In my first article we recognised that health and safety management will always require a balance between behaviours and systems, which may be formal (documented) or informal. In addition, regardless of the size of your organisation, a systematic approach is needed and we looked at the ‘Plan’ element of the ‘Plan, Do, Check, Act’ (PDCA) cycle. In particular I shared some of the best approaches I have seen for identifying risks, setting objectives and ensuring resources are in place.
I have been fortunate enough to have spent the last 19 years helping a broad range of organisations across the globe improve their health and safety management and in this, the second of three articles, I’d like to share some best practices in relation to management system implementation. In particular I’m going to look at competency, stakeholder involvement and operational control.
The reviews of most major accidents in the recent past have all flagged that a lack of competence contributed to the incidents. Many organisations make the mistake of equating training with competency however competence is a combination of knowledge, skills and experience and requires a willingness and reliability that work activities will be undertaken in accordance with agreed standards, rules and procedures.
The best organisations develop a competency management system or CMS providing arrangements to control, in a logical and integrated manner, a cycle of activities within the organisation that will assure, and develop, competent performance. The aim is to ensure that individuals are clear about the performance that is expected of them, that they have received appropriate training, development and assessment, and that they maintain, or develop, their competence over time. So what does this look like in practice? The following are key features of a world-class CMS:
It is also important to make sure that those undertaking the competence assessments are themselves competent (typically through including the assessor role in the CMS itself) and that substandard performance, where identified during assessments, is managed effectively. Effective processes must also be in place to ensure operators are physically and mentally fit for the tasks they perform through linking the CMS to the occupational health programme.
There have been clear legal duties in the UK to consult and involve employees on health and safety matters for some time. The Approved Code of Practice, HSG 263 ‘Involving your workforce in H&S’, confirms that accident rates are lower where employees genuinely feel they do have a say in health and safety matters than in workplaces where employees do not get involved. However, the focus of legislation is around consultation with employees rather than the wider concept of ‘stakeholders’.
A stakeholder is not just someone with a financial interest in an organisation, a stakeholder is anyone with an interest in a business. Stakeholders are individuals, groups or organisations that are affected by the activity of the business. The most mature organisations recognise this and seek to engage a range of interested parties in H&S management to gather their views and incorporate them in management systems where possible.
The first step is not only to identify your stakeholders (e.g. employees, contractors, neighbours, agency employees, suppliers, customers etc.) but also to assess what aspects of health and safety will be most relevant to them e.g. agency employees may be concerned over whether they receive equivalent occupational health support to full time staff and suppliers may want to interact with you regarding legislation such as REACH. A mapping exercise involving a cross-section of staff can be useful to complete this process.
Once this is done it is important to have a structured communication process defined and implemented. For internal stakeholders (primarily employees but also possibly contractors and agency staff) a clear, tiered meeting structure typically works well:
An issue I addressed in my first article was the frequent triumph of quantity over quality when it comes to risk assessments. Unfortunately many organisations make a similar mistake when it comes to defining procedures, or operational controls. BS OHSAS 18001:2007 states that operational controls should be implemented ‘where the implementation of controls is necessary to manage the risks’ and only documented ‘to cover situations where their absence could lead to deviation from the policy and objectives’. In other words, procedures need to be in place for a specific purpose and only written down where necessary.
Rather than create significant numbers of procedures to address a perceived need therefore, a question the best organisations ask themselves is ‘what procedures do I really need and why’? Good practice would be to determine which situations require someone to follow a specific set of tasks, in a particular order, to ensure safety or to achieve a particular quality of outcome. Example of this would be a permit to work procedure or the isolation of energy sources to a machine.
A documented procedure that simply states what a competent person already does, for example the provision of first aid, is unlikely to be necessary.
One tool which I have come across in a number of organisations, as an alternative to a large suite of procedures, is an operational control plan. For specific, repeated tasks it can clearly and simply map out, on a spreadsheet or similar planning tool, what is required by whom and when, what standards must be met and where the results should be recorded.
For larger organisations involving a wide-range of operating locations clear, goal-based company-level standards which set a standard of practice to achieve but leave individual sites the flexibility to design and implement their own procedures is a common and often effective approach.
Finally, the procedures I have seen which are the most effective at communicating requirements to staff are those which make good use of flowcharts, photographs and pictograms rather than words. This can also have a benefit in the increasingly common situation where staff use a range of languages to communicate.
In the next article I will cover the ‘Check/Act’ stages of the PDCA approach and specifically cover assurance processes, auditing and management review.
James Clayton is a Director of Clayton EHS Services and has 19 years experience assisting organisations develop and maintain effective environmental, health and safety management and assurance systems and secure performance improvement. He is a chartered member of IOSH and a chartered environmentalist. He can be contacted at [email protected].
In the company I am working now, one of the largest oil company in the world, where safety first is really been practiced. And the SMS manual is the most important document that they let us read