Which is Better - Apples or Oranges?
As I noted in my blog post this week, I don't like risk matrices.
There are several problems inherent in designing and using risk matrices in an environmental or safety management system. I list three of these in my post.
One of the most difficult to address is what I call the "Apples vs. Oranges" problem. This is the attempt to compare dissimilar items using the same matrix. You can't do it unless you impose some kind of "utility condition" that you compare instead.
For example, "Which is better - apples or oranges?"
This question can't be answered unless you know why you are comparing apples and oranges.
Many organizations using risk matrices for their aspect or hazard analysis are attempting to compare apples and oranges.
Is it which has the most vitamin C or has the most fiber?
Is it which school kids prefer or is easier for the elderly to eat?
Is it which makes a better pie or a better sherbet?
Valiant attempts are made to determine "the signficance" of energy usage, waste disposal, air emissions, water usage, product impacts, toxic chemical usage and employee injury in one massive risk matrix. Various ranking and rating rules are established for assigning numbers and extensive Excel spreadsheets with imbedded formulas are developed to handle it all. The attempt is made to evaluate risk based on multiple, often conflicting "utility conditions" - such as impact probability, clean-up costs, regulatory risks and stakeholder interest - all at the same time.
It simply doesn't work.
So, which is better - apples or oranges?
Well, I prefer apple pie over orange sherbet, but then again, maybe I need more Vitamin C.
Will a risk matrix help me decide? Probably not.
By: Thea Dunmire, JD, CIH, CSP
ENLAR Compliance Services, Inc
Featured Standard - ISO 31000
ISO 31000 Risk Management – Principles and Guidelines provides principles, a framework, and suggested processes that organizations can use for managing risk in a transparent, systematic and credible manner. The principles and guidelines set out in this standard can help organizations identify and manage risks across multiple functions and disciplines, including within an environmental, health and safety management system. Several of the concepts included in ISO 31000, including the need to identify the organization’s internal and external context in order to properly evaluate risk, are being considered in the revision of ISO 14001.
The ISO 31000 standard was not written for certification purposes. It is intended to provide guidance that an organization can use to improve its risk management practices as an integral part of its overall governance approach.
The ISO 31000 standard has been adopted as a U.S. Standard as ANSI Z690.2-2011.
For more information and to order a copy of the standard, click here and then click on the “risk management” link in the Table of Contents box. If you scroll to the bottom of the order page, you will find additional links to other related websites.
June 5, 2013, #102