Introduction

Since the advent of the Process Safety Management (PSM) regulations such as OSHA PSM - 29 CFR 1910.119, operating companies have been conducting Process Hazard Analysis (PHA) studies and compliance audits to identify safety hazards. However, these activities alone are not broad enough or deep enough to lay a substantial foundation for establishing a comprehensive organizational risk registry. The reality is that the static nature of most process safety activities like PHAs or audits complicate the goal of working from dynamic and current information.

In the early 2010s, a new term emerged – Operational Risk Management (ORM). Initially, it was narrowly defined as the compliance assurance portion overseen by the Environmental, Health and Safety (EHS) and/or the PSM department. Since then, the definition of ORM has evolved – ORM is now considered to be the portion of a business’s total risk that originates from its processes and facilities – risk tied to actual operations. In short, ORM is focused on compliance and operational risk.

Risk is the possibility for loss. It is quantified by estimating potential consequences and frequency of occurrence. Said another way, risk is defined as any event that impacts a company’s ability to meet its goals. Risk Management (RM) involves the systematic identification, assessment, and mitigation of risks that could impact an organization. This includes a system for strategic planning and operational processes coupled with effective decision support methods and tools.