12 August 2007
Lucie Ponting

Risk assessment is at the heart of the UK's health and safety management system. From the general requirement under Section 19 of the Health and Safety at Work Act, through most of the major regulations which have come since, the duty to evaluate the risks associated with work activities has run like letters through rock.

But there are signs that the real need to carry out such assessments may be stopping some people with health and safety responsibilities seeing the wood for the trees. 

Senior figures at the HSE have sounded cautionary notes recently about over-
reliance on creating documentation. In his speech to this year's IOSH (Institution of Occupational Safety and Health) conference, HSE chief executive Geoffrey Podger said inspectors sometimes found over-long assessments locked away in drawers, hidden from the frontline staff who could best use them (see View from the top). As the executive's deputy chief executive Jonathan Rees puts it: "We want to see assessments that are fit for purpose, not War and Peace."

As part of its sensible risk management campaign, the HSE revamped its Five Steps to Risk Assessment guide last year (the new version is available at www.hse.gov.uk/pubns/indg163.pdf); and in May this year it chose the misconception that assessments must be long and complex as the latest "myth of the month" to rebut on its website.

"Five Steps was one of our most popular publications," says Rees, "but it was a bit complicated for SMEs, so we tried to demystify it and make it simpler." The main aim was to improve understanding and make it clear that it is "a means to an end, not an end in itself".

Baby and bathwater

But despite recognising the flaws in current practice, some safety experts are worried that the effect of simplification may be to gloss over concepts such as probability, proportionality, prioritisation and justification, and notions of trivial, tolerable and intolerable risk - all of which are critical in effective risk-based decision-making.

"Our anxiety," says RoSPA occupational safety adviser Roger Bibbings, "is that in the need to head off the Daily Mail, these concepts are being abandoned because they are seen as too 'techy' for people to understand."
The law requires all employers to make a suitable and sufficient assessment of the risks to employees and others. But it doesn't prescribe the best way of doing so.

"Obviously, risk assessment comes in many forms," says Steve Walter, health and safety adviser at the manufacturers' organisation EEF. It can range from a simple step-by-step overview of operations to identify the main likely risks in a small firm to full-blown quantitative risk assessment (QRA) for very complicated process operations.

"But the main thing to remember," he says, "is that it's also about risk management. You've got to identify controls to minimise risk and put these in place. People often forget that; they get caught up in the quantification of risk - getting the numbers out - but forget what they're doing it for."

Take five

The HSE touts its five-step approach "as "the most straightforward" method for most organisations (see box above). But it also makes it clear that it is "not the only acceptable way", emphasising that there are "other methods that work well, in particular for more complex risks and circumstances".

Where most alternative methods differ is at step three - evaluating the risks and deciding on precautions. At this point, the HSE suggests "comparing control measures with good practice to assess whether more needs to be done".

But another common approach, exemplified in British Standard BS 8800, is to work out the risk level by categorising the likelihood and potential severity of harm, and then plot these against each other in a risk matrix (see table one). Based on the risk level, the user can then prioritise which risks to tackle first and decide on appropriate action to eliminate or reduce the likelihood of harm (see table two).

Starter for 10

For Bibbings, BS 8800 provides a "more coherent approach" and "conceptually, a better layout of advice" than the HSE's five steps, which he describes more as a "starter for 10". It is "all right as what you might call a work area walk-through approach" he says, but "probably not much use apart from in a single-person workshop".

A key weakness lies in its failure to deal with the concepts of generic, specific and dynamic risk, which provide consistency, keep the risk assessment alive and make it more specific to conditions. It also fails properly to tackle prioritisation of effort and the concept of "proportionality of response", he argues.

Jonathan Rees points out that the five steps standard is really aimed primarily at smaller enterprises and general managers: "The examples we're using are workplaces such as offices and small warehouses."

But he acknowledges that medium to larger businesses and higher-hazard
industries want more technical advice.

The HSE tailors its advice to different audiences, he says. "It's all about getting the balance right. We have to accept that hazard and risk mean something to the experts, but the man on the street doesn't necessarily
understand the difference. That's what we're trying to get across." 

Most people need the concepts explained in layperson's language, he adds, admitting, "We may have been too technical in the past."

Paper trap

A common risk assessment pitfall is to focus too much on "going through the motions" to meet legal obligations, rather than on using it as a means of structuring ways of choosing risk controls. Bibbings is particularly concerned that too much current assessment amounts to little more than hazard identification followed by off-the-shelf risk control solutions.

In practice, he says, very little real assessment or judgement goes on; it is more a question of matching a known control to an identified hazard, which can easily result in over or under-hitting.  

Another easy mistake to make is to over-emphasise the worst case scenario, with no balance of estimated probability. Sometimes this is because people cannot distinguish between "worst possible" and "worst credible" and therefore tend to over-egg the consequence side and push up the risk ranking. This leads them to bring in over-the-top controls or ban activities altogether. The problem is often compounded by fears about liability should the worst case occur.

In spite of the HSE's efforts, many people still fail to appreciate the difference between hazard (the potential for harm) and risk (the likelihood of that harm occurring).

A clear grasp of these terms is crucial. Yet, says Bibbings, too often people talkabout slipping being a hazard when the hazard is actually an obstruction or contamination on the floor.

Another area in which he believes current guidance falls down is addressing risk/cost optimisation, and the need to decide the point at which further safety effort and expense is no longer justified because a point of clearly diminishing returns has been reached.
Gathering dust

"Filing cabinet syndrome" is one of the worst traps people fall into with risk assessments.

"There is a duty to record the significant findings; something has to be written down," says Steve Walter. But he says people can take an overly mechanistic approach, where form filling and ticking boxes become divorced from the work activity. Instead of prompting risk control, assessments become something left in a file on the shelf to gather dust.

Walter also warns employers against over-complicating assessments. For most simple hazards, risk assessment is a straightforward process based on common sense and requiring no specialist skills.

At the other extreme, major hazards, such as those associated with complex chemical or nuclear plants, may warrant more complex techniques such as QRA, where experts can assign value to risk with an educated degree of accuracy.

Unfortunately, the quantitative approach is frequently over-used for straightforward risks.

"If you are dealing with complex risks and many uncertainties, that's where a quantitative approach tends to add value," says Bibbings. "But quantification is an aid to judgement and no more."

Often, people try to use QRA when they do not need it, producing "spurious quantification" that has little or no connection to reality. Whoever puts the numbers in has to be aware of how to do it and what they mean, and have a clear idea of the main objectives.

Literacy lesson

A key thing to remember about risk assessment is that in its simplest form, it is something people do every day, all the time; it is not something separate and threatening.

Worker involvement is crucial. Jonathan Rees says there is lots of evidence that consulting employees and talking about the risks leads to fewer accidents. "People feel a sense of ownership if they had some say in the precautions taken," he says. But he emphasises: "Make it about talking about the risks, what they do, what they experience, what they worry about; rather than about filling in a form."

Bibbings is convinced that the best way to improve risk assessment practice is through better education. A lot of current training, he says, is undermined by over-emphasis on written records for tracking and audit, rather than on making judgements and taking decisions.

"We need more risk literacy," he says, "to get away from that tickbox ritualistic idea of risk assessment."

Categories:
Chemicals, Construction, Public services, Retail and distribution, Risk assessment, Risk assessment, Transport, Utilities, Article, Financial / general services, Manufacturing / engineering