Who Owns the Safety Risk?

Who owns the safety risk in your organization? Many assume it’s the Head of Safety - I would disagree. 

To understand why, let me first ask you a different but related question - Does the Head of Safety have the authority over financial, physical, and human resources to make final decisions on resourcing safety risk controls that keep your organization within its acceptable safety risk appetite? 

If the answer is “no” to that second question, and I bet it is, then the Head of Safety should not be the one who owns the organization’s safety risk. Instead, the process owner of the operation, process or system being risk assessed should own the safety risk. And the accountability must flow to those process owners from the very top of the organization, starting with the Accountable Executive (AE) for Safety.

You see, without the authority to effect change, there is no control granted to the Head of Safety to properly control or mitigate the safety risk. Further, if the Head of Safety is responsible for the safety risk, who then is the independent, corporate conscious of the organization with oversight responsibilities of the safety program? 

Let’s dig in further…

Who is the Accountable Executive (AE) for Safety?

Safety risk ownership should start with the AE, who should be the highest-ranking executive with authority over any of the organization’s allocation of resources—financial, physical, and human—that could influence safety risk controls. This is typically the CEO or a similar role. It is important the AE is at the highest level to ensure there is a delegation of authority for safety risk through the ENTIRE organization. 

Who are Process Owners and what role do they play in Safety Risk Decisions?

So if the AE ultimately owns the safety risk, does the AE make every decision on safety risk throughout the organization? - NO - 

The authority for safety risk flows to the “Process Owners” of a given operation, process or system in question. The process owners are the cascading levels of leadership throughout the organization that have the delegated authority, descending from the AE, for the allocation of resources, meaning the leader with direct oversight and authority, of that operation, process or system.  

Further, because these process owners have this control, they are then delegated the authority to make decisions on the safety risk for the programs within the scope of their leadership - in alignment with the level of the risk identified. Meaning, the higher level of risk, the higher level of leader is required to make decisions on that risk. For example, a manager within the process owning organization may be authorized to make decisions on low levels of risk while a director may need to step in for moderate risk. For high levels of risk, it may need to go to the VP level. 

Making Safety Risk Ownership a Personal Responsibility

This setup of safety risk ownership is powerful and intentional. When process owners are forced to own and accept safety risk, not only is it putting the decision with the leader that has the control to effect risk controls, but it also creates a heaviness of responsibility - one that cannot be pushed off onto the Head of Safety. This weight is intentional. It ensures that safety risks are acknowledged at the correct leadership levels and that they are fully aware of the potential consequences of their decisions.

To solidify this responsibility, some organizations require process owners to literally sign off on the risk they are accepting. This signature process further enforces accountability and drives a more cautious and informed decision-making process.

What is the Role of the Head of Safety?

If the Head of Safety doesn’t own the safety risk, what do they do? 

Their role is twofold:

1. Build, facilitate, and ensure proper execution of the safety policy and program.

2. Act as the independent corporate conscience by exercising their authority through escalation when necessary.

The Head of Safety, and subsequently the Safety Team, does not own the safety risk but does have input into the ultimate decision making - just not directly. 

Where the safety team disagrees with a decision made by process owners—believing the safety risk being accepted is outside of the organization’s risk profile or that the safety risk management process was not followed correctly—they have authority to escalate their concerns up the leadership chain. This escalation process can continue all the way to the Accountable Executive for Safety, ensuring that no unacceptable risks, or improper use of the safety program, are overlooked.

And by the time a decision reaches the AE, it has been thoroughly documented, analyzed, and debated - ensuring a thoroughly informed decision is made.

Safety Risk Decision Options

So what do I mean by making decisions on safety risk? 

When reviewing a safety risk assessment, process owners typically have the following options:

• Accept unconditionally – The operation continues with no additional mitigations.

• Accept, stop and mitigate – Operations cease until mitigations are fully implemented.

• Accept, continue and mitigate – Operations continue while mitigations are developed and applied.

• Escalate decision – The decision is moved up the hierarchy.

• Stop operations indefinitely – No intention to mitigate; the operation is halted permanently.

Establishing a Hierarchy for Safety Risk Decision-Making

As I mentioned earlier, safety risk decisions should be made by the process owning leadership commiserate with their level of leadership authority. To maintain an orderly and efficient decision-making process therefore, safety risk decisions should follow a hierarchical structure. 

For example, if a five-level risk matrix is used, the risk should be reviewed at increasing leadership levels depending on its severity:

• Low Risk – Accepted at the Manager level

• Moderate Risk – Accepted at the Director level

• High Risk – Accepted at the VP or Executive level

• Extreme Risk – Escalated directly to the Accountable Executive (AE)

To ensure all leadership stays informed throughout the entire chain of command, the safety team should facilitate periodic risk reviews across all levels. This allows leadership to understand the risks being accepted or rejected on their behalf and ensure continual alignment with the organization’s evolving safety risk appetite.

These risk reviews often take place at the Executive Safety Committee meeting for the highest level executives. Additional, lower level risk review meetings can be established to inform lower level leadership of process owning departments.

Conclusion

Safety risk ownership must rest with those who have the authority to control and effect it—process owners who have delegated authority ultimately from the Accountable Executive of Safety, not the Head of Safety. By structuring decision-making hierarchies, requiring sign-offs, and implementing escalation pathways for the safety team, organizations can ensure safety risks are not only acknowledged but owned by leaders with the control. And it allows for the safety team to provide independent oversight.

This approach creates a culture of accountability, where safety risks are managed at the highest levels with full transparency and awareness, ultimately leading to operations remaining within the organization’s safety risk appetite.