Operational Risk Management and Risk Analysis principles apply to physical training and should be utilised by the fitness professional and organisation to ensure safe training without unnecessary risk.Search, Person


The purpose of this article is to explain the principles that apply to Operational Risk Management.

Defining Operational Risk Management

Operational Risk Management (ORM) is the process of dealing with risk associated with military operations, which includes three elements:

  1. Risk assessment;
  2. Risk decision making; and
  3. Implementation of effective risk controls.

It is a decision making tool which increases the ability to make informed decisions and reduces risks to acceptable levels. The goal of ORM is to optimise operational capability and readiness by managing risk to accomplish the mission with minimal loss.

Defining the Terms

  • Hazard: A condition with the potential to cause personal injury or death, property damage, or mission degradation.
  • Risk: An expression of possible loss in terms of severity and probability.
  • Severity: The worst credible consequence that can occur as a result of a hazard.
  • Probability: The likelihood that a hazard will result in a mishap or loss.
  • Risk Assessment: The process of detecting hazards and assessing associated risks.
  • Control: A method of reducing risk for an identified hazard by lowering the probability of occurrence, decreasing potential severity, or both.

Five Step Process

There are five steps to the ORM process:

  1. Identify hazards;
  2. Assess hazards;
  3. Make risk decisions;
  4. Implement controls; and
  5. Supervise.

Causes of Risk

There are a number of causes of risk that fitness professionals should be aware of:

  • Change;
  • Resource constraints;
  • New technology;
  • Complexity;
  • Stress;
  • Societal constraints;
  • Environmental influences;
  • Human nature;
  • Speed/Tempo of operations; and/or
  • High energy levels.

The Four Principles

There are four principles regarding ORM:

  1. Accept risk when benefits outweigh the cost;
  2. Accept no unnecessary risk;
  3. Anticipate and manage risk by planning; and
  4. Make risk decisions at the right level.

Levels of Application

There are three levels of application to consider:

  1. Time-critical: On the run consideration of the five steps. Entails a quick mental review or discussion using the five steps during the execution phase of operations/training and for crisis response planning.
  2. Deliberate: Application of the complete five step process. Slightly expanded, more detailed application of the five steps in planning for an operation or reviewing procedures. This process level is used when there is a good understanding of the issues based on experience.
  3. In-depth: Complete five step process with detailed analysis. Basically the same as deliberate but with a more thorough risk assessment (first two steps). It is used to more thoroughly explore the hazards and their associated risk in a complex operation or system, or one in which the hazards are not well understood. A process involving statistics or numerous complicated steps.

Risk Assessment Matrix

When conducting a risk assessment, you must factor in the severity of the hazard, the probability of occurrence, and assign a risk assessment code to determine the risk level (Table 1 overleaf). You must then determine what level of risk is acceptable for the activity.

Table 1: Risk assessment matrix

Probability of Occurrence











Cat I





Cat II










Cat IV





Severity is divided into four categories:

  • Category I: The hazard may cause death, loss of facility/asset or result in grave damage to organisational interests.
  • Category II: The hazard may cause severe injury, illness, property damage, damage to organisational interests or the degradation of efficient use of assets.
  • Category III: The hazard may cause minor injury, illness, property damage, damage to organisational interests or the efficient use of assets.
  • Category IV: The hazard presents a minimal threat to personnel safety or health, property, organisational interests or efficient use of assets.

Probability of occurrence is divided into four sub-categories:

  • Sub-category A: Likely to occur immediately or within a short period of time. Expected to occur frequently to an individual item or person or continuously to a unit, inventory or group.
  • Sub-category B: Probably will occur in time. Expected to occur several times to an individual item or person or frequently to a unit, inventory or group.
  • Sub-category C: May occur in time. Can reasonably be expected to occur at some time to an individual item or person or several times to a unit, inventory or group.
  • Sub-category D: Unlikely to occur.

Risk Assessment Code

The Risk Assessment Code (RAC) is an expression of risk which combines the elements of hazard severity and mishap probability. Using the matrix, the RAC is expressed as a single number that can be used to help determine hazard abatement priorities. In some cases, the worst credible consequence of a hazard may not correspond to the highest RAC for that hazard. One hazard may have two potential consequences. The severity of the worst consequence may be unlikely, resulting in a lower RAC.

ORM vs. Non-standard Approach

  • Systematic vs. random, individual-dependent;
  • Proactive vs. Reactive;
  • Plan vs. Safety;
  • Common process vs. non-standard; and
  • Conscious decision based on risk and benefit vs. ‘Can Do’ regardless of risk.

Benefits of ORM

  • Reduction in mishaps; and
  • Improved mission effectiveness.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.