2024 – Module 3: Risk Management

Expectations

3.1 A risk management process or system that identifies hazards and assesses, prioritizes, and adequately controls risks must be implemented. All potentially fatal hazards – including process safety hazards – should be documented on a risk register.

3.2 Each location must have a task-based or front-line (on-the-job) hazard identification and risk assessment tool that assists workers in identifying and controlling risks associated with their tasks.

3.3 Risk reviews must be completed at least annually or as risks/controls change on scenarios with potentially fatal consequences or process safety risks.

3.4 All risk assessment tools used must be defined, documented, and available.

3.5 There must be a defined process to audit high-risk tasks to ensure compliance with procedures or controls.

3.6 Define and document a manageable level of risk, including evaluation and approval by appropriate levels of management.

3.7 A process safety baseline assessment should be completed when the location has significant process safety risks.

3.8 Emergency Response Plans (ERPs) must be available for the following scenarios: 1) fatalities, 2) multiple injuries, 3) natural disasters, and 4) any potential emergencies at each site.

3.9 Evacuation routes and muster (gathering) points must be established, posted, communicated, and understood.

3.10 Resources (people and equipment) must be identified, obtained/designated, and maintained to respond to identified potential emergencies that support the ERPs. Consideration should be given to mutual aid agreements with neighboring operations or sites.

3.11 Communications and warning systems with associated procedures must be established to support the response plans.

3.12 Emergency preparedness and response training must be provided for all people, including protective actions (evacuation, shelter-in-place, or lockdown) for likely emergencies.

3.13 All people with assigned roles and responsibilities who are expected to support ERPs must be trained and verified as competent to perform their roles.

3.14 Conduct periodic drills and exercises to assess the effectiveness of emergency preparedness and response procedures. After-action reports relative to procedures are considered when performing reviews.

Risk Management Overview

The persistence of high-severity events suggests that approaches rooted in management systems are needed to improve safety and health outcomes. The backbone of this effort is the risk management process, which identifies risks associated with specific mining activities and ways to proactively mitigate those risks to prevent injuries and fatalities. Risk management aims to reduce risk to the lowest practical level. Risk management processes are used domestically and internationally by many high-hazard industries. This module covers a variety of approaches where a risk management process should be applied, including process safety and emergency management. Broadly, this module reviews these varying processes through a risk management framework, including:

Identifying and reviewing all safety and health hazards.
Assessing and prioritizing risks associated with those hazards, emphasizing risks that could have catastrophic consequences, including fatal ones.
Developing and applying controls systematically to eliminate or minimize negative outcomes.
Verifying controls remain effective over time and are modified as/if circumstances change (i.e., management of change).

Risk management starts with operation planning, which is conducted on an ongoing basis and continues until closure. Risk assessment can involve technical staff (engineers), managers, and workers with appropriate knowledge and experience.

Identification of work activities and situations that should be subject to a heightened examination should not be limited to those activities for which companies have had prior incidents. The presence or use of the activity, even very infrequently, is adequate justification for inclusion. Specifically, there are two general groups of work activities: 1) High frequency, low severity/consequence work and 2) Low frequency, high severity/consequence work. Both groups require effective risk assessment, controls, and continuous audits.

Companies should determine what should be audited and how and when tools should be used to manage audits. Each site will develop or adopt and use risk assessment tools, processes, and procedures based on its specific needs. Regardless of the tools selected, they should be strategically integrated into a risk management plan’s identification, assessment, and mitigation components.

High-Risk Procedures

High-risk work emphasizes applying effective controls to minimize the risk of negative outcomes, including fatalities. Each company should define those high-risk activities that are most relevant to their operations and develop a fatality prevention/high-risk program. This includes ensuring internal reporting of high-risk incidents, conducting incident investigations, and root cause analyses, as appropriate. For high-risk work, applying the hierarchy of controls should be used with an emphasis on elimination, substitution, and engineering controls before considering modification or confinement over administrative practices and personal protective equipment (PPE).

Manageable Risk

Manageable risk should be defined by management; however, risk-based decisions can and should be made by workers when they have the knowledge, training, and experience. Management should make all decisions associated with work that exceeds acceptable risk as defined by the company. Each company should define at what level controls should be prioritized based on the hierarchy of controls, recognizing the strongest, general effectiveness of controls in descending order:

Elimination
Substitution
Engineering Controls
Administrative Controls
PPE

Major/catastrophic hazards and risks are not always visible or easily identified during observation, inspection, and routine work. However, key principles can help identify, mitigate, and prevent major catastrophes, including understanding hazards and risks, managing risks, and learning from experience. Committing to process safety is also an aspect of risk management discussed in this module pertaining to critical safety risks.

Process Safety as a Risk Management Process

Process safety aims to prevent unplanned, unexpected releases of hazardous materials or energy to prevent structural failure or loss of stability that could lead to a major/catastrophic incident. To this end, process safety also includes the identification of the low-probability high consequence hazards/risks – also known as critical risks. Examples include loss of primary containment (LOPC) of a process’ solutions and gases, overpressure of a pressure vessel system, and overpressure/explosion of flammable and toxic gases. The impact consequences can involve safety, health, environment, finances, community, and the company’s reputation.

The term Process Safety Management (PSM) became prominent because of regulatory requirements by OSHA in 1992 and by EPA in 1996, that requested heavy industrial companies such as oil and gas, chemicals, nuclear, petrochemical, pharmaceuticals, etc., to properly manage highly hazardous chemicals to create safe workplaces and prevent unexpected causes of major and catastrophic events. The mining industry is no different in impact potential; since there is also the aspect of the evolving dynamic environment from the mine itself, to the different processing plants, to the final product.

PSM Versus OSH Management

PSM is often confused with safety management, but the two systems can be distinguished by the scale of failure they seek to prevent. PSM aims to prevent large-scale major/catastrophic events. On the other hand, occupational safety management aims to prevent more individual-level safety incidents, which normally consist of higher probability/lower consequence events. Occupational safety hazards are more common but can often be addressed by smaller-scale interventions, while process safety hazards generally require a more detailed solution that may involve engineering systems, secondary containment, etc.

PSM Process

PSM focuses on events that have perhaps occurred infrequently in the past or possibly never. But, if they occur, they are often catastrophic, expensive, and impactful across the organization and sometimes the surrounding environment. While it can be complex and expensive to understand these low-probability events, companies should ensure that all aspects of major/catastrophic hazards/risks are identified, mitigated, and prevented by consulting other CORESafety modules such as Operational Controls and Management of Change throughout project start-up and shut down to general safety reviews and maintenance. If companies complete an assessment and identify critical risks, it is important to consult these supplementary guidance documents to complete the following activities:

Define and follow a process safety roadmap using baseline assessments that detail and assign responsibilities for actions.
Train key personnel in PSM (e.g., investigators, safety and health professionals, etc.).
Establish a process safety structure to support the program (i.e., champion/stewards/etc.).

Implementing process safety under these key principles is subdivided into different elements. Although NMA CORESafety realizes PSM does not apply to every mining operation, having processes in place that can be used to identify critical risks and subsequent controls is a valuable practice and resource to have available.

Commit to Safety Process

Process Safety Culture
Compliance with Standards
Process Safety Competency (training)
Workforce Involvement
Stakeholder Engagement

Understand Hazards and Risk

Process Knowledge Management Process Safety Information (PSI)
Hazard Identification and Risk Analysis

Manage Risk

Operating Procedures
Safe Work Practices
Asset Integrity and Reliability
Training
Management of Change
Operational Readiness that included Pre-Startup-Safety Review (PSSR)
Conduct of Operation (i.e., Operational discipline)
Emergency Planning and Response

Learn from Experience

Incident Investigation
Measurement and Metrics
Compliance Audits
Management Review and Continuous Improvement

Emergency Management

An effective SHMS is designed to prevent incidents from occurring. However, considering the potential for uncontrollable factors such as earthquakes or heart attacks, a well-designed, trained, and tested emergency management system is necessary. Emergency preparedness and response plans can prevent an emergency or disaster from worsening and, by protecting responders, can prevent additional incidents or fatalities from occurring. Companies must have the capability to respond appropriately to emergency and disaster situations.

Emergency Management Includes

Emergency prevention—What must we do to prevent a non-emergency from becoming an emergency?
Planning—What can happen, both expected and unexpected, and how should we respond?
Emergency resources—What materials, equipment, information, and people do we need to deal with the emergency?
Training—Who needs to do what when an emergency occurs?
Coordination and communication—What government agencies and non-governmental impacted parties need to be involved and how do we coordinate to manage the emergency with these key groups?
Media—Where will the media be staged, and how will updates and briefings be provided?
Families—How will families’ privacy be ensured and their needs met, and how will families be segregated from facilities provided for the media? How will communication be conducted with the families?
Recovery—Once the real emergency is addressed, how do we recover?

These plans should consider potential impacts on the workforce, the public, the environment, and company assets. Decisions should prioritize protecting people and the communities in which a company operates, including considerations around cultural significance.