Etude de cas sur la prise en compte des facteurs organisationnels dans la gestion des risques : analyse comparative des systèmes de gestion de sécurité de laboratoires au sein de l'Université de Liège (sites de Liège et Gembloux)

Abstract

Institutions, such as universities and research laboratories, are increasingly facing challenges that were historically typical of the private sector. As a consequence, it becomes a crucial concern for them to consider risk management as a key priority, in order to effectively and efficiently secure their staff and assets. This statement has been the founding principle for this study and directed the analysis on the way through which twelve laboratories from the University of Liège take into consideration the organizational factors in their risk management approach. Our final goal is to compare those laboratories on the basis of a standardized assessment model. The latter will enable us to identify which are the factors that influence organizational performance in terms of security, and emphasize the key elements that make up a good security management system. To do so, we met the people in charge of security in the twelve selected laboratories and interviewed them via a cautiously constructed questionnaire covering six organizational factors of influence, that are: organization, communications, incompatible goals, defenses, housekeeping and training. The first part of this Master’s thesis was thus dedicated to define concepts, models and theories that were used to formulate the aforementioned set of questions. The “Tripod Delta” method, based on the Swiss Cheese Model (Reason, 2000) was genuinely useful to understand how laboratories organize the first “slice” of their security management system’s protection. Then, the methodology used to analyze our interviews’ output was thoroughly developed. Finally, we concluded this Masters’ thesis with a comparison of the laboratories’ organizational performance on security management. This had been carried out through the use of a common assessment model aimed at discovering whether the laboratories were sufficiently organized to anticipate and avoid unwanted events. As a matter of fact, our objective was to assess the security system’s internal resilience and the extent to which latent failures could be hidden in the work environment. The Zwetsloot model (2000) was a useful tool to classify each laboratory’s security management approach among four key stages of development. Based on the PDCA Deming Wheel and on our empirical research results, we concluded this Masters’ thesis with the construction of a model that distinguishes several “best practices” aimed at improving security and risk management in research laboratories.