10 symbols before it becomes overcrowded. 10 stages is a practical upper limit to aim for in each process (20 stages, if an A3 sheet is used).

A manageable sized sub-process can begin at any point and end at any point. However you should ensure that the commencing activity of one sub-process on a flow chart corresponds with the concluding activity for the previous sub-process. The point at which a process moves from one section or department to another, is a useful place to conclude a sub-process. We should be able to establish quality (safety, environmental, security) characteristics that are needed by a customer (external or internal) at that point.

Please remember, that if you simply try to fix one subprocess without, at some time in your investigation, relating that subprocess to the other subprocesses, that make up the big process, you may improve that subprocess but at the expense of the process as a whole.

This is particularly relevant where Hazardous Substances are involved in a process. A process may be ‘safe’ as far as potential to injure workers, but not provide the quality, environmental effects, or security outcomes required by the customer.

We may find it necessary, or desirable to alter the boundaries as you proceed, and to divide one process into a number of small processes to make examination more manageable.

What are we seeking to achieve with the process? What is the objective, or desired outcome? In other words, what is the Process Intent?

It is not a description of what happens, but a statement of what results we want from the process for ourselves, and our customers.

For example:

‘Enter all details on the Work Order’ – is a description of the process.

‘Provide accurately completed Work Orders to client departments within 48 hours of receipt’ –may be the process intent.

It assumes the process is working perfectly, and so provides us with a means of judging how effective a process is.

The Process Intent provides us with a unique opportunity to:

• Question why we are carrying out the process (at all), or why it couldn’t better be carried out be someone else (outsourced),
• Make sure everyone is working towards the same objective,
• Identify and resolve conflicting expectations (e.g. between supplier and customer),
• Establish ground rules for measuring and assessing performance,
• Examine assumptions that have developed as to why and how we do things, and
• Focus attention on the key reasons for doing what we do.

It is not something we draw up quickly, but something we carefully consider and discuss with those involved in the process. It may take a few hours, or even longer, and involve a re-thinking of our whole approach to the process.

Once an accurate statement of Process Intent is agreed, write it down at the top of the flow chart. Whenever the team reviewing the process meets, refer to the Process Intent at the outset, so that it serves to focus your efforts. Of course you may find it necessary to modify the Process Intent over time, as a result of your investigations and/or improvement activities.

Each process, or subprocess should be assigned a ‘process owner’. The process owner is responsible for making sure that action planned for the process is, in fact, carried out, and that the process is reviewed at regular intervals.

The process owner is generally the person most responsible for the outcomes of the process, and would normally have authority to make changes to the process. (However sometimes the end customer of the process is made the owner). An outsider, with no vested interest in the process, has sometimes been assigned the role of process owner.

In some cases two or more managers might compete for process ownership. They may determine between themselves who will be the process owner – if not, the manager to whom the other two ultimately report should take on the role.

PROCEDURE

Drawing up a flow chart takes time. For a large process it can take many hours. It shows how a process is actually carried out – not how it is supposed to be carried out (except when we wish to draw up or ‘imagineer’ a flow chart of the way a process should be carried out when it has been improved).

As a general rule, try to deal with manageable ‘chunks’ of a process at any time. You will find processes more complex than you thought, there are more decision points than you imagined, and more alternative courses of action.

Pay particular attention to the actions that follow when things go wrong in a process, e.g. we find ourselves out of a stock of an important part or material, when the computer says we should have some. These are sources which may lead to incidents causing waste, error or injury.

Flow charts are valuable documents. They should be carefully stored as permanent records. The process number should be written in the top right-hand corner. It is suggested each process be numbered for reference purpose, filing etc.

IDENTIFYING THE CUSTOMER

We define quality (safety, environmental effects, security) in terms of performance that pleases the customer (and other stakeholders). Ultimately that customer (society) pays the bill. In other words we must first discover what the customer’s requirements are. We need to identify our customers, both external and internal, construct customer models to determine performance requirements that we must deliver to please them, and if necessary redefine the desired intent or outcome of the process, in the light of our findings.

1. The external customer

Our primary responsibility is to please (satisfy) the external customer. Ultimately that customer pays the bill. Ultimately too, that customer defines the quality of performance that we must deliver, if we are to remain in business.

It is not sufficient in today’s competitive environment to simply produce to the customer’s requirements. We must endeavour to exceed that expectation because.

• Customers are often unaware of, or unable to express all the feature of, what to them constitutes a good product or service. They sometimes simply ‘know it when they see it’.
• Customer’s requirements are often expressed in merely numerical or mechanistic terms. However there are non-quantifiable and non- mechanistic features of products/services in most situations that ultimately become the real determinants of what constitutes good or bad service.
• Customer’s expectations are constantly rising. As we provide good service, so our customers grow to expect it and are increasingly disappointed when we fail to deliver it
• If we fail to constantly seek to please the customer (and other stakeholders) eventually someone else will do it, or offer it in our place.
• Working at providing more uniform and dependable products and services leads to lower overall costs and more innovative ways of doing things in the long run.

Services and product that please the customer result from:

• A clear understanding of what the customer would like to receive.
• An acceptance on the part of all those in the organisation of the customer’s right to that level of service.
• A motivation to provide quality (safety, environmental protection, security); and
• Processes designed to provide uniform, reliable delivery of the product or service.

We must therefore:

• Measure our performance on significant features of the product or service that will please the customer, e.g. through personal interviews, consumer research, product testing etc., and the means of constantly assessing performance on those criteria.
• Create and reinforce awareness of the need to please the customer (and society) at all levels in the organisation, and
• Ensure that the processes that deliver products and service are free of waste and error, do not injure workers or others, do not damage the environment and are secure.

1. The internal customer

The requirements of the external customer are of great importance. We also learn how important it is to recognise that we all have customers within the organisation. Indeed the next process is the customer.

In other words, we need to please the operator(s) in the next process with what we produce, and this we do by providing them with goods and services that meet or surpass their requirements – so that they, in turn can produce defect-free work.

THE CUSTOMER MODEL

It is important that you have direct discussions with customers and suppliers. On the basis of these discussions we can then draw up Customer Models for our customers – at each stage, as well as at the end of the process. This helps to ensure that only acceptable inputs will enter the process and only acceptable outcomes will leave it.

The Customer Model is obtained by actually asking each customer of a process, or stage of a process, what they need to enable them to do a perfect job themselves. Every significant characteristic is written down.

In constructing a customer model, do not be content with vague generalities. You will need to probe and discuss to construct a worthwhile model. As a result of the probing and discussion, you will generally find that you gain a new understanding of the process and uncover new avenues for investigation and new opportunities for improvement.

Try to quantify the customer’s requirements wherever possible. For example, do not be content with ‘delivered in good time’ as a customer requirement. Look for a specific time of the day, week or month, or a certain number of days, prior to the next step of the process commencing.

THE PROCESS SPECIFICATION

The Process Specification (Operating Procedure) is a textual document based on the flow chart of a process. It provides an auditable guideline for operations, and provides a basis for training new operators.

It should define the scope and application of the work practise it documents, and reflect management policies in the major risk areas (quality, safety, environment, security). These management policies should reference Australian Standards, call for risk assessments where appropriate, proactive implementation of controls and cost benefit analyses for any controls to be implemented.

This approach to risk control answers the question ‘Why would you write a Management Policy Manual when you are up to your backside in crocodiles?’

Be able to prove it

Alan Cotterell

Acotrel Risk Management Pty Ltd

30^th August 1999