Risk teams are no strangers to the nuanced threat of data breaches and system compromises. Yet an emerging peril is making breach risk management even more complicated. The rise of the third-party breach, sometimes called a supply-chain attack, is adding to the list of risks faced by public sector organizations.

Third-Party Breaches on the Rise

An analysis of U.S. data breaches in TransUnion’s 2023 Omnichannel Fraud Report showed a 145% increase in third-party breaches between 2020 and 2022. The severity of the breaches, in terms of the potential identity and fraud risks measured by TransUnion’s Breach Risk Score algorithm, also rose by 23%.

Cybercriminals favor third-party breaches mainly because of the scale they provide. Penetrating the cyber defenses of a large enterprise can take months of research and multiple attempts. Targeting smaller service providers — which often have less robust cybersecurity resources — can give attackers access to the data and systems of dozens of the organizations that vendor services. With less effort and higher volume of targets, bad actors realize significant financial gain.

Disproportionate Impact on the Public Sector

While third-party breaches can happen to organizations in any sector, last year’s MOVEit breach is an example that drastically impacted public institutions.

While colleges and universities have taken the greatest hit, a significant number of government agencies and public health programs were also affected. Sensitive personal data was stolen from several high-profile users of the platform, including the US departments of Energy and Agriculture; New York City School District; registries of motor vehicles in Oregon and Louisiana; Colorado’s state health agency; and more than 850 colleges and universities.

Criminal access to private personal data, such as student records and driver’s license information, exposed millions of constituents to the risks of identity theft, social engineering scams and financial schemes.

Numerous Post-Breach Risks Impact Public Organizations

As risk management teams plan for potential third-party breaches, they should establish controls and mitigation strategies that not only help reduce the risk of such attacks, but also help the organization recover in the wake of an incident.

Some of the considerations to weigh when planning those strategies include:

• Ongoing disruption of services or benefits for constituents. By their nature, third-party breach forensics takes longer, often delaying restoration of critical systems and processes.
• Undue stress and hardship among employees. Whether fielding calls from upset constituents or losing access to technology, breaches can make even menial tasks a headache.
• Exposure of internal and employee data. Cybercriminals frequently seek personal data of employees to help them pull off sophisticated social engineering schemes that can provide access to the employer’s systems.
• Loss of trust that can occur among constituents, the public and funding sources.
• Long-tail exposure of sensitive data. Once stolen data is brokered on the dark web, it can cause problems for victims for years.
• Compliance with state notification rules. Regulations are wildly varied depending on the state, the size of the breach and even the sector — and they frequently change.

After rampant attacks in 2023, cybercriminals are eyeing opportunities to replicate their success in 2024, so the threat of supply chain attacks is only expected to increase. Make sure your team has taken the proactive steps to minimize the risk of being caught in a supply-chain attack — and that your organization has a response plan in place to enable a fast, effective reaction if an incident does occur.

*The views and opinions expressed in the Public Risk Management Association (PRIMA) blogs are those of each respective author. The views and opinions do not necessarily reflect the official policy or position of PRIMA.*

In an increasingly complex and interconnected world, too many risk and safety teams continue to function with siloed data, systems, processes and operations.

Without cohesion between risk management and safety teams, organizations miss out on a single source of truth that enables fully informed risk management decision-making for all parties.

Public entities that use different technology systems for their risk and safety groups or rely on manual processes experience resounding impacts: Risk managers are left in the dark as to how safety programs are affecting their total cost of risk (TCOR), and safety managers struggle with proving that their initiatives have tangible, measurable benefits.

True strategic risk management requires collaboration between risk and safety teams, seamless data integration, and a unified, core system to power it all. This can be achieved with an Integrated Risk Management (IRM) approach.

3 Steps to Integrated Risk Management Implementation

An IRM approach is based on an acknowledgment that an organization’s risks are inherently interconnected, and that one incident can have a snowball effect that impacts the entire organization.

For example, risk managers benefit from safety initiatives that result in fewer workplace incidents, claims and ultimately a lower TCOR. Similarly, safety managers gain evidence-based data that illustrates the positive financial outcomes of their initiatives to gain stakeholder buy-in and further investment.

An IRM strategy brings the two teams together to proactively implement risk mitigation across all departments. To eliminate silos and consolidate claims and policy data, an IRM strategy will proactively identify and report on interconnected risks that require unified responses.

There’s no one-size-fits-all approach to IRM. Instead, your strategy will be based on how your organization operates and functions across risk management, safety and compliance. These three steps will serve as a baseline guiding IRM adoption:

A strong commitment from all stakeholders is crucial for an IRM strategy to take hold.

Foster leadership buy-in by aligning IRM goals with projected financial outcomes. This is, of course, one of the greatest challenges to any organization when it comes to IRM adoption. As with any change management initiative, leadership support will frame the entire implementation for all teammates.

• Assess data availability and the culture of risk across your organization. IRM spans departments and functions, so it’s imperative to get a clear picture of where your organization is generating useful data and where pertinent details are missing. Assess your cultural strengths and weaknesses and seek out opportunities to support a more risk-aware culture wherever you can.
• Consider how to manage the project and be clear about your objectives and intended results. IRM is only successful when it is adopted and practiced by everyone involved, so make sure the responsibility for outcomes is shared across departments to help promote collaboration. Commit to clear, timely communications when there are new developments or changes to IRM-related policies and procedures.

Once you’ve solidified the strategy, you’ll need to shift gears to implementation. Agile risk and safety management technology is necessary for supporting your IRM approach. Ask yourself: Is our current risk and safety technology up to the challenge?

Comprehensive, organization-wide risk mitigation is a hefty undertaking that requires a significant investment of time and resources. Implementing an IRM strategy has lots of moving parts. Take it one step at a time and elicit support from software experts who can help your organization achieve its goals with the right technology.

IRM Benefits: Fewer Claims and Strengthened Partnerships

The value gained by organizations that adopt an IRM approach is immense. A successfully implemented IRM strategy results in:

• Fewer incidents and injuries
• Avoidance and reduction in claims costs and potential litigation
• Strengthened partnerships with brokers and agents that can lead to negotiating lower premiums
• Improved workflows, metrics and trend reports to support your team’s efficiency and decision making

Public sector risk managers can make more informed decisions with a deeper understanding of the big picture around risk and safety. Ultimately, they are better equipped to allocate resources, prioritize risk efforts, proactively mitigate future risks, ensure regulatory compliance, promote health and safety, and reduce TCOR.

The IRM system’s interconnectedness compounds its value. Triumphs in one area of the organization can now flow to others — problems are identified sooner and prevented from muddying the rest of the organization’s waters.

Once you decide to make the leap to integrated risk management, stay the course. You’ll soon reap the benefits that an IRM approach has to offer.

*The views and opinions expressed in the Public Risk Management Association (PRIMA) blogs are those of each respective author. The views and opinions do not necessarily reflect the official policy or position of PRIMA.*

It may seem intuitive that getting adequate rest results in better performance at work, school and play. We make sure our kids go to bed on time (not always an easy task!) because we know they need their sleep to do well in school. Athletes train hard and know that they need to be well rested to reach their peak performance.  Yet the work culture in the United States embraces an overworked and over-fired workforce and tends to reward long hours and minimal breaks. We are told that it demonstrates diligence and commitment, and it is what is needed to achieve success.  Sometimes, it even works out that way.

However, it is likely that most will admit that physical, cognitive and psychological fatigue results in lower quantity and quality output. This lack of production and quality are likely to result in errors with financial consequences or reflect poorly on the organization. Consider the implications of errors of omission or commission in safety-sensitive work.

You may be aware that missing sleep time can have similar effects on function as with alcohol intoxication, and we all can agree that use of alcohol in the workplace is dangerous. The CDC reports that people with sleep problems are 62% more likely to experience a workplace injury, and insufficient sleep or poor sleep quality has been linked to 13% of all workplace injuries. Sleep problems are very common, indicated by the CDC reporting that 43% of workers are sleep deprived.

An article in the Journal of Occupational Health Psychology, in 2019, looked at Oregon workers and concluded that cognitive failures with insomnia included not remembering correct work procedures or whether equipment was turned off. Workers were found to unintentionally press control switches on machines and stopped or started machines by mistake.

If you consider some of the mechanisms our brains use for efficiency, it is not difficult to understand how fatigue from poor sleep can cause problems like this. We tend to make most decisions automatically without conscious thought, and that instinct becomes more likely when we are fatigued. We think we see everything in view, but in fact we are very selective about what we notice, and this amount is reduced with fatigue. We believe we have much better recall than we actually do, and it is much worse when we are fatigued. So, when we are sleep deprived, we are more easily physically and cognitively fatigued, and our brains have much more influence in pushing us to take the easy path.

There is growing evidence suggesting inexpensive and low-tech efforts by employers to encourage better sleep habits and general fitness result in self-reported improvements in sleep-related outcomes, which is associated with reduced absenteeism and better overall quality of life. Please encourage your safety teams and supervisors to continue to observe for and take steps to mediate workplace impairment deriving from sleep problems.

*The views and opinions expressed in the Public Risk Management Association (PRIMA) blogs are those of each respective author. The views and opinions do not necessarily reflect the official policy or position of PRIMA.*

The 2024 PRIMA Conference was a valuable experience as a student scholar that allowed me to network with other professionals in the field and fine-tune my career goals. Being awarded the student scholarship not only provided me with an invaluable experience, but I was also able to learn alongside my father, a guest speaker at the conference.

My biggest takeaway from the conference was networking with others in the field and receiving valuable advice as I enter the risk management field as a recent graduate. I was able to meet and discuss risk management careers with PRIMA’s 2023 Public Risk Manager of the Year and many other professionals. Before the morning meetings in the conference hall, I had breakfast with someone new daily and discovered new career possibilities within the risk management field. Prior to the conference, I was unsure of my career plans after college, but after attending PRIMA 2024, I feel confident in my decision to pursue a career in risk management and work towards my ARM designation. Overall, the networking opportunities during PRIMA 2024 were endless, and I could make connections nearly everywhere I went.

My favorite part of PRIMA was attending breakout sessions that interested me. As a recent business/HR graduate, I found the following sessions most impactful: The Essential Elements for Effectively Improving Human Performance and Reducing Liability Through Wellness. These two sessions discussed many of the topics and issues I learned during my undergrad. I enjoyed being able to apply my past educational knowledge during the conference. One of the speakers made the point that in order to “move the needle” and see positive change in employee wellness, we need to focus more on the front end rather than the back end. Too often, many of those in HR positions are focusing on issues that employees are already aware of and are not taking a proactive and people-first approach to mitigate these long-standing issues. I was shocked to find out not only how bad the mental health crisis has gotten, but that many mental health survey results are severely underreported, signifying that it’s much worse than the numbers say. I learned just how important a front-end approach to employee wellness is because, without it, you have burnout and anger among workers. In terms of public safety personnel, this burnout and anger then translate to an increase in risk-taking behavior without the ability to foresee future consequences.

Overall, it was fascinating to hear about the speakers’ different experiences and the steps that led up to where they are today. It was an amazing opportunity to be able to attend the PRIMA 2024 conference. I plan to take the knowledge I gained with me and remain eager to learn as I step out into the risk management field.

*The views and opinions expressed in the Public Risk Management Association (PRIMA) blogs are those of each respective author. The views and opinions do not necessarily reflect the official policy or position of PRIMA.*

This month, I was so grateful to be given the incredible opportunity to attend the 2024 PRIMA conference in Nashville with all expenses covered as a PRIMA scholar. As I arrived at the conference venue, it became apparent how significant of a gathering this was and how important it was for me to be a part of it. Experts from all around the country gathered together to share strategies and new insights into the world of public risk. From the conference center where I walked around speaking to representatives of insurance companies to the sessions, there were so many opportunities to learn more about public risk management and insurance.

The sessions covered a wide range of topics but the one that caught my attention the most was on the future of cyber risk. As a cyber insurance intern this summer, I found this session to be extremely interesting and helpful to prepare me for my summer internship. I also recall the words of the first speaker who talked about only living once, and I thought that it was a great way to start the conference and get everyone excited. It especially motivated me to be the best version of my self at the conference and helped me understand how much the risk management and insurance industry values work-life balances.

The conference center with the booths was a special part of the trip for me as it allowed me to gain knowledge in a one-on-one conversation about what they each do for of their companies. This was also a great opportunity in helping me prepare for my next summer internship, as many of the companies were excited about our attendance at the conference and encouraged us to apply for internships. Beyond the formal sessions, networking was a highlight of the conference. I was able to meet the PRIMA mentors who were welcoming right from the start and ready to share some of there knowledge that they gained from their positions. I am also especially grateful for being able to attend the conference with other college students as it made it more comfortable for us to navigate the sometimes intimidating circumstances. I was able to learn from my fellow scholars about their experiences at there own schools as well.

I am immensely grateful for the scholarship that made this experience possible. This trip affirmed my commitment to pursuing a career in risk management and insurance. The trip also excited me about going into my summer internship and continue learning. Attending the 2024 PRIMA conference was such an amazing opportunity and I will carry with me the lessons learned and the friends and connections that I made long into my future career.

*The views and opinions expressed in the Public Risk Management Association (PRIMA) blogs are those of each respective author. The views and opinions do not necessarily reflect the official policy or position of PRIMA.*

The PRIMA Annual Conference 2024 in Nashville, Tennessee served as an ideal platform for my professional growth and networking. Stepping into the Music City for the first time, I felt a mix of excitement and trepidation, but that fear was immediately overcome by awesome music, delicious food (made fresh), and great Southern Hospitality! The event consisted of risk professionals from all over the nation and I was delighted to meet people from my state of North Carolina! The conference also consisted of keynote speakers, presentations and workshops that helped me gain valuable insights into topics such as enterprise risk management and cyber risk. Furthermore, the engagements provided me with practical knowledge that I could apply to my future endeavors.

Moreover, networking played a pivotal role in my conference experience. I engaged with professionals from various industries, including insurance, healthcare, financial services and from major cities around the nation! After the conference, I managed to connect with these leaders regarding career opportunities and further networking opportunities. Furthermore, I had the opportunity to sit through keynote speeches and real-world case studies that showcased the impact of risk management in today’s business environment; their resilience and adaptability served as motivation for me to pursue a potential career in this field.

Lastly, this opportunity granted me a chance to build an everlasting relationship with the other PRIMA scholars for this year’s scholarship. Although we came from different areas in the nation, we instantly connected and became family-like to one another. The three days that we spent together felt like an invigorating summer trip. I am grateful and honored for them, the administration of PRIMA, the conference attendees, and Nashville locals for making this experience and my birthday an exciting adventure for me.

Since attending the 2024 PRIMA Annual Conference, the following key lessons emerged from my experience: the value of diverse perspectives, the power of collaboration and the impact of risk management. If students are contemplating applying for this scholarship, please take advantage of it. This experience is not just about receiving a scholarship, it is about traveling and meeting skilled professionals who can help you take your career to the next level!

*The views and opinions expressed in the Public Risk Management Association (PRIMA) blogs are those of each respective author. The views and opinions do not necessarily reflect the official policy or position of PRIMA.*

Attending the PRIMA Annual Conference as a scholarship recipient was a transformative experience that significantly enhanced my understanding of public risk management. This annual event gathers professionals all over the country and offers over 50 interactive sessions and workshops, providing an invaluable educational opportunity.

Before I go any further, allow me to explain my findings about public risk management and PRIMA to all future scholarship recipients, or anyone in general, who still doesn’t have any idea what all this is about.

Public risk management plays a crucial role in ensuring that public organizations, such as cities, schools, and local governments, operate safely and maintain financial stability. Risk managers in the public sector are responsible for addressing a variety of issues, including employee safety, property protection and legal liabilities. Their ultimate goal is to safeguard public resources, covering responsibilities such as public safety, emergency preparedness and environmental protection. In easy words, public risk management is similar to being a guardian or caretaker of a playground. The risk manager's job is to make sure all the equipment is safe to use, like checking swings and slides for any dangers. They also ensure that everyone plays by the rules and doesn't get hurt, while making sure the playground stays clean and well-maintained for everyone to enjoy safely.

PRIMA, like a specialized toolbox, is a non-profit organization. It serves as a dedicated resource hub, much like a well-stocked workshop, providing professionals in public risk management with essential tools such as conferences, seminars, publications and webinars. These resources are designed to help members craft efficient strategies for tackling the distinctive challenges they encounter. In equipping public risk managers with these tools, PRIMA ensures they are well-prepared to handle and minimize risks effectively.

Arrival and Initial Impressions

Next, let me explain how the first day went, as it's the most crucial time for all the scholars who might be clueless about what happens after they get there.

My journey began with an early arrival at the hotel at 5:55 AM, much earlier than I had anticipated. Fortunately, the hotel staff accommodated my early check-in, allowing me to rest before the day's activities. The conference commenced with a President's Reception at 4:45 PM, where I met fellow scholarship recipients and mentors. Despite initial concerns about feeling out of place, the warm and friendly atmosphere quickly put me at ease. The reception provided an opportunity to introduce ourselves and connect with several experienced risk managers, including PRIMA's former president, Laurie Olson.

After that, the conference featured a welcome reception and dinner at 6:30 PM, where I enjoyed delicious food and made additional connections, including with Michael Cale from Wilber Company. His insights about his company and his motivation to help people resonated with my own aspirations.

Favorite Session and Conference Experience

Throughout the PRIMA Annual Conference, three general sessions stood out, but my favorite was Greg Offner’s "The Tip Jar Culture." Before attending the sessions, I thoroughly researched each speaker to understand their backgrounds and the topics they would be discussing. This preparation allowed me to engage more deeply with the content. Greg Offner's journey was particularly intriguing, he transitioned from being a corporate HR consultant and professional dueling piano player to a keynote speaker and corporate consultant after suffering severe voice damage and undergoing 15 surgeries. His presentation was both entertaining and highly informative, offering valuable insights into creating a desirable organizational culture.

Greg Offner's session, "The Tip Jar Culture," provided a wealth of practical insights into creating an engaging and appreciative organizational culture. His journey and the concepts he introduced were both inspiring and applicable, offering valuable lessons for enhancing employee engagement, appreciation and overall organizational performance. This session stood out to me not only for its content but also because my prior research helped me fully appreciate the depth and relevance of Offner's insights.

The conference offered a wide range of sessions and workshops, each presenting unique perspectives and solutions to various challenges in risk management. But my favorite feature is not any conference speech, it is the Business Exchange. It provided a unique opportunity to meet with risk managers individually and gain insights into their specific roles and organizational operations. Again, here I met Michael Cale at his company’s booth, and he has been such a good 'unofficial' PRIMA mentor to me. This session underscored the collaborative spirit among public risk managers, in contrast to the competitive nature often found in the private sector.

Networking was a significant aspect of the conference experience. I also had the opportunity to meet a retired public risk manager who shared invaluable financial advice, including details about his million-dollar pension, a revelation that was both surprising and inspiring.

*The views and opinions expressed in the Public Risk Management Association (PRIMA) blogs are those of each respective author. The views and opinions do not necessarily reflect the official policy or position of PRIMA.*

Transitioning from a biology background to a finance career has been an eye-opening journey for me. Last summer, during my internship at the Port of Seattle, I gained invaluable insights into organizational operations and the crucial role of risk management. Participating in meetings and listening to discussions about strategic risk assessment and mitigation strategies captivated me. Witnessing how these measures could effectively safeguard the Port's assets and operations sparked a newfound passion within me for risk management. This experience motivated me to delve deeper into understanding the dynamics of risk management.

This newfound passion and interest ultimately led me to pursue further opportunities for learning and growth. When I learned about the chance to become a student scholar and attend the 2024 PRIMA Annual Conference in Nashville, I saw it as a golden opportunity to expand my knowledge and connect with experts in the field. Attending such a prestigious conference would allow me to deepen my understanding of risk management practices, network with industry leaders and explore innovative strategies.

During the conference, I was filled with excitement and anticipation as I navigated through sessions and workshops led by industry experts. Each session offered a unique perspective on risk management, covering interesting topics such as the Passion Effect, the history of risk management, emerging trends and cyber security. The opportunity to learn directly from leaders at their fields' forefront was inspiring and educational. Moreover, networking at the conference was instrumental in broadening my understanding of risk management across industries. Engaging with professionals not only provided invaluable insights into current industry trends but also offered invaluable mentorship opportunities. Discussions with fellow attendees, including other student scholars, fostered an environment where diverse perspectives enriched my passion for the field.

Beyond the enriching learning sessions, exploring Tennessee added a captivating cultural dimension to my conference experience. Immersing myself in Nashville's vibrant music scene and rich history offered a refreshing perspective that complemented the intensive learning atmosphere. From visiting iconic music venues to discovering the city's historical landmarks, every moment outside the conference venue added to my appreciation of Nashville's unique cultural heritage.

Looking ahead, the insights gained from the 2024 PRIMA conference have reinforced my commitment to pursuing a career where I can effectively navigate uncertainties and foster organizational resilience. I am eager to apply the knowledge and strategies learned to contribute meaningfully to the field of risk management. This experience has also motivated me to continue seeking opportunities for professional development and growth, including further education and networking within the industry. Overall, the conference exceeded my expectations by providing a comprehensive and immersive experience that deepened my appreciation for the complexities and opportunities within risk management. It has undoubtedly shaped my career aspirations and equipped me with valuable insights that will guide my future endeavors in the field.

*The views and opinions expressed in the Public Risk Management Association (PRIMA) blogs are those of each respective author. The views and opinions do not necessarily reflect the official policy or position of PRIMA.*

My name is Andrew Ivanovski, and as a recipient of the 2024 PRIMA student scholarship, I was granted the opportunity to attend this year’s annual conference. To preface this post, I will voice my philosophy: education is what one makes it, and that is exactly what I have done.

For my entire life I have been the insured; I pay my car insurance, have health insurance and that is it. Prior to starting college, I viewed insurance as a monthly premium, rather than an enticing industry. This past year, as a student at St. John’s University, I have taken initiative in attending every industry related event I could, therefore, once notified of the PRIMA scholarship I was eager to apply. Flash-forward a few months, and I was flying to Nashville, where the conference was held.

Upon arrival I met the other student scholarship recipients, and we instantly bonded. Immediately, I could tell that this group of students had ambition and passion for what they are studying, after all, it was apparent in the willingness to attend the conference. PRIMA hosted a four-day event, where each day encapsulated something new; many topics interested me, some did not, but there was a variety, and for that I am highly appreciative.
As I stated earlier, my philosophy on learning stems from one’s own drive to excel, and that is achieved through conversation. After attending this conference, I honestly say that I have expended my knowledge of risk management, particularly pertaining to that of the public sector. Yes, there were events that I initially found uninteresting, but ironically, I had some of the best conversations with professionals intrigued in those topics. I find that when people are passionate in what they study, a listener wants to listen.

At St. John’s I am currently studying actuarial science, in which I am an aspiring actuary, and this truly elevated my conference experience. It is extremely important to be more than one dimensional, and therefore, the opportunity to speak with risk managers provided me with an entirely new perspective on the insurance industry. For example, the intricacies of risk management within different districts, cities, etc.

Growth. That was my main takeaway from this conference. On day one, I walked in knowing very little about public risk management, as I am only familiarized with the private sector, and by day four I left with knowledge and a network I did not previously have. Not only was the conference educational, but it was also fun. I truly enjoyed the emerging risks panel, as it was extremely relevant, especially when considering the ever-changing cyber industry.

My favorite event of the conference was the presentation on teamwork. I gravitated towards this event because it has everything to do with insurance and risk management; teamwork is the premise of growth and conversation. I applaud PRIMA for including this presentation, and I want to thank PRIMA once more for this amazing experience. Honestly, I learned a ton.

*The views and opinions expressed in the Public Risk Management Association (PRIMA) blogs are those of each respective author. The views and opinions do not necessarily reflect the official policy or position of PRIMA.*

The idea of having a checklist, a comprehensive list of items to consider before beginning work, is probably one of the single most effective methods to ensure the safety of workers and property. When employees find themselves doing unfamiliar tasks, or doing routine tasks in an unfamiliar environment, a job hazard analysis (JHA) is widely used to identify and analyze the associated hazards.  Even performing a familiar activity can bring about new and unknown hazards if it’s done under unique conditions or in unfamiliar places. It is crucial to account for the surrounding environmental conditions, the location and any unique circumstances of the environment for a JHA to be effective.

A comprehensive JHA does not have to be reinvented for every event. The main components and steps of a particular task can be documented in a way to allow the end user to adapt them to the environment. This allows the employee to focus on the unique hazards of the present environment and to incorporate safeguards to protect employees and property while ensuring that the routine task is done safely.

A great example of this is the modern incarnation of the pre-flight checklist. The idea of a comprehensive pre-flight analysis was first introduced at the Boeing Company following the 1935 crash of a Boeing B-17 in Dayton, Ohio that killed both pilots. The investigation found that the pilots had forgotten to disengage the gust locks which stop control surfaces from moving in the wind while parked. The idea of the pre-flight checklist/hazard analysis has evolved to consider weather and environmental conditions and is arguably one of the main reasons that modern commercial aviation is considered the safest method of travel.

During World War 2, following several incidents of munitions exploding in factories, the process of documenting and standardizing procedures was introduced to British munition factories. Companies proposing to supply the military with munitions had to submit their own process and procedures for evaluation. These documented programs were then used by inspectors to ensure employees were following procedures, therefore maintaining a safe work environment and preventing losses. It was soon realized that a byproduct of this process of standardizing procedures resulted in a product of consistent quality. This concept continued to evolve into what is now known as the International Organization for Standardization or ISO (derived from the Greek isos meaning equal). Today, many companies use the ISO framework to ensure the safe delivery of products of consistent quality.

When I was in the private sector, we sought ISO 9001 as the basis for a quality management system. Every aspect of virtually every job was documented with procedures and work instructions. This included remote employees on site at chemical plants, refineries and research facilities. When we would do a JHA, we would reference the specific procedures or work instructions for that task. I would often challenge employees to find something that was not documented.

So how does this translate to the public sector to prevent losses? Start small, perhaps look at where employee injuries are most often happening. Is there a high frequency of slips, trips and falls in a maintenance shop? You could implement a process to clean the area at the end of each workday and inspect it at the beginning of the workday to ensure that slip and trip hazards are mitigated. You could audit the program by requiring documentation that cleanup and inspections are taking place.

Even everyday tasks can cause big losses. Perhaps an employee hanging a picture puts a nail through the sheetrock, puncturing a water line to the ice maker in the adjoining room causing extensive water damage.  Perhaps they put that nail through the 220V electric line supplying the ice maker? A JHA form asking if they are penetrating any surfaces that could have water or electric seems simple, but it goes a long way to ensure the employee takes these hazards into consideration.

For any risk control program, it’s important to pause and reflect on what could go wrong and incorporate steps to prevent or mitigate that possibility.  Developing these habits takes time. Don’t get discouraged, start small, stay consistent and you’ll see the fruits of your labor.

*The views and opinions expressed in the Public Risk Management Association (PRIMA) blogs are those of each respective author. The views and opinions do not necessarily reflect the official policy or position of PRIMA.*