The Risk Manager and Occupational Health and Safety Manager - What is the Connection.

By Darius Delon posted 03-15-2011 10:55 AM


The Risk Manager and Occupational Health and Safety Manager – What is the Connection.

By Darius A. Delon, CCIB, FCIP, CRM

Risk Manager



Risk Manager (RM) and Occupational Health and Safety Manager (H&SM) responsibilities are similar in some aspects and as a result there is synergy in putting the two roles within the same department.


The typical H&SM responsibility is to manage the safety of the corporations’ employees and contractors while on the corporations’ sites. When you have an Occupational Health and Safety (OH&S) incident, or near miss, the H&SM will investigate the incident, report it to the proper authorities in the province, log it in the Management Information System (MIS), write a comprehensive incident report, which may go to the OH&S jurisdiction in the province, develop protocols to avoid any future incidents and train managers and staff on the new protocol. The H&SM can rely on the power of legislation to move new practice within the organization since the fines and criminal prosecution, associated with non-compliance with OH&S legislation, gets the attention of the C-suite.


The typical RM responsibility is not defined by legislation so the role often centers on insurance procurement, claims management, contract reviews and the anomalous “Risk”. Risk includes, but is not limited to, the need to protect the corporation from claims brought forward by third parties (guests, trespassers, those not associated with the corporation) that are caused by the actions, or lack of action, of the corporation’s employees, contractors or agents. Once you have a claim from a third party you investigate the incident, report it to the insurer, log it in the MIS, develop protocols to avoid any future incident and train managers and staff on the new protocol.


The difference between the two roles, from a hazard control perspective, is that the H&SM is responsible for employee and on-site contractor safety while the RM is responsible for third party safety. The very same safety protocols put in place by an H&SM is often the same protocol that is needed for third party safety. There is an obvious overlap in these roles with OH&S management benefiting from a well defined and tested set of protocols intended to protect the corporations’ employees.


The simple solution is to combine these two departments into one – Enterprise Risk Management (ERM) unit. There is synergy in combining the units, especially within a large organization. OH&S officer training includes incident investigation which will help in determining the root cause of the incident or claim and OH&S guidebooks have already identified unsafe conditions and developed credible safe work practices. OH&S legislation is a good hammer to wield when you need to get the job done but meet resistance from other management or staff. Risk Manager training includes Risk Assessment, Risk Control and Risk Finance which ties in the macro operations risk with the micro employee safety risk of the H&SM. Good risk control, including OH&S controls, works well to reduce insurance premium (the RM should also be managing the WCB claims process).


Many larger organizations have both an RM and H&SM yet they usually report to two different departments. Often, the H&SM reports to someone within human resources or operations while the RM often reports to finance, operations or procurement – none of which is ideal. Ideally, the combined unit would report directly to the Risk Management Committee and administratively to the CEO, CFO or an EVP. The dual reporting role is needed since critical information may be filtered if the role reports to a middle level management position or the focus of the RM role becomes one of cost containment if reporting to finance or becomes an insurance procurement function within the procurement department.


Who should run the department – the Risk Manager, or another way to put it, the Chief Risk Officer. There needs to be an individual, at the C-Suite level, that is held accountable for the management of the unending new legislation that is brought forward from OH&S, workers compensation, environmental, privacy and other governmental departments. Without a CRO to filter through the unending amount of data, the corporation is at risk of implementing non-priority project while at the same time ignoring high priority emerging risks that could cripple the corporation if not addressed with sufficient resources in a timely manner.


Risk equals reward when it comes to business. The RM job is to allow, and encourage, certain risks so that the organization can complete its main function - while developing systems for avoiding unnecessary risk, mitigating the outcome for necessary risks and transferring surplus risks. An RM, or Chief Risk Officer, that is responsible for insurance procurement, claims management (including WCB), OH&S and “Risk” is well positioned to effectively manage operational risk and keep one if its biggest assets (employees) safe.




07-14-2011 10:03 AM

Having come from the H&SM side of this question and taking on the RM functions as "a minor add-on", at first I was told and thought that the RM function was really just an insurance buying function. Getting beyond that misconception and dealing with professional risk management colleagues, I found that a lot of risk managers were moving beyond the insurance buying function and getting into the great and wonderful world of risk assessment, preventative measures, etc., etc. As an H&S guy, I was continually thinking that this isn't new territory, the H&S people have been doing it for along time. But, it definitely has to be done.
I firmly believe that combining the H&SM and RM functions is the only structure that will prove effective in getting all risk exposures under control.
As far as the resistance to moving from the existing comfort silo, I have seen this become an obstacle. Change management of any kind is a delicate process, but it is done all the time. Frankly, I haven't run across many H&SM people who are happy with the typical HR reporting structure and most would welcome a well-explained move to a Safety & Risk Structure with a real organizational link to senior management.

06-24-2011 07:14 PM

I appreciate reading the comments and agree that many organizations could benefit from a merger of the RM and H&S functions. Or, at the very least, there should be close ties between the two including regular meetings to promote cooperation and collaboration. The question I have is what happens when a plan looks promising on paper, but then people are introduced into the equation. Has anyone experienced an issue with managers who may seek to protect their own area of influence (silo), and can you offer suggestions for how to address how such issues?

03-29-2011 01:50 PM

Although not mentioning the specific operational changes that went with it, NASA combined their Environmental Management System with their Risk Management System noting the potential synergies and avoidance of duplication of effort. Be curious to see how the work dynamics played out in that exercise.
Link to Power Point - NASA Risk Management Aligned Environmental Management System (RM-A-EMS)

03-24-2011 03:06 PM

There is certainly a connection between the roles and Darius presents a solid case for amalgamating the roles within one department. I generally agree with the majority of what was said; however, depending on organizational structure, there may be valid reasons for separation of the roles for reporting purposes. For this to work, a critical element is the ability of the two departments to work together with the greater interests of the organization in mind. If either department views this as a power struggle or "not in my interest to cooperate", then this arrangement is disfunctional. In my experience, RMs are very good at keeping the big picture in mind and working with other departments to ensure corporate goals are achieved. Some OH&S managers I have run across over the years have been more focussed on specific objectives and do not see the big picture. Others have been very good at seeing the corporate perspective and work well with other departments. Bottom line is that there is definitely a connection between the two roles and that there is no one correct way to approach the matter.