(Company Logo)

HSEQ SP-00
STANDARD PROCEDURES (procedure number)

RISK & OPPORTUNITIES MANAGEMENT PROCEDURE

1.0 PURPOSE

The purpose of the Risk & Opportunities Management procedure is to establish a uniform and
consistent method for the identification, evaluation and control of the Occupational Health, Safety
and Environmental aspects/hazards within the Company (Company Name).

The identification and effective management of risk including prudent informed risk taking is viewed
as an integral part of (COMPANY NAME)(and its subcontractors) operations. This procedure
describes (COMPANY NAME) risk & opportunities management process to identify, analyze,
assess, control and treat risks for all new, routine and non-routine tasks/activities.

This shall ensure that the appropriate methodology is adopted:

a) To identify HSE aspects/hazards related to the activities, products & services, as well as
those related to human behavior, capabilities and other human factors.
b) To determine the risks associated with the identified hazards.
c) To indicate the level of risks related to each hazard/impact.
d) To identify any risk control measures needed.

2.0 SCOPE

The Risk & Opportunities Management Procedure shall apply to all activities, products and services
under the control of (COMPANY NAME)including departments and sites etc.
This procedure is supported by:

a) (COMPANY NAME)HSEQ policy

b) Stop Work Policy
c) (COMPANY NAME)Risk & Opportunities Management Policy
d) JHA Work sheet
e) Tool Box Talk
f) Risk assessment form
g) Aspect Impact scoring form
h) Audit and Inspection procedure
i) MOC procedure
j) PTW Procedure
k) Hazard and Business Risk Register

3.0 RESPONSIBILITY

3.1 Production Director

Provide necessary resources, Review and approval of the Hazard/Business Risk Register and
ensures compliance.

Is responsible to carry out Business risk analysis & assessment together with other team members
as assigned by MD.

Responsible to obtain approval from MD.

Responsible to review and carry out business risk analysis and update register as appropriate.

3.2 Department’s Managers & Line Managers

REVISION NO: 00
(Company Name) Page 1 of 25
DATE: 01/01/2020
 (Company Logo)
HSEQ SP-00
STANDARD PROCEDURES (procedure number)

RISK & OPPORTUNITIES MANAGEMENT PROCEDURE

Heads of each relevant department and Line Managers with respect to their assigned department
are responsible for identifying and evaluating the HSEQ aspects/hazards and assess the need of
risk associated with all types of activities within (COMPANY NAME)and subcontractors (service
providers, vendors).

Once the Hazards are identified, the Departmental Heads and Line Managers shall request to
HSEQ Manager to form a team to conduct the Risk Assessment.

After completion of Risk Assessment it shall be communicated with stake holders for review,
consultation, feedback and agreement and submitted to Production Director for approval.

Once approved from PD the implementation and continual monitoring phase shall commence by
communicating the actions and all control measures to Project Manager and Site safety Officers.

They should also ensure the availability of up to date document on appropriate location.

3.3 Project Focal Point (Project Manager)

He / She shall ensure that all hazards are identified and project specific risk assessment in addition
to risk register is available and implemented throughout the project.

He / She is also responsible for reviewing and ensuring the reliability of the Risk Assessment
including other relevant parties (internal & external) and that all Hazards associated with the
project/job has been identified and covered in the Risk Assessment.

He / She is also responsible to develop and implement action and improvement plans as
appropriate and to control, monitor and treat the risk accordingly.

He / She are also responsible for proper implementation of Risk assessment, improvement and
action plans and control measures.
He / She shall also ensure that up to date copy of Risk Register is available/ familiarization is
provided / implemented on all sites.

3.4 HSEQ Manager

Responsible to facilitates the Risk Assessment and ensure that all control measures are in place.
Ensure that Risk Register is reviewed along with other parties as appropriate.

3.5 Employees / Contractors / Client

Shall assist in reviewing the Risk Assessment and are responsible to follow the risk assessment or
any action plan and report any new Hazard identified associated with the job/task etc.

4.0 DEFINITIONS

Loss / harm Injury, death, damage to property plant, products or the environment,
production losses etc.
Hazard An object, physical effect, source, situation, act or condition with
potential to harm people (human injury or ill-health), property, or the
environment or affect the company reputation.
Hazard Identification A process of recognizing that a hazard exists and defining its

REVISION NO: 00
(Company Name) Page 2 of 25
DATE: 01/01/2020
 (Company Logo)
HSEQ SP-00
STANDARD PROCEDURES (procedure number)

RISK & OPPORTUNITIES MANAGEMENT PROCEDURE

Risk The possibilities that the potential for harm will be attained under the
conditions of use and/ or exposure, and the possible extent of the harm.
Acceptable Risk Risk that has been reduced to a level that can be tolerated by the
organization, having regard to its legal obligations and its own HSEQ
Policy
Human Behavior Manner of acting or controlling / conducting oneself.

Human Capability A person’s ability or aptitude to undertake a task or thought process

A work-related event(s), in which an injury or ill health (regardless of
Incident severity) or fatality and/or damage (loss) to assets, the environment.
Company reputation or third parties occurred, or could have occurred
The Workplace risk assessment is a careful examination of what, in
work, could cause harm to people, property and environment, so that it
Workplace Risk The can be weighed up whether enough precautions have been taken to
Workplace risk prevent harm. The process of evaluating the risk to health and safety of
assessment is a careful workers whilst at work arising from circumstances of the occurrence of a
examination of what, in hazard at the workplace includes systematic and documented
Assessment examination of all aspects of the work under- taken in order to consider
what could cause injury or harm.

As low as reasonably The cost involved in reducing the risk further would be grossly
practical disproportionate to the benefit gained.
This is a dialogue between (COMPANY NAME)and its stakeholders. It is
continual two way process that involves sharing and receiving
Communication and information about the management of risk. The consultation and
consultation communication process allows risk owners and others to make informed
decisions about the risk. Discussions could include the nature, form,
likelihood, significance and treatment of the risk
The internal and external environment within which (COMPANY NAME)
seeks to achieve its objectives.
Risk Treatment Risk Treatment is the process of selecting and implementing of
measures to modify risk. Risk treatment measures can include avoiding,
reducing, transferring or retaining risk.
We can choose not to take on the risk by avoiding the actions that
Risk Avoidance cause the risk. E.g. if you feel that swimming is too dangerous you can
avoid the risk by not swimming.
We can take mitigation actions that reduce the risk.
Risk Reduction
E.g. wearing life jacket when we are swimming.
Where company can transfer all or part of the risk to a third party. The
two main types of transfer are insurance and outsourcing. e.g. a
Risk Transfer
company may choose to transfer a collection of project risks by
outsourcing the project.
Risk treatments don't necessarily reduce risks to zero. Remaining risk
Residual Risk
after treatment is known as residual risk.

5.0 PROCEDURE

5.1.1 ESTABLISHING CONTEXT OF THE ORGANIZATION

REVISION NO: 00
(Company Name) Page 3 of 25
DATE: 01/01/2020
 (Company Logo)
HSEQ SP-00
STANDARD PROCEDURES (procedure number)

RISK & OPPORTUNITIES MANAGEMENT PROCEDURE

In order to identify and manage (COMPANY NAME)risks we need to understand the context (Ref. to
part one of HSEQMS) within which (COMPANY NAME)operates. In particular we need to consider
or department specific:

a) Objectives / activities / tasks (break down the activity into definable steps if needed);
b) Internal and external context.

It is important that sufficient time is spent developing a thorough understanding of the context for
which the risk assessment is being undertaken exists. This underpins all subsequent stages of the
risk & opportunities management process. In addition to enabling individual risks to be identified,
this context analysis also informs the understanding of:

a) How those risks arise through the interaction of events, business processes and/or
individuals;
b) What and who will be impacted, and how, should those risk events occur; and
c) Business processes and methods that are currently in place, or which could be put in place,
in order to manage risks.

The hazard / aspect based approach will be used for identifying and evaluating the HSE risks/
impacts within the Company’s operations.

The hazard / aspect based approach will be used for identifying and evaluating the HSE risks/
impacts within the Company’s operations.

The approach aims to:

a) Identify hazards/aspect
b) Evaluate tasks risk/impact
c) Identify controls & safeguards to reduce risk/impact
d) Define and agree new or revised operating procedures.
e) Provide a framework for reducing hazards/ risks.
f) Provide tools for the identification of training needs.
g) Provide input to the development of safe working procedures and practices.

5.1.2 EXTERNAL CONTEXT

a) Political – reforms, industrial relations environment, civil unrest;

b) Economic – taxes, economic growth, inflation, unemployment, financial standing;
c) Social – cultural expectations, social norms, demographics, internal capabilities;
d) Technological – current and emerging technology;
e) Legal – regulation and legislation;
f) Environmental – ecological and environmental aspects;
g) Key drivers and trends that may impact (COMPANY NAME)objectives;
h) Relationships with and the perceptions and values of (COMPANY NAME)key external
stakeholders.

5.1.3 INTERNAL CONTEXT

a) (COMPANY NAME)governance, organization structure, roles, responsibilities and

accountabilities;
b) (COMPANY NAME)policies, objectives and the strategies that are in place to achieve them;
c) (COMPANY NAME)capabilities in relation to its people, processes, systems and

REVISION NO: 00
(Company Name) Page 4 of 25
DATE: 01/01/2020
 (Company Logo)
HSEQ SP-00
STANDARD PROCEDURES (procedure number)

RISK & OPPORTUNITIES MANAGEMENT PROCEDURE

technologies;
d) Significant investigation and audit findings, incidents and near misses;
e) Relationships with and the perceptions and values of internal stakeholders;
f) (COMPANY NAME)culture.
5.2 PROCEDURE FOR PERFORMING THE RISK ASSESSMENT

It is envisaged that risk assessment will form an integral part of the required safety controls, when
completing work permits and prior to the commencement of any (COMPANY
NAME)onshore/offshore Operation.

Risk & Opportunities Management is an ongoing process, which should be carried out on a regular
basis. It should also be conducted whenever new plant, equipment or machinery are to be
introduced or retrofitted on board and when there is a change in working practices, procedures and
regulatory requirements.

The management of the Company requires ‘Employee Groups’ to conduct and record suitable and
sufficient risk assessments on specific aspects of operations, covering but not limited to the topics
mentioned below and in hazard and business risk register.

The identification of hazards and evaluation of the associated risks is carried out by the HOD’s,
Upon request or as risk assessment is required HAZID (Hazard Identification) team will be formed
which comprises the SSHE management representative, the Head of the relevant department/Line
Manager, and stake holders.

The team systematically focuses on the particular aspects of all jobs within a project or operation.
The main advantage is that the risk assessors will be able to investigate, analyze specified hazards
and risks one by one and thereby become conversant with the reference publications and the
appropriate safety standards. This helps to ensure a consistent approach to a particular hazard or
risk across all of the project / operation activities. The risk in this type of approach is evaluated as
combination of potential severity of the outcome and the likelihood of occurrence.

Risk = Potential Severity x Likelihood of occurrence

5.3 STEP-BY-STEP ASSESSMENT

The step by step assessment is to identify the hazards, which are associated with the individual
tasks, and state the controls required. The risk assessment shall take the form of a step-by-step
critical examination of the task, from start to finish, analyzing each activity, source(s) of hazard and
level of risk.

The Hazard Identification and Risk Assessment process shown below in six key steps followed with
flow chart but not limited to
1. Job / Activity identification
2. Hazard identification
3. Identifying who/what might be harmed
4. Quantifying the risk
5. Applying control measures/treating Risk
6. Follow up of measures and control of effectiveness

STEP 1. JOB / ACTIVITY IDENTIFICATION

REVISION NO: 00
(Company Name) Page 5 of 25
DATE: 01/01/2020
 (Company Logo)
HSEQ SP-00
STANDARD PROCEDURES (procedure number)

RISK & OPPORTUNITIES MANAGEMENT PROCEDURE

Identify all jobs / activities in the work scope (Ref Context. From the list of jobs ascertain whether
any existing hazard identification and risk assessment has been applied. All jobs / activities not
being assessed will be subject to process.

STEP 2. HAZARD IDENTIFICATION

This stage aims to identify what, why and how things can happen as the basis for further analysis.
There are a number of ways to identify potential sources of injury, disease, or damage to property
reputation and environment. Selection of the appropriate procedure will depend upon the type of
work process and hazard involved.

It is important to take a holistic approach to ensure all risks are identified and considered. Specific
consideration should be given to management structures and how they impact on decision making
and information flows; health and safety of internal and external individuals (COMPANY
NAME)interacts with; reputation; systems and processes; compliance and legal requirements;
finances and strategy. Company adopts various methods to source information to ensure risks are
identified.

Methods for identifying site / office hazards and predicting potential damage include a combination
of the following and a hazard prompt card (Annex A) and other sources of information include but
are not limited to:

a) Task observations, Job hazard analysis

b) Accidents, ill-health or near miss data (Past record)
c) Employee Consultation& Communication
d) Work place inspection
e) Material Safety Data Sheets and manufacturer’s information
f) For ready reference the Hazard prompt card (referring to annex A)

HAZARD ANALYSIS TECHNIQUES

Job Safety Analysis/Task Analysis and systems safety techniques, hazard identification analysis
(HAZID), can be used to determine and evaluate the tasks associated with the work process which
may give rise to hazards.

In the event that these techniques are required it is understood that a Company’s Safety
management system relevant section will address the applicable analysis.

PAST RECORDS

Incident/injury occurrences and near-miss records should also be analyzed to identify problem
areas. It should be recognized however, that the past experience of the Company may not indicate
the total range of risk possibilities.

EMPLOYEE CONSULTATION & COMMUNICATION

There is no substitute for a group of our employees who know the work activities and work
environment, getting together and listing the hazards and risks faced by the scope of work.

The Company considers this to be one of the most effective means of identifying hazards on
Company Workplaces. Project Managers, Supervisors and site workers are often in the best

REVISION NO: 00
(Company Name) Page 6 of 25
DATE: 01/01/2020
 (Company Logo)
HSEQ SP-00
STANDARD PROCEDURES (procedure number)

RISK & OPPORTUNITIES MANAGEMENT PROCEDURE

position to identify hazards and assess the likely outcomes of the hazards. They will often know the
best risk control option.

WORKPLACE INSPECTION

Hazards exist in every workplace it is every employee’s right to be informed of any known or
foreseeable health or safety hazard in the area where the employee works .An on scene company
verification using a simple checklist can identify sources of hazards. It is often useful to employ a
person from outside the work area as a new set of eyes however it can be initiated by site
employees i.e. site supervisor etc.

MATERIAL SAFETY DATA SHEETS AND MANUFACTURER’S INFORMATION

Material Safety Data Sheets (MSDS), Product Labels, Manufacturers and Suppliers are essential
sources of information regarding the hazards associated with chemical substances used as well as
the MSDS for bunkers received on board and / or paints etc.

HAZARD AND BUSINESS RISK REGISTER

The conclusion of this stage will result in the documentation of a list of hazards, activities, tasks or
processes involving some risk and identification of their potential consequences.

Additionally Hazard Risk workshops (brainstorming), use of Questionnaire surveys, Business

process mapping, media articles, insurance and litigation claim history, Journals and industry
periodicals, industry networking events, team and joint department meetings could be used.

STEP 3. WHO AND WHAT MAY BE AFFECTED / HARMED

WHO may be harmed?

a) Operators of equipment
b) Contractors
c) Marine and deck crew
d) Newly hired personnel
e) Third party on board (clients, passengers, etc.)
f) Office staff
g) People sharing your workplace
h) Cleaners
i) Divers

WHAT might be harmed?

a) Assets - Company’s and, or customer’s
b) Equipment
c) Material
d) Environment
e) Time loss

Once the risks have been identified a risk category should be allocated to each risk. This assists
with reporting and analysis of (COMPANY NAME)risk profile. Choose the risk category that most
appropriately summarizes the nature of the risk. (COMPANY NAME)uses the following risk
categories:

REVISION NO: 00
(Company Name) Page 7 of 25
DATE: 01/01/2020
 (Company Logo)
HSEQ SP-00
STANDARD PROCEDURES (procedure number)

RISK & OPPORTUNITIES MANAGEMENT PROCEDURE

Business Risk Hazard Risk Project Risk

Compliance People HSEQ (Including Security)
Operational Environment Reputation
Financial Value (asset damage) Deliverables
Strategic / market Reputation Financial

*Note, the risk register template is set up for hazard risk. When using it for business or project risk
the risk categories column requires updating to reflect the appropriate categories. A risk owner is to
be allocated to each identified risk.

STEP 4. QUANTIFY THE RISK

The quantified risk rating is based on the Risk Assessment Matrix (RAM). It determines the risk
rating from the Potential severity level given in rows A-E, and the Probability (Likelihood of
occurrence) in columns 1 – 5

HAZARD SEVERITY OUTCOME PROBABILITY

Operations Very Very
Asset Unlikely Possible Likely
Personnel Environment Reputation Unlikely Likely
Damage
Downtime 1 2 3 4 5
Catastrophic Catastrophic
Catastrophic
Fatality or International
(Massive)
multiple > 100 m3
> $1,000,000
coverage/ E M M H H H
serious long Exposure
> 1 Month
term injuries
Serious
Serious Regional
Long term Serious
(Major) Coverage/
serious
<$1,000,000 Exposure
D L M M H H
injury/Disability <100 m3
> 1 week

Moderate
(LTI) Moderate
Moderate National
Injury leading (Minor)
to & up to 10 <$ 50,000
Coverage/ C L L M M H
<100 litters Exposure
days away >1 Day
from work
Slight
Slight
(FA or MTC) State
Slight
First aid Coverage/
required or
< $10,000
Exposure B L L L M M
<10 litters <1 Day
medical
treatment

Negligible Negligible Negligible

No specific Internal
treatment or NIL No Cost Coverage
A L L L L M
loss of work

REVISION NO: 00
(Company Name) Page 8 of 25
DATE: 01/01/2020
 (Company Logo)
HSEQ SP-00
STANDARD PROCEDURES (procedure number)

RISK & OPPORTUNITIES MANAGEMENT PROCEDURE

L M H
Low Medium High Risk
Risk Risk
SEVERITY GUIDELINES

 Negligible injury or health implications.

 No absence from work
Negligible A
 Negligible loss of function or damage to equipment
resulting in no costs.
 Minor injury requiring first aid or medical treatment.
 Damage to equipment requiring minor repair.
Slight B
 Costs up to $10,000.
 Some pollution impact to the environment.
 Injury leading to a lost time case but with no long
term disablement.
Moderate C  Localized damage to equipment requiring significant
repair and loss of function with costs up to $50,000.
 Moderate pollution incurring some restitution costs.
 Involves a single severe injury where long term
disability results.
 Damage to equipment resulting in major loss of
Serious D
operational capability and costs up to $1m.
 Severe pollution with short term localized implications
incurring significant restitution costs.
 A fatality or multiple severe injuries.
 Major long term implication for operational capability
Catastrophic E with extensive costs in excess of $1m.
 Extensive pollution with long term implication and
very high restitution costs.

PROBABILITY GUIDELINES
It is appreciated that probability of occurrence is fairly subjective and open to personal
interpretation. In an attempt to achieve a level of consistency the following definitions are applied.

Very unlikely 1  A freak combination of factors would be required for

an accident to result.
Unlikely 2  A rare combination of factors would be required for
an accident to result.
Possible 3  Could happen when additional factors are present but
otherwise is unlikely to occur.
Likely 4  Not certain to happen but an additional factor may
result in an accident.
Very likely 5  Almost inevitable that an incident would result.

RISK CRITERIA

Low Risk L  No further immediate controls are required. Proceed

with care.

REVISION NO: 00
(Company Name) Page 9 of 25
DATE: 01/01/2020
 (Company Logo)
HSEQ SP-00
STANDARD PROCEDURES (procedure number)

RISK & OPPORTUNITIES MANAGEMENT PROCEDURE

Medium Risk M  Activity must be investigated with a view to reducing

risk further. The task can only proceed with
appropriate management authorization after
consultation with specialist people.
Unacceptable Risk H  Task must not be undertaken. It requires immediate
action to avoid the hazard or substantially reduce the
risk by further/better control measures

STEP 5. APPLICATION OF CONTROL MEASURES

This stage of the risk & opportunities management is risk/opportunity control where control
measures to be listed against each hazard. All contingencies must be covered - all reasonably
possible situations where a snag or failure could occur and from which you can safely recover from
such a problem and complete the activity.

The control and risk treatment measures must include:

a) Identifying the range of options for dealing with the controls of risks
b) Evaluating these options
c) Preparing risk control plans and implementing them.
d) Adequate information, instruction, training
e) Adequate systems or procedures
f) Meet the normal legal requirement
g) Represent good practice
h) Reduce Risk as low as reasonably practicable
i) Comply with a recognized industry standard
j) Have an acceptable low level of residual risk

Further the control measures and the ranges of Work place risk control and reduction measures are
listed below in order of preference;

a) Design - Allows hazards to be designed out; and control measures to be designed in.
b) Elimination - Modification to process method or material to eliminate the hazard completely
c) Substitution - Replacing the material, substance or process with a less hazardous one.
d) Redesign - Redesigning plant or work process to reduce the risk
e) Separation- Isolating the hazard from persons by safeguarding, or by space or time
separation.
f) Administration - Adjusting the time or conditions of risk exposures / training
g) PPE - Using the appropriately designed protection equipment where other controls are not
practicable.
h) Exposure: Minimizing exposure to sources of risk can be achieved by;
i) Rotating personnel through high risk tasks, changing timings – (e.g. avoiding peak hour
activity times)
j) Transferring the Risk, Sub-contracting the analysis of risk to personnel outside the Company
who are specialists and possess expertise on the matter.
k) Probability - Reduce the frequency or probability of the occurrence through management
controls, or other arrangements, which reduce opportunity for error. These could include but
are not limited to; Audit and compliance programs Contractual agreement conditions, Formal
reviews of design, engineering and operations, Inspection and process controls, Preventive
Maintenance, Quality Assurance, Research and development, technological development,
Structured training and other programs, Supervision and, Testing (Technical, Procedural and
Behavioral controls as appropriate)

REVISION NO: 00
(Company Name) Page 10 of 25
DATE: 01/01/2020
 (Company Logo)
HSEQ SP-00
STANDARD PROCEDURES (procedure number)

RISK & OPPORTUNITIES MANAGEMENT PROCEDURE

The above control measures should be applied to reduce consequences, reduce exposure and
reduce the probability of injury, damage and loss to property and environment.

All Precautions in place must be recorded. Priority must be given to those Risks which affect large
numbers of people and/or could result in serious Harm.

REVISION NO: 00
(Company Name) Page 11 of 25
DATE: 01/01/2020
 (Company Logo)
HSEQ SP-00
STANDARD PROCEDURES (procedure number)

RISK & OPPORTUNITIES MANAGEMENT PROCEDURE

Below Risk Management categories maybe used for risk control and treatment.

Not proceeding with the project or activity or aspect that gives

rise to the risk. E.g. deciding not to proceed with a plan that
Risk avoidance
requires personnel working at high scaffolding platforms
during extreme winds.
Developing, implementing or redesigning equipment,
practices, processes or policies that will make the risk less
likely to occur. e.g. high staff turnover may be reduced by
Reducing the likelihood of the improving the staff performance management system, or the
risk risk of injury to pedestrians at the Supply Base is improved
by putting a physical barrier between the pedestrian walkway
and the vehicle lane rather than having only a painted line
barrier.
Developing treatments to reduce the consequences to
(COMPANY NAME)(or the department) should the risk occur.
e.g. the impact of a mechanical failure may be reduced by
Reducing the impact of the risk ensuring regular maintenance of the critical spares list,
allowing the mechanical failure to be repaired quickly, or the
use of PPE such as gloves may reduce the severity of a
potential hand injury when working with hot surfaces.
Transferring the impacts of a risk to another party. e.g.
Risk transfer insurance policies, contractual provisions, subcontracting or
outsourcing.
Putting in place mechanisms that will enable (COMPANY
NAME)to effectively deal with a risk event should it occur. e.g.
Contingency planning
resources which are set aside to deal with a potential project
cost overrun, or any emergency or disaster preparation.

STEP 6. FOLLOW UP OF MEASURES AND CONTROL OF EFFECTIVENESS

Re-evaluate the risk with control measures in place.

Identify if further control measures or risk treatment can be applied and re-evaluate, analyze the risk
with the further control measures in place.

If the team considers that there are insufficient independent control measures available or that they
are unlikely to be effective against that particular hazard, then the risk must be judged to be
unacceptable. In this instance the work should be cancelled or postponed until further thought has
been given as to how the risks can further be reduced in order that the work activity can be
performed safely.

The person responsible for the production of the report or formal record shall clearly identify who is
responsible for actions defining control measures and will set a time limit.

6.0 CONTROL, VALIDITY AND REVIEW OF THE RISK ASSESSMENTS

The risk assessments are subject to periodical formal review to confirm the validity of the
assessment and whether risk controls are still effective and adequate.

For risk management practices to remain relevant and effective they must adapt to and evolve with
changes to (COMPANY NAME)(or the specific department) internal and external environment,

REVISION NO: 00
(Company Name) Page 12 of 25
DATE: 01/01/2020
 (Company Logo)
HSEQ SP-00
STANDARD PROCEDURES (procedure number)

RISK & OPPORTUNITIES MANAGEMENT PROCEDURE

methods of operation and stakeholders’ perceptions and actions. This is achieved through ongoing
monitoring and regular review and update of risk registers and risk treatments.

The review of risk assessments for entire risk registers to be carried out annually.
In case of below mentioned items review cycle may increase and review to be carried out on
quarterly basis and in some cases as soon as possible.

a) Expansion, contraction or restructuring the activities

b) Reallocation of responsibilities
c) Changes of methods of work or pattern of behavior
d) Occurrence of hazardous, undesired event, incidents etc.
e) Business risk high potential
f) Material change in circumstances (this may include significant audit findings, investigation
findings etc.)
g) Project change

7.0 CONSEQUENCES

Ensuring management controls can reduce consequences and physical barriers put in place can
minimize the adverse impact. Where the residual risk potential rating is intolerable or the risk has
not been lowered to as low as reasonably practical and rated as HIGH, tools to use for analysis may
include but not limited to; Contingency planning, Contracted arrangements, Contract conditions,
Design features, Disaster recovery plans, Emergency response procedures, Specialist advice, Bow
Tie analysis etc.

In this case the Risk owner must obtain approval from Productioncaptain
Director and subject to the agreement/approval of other interested parties prior commencement or
start of the job/project.

8.0 TOOLBOX TALK (TBT) & JOB HAZARD ANALYSIS (JHA)

8.1 Toolbox Talk (TBT)

A Toolbox Talk is an informal group discussion that focuses on a particular safety issue. These tools
can be used daily to promote your employee’s safety culture. Toolbox talks are also intended to
facilitate health and safety discussions on the job site.

Apart from routine use as considered appropriate, toolbox checklist should always be used prior to
undertaking tasks of a non-routine nature and at all times when new crew are involved in shipboard
tasks with which they may not be familiar.
8.2 Job Hazard Analysis (JHA)

A job hazard analysis (JHA) is a procedure which helps integrate accepted safety and health
principles and practices into a particular task or job operation.

In a JHA, each basic step of the job is to identify potential hazards and to recommend the safest
way to do the job. Other terms used to describe this procedure are job safety analysis (JSA) and job
hazard breakdown.

REVISION NO: 00
(Company Name) Page 13 of 25
DATE: 01/01/2020
 (Company Logo)
HSEQ SP-00
STANDARD PROCEDURES (procedure number)

RISK & OPPORTUNITIES MANAGEMENT PROCEDURE

9.0 RISK, AUDIT AND HSEQ INTEGRATION

Internal audit plans (including HSEQ, ISM, and ISPS internal audits) are developed in consideration
of department specific risk profiles. This ensures those controls that are heavily relied on to reduce
risk and those risks that are rated as having less than effective control environments are being
checked for effectiveness and improvement opportunities.

Incidents, near misses and significant investigation and audit findings are relayed by the
Operations, and Commercial Manager to the HSEQ department to ensure the findings can be
considered at the next risk register and control reviews (both hazard risk register and business risk
register).
10.0 THE RISK TOOL RELATIONSHIP

We have a number of risk tools available to manage risk:

a) (COMPANY NAME)HSEQ policy
b) Stop Work Policy
c) (COMPANY NAME)Risk Management Policy
d) JHA Work sheet
e) Tool Box Talk
f) Risk assessment form
g) Environmental R-A, Aspect Impact scoring form
h) Audit and Inspection procedure
i) MOC procedure
j) BBS Procedure
k) Hazard and Business Risk Register

10.1 The Business Risk Register and the Hazard Risk Register Relationship

(COMPANY NAME)is faced with numerous hazards and risks in everyday operations. The existence
and management of these operational risks can impact on the risks associated with business
objectives. e.g. a safety performance type risk sits on each business risk register. Where there have
been incidents or near misses, poor audit findings etc. this will impact on the how the safety
performance business risk is assessed. It is important that the management of hazards and hazard
risks is considered during business risk reviews.

These risk tools are the responsibility of the risk owner and Commercial Manager and are utilized by
Supervisors, Managers, Contracts/Commercial, the Executive Management Team and Risk
Committee and top Management.
10.2 The Hazard Risk Register and JHA Relationship

A JHA requires a risk assessment of hazards for each step involved in a task / activity. A JHA is to
be developed for all Medium, High rated risks or whenever needed. The hazard risk register must
be used to assist with the development of a JHA. The hazard risk register will contain hazards, risks
and controls identified for the task / activity.

The development or review of a JHA is an opportunity to consider the existing risks, or identify any
new risks associated with the task / activity not already listed on the JHA (if undertaking a review) or
on the hazard risk register (if developing a JHA). New hazard risks or changes to the existing
hazard risks may occur due to a change in circumstances, process, newly implemented controls,
the context (including weather) etc.

REVISION NO: 00
(Company Name) Page 14 of 25
DATE: 01/01/2020
 (Company Logo)
HSEQ SP-00
STANDARD PROCEDURES (procedure number)

RISK & OPPORTUNITIES MANAGEMENT PROCEDURE

Where the residual risk in a JHA is low or medium the Supervisor can approve changes to it, the
changes are to be reported to the Department Manager/Line Manager respectively. Those JHA’s
that contain high risks are to be approved by the Department Manager/Line Manager and
Commercial Manager, respectively.

The Department Manager will report any changes to the Commercial Manager who can authorize
changes to the hazard risk register. Similarly when a change is made to the hazard risk register
during a review the corresponding JHA is to be updated.

A JHA must be signed off by the team completing the task prior to starting the task every time.

10.3 The JHA and BBS Relationship

Immediately prior to performing a work activity every time or when a stop work has been initiated
the hazards associated with the task need to be reviewed. This allows the opportunity to suggest
changes to the JHA where required.

10.4 The BBS and Stop Work Obligation Relationship

Work must stop and your supervisor notified immediately where you see an unsafe situation or act
that could cause harm. The BBS procedure is a tool that can be used to observe unsafe situations
although the stop work obligation is not limited to when a task is initiated but must be used anytime
there is an unsafe act/situation observed.

10.5 The Risk and the Management of Change Process Relationship

The management of change process identifies and mitigates the risks that arise when there is a
required change to (COMPANY NAME)resources, systems, infrastructure and/or standard operating
practices and procedures.

HOD’s, Line management and Supervisors are responsible for using the change management
process. Department Managers have the ultimate responsibility for ensuring the process is being
used properly.

10.6 Links to Quality

Risk should be managed as an integrated part of the HSE’s overall approach to quality
improvement. Not to do so would result in fragmentation and missed opportunities. The risk
management process intertwines with the quality cycle, which includes the stage of risk
identification i.e. identifying areas for improvement, risk treatment and monitoring and evaluation
and secondly at the stage of risk treatment i.e. putting in place improvement programmes.

It is essential to ensure that the quality cycle includes the identification of risks from Action planning
to treat risks identified form part of the continuous quality improvement cycle. Tools such as the
‘Plan, Do, Check, Act (PDCA)’ cycle could be a useful resource in determining and implementing
treatment (action) plans. The treating of risks through a structured quality improvement process is a
very powerful mechanism and one which is capable of targeting the quality programmes to areas of
need in a prioritized way.

REVISION NO: 00
(Company Name) Page 15 of 25
DATE: 01/01/2020
 (Company Logo)
HSEQ SP-00
STANDARD PROCEDURES (procedure number)

RISK & OPPORTUNITIES MANAGEMENT PROCEDURE

11. Management of Opportunities

(COMPANY NAME)is actively seeking out opportunities which could enhance its financial viability
and market position. For example:

 Obtaining new contracts

 Obtaining access to new markets
 Identification of new industries which may be served by (COMPANY NAME)
 Development of new offerings that are within the scope of capabilities of (COMPANY NAME)
 Streamlining existing processes to improve efficiency and reduce costs

Opportunities are identified in 5.1.1 Establishing Context of the Organization described above.

Discussing and analyzing opportunities shall be carried out by the Top Management. If made part of
the Management Review activities, these shall be recorded in the Management Review Meeting
Records.

To help determine which opportunities should be pursued, the organization may conduct an
“opportunity pursuit assessment.” This ranks potential positive opportunities by their likelihood of
success and potential benefit.

The Opportunity Pursuit Assessment is conducted by:

 Identifying the opportunity

 Identifying the process for which the opportunity most likely falls under.
 Assigning a probability rating to the identified opportunity; this probability that the organization
can achieve the opportunity. It is comprised of two elements: likelihood and previous
occurrences.
Each element is given a score from 1 (lowest probability) to 5 (highest probability).
The final probability rating is the average of the elements.
 Assigning a benefit rating to assess potential benefits if the opportunity is won.
This is comprised of six elements:
 Potential for New Business;
 Potential Expansion of Current Business;
 Potential improvements in the organization’s ability to satisfy regulatory or statutory
requirements;
 Potential improvements to the Integrated Management System (IMS);
Potential enhancements of (COMPANY NAME)reputation;
 Estimated cost of implementation.

REVISION NO: 00
(Company Name) Page 16 of 25
DATE: 01/01/2020
 (Company Logo)
HSEQ SP-00
STANDARD PROCEDURES (procedure number)

RISK & OPPORTUNITIES MANAGEMENT PROCEDURE

Each element is given a score from 1 (lowest benefit) to 5 (highest benefit). The final benefit rating
is the average of the elements.
Calculating a final Opportunity Factor based on the equation:

PROBABILITY RATING x BENEFIT RATING = OPPORTUNITY FACTOR

For opportunities with a final Opportunity Factor rating equal to or greater than the threshold set in
the Opportunity Register (score of 9), management will decide whether to pursue the opportunity
through an “opportunity pursuit plan” or to abandon the opportunity altogether.
Opportunity Pursuit Plan must be documented, either in the Opportunity Register or in another
document which must be referenced on the form.
Opportunities with a factor less than the opportunity target rating (score of 9) may be abandoned
outright, unless otherwise directed by management.
The final column allows for entry of success result, once the opportunity has been closed; this
includes entries for abandoning the opportunity, failing to win the opportunity, and three grades of
success.

Analysis of any opportunity will generally result in one of the following possible determinations:

1) Take the opportunity

2) Pursue the opportunity
3) Explore the opportunity in greater detail before proceeding
4) Accept the opportunity, but under limited and controlled conditions
5) Decline the opportunity, typically based on a high expected cost or low anticipated benefit.

REVISION NO: 00
(Company Name) Page 17 of 25
DATE: 01/01/2020
 (Company Logo)
HSEQ SP-00
STANDARD PROCEDURES (procedure number)

RISK & OPPORTUNITIES MANAGEMENT PROCEDURE

Table 1: Opportunity Matrix

Almost Certain
5 10 15 20 25
5
Likely
4 8 12 16 20
4
Probable
3 6 9 12 15
3
Occasional
2 4 6 8 10
2
Unlikely
1 2 3 4 5
1
Probability
Very Low Low Moderate High Very High
1 2 3 4 5
Consequence

Table 2: Opportunity Management Action

Risk Level
Descriptor Management Action Required Time Frame
Range
Immediate action by senior
Take 16 to 25 Take the opportunity
management

Pursue 10 to 15 Pursue the opportunity Urgent action by Senior management

Explore the opportunity in greater Action by due date, Timely action by

Explore 6 to 9
detail before proceeding line management.
Action by relevant personnel to
Accept the opportunity, but under
Accept 3 to 5 ensure no negative impact on
limited and controlled conditions
organization
Decline the opportunity, typically
Decline 1 to 2 based on a high expected cost or low None
anticipated benefit

REVISION NO: 00
(Company Name) Page 18 of 25
DATE: 01/01/2020
 (Company Logo)
HSEQ SP-00
STANDARD PROCEDURES (procedure number)

RISK & OPPORTUNITIES MANAGEMENT PROCEDURE

12.0 SUPPORTING DOCUMENTS

 Risk Assessment Record

 Environmental Aspect Scoring
 Toolbox Talk
 Job Hazard Analysis (JHA)
 Risk Assessment Register

13.0 REFERENCES

 Internal References
 Risk Assessment Process Flow Chart
 Risk Assessment Register
 (COMPANY NAME)HSEQ policy
 Stop Work Policy
 (COMPANY NAME)Risk Management Policy
 Internal Audit Procedure
 Management of Operational Change Procedure
 Behavior Based Safety Procedure
 Hazard and Business Risk Register

REVISION NO: 00
(Company Name) Page 19 of 25
DATE: 01/01/2020
 (Company Logo)
HSEQ SP-00
STANDARD PROCEDURES (procedure number)

RISK & OPPORTUNITIES MANAGEMENT PROCEDURE

HAZID STUDY PROCESS

REVISION NO: 00
(Company Name) Page 20 of 25
DATE: 01/01/2020
 HSEQ SP-00
STANDARD PROCEDURES procedure number

RISK MANAGEMENT PROCEDURE

ANNEX A - HAZARD PROMPT CARD

Psychological/
Biological
Physical Hazards Chemical Hazards Capability/Behavioural Ergonomic
Hazards
Hazards
Chemical - depends on
Repetitive movements,
the physical, chemical
Biological - improper set up of
and toxic properties of psychosocial - Excessive
bacteria, workstation, Poor
High / Low the chemical, work load, lack of
viruses, insects, ergonomics, Posture
Slip/trip/fall Hazards temperature communications,
plants, birds, tasks with repetitive
Chemicals/Pollution/Cont workplace environment
animals, and strain injury potential,
aminants leading to stress
humans, etc., or leading to upper limb
Exposure to hazardous
disorders etc.,
materials
Substances hazardous to Physical violence, bulling Working in Machinery
Working at height / over
health and safety due to or intimidation within the Bacteria, virus, Spaces
side Crane operations
inhalation (CO, H2S, work place leading to diseases, Fungi Manual Handling
Fall from Height
hydrocarbons etc.) stress DSE
Moving parts of Contact with or being Involvement in a major
Dangerous
machinery/ absorbed though the accident leading to post
Insects
Vehicles body (acid) traumatic stress
The Human Element - Dangerous
Physiological, Psychological animals
Lighting levels & Competence related
Ingestion (Lead paint, hazards
Pressure/Vacuum
food poison, etc.) Fatigue
Stress
Violence
Lone Working
Unstable objects, falls Transport hazards, Stored chemical that Sensory Overload
form height of objects on road or degrade over time Loss of concentration
such as tools or premises (oxidizers) Lack of capabilities, skills,
materials knowledge etc.

REVISION NO: 00
COMPANY NAME Page 21 of 25
DATE: 01/01/2020
 HSEQ SP-00
STANDARD PROCEDURES procedure number

RISK MANAGEMENT PROCEDURE

Harmful energy
source-radiation,
Noise form machinery Lack of oxygen
vibration, noise,
electricity
Sparks / material
Position and Capabilities and/or short-
from welding / Fumes / Noxious Gases
entrapment comings of persons tasked
grinding
with carrying out specific
Moving/Swinging Ionising Radiation evolutions
Explosives
objects UV radiation /
Voltage Infra-Red Flammable materials
Restricted access / Non-ionising Behavioral characteristics
egress radiation of persons i.e. “sky-larking”
Weather and so forth.
Single Point failures
conditions
Inadequate room Human Error
to work, low Slips
headroom Asphyxiation Lapses
Gas poisoning
Dust
Weak structures Mistake
Vibration
Violation
extremes
High Pressure /
vacuum
Radiation

REVISION NO: 00
COMPANY NAME Page 22 of 25
DATE: 01/01/2020
 HSEQ SP-00
STANDARD PROCEDURES procedure number

RISK MANAGEMENT PROCEDURE

Mechanical
Contact hazards:
Being hit by
Caught
in/on/between
Struck against/by
Working environment
Friction
hazards:
Colliding
Rolling, pitching , Ship
Punching (also
heave or roll
high pressure
Wind, sea adverse
equipment)
conditions
Cutting
Pollution
Moving parts
Flying particle
Machine guarding,
equipment
malfunctions or
breakdowns.
Sudden Dynamic
Weight related
Release:
hazards:
Spring-release
Stability
(snap back)
Parting suspension
Parting under
Being buried under
tension (whiplash -
Collapsing pile
mooring ops.)
Over exertion (weight
and movement)

REVISION NO: 00
COMPANY NAME Page 23 of 25
DATE: 01/01/2020
 HSEQ SP-00
STANDARD PROCEDURES procedure number

RISK MANAGEMENT PROCEDURE

Electrical hazards:

High voltage; Speed related

electrocution hazards:
Heat development;
sparks Centrifugal
Short circuit; arc linear
Lightning

REVISION NO: 00
COMPANY NAME Page 24 of 25
DATE: 01/01/2020
COMPANY LOGO
HSEQ
SP-04
STANDARD PROCEDURES

RISK ASSESSMENT PROCESS FLOW CHART

REVISION NO: 00
COMPANY NAME Page 25 of 25
DATE: 01/01/2020