Operational Risk Management (ORM) - Safety
Operational Risk Management |
Risk is inherent in all tasks, training, missions, operations, and in personal activities no matter how routine. The most common cause of task degradation or mission failure is human error, specifically the inability to consistently manage risk. ORM reduces or offsets risks by systematically identifying hazards and assessing and controlling the associated risks allowing decisions to be made that weigh risks against mission or task benefits. As professionals, Navy personnel are responsible for managing risk in all tasks while leaders at all levels are responsible for ensuring proper procedures are in place and that appropriate resources are available for their personnel to perform assigned tasks. The Navy vision is to develop an environment in which every officer, enlisted, or civilian person is trained and motivated to personally manage risk in everything they do. This includes on- and off-duty evolutions in peacetime and during conflict, thereby enabling successful completion of any task and mission. Navy commands and activities accomplish this by executing a four pillar strategy.
Training
It is required that all NPS Personnel take ORM training when they come on board, and every three years thereafter.
- Individual Managing Your Risk (CIN - CPPD CPPD-ORM-MYR-1.0). This training has a mandatory triennial completion requirement for all Navy personnel.
- Supervisor Managing Your Team’s Risk (CIN - CPPD-ORM-MYTR-1.0). This training is required upon initial assignment of supervisory responsibilities and every 36 months while assigned at command.
In addition to these triennial trainings, there is an annual ORM Refresher training. It is required for all individuals (Civilian and Military) per OPNAVINST 3500.39D.
Methods of training:
- NEW MOBILE APP!! This is by far the easiest way to complete your ORM training requirements. After you complete the training, you will be prompted to input the DoD ID Number from the back of your CAC. The training will then be documented as completed in ESAMS but it may take a week for it to show. You may download the app for Android and Apple devices:
- ESAMS - All NPS Staff and Faculty (but not Students) should have an active ESAMS account. If you are unable to log in, contact Safety@nps.edu
ORM Process
The most common idea of what ORM is revolves around a simple five-step process that is most frequently used in planning, or at the Deliberate Level. These five steps are:
Step 1. Identify hazards - A hazard is any condition with the potential to negatively impact mission accomplishment or cause injury, death, or property damage. Hazard identification is the foundation of the entire RM process. If a hazard is not identified, it cannot be controlled. | |
Step 2. Assess the hazards - For each hazard identified, determine the associated degree of risk in terms of probability and severity. The result of the risk assessment is a prioritized list of hazards, which ensures that controls are first identified for the most serious threat to mission or task accomplishment. Combine the severity with the probability to determine the risk assessment code (RAC) or level of risk for each hazard, expressed as a single Arabic number. Although not required, the use of a matrix, such as the one below, is helpful in identifying the RAC. | |
Step 3. Make risk decisions - A key element of the risk decision is determining if the risk is acceptable. This decision must be made at the right level by the individual who can balance the risk against the mission or task potential benefit and value. This individual decides if controls are sufficient and acceptable and whether to accept the resulting residual risk. If it is determined the risk level is too high, the development of additional or alternate controls, modifications, changes, or rejecting the course of action becomes necessary. | |
Step 4. Implement controls - Once the risk control decisions are made, the next step is implementation. This requires that the plan is clearly communicated to all the involved personnel, accountability is established, and necessary support is provided. Careful documentation of each step in the RM process facilitates risk communication and the rational processes behind the RM decisions. | |
Step 5. Supervise - Supervise and review involves determining the effectiveness of risk controls throughout the mission or task. This involves three actions: monitoring the effectiveness of risk controls; determining the need for further assessment of all or a portion of the mission or task due to an unanticipated change; and capturing lessons learned, both positive and negative. |
Four Principles of ORM
Accept risks when benefits outweigh costs. | Accept no unnecessary risk. |
Anticipate and manage risk by planning. | Make risk decisions at the right level. |
The Three Levels of ORM
In-Depth
The in-depth level refers to situations when time is not a limiting factor and the right answer is required for a successful mission or task. Thorough research and analysis of available data, use of diagrams and analysis tools, formal testing or long term tracking of associated hazards are some of the tools used at this level. Other examples of application of ORM at the in-depth level include, but are not limited to: long term planning of complex or contingency operations; technical standards and system hazard management applied in engineering design during acquisition and introduction of new equipment and systems; development of tactics and training curricula; and major system overhaul or repair.
Deliberate
The deliberate level refers to situations when there is ample time to apply the RM process to the detailed planning of a mission or task. At this level, the planning primarily uses experienced personnel and brainstorming and is most effective when done in a group. The Navy planning process is a good example of ORM application integrated at the deliberate level. Other examples include: planning of unit missions, tasks or events; review of standard operating, maintenance or training procedures; recreational activities; and the development of damage control and emergency response plans.
Time Critical Risk Management (TCRM)
This is the level at which personnel operate on a daily basis both on- and off-duty. The time critical level is best described as being at the point of commencing or during execution of a mission or task. At this level there is little or no time to make a plan. An on-the-run mental or verbal assessment of the new or changed/changing situation is the best one can do. Time is limited in this situation, so the application of the 5-step process has proven impractical and ineffective. The Navy has adopted the ABCD Model.
RISK ASSESMENT CODES:
Combine the severity with the probability to determine the risk assessment code (RAC) or level of risk for each hazard, expressed as a single Arabic number. Although not required, the use of a matrix (such as the one below) is helpful in identifying the RAC. In some cases, the worst credible consequence of a hazard may not correspond to the highest RAC for that hazard. For example, one hazard may have two potential consequences. The severity of the worst consequence (I) may be unlikely (D), resulting in a RAC of 3. The severity of the lesser consequence (II) may be probable (B), resulting in a RAC of 2. Therefore, it is important to consider less severe consequences of a hazard if they are more likely than the worst credible consequence, since this combination may actually present a greater overall risk.
Mishap Severity Categories
- CATASTROPHIC - Loss of the ability to accomplish the mission. Death or permanent total disability. Loss of a mission-critical system or equipment. Major facility damage. Severe environmental damage. Mission-critical security failure. Unacceptable collateral damage.
- CRITICAL - Significantly degraded mission capability or unit readiness. Permanent partial disability or severe injury or illness. Extensive damage to equipment or systems. Significant damage to property or the environment. Security failure. Significant collateral damage.
- MODERATE - Degraded mission capability or unit readiness. Minor damage to equipment, systems, property, or the environment. Minor injury or illness.
- NEGLIGIBLE - Little or no adverse impact on mission capability or unit readiness. Minimal threat to personnel, safety, or health. Slight equipment or systems damage, but fully functional and serviceable. Little or no property or environmental damage.
Mishap Probability or Occurrence Levels
- FREQUENT - Frequent to occur. Continuously experienced to an individual item or person; or continuously over a service life for an inventory of items or group.
- LIKELY- Likely to occur, immediately or within a short period of time. Expected to occur frequently to an individual item or person; or continuously over a service life for an inventory of items or group.
- OCCASIONAL - Occasionally will occur in time. Expected to occur several times to an individual item or person; or frequently over a service life for an inventory of items or group
- SELDOM- Seldom may occur in time. Can reasonably be expected to occur sometime to an individual item or person; or several times over a service life for an inventory of items, or group.
- UNLIKELY- Unlikely it will occur in time. Unlikely to occur, but possible in the service life for an inventory of items, or group.
- OPNAVINST 3500.39 - OPERATIONAL RISK MANAGMENT
- "ORM The Essentials: A Tool for Making Smart Decisions" by the Naval Safety Center
- Naval Safety Center ORM App Info Sheet (includes links to ORM training app)
- Navy's Travel Risk Planning System (TRiPS)
- Transportation Safety Institute
- Air Force Safety Center
- Army Safety Center
- U.S. Marine Corps Safety
- Naval Safety Center