How effective is your compliance program at buying down risk?

Compliance is fundamentally about reducing stakeholder risk: risk to quality, risk to safety, risk to the environment, and ultimately risk to trust. Compliance manifests itself as programs within a company often structured by the source of risk such as quality, environmental, mechanical integrity, damage prevention, and so on. These programs ensure that appropriate risk is taken so that business outcomes can be achieved.

Compliance Value Chain

Making changes is also a significant source of risk for many companies but specifically for those in the oil & gas sector. To ameliorate these risks they follow a management of change (MOC) process to buy down risk. This process follows a series of steps aimed at assessing and managing risk throughout the implementation of the change and typically follow steps outline in the diagram below:

MOC Life-cycle Process

By assessing risk before and after the change companies are able to improve the visibility of risk across the entire organization to ensure that the organization is not taking on too much risk. In the following diagram the cumulative risk of proposed changes across business areas is shown. Companies can use this information to see if they are taking on too much operational risk. The data in this chart is taken from an actual facility with the areas obfuscated to ensure confidentiality.

Level of Risk Across All MOCs

Compliance management systems measure such things as the number of: defects, incidents, emissions, violations, and so on. While these are of some help they are lagging indicators only recording what has already happened.

However, changes to the level of risk is both a leading indicator and a measure of safety program effectiveness. The level of risk provides a leading indication of the progress made in buying down risk as well as an indication of what may happen which can be used to prevent and avoid the effects connected with the level for risk.

Measuring the level of risk is an essential practice of every effective process safety program. However, this practice is not only useful for oil & gas companies and process safety. With the introduction of the ISO 45001:2018 (OHS) requirements for management of change (MOC) the same practices can also be applied to improve the safety of workers.

In fact, an effective management of change program is crucial for all companies where the risks introduced by change can affect both safety as well as the mission success of the business.