Imagine you're attending a meeting to discuss potential dangers during a company restructuring. You, and everyone else present, understand the importance of identifying and mitigating hazards. But then, a key player storms out, claiming there's nothing to worry about.

Confused?

Welcome to the world of risk management, where narrow definitions often create blind spots and uncertainty.

This is exactly what happened to me. We were discussing operational threats stemming from a reorganization, something particularly critical in high-risk industries.

The Process Safety Manager (PSM), responsible for traditional hazard assessments, confidently declared he had no business there – "there are no hazards here," he stated before walking out.

In his world, "hazards" have a specific meaning. However, he failed to recognize a crucial point: the reorganization itself posed a risk to his ability to manage those very hazards. Changes in roles, responsibilities, systems, and processes could potentially disrupt his established safety protocols. In short, he was overlooking organizational hazards.

This incident highlights a critical challenge in risk management: silos and fragmented definitions. Different domains have their own risk vocabularies, often leaving broader threats unseen. What we need is a more holistic approach, something like Total Risk Management (TRM).

TRM would act as an umbrella, encompassing all potential sources of uncertainty that can impact an organization's success. It acknowledges that risks go beyond technical hazards and delve into organizational dynamics, reputational concerns, financial vulnerabilities, and more.

ISO 31000 from my perspective, recognizes what is well known to many in high-risk industries which is that uncertainty is the root cause of all risk. Uncertainty creates the opportunity for risk independent of its effects.

In fact, several risk-based regulations mandate this approach and further define its natures: aleatory and epistemic uncertainty which help direct what measures to use to handle them. These distinctions have helped manage complexities beyond the de-minimis and provide the foundation for a universal definition.

We're attempting to implement this philosophy and it's an uphill battle, but one worth fighting. By adopting a broader perspective on both risk and compliance, we can ensure that even during periods of change, we can effectively safeguard our people, operations, and ultimately, our mission.

Let's keep the dialogue going! Share your thoughts and experiences with risk & compliance. Together, we can elevate our understanding and create a safer, more resilient future for our organizations.