Maximising the value from H&S management systems
In the first of three articles looking at how to get the most out of health and safety management systems based on the ‘plan, do, check, act’ cycle, James Clayton, Director of Clayton EHS Services, examines the planning stage and looks at how a structured approach to safety can help companies of all sizes better manage risk.
It is widely acknowledged that effective health and safety (H&S) management requires a systematic approach. Guidance on the key elements of an effective H&S management system and how to structure them is widely available from a number of sources including the Health and Safety Executive (HSE), professional institutions and trade associations. But what does a good system look and feel like, and how do you ensure you get the most value from what you are doing? I have spent most of the last 19 years helping a broad range of organisations across the globe improve their H&S management and in this series of 3 articles I will describe some of the best approaches I have seen.
A sound H&S management approach requires a balance between systems, which may be formal (documented) or informal, and behaviours should also be integrated with other business management processes, rather than as a stand-alone system. Depending on the nature of your organisation a formal H&S management system may, or may not be appropriate but all approaches should follow the ‘Plan, Do, Check, Act’ (PDCA) cycle. The PDCA approach is enshrined in most popular H&S management system standards and frameworks including the HSE guidance document HSG 65 and BS OHSAS 18001, which will be replaced by ISO 45001 later in 2016. So first let’s look at planning.
Planning requires you to establish the objectives and processes necessary to deliver results in accordance with your H&S policy. In particular, you need to identify risks, set objectives and ensure the necessary resources are in place.
Risk assessment must add value. You’d be amazed (or perhaps you wouldn’t!) how many organisations I have worked with that spend huge amounts of time producing hundreds of risk assessments that make virtually no difference to their management of H&S. They are doing them, perhaps to show that they have met the relevant legal requirements, but they are not using them as an opportunity to ask ‘are we managing risk the best we can?’ and there is no clear strategy.
I would recommend using a structured, tiered, approach that is appropriate to the size and scale or your organisation and integrates with other business risk management processes such as quality, environmental or supply chain. A three tier approach (typically aligned with conventional, rather than process H&S management) is one of the best I’ve seen:
- Tier 1; senior management discuss and generate a list of key risk topics, specific to the organisation, which could lead to fatality, serious injury or other issues such as business interruption or reputational impact (e.g. fire, legionella etc). These should be put in a broad order of significance (but don’t obsess over this).
- Tier 2; based on this list people with relevant specialist knowledge perform a suite of more detailed topic-based assessments, prioritising those which are considered the most significant. The purpose of this stage is to give a thorough understanding of key areas of risk, current controls and additional controls (particularly engineering controls) that may be needed.
- Tier 3; line-management or supervisory staff complete area or task-based risk assessments using a simple, clear format (see below). An example would be a warehouse manager completing an area risk assessment for the warehouse whilst a supervisor completes a task-based assessment of forklift truck operation. A key purpose of this stage is to identify requirements for organisational-based controls (e.g. training, procedures etc).
Some key benefits to the above approach are:
- A ‘holistic’ view of risk management which facilitates application of the ‘hierarchy of risk control’ at levels within the organisation where this can be applied.
- Senior management engagement and ‘buy-in’; risk management typically needs resources and the more those that control those resources understand the risks the organisation faces, the more likely they are to provide them.
- Leadership at all levels are involved.
- Information on risks flows ‘up and down’ through the organisation with each tier receiving information from, and providing information to, the one above.
Other features of the best risk management processes include:
- A steering group which oversees the risk identification process; this could simply be the H&S committee in a small organisation or a more formal risk committee, embracing a wider range of business risk issues, in a larger organisation.
- Use of a simple, clear format for recording area and task-based risk assessments; those produced by the HSE are all you need.
- A formal approach (possibly integrated with the steering group) ensuring the timely closure of risk-reduction actions; various database tools are available which can automatically track closure progress, send reminders and escalate issues where due-dates are passed and these can be very effective.
Clear and relevant objectives are critical to driving performance improvement. Many organisations still confuse objectives with performance indicators, or ‘KPIs’. In relation to H&S this most commonly occurs with measures of accident rates. The best organisations gather and analyse accident data as a KPI but don’t set objectives relating to it. Setting a goal relating to accident rates can send the wrong message to staff implying that ‘it’s OK if we have 2 major accidents this year’ and I have spoken to many managers worried that staff aren’t reporting accidents, especially if financial incentives are linked to accident rates. That said, every organisation should have an overall goal of zero accidents or illness and the objectives that are set should be aiming towards this.
Some features of the best approaches to setting objectives are:
- Clear links with risk identification processes (e.g. the Tier 1 and 2 processes described above).
- Involvement of staff at all levels, especially senior management, and ensuring the benefits of achieving the stated objective are clearly understood.
- Appointment of accountable managers for each objective.
- Having a clear programme. Don’t just define what you want to achieve (e.g. increased near miss reporting) but identify the necessary steps in the process with responsibilities defined for each one.
- Defining (and agreeing) timescales for achieving each objective and step; this makes it much easier to hold people accountable.
- Embedding objectives in personal goals for all staff which promotes ownership and accountability.
BS OHSAS 18001 states that management should ensure the availability of resources including human resources, specialised skills, organisational infrastructure, technology and financial resources.
A good approach to human resources and specialised skills that I identified in a UK food and drink manufacturer involved defining a ‘responsible person’s (or duty holder’s) matrix’. This was essentially a spreadsheet in which the organisation had identified its relevant risk topics (which could tie-in with the Tier 1 risk assessment stage identified above) and against each had nominated a responsible person and deputy responsible person.
In addition, against each topic the relevant competency requirements were defined and a colour coding system was used to indicate whether the responsible and deputy responsible persons had achieved the required competencies or if they were ‘under supervision’. This particular organisation also required each responsible person to sign-off on a formal appointment letter for each topic; this had the advantage of making it very clear what the organisation expected of their staff and gave them the opportunity to raise any concerns.
The best organisations I have worked with make it very clear to all their staff that H&S is not the responsibility of the H&S ‘Manager’. All staff share the responsibility for H&S management in relation to themselves and those they work with (but clearly this varies depending on their position). They ensure all staff understand that the H&S ‘Manager’ is there to advise, train, coach, provide technical expertise and implement H&S management and assurance processes.
In the next article I will cover the ‘Do’ stage of the PDCA approach and specifically cover competency, stakeholder involvement and operational control.
James Clayton is a Director of Clayton EHS Services and has 19 years’ experience assisting organisations develop and maintain effective environmental, health and safety management and assurance systems and secure performance improvement. He is a chartered member of IOSH and a chartered environmentalist. He can be contacted at [email protected]
SHP’s latest legislation eBook covers recognition of mental health issues in the workplace, the reclassification of mild welding fume as a human carcinogen, new manslaughter definitive guidelines, PPE, Brexit, drone safety regulations and much more…
- Recognition of Mental Health Issues in the Workplace
- Reclassification of Mild Welding Fume as a Human Carcinogen
- Sentencing Council Published New Manslaughter Definitive Guidelines
- Larger firms face biggest fine increases: Sentencing Council impact assessment shows
- Bouncy Castles and Other Play Inflatables: Safety Advice
- Revision of Standards for Powered Doors, Gates and Barriers
- Modern Slavery Act Review
- Drone Safety Regulations
- Health and Safety (Amendment) (EU Exit) Regulations 2018
- Ionising Radiation
- Safety, Health and Welfare at Work (Diving) Regulations 2018 (Ireland)
- Environment and Energy
- and much more…