UC Chemical Safety & Security Initiative – A Collaborative Approach Erike Young, ERM Deputy & Director of EH&S Luanna Putney, Executive Director of Ethics and Compliance Goals • Understand the risks related to chemical safety and security in higher education • Discuss considerations for prioritization of key risks • Provide input on risk mitigation activities for sharing with UC Chemical Safety and Security Workgroup during first meeting in July A Collaborative Approach Compliance Regulatory compliance describes the goal that corporations or public agencies aspire to in their efforts to ensure that personnel are aware of and take steps to comply with relevant laws and regulations. The United States Sentencing Commission defines an effective compliance program as one that: 1. Exercises due diligence to prevent and detect criminal conduct; and 2. otherwise promote an organizational culture that encourages ethical conduct and a commitment to compliance with the law. Risk Services Risk management is the identification, assessment, and prioritization of risks (defined in ISO 31000 as the effect of uncertainty on objectives, whether positive or negative) followed by coordinated and economical application of resources to minimize, monitor, and control the probability and/or impact of unfortunate events to maximize the realization of opportunities. Managing Risk: Congruent Goals • Targeted Risk Assessment • Risk Financing • Risk Control / Mitigation • Promote culture of risk awareness Risk Services Ethics & Compliance • Assess Regulatory Risks • Develop Mitigation Plan • Monitor Key Mitigation Activities • Promote culture of ethics and compliance • Assess Key Financial and Operational Controls • Advisory Services • Key Management Business Partner Internal Audit Assisting Campus/Lab/OP to Meet Operational Needs Across All Risk Venues Campus/Lab/OP Management • Strategic Planning • Managing Identified Risks from all Perspectives Understanding the Risks In the News….. • UCLA Settlement Agreement • UCSF Lawsuit regarding Richard Din • UC Davis Chemical Surety David Snyder Understanding the Risks Regulations galore…. • Cal/OSHA • DOT • DOE • EPA • FAA • TSCA Law enforcement…. Understanding the Risks Enforcement focus….. • Proposed Changes to Cal/OSHA Section 334 Repeat Violations – Current regulations allow for Repeat Violation when same violation occurs at same campus/department – Proposed Regulation would allow for Repeat Violation when “employer” has same violation at another location in state. – Potential for increase for • Repeat Violations - $18,000 • Serious and Willful - $70,000 National trade organization attention…. What is “Risk”? Risk is present in everything we do. ISO 31000 definition of risk: Risk = the effect of uncertainty on objectives. Risk can be a threat or an opportunity Anything that could harm, prevent, delay or enhance your ability to achieve your objectives = risk What is ERM? (Enterprise) Risk Management is a coordinated effort to direct and control all activities related to risk. It defines risk as the effect of uncertainty on objectives. It therefore ties the management of risk to what is most important to the organization. The responsibility for managing risk is spread across the organization to those who have accountability and authority – risk owners. ANSI/ASSE/ISO 31000:2009 Types or Risk Exposures in ERM Hazard risk ◦ risks related to accidental losses, such as workplace injuries, liability torts, property damage, and natural disasters. Financial risk ◦ risks related to financial activities, such as pricing, asset valuation, currency fluctuations, and liquidity. Operational risk ◦ risks related to operations, such as supply chain, customer satisfaction, product failure, or loss of key personnel. Strategic risk ◦ risks related with an organization’s long-term goals and management, such as partnerships, mergers, and acquisitions. Compliance risk ◦ risks related to violations of or nonconformance with laws, rules, regulations, prescribed practices, internal policies, and procedures, or ethical standards. Reputational risk ◦ risks related to the trustworthiness of business. Damage to a firm's reputation can result in lost revenue or destruction of shareholder value. Fire Extinguishers • Cal/OSHA Title 8 CCR 6151- Fire Extinguishers e) Inspection, Maintenance and Testing. • (1) The employer shall be responsible for the inspection, maintenance and testing of all portable fire extinguishers in the workplace. • (2) Portable extinguishers or hose used in lieu thereof under Subsection (d)(3) of this Section shall be visually inspected monthly. (d) Selection and Distribution. • (1) Where portable fire extinguishers are provided for employee use, they shall be selected and distributed based on the classes of anticipated work place fires and on the size and degree of hazard which would affect their use. • (2) The employer shall distribute portable fire extinguishers for use by employees on Class A fires so that the travel distance for employees to any extinguisher is 75 feet (22.9m) or less. Assessing the Risks • Multiple models to identify and prioritize risks Controlling Risks • Concept of Undercontrolled and Overcontrolled • What are examples of undercontrolled risk? • What are examples of overcontrolled risks? Case Study – Identifying the Risks Billy is a 2nd year undergraduate at UCX and was just accepted into a large prestigious lab to conduct experiments related to the mammalian cell cycle. The experiments he will conduct require use of several dangerous chemicals to disrupt the cell cycle. He has never worked in a laboratory before and will be responsible for everything from ordering materials to disposing of experimental waste. What operational, strategic, financial, and compliance/ethics risks should be considered when thinking about chemical safety and security? Case Study: Chemical Safety and Security Risk Assessment • Risk Ranking Tool -- Exercise Prioritization of Risks: Risk Ranking Using the UCB Model First Meeting: July 24, 2014 What Does This Group Need to Know? ? ? ?