Book Review- Risk Management – Code of Practice

In 2000, I wrote an article for SHP on the ‘Turnbull’ Code, and a well-known risk manager wrote to say that it was “a good effort – for a commentator”! While it wasn’t much of a compliment, it was a useful reminder that while risk management might include health and safety, it also includes a lot more. Trillions of pounds spent on patching up an array of financial risk-management failings underline how crucially important effective risk management is to organisations and society in general, and that its remit goes way beyond safety. BSI’s Code of Practice aims to help “understanding, developing, implementing and maintaining proportionate and effective risk management”. This is to “enhance the organisation’s likelihood of achieving its objectives”. It offers more than 35 pages of useful sections on how to build and maintain a risk management system, laid out in the logical manner we have come to expect from BSI’s essentially management-systems advice. Each section contains a list of best-practice headings supported by bullet points, making this a very easy read for safety professionals and others.A very good reason to pay attention to this Code is that clients, regulators, and other stakeholders may want organisations to follow it. Regulatory and supply-chain pressure is likely to be crucial because risk-taking behaviour is often determined by senior management attitudes and culture. The Code says the responsibilities of top management should include “approving the risk-management policy and setting the ‘tone’ and ‘culture for managing risk and embedding risk management'”. This is credible, but while the Code is good at describing what good looks like, it does not suggest how to resolve problems of poor culture. It’s not just what BS 31100 says, it’s what top management does with it that counts.BS 31100 says a risk-management framework should include a risk-management oversight body that will “challenge risk-management issues and practices”. This function “may be performed by a risk committee, or a committee of the Board”, though the Code does not explore what happens if there is communication failure, or if a Board ignores compelling advice, or even “shoots the messenger”. Yet we should not expect too much from this document – while the Code offers a useful framework, by itself it is not designed to overturn management cultures.Having identified and even quantified risk, risk control should come into play. The Code says risk control may be implemented to:
- avoid risk;
- seek risk (take opportunity);
- modify risk;
- transfer risk; or
- retain risk.
However, the Code does not directly refer to what to do when risk (which might be a phenomenally big risk) is somehow disguised, or simply unknown.The direct relevance of BS 31100 to health and safety depends on what an organisation does. Since risk management aims to deal with issues that can substantially affect the organisation’s ability to operate, anyone running a high-hazard process, or producing products that might lead to significant legal action, are likely to benefit from the risk management framework put forward in BS 31100.Even so, this new Code of Practice provides a range of extremely helpful management advice on how to avoid getting things badly wrong, and how to reduce risk when exploiting opportunities. Who knows what problems BS 31100 might help avoid in future? The icing on the cake is that the Code is highly instructive to the non-risk manager.
Book Review- Risk Management – Code of Practice
Paul Reeve reviews the BSI's latest publication Risk Management
Safety & Health Practitioner
SHP - Health and Safety News, Legislation, PPE, CPD and Resources Related Topics
Approach with caution – choosing the right wellbeing practitioner
UK Government says Employee Rights Bill is ‘upgrade’ for workers’ rights
Wellbeing requires definition to help employers, report says