5 Analytics Tips for Your Chief Safety Officer

Safety data
Industries on average experience 3.2 non-fatal occupational injuries per 100 full-time workers, according to the U.S. Bureau of Labor Statistics. Some industries have nearly four-times this rate. Similar statistics exist for workplace illnesses and, unfortunately, fatalities. Could analytics be a solution for lowering these statistics?

Companies today gather huge volumes of operational and enterprise data, plus they have access to myriad sources of external data such as weather, traffic and social media. Unfortunately, this data is normally stored and analyzed in siloed data systems that are scattered across the enterprise. There are, however, steps a chief safety officer (CSO) can take to apply analytics to all available data to reduce incidents and, therefore, safety-related costs.

Here are five steps CSOs and other safety leaders can take to be smarter about data and safety.

1. Know your network

To reduce incidents and therefore safety-related costs for your organization, you need to know the what, where, when, why and how of accidents. After all, accidents happen at a specific time and place, and involve specific people and pieces of equipment. Knowing your network of time, place and equipment speeds up response time when accidents happen, and can even prevent them.

Analytics systems are now able to correlate, analyze and visualize operational, enterprise and external data from across your company. The resulting information can identify the situations, patterns and trends that indicate hazardous but preventable conditions. You can more clearly see the job roles, work sites and times of the day or week that pose the greatest risk. This information lets you invest your time, money and effort where it has the greatest impact.

2. Collaborate across departments

When you have analytics illuminating the times, places and activities of greatest risk, share that with everyone who can help reduce that risk. Workers and their supervisors need to know what the data indicate about risk, so that they can make appropriate changes. Your facilities department needs to know that some aspects of a work site—lighting, ventilation, access and drainage—contribute to unsafe conditions. Human Resources needs to know what training and certification is required, or should be offered, to increase staff potential.

But collaboration isn’t simply feeding analytics to various job roles. It is important that all those roles—operations, facilities, HR and more—share the same view of analytics in order to work together to address dangerous conditions before something happens.

3. Learn to trust your own data and analytics

There is now too much data arriving too quickly for us humans to manually gather and analyze. It’s still common for business and risk analysts to spend 80% of their time gathering data and only 20% applying it to solving problems. Analytics systems that correlate and analyze multiple data sources flip that equation, enabling analysts to spend 80% of their time acting on insights from data to solve problems.

While you might be willing to trust the math of analytics, you are probably like a lot of leaders who don’t trust their data. Many leaders believe their data is too incomplete, inaccurate, outdated or irrelevant to support an analytics program. When people say this, I usually ask them how they know their data is bad. Until you work with your data, you don’t really know its condition. When you start working with your data to solve a use case, you can address any data quality issues related just to that use case, without needing to somehow fix all of the data.

4. Look for analytics-leveraging skills when hiring

There is a witticism in the business world that “Culture eats strategy for breakfast.” While sayings like this can be cliché, in the case of analytics, this one is true. If your human and work culture doesn’t embrace data-driven decision making, any analytics strategy faces uncertain odds of success.

To establish an analytics culture within your organization, hire people who are comfortable exploring and applying data. You don’t necessarily need to hire data scientists, as that skillset is available from consultants and vendors if and when it is needed. You do, however, need people who are curious and capable of working with each other, and with data scientists, to formulate inquiries, pursue those inquiries, and apply the insights they discover.

5. Start small, but start now

Existing company safety programs that are not data-driven struggle to show their impact. That makes funding harder to justify, which can mean safety programs grow stale over time. If you’d like your organization to be better at safety and analytics, but struggle to measure the effectiveness of your investment in safety programs, it is possible to start small.

Any CSO can immediately identify their most dangerous job role or location. Start with one of those dangerous situations, use data to drive tangible changes in facilities, tools, process or training, and measure the results.

It is really that simple. You can start small, but at least start—now—and make safety a priority.

New Approaches Needed for Effective Data Risk Management

virus

Over time, the role of corporate legal departments has expanded to address the increasing risks in corporations—from increasing involvement in implementing corporate policies to leading employee training on procedures for managing electronic communications, social media, and bring your own device (BYOD) policies. This shift, however, is not enough to meet the challenges posed by an increasing range of risks proliferating within global organizations. Legal and compliance groups must also take the lead in finding new ways to leverage the power inherent in their data and address the challenges posed by massive data stores, information and network security challenges, as well as regulatory compliance requirements.

Failings of Traditional Strategies

In the past, organizations used straightforward, people-intensive methods to search for and remediate risk. For example, organizations instituted policies training, hoping that it would be sufficient to corral employee use of electronic communications, BYOD, and social media. Some may have formed working groups or intradepartmental committees designed to consider the implications of data privacy or information security for their businesses. Others rely on basic technology, such as keyword searches, that trigger electronic alerts when they find a hit in a document.

While these tools are still important to demonstrate compliance, they are insufficient alone to monitor for risk. Older technology falls short when it comes to handling unstructured data, such as e-mail. For example, discerning employees will be too cautious to use triggering keywords such as “donations” or “bribes” when referring to illicit activity. Keywords are also notoriously inaccurate: if over-inclusive, they may yield a stockpile of irrelevant information, while under-inclusive keywords could omit critical documents from discovery.

Trends Drive New Risk Management Approaches

Three recent trends—escalations in data volumes, increasing threats to data privacy and security, and heightened regulatory scrutiny—highlight the need for more intensive means to investigate risk in organizations.

1-Burgeoning Data Stores

With today’s hyperfocus on information, risk follows data. The more data sources organizations have, and the more locations for storage of data, the greater the legal exposure.

Email is perhaps the most insidious source of risk, as hackers may look to exploit unwitting employees who may open spoofed e-mails containing malware or viruses designed to attack the corporate network. Along with e-mail, employees also have more ways than ever to share confidential corporate data such as trade secrets with outsiders. Newer forms of unstructured data, such as social media and instant messaging, allow people to disperse troubling information even more rapidly than before.

As more organizations look for low-cost storage for their data reserves, they have turned to the cloud—yet another source of potential risk to data privacy. Cloud providers may be susceptible to the same hacker schemes as employees. Moreover, depending on the terms of their service-level agreements, they could employ lax security protocols, lack disaster-recovery plans, share data with other clients, or transfer data to third parties, all without notifying the data owner. Furthermore, depending on the location of the cloud storage, it may trigger the application of international laws that protect data privacy and prevent the processing or transfer of a corporation’s data.

2-Data Privacy and Security

Traditional approaches to risk management are poorly equipped to meet the demands imposed by today’s data privacy and security regulations, particularly when it comes to the need to protect personally identifiable information, protected health information, nonpublic information, trade secrets, and privileged data.

This is especially true for global organizations, which are likely to have information cross international borders and trigger other nations’ data privacy schemes. Many nations have adopted restrictive schemes designed to protect their citizens’ personal information, such as the European Union’s Data Protection Directive, which controls when and how organizations can collect, process, store, alter, retrieve, and transmit this personal data. Many nations in the Asia-Pacific region have also created data privacy regimes, including China, which has blocking statutes that forbid the cross-border transfer of documents that contain “state secrets” as well as confidential commercial information.

Domestically, organizations must worry about laws such as the Health Information Technology for Economic and Clinical Health (HITECH) Act, which extends the Health Insurance Portability and Accountability Act (HIPAA) to a covered entity’s third-party business associates. Under HIPAA’s Security Rule, organizations and their business associates must take reasonable measures to safeguard protected health information. Organizations must vigilantly monitor their data to ensure there are no gaps in security that would violate these rules.

3-Regulatory Enforcement

The nation’s regulatory framework is becoming more complex almost by the day. Regulations that supplement laws such as the Foreign Corrupt Practices Act (FCPA) and the International Traffic in Arms Regulations (ITAR) have generated new areas of vulnerability, particularly when it comes to third-party relationships.

For example, the current administration has taken the position that no FCPA infraction is too small to prosecute. Organizations that fail to take proactive measures to search for, disclose, and remediate misconduct are likely to face substantial penalties if a regulatory agency discovers misconduct. Traditional tools, such as internal audits, are not up to the task of detecting the malfeasance of internal fraudsters, who may mask their corrupt behavior with code words or other innuendo that make it difficult to discover using keywords. Unless more advanced tools are used, an organization’s best defense against fraud might be reliance on tipsters.

A similar approach is required to ensure compliance with ITAR. This law imposes stiff penalties, including millions in fines, against U.S. organizations that export “defense articles” without government authorization. “Articles” is defined so broadly that it covers technical, defense-related data in documents, blueprints, drawings, photographs, plans, or instructions. The Directorate of Defense Trade Controls, the U.S. agency that enforces ITAR, is likely to take a more lenient approach with companies that have implemented a rigorous compliance program and that voluntarily disclose and remediate any failures.

Data-Driven Tools

Risk professionals now have a number of advanced analytics tools at their disposal to counteract the additional risks that lurk in emerging forms of data. Linguistic analysis techniques can identify instances where employees use seemingly innocuous words or phrases to engage in subterfuge. Concept clustering is a tool that isolates subtle patterns within documents that seem dissimilar to the untrained—or undigitized—eye. These conceptual search tools can identify patterns in documents, based on keywords or chunks of text, and flag the documents that refer to items that might fall within ITAR’s purview. Data visualization tools can analyze relationships and look for troubling connections that might violate the FCPA, such as links between employees, vendors, and foreign officials. In addition, anomaly detection tools can scan records for irregularities, such as unusual recurring payments.

Counsel, risk and compliance professionals can also apply tools such as technology-assisted review (TAR) to prioritize documents for review based on the likelihood that they contain material of concern. Using TAR, experienced legal counsel code a seed set of documents for relevancy to the issue at hand. Once done, they feed these documents into a computer that is programmed to uncover the logical reasoning behind the lawyers’ coding decisions. Sophisticated algorithms then apply that logic across an entire document population. The process is iterative, so that ultimately the computer’s logic closely mirrors the lawyers’ coding decisions. Organizations can use TAR to limit the population of documents for review, thus expediting the data mining process.

Mitigating Risk with Predictive Modeling

One of most effective risk management philosophies is to work smarter, not harder, implementing holistic tools, such as predictive analytics to ensure it is minimized. More often than not, companies implement blanketed management programs, applying the same strategies to all employees regardless of performance. With this approach, employers waste time and effort focusing on employees who are not at risk, leaving room for at-risk employees to go unnoticed. On an opposing front, many companies use the “squeaky wheel” approach, diverting all of their attention to employees that actively demonstrate troublesome behaviors. While this approach targets a greater amount of at-risk employees, it still leaves room for some to go undetected.

Alternatively, a strategic employee-specific management program allows employers to identify at-risk employees regardless of how “squeaky” they are. The theory behind an employee-specific management program is simple – monitor your employees for changes that indicative risky behavior.

More often than not, these changes are subtle and undetectable to employers. Even with a team of risk management professionals, the necessary attention to detail is near impossible for companies with thousands of employees. So, how can we efficiently monitor for and detect these subtle changes?

Enter predictive modeling

Predictive modeling is an effective tool that addresses the needs of many industries – turning hundreds of thousands of data points into tangible data that can predict anything from consumer demands to credit scoring and anything in between. Challenging traditional personnel management practices, predictive modeling shines a light on the psychology behind today’s work force.

Predictive modeling has become an essential tool for companies across the globe, playing a role in nearly every industry, from marketing to finance, trucking, and the risk management sector. It provides employers with a unique look into the subtle, yet profound, fluctuations in employees’ behaviors that often go undetected. Examining thousands of data points and trends from past events, predictive modeling possesses the power to identify changes in behavioral patterns and predict the outcomes of future events, arming managers with the knowledge needed to proactively intervene with the right employee, on the right subject, at the right time to avoid events such as workers’ compensation claims and voluntary employee turnover.

With this information on hand, employers are able to replace their blanketed risk management program with a streamlined, employee-specific program, saving time and money—and most importantly, lowering risk. To understand the value offered through predictive modeling, one must understand that most employees would not be classified as “at-risk” at the time of employment. It’s the events that occur after the onboarding that mold the employee’s work behavior and create liabilities.

Notably, it is not just work-related problems that can put employees in the “at-risk” category. Often, medical or personal issues can cause changes in an employee’s work habits and behaviors. Tapping into historical data, predictive modeling is able to detect subtle changes and bring at-risk employees forward for remediation. With this information on-hand, managers can proactively connect with their employees to address an issue before it snowballs into a costly incident.

As one of the most risk-prone industries, the transportation space leverages predictive modeling to monitor employees for unsafe driving behaviors which can result in hefty violation fines and accidents. For example, if a driver is dealing with an ill grandmother, he or she may be paying less attention to the road and spending more time on the phone scheduling doctor appointments and responding to calls. Based on past performance, his or her manager will be alerted that the employee is hard-braking more than usual and spending more time in idle. By opening the channels of communication between the driver and manager, they can work together to identify a solution, whether it be an adjusted work schedule or a reduced workload.

Additionally, predictive modeling can help managers focus on causation rather than correlation. When an incident occurs, many managers tend to put emphasis on what happened, not why it happened. As a result, they often work to fix the correlating issue rather than addressing the root cause.

By analyzing the data gathered through predictive modeling, managers can reflect on the changes in employee behaviors, corporate management or workload leading up to the incident. Recognizing the fluctuation leading up to the accident, managers can proactively monitor for similar incidents and intervene.

An example of this is a risk all managers dread – workers compensation claims. Many companies have accepted workers comp claims as a cost of doing business, failing to understand the factors leading up to the claim. Prior to filing a claim, an employee may be feeling under-motivated and overworked, often putting in the bare minimum and cutting corners with little attention to detail. The reduced attention span lands him or her in trouble when there is a resulting injury on the job and puts the company at risk for a costly claim. With predictive modeling, the manager is able to identify the changes in the employee’s work performance and identify the root cause. Further down the line, the manager can also monitor for similar situations and proactively work with the employee to make his or her work experience more positive.

As managers continue to look beyond traditional methods to better manage their employees and overall company operations, they will be able to capitalize on innovative technologies, such as predictive analytics, to help retain top talent, reduce risk, and build better, longer-lasting relationships with their employees. With growing adoption of proactive risk management solutions, today’s workplace will continue to become a safer, stress-free environment for all.