According to Britannia Club, the growing scale and complexity of marine transportation necessitate a proactive and multi-faceted approach to risk management. While professional expertise, experience, and regulatory frameworks provide valuable advantages, they cannot anticipate all potential risks.
A review of incidents often finds that opportunities were missed to identify and mitigate the risks. As with any process, risk assessments may be ineffective and unlikely to contribute to safety if they are missing the point, are not understood, or seen merely as a ‘tick box exercise’. Risk assessments should ideally occur on many levels, both as a formal, documented process and as a dynamic, ‘on the job’ activity.
For the purpose of the paper the following simplified definitions on how we understand the terms are applied:
- Hazard is an event or a situation which has the potential to cause harm, such as injury, damage or pollution
- Risk is a combination of the likelihood and the severity (consequence) of a hazard
- Risk assessment is the process of risk identification, analysis and evaluation
- Risk management is the coordinated activity to assess, control and monitor risk
Reasons why risks need to be assessed and managed
The general purpose of risk management is to identify the hazards before they occur and have a plan for addressing them. While some risks can be avoided altogether, others can only be minimised to a tolerable level. The reasons for managing risk may be summarised in the following groups:
Business
A company will be unavoidably exposed to various risks during business activities. If incidents do occur, they may lead to claims, losses, reputational damage and loss of competitive advantage. Efficient risk management will contribute to the overall success of the business.
Ethical
A company has a legal and moral duty to take reasonable care of the health and safety of their employees. These objectives extend to contractors, third parties, property and the environment. In turn, employees have a duty of care towards themselves, each other and the employer. This is also a prerequisite to achieving Environmental, Social, and Corporate Governance (ESG) objectives
Regulatory
A ship is subject to the regulatory requirements of the International Maritime Organization (IMO), flag state, and those imposed by the Port/Coastal State in which they trade. Legal requirements agreed in commercial contracts (such as a charterparty) and employment contracts may also apply. Where the requirements regarding risk management may be explicit or implied.
Insurance
There are both explicit and inferred risk management requirements arising from insurance:
- Obligation to comply with class and statutory requirements
- Cover limitations applicable to imprudent, unsafe or unduly hazardous trading
- Obligation to mitigate loss, damage, expense or liability following an incident.
Risk management and the ISM Code
The ISM Code has specific requirements regarding risk management and the objectives of the company (section 1.2.2):
- Provide safe practices in ship operation and a safe working environment;
- assess all identified risks to its ships, personnel and the environment and establish appropriate safeguards; and
- continuously improve safety management skills of personnel ashore and aboard ships, including preparing for emergencies related both to safety and environmental protection.
Above requires companies to carry out a systematic review of their operations and activities, assess the risk for all identified hazards and develop adequate controls – such as the procedures and instructions included in the Safety Management System (SMS).
The ISM Code does not stipulate a particular risk assessment methodology to be used. This provides companies with the flexibility to utilise the approach most suitable for their operational profile. However, company policy as well as procedures for methods selected for risk assessment should be structured and documented. Authority, responsibility and training requirements of the individuals involved with the risk assessment process should be defined in the SMS.
Risk assessment methods and techniques
The risk assessment may be based on the following foundations:
- Historical experience
- Analytical methods
- Knowledge and judgment
Depending on the nature and complexity of their operations, companies may adopt a number of different methods ranging from detailed quantitative assessments to less formal qualitative assessments.
Qualitive risk assessments evaluate risks based on subjective judgments and descriptions, often using categories like high, medium, or low. They often rely on expertise and experience to assess the likelihood and impact of risks.
Quantitative risk assessments, on the other hand, use numerical data and statistical methods to measure risks. They may involve calculating probabilities and potential impacts in numerical terms to provide a more precise evaluation of risks.
Selecting the method appropriate to the situation is essential for successful risk assessment. In principle, a simple qualitative method should be applied first to determine if the risk can be assessed without having to resort to more complex quantitative techniques.