DEVELOPMENT OF RISK CULTURE FRAMEWORK AND ITS ASSESSMENT

DEVELOPMENT OF RISK CULTURE FRAMEWORK AND ITS ASSESSMENT METHOD

TYPOLOGY OF ORGANISATIONAL RISK BEHAVIOUR HIGH RISK PROTECTION Effective Risk Control (Elimination / Mitigation) Leading to Reduced Exposure POOR UNDERSTANDING OF RISK GOOD UNDERSTANDING OF RISK LOW RISK PROTECTION Ineffective Risk Control (Elimination / Mitigation) Leading to Increased Exposure

TYPOLOGY OF ORGANISATIONAL RISK BEHAVIOUR Based on the concept of “Four States of Man” coined by Hon. Charles Haddon-Cave HIGH RISK PROTECTION Effective Risk Control (Elimination / Mitigation) Leading to Reduced Exposure RISK AVERSE RISK SENSIBLE POOR UNDERSTANDING OF RISK GOOD UNDERSTANDING OF RISK IGNORANT RISK CAVALIER LOW RISK PROTECTION Ineffective Risk Control (Elimination / Mitigation) Leading to Increased Exposure

TYPOLOGY OF ORGANISATIONAL RISK MANAGEMENT PROFILE Based on the concept of “Four States of Man” coined by Hon. Charles Haddon-Cave & ISO 31000 / ICAO SMM Based on Haddon-Cave's 'Four State of Man' Concept RISK MANAGEMENT PROCESSES (Based on ICAO SMM & ISO 31000) Risk Ignorant Risk Cavalier Risk Averse Risk Sensible Understanding of risk is LOW Risk Protection is also LOW Understanding of risk is HIGH Risk Protection is LOW Understanding of risk is LOW Risk Protection is HIGH but Excessive which is costly Understanding of risk is HIGH Risk Protection is HIGH and ALARP Identification of Risk is based on There is no risk analysis process to consider the context, worst credible scenario etc. Superficial level of risk analysis is carried out without fully understanding the context and taking that into account. reactive processes such as accidents / reactive processes such as Risk Identification accident/occurrence investigation (ISO 31000 - Recording serious incident investigations. and there may be some other & Reporting and Risk means of reporting hazards and Communication bottom risks up) Risk Analysis (ISO 31000 - Scope, Context, Criteria) Risks are assessed based on a risk matrix adopted from a source without any consultation with all Risk Assessment stakeholders including front line operators. Risk assessment activity is (ISO 31000 seen as a 'tick in the box' exercise Consultation) rather than key decision making process to allocate resources efficiently and effectively. Risk controls are only put in place to Risk Control react to accidents and serious (Elimination or incidents. They are not well thought mitigation actions and they do not Mitigation) (ISO 31000 - Treatment reduce the exposure to risks. The decisions to stop / not conduct & Communication) operations are never considered. Risk controls are not monitored during audits and inspections and not reviewed by the management on a Risk Monitoring & regular basis. Review Risks are assessed based on a risk matrix adopted from a source without any consultation with all stakeholders including front line operators. Risk/Hazard Identification is based on both reactive (accident/incident investigations) and proactive methods (voluntary hazard/risk reporting) The organisation also continually uses external data sources to identify risks and takes part in collaborative efforts in the industry. Very limited analysis of risks take place Risks are analysed in depth and results in poor understanding of risks articulated based on contextual the organisation faces. information. The analysis enables the organisation to understand all the credible outcomes and their probability for occurrence. Risk assessments consider worst case Risk are assessed based on the analysis scenarios that are not credible and the carried out with the involvement of all probabilities are overestimated due to stakeholders including frontline lack of consultation with all stakeholders operators. including frontline operators. Risk controls are not well thought mitigation actions and reduce safety margins. The decisions to stop / not conduct operations are very rarely considered. Risk Controls are developed to cover extremely improbable scenarios or the worst case scenarios are not credible. Risk mitigation measures cost the organisation unnecessary financial burden without reducing exposure to risk. Risk Controls are well thought mitigation actions to achieve ALARP but risks are eliminated - when necessary - by stopping / not conducting operations. Risk controls are monitored during audits and inspections but the effectiveness of mitigation actions are not carefully evaluated even though the regular reviews by the management take place. The risk controls are monitored and regularly reviewed but the analysis and assessment decisions are not challenged to find a balanced approach. For example, cost benefit analysis is not considered as safety is seen as number one priority. The risk controls are monitored and regularly reviewed to continually reanalyse and reassess risks based on the changing environments the organisation operates. When necessary, cost benefit analysis is carried out.

PROPOSED RISK CULTURE FRAMEWORK Typology of Organisational Risk Behaviour Competency Governance Tone at the top IRM Risk Culture Aspects Model Risk Cavalier Risk Averse Risk Sensible There is no clarity from the top management about risk tolerability e. g. risk appetite, acceptable vs unacceptable risks There is no clarity from the top management about risk tolerability e. g. risk appetite, acceptable vs unacceptable risks. Leadership communicates their position only when events happen Top management's position on risk tolerability is very clear but also very cautious. There is no appetite for any risk taking regardless of the cost implications. The organisation responds to bad news very poorly and starts blaming individuals for not managing risks effectively. There is no learning opportunity to improve risk management processes Risk ownership is not defined at all despite there are clear responsibilities defined in terms of safety etc. The organisation accepts the bad outcomes as unpredictable events and does not seek to understand the context or causal factors in depth. As a result, there is no learning opportunity to improve processes impacting on risk decision making and/or changing behaviours. There is some level of clarity in terms of risk ownership but in practice the accountabilities for managing risks are not well understood and agreed. The organisation responds to bad news immediately Bad outcomes are immediately evaluated any reactive by taking extreme measures to react towards an measures are carefully considered but not put in place unless even more risk averse position. they are absolutely necessary. The accountabilities for managing risks are well defined including when risk decisions should be escalated to top management so that frontline operators and line managers cannot take any risks The accountabilities for managing risks in various operational areas are well defined and understood by all frontline operators and managers. While certain operational risk decisions are made by frontline operators and their line managers, they also understand when certain risk decisions need to be escalated to top management level. the transparency and timeliness of risk information (Risk Communication - top down) There may or may not be a risk register but it is only updated based on accidents and serious incidents. This is not always reviewed by the top management and it is not communicated to all stakeholders including the frontline operators. There is a risk register and it updated based on bot reactive and proactive information sources however such risk information is not regularly reviewed by the top management as it is seen as the Safety Department's responsibility. The risk register is kept up to date based on all the available information and any newly identified risks. The risk information is communicated across the whole organisation to prevent any individual making risk tolerant decisions. Risk information (including risk register, risk analysis and assessment results and the key risk decisions) are completely available to all employees unless they are commercially sensitive or security restricted. Organisation uses all information sources to identify new risks and react to the assessment in a timely manner. the status, resources and empowerment of the risk function Risk Management is not visible in organisation's daily activities. Sufficient resources are not provided for intolerable risk mitigations in a timely manner. Who makes key risk decisions in the organisation is not defined and frontline operators are not allowed to make any risk decisions. Although risk management is visible in organisation's daily activities, it is not valued or seen as crucial for making key decisions. Sufficient resources are not provided for intolerable risk mitigations in a timely manner. Who makes key risk decisions in the organisation is not defined and frontline operators are not allowed to make any risk decisions. Risk Management is seen as an integral part of the business decision making process. It is valued at all levels in the organisation. Resources are provided for risk mitigation measures on the basis of well thought risk analysis and assessment involving all stakeholders. Well trained and competent frontline operators and their line managers are empowered to make certain risk decisions collaboratively however when they believe it is necessary, certain key risk decisions are escalated in the management chain (up to the SRB / AM level) SMS Training may or may not cover some elements of risk management and risk based decision making but that is usually limited to management staff. Although frontline supervisors and their line managers are or may be trained about the basic concepts of risk management and risk based decision making, their attitude is always leaning towards a more risk tolerant position due to internal and sometimes external factors. Risk management is visible in organisation's daily activities, it is used for making key risk decisions but always over protecting the organisation and individuals. Sufficient resources are provided for intolerable risk mitigations immediately or the operations stop. Key risk decisions in the organisation are always made with top management's involvement and not involve frontline operators. Or sometimes the frontline operators make very risk averse decisions regardless of the flexibility they are given e. g. . to be able to use discretion. Although frontline supervisors and their line managers are trained about the basic concepts of risk management and risk based decision making, their attitude is always leaning towards a more risk averse position due to internal and sometimes external factors Risk decisions are made by either gut feelings or based on ill-informed processes Risk decisions are not always based on sound risk analysis despite the fact that reasonably good risk information is available. As a result risk decisions are made and create unnecessary exposure. risk leadership - clarity of direction how the organisation responds to bad news the clarity of accountability for managing risk (Risk Ownership) risk skills - the embedding of risk management skills across the organisation Decision making Risk Ignorant (Based on ‘ 4 States of Man’ & IRM Risk Culture Model) well informed risk decisions appropriate risk taking rewarded and performance management linked to risk taking. The organisations has no clear policy, procedure and any training for employees and managers about risk taking behaviour. Risk decisions are not based on sound risk analysis despite the fact that reasonably good risk information is available. As a result, very costly risk decisions are made due to lack of understanding the risk. Risk taking is seen as part of operational decision making Risk taking is not tolerated at all. It is clearly and sometimes unnecessary risk taking is also tolerated communicated from the top management as a by the management as long as the outcome is positive for punishable behaviour. the organisation Top management's position on risk tolerability is very clear and enables the organisation to make balanced decisions based on. There is no appetite for any risk taking regardless of the cost implications. All staff from Accountable Manager to frontline supervisors and their line managers are well trained based their accountabilities as well as their authorities. Each employee fully understands the basic concepts of risk management and risk based decision making and most importantly when to escalate certain key risk decisions. All risk decisions are made collaboratively involving all stakeholders and they are based on sound risk analysis and assessment. Risk taking (Tolerating certain risks) based on well thought and sound risk analysis and assessment is tolerated even though it is not encouraged. This is seen as part of organisation's overall risk management strategy. NOTE: Please note that various terms used above such as risk taking, risk tolerance etc. do not necessarily mean that the organisation or individuals choose to NOT COMPLY with the regulations or not. In operational environment, everyday, many frontline operators and their line managers have to make judgements based on the information available to them at the time. This also means they sometimes have to make operational decisions tolerating a certain level of risk without being non-compliant with the safety regulations or company procedures. Same also applies to senior and top management as well. So the risk culture terminology should not always be interpreted as risk taking means non-compliance.

4. How do we acknowledge and live our stated corporate values when addressing and resolving risk dilemmas? Do we regularly discuss issues in these terms and has it influenced our decisions? 5. How do the organisation’s structure, processes and reward systems support or detract from the development of our desired risk culture? 6. How do we actively seek out information on risk events and near misses – both ours and those of others - and ensure key lessons are learnt? Do we have sufficient organisational humility to look at ourselves from the perspective of stakeholders and not just assume we are getting it right? 9. How do we satisfy ourselves that new joiners will quickly absorb our desired cultural values and that established staff continue to demonstrate attitudes and behaviours consistent with our expectations? 10. How do we support learning and development associated with raising awareness and competence in managing risk at all levels? What training have we as a board had in risk? RISK MANAGEMENT PROCESSES 7. How do we respond to whistle-blowers and others raising genuine concerns? When was the last time this happened? 8. How do we reward and encourage appropriate risk taking behaviours and challenge unbalanced risk behaviours (either overly risk averse or risk seeking)? Governance Decision making 3. What risks does our current corporate culture create for the organisation, and what risk culture is needed to ensure achievement of our corporate goals? Can people talk openly without fear of consequences or being ignored? IRM Risk Culture Aspects Model 2. How do we establish sufficiently clear accountabilities for those managing risks and hold them to their accountabilities? Tone at the top 1. What tone do we set from the top? Are we providing consistent, coherent, sustained and visible leadership in terms of how we expect our people to behave and respond when dealing with risk? Competency Documentation / Records Review (1 -2 -1 & Focus Group) Interviews Observations (Ethnography) (Source: “Risk Culture Under the Microscope - Guidance for Boards”, Institute of Risk Management, 2012) Proposed Risk Culture Assessment Framework for Commercial Air Transport Organisations (Based on ICAO SMM & ISO 31000) Ten questions a board should ask itself Surveys / Questionnaires PROPOSED RISK CULTURE ASSESSMENT FRAMEWORK risk leadership - clarity of direction X X X how the organisation responds to bad news X X X the clarity of accountability for managing risk (Risk Ownership) X X X the transparency and timeliness of risk information (Risk Communication - top down) X X the status, resources and empowerment of the risk function X X risk skills - the embedding of risk management skills across the organisation X X well informed risk decisions X X appropriate risk taking rewarded and performance management linked to risk taking. X X Risk Identification (ISO 31000 - Recording & Reporting and Risk Communication bottom up) X X X Risk Analysis (ISO 31000 - Scope, Context, Criteria) X X X Risk Assessment (ISO 31000 - Consultation) X X Risk Control (Elimination or Mitigation) (ISO 31000 - Treatment & Communication) X X Risk Monitoring & Review X X

RISK CULTURE ASSESSMENT FRAMEWORK CASE STUDIES – PROJECT PLAN Post Assessment Activities On-Site Activities Pre-Assessment Activities ACTIVITIES Objectives Duration Required Commitment from the Partner Initial Discussions (Presentation of the Risk Culture Concept and the aim of the study) Achieving common understanding of the aim and gaining full commitment of the senior management (including Accountable Manager) 2 hours 1 hour - Safety Review Board Members Developing a Communication Plan Agreeing on the type and format of comm requirements to raise awareness about the study in order to achieve buy-in from line managers and frontline operators 2 hours 0. 5 day - Project Manager (PM could be Quality/Safety Director or potentially a nominated manager from an operational department) Questionnaire Design & Launch Customise the 'Risk Culture Survey' and agree on the method (Consideration of previous culture surveys and organisation's other needs) 2 Days 0. 5 day - Project Manager Document Reviews The review of certain policies, manuals, meeting minutes, investigations, audit reports to identify high risk areas in the organisation. This will also enable the planning of the on-site activities. 2 Days 0. 5 day - Project Manager Observations Observing frontline operators in their own environment to capture how risk decisions are made (The details of these observations will be agreed to focus on areas/processes/departments which are more likely for individuals to make risk decisions. ) 2 days Focus Group Interviews These will also enable frontline operators to express their views and discuss how they are involved in various risk management processes. 0. 5 - 1 day 1 -2 -1 Interviews These interviews will aim to capture the views of line managers but potentially the frontline operators and supervisors (chosen by the organisation) can also be interviewed if the organisations agree. 2 days Analysis of data and report writing All the data from surveys, observations and interviews will be analysed and a report will be produced for the organisation to review. 2 days Presentation of the report and recommendations The outcome of the study will be presented at the Safety Review Board for the 2 hours organisation to review and potentially take any necessary actions. 2 hours - Safety Review Board Members Potential Workshops If the outcome of the study reveals certain findings that enable the organisation to identify areas for improvement, potentially workshops targeting risk decision makers in the organisation can be conducted. These will be a separate project, which will require further discussions. (The figures are estimated & can be discussed further) 0. 5 day - Project Manager (to make the necessary arrangements) These observations will not be conducted like an audit; therefore they will not require any commitment from technicians/supervisors. 0. 5 day - Project Manager (to make the necessary arrangements) These interviews can potentially be conducted during the on-going continuation training. The sessions should be no longer than 60 minutes per group. 0. 5 day - Project Manager (to make the necessary arrangements) These interviews should be no longer than 60 minutes per individual. NIL

Edgar H. Schein – Organizational Culture and Leadership

BIBLIOGRAPHY THE FOLLOWING SLIDES INCLUDE SOME OF THE CONCEPTS, FRAMEWORKS, MODELS THAT INFLUENCED THE DEVELOPMENT OF “RISK CULTURE FRAMEWORK” AND ITS ASSESSMENT METHOD. THE FRAMEWORK IS ULTIMATELY BASED ON THE CONCEPT OF ‘FOUR STATES OF MAN’ WHICH WAS FIRST COINED BY SIR CHARLES HADDON-CAVE. (RISK IGNORANT, RISK CAVALIER, RISK AVERSE AND RISK SENSIBLE)

Amitai Etzioni - Comparative Analysis of Complex Organizations (1975) Etzioni’s three types of formal organizations. (Table courtesy of Etzioni 1975) Normative or Voluntary Coercive Utilitarian Benefit of Membership Intangible benefit Corrective benefit Tangible benefit Type of Membership Volunteer basis Required Contractual basis Feeling of Connectedness Shared affinity No affinity Some affinity https: //courses. lumenlearning. com/alamo-sociology/chapter/reading-formal-organizations/

MARY DOUGLAS - GRID & GROUP CULTURAL THEORY (1980 s) The above diagram was presented in IRM Guidance on Risk Culture (2012)

Edgar H. Schein – Organizational Culture and Leadership (1980 s)

JOHN ADAMS – RISK THERMOSTAT (1995)

GERALD WILDE – RISK HOMEOSTASIS (1998)

Goffee & Jones – Organisation Culture - Double S Model (1996) https: //hbr. org/1996/11/what-holds-the-modern-company-together

1 9 9 7 REASON – AN INFORMED SAFETY CULTURE (1997) just culture reporting culture learning culture flexible culture Prof. J Reason 2016 risk culture?

Quinn & Cameron – Organisational Culture based on Competing Values Framework (1999)

Cooper’s Three Aspects of Safety Culture (2000)

David Snowden - Cynefin, A Sense of Time and Place (2000) https: //pdfs. semanticscholar. org/c 212/4184 cca 09 d 5 e 4 f 82 f 856 cf 3 f 68 cfad 330282. pdf

DAVE MARX – JUST CULTURE (2000 s) & GAIN - ROADMAP TO JC (2004) three categories of human behaviour (by David Marx) Reckless (Negligent) At Risk (Risk Taking) Error (Mistake)

Guldenmund’s Redefinition of Safety Culture (2010) (Based on Schein’s Organisation Culture Levels)

RISK CULTURE MODEL (Institute of Risk Management) (2012) IRM Risk Culture Aspects Model Tone at the top Governance Competency Decision making risk leadership - clarity of direction how the organisation responds to bad news the clarity of accountability for managing risk (Risk Ownership) the transparency and timeliness of risk information the status, resources and empowerment of the risk function risk skills - the embedding of risk management skills across the organisation well informed risk decisions appropriate risk taking rewarded and performance management linked to risk taking. Ten questions a board should ask itself 1. What tone do we set from the top? Are we providing consistent, coherent, sustained and visible leadership in terms of how we expect our people to behave and respond when dealing with risk? 2. How do we establish sufficiently clear accountabilities for those managing risks and hold them to their accountabilities? 3. What risks does our current corporate culture create for the organisation, and what risk culture is needed to ensure achievement of our corporate goals? Can people talk openly without fear of consequences or being ignored? 4. How do we acknowledge and live our stated corporate values when addressing and resolving risk dilemmas? Do we regularly discuss issues in these terms and has it influenced our decisions? 5. How do the organisation’s structure, processes and reward systems support or detract from the development of our desired risk culture? 6. How do we actively seek out information on risk events and near misses – both ours and those of others - and ensure key lessons are learnt? Do we have sufficient organisational humility to look at ourselves from the perspective of stakeholders and not just assume we’re getting it right? 7. How do we respond to whistle-blowers and others raising genuine concerns? When was the last time this happened? 8. How do we reward and encourage appropriate risk taking behaviours and challenge unbalanced risk behaviours (either overly risk averse or risk seeking)? 9. How do we satisfy ourselves that new joiners will quickly absorb our desired cultural values and that established staff continue to demonstrate attitudes and behaviours consistent with our expectations? 10. How do we support learning and development associated with raising awareness and competence in managing risk at all levels? What training have we as a board had in risk?

ATTRIBUTES OF A GOOD RISK CULTURE Literature Review from Cranfield Ph. D Thesis (2012) Risk maturity models Attribute 1 2 3 4 5 6 7 8 9 10 11 12 13 14 A challenge culture X “No blame” culture X Clear and effective risk communication X X X X Common attitude towards risk management X X Common or pervasive risk appetite X X X X Common risk awareness X X X Common risk understanding X X X A defined risk appetite X Degree to which risk management structure is defined X Extent to which risk management is embedded in business functions X X X Facilitates integrating risk management functions X Homogeneous and pervasive risk culture X Innovation in response to risk X Risk management linked to performance measures X X Senior management have positive attitude towards risk management X X X Strong ethical values X X Strong leadership on risk X Strong position of risk management in organisational structure X Transparency of risk management processes X Enterprise risk management Other Sources: (1) HM Treasury (2009), (2) Office of Government Commerce (2007), (3) Doudu et al. (2003), (4) Hillson (1997), (5) AON (2007), (6) Funston et al. (2007), (7) Standard and Poor (2007), (8) Deloitte Touche Tohmatsu (2006), (9) Pricewaterhouse. Coopers (2004), (10) Reynolds (2003), (11) Pricewaterhouse. Coopers risk culture survey (2009), (12) Economist Intelligence Unit (2009) (13) IRGC (2009), (14) Economist Intelligence Unit (2007).

FOUR STATES OF MAN – HADDON-CAVE (2013) “PIPER 25” OIL & GAS UK CONFERENCE ABERDEEN -19 TH JUNE 2013 SPEECH BY THE HON. SIR CHARLES HADDON-CAVE “LEADERSHIP & CULTURE, PRINCIPLES & PROFESSIONALISM, SIMPLICITY & SAFETY – LESSONS FROM THE NIMROD REVIEW” Four states of man There are to my mind four states of Man: Risk Ignorant, Risk Cavalier, Risk Averse and (the state what I advocate in Nimrod one should aim for) Risk Sensible. My big message is to encourage everybody not to be Risk Ignorant, Risk Cavalier, or Risk Averse, but to be Risk Sensible. It is tempting to parcel risk and the ‘safety thing’ up into neat packages, Power. Points or graphs and statistics and, after a committee meeting with all the ‘stakeholders present’, tie them up and hand them back to the relevant corporate risk department with a pat on the head and a thank you. Risk is Safety, however, is everyone’s personal responsibility. And it starts at the very top – and should cascade right through the organisation. Being Risk Sensible means embracing risk, unbundling it, analysing it and taking a measured and balanced view. What I want to do is encourage everybody, from the top to bottom of every organisation, whether military, civilian, public or private, governmental or NGO, to embrace risk and responsibility on a personal and collective basis. Unbundle risks, look at the pros and cons and make sensible decisions. Everybody has a role to play, but the role of you as leaders is critical to this endeavour. In times of increasingly scarce resources and financial pressures, how do you get that balance right? One of the ways is to focus your time, energy and resources on areas that you think really matter in terms of outcomes. Don’t be misty-eyed about safety. Be hard-nosed. Look at the stats and see what you most common, serious and habitual risks are and target those. Share and discuss knowledge, experiences, concerns and outcomes with colleagues, industry and regulators. 18

PWC Australia – “Safety in program design” (2015) “

ISO 31000: 2018 - Risk management — Guidelines (2018)

Reviewing the Safety Culture Literature

Literature Review – DIMENSIONS OF SAFETY CULTURE

Literature Review – DIMENSIONS OF SAFETY CULTURE

Literature Review – DIMENSIONS OF SAFETY CULTURE

Literature Review – DIMENSIONS OF SAFETY CULTURE

Literature Review – MATURITY OF SAFETY CULTURE

Literature Review - Diverging Approaches to Assessment of Safety Culture ACADEMIC APPROACH ANALYTICAL APPROACH PRAGMATIC APPROACH (THICK DESCRIPTIONS) (SURVEY RESEARCH) (EXPERIENCED-BASED)

Literature Review - Diverging Approaches to Assessment of Safety Culture (Guldenmund, 2010) Academic Approach: Thick Descriptions The primary research methodology of this approach is field research or ethnography, which is qualitative in ethnography nature Its purpose is to describe and understand a culture rather than evaluate it and, hence, it is nonnormative or value free. Applied to organizations, culture is considered as something an organization is, rather than has. Moreover, what an organization currently is, is largely the result of what happened in its. past, its history; either as a realization of its founder’s convictions or due to particular significant events. history events This approach can also be labelled academic because it is seldom used outside the scientific realm. The research method can be a narrative study, a phenomenological study, a study using grounded theory, an ethnographic or a (historical) case study, or various combinations thereof It typically begins with a problem definition or an issue turned into a problem to obtain a clear focus for the investigation, for instance, a discrepancy between safety priority in an organization and performance, as mentioned above. Data collection techniques include interviews, observations, document studies, literature research, and whatever else an organization brings forth that may hold clues for its underlying assumptions. What is important, however, is that information is collected with sufficient context to allow for accurate interpretation of the resulting data. Research findings are almost never quantified because it is meaning and interpretation and not some numerical abstract following this approach. Moreover, if (some) quantification occurs, numbers are never taken as data abstracted from an objective world, which would be in conflict with the research paradigm. The research outcome is a “thick description, ” or even a theory of the culture of an organization. The description or theory may be accompanied by summary statements, core categories, or basic assumptions. If theory turns out to be incomplete or “wrong, ” it is adjusted to accommodate the contrasting empirical findings.

Literature Review - Diverging Approaches to Assessment of Safety Culture (Guldenmund, 2010) Analytical Approach: Survey Research In the analytical approach, safety culture is typically studied using (self-administered) questionnaires, which is the primary research instrument of social and organizational psychologists. This approach can be considered “analytical” in that safety psychologists culture is taken to be an attribute of an organization, that is, something an organization (currently) has, rather than is and it is therefore much more concerned with the organization’s present. The analytical approach employs predominantly realist and (semi)quantitative methodology Its preferred research technique is a standardized questionnaire that is typically self-administered. It can be administered either group-wise, for instance, at the start of a company training session, or sent to workers’, or other subjects’, home addresses. However, it can also have an interpretive aspect to it. it For instance, although the questionnaire should have a solid theoretical underpinning, underpinning as reflected in the chosen concepts, a subsequent analysis should not assume that these concepts will be present in the data too. On the contrary, an interpretation of the results could reveal new concepts that were not envisioned initially Ultimately, the final goal is to develop a robust set of general concepts (factors, dimensions, scales) on which organizations can be assessed and, if required, compared. These latter characteristics make the analytical approach, in contrast to the previous academic approach, well suited for comparative research. Such comparisons are, in principle, value-free, that is, the mean scores do not have an evaluative sign, although the underlying individual responses might be based on such evaluations, preferences, or perceptions. Several important aspects to this approach are sometimes overlooked. One, numbers obtained from rating scales are at the ordinal level of measurement; that is, the numbers represent a ranking but their mutual, psychological distances are not necessarily similar. When such numbers are treated as though they are at a higher measurement level (i. e. , interval, similar ratio), the researcher should at least check whether this assumption is sufficiently justified. Two, although safety climate is not equal to culture, it is still an emergent property of a group and therefore the within-group agreement, its statistical coherence, should be tested There are several indices available for this purpose. Three, groups have to be defined at different, but meaningful organizational levels, which have identifiable possibilities and means for interaction, for example, possibilities the overall organization, the department or unit level, or the team level.

Literature Review - Diverging Approaches to Assessment of Safety Culture (Guldenmund, 2010) Pragmatic Approach: Experience-Based The third and last approach to safety culture research described here evolves around three important features of an organization that are thought to interact to generate a desired level of safety performance These aspects are structure, culture, and processes and they are dynamically interrelated. (33, 48) Taken interrelated together they also provide the context in which behaviour, and hence also safety-related behaviour, takes place. 3 Organizational structure can be defined as “the division of authority, responsibility, and duties among members of an organization. ”(49) Structure is primarily the formal framework of an organization, that is, organization. ”( how the work is done and by whom. 4 From the point of view of management, an efficient structure facilitates both effective coordination and communication. (50− 52) Culture is then often understood to be the basic assumptions, the underlying tacit convictions of an organization For instance, as the general manager of a company once declared: “We need a lot of supervisors because our people need to be watched constantly. ” Such a conviction will be found reflected in the structure of an organization and therefore also on the work floor. Processes are the patterns of activity taking place throughout an organization, often divided into three levels: levels the primary processes, which deal with the main output(s) of an organization; the secondary processes, which support the primary ones, for example, management, quality control; and the tertiary processes, for example, formulations of policies and strategies, designed to drive and support both the primary and secondary processes. These three processes are often associated with operational, tactical, and strategic levels of organizational action.