Integrating Risk Assessments with Management of Change Processes

Management of Change - Risk Assessment

A look at how software can make management of change both easier and more effective. 

When it comes to managing change there are two aspects of the practice. First is change management, which focuses on the people side of things and adjusting behavior. Second is the management of change, which focuses on the technical side of processes, procedures, and technology. While the two are interconnected, there are unique needs for both, and different sets of skills and tools needed to effectively make pivots. Below, we dive into the latter and how Environmental, Health, and Safety (EHS) professionals can make productive shifts in their operational and production practices by utilizing software specifically made to support the management of change in these areas. 

If management of change (MoC) is part of your job description, you’re probably familiar with “Plan-Do-Check-Act.” Also known as “PDCA,” the phrase describes the four-step approach that many businesses take to continually improve their processes and products. You plan for a change, put that plan into motion, and then check to make sure what you’re doing is working. Finally, you fully launch your solution, incorporating adjustments as needed. 

While the PDCA method can pay quick dividends for any organization that wants to get better, it’s especially applicable to businesses where EHS risk management is a priority. If you’re required to make changes in the wake of an audit, or you’re introducing a new process that will affect your current systems, “Plan-Do-Check-Act” is an efficient and effective way to go about it. 

Here, we’ll explain how you can leverage the PDCA approach by integrating EHS risk assessments with your existing MoC processes. And, more importantly, how automating the work with a software solution, which links your risk registers with implemented changes, makes the process significantly easier. 

Plan: Completing the Risk Assessment

The first order of business for any organization focused on EHS risk management involves the risk assessment itself. Whether it’s a process hazard analysis (PHA), a job hazards analysis (JHA), a failure modes and effects analysis (FMEA), or anything else, they all require substantial planning and thorough accounting of existing or potential problems. 

Most companies use digital tools for this purpose, identifying the controls they have in place today and determining whether additional measures may be needed in the future. By aggregating their risks in a risk register, they can see exactly what they must do in terms of mitigation and meeting regulatory requirements. 

Do: Prioritizing Changes and Integrating Risk Assessment with Change Management

The next step—the “Do” in PDCA—is to organize and categorize the identified risks in your register before moving on to change management. It might help to know, for example, how addressing a certain risk will help the organization. Or seeing which risks are the most severe, and therefore most important to address first. 

The idea here is to put a value on the work an organization will have to complete if it takes action. How much is there to gain if a change is made? And, how much could be lost if nothing is done? Some organizations may find that certain risks are unacceptable, while others may seem reasonably manageable as they currently stand. 

Once risks are sorted and filtered, management of change (MoC) enters the picture. With an MoC solution that connects risk registers with data on the implemented changes, EHS professionals can monitor risk status, track change progress, and facilitate communication and transparency among the key stakeholders in their organization. 

It’s important to note that while making changes based on the results of a risk assessment analysis, the system can also work the other way around. Upon deciding to implement a change, for example, organizations may find that once that change is logged, the new process triggers the need for a new risk assessment analysis. 

Either way, in the end, an MoC solution should provide a view in which everything is laid out clearly on a single dashboard. Audits and incidents, risk assessments and findings, the actions implemented, and the changes incorporated—it should all be visible and easily accessible. 

Check and Act: Measuring the Impact and Adjusting If Necessary

Last up is the checking and acting: first ensuring the implemented changes had the intended impact and then adapting and optimizing any processes as needed. Evaluating the changes made is necessary in order to verify that they’re actually effective and preparing to shift gears if the findings show that they’re not. 

A digital MoC solution can accomplish this by making the desired results part of the risk assessment. In this way, the risk and action the to reduce it are front and center.  

By comparing actual results with the desired results, organizations can determine if they need to make further changes or if they can continue with the processes currently in place. Because the data in an MoC system makes everything measurable, the decision should be relatively easy. 

These metrics may include everything from on-time completion of inspections to the time it takes to implement a particular barrier or remediation for a specific risk. They may also include actual incidents, for example, or the results of audits and assessments of those areas where MoC had been implemented previously. 

Critically, at this stage of PDCA, you can require objective evidence showing whether the implemented changes have been effective. That evidence—the data you’ve collected—can be used to shape and improve processes moving forward. 

“Plan Do Check Act” may seem simplistic in a complicated world where organizations are held accountable to constantly changing EHS rules and regulations. But for businesses that rely on MoC and are ready to integrate risk assessment with MoC processes – the PDCA approach is a perfect match.