The following Texas Enterprise Risk Management Guidelines (TERM) Guidelines replace and simplify the previous Risk Management for Texas State Agencies (RMTSA) guidelines. The new guidelines implement and adhere to the global risk management standards adopted by the International Organization for Standardization (ISO 31000).
The TERM Guidelines were developed by the State Office of Risk Management through an Advisory Council of participating entities, acknowledged herein. These guidelines provide concise frameworks and processes for enterprise risk management (ERM) and are intended to support users of all levels of ERM, from novice to expert.
As outlined throughout the guidelines, the framework addresses context, approach, application, and includes supporting resources to organizations with subject matter expertise (CAAR). This simplified framework is intended to convey model techniques for developing a comprehensive risk management program. Where applicable, the accompanying Resource Guide also includes sample templates and checklists.
These guidelines do not prescribe required actions, but rather encourage consistency in decision-making through a common and interoperable framework. Entities, risks, and enterprise risk management are each constantly evolving. As new risks emerge, or new techniques are developed, these guidelines will be updated to reflect the current best practices of ERM. As a result, this document’s timeliness is reliant on the continued engagement from users. We encourage your feedback and contributions to future development.
Stephen S. Vollbrecht
JD, MA, AINS, AIS, ARM, MCP, MEMS
State Risk Manager for Texas, Executive Director
Thank you to the participants of the Advisory Council for their valuable input regarding content, language, and formatting. We appreciate the leadership of our participating agencies for prioritizing this project and supporting staff participation, and are grateful to the Board of Directors of the State Office of Risk Management for their continued support, direction, and input to these guidelines.
The State Office of Risk Management (SORM / the Office) is administratively attached to the Office of the Attorney General and is governed by a five-member Board of Directors (Board). The Office is charged by law to administer the enterprise risk and insurance management programs, self-insured workers’ compensation program for the State of Texas, and continuity of government operations (COOP) program. Its mission is to enable State of Texas entities to protect their employees, the public, and the state’s physical and financial assets by reducing and controlling risk most efficiently and cost-effectively.
The following programs comprise SORM’s core mission areas:
Enterprise risk management services create awareness within state government of risk and the need to continually adapt to external and internal risks, including hazard, operational, financial, and strategic risks. The Office helps state entities identify potential risks to people, resources, and mission-critical functions before a loss event occurs.
The insurance purchasing program provides opportunities for risk transfer and fiscal responsibility with taxpayer funds. In cooperation with client entities, SORM procures and negotiates insurance coverage tailored for the unique exposures and liabilities of the state.
The State of Texas self-insures most of the workers’ compensation coverage for state employees. The Office administers workers’ compensation claims for state entities identified in Labor Code Chapter 501. In certain situations, non-state employees may also receive workers’ compensation through the Office.
Continuity of operations planning ensures the most critical government services continue to be available to Texas under any conditions. The Office’s continuity of operations program, in coordination with the steps taken by individual state entities, helps build public confidence in the effectiveness and resiliency of state government.
The Office assists state entities in establishing and maintaining comprehensive risk management programs designed to control, reduce, and finance risk. The Office utilizes multiple approaches, including, but not limited to comprehensive guidelines; oversight in the development and maintenance of risk management and continuity of operations programs; administration of property, casualty, and liability insurance programs; specialized assistance and training; data collection, monitoring, and analysis; and the self-insured workers’ compensation program.
By statute, the Office is required to develop risk management guidelines that can be used by state entities to develop and implement a comprehensive risk management program to reduce property, liability, and workers’ compensation losses. These guidelines provide a resource to train, educate, and inform employees on best practices related to enterprise risk management.
Throughout this guide, there are specific types of risk and recommendations on applying the enterprise risk management guidelines to the entity to understand the risk context (both positive and negative outcomes), assess, and treat risk. SORM’s staff and, specifically, its risk managers are available to assist in this process.
Enterprise Risk Management (ERM) evaluates and defines actions taken by an entity to identify, mitigate, and monitor risks that threaten strategic goals and continuing operational activities.
State entities are dynamic. The dynamics of change in the Texas state government produce risks that may impact the state’s financial, physical, and human resources. These risks are usually understood to be harmful or a threat to the organization. However, the risk may also be positive by presenting an opportunity for the organization to benefit or improve its process or position from the risk.
Enterprise risk management shifts the emphasis of risk management from hazard identification and control to the broad array of issues that affect the fundamental objectives of state entities, regardless of mission, size, or resources.
A comprehensive enterprise risk management program involves all personnel and operations in the risk management process.
A well-conceived, comprehensive enterprise risk management program requires a significant commitment of time and resources by the organization; however, the cost of organizational commitment benefits the organization by:
The various chapters of this guideline will briefly present basic concepts and theories relative to enterprise risk management and provide the user with resources to help guide and direct the enterprise risk management process. State entities should realize that applying these concepts and theories may depend on appropriate enabling legislation before implementation may occur.
These guidelines incorporate various principles, processes, and industry “best practices” designed to assist and guide state entities to create a more robust enterprise risk management program.
Risks constantly change or develop. Therefore, it is essential to understand that ERM is a continual endeavor that requires regular attention and refinement. ERM seeks to provide information about risks impacting the organization’s achievement of its core objectives.
The ERM process is a management strategy that methodically approaches risk across different venues, situations, and circumstances to effectively plan, understand, and address the risks in advance of their occurrence.
These guidelines align with the international standard for enterprise risk management (ERM), as promulgated by the International Organization for Standardization under ISO 31000:2018, adopted and incorporated by reference. The standards information provided herein is industry and sector neutral, instructional, and descriptive, and not intended to duplicate or replace the international standard.
Using the ISO 31000:2018 as the ERM framework enables all risk stakeholders to communicate risk issues using the same terms and definitions. Outlined below are some key elements to apply the ISO 31000:2018 framework to create an effective and sustainable ERM program:
The ERM process involves applying policies, procedures, and practices to communicating and consulting, establishing context, and assessing, treating, monitoring, reviewing, recording, and reporting risk. Although the ERM process appears to be sequential, in practice, it is iterative.
The following diagram illustrates the ERM process steps:
The ERM process steps are:
This step allows relevant stakeholders to understand risk, the basis for decision-making, and why specific actions are necessary. It also provides for feedback (consultation) from stakeholder
Scope provides for the application of risk management processes across different organizational levels. Before risk can be addressed, it is essential to understand the context in which it exists. Defining the relationship between the organization and its environment sets clear boundaries for dealing with risk. Additionally, each organization should specify the amount of risk it may want to take relative to objectives.
Assessing the status and the efficacy of the risk management process through controls, risk assessments, lessons, trends, contextual changes, and consideration of emerging risks. Ensures continued iterative improvements and compliance in ongoing governance, including fairness, accountability, and transparency.
 Adapted from ISO 31000:2018
State entity leadership should recognize that risk management is an integral part of the entity’s governance framework and should ensure risk management is a fundamental part of all entity activities.
The purpose of the ERM Manual is to encourage the integration of risk management at all levels of management within the state entity. Risk management assists all levels of administration by supporting a systematic approach to identifying, evaluating, and managing the risks which could prevent the state entity from achieving its strategic and operational goals.
In supporting the achievement of the entity’s strategic and operational goals, the objective of the manual is to raise awareness of risk management. More specifically, it guides all levels of management and other stakeholders to encourage:
Each state entity will have different components based on its unique risks. Any section of the Enterprise Risk Guidelines (ERG) formerly referred to as the “Risk Management for Texas State Agencies (RMTSA)” or, simply, “the guidelines” that apply to the entity should be modified for use or adopted within the entity’s ERM Manual.
Start with an ERM Policy Statement and add the chapters of these guidelines that pertain to your organization. Then modify the templates provided to represent the entity. Contact a SORM Risk Manager for assistance.
The organizational structure implemented to address risk management within a state entity can vary widely depending on the entity’s size, resources, and risk exposure. Ideally, a risk management function should be as independent as possible to ensure it is afforded proper standing within the organization and does not get lost within another function. While it can be challenging to strike the perfect balance, the risk team should be embedded throughout the entity’s business processes while maintaining independence. However, for smaller state entities, resources may not allow for risk management to be treated as a discrete function. For these entities, risk management must instead be performed as a secondary function without dedicated positions allocated to it.
Whatever structure is used by the state entity, a risk manager should be selected to plan and oversee the program and act as a liaison with SORM.
The following entity components should be included in a comprehensive risk management structure:
The success of any risk management program depends on the level of support the program receives from executive leadership. A fully supported program that is communicated throughout the organization creates employee awareness that eliminating or reducing risk is the most important aspect of every program, activity, job, and task.
State entities may utilize the resources and information provided by SORM to structure and monitor their risk management approach. State entities are encouraged to work with the staff of SORM to draw upon their knowledge and expertise in establishing and maintaining a well-planned risk management organizational structure.
Risk control attempts to eliminate or prevent losses from occurring or reduce the frequency and severity of losses. Risk financing is the element of risk management concerned with funding and payment of losses. Generally, financing losses include retention and transfer (Section 2.2).
Risk-retention or “risk of loss” is “retained” if the funding source for the payment of loss originates from and remains within the entity or organization. A typical example of risk retention is a deductible carried on an insurance policy. Risk-retention is an organizational decision to accept responsibility for the risk of loss, whether intentional or unintentional. The State of Texas retains risk for most, if not all, risk unless the risk is transferred.
Risk transfer includes insurance and contractual transfer. When insurance is purchased, the risk of loss is transferred to the insurance carrier (according to terms and conditions outlined in the policy). Contractual transfer of risk involves a legal transfer of the financial responsibility for payment of losses but does not involve insurance purchase. Such non-insurance transfers typically involve the use of a “hold harmless agreement.”
Risk financing and risk transfer strategies interact with physical risk mitigation plans. Effective risk financing and transfer require risk assessment reduction to levels that allow for cost-effective risk financing or risk transfer. As stated in other sections of the guidelines, following the ISO 31000 framework will improve risk awareness, risk assessment, and help an entity or organization understand when risk financing is appropriate.
Insurance is a system in which risk, or the possibility of a loss, is transferred to an insurer that reimburses the insured for covered losses and provides for sharing the cost of losses among its insureds. Risk transfer and sharing are vital elements of insurance. By transferring risk to insurers, insureds exchange the possibility of large losses for smaller, certain, manageable costs (e.g., insurance premiums and deductibles).
One of the SORM’s key statutory missions is to operate as a full-service insurance manager for state entities and institutions of higher education. State entities subject to Labor Code Chapter 412 may not purchase property, casualty, or liability insurance coverage without the Office’s approval.
To ensure the Office is informed of state insurance purchases, Insurance Code Section 1803.002 requires insurers that intend to sell property, casualty, or liability insurance coverage to a state entity to report the intended purchase of insurance coverage at least 30 days before the insurance sale occurs.
Sponsored Lines of Insurance
Sponsored Lines of Insurance are lines approved by SORM’s Board of Directors to be managed and made available to participating entities. The Office currently sponsors five lines of insurance: property; directors’ and officers’; automobile; volunteer; and fine arts insurance. After the Office sponsors a line of insurance, state entities must purchase that type of coverage only through the Office. A state entity can obtain a written exception to purchase a sponsored line of insurance under a non-sponsored policy in certain circumstances.
Non-Sponsored Insurance Purchases (SORM-201 Process)
State entities can purchase a line of insurance that is not available through the Office’s insurance program and obtain a waiver to purchase an available line of insurance outside of the insurance program. However, both purchases must be reviewed by the Office before the purchase occurs.
The process begins when a state entity reports an intended purchase to the Office using a SORM-201 form, including supporting documentation (i.e., copies of insurance forms, policies, and other relevant information). The Office’s insurance staff analyze the SORM-201 packet and then forward the information to a SORM-201 committee. The committee reviews the proposed purchase and determines whether the purchase should be approved or denied.
 Labor Code §§412.011(e) and 412.051(b).
 28 Texas Administrative Code §252.307
Liability can be defined as being potentially responsible for an incident or loss that may occur. Liability exposure is defined as the organization’s susceptibility to an incident or risk. Liability exposures and the associated loss or risk may include compensatory or punitive damages resulting from personal injury or property damage claims against an organization by employees or the public. Even if the organization is not responsible for any legal wrongdoing, liability losses (monetary) may be incurred to defend a claim against the entity or individual employees.
There are a few ways to identify a state entity’s exposures to liability risks. These include, but are not limited to, the following:
Once liability risk exposures have been identified, the financial aspects of each exposure should be determined. These financial exposures can be accomplished by examining historical records of past losses. These records can be examined to help determine potential future losses.
Estimating the severity of liability loss exposures can be difficult because it involves assigning exact costs to unpredictable variables. However, it is possible to predict or forecast liability losses based on an analysis of the number of past losses. Adjustments for the future might include changes in policy, operations, growth, inflation, changes in the law, and similar relevant factors.
Although the goal of a liability loss control program is to avoid the loss entirely, the underlying objective is to minimize the combined total amount of actual losses and the costs of loss control measures. Risk prevention and loss control are two risk management techniques that address specific control points and measures that should be incorporated into an entity’s liability loss control program.
A contract is a legally enforceable promise made by agreement between two or more parties to create reasonably specific mutual obligations. Contracts are typically concerned with the creation, transfer, and disposition of rights and duties through promises, or sets of promises, legally enforceable in court. Generally, a contract is viewed as a voluntary agreement between competent parties suitable enough for legal consideration.
There are several kinds of contracts, each with specific requirements and characteristics. The utilization of a contract to transfer risk is a risk treatment method discussed in ISO 31000. Every state entity should consult the Comptroller of Public Accounts Procurement and Contract Handbook when developing a contract. The Texas Comptroller states, “The guide provides a framework for navigating the complexities of Texas procurement law and offers practical, step-by-step guidance to ensure agencies acquire goods and services in an effective and efficient manner.”
Understanding the risk associated with contractual liabilities may be accomplished by an analysis of the following:
The Texas Tort Claims Act (TTCA) was passed in 1969 as part of the Texas Civil Practice and Remedies Code, Title 5, Chapter 101. The Act partially waives immunity for wrongs committed by governmental units and their employees by permitting Texans to sue in certain specific limited circumstances defined under the act. The act does not completely waive or abolish the doctrine of sovereign immunity but limits waiver of immunity only to areas specifically covered in the act.
TTCA provides a limited waiver of sovereign immunity in certain situations when a governmental unit is liable for damages. The TTCA limits the maximum amount of monetary damages for each person and each occurrence.
An entity may be held liable for damages arising from the negligence of its employees in operation or use of motor-driven vehicles or motor-driven equipment; in the condition of real property used by the entity; or the condition or use of tangible personal property. While acting within the scope of employment, entity employees may be held personally liable for certain acts done either intentionally or negligently. Personal liability may be avoided if the defense of official or qualified immunity is available.
A state entity can shift or eliminate its potential exposure to unanticipated TTCA expenditures to a pre-planned expenditure through the purchase of liability insurance. SORM helps individual state entities make informed decisions on whether to retain all the TTCA liability risks, transfer the TTCA liability risk, or partially transfer the TTCA liability risk. SORM helps state entities understand the cost savings of self-insured retention through an insurance deductible and insurance policy limits that do not exceed the maximum damages of the TTCA.
Workers’ compensation pays medical bills and replaces some lost wages for employees injured at work or who have work-related diseases or illnesses. Benefits are provided without regard to fault and are the exclusive remedy for workplace injuries, illnesses, and deaths.
In Texas, workers’ compensation insurance covers medical benefits, income benefits (including temporary income benefits, impairment income benefits, supplemental income benefits, lifetime income benefits), and death and burial benefits.
The State of Texas self-insures for the purposes of workers’ compensation. SORM administers workers’ compensation claims for state entities identified in Labor Code Chapter 501. The state employee workers’ compensation program covers most state entities, including courts, institutions of higher education, community supervision, and corrections departments.
Workers’ compensation claims of state employees are filed with and investigated for, compensability by the Office, but TDI/DWC adjudicates income and medical benefit disputes. The SORM executive director acts in the insurer’s capacity as an adversary before DWC and the courts and presents the legal defenses and positions of the state as the insurer.
In partnership with SORM, the Texas Labor Code § 412.054 requires all state entities to develop a continuity of operations plan to “keep the agency operational in case of disruption of production, finance, administration, or other essential functions.” A plan must detail the resumption of essential functions and include: (1) coordination with public authorities; (2) media management; (3) delivery of customer service; (4) an assessment of immediate financial and operational needs; and (5) other services identified by the entity.
An effective continuity of operations (COOP) program incorporates an ongoing cycle of planning, training, exercising, and evaluating the performance outcomes after each exercise (or real event) to review and improve the plan. Continuity programs are intended to evolve and should be regularly reviewed and updated to ensure continuity of essential functions in any disaster event. Every continuity plan should incorporate four phases:
State entities may utilize any of the resources provided below, or other relevant guidelines addressing business continuity, disaster recovery, or other planning frameworks, as applicable.
A comprehensive Employee Safety and Health Program is an essential component of an entity’s risk management program. State employers should protect both state employees and the public against harm to life and health while performing business for the state. State entities are encouraged to take actions devoted to preventing and mitigating potential consequences of losses by developing policies, procedures, and training that provide state employees with the basic guidance and instruction required to perform job duties with the least exposure to costly risks safely.
The potential costs associated with an employee work-related injury, illness, or disease for the State of Texas and state entities include:
Employee safety and health programs aim to eliminate the risks of occupational accidents, injuries, and diseases. The program allows intervention in a chain of events that may lead to accidents, injuries, and occupational diseases.
Often preventable, common causes of work-related accidents include, but are not limited to:
The employee safety and health program should be fully integrated into the entity’s organizational structure and standard operating procedures, and it should require active participation from all entity personnel.
The Employee Safety and Health Program should help prevent workplace accidents (i.e., injury, occupational illness, and death) and the associated loss to the injured worker, family, and entity. Best practices recognize that identifying and correcting hazards before they cause injury or illness is a far more effective approach.
The concept of risk management encompasses all aspects of workforce protection, including the physical environment and entity operations. The fields of risk management and safety are interrelated and interdependent. “The idea is, to begin with, a basic program and simple goals and grow from there. If you focus on achieving goals, monitoring performance, and evaluating outcomes, your workplace can progress along the path to higher levels of safety and health achievement.” 
Safety management programs are often comprised of multiple components. However, a few core elements include:
The Occupational Safety and Health Administration’s (OSHA) Recommended Practices for Safety and Health Programs provide a straightforward approach to implementing a safety and health program. Their approach is based around seven core elements, each of which is implemented by completing several action items.
State entities need to understand and support the various roles and responsibilities that encompass safety and health programs. It is important to emphasize that these programs are not the sole responsibility of the entity’s safety officer; they are the responsibility of everyone within the organization.
Since the safety and health function falls within an entity’s comprehensive risk management program, most organizations that have established risk management programs include the employee safety and health program within the risk management organizational structure. In these organizations, the safety officer or manager usually reports to the risk manager.
State entity leadership has the responsibility to establish and maintain these programs. Their roles and responsibilities include the following: establishing acceptable levels of risk: the Safety and Health Policy, and metrics of success; allocating resources; and revising the program areas as necessary.
Employees’ acceptance is critical for a successful program. Their roles and responsibilities should include: help develop, establish, and participate in the programs; follow policy and procedures; report hazards, incidents, and near misses; and provide feedback to management, as needed.
Every state entity should also consider appointing or hiring an employee to serve as the safety officer and member organization’s safety and health committee. Such an appointment may be a full-time safety professional, or the appointment can be an “additional duty” for the designated position. An individual assigned to manage the safety and health program as an additional duty (Additional Duty Safety Officer, ADSO) is expected to perform these duties and serve as the ADSO.
Many incident investigations identify lack of education and training or inadequate education and training as a precipitating factor in workplace incidents. Supervisors often list other health and safety education and training as action items on incident reporting forms. Additionally, management often does not understand why the supervisor or ADSO does not provide the proper training to employees.
Education and training are most effective when incorporated into performance requirements and everyday job practice. Safety and Health education and training equips leadership and employees with the knowledge of their specific roles and responsibilities in the program and is designed to understand existing workplace hazards, identify potential hazards, and prevent and control these hazards from causing an injury or loss.
An education and training program for safety and health is one of the most necessary and basic elements of an Employee Safety and Health Program. Safety education and training are most effective when immediately incorporated into standard operating procedures, workplace practices, and individual job performance requirements.
New employees should be trained on the program, and all employees should be trained on the updated program following any revision. Below are some components of a Safety and Health Program:
Examples of some safety and health training and education materials include:
Emergency Action Plans (EAP)
Every organization has exposure to emergency events that could pose a threat to life and property. Therefore, employees should know the specific actions expected of them in case of an emergency.
Safety and Health Manual
The safety and health manual is a reference document that serves as a crucial resource for general and specific safety and health program information. Without an entity-specific safety and health manual, the safety and health staff will have difficulty communicating program elements to employees.
SORM’s training team provides health, safety, and risk management training to state entities and their employees. The focus is on the prevention of work-related injuries and illnesses. This proactive approach is intended to make the workplace safer and reduce the costs incurred by state entities due to work-related injuries. SORM training specialists work hard to have course offerings and training materials serve the diverse needs of the 185,000 employees the entity serves.
An essential requirement of the Employee Safety and Health Program is that every employee understands workplace safety and health programs, procedures, and practices. A safety and health manual is a convenient format for documenting these elements. A safety and health manual also provides information about work situations that have a risk or loss potential. Therefore, a safety and health manual should be developed to reflect the specific needs of the entity. It should be flexible and proactive to respond to situations that may arise in the work environment.
No two safety manuals are alike. However, all manuals serve a common purpose to provide employees with access to safety and health-related resources and information. The primary function of the manual is to present information regarding safety and health programs, policies, procedures, and standards. This information is developed to assist employees in preventing accidents and reducing occupational safety and health risk exposures. The manual is also an indication of the emphasis given by the entity to employee safety and health. The manual serves as a record that the entity takes the employee safety and health program seriously. Employees should be expected to understand and follow all safety policies, procedures, and practices provided in the manual. The following are several additional reasons to develop a safety and health manual:
Because of the diversity of size, the scope of operations, number of separate geographical locations, and unique entity needs, the content of one entity’s manual may be different from that of other entities. However, certain subjects and topics should be common to all state entities.
An Employee Safety and Health Program should assist state entities in potentially preventing diseases, injuries, and deaths due to working conditions. Work-related illnesses and injuries include any illness or injury incurred by an employee engaged in work-related activities while on or off the worksite.
State entities vary in size, design, location, essential functions, workplace culture, and resources. In addition, entity employees differ in age, gender, training, education, and cultural background. This diversity in each entity’s safety and health risk profile requires safety and health programs that can be easily modified or customized.
An occupational safety and health program should include incident prevention and loss control measures that address specific safety hazards, issues, and concerns in the workplace. Effective incident prevention and loss control programs are the most effective cost-containment measures a state entity can implement to reduce loss exposures and workers’ compensation claims and losses. Incidents may be prevented by eliminating workplace hazards and redesigning jobs or job sites to prevent occupational incidents. Occupational hazards (i.e., generally classified as chemical, physical, ergonomic, and biological) that cannot be eliminated may be controlled through engineering techniques, administrative controls, and other loss control methods.
An occupational health program should include those loss prevention and control measures that address specific occupational health exposures and concerns in the employer’s workplace. A state entity’s executive management, assisted by supervisors, the risk manager, and the safety officer, must make every effort to ensure that safety and health concerns are fully addressed, understood, and supported throughout the organization.
This guide addresses certain occupational safety exposures in many state entity environments. Discussion of these exposures includes suggestions for incident prevention and loss control. These suggestions are based upon applicable industry standards, and federal and state entity laws and regulations.
Texas Department of Insurance (TDI)
Occupational Health and Safety Administration (OSHA)
National Fire Protection Association, NFPA
The National Institute for Occupational Safety and Health (NIOSH)
The United States Environmental Protection Agency, EPA
Centers for Disease Control (CDC)
Workplace injuries and illnesses have an impact on an entity’s bottom line. The costs of workplace injuries and illnesses include direct and indirect costs. An accurate estimation of direct and indirect incident costs will assist the entity in budgeting for costs related to employee safety and health programs.
A risk management/safety program can reasonably plan for the direct costs of personal protective equipment (PPE) training and workers’ compensation coverage. These direct costs are easily available for trending and budgetary purposes.
Indirect costs of incidents are not associated with workers’ compensation or a specific safety purpose. Examples of indirect costs include training replacement employees, incident investigation and implementation of corrective measures, lost productivity, repairs of damaged equipment and property, and costs associated with lower employee morale and absenteeism.
Direct workers’ compensation costs information is provided to entities by SORM. These reports are provided to the entity’s workers’ compensation claims administrator and risk manager. In addition, the entity’s accounting office can determine other direct costs including PPE and training.
Estimating Indirect Costs
An entity’s accounting department can provide safety professionals with internal information to derive the overlooked costs associated with incidents and injuries. A reporting procedure could be developed and implemented to capture incident-related costs until all damages and losses caused by the incident have been identified. Costs associated with this type of data gathering and reporting include supervisory time spent completing reports and forms, logging data, program monitoring, and if necessary, training and education of staff.
Job safety analysis (JSA) is one of the first and foremost proactive steps in a safety program. The JSA centers on identifying the set of activities or distinct steps performed in sequence, resulting in an anticipated work-related end-product. The JSA focuses on specific tasks performed as a part of a larger set of job duties.
JSA is a process that examines specific job tasks to identify hazards, safe methods, and procedures to perform job tasks. A JSA is accomplished by performing a detailed study of the job and recording each step required to carry out and safely complete the tasks. Existing or potential job hazards are identified, and a determination is made of the best way to perform the job to eliminate, reduce, or control associated hazards. Outcomes may include improved job methods and procedures, safer equipment, engineering controls, employee training, PPE use, reduced employee absenteeism, workers’ compensation costs, and increased employee satisfaction and productivity.
The cornerstone of JSA is an agreement between the employee and supervisor to identify all job components and then analyze each component for potential hazards. Solutions to the hazards identified are then developed. JSA collaborates with the employee based on what they do and not necessarily those functions that are identified in the job description. Employee involvement helps minimize oversights, ensures a quality analysis, and encourages worker “buy-in” to the solutions.
Each entity should identify and evaluate all identified hazardous positions and all jobs susceptible to accidents, injuries, or occupational diseases. The JSA should be conducted periodically to ensure that new jobs and significant changes to existing jobs are not overlooked.
Job Safety Analysis (OSHA)
In the past, the term “accident” was often used when referring to an unplanned, unwanted event. To many, “accident” suggests a random event and could not have been prevented. Since nearly all worksite fatalities, injuries, and illnesses are preventable, OSHA suggests using the term “incident” investigation.
The purpose of incident reporting is to initiate an investigation to identify the facts and circumstances surrounding an incident, inform management, and take the necessary actions to prevent a similar incident in the future.
State entities should develop specific procedures that employees are expected to follow when injuries, incidents, or near-misses (injury or incident could have occurred but did not) occur. These procedures should outline the methods and practices for reporting incidents that employees can easily understand.
The instrument used to report accidents/incidents is an appropriate employee accident/incident report form. SORM developed a form specifically for this purpose.
The entity’s safety officer and safety committee should review the comments and actions taken by the supervisor, ADSO, and department head and take appropriate action to prevent future incidents.
A state entity should react quickly to all incidents with a prescribed investigation procedure to find the root causes and implement corrective actions. Prompt and planned actions demonstrate a commitment to employees’ safety and health and demonstrate a willingness to prevent future incidents. Investigating the hazards that exist based on any injury or illness and taking measures to correct or eliminate the hazard will help to prevent injuries and illnesses from recurring.
Entities should investigate all workplace incidents, including those that cause harm and the close calls that could have caused harm under slightly different circumstances. Investigations are incident-prevention tools and should be an integral part of occupational safety and health management programs.
Each state entity should develop its incident review and analysis procedures to guide personnel in the review and analysis process. These procedures establish: what to do; when to do it; they help identify the conditions, behaviors, hazards, and root causes of an incident; and pinpoint the corrective actions necessary to prevent similar occurrences. The procedures should include a clearly stated, easy-to-follow written plan with guidelines for the following:
A hazard is a condition that increases the frequency or severity of a loss. Hazard identification is a crucial step in improving safety in the work environment. Once identified, management is equipped to take the steps necessary to eliminate or minimize a hazard and prevent employee injury or property loss. Taking corrective action before a loss occurs reduces the incident frequency and prevents property loss and the interruption of the entity’s operations. Proper hazard identification and corrective action positively impact the funding necessary to compensate occupational injuries and illnesses. In simple terms, preventing hazards is more cost-effective than reacting to their consequences.
Four principal factors which contribute to hazards and employee loss exposures include the following:
Methods to identify hazards may include safety inspections, loss data, maintenance records, and employee input.
Identifying potential hazards is wide-ranging and covers all operational areas where employees are present. Therefore, any time a safety professional is in the workplace, he/she should be conducting either a formal or informal inspection. Issues and items to observe will include the following and more:
OSHA states that one of the “root causes” of workplace injuries, illnesses, and incidents is the failure to identify or recognize present hazards, or hazards that could have been anticipated. A critical element of any effective safety and health program is a proactive, ongoing process to identify and assess such hazards.
An entity safety program should include hazard inspections, identification, monitoring, and correction.
Additional issues to consider:
Incident Investigation (OSHA)
Accident and Incident Root Cause Analysis (ciobacademy.org)
Workplace safety inspections identify unsafe work conditions and provide the opportunity for such hazards to be addressed before injuries, illnesses, or accidents occur. Periodic facility inspections also provide an opportunity to verify compliance with applicable regulations and established workplace safety standards. When utilized properly, safety inspections effectively eliminate occupational hazards and provide educational opportunities.
The primary purpose of a workplace safety inspection is to identify unsafe working conditions and equipment, unsafe behavior, and reveal any need for new safeguards and procedures. However, an inspection also fosters safety awareness and promotes the safety program within the organization. Individuals at all levels of the entity should be included in the safety inspection process. Senior leadership is essential to reinforce the message that all employees, not just the safety staff, are responsible for safety.
A safety inspection program should assist entity management in accomplishing the following:
A workplace safety inspection is an on-site walk-through of the work environment to identify potential hazards and the opportunity for remedial action. Safety inspections are also important for property insurance (risk transfer) issues. A review of safety equipment (i.e., emergency eyewash, shower, fire extinguishers, first aid kits, etc.) is also completed to verify that they are in proper working order. A sample safety inspection checklist is included in the Resources below.
After completing a workplace safety inspection, the responsible person(s) should be contacted for remedial action. These actions prevent future incidents, injury/illness, or property/equipment damage.
Hazard reporting is an important part of any safety and health program and is necessary to prevent incidents and control losses. Employees should have the ability to report all known, potential, or perceived hazards in the work environment. Entity leadership and supervisors should also encourage employees to take responsibility and initiative for the safety and health program and report any known or suspected hazards and dangers. Direct communication is the principal means through which safety and health concerns receive management’s attention.
OSHA provides the following recommendation regarding a hazard reporting system: “Develop and communicate a simple procedure for workers to report any injuries, illnesses, incidents (including near misses/close calls), hazards, or safety and health concerns without fear of retaliation. Include an option for reporting hazards or concerns anonymously.”
Every entity should have a formal written hazard reporting procedure to provide clear guidance to employees who wish to report safety and health concerns to management. A written hazard reporting procedure formally communicates the accepted reporting process to all employees. The program is not intended to replace direct communication with supervisors. This procedure may be included in a safety manual or other administrative manuals.
Elements of a Hazard Reporting Program
At a minimum, the hazard reporting program should provide:
State entity employees can and may use or contact various chemicals or materials classified as hazardous. Such hazardous chemicals and materials can create risk exposures to employees, public members, and the environment. If hazardous material exposure exists, a state entity should develop a program to guide the entity and its employees in appropriate procedures for safe use, handling, transporting, and disposal of these materials.
Hazardous materials (HAZMAT) are any materials, chemicals, or wastes that harm the environment or affect people if released in a specific volume, quantity, or amount. HAZMAT chemicals include those that are ignitable, reactive, corrosive, and toxic.
The purpose of the HAZMAT program is to ensure the proper use, handling, storage practices, and procedures to be followed by people working with hazardous materials and to assist in protecting them from potential health and physical hazards presented by hazardous materials present in the workplace.
The first step for any state entity should be to conduct an internal, comprehensive inventory of all hazardous chemicals and hazardous wastes at the entity (updated when the inventory changes and annually). If any hazardous substances are identified, employees should follow appropriate OSHA requirements.
Texas Department of Insurance (TDI) states, in the Objective of Emergency Response Planning for Hazardous Materials Safety Training Program, is “Employers who use, store, or dispose of hazardous substances will demonstrate knowledge of OSHA’s 29 CFR 1910.120 requirements for Emergency Response Program training, medical surveillance, personal protective equipment (PPE), and decontamination for response personnel.”
Safety is a major concern for any state entity, and personal protection equipment (PPE) is a key part of workplace safety. PPE minimizes exposure to hazards that cause workplace injuries and illnesses. These injuries and illnesses may result from chemical, radiological, physical, electrical, mechanical, or other workplace hazards. Examples of PPE may include eye and face protection, hand protection, body protection, respiratory protection, hearing protection, and high-visibility clothing.
OSHA requires employers to check their workplaces for physical and health hazards that may require PPE use. If hazards cannot be controlled by engineering or administrative means, the employer must provide employees suitable PPE and train them in its use. Entity employees should be trained in the use, care, and storage of the PPE.
Occupational safety and health professionals use a “hierarchy of controls” framework to select ways of controlling workplace hazards.
The following chart from The National Institute for Occupational Safety and Health (NIOSH) outlines this hierarchy:
OSHA states, “If PPE is to be used, a PPE program should be implemented.” This PPE program should address the hazards present; the selection, maintenance, and use of PPE; the training of employees; and monitoring the program to ensure its ongoing effectiveness.
An effective, comprehensive human resources program is one of the most challenging management functions. Several variables contribute to the overall success of a well-managed human resources program. These include the diversity of employees, changing societal values, and evolving federal and state legal requirements. By their very nature, these variables are difficult to control. An entity’s human resources management program must undergo a process of continual, regular review and revision to stay current with a dynamic blend of legislation, case law, and accepted employment practices.
Exposures to human resource liabilities may be identified through surveys, questionnaires, internal audits, interviews, and knowledge of an entity’s previous loss experience. An entity’s prior experience with employee complaints, grievances, and lawsuits are useful to identify the types of exposures unique to each state entity. An assessment of the frequency, severity, and types of exposures and losses should be conducted. The state entity’s legislative mandate, operational objectives, legal requirements, workforce factors, and prevalent societal concerns are factors involved in this assessment.
When exposures have been identified and assessed, the appropriate loss control method can be utilized. Risk prevention and loss control within the human resources management function typically involves developing policies, procedures, and programs that specifically address those human resources loss exposures identified in the earlier assessment. Policies and procedures should be well-written, implemented consistently, distributed, communicated, applied equally to all affected employees, and reviewed and revised regularly.
A proactive return-to-work program (RTW) contains effective tools associated with injuries or illness, which provide the opportunity for injured workers to return to the workplace as soon as it is medically appropriate. A RTW program also provides a mechanism for employers to encourage employees to return to work as soon as possible after an injury or illness.
The longer an employee is away from work, the higher the employer’s workers’ compensation expenses, and related business costs. Sometimes an injured employee needs extra help returning to work, especially if they have been away from work for a long time. Factors such as fear, depletion of financial resources, or a decline of self-image or self-esteem may present barriers to an employee returning to work. Employees who return to work in a modified or alternate duty capacity are likely to recover more quickly and with less impairment. In addition, these employees are also less likely to become treatment dependent.
Every state entity is required by the Texas Workers’ Compensation Act (Labor Code, Title 5, Subtitle A, Section 412.051) to develop, implement, and maintain a program designed to assist employees who sustain compensable injuries to return to work.
RTW is a proactive and collaborative approach endorsed by many health care providers, designed to help restore injured workers to their former lifestyle safely and effectively.
A return-to-work program should include appropriate, detailed procedures that identify specific responsibilities and actions taken by designated return-to-work coordinators, supervisors, and employees. TDI provides a guide for RTW, entitled “Return to Work Works for You and Your Employees.”
“Ethics” clearly defines the moral duty, obligation, principles, and values for all state employees. The “Rules of Conduct” guidelines are also considered an important part of governing all employees’ official duties in a lawful, professional, and ethical manner.
There are several benefits to establishing an ethics program. An ethics program can boost employee morale, create a positive image for the organization, and encourage ethical behavior by employees. It may also provide long-term financial benefits for the organization. Unethical conduct can adversely affect the entity, as well as the individual employee engaged in the conduct. Property theft, embezzlement, misuse of equipment, misuse of work time, and theft of services are just some of the consequences of unethical conduct within an entity.
Texas state entities must operate under ethical standards and federal/state laws. Texas Government Code Sec 572.001 (b), outlines the standards of conduct and requirements which must be observed: “by persons owing a responsibility to the people and government of this state in the performance of their official duties.”
State entities should employ an ethics program that sets high ethical standards. An ethics program would typically include a policy statement, rules of conduct and provide ethics training to all employees. The ethics program should be developed in conjunction with the General Counsel or outside counsel if warranted.
State employees charged with Notary duties in their course and scope of employment are eligible to become a Notary Public without purchasing a surety bond (77R HB 1203). A bond is not necessary for state employees because the State Office of Attorney General (OAG) will defend them against any claim/complaint of their notary duties within the course and scope of their employment. Notaries without a bond may not notarize documents outside the scope of their employment.
Notaries Public are governed by Chapter 406 of the Texas Government Code, Chapter 121 of the Texas Civil Practice & Remedies Code, and the Secretary of State’s administrative rules found in Title 1, Chapter 87 of the Texas Administrative Code. Section 406.005 of the Government Code sets forth the requirements for a notary public application.
Notary commissions are effective as of the date of qualification by the applicant. The commission expires four years from the date of issuance and may be renewed by applying for renewal no earlier than 90 days before the date the commission expires. This form is required for both new and renewed applications by employees of state entities.
As that term is defined in section 2052.101, Texas Government Code, notaries employed by state entities are not required to obtain surety bonds; however, they must obtain verification of employment from SORM before submitting their applications. These notaries must also purchase an official notary seal (stating that the notary is without bond) and a record book. If the notary ceases to be employed by a state entity during the term of their commission, they must either surrender the commission or obtain a bond for the remainder of the term.
The application process for new applicants and the renewal of notary commissions without bond is available on SORM’s website. Notary publics seeking to renew commissions are required to wait to within 90 days of the expiration date of the current commission before submitting a renewal application.
Property belonging to the state is an asset. Therefore, all state assets must be accounted for and protected. A state official or employee may be liable to the state for any loss sustained due to negligence or wrongful act where property is lost, damaged, or destroyed.
A property conservation program is developed to identify, conserve, and protect an organization’s physical assets. Property conservation is an essential element of management and supervisory responsibilities. It should be incorporated into entity planning, organizing, budgeting, coordinating, directing, and evaluating activities. Property conservation activities apply to all real property owned or leased by the state, all personal property (e.g., contents), boilers, and machinery contained or operated in state-occupied facilities.
Implementation of an effective property conservation program requires the cooperation of managers, supervisors, and employees. The benefits of such a program are reduced losses and insurance premium costs and a safer environment for employees and the public. Therefore, every state entity should develop and maintain a sound property conservation program.
Elements of a written property conservation program should provide agency risk management personnel with methods for incorporating essential property loss control techniques into their areas of responsibility. Key aspects of this program include:
The Texas Comptroller of Public Accounts is responsible for accounting for all personal property owned by state entities. The Property Manager and Risk Manager should refer to the State Property Accounting System (SPA) website for additional information and resources.
Records Management is a way of organizing records and ensuring a system is in place to keep those records according to the entity’s records retention policy. State law requires state entities to establish a records management program to ensure that records are created, maintained, and disposed of adequately and properly.
The State and Local Records Management Division (SLRM) of the Texas State Library and Archives Commission (TSLAC) operates under the Texas Government Code Chapter 441. This chapter requires all agencies to establish and maintain an active, continuing program for efficient records management. Each state entity head shall act as or appoint a records management officer for the state entity to administer the entity’s records management program under Texas Government Code §441.184.
A records management program is an important element of a comprehensive risk management program. An effective records management program will:
The above functions of a records management program are all compatible with a comprehensive risk management program that protects an entity’s assets from damage, destruction, or loss.
State entities may utilize the resources and information provided by the SLRM of TSLAC to build and maintain an effective records management program. The SLRM assists state and local officials with training, resources, guidelines, templates, and consultation to ensure that government information is stored, retained, and accessible.
Texas Enterprise Risk Management Guidelines (Former RMTSA)
Risk Guidelines for Texas Agencies subject to Texas Labor Code, Chapter 412
Risk Advisory Council
Enterprise Risk Department of SORM
Board Approval of Draft
Added Glossary and Acknowledge Page
Updated “broken links”
Updated Opening Paragraph
Updated COOP Section with new “Continuity Planning Policy Guidance Letter)
Removed accidental data from chapter footers & updated a chapter reference.