Risk Criteria Workshop in 14 Days

Risk criteria decide whether the same hazard is tolerated, escalated, or stopped, which is why vague scoring rules create inconsistent safety decisions across shifts. This 14-day workshop guide shows EHS managers how to calibrate likelihood, severity, exposure, control confidence, and decision authority before the next high-risk review.

Why risk criteria fail when they are only a matrix

Risk criteria fail when the organization treats a 5 by 5 matrix as a complete decision system. ISO 31000:2018 specifies risk management guidance around identifying, analyzing, evaluating, treating, monitoring, and communicating risk, but the practical value appears only when leaders define what each rating means in real work.

A colored box cannot decide whether a task starts at 6 a.m., whether a contractor receives authority to proceed, or whether a weak control deserves escalation. Across 25+ years leading EHS at multinationals, Andreza Araujo identifies that the failure is rarely the absence of a form. The failure is the absence of a shared threshold whose consequences are understood before pressure arrives.

The workshop below is built for an EHS manager who has 2 weeks, 8 to 12 participants, and enough authority to bring operations, maintenance, HR when needed, procurement, and site leadership into one room. It is not a paperwork exercise. It is a decision-quality exercise that turns risk language into action.

Step 1: What decision needs a risk criterion?

A risk criterion must start with a decision, not with a score. In 14 days, the workshop should define 3 to 5 decision moments where inconsistent judgment currently creates exposure, such as work authorization, risk acceptance, escalation, contractor mobilization, and corrective-action priority.

Most teams begin by debating severity labels, but that debate becomes abstract unless it is tied to a real operational decision. As Andreza Araujo argues in Safety Culture: From Theory to Practice, culture becomes visible in repeated choices, especially when production pressure competes with prevention. Risk criteria are one way to make those choices explicit.

Ask each participant to bring 2 recent examples where the same kind of risk received different treatment. One maintenance shutdown may have required director approval while an equivalent weekend task moved with only supervisor approval. Those mismatches are the raw material for the workshop.

Document the target decisions in a one-page charter before any scoring work starts. If the charter cannot name the decision, the criterion will become decorative and the matrix will keep hiding disagreement.

Step 2: Build the calibration team

The calibration team should include the people who create risk, control risk, approve risk, and live with the consequences of risk. For a single industrial site, a practical group is 1 EHS lead, 2 operations leaders, 1 maintenance representative, 1 contractor owner, 1 HR or occupational health representative when psychosocial or fit-for-work exposure is present, and 2 frontline supervisors.

This mix matters because risk criteria collapse when written only by technical specialists. ISO explains that ISO 45001 includes leadership commitment, worker participation, hazard identification, risk assessment, operational controls, emergency preparedness, competence, monitoring, and continual improvement. A criterion that excludes operations will not survive the first production conflict.

Choose participants who can disagree without turning the room into a defense of departmental turf. The EHS manager should chair the method, but the final thresholds need visible sponsorship from the site manager, because escalation rules without authority are only suggestions.

Send the charter, 5 sample risk cases, and the current matrix 48 hours before the first session. That small pre-work prevents the first meeting from becoming a tutorial on basic terminology.

Step 3: Collect real cases before scoring

Real cases expose whether existing risk criteria work under pressure. Before the workshop, collect 10 to 15 recent situations from permits, incident reports, risk assessments, contractor scopes, change requests, and high-risk corrective actions.

The trap is to calibrate on hypothetical examples that everyone can solve neatly. In more than 250 cultural transformation projects, Andreza Araujo observes that safety systems look aligned in conference rooms and fragment at the workface, where incomplete information, time pressure, and hierarchy change the decision. Calibration should therefore start with messy cases.

Classify each case by energy source, exposed population, existing controls, uncertainty, time pressure, and decision actually taken. Do not rewrite the case to make it cleaner. The point is to test whether the current criterion would have guided a better decision at the time.

Each week without calibrated criteria leaves supervisors negotiating risk case by case, while high-risk work keeps moving under local judgment instead of a shared threshold.

Step 4: Define severity without hiding SIF exposure

Severity criteria should separate minor harm from serious injury and fatality exposure instead of averaging them into a comfortable score. A practical workshop uses at least 4 severity bands and names the SIF band explicitly, because fatal potential can exist even when no injury occurred.

The common error is to score severity by the outcome that happened. A dropped load that missed a worker by 2 meters may be recorded as a near miss with no harm, although the credible consequence was fatal. This is where a link with capacity creep and shrinking safety buffers becomes important, because the absence of injury may only reflect spare margin, not control strength.

Use credible worst consequence, not actual consequence, for high-energy scenarios. Define what counts as fatality potential, permanent disability, recordable injury, first aid, environmental release, asset loss, and business interruption. Keep the wording plain enough that 2 supervisors reading the same event would land in the same band.

4 severity bands are usually the minimum for separating routine injury management from SIF prevention. If everything severe sits in one red box, the criterion cannot tell leaders which exposure needs executive action first.

Step 5: Calibrate likelihood with exposure and control confidence

Likelihood should combine exposure frequency and control confidence, because a rare task with weak controls can deserve more attention than a frequent task whose barriers are verified. The workshop should define likelihood with 2 dimensions rather than asking participants to guess probability from memory.

HSE describes risk management as a step-by-step process to identify hazards, assess risks, control risks, record findings, and review controls. That sequence matters because likelihood is not a feeling. It depends on who is exposed, how often exposure occurs, and whether controls work when the job is done.

Ask the group to score each case twice. The first score uses exposure frequency, such as daily, weekly, monthly, annual, or one-off. The second score uses control confidence, such as verified, partially verified, assumed, failed, or absent. The final likelihood band should rise when exposure is frequent or control confidence is weak.

This approach prevents a familiar failure in hazard identification and control links, where teams list controls that exist in a procedure but never verify whether they still work in the field.

Step 6: Set escalation thresholds before work starts

Escalation thresholds define who must approve, pause, redesign, or monitor work when a risk band crosses a defined line. In a 14-day workshop, the team should agree on at least 3 authority levels, such as supervisor, department manager, and site manager or director.

This is the point where risk criteria become culture. If a supervisor can accept a serious residual risk alone, the organization has already made a leadership decision, even if nobody named it. Risk acceptance and decision authority have to match the worst credible consequence, not the seniority of the person closest to the task.

Define trigger words that create automatic escalation. Examples include failed critical control, unverified isolation, contractor unfamiliarity, simultaneous operations, night work, severe weather, fatigue concern, and change in method. Each trigger should say what happens next, not only who gets informed.

3 authority levels create enough separation for routine control, managerial review, and executive risk acceptance. More than 5 levels usually slows decisions without improving judgment.

Step 7: How do you test the criteria against past decisions?

Risk criteria should be tested against past decisions before they are released. Use 6 to 8 historical cases and ask the group to apply the new thresholds without knowing the original decision until after scoring.

This blind test reveals whether the criterion changes anything. If the new method produces the same approvals, the same delays, and the same unresolved disagreement, the workshop has only renamed the old process. During the PepsiCo South America tenure, where the accident ratio fell 50% in 6 months, Andreza Araujo learned that a safety method earns credibility only when it changes daily leadership behavior.

Compare the new score, the required authority, the expected control action, and the decision that actually occurred. Where the method would have changed the decision, write down why. Where it would not, identify whether the case was already well managed or whether the criterion is still too weak.

This test connects naturally with field risk escalation matrices, because both tools should produce visible movement from field evidence to management action.

Step 8: Publish the rule and audit it after 30 days

The workshop is complete only when the rule is published, used, and audited after 30 days. The final output should include the risk criteria table, escalation thresholds, case examples, approval rules, and a review date.

ILO-OSH 2001 describes occupational safety and health management systems as a model for organizing prevention through policy, planning, implementation, evaluation, and improvement. Risk criteria belong in that cycle, because a threshold that is not reviewed becomes stale as work, contractors, staffing, and exposure change.

Train supervisors with 3 examples rather than a long slide deck. Give them one routine case, one serious-potential case, and one ambiguous case where production pressure is present. The learning goal is not to memorize the matrix. The goal is to know when the decision must move upward.

After 30 days, audit 10 uses of the criteria. Check whether the right authority approved the work, whether control confidence was verified, whether serious-potential exposure was escalated, and whether any group bypassed the process. Then adjust wording, thresholds, or authority rules before the method hardens into another ritual.

Comparison: matrix-only risk assessment vs calibrated criteria

A matrix-only process gives the organization a color. Calibrated criteria give the organization a decision rule, which is why the second approach is more useful for high-risk work and leadership accountability.

The practical difference is accountability. A colored matrix lets people debate interpretation after the fact, while calibrated criteria tell the supervisor, manager, and site leader what the organization expects before the job begins.

Risk criteria are a leadership contract

Risk criteria turn safety language into a leadership contract because they define what the organization will tolerate, who can approve it, and what evidence is required before work proceeds.

A 14-day workshop is enough to build that contract when the team starts with real decisions, uses real cases, separates SIF exposure from minor outcomes, and audits use after 30 days. If the criteria do not change who approves work or what evidence is required, the organization has not calibrated risk. It has only formatted uncertainty.

If your team needs to rebuild risk criteria, escalation thresholds, or safety decision authority, Andreza Araujo's books, Safety School content, and ACS Global Ventures consulting can help convert risk assessment into a practical management routine. Start with the decision that keeps repeating, then make the threshold visible before the next high-risk job starts.