How to Run a Temporary Deviation Risk Review in 10 Days

A temporary deviation is one of the most dangerous phrases in operational risk management because it sounds controlled even when nobody has tested what changed. A bypassed alarm, a temporary hose, a delayed maintenance task, a missing spare part, a manual workaround, or an extended permit condition may be accepted for one shift and then quietly become the new normal.

This guide gives EHS managers, operations leaders, maintenance managers, and supervisors a 10-day way to review temporary deviations before they become hidden risk acceptance. The central thesis is practical: a deviation is not temporary because the form says so. It is temporary only when scope, controls, authority, expiry, and restoration are visible enough for the next shift to challenge.

ISO 45001:2018 expects organizations to manage change, operational controls, competence, communication, and documented information inside the occupational health and safety management system. A temporary deviation review translates that expectation into a field routine for exceptions that do not look large enough for a full project review but are still strong enough to change risk.

What you need before starting

Start with one site, one department, or one high-risk process where temporary workarounds appear often. Good candidates include maintenance backlogs, utility systems, contractor interfaces, chemical transfer, mobile equipment, confined-space support equipment, emergency equipment impairment, line breaks, temporary power, machine guarding, and production campaigns with unusual sequencing.

Across 25+ years leading EHS in multinational environments, Andreza Araujo has seen that temporary risk rarely fails because people use the word temporary. It fails because no one owns the moment when temporary must become stopped, restored, or formally reapproved. That ownership gap is cultural, not clerical.

Before day one, collect the current MOC procedure, permit-to-work rules, critical control register, maintenance deferral process, supervisor shift handover template, risk acceptance authority table, and any local deviation form. The review should not invent a new bureaucracy. It should close the gap between existing controls that currently do not talk to each other.

Step 1: Define what counts as a temporary deviation

Write a narrow definition that a supervisor can apply without legal interpretation. A temporary deviation is any approved short-term departure from the normal risk control, operating method, equipment condition, staffing assumption, layout, inspection frequency, alarm response, maintenance status, or permit condition.

The definition should include examples and exclusions. A planned change to a process belongs in management of change. A one-time abnormal condition during a task may belong in the field risk escalation matrix. A repeated workaround that extends beyond its expiry should move out of temporary status and into formal risk acceptance or restoration.

The trap is letting each function define deviation differently. Maintenance may see a deferred repair, operations may see a production workaround, and EHS may see a weakened control. Use the existing MOC, PTW, and PSSR comparison to decide which governance route applies when the deviation is no longer small.

Step 2: Build a live deviation register

Create a live register for all active deviations in the selected scope. Each row should capture the deviation, affected asset or task, normal control, temporary control, owner, approving authority, start date, expiry date, restoration action, and the next verification point.

A spreadsheet is enough for the first 10 days if it is visible and controlled. The common error is hiding deviations inside permit notes, maintenance comments, email threads, or shift diaries where the next supervisor cannot see the full risk picture. A hidden register is not a control.

Link the register to the risk register cleanup only when a deviation has become recurrent or structural. Short-lived deviations need pace and visibility. Recurrent deviations need deeper risk ownership because the organization is no longer handling an exception.

Step 3: Classify deviation severity before approving duration

Classify each deviation before approving how long it can stay open. Severity should consider the worst credible consequence, the control being weakened, exposure frequency, number of people exposed, detectability, emergency response dependency, and whether the deviation affects a critical control.

The mistake is setting duration by convenience. A missing spare part may need 10 days to arrive, but that does not mean the risk can safely wait 10 days. Duration should follow risk, not procurement lead time.

For high-consequence work, compare the deviation with the critical control register. If the deviation weakens a control that prevents fatal or catastrophic exposure, local approval is rarely enough. The review should escalate before the workaround becomes a quiet operating condition.

Step 4: Name the owner who can restore normal control

Every deviation needs one owner who can restore normal control or force reapproval before the expiry date. The owner is not the person who noticed the condition and not necessarily the person who fills out the form. The owner is the person with authority over restoration.

Andreza Araujo argues in Safety Culture: From Theory to Practice that culture is revealed in repeated operational decisions. Temporary deviations reveal culture quickly because they show whether leaders protect production continuity by weakening controls, or whether they make control restoration visible enough to compete with production pressure.

Write the owner as a named person, not a department. If the owner is listed as maintenance, operations, EHS, or contractor, the deviation still has no accountable decision maker. The register should also name the person who can reject extension when restoration stalls.

Step 5: Set expiry rules that cannot be extended casually

Set expiry rules at the moment of approval. Low-risk deviations may expire at the end of the shift or after 24 hours. Moderate-risk deviations may require daily review. High-risk deviations should need senior approval, field verification, and a written reason before any extension.

Expiry is where temporary deviations usually decay. The first approval is discussed, the first extension is justified, and the third extension becomes routine. At that point, the organization is no longer managing a deviation. It is accepting risk without saying so.

Use the existing risk acceptance authority article as a boundary. If the deviation needs repeated extension, ask whether a higher authority should formally accept the residual risk or stop the activity until restoration is complete.

Step 6: Verify temporary controls in the field

A temporary control should be verified where the exposure exists. Do not approve a temporary guard, alarm response, manual check, bypass condition, alternative route, ventilation workaround, or temporary support based only on a meeting. The field must show that the replacement control can actually work.

This is the proprietary angle many generic checklists miss. A workaround often looks sensible in a conference room because the team imagines ideal execution. In the field, the same workaround may depend on a tired operator, a contractor who was not briefed, a label that cannot be seen at night, or a supervisor who has no time to check hourly.

Connect the verification to the control assurance field evidence routine. The question is not whether the team promised a temporary control. The question is whether a competent person saw it working under the conditions in which it must protect people.

Step 7: Add deviation status to shift handover

Every active deviation should appear in shift handover until it is closed. Handover should state what changed, who owns it, what temporary control is active, what must be checked during the next shift, and what condition requires immediate stop or escalation.

The risk is not only the deviation itself. The risk is the second crew inheriting a workaround without the same context as the first crew. What was discussed in the morning meeting may be invisible at midnight, especially when contractors, relief supervisors, or maintenance technicians enter the job halfway through the exposure window.

Use the shift handover safety review as the communication backbone. A temporary deviation that cannot be explained clearly in handover is probably not controlled enough to remain active.

Step 8: Review extensions as new decisions

Treat every extension as a new decision, not an administrative update. The owner should confirm what changed since the first approval, whether the temporary control still works, whether exposure increased, whether workers understand the condition, and whether restoration is still realistic.

James Reason's work on latent failures is useful here because the visible workaround may be only the last layer. Behind it may sit spare-parts strategy, maintenance planning, weak supervision, poor engineering standardization, or a production promise that no one wants to renegotiate.

If a deviation has been extended twice, require a short challenge review with operations, maintenance, and EHS. The purpose is not to punish the owner. The purpose is to stop temporary language from hiding structural weakness.

Step 9: Close with restoration evidence

Close the deviation only when normal control has been restored and checked. Closure evidence may include a photo, field verification note, work order completion, equipment test, supervisor walkdown, permit closure, operator confirmation, or emergency equipment return-to-service check.

A closed form without restoration evidence is weak evidence. It proves that someone wanted the register cleaned, not that risk returned to its normal control state. This matters after incidents because investigators will ask whether the organization knew about the degraded condition before harm occurred.

Use the leading indicator quality audit to avoid vanity metrics. Counting closed deviations is useful only when closure means restored control, not expired paperwork.

Temporary deviation review checklist

• The deviation definition separates short-term workaround, formal MOC, field escalation, and risk acceptance.
• The live register names the normal control, temporary control, owner, approval authority, expiry, and restoration action.
• Severity is classified before duration is approved.
• Critical control deviations trigger higher review before extension.
• Temporary controls are verified in the field, not only accepted in meetings.
• Active deviations appear in every shift handover until closure.
• Extensions are treated as new risk decisions.
• Closure requires evidence that normal control has been restored.

Final review

A temporary deviation risk review works when it makes the exception visible enough to challenge. The review should answer who accepted the deviation, what control was weakened, what temporary control replaced it, how long it can remain active, who owns restoration, and what evidence proves closure.

For leaders who want to connect risk management with culture, Andreza Araujo's work in Safety Culture: From Theory to Practice and more than 250 cultural transformation projects offers a clear warning: the organization rarely loses control in one dramatic moment. It loses control through small exceptions that become normal because nobody owns the return to normal.

If your operation has temporary workarounds that survive longer than the conversation that approved them, Andreza Araujo can help connect risk governance, leadership routines, and field evidence through Andreza Araujo.