The practice of continuous improvement is gaining traction within an across all industries. It goes by different names such as: Plan-Do-Check-Act, Lean, Toyota Kata, DMAIC, OODA, and others. Improvement initiatives are often triggered re-actively when issues or problems surface or pro-actively to enhance capabilities or in anticipation of risk due to the effects of uncertainty. These all rely on management having autonomy and discretionary authority to make changes in what objectives are chosen and how they are to be achieved.
In highly-regulated, high-risk industries it is not clear what kinds of choices management actually has authorization to make specifically when it comes to meeting safety, environmental, and regulatory obligations. The problems that come from these domains tend to be awkward shapes and sizes that may not align with existing structures which makes it difficult to know who is accountable or responsible.
As a consequence, improvement activities are often limited to closing-the-gaps in meeting prescriptive shall statements, and increasing the efficiencies of administrative controls such as: reporting, approvals, document management, and others; usually through the adoption of information technologies, automation, and data collection.
This confusion poses a significant challenge for organizations as regulations and industry standards continue to move towards performance and outcome-based designs. These frameworks require organizations to set goals and objectives usually in the context of advancing Vision Zero targets such as: zero harm, zero incidents, zero fatalities, and so on. Organizations are expected to choose appropriate strategies and tactics by which these objectives and goals will be met and advanced. To make progress, risk-based approaches and continuous improvement are required and foundational to most quality, safety, environmental, and regulatory management standards including those from ISO, API, CSA, OSHA, EPA, FDA, and many more.
However, when it comes to the reduction of harms, making improvements is not as easy as applying plan-do-check-act to every suggestion that is made. When people's lives are at stake problem-solving and continuous improvement take on a different form.
Malcolm K. Sparrow in his book, "The Character of Harms: Operational Challenges in Control" outlines a risk-based problem-solving protocol to help address managerial challenges. He suggests the following protocol:
Nominate and select potential problem for attention.
Define the problem precisely.
Determine how to measure the impact.
Develop solutions / interventions.
Implement the plan.
Periodic monitoring, review, and adjustment.
Project closure, and long term monitoring, maintenance.
Step 1: This activity is administratively separate from the others as it recognizes that the nomination of which problems to pay attention to may be different in both place and time from the decision and implementation processes. Although responding to problems when manifested is common place, it is the anticipation of problems as part of risk identification that leads to more effective harm-reduction measures.
Step 2: As with most problem-solving strategies it is essential that the problem be stated as clearly and concisely as possible. Root cause analysis is important to fully understand the nature and scope of the problem and even when found still needs to be studied particularly when it comes to choosing among alternate treatments. This step has a benefit of preventing (perhaps only slowing down) knee-jerk-reactions to act first before acquiring understanding.
Step 3: Understanding the nature of the outcome that should be targeted and how it will be measured is what separates successful interventions from those that are not. This step provides the methodological rigor that obliges management to consider relevant metrics related to the outcomes of a solution or intervention instead of the how it is implemented which is a common mistake.
Steps 4, 5, 6: Developing and implementing solutions and interventions requires alternatives. Modeling, simulation, and experimentation are essential to developing options. It is often not the first option chosen that is most effective, and so any presumption that the first option must necessarily succeed should be abandoned in favor of cultivating more effective alternatives. This highlights the need for periodic monitoring, review and adjustment which may include choosing another approach. Of course all of these steps should be done in such a way that limits making matters worse. Paying attention to exposing latent risk and the emergence of new risks is critical to success.
Step 7: As is all too common when managing changes is it is easier to create new projects than to close existing ones. Projects may be closed because they succeeded at their harm-mitigation or that success is not possible. It is just as important to recognize in-effective interventions and stop them when there is little chance of success. This is why Step 3 is so important to identify what success looks like and when initiatives should be cancelled.
Executing individual initiatives is different from managing a portfolio of them which is why managerial infrastructure and support is necessary. Organizations will need various systems surrounding each step in the problem-solving protocol. These may manifest themselves differently for each organization but will tend to follow common project portfolio capabilities used for business, IT, and other project-related endeavors.
However, what is most important are the skills to effectively practice goal-directed problem-solving in the presence of uncertainty. This requires skills more akin to risk rather than productivity management, and a change process that improves the probability of successful outcomes rather than the completion of tasks.
Organizations in high-regulated, high-risk industries have for years operated under prescriptive regulations that have defined how harm and risk-reduction must be done. Improvements to such things as occupational, process, pipeline, and environmental safety tend to be limited to closing-the-gaps between work-as-prescribed and work-as-done, along with improving efficiencies in administrative controls.
However, the shift towards performance and outcome-based regulatory designs now requires organizations to determine their own means by which risk will be reduced and how harm-reduction outcomes will be advanced. This requires continuous improvement but a different kind than simply applying plan-do-check-act practices.
 Malcolm K. Sparrow, "The Character of Harms: Operational Challenges in Control"
 Raimund Laqua, "Risk-based Continuous Improvement", https://www.leancompliance.ca/post/risk-based-continuous-improvement