Introduction As we face hazards with the potential to harm and damage ourselves, our organisation and our environment, it is crucial to be able to manage these hazards. Hazard identification is one way to manage the hazards we are facing. Being able to identify the hazards in our daily life, will help us to manage them the in best way possible. When in need of a detailed identification of the potential hazards within our work, the HAZOP is a great methodology that can be used.
What is a HAZOP? HAZOP stands for Hazard and Operability Study. It is a meticulous and in-depth approach utilized to identify potential hazards and assess risks within a process or system throughout its design or operational phase. A HAZOP is performed more in detail and focuses on each individual element of a system or process. Its purpose is to detect any deviations from normal operating conditions that could lead to hazards or undesirable consequences. Like the HAZID, it is typically conducted by a multidisciplinary team with in-depth knowledge of the system or process being assessed.
How to make a HAZOP? The way to make a HAZOP typically involves the following steps:
Defining the system or process being assessed and establishing the analysis’s objectives and scope. (HAZOP vs HAZID Studies)
Assembling a multidisciplinary HAZOP team, including people with a variety of expertise.
Systematically identifying each individual element of the system or process.
Identifying potential deviations from normal operating conditions and comprehending their consequences, including hazards and undesirable consequences.
Evaluating the hazards and risks linked to each identified deviation.
When to use HAZOP? Just like other hazard identification methodologies, the HAZOP is a good option, for identifying potential hazards that can affect a project. The HAZOP is methodology that is more detailed with a focus on each individual element of the system or process. Therefore, it is very useful, especially if you need a more detailed identification of individual elements in a process or in a project.
Sources used – Sigma-hse – “HAZOP vs HAZID studies.” (2023, April 20). Retrieved from sigma-hse: https://sigma-hse.com/news-insights/hazid-hazop-differences/ – Selitski, O. (2022, September 20). “HAZOP vs HAZID: when is one more useful than the other?” Retrieved from ors-consulting: https://www.ors-consulting.com/hazop-vs-hazid
Introduction Hazards are to be found everywhere. They have the potential to affect our organisations in many negative ways, and therefore we should ensure that we can manage them in the best way possible. To be able to do so, it is crucial to be able to identify which hazards our organisation is facing. Many approaches can be used to identify hazards, and one of them is the HAZID.
What is a HAZID? HAZID stands for Hazard Identification. It is a systematic and structured methodology used to identify potential hazards and assess risks associated with a system or process. It is typically performed by a multidisciplinary team with different ranges of skills, knowledge, and experience. The HAZID approach is also known as a “what if” study, as team members are encouraged to ask questions such as “what if…” or “how could…” about the areas being assessed.
Usually performed at an early stage of a project or throughput the design phase, a HAZID is used to identify and assess potential hazards and risks related to the entire system or process. The aim of the HAZID is to uncover all possible hazards and assess their potential causes and consequences, including those that might not be immediately evident, without going into detailed operational aspects.
How to make a HAZID? The way to make a HAZID typically involves the following steps:
Defining the system or process being assessed and establishing the analysis’s objectives and scope (HAZOP vs HAZID Studies).
Assembling a multidisciplinary team with relevant expertise to conduct the HAZID.
Conducting brainstorming sessions with the team to identify potential hazards, considering different scenarios and deviations from normal operating conditions.
Assessing the risks associated with each identified hazard by considering factors like their likelihoods of occurrence, the severity of consequences, and the ability to detect and prevent them.
Documenting the findings and recommendations resulting from the analysis for further action.
When to use a HAZID? The HAZID methodology is a good option for identifying potential risks and hazards in a project. Overall, this method can help to reduce risks and improve safety outcomes. It is a more general approach, and it is used in the early process design or operational phase of a project. Therefore, the HAZID is a good starting point if you haven’t worked with hazard identification before.
Sources used – hse.gov.uk – “Building safety risk assessment: HAZID methodology.” Retrieved from hse.gov.uk: https://www.hse.gov.uk/building-safety/safety-cases/identify-risks/hazid.htm – Sigma-hse – “HAZOP vs HAZID studies.” (2023, April 20). Retrieved from sigma-hse: https://sigma-hse.com/news-insights/hazid-hazop-differences/ – Selitski, O. (2022, September 20). “HAZOP vs HAZID: when is one more useful than the other?” Retrieved from ors-consulting: https://www.ors-consulting.com/hazop-vs-hazid
Introduction Every day we face things that potentially could cause harm or damage to ourselves, our organisations and the environment. To understand what these things could be, first of all, we have to understand the term “hazard”.
The term “hazard” A hazard can be defined in more than one way. Many times, it is defined in combination with the term “risk” or “danger”. In the Cambridge Dictionary a hazard is defined as “something dangerous and likely to cause damage” (Definition of hazard). Another way of defining a hazard can be found on the Canadian Centre for Occupational Health and Safety (CCOHS), whose definition is commonly used when talking about workplace health and safety. The definition they use is: “A hazard is any source of potential damage, harm or adverse health effects on something or someone.” (CCOHS: Hazard and Risk). So basically, a hazard is the potential of harm that may cause loss of life, health impacts, property or equipment losses, social and economic disruption, or environmental impacts.
Sources Used Cambridge Dictionary. (n.d.). “Definition of hazard“. Retrieved from dictionary.cambridge: https://dictionary.cambridge.org/dictionary/english/hazard
CCOHS. (n.d.). “Hazard and risk“. Retrieved from Canadian Centre for Occupational Health and Safety: https://www.ccohs.ca/oshanswers/hsprograms/hazard/hazard_risk.html
Managing a large-scale construction project is no small task. There are many moving parts, stakeholders with which to communicate, supplies to order, funding to obtain, permits to acquire, and safety to consider. With this understanding, it may not be a surprise to hear that time delays are quite common within construction projects. However, recent reports by Cornerstone Projects LTD sighted that 90% of construction projects experience time delays and finish behind schedule. Ninety percent! But that’s not all we know. The majority of these delays even occur within the first half of the project, because that is when any changes will have the greatest impact on the subsequent steps. These time delays not only delay the completion of the project but are also extremely costly, inefficient, and wasteful. So, what is causing these delays?
The International Journal of Managing Projects in Business published an article in 2018 highlighting the 10 most common causes of time delays on construction projects as the following:
Weather and climate significantly impact projects with more temperamental and extreme weather conditions, especially in Southeast Asia and anywhere along the Gulf Coast. These areas can have extreme typhoons, hurricanes, winds, flooding, and heat that prevents work from being done. The issue with this type of delay is that it is completely out of the control of the crew and even the best managers cannot prevent it. The only way to ensure this does not put a project behind schedule is to plan to work during the seasons when weather like this is less likely to occur. Furthermore, managers must incorporate the probability of weather delays into their overall timeline and add some cushion dates in the projections, so nothing falls behind.
Poor communication, lack of coordination, and conflicts between stakeholders are extremely common and completely avoidable mistakes. One stakeholder may need a certain vessel to complete their portion of the project, but another stakeholder may need to finish their step with that vessel first. If delays with the first occur due to a staff member being sick or lack of organization, it destroys the timeline for all other portions of the project. Every crew working on the project needs to be communicating exactly how much time they need, which pieces of equipment they need, and when they need it in order to ensure a smooth completion of the project.
Material shortages and financial issues have become increasingly relevant due to the supply chain issues resulting from the COVID-19 pandemic. Many companies had to close for the safety of their employees, and this has led to a shortage in certain materials – especially ones that take several months to procure. This issue can be compounded when the construction project is dealing with items that are increasing in demand like certain safety equipment, construction drones, or heavy construction equipment. Because there are many factors at play with delays caused by equipment shortages, there is not one clear-cut solution. However, planning well in advance and identifying which equipment will be needed at every step will ensure ample time to reserve your equipment and organize who uses it and when.
Worksite injuries, labor shortages, and a lack of qualified employees also go hand in hand with delays to a project’s timeline. When improper training or disregard for safety protocol results in workplace injuries, it not only costs money for medical bills, but it also costs time and labor to replace the injured employee. Especially with employees who operate specialized equipment, having backup replacements for when these employees fall sick or have personal emergencies that prevent them from working will save time and money in the long run.
Though hiring extra employees and investing in planners, emergency managers, and ensuring equipment is rented for longer than is actually needed to seem like expensive and avoidable costs, these steps can actually save money in the long run. Pew Researchers discovered that every extra dollar invested in risk mitigation will save 6 dollars that would have been spent on responding to and recovering from the emergency or setback. Especially for larger-scale projects that lose hundreds of thousands of dollars on wasted time and equipment for every extra day the project is delayed, spending enough beforehand on comprehensive risk mitigation and planning will significantly save money and benefit the company in the long run. Construction projects have a lot of moving parts, and a lot of things can go wrong that are completely out of the control of the project manager. Because of these inevitable risks, managers need to ensure they have prepared properly for and mitigated every risk that IS preventable, like poor communication, workplace injuries, and lack of experienced workers. What can go wrong will go wrong, so ensure that what does not have to go wrong won’t. Invest now to save later.
Durdyev, S., & Hosseini, M. R. (2019). Causes of delays on construction projects: a comprehensive list. International Journal of Managing Projects in Business, 13(1), 20–46. https://doi.org/10.1108/ijmpb-09-2018-0178
Gerardi, J. (2021, December 28). Common Construction Mistakes | ProEst. ProEst. https://proest.com/construction/tips/common-mistakes/
Lightbody, L., & Fuchs, M. (2018, January 11). Every $1 Invested in Disaster Mitigation Saves $6. The Pew Charitable Trusts. https://www.pewtrusts.org/en/research-and-analysis/articles/2018/01/11/every-$1-invested-in-disaster-mitigation-saves-$6
There are numerous controls to avoid and reduce the risks to your project or organization. Though the risk is not always avoidable, there are ways to alter it. Below are proven controls used to alter risk.
– Engineering Controls: these are controls that reduce risk using engineering methods. This can include:
1. How one designs a project
2. The material used in a project
3. How one substitutes materials to meet technical and economic needs
– Administrative Controls: there are a variety of controls that reduce risk through administrative actions:
1. Creating signs, placards, posters, and visible warnings
2. Creating programs, standard operating procedures (SOPs), instructional material, and having policies in place
3. Conducting training and practicing plans before they are used
4. Limiting how exposed personnel are to hazards by reducing their time in an area and where they are working by policy and proper training.
– Physical Controls: these controls act as barriers to protect personnel. These can include:
1. Personal protective equipment (PPE)
3. Personnel/Supervisors that oversee safety
Pitfalls to Avoid
In addition to knowing some of the common controls used in risk management, it is important to know the mistakes (pitfalls) you should avoid. Below is a list of common pitfalls seen in risk management:
– Over Optimism: overlooking root causes and not being honest with risks associated with your project/company.
– Misrepresentation: relying on one or very few perspectives (*this skews your data!)
– Alarmism: “worst case” events are included in assessments regardless of their likelihood (*they should be considered, but not given the highest priority!)
– Indiscrimination: All risks are given the same value or priority (*not all risks are the same priority!)
– Prejudice: subjective opinions are used rather than facts in assessing risk.
– Inaccuracy: using poor information or data to assess your risks.
The controls mentioned above are only some of the ways to alter risk, and we encourage you to use these controls in addition to your own. On top of this, your organization or project may experience pitfalls not mentioned above. There is no simple “one-size-fits-all” approach to risk management. However, controls like these can inspire you or your organization. We hope that after reading this, you learned a new way to approach risk management for your next project.
Greenert, J. (2010). “OPNAV INSTRUCTION 3500.39C.” Department of the
Navy, Office of the Chief of Naval Operations, p. 1 – 41.
The risk management cycle is a model organizations and project managers use and is fundamental to their risk management framework. This cycle includes the steps taken to reduce risk and can be modified according to the needs of the organization or project. The risk management cycle featured in this article will focus on four areas. These include identifying the risk, analyzing & evaluating the risk, treating the risk, and monitoring the risk.
Step 1 – Identifying the Risk:
The first step in the risk management cycle is identifying your risk. Your risks can vary depending on your work, but there are some common categories of risks to be aware of. Below are a few risk categories you may face within your organization or project:
– Operational risk
– Reputation risk
– Financial risk
– Security & fraud risk
– Legal & compliance risk
– Environmental risk
When identifying your risks, your list must be accessible to everyone on your project or within your organization. All employees may have different backgrounds or insights on various scopes of your work. It is important to get the most value from your risk identification, and thus the most risks can be identified if everyone can offer their input.
Step 2 – Analyzing & Evaluating the Risk:
After identifying your risks, you must know their likelihood and severity. Not all risks are equal, and your organization may not have the resources to combat every risk. When analyzing your risks, you should be aware of their impact on your project or organization. More severe and likely risks should be given the most time and attention. Less likely and less severe risks should be addressed but should also receive a lower priority than the others.
Step 3 – Treating the Risk:
Once you’ve analyzed and evaluated your risks, you must find a way to contain or prevent them. How you treat your risks may vary depending on the threat they pose, their severity, their likelihood, and the category they are in. It is vital to work with professionals within your organization and experts within the category of risk you are treating. For more ways to reduce risk within your organization or project, read one of our other articles, “Controls to Reduce Risk & Pitfalls to Avoid.”
Step 4 – Monitoring the Risk:
Finally, it is essential to note that not all risks can be contained or prevented. Some, such as environmental risks, can occur at any time and must always be considered. As time passes, more data and information may inform how you deal with a risk. Because of this, you may devise a solution for a risk or find a way to contain it better in the future. That is why you should review and update your risks, often, to increase your awareness and devise new strategies to deal with them.
Knowing the steps of the risk management cycle can significantly benefit anyone on a complex project or within an organization. As mentioned, the risk management cycle can be different for every task. It can be modified and expanded to meet the needs of whatever you may need it to. Not everyone may face the same risks, but we all deal with them. Knowing how to identify, analyze & evaluate, treat, and monitor even the most basic risks will help you deal with more complex ones. We hope you find this knowledge helpful and that you can implement our cycle or make your own!
Thomas, Christine. “Five Steps of the Risk Management Process.” 360factors,
Every day, whether as an individual or a large organization, people are forced to deal with risks. Risks come in many different forms, but the solution to managing those risks may vary depending on the situation. Fortunately, there are tools that risk managers at all levels can use to help them simplify their processes, convey their goals to others, and create an environment that contributes to a safer project or organization. One of these tools is the risk management checklist.
Purpose & Example:
The purpose of a risk management checklist is to ensure that activities in your project are being accomplished and that risks are being reduced while doing so. Additionally, it allows for tracking risks across an organization and enables non-risk managers to easily evaluate what risks may exist in their organization or project. Below is a risk management checklist provided by the United States Center for Disease Control and Prevention (CDC) and modified by RoC Consult ApS. This checklist can be used for a variety of applications, including large projects and reducing risk within your organization:
Best Practices to Continuously Improve:
A risk management checklist, like the one shown above, can be beneficial for any large project or organization. However, these checklists must be continuously updated and improved. Checklists like these are of no help if they’re discarded in a desk drawer or buried among hundreds of files on someone’s computer. To help you or your organization best use these checklists, some of the CDC’s best practices are provided below:
The risk management checklist is only one of many tools used to manage risk within your organization or on a large project. We encourage you to use the provided checklist or create your own to best suit your risk management objectives. We also stress the importance of keeping your checklist up-to-date and improving it as you learn more about your risks. There is no simple “one-size-fits-all” approach to risk management. However, we hope this tool can be a resource for you or your organization.
“CDC Unified Process Checklist.” Center for Disease Control and Prevention, 11 November 2006, https://www2a.cdc.gov/cdcup/library/checklists/CDC_UP_Risk_Management _checklist.pdf
Risk is everywhere. From the moment you get in your car to go to work until the moment you swallow your last midnight snack before bed, you encounter different risks of different severities. It is also becoming increasingly obvious that both the number and severity of emergencies and disasters people face every year are drastically increasing with climate change, overpopulation, and pollution. Climate change expert and Vox journalist Umair Irfan writes that the number of disasters has increased by 5 times in the last 50 years. Furthermore, USA Facts shares that “The number of natural disasters that cost over a billion dollars has increased over the last forty years, rising from an average of three per year in the 1980s to 13 per year during the 2010s”.
This increase in disasters causes an increase in available information regarding disaster trends and social habits that can be used to improve emergency management policy, but it can also cause disaster desensitization. When people hear about disasters so frequently, especially when they occur with relatively little time in between, the events lose their excitement, shock, and horror. This can consequently lead to less personal preparedness, as people cannot afford to anticipate every possible hazard or live in a constant state of fear and readiness. Many people accept certain levels of risk in their lives to be effective and efficient members of society, but it is essential to find a balance between accepting some inevitable risks while still having a personal plan in case a hazard is encountered.
So what can you, as an individual without formal emergency management training do to reduce risk and assess the vulnerabilities in your own life? The first thing to do is make a list of all the possible or likely hazards you could face in your day-to-day activities, including car accidents, sickness, weather events, or serious injuries. Then create the possible outcomes and results of those hazards, always thinking worst-case scenario. For example, say a large flood hits your town. Should you evacuate? What items will you bring from your house? Where can you go? What if you lose WIFI or cell reception? Do you have backup food and water? What if someone is injured? Are you near a hospital or do you have emergency medical supplies? These are just a few small examples of things to think about, but there are hundreds of other hazards and actions to think about well in advance of the disaster.
It can be overwhelming to know what to do and expensive to take actions like buying a backup generator or retrofitting your home, but luckily, risk management experts from all over the world have provided many different lists and steps to take to move toward being more prepared.
This is not a comprehensive list, but one that has some helpful ideas about where to start on your personal preparedness journey.
Being personally prepared is bigger than just you and your family. Your actions have impacts on your entire community, and this is especially obvious financially. Picture this: You fail to retrofit your home, and a massive flood destroys it. Because, in your confidence or lack of preparedness, you did not purchase flood insurance, you are unable to afford to rebuild. You either must take out loans from the bank or government, or you must move altogether, leaving your town to have to foot the bill on the reparations. Now imagine if many people within the same community are in a similar situation, but the town is unable to afford the reparations of all these homes. It is not ideal to leave the damaged homes as they are, because that would be visually polluting, unsafe, and reduce the number of citizens (and therefore taxpayers) who can live there. It becomes a huge, expensive task, all because people failed to be personally prepared.
Life is risky, and the number of risks is only increasing as society develops. However, do not allow the increase in disasters to desensitize you to the importance of vigilance, preparedness, and planning. You want to ensure that you, your family, and your community are resilient and safe when disasters strike, and you can only do that by understanding the possible vulnerabilities you face and taking preemptive measures to reduce their impacts. Preparedness starts with you!
Within the field of Risk Management, there are various ways of identifying risks. Depending on the way in which you wish to realize these risks, there are certain risk classification systems to choose from. One of these is the FIRM scorecard, which at some points serves the same purpose as the Business Impact Model. Both of these aim at identifying risks, whereas FIRM also takes notice of risks outside of the organization. Additionally, the FIRM scorecard also puts more focus on the causality between the organizations planning/business model, its stakeholders and the organizations position in the market.
Let us dive into the core of the model and see how it help us asses certain risks. For a better understanding of the model, this figure will be a good starting point for illustrating the many factors that come into play:
To better comprehend the figure, let us look at it starting from the top. So first of all, we have the mission objective. The Mission Objective of an organization is its designated mission, a mission that is influenced by a line of factors, such as:
Significant risks: Which risks have meaning for us and are relevant?
Key dependencies: Functions within and outside of the organization that can cause a disruption for our operations. This is where the organizations robustness (capacity) and resilience (restoring activities) come into play.
Core processes: The primary activities which helps the organization realize its goals.
Planning: Planning which is conducted on a strategic level, and choice of business model.
To understand what is meant by planning on a ‘strategic’ level, we need to differentiate between the strategical, tactical and operational level.
On the strategical level we have the board of the company, those who decide the company’s policies and decide the long-term strategy for the organization. On this level, planning is usually based on what will happen for the next 12-18 months. This is just a ballpark figure, as some projects may take years before they become operative.
Next, we have the tactical level, which consists of middle-upper management. Management on this level will usually be the mediator between the strategic personnel and the operatives. This is also why they are the ‘first line of defense’, since they are the ones on-site with enough authority and day-to-day presence. Planning on the tactical level will usually be based on a time period between 6-12 months.
On the operational level is where all of the practical activities take place. This is where we have our costumer care, cleaning personnel, security, and so forth. They are the ones making sure that our operations run as they should, and the planning for this level is usually revolved around 1-2 weeks.
Lastly, we have the compliance level, and this one is a little outside the hierarchy. An organization’s compliance revolves around all of the legal criteria for an organization. This includes everything from the organization’s responsibility for the staff’s safety, environmental laws, anti-corruption, etc. It will usually be lawyers whom makes it clear for the board what activities are or aren’t legal, and later have HR implement relevant activities that ensures that there is compliance across the organization. Complying with the law is an absolute must, for if caught, the organization will lose their ‘license to operate’ and therefore cease operations.
By using the terms above, we can get better insight into how these affect the FIRM scorecard The acronyms cover the following:
Financial: Risks that can impact the way in which money is managed and whether profitability is achieved. In order to reduce risks within this department a risk manager can perform certain to reduce fraud, actions such as: reducing the motive for fraud, minimize the opportunity to steal, improve detection of fraud and record keeping and increase level of supervision.
Infrastructure: Risks within the infrastructure are elements that can affect and/or cause disruption within our core processes and efficiency. For this department of the organization, a BIA analysis would be an optimal tool. Depending on the nature of the organization, the hazardous risks can vary but will usually include things such as: Electrical & fire safety, dangerous machinery, radiation and so forth.
Reputation: How does the public, stakeholders and competition view us? Depending on which sector the organization finds itself it, the reputation may be more critical than others. Public organization are for example reliant on their reputation, since their operations are funded by the taxpayer, and therefore has a responsibility to withhold a standard of professionalism, integrity and transparency.
Even for private organizations, a bad reputation can lead to boycotts and ultimately a decline in profits. It is therefore important for an organization to protect their brands, and make sure to have appropriate franchisee behavior, whilst avoiding counterfeiting and fake goods.
Market: The market is a force that cannot be tamed. The outside world can influence the organization’s business potential, both quantity and opportunity wise. The constant evolution of digitization changes the terms on which business is conducted, and how products are shaped, delivered and reviewed. Organizations are always challenged by different forces from the external environment, such as the buyers, suppliers, competitors and even the replacement of an identical, yet better product.
Lastly we have the 4P’s. These are factors that can bring potential disruption and harm to our operations. They are defined as:
People: Lack of skills, unexpected absence of key personnel, ill-health accident or injury to people.
Premises: Theft or loss of physical assets, property damage and contamination on premises.
Processes: IT-failures, inadequate management of information, disruption by hackers/viruses.
Products: Poor product/service quality, delivery of defective goods or components, disruption caused by failure of supplier, failure of outsourced services and facilities.
When cooperating across sections there may arise a line of potential problems, mainly in regards to the communicative aspect. These problems arise as a result of the clashing of different expertise, authorities and cultural differences. In relation to this a professor within the field of management by the name of Jody H. Gittel has come up with her theory of relational coordination. This theory is mainly focused on the public sector, it is however still applicable for international private organizations. By using this theory as a tool, this theory can help analyse the interpersonal processes, which could potentially be barriers for optimal efficiency. This theory has furthermore been the foundation for multiple Danish consultants, whom have come with their own additions to this theory. Consultants such as Carsten Hornstrup claim that the definition of a good relationship is subjective, and a certain relationship can therefore be seen in two completely opposite ways. A relevant factor in this is the individuals authoritative position within the hierarchy of the organization, whereas leaders will often have a more positive outlook on the relation.
Jody H. Gittel has put up a negative and positive spiral with the purpose of illustrating what indicates a positive and negative relationship. The reason it is illustrated as a spiral is that, a relation is heavily built upon the communication and likewise. There is therefore no real ‘starting point’ and one should try to improve one of the following aspects, in order to breakthrough the next until it comes into full circle.
The theory of relational coordination is based on two different dimensions: Relations and communication. The quality of these aspects are defined as such:
Mutual goals: Same interpretation of the mission objective within an organization, where a task is solved based on a set of common, clarified goals. This is also synonymous with the organization’s vision, so it is crucial that everyone is on the same page regarding the overall goal.
Mutual knowledge: To which degree are the different groups familiar with each others professional field and competences? This is not only about perfoming one another’s list of duties, but also knowing and understanding them.
Mutual respect: Whether the different groups feel acknowledged for their contribution to solving the common task. This is where the higher placed personnel may show a lack of respect other groups, which ultimately affects the common engagement in a negative way
Frequent and timely: This indicator revolves around whether communication is timed correctly, often and interpreted in a meaningful way. The overall coordination suffers if the communication is too frequent, too rare or timed incorrectly.
Precise and problemsolving: Is the communication constructive, practical and relevant? The task needs to be presented in a comprehensive way for the receiver, and needs to address the actual issue at hand.