The safety and health component of risk management was incorporated into NFPA 1500, Standard on Fire Department Occupational Safety and Health Program, during the 1992 revision process. In Chapter 2 of this standard, the requirements of the risk management program are stated as follows:

2-2.1: The fire department shall adopt an official written risk management plan that addresses all fire department policies and procedures.

2-2.2: The risk management plan shall cover administration, facilities, training, vehicle operations, protective clothing and equipment, operations at emergency incidents, operations at nonemergency incidents, and other related activities.

2-2.3: The risk management plan shall include at least the following components:

(a) Risk Identification: Potential problems.

(b) Risk Evaluation: Likelihood of occurrence of a given problem and severity of its consequences.

(c) Risk Control Techniques: Solutions for elimination or mitigation of potential problems; implementation of best solution. (d) Risk Management Monitoring: Eval- uation of effectiveness of risk control techniques.1

The risk management model used in this article incorporates an additional step between risk identification and risk-control techniques. This step is called “prioritization of risks” and will be discussed later.

The classic risk management model has been successfully used by general industry for decades. It is a process that incorporates several components that can be applied to fire department or EMS operations. This is not a stagnant process that is developed, printed, and placed in a manual on a shelf and never seen again. An effective risk management program has a positive impact on the department from an operational, safety, financial, and liability standpoint. The fire chief has the ultimate responsibility for the risk management plan, as he does for the occupational safety and health program, but delegates it to the health and safety officer. The risk management plan has to be revised annually.


The model (see sidebar) has five primary components, or steps, which serve as building blocks for this process: risk identification, risk evaluation, establishment of priorities, design and implementation of risk control techniques, and periodic examination of the program to evaluate its effectiveness. For each step in the process, it is important to record performance criteria, suggestions, and recommendations. These data will provide the elements that formulate a written risk management plan. The number of pages in the plan does not affect its effectiveness.

Once created, the plan should be periodically updated. Consider it a dynamic process, not a static event with a single written record. Keep the plan current based on conditions, circumstances, and experience.


What might go wrong? Compile a list of anything and everything that comes to mind. A good rule of thumb is to expect and plan for the worst but hope for the best. There are many resources to assist with this identification process. The first, and possibly the most effective, is the department`s loss/accident statistics. Seek input and ideas from personnel, trade journals, professional associations, and other service providers. When using ideas from others, take into account local circumstances when formulating the list.


Once the risks have been identified, they can be evaluated from the standpoints of frequency and severity. Frequency addresses the likelihood of occurrence. Typically, if a particular type of incident such as a back injury has occurred repeatedly, it will continue to occur until effective control measures have been implemented.

Severity addresses the degree of seriousness of the incident. This can be measured in a variety of ways–time away from work, cost of damage, cost of and time for repair or replacement, disruption of service, or legal costs, for example. Using the information gathered in the identification step, the risks can then be classified on the basis of severity.


Taken in combination, the results of the frequency and severity determinations will help to establish priorities for determining action. Any risk that has a high probability of occurrence and that will have serious consequences deserves immediate action and would be considered a high-priority item. On the other end of the scale, nonserious incidents with a low likelihood of occurrence are a lower priority and can be placed near the bottom of the “action-required” list.


At this point in the process, risks have been identified and evaluated, so it is time to find solutions. Several approaches may be taken. They include risk avoidance, implementation of control measures, and risk transfer.

The best choice in any situation is risk avoidance. Simply put, this means avoid the activity that creates the risk. In an emergency services organization, this frequently is impractical. Lifting a stretcher presents a serious back injury risk, but you cannot avoid this risk and still provide an effective service.

An example of where avoidance has worked very well is the widespread, hopefully universal, use of sharps containers. The risks associated with recapping needles are well documented, so recapping is no longer an accepted practice. This risky behavior can be avoided through the proper use of a sharps container.

The most common method for managing risk is to adopt effective control measures. While control measures will not eliminate the risk, they can reduce the likelihood of occurrence or mitigate severity. Safety programs, ongoing training programs, and well-defined standard operating procedures are all effective control measures.

Some typical control measures instituted to control fireground injuries include accountability, full protective clothing, a mandatory respiratory protection program, training and education, and well-constructed SOPs. Using these control measures together makes an effective program that will ensure safe fireground operations.

Risk transfer can be accomplished in two primary ways–by physically transferring the risk to somebody else or by purchasing insurance. For a fire or EMS organization, it may be difficult to transfer risk, but the risks associated with some activities–such as operating and maintaining responder helicopters–can be transferred to private contractors.

Purchasing insurance transfers financial risk only. In addition, it does not affect the likelihood of occurrence. Buying fire insurance on the station, while highly recommended for protecting the assets of the department, does nothing to prevent the station from burning down. Therefore, insurance is no substitute for effective control measures.


The last step in the process is risk management monitoring. Once control measures have been implemented, they need to be evaluated to measure their effectiveness. Problems that occur in the process have to be revised or modified. This final step ensures that the system will be dynamic and will facilitate periodic reviews of the overall program.


To better understand the classic risk management model, the Virginia Beach Fire Department`s Risk Management Plan is presented on page 64. Feel free to use this format or develop a program that works for your department. The most important consideration is that the plan will have a positive impact on your department`s occupational safety and health program. Developing such a plan is not a static process. It will change based on events that occur internally and externally. Hopefully, we learn from our mistakes and those of others. If we do not, the small mistakes eventually will become big mistakes and carry with them a heavy price tag such as a loss of life, a serious injury, or damaged apparatus and equipment. The risk management process is a tool that can keep us a step ahead. It is not a cure-all, but it can identify problems or risks that can affect the organization. An effective risk management program encompasses many components. Adopting the classic risk management model is merely the first step in a successful process. n


1. NFPA 1500, Standard on Fire Department Occupational Safety and Health Program, National Fire Protection Association, Quincy, Mass.

MURREY E. LOFLIN is captain and safety officer with the Virginia Beach (VA) Fire Department. He has been a member of the NFPA Fire Service Occupational Safety and Health Technical Committee since its inception and was a contributing author to the NFPA 1500 Handboook (1993, National Fire Protection Association, Boston, Mass.) and coauthor of Emergency Incident Risk Management (1996, Van Nostrand Reinhold, New York City, N.Y.). He is a frequent speaker and instructor on topics relevant to firefighter safety.

JONATHAN D. KIPP is loss prevention manager of Compensation Funds of New Hampshire, an organization that provides workers? compensation pooled self-insurance services for cities, town, counties, schools, and other public employers in New Hampshire. He has been a principal member of the NFPA Fire Service Occupational Safety and Health Technical Committee since 1989. He was a contributing author for the NFPA 1500 Handbook (1993, NFPA, Boston) and coauthor of Emergency Incident Risk Management (1996, Van Nostrand Reinhold, New York City).

No posts to display