DISCLAIMER - NIKZAFRI.BLOGSPOT.COM

Today, Knowledge Management today are not limited merely to : (A) 'knowing' or 'reading lots of books/scholarly articles' or (B) data mining, analysis, decision making, preventive actions, or (C) some Human Resources Management issue or (D) some ICT issue. Knowledge Management is about putting your knowledge, skills and competency into practice and most important IT WORKS! For you and your company or your business (Nik Zafri) Offering the best training and consultancy.

The information comprised in this section is not, nor is it held out to be, a solicitation of any person to take any form of investment decision. The content of the nikzafri.blogspot.com does not constitute advice or a recommendation by nikzafri.blogspot.com and should not be relied upon in making (or refraining from making) any decision relating to investments or any other matter. You should consult your own independent financial adviser and obtain professional advice before exercising any investment decisions or choices based on information featured in this nikzafri.blogspot.com can not be held liable or responsible in any way for any opinions, suggestions, recommendations or comments made by any of the contributors to the various columns on nikzafri.blogspot.com nor do opinions of contributors necessarily reflect those of http://www. nikzafri.blogspot.com

In no event shall nikzafri.blogspot.com be liable for any damages whatsoever, including, without limitation, direct, special, indirect, consequential, or incidental damages, or damages for lost profits, loss of revenue, or loss of use, arising out of or related to the nikzafri.blogspot.com or the information contained in it, whether such damages arise in contract, negligence, tort, under statute, in equity, at law or otherwise.


MY EMPLOYERS AND CLIENTELLES




A THOUGHT

It’s wonderful to revisit the past, though not every memory is nostalgic some can drain your spirit to live. I find the present while learning valuable lessons from the past (so they’re not repeated), and focus on the future gives me a sense of closure, ownership, even drives me to move forward, and feels truly empowering.

Perhaps it's time to recite this daily mantra - that "enough is enough" - "no more being a victim, I'm retaking control of myself and my life"

BIODATA - NIK ZAFRI



 



NIK ZAFRI BIN ABDUL MAJID,
CONSULTANT/TRAINER
Email: nikzafri@yahoo.com, nikzafri@gmail.com
https://nikzafri.wixstudio.com/nikzafriv2

Kelantanese, Alumni of Sultan Ismail College Kelantan (SICA), Business Management/Administration, IT Competency Cert, Certified Written English Professional US. Has participated in many seminars/conferences (local/ international) in the capacity of trainer/lecturer and participant.

Affiliations :- Council/Network Member of Gerson Lehrman Group, Institute of Quality Malaysia, Auditor ISO 9000 IRCAUK, Auditor OHSMS (SIRIM and STS) /EMS ISO 14000 and Construction Quality Assessment System CONQUAS, CIDB (Now BCA) Singapore),

* Possesses almost 30 years of experience/hands-on in the multi-modern management & technical disciplines (systems & methodologies) such as Knowledge Management (Hi-Impact Management/ICT Solutions), Quality (TQM/ISO), Safety Health Environment, Civil & Building (Construction), Manufacturing, Motivation & Team Building, HR, Marketing/Branding, Business Process Reengineering, Economy/Stock Market, Contracts/Project Management, Finance & Banking, etc. He was employed to international bluechips involving in national/international megaprojects such as Balfour Beatty Construction/Knight Piesold & Partners UK, MMI Insurance Group Australia, Hazama Corporation (Hazamagumi) Japan (with Mitsubishi Corporation, JA Jones US, MMCE and Ho-Hup) and Sunway Construction Berhad (The Sunway Group of Companies). Among major projects undertaken : Pergau Hydro Electric Project, KLCC Petronas Twin Towers, LRT Tunnelling, KLIA, Petronas Refineries Melaka, Putrajaya Government Complex, Sistem Lingkaran Lebuhraya Kajang (SILK), Mex Highway, KLIA1, KLIA2 etc. Once serviced SMPD Management Consultants as Associate Consultant cum Lecturer for Diploma in Management, Institute of Supervisory Management UK/SMPD JV. Currently – Associate/Visiting Consultants/Facilitators, Advisors/Technical Experts for leading consulting firms (local and international), certification bodies including project management. To name a few – Noma SWO Consult, Amiosh Resources, Timur West Consultant Sdn. Bhd., TIJ Consultants Group (Malaysia and Singapore), QHSEL Consultancy Sdn. Bhd.

He is also currently holding the Position of Principal Consultant/Executive Director (Special Projects) - Systems and Methods, ESG, QHSE at QHSEL Consultancy Sdn. Bhd.* Ex-Resident Weekly Columnist of Utusan Malaysia (1995-1998) and have produced more than 100 articles related to ISO-9000– Management System and Documentation Models, TQM Strategic Management, Occupational Safety and Health (now OHSAS 18000) and Environmental Management Systems ISO 14000. His write-ups/experience has assisted many students/researchers alike in module developments based on competency or academics and completion of many theses. Once commended by the then Chief Secretary to the Government of Malaysia for his diligence in promoting and training the civil services (government sector) based on “Total Quality Management and Quality Management System ISO-9000 in Malaysian Civil Service – Paradigm Shift Scalar for Assessment System”

Among Nik Zafri’s clients : Adabi Consumer Industries Sdn. Bhd, (MRP II, Accounts/Credit Control) The HQ of Royal Customs and Excise Malaysia (ISO 9000), Veterinary Services Dept. Negeri Sembilan (ISO 9000), The Institution of Engineers Malaysia (Aspects of Project Management – KLCC construction), Corporate HQ of RHB (Peter Drucker's MBO/KRA), NEC Semiconductor - Klang Selangor (Productivity Management), Prime Minister’s Department Malaysia (ISO 9000), State Secretarial Office Negeri Sembilan (ISO 9000), Hidrological Department KL (ISO 9000), Asahi Kluang Johor(System Audit, Management/Supervisory Development), Tunku Mahmood (2) Primary School Kluang Johor (ISO 9000), Consortium PANZANA (HSSE 3rd Party Audit), Lecturer for Information Technology Training Centre (ITTC) – Authorised Training Center (ATC) – University of Technology Malaysia (UTM) Kluang Branch Johor, Kluang General Hospital Johor (Management/Supervision Development, Office Technology/Administration, ISO 9000 & Construction Management), Kahang Timur Secondary School Johor (ISO 9000), Sultan Abdul Jalil Secondary School Kluang Johor (Islamic Motivation and Team Building), Guocera Tiles Industries Kluang Johor (EMS ISO 14000), MNE Construction (M) Sdn. Bhd. Kota Tinggi Johor (ISO 9000 – Construction), UITM Shah Alam Selangor (Knowledge Management/Knowledge Based Economy /TQM), Telesystem Electronics/Digico Cable(ODM/OEM for Astro – ISO 9000), Sungai Long Industries Sdn. Bhd. (Bina Puri Group) - ISO 9000 Construction), Secura Security Printing Sdn. Bhd,(ISO 9000 – Security Printing) ROTOL AMS Bumi Sdn. Bhd & ROTOL Architectural Services Sdn. Bhd. (ROTOL Group) – ISO 9000 –Architecture, Bond M & E (KL) Sdn. Bhd. (ISO 9000 – Construction/M & E), Skyline Telco (M) Sdn. Bhd. (Knowledge Management),Technochase Sdn. Bhd JB (ISO 9000 – Construction), Institut Kefahaman Islam Malaysia (IKIM – ISO 9000 & Internal Audit Refresher), Shinryo/Steamline Consortium (Petronas/OGP Power Co-Generation Plant Melaka – Construction Management and Safety, Health, Environment), Hospital Universiti Kebangsaan Malaysia (Negotiation Skills), Association for Retired Intelligence Operatives of Malaysia (Cyber Security – Arpa/NSFUsenet, Cobit, Till, ISO/IEC ISMS 27000 for Law/Enforcement/Military), T.Yamaichi Corp. (M) Sdn. Bhd. (EMS ISO 14000) LSB Manufacturing Solutions Sdn. Bhd., (Lean Scoreboard (including a full development of System-Software-Application - MSC Malaysia & Six Sigma) PJZ Marine Services Sdn. Bhd., (Safety Management Systems and Internal Audit based on International Marine Organization Standards) UNITAR/UNTEC (Degree in Accountacy – Career Path/Roadmap) Cobrain Holdings Sdn. Bhd.(Managing Construction Safety & Health), Speaker for International Finance & Management Strategy (Closed Conference), Pembinaan Jaya Zira Sdn. Bhd. (ISO 9001:2008-Internal Audit for Construction Industry & Overview of version 2015), Straits Consulting Engineers Sdn. Bhd. (Full Integrated Management System – ISO 9000, OHSAS 18000 (ISO 45000) and EMS ISO 14000 for Civil/Structural/Geotechnical Consulting), Malaysia Management & Science University (MSU – (Managing Business in an Organization), Innoseven Sdn. Bhd. (KVMRT Line 1 MSPR8 – Awareness and Internal Audit (Construction), ISO 9001:2008 and 2015 overview for the Construction Industry), Kemakmuran Sdn. Bhd. (KVMRT Line 1 - Signages/Wayfinding - Project Quality Plan and Construction Method Statement ), Lembaga Tabung Haji - Flood ERP, WNA Consultants - DID/JPS -Flood Risk Assessment and Management Plan - Prelim, Conceptual Design, Interim and Final Report etc., Tunnel Fire Safety - Fire Risk Assessment Report - Design Fire Scenario), Safety, Health and Environmental Management Plans leading construction/property companies/corporations in Malaysia, Timur West Consultant : Business Methodology and System, Information Security Management Systems (ISMS) ISO/IEC 27001:2013 for Majlis Bandaraya Petaling Jaya ISMS/Audit/Risk/ITP Technical Team, MPDT Capital Berhad - ISO 9001: 2015 - Consultancy, Construction, Project Rehabilitation, Desalination (first one in Malaysia to receive certification on trades such as Reverse Osmosis Seawater Desalination and Project Recovery/Rehabilitation), ABAC Centre of Excellence UK (ABMS ISO 37001) Joint Assessment (Technical Expert)

He is also rediscovering long time passions in Artificial Intelligence, ICT and National Security, Urban Intelligence/Smart Cities, Environmental Social and Governance, Solar Energy, Data Centers - BESS, Tiers etc. and how these are being applied.

* Has appeared for 10 consecutive series in “Good Morning Malaysia RTM TV1’ Corporate Talk Segment discussing on ISO 9000/14000 in various industries. For ICT, his inputs garnered from his expertise have successfully led to development of work-process e-enabling systems in the environments of intranet, portal and interactive web design especially for the construction and manufacturing. Some of the end products have won various competitions of innovativeness, quality, continual-improvements and construction industry award at national level. He has also in advisory capacity – involved in development and moderation of websites, portals and e-profiles for mainly corporate and private sectors, public figures etc. He is also one of the recipients for MOSTE Innovation for RFID use in Electronic Toll Collection in Malaysia.

Note :


TO SEE ALL ARTICLES

ON THE"LABEL" SECTION BELOW (RIGHT SIDE COLUMN), YOU CAN CLICK ON ANY TAG - TO READ ALL ARTICLES ACCORDING TO ITS CATEGORY (E.G. LABEL : CONSTRUCTION) OR GO TO THE VERY END OF THIS BLOG AND CLICK "Older Posts"

Thursday, February 05, 2026

Beyond Compliance: Integrating HIRARC with Pre-Project Risk Assessment and Critical Path Planning - By Nik Zafri

 


0.0 Legal Requirement

0.1 OSHA (Malaysia) - HIRARC Requirement

Under the Occupational Safety and Health Act 1994 as amended by the OSHA (Amendment) Act 2022, employers in Malaysia are legally required to perform risk assessment, which in practice includes HIRARC (Hazard Identification, Risk Assessment and Risk Control):

Relevant Clause : The OSHA (Amendment) Act 2022 introduced Section 18B and strengthened risk assessment obligations, making it mandatory for employers to conduct and document risk assessments and implement risk controls before work begins and whenever work processes change.

So :

Employers must carry out a proactive, documented risk assessment for workplace hazards.

In Malaysia, this HIRARC process is the commonly prescribed method for fulfilling that legal duty and is required for OSHA compliance.

0.2 CIDB

Embedding risk assessment into construction standards that contractors are expected to follow:

The CIDB Construction Industry Standard CIS 25:2018 titled Construction Activities Risk Assessment (CARA) requires contractors to implement hazard identification, risk analysis and risk control (HIRARC) as part of managing site safety and risk control in construction activities.

1.0 Why HIRARC Often Fails to Prevent Accidents and Delays

Hazard Identification, Risk Assessment and Risk Control (HIRARC) is a mandatory and widely recognised tool in occupational safety and health (OSH). Yet despite its widespread use, serious incidents, unsafe conditions, and project delays continue to occur even on projects with “approved” HIRARC documents.

The problem is not the concept of HIRARC itself, but how it is positioned and applied. In many organisations, HIRARC exists as a standalone safety document, disconnected from pre-project risk assessment, programme planning, and critical path analysis. As a result, safety risks are managed operationally but ignored strategically.

This article argues that HIRARC must be integrated with pre-project risk assessment and critical path planning to be truly effective and with bonus topic :

how legal/contracts, Integrated Management Systems (IMS - ISO 9000 + ISO 45000 + ISO 14000) plays a strategic and most effective role

2.0 Common Structural Weaknesses in Current HIRARC Practice

Across industries, several recurring weaknesses are observed:

  • Generic, template-driven HIRARC - Hazards and controls are copied from previous projects or standard checklists, with little adaptation to specific processes, environments, or sequencing,

  • HIRARC treated as a one-off exercise - Assessments are prepared at project start and rarely updated, even when scope, methods, or site conditions change,

  • Focus on paperwork rather than execution - Controls are listed but not translated into physical measures, permits, inspections, or hold points.

  • Disconnection from planning and programme - Safety controls that require time, resources, or sequencing are not reflected in the construction programme or manufacturing schedule.

These weaknesses explain why HIRARC often satisfies audits but fails to prevent incidents or programme disruption.

3.0 The Missing Link: Pre-Project Risk Assessment

Before HIRARC is conducted, most organisations already perform some form of pre-project or strategic risk assessment, covering areas such as:

  • Design and constructability risks,

  • Environmental and regulatory constraints,

  • Construction methodology risks,

  • Supply chain and resource risks

However, this high-level risk information is rarely carried forward into task-level HIRARC.

4.0 What Should Happen Instead

Pre-project risks should form the starting reference for HIRARC, not a separate exercise.

For example:

A pre-project risk identifying “leakage risk in water-retaining structures” should directly inform HIRARC items on crack repair methods, confined space work, curing duration, and retesting cycles.

A strategic risk related to “compressed commissioning timeline” should alert assessors to elevated risks during testing, handover, and non-routine activities.

In this way, HIRARC becomes the execution layer of the project’s overall risk strategy.

5.0 HIRARC and the Critical Path: Where Safety Meets Programme Reality

A critical but often ignored principle is this:

Any activity with high or extreme residual OSH risk is potentially a critical path activity even if CPM analysis says otherwise.

Why?

Safety controls are not abstract concepts, they consume time, resources, and sequencing discipline. When these are not embedded into the programme, the project plan becomes unsafe by design.

Examples of safety controls that directly affect the critical path include:

  • Permit-to-work systems,

  • Confined space entry requirements,

  • Curing and drying periods,

  • Independent inspections and testing,

  • Competent person availability,

  • Weather and environmental constraints

If these controls are not modelled as predecessors, constraints, or lags in the programme, delays and unsafe shortcuts become inevitable.

6.0 Industry Example 1: Construction : Reinforced Concrete Water Tank

In water-retaining structures, generic HIRARC typically lists “working at height” or “chemical exposure”. A properly integrated HIRARC, however, identifies:

  • Confined space hazards during injection works,

  • Hydrostatic pressure risks during ponding tests,

  • Rescue limitations due to single access points,

  • Extended curing and retesting cycles,

When linked to planning:

  • Confined space permits become programme hold points,

  • Curing periods become mandatory lags,

  • Leakage retesting becomes a near-critical or critical activity

Ignoring these realities results in repeated rework, programme slippage, and dispute over responsibility.

7.0 Industry Example 2: Manufacturing – Metal Press and Stamping Lines

In manufacturing, many severe incidents occur not during production, but during:

  • Die changeovers,

  • Jam clearing,

  • Maintenance and calibration

A customised HIRARC recognises:

  • Stored mechanical and electrical energy,

  • Human factors such as interlock bypass,

  • Frequency of non-routine interventions,

When linked to the schedule:

  • Lockout–Tagout becomes a mandatory predecessor,

  • Try-start tests become release gates

  • Competency requirements affect resource loading

Without these links, pressure to meet output targets drives unsafe behaviour.

8.0 Linking HIRARC to ISO 45001/MS 1722

A good practice increasingly observed among more mature organisations is the formal linkage of HIRARC outcomes to ISO 45001 and MS 1722 governance processes, where risk findings are reviewed not only at toolbox talks, but also at management and project control meetings.

In these organisations, HIRARC is treated as a management input, not merely a site safety requirement. High and residual risks, safety-critical activities, permit dependencies, and control effectiveness are escalated to project reviews alongside cost, programme, and quality matters. This allows management to make informed decisions on sequencing, resources, tolerable risk, and contingency, rather than leaving risk ownership solely at supervisory level.

Such integration aligns strongly with the intent of ISO 45001 Clauses 5 (Leadership), 6 (Planning), 8 (Operational Control), and 9 (Performance Evaluation), as well as MS 1722 expectations on continual improvement. It also reflects what regulators increasingly expect to see: evidence that OSH risks are actively governed, not just communicated downward during toolbox meetings.

By elevating HIRARC discussions to management and project control forums, organisations shift safety from a compliance activity to a strategic control mechanism, improving both risk visibility and decision quality across the project lifecycle.

9.0 How Integrated Management System (IMS) - Quality, Safety and Environment Management Systems play a role

Note : I’ve been advocating for Integrated Management Systems since the late 1990s, when certification bodies still treated quality, safety, and environmental systems as separate silos often charging independently for each, driving costs skyrocketted highly.

IMS is where HIRARC, planning, audits, and leadership finally connect into one system, instead of three parallel universes.

Briefly this is how Integrated Management System (IMS) combining ISO 9001 (Quality), ISO 45001 (OSH), and ISO 14001 (Environment) actually helps in real operations, not just on paper.

The problem :

Without IMS, most organisations look like this:

  • ISO 9001 = focused on programme, cost, defects,

  • ISO 45001 = focused on accidents, HIRARC, PPE,

  • ISO 14001 = focused on waste, pollution, permits

Each has:

  • separate risk registers,

  • separate procedures,

  • separate meetings,

  • separate audits

The result?

  • Same activity reviewed three times,

  • Conflicting controls,

  • Gaps at the interfaces (where incidents usually happen)

10.0 IMS collapses these silos into one risk-based management system.

How IMS Improves HIRARC Specifically :

A. One Risk, Three Perspectives

Take a single activity, confined space work in a tank


Under IMS:

  • One integrated risk assessment,

  • One control strategy

  • One management decision

HIRARC no longer lives alone.

B. Stronger Planning (Clause 6 Across All Standards)

IMS forces planning to answer:

  • What can go wrong? (45001),

  • What can cause defects or delays? (9001),

  • What can cause environmental harm? (14001)

This directly supports:

  • pre-project risk assessment,

  • critical path realism,

  • resource allocation

It stops the habit of “fixing safety later”.

C. Operational Control Becomes Real (Clause 8)


Now the programme must comply, not negotiate.

D. What They Did Right in The Construction Industry

In the construction industry, contractual requirements which effectively give them legal standing have driven the integration of Method Statements with reference to Standards and Codes of Practice, Construction Methodology, Safe Work Practices, Job Safety and Environmental Analysis, HIRARC etc.

These elements are also consistently cross-referenced within the Inspection and Test Plans, ensuring alignment between planning, safety, environmental control, and quality verification.

IN THE EYES OF A CONSULTANT, THIS IS HOW I SEE IT WAY BACK IN 2008

(The Methods portrayed here has changed significantly - the diagrams/flowcharts are for reference purposes only - if you see it anywhere - that's my masterpiece)



D1. What They Did Right in the Civil Services

The Manual doesn’t need to be overly detailed. At the beginning, a brief executive summary, a company introduction, and similar essentials are sufficient. The core business processes that connect everything, along with all procedures, are presented as flow charts within the same manual. (with exceptional to documented information required by contracts/law)

Back in the 1990s, when I taught many Malaysian Civil Servants, they had already, through the Total Quality Management (TQM) concept before the shift to ISO 9000, spearheaded by YAB Tun Dr. Mahathir and guided by my mentor Allahyarham Tun Ahmad Sarji and his predecessor cleverly integrated these processes ahead of others, producing the original Manual Prosedur Kerja. Today, the civil services have high-quality Manuals that consolidate all aspects of IMS (including Risk Management)

While Plans, Method Statements, and ITPs are contractual requirements in the construction industry, the Civil Services went a step further by linking their documented information to laws, circulars, and work instructions, making compliance mandatory.

E. Management & Project Control Meetings Become Meaningful

In effective IMS organisations:

  • HIRARC outcomes,

  • Quality risks,

  • Environmental aspects

are reviewed together at:

  • management review meetings (Clause 9.3),

  • project control meetings,

  • risk review boards

Management sees:

  • what is critical,

  • what is near-critical,

  • what is deteriorating

That’s leadership in action.

F. Better Use of Data (Clause 9)

IMS integrates:

  • incidents & near misses (45001),

  • defects & NCRs (9001),

  • spills & environmental noncompliance (14001)

Patterns emerge:

  • same contractor,

  • same activity,

  • same stage/phase of work

This enables predictive intervention, not reactive firefighting.

G. Fewer Accidents, Fewer Disputes, Fewer Surprises

From a business perspective, IMS helps by:

  • reducing rework,

  • preventing stop-work orders,

  • avoiding regulatory action,

  • strengthening defensibility in disputes

When an incident happens, IMS provides:

  • evidence of planning,

  • evidence of control,

  • evidence of leadership oversight

That matters to regulators, clients, and courts.

11.0 Why I Have Great Respect for Any Company Doing This

Because I can see clearly :

  • consistency between plan, execution, and review

  • hazards reflected in programme logic

  • risks escalated to management

  • continuous improvement in action

IMS shows the organisation understands risk, not just standards.

Furthermore : IMS also assists the ABMS in gaining a clearer understanding of which areas or processes are at risk of corruption



Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)