Implementation: Maximising the value from health and safety management systems
In my first article we recognised that health and safety management will always require a balance between behaviours and systems, which may be formal (documented) or informal. In addition, regardless of the size of your organisation, a systematic approach is needed and we looked at the ‘Plan’ element of the ‘Plan, Do, Check, Act’ (PDCA) cycle. In particular I shared some of the best approaches I have seen for identifying risks, setting objectives and ensuring resources are in place.
I have been fortunate enough to have spent the last 19 years helping a broad range of organisations across the globe improve their health and safety management and in this, the second of three articles, I’d like to share some best practices in relation to management system implementation. In particular I’m going to look at competency, stakeholder involvement and operational control.
The reviews of most major accidents in the recent past have all flagged that a lack of competence contributed to the incidents. Many organisations make the mistake of equating training with competency however competence is a combination of knowledge, skills and experience and requires a willingness and reliability that work activities will be undertaken in accordance with agreed standards, rules and procedures.
The best organisations develop a competency management system or CMS providing arrangements to control, in a logical and integrated manner, a cycle of activities within the organisation that will assure, and develop, competent performance. The aim is to ensure that individuals are clear about the performance that is expected of them, that they have received appropriate training, development and assessment, and that they maintain, or develop, their competence over time. So what does this look like in practice? The following are key features of a world-class CMS:
- Where appropriate, work procedures contain the safety critical tasks identified in risk assessments (this is further considered in Operational Control below)
- Job descriptions are documented for the relevant operators involved in the tasks which include roles and responsibilities and competency requirements
- Effective processes are in place for the recruitment and selection of relevant operators (e.g. checking of qualifications and experience)
- Competency requirements (qualifications, training and experience) are defined for the relevant tasks and link to the risk assessments and procedures
- The effectiveness of training delivery is periodically evaluated, not just using the typical ‘smiley-face sheets’ but a thorough review, gathering feedback from trainees, as to whether the course achieved its goals
- Training materials are periodically updated taking into account new developments or information (e.g. arising from incident findings or near miss data)
- An effective process is in place to verify and sign-off on operator competency (e.g. involving observation and questioning)
- Operators involved in the tasks have their competence re-assessed periodically (e.g. via planned task observation or a similar process using direct reference to the specific procedure)
It is also important to make sure that those undertaking the competence assessments are themselves competent (typically through including the assessor role in the CMS itself) and that substandard performance, where identified during assessments, is managed effectively. Effective processes must also be in place to ensure operators are physically and mentally fit for the tasks they perform through linking the CMS to the occupational health programme.
There have been clear legal duties in the UK to consult and involve employees on health and safety matters for some time. The Approved Code of Practice, HSG 263 ‘Involving your workforce in H&S’, confirms that accident rates are lower where employees genuinely feel they do have a say in health and safety matters than in workplaces where employees do not get involved. However, the focus of legislation is around consultation with employees rather than the wider concept of ‘stakeholders’.
A stakeholder is not just someone with a financial interest in an organisation, a stakeholder is anyone with an interest in a business. Stakeholders are individuals, groups or organisations that are affected by the activity of the business. The most mature organisations recognise this and seek to engage a range of interested parties in H&S management to gather their views and incorporate them in management systems where possible.
The first step is not only to identify your stakeholders (e.g. employees, contractors, neighbours, agency employees, suppliers, customers etc.) but also to assess what aspects of health and safety will be most relevant to them e.g. agency employees may be concerned over whether they receive equivalent occupational health support to full time staff and suppliers may want to interact with you regarding legislation such as REACH. A mapping exercise involving a cross-section of staff can be useful to complete this process.
Once this is done it is important to have a structured communication process defined and implemented. For internal stakeholders (primarily employees but also possibly contractors and agency staff) a clear, tiered meeting structure typically works well:
- ‘Tier 1’ is at the ‘shop-floor’ level and involves regular, short meetings run by supervisory staff in which staff can raise concerns, but also more importantly make suggestions.
- Issues which cannot be resolved at the Tier 1 meetings cascade up to ‘Tier 2’ which are less frequent meetings involving appointed H&S representatives (of both employees but also other stakeholders including contractors) and ‘middle’ management. Depending on the size of the organisation there may be one or more of these across departments and a key focus will be on identifying improvement opportunities/projects and reflecting on incidents.
- The ‘Tier 3’ meeting typically involves senior management and the chairs of the Tier 2 meetings; its remit is more strategic in nature, setting and reviewing objectives and addressing budget issues.
An issue I addressed in my first article was the frequent triumph of quantity over quality when it comes to risk assessments. Unfortunately many organisations make a similar mistake when it comes to defining procedures, or operational controls. BS OHSAS 18001:2007 states that operational controls should be implemented ‘where the implementation of controls is necessary to manage the risks’ and only documented ‘to cover situations where their absence could lead to deviation from the policy and objectives’. In other words, procedures need to be in place for a specific purpose and only written down where necessary.
Rather than create significant numbers of procedures to address a perceived need therefore, a question the best organisations ask themselves is ‘what procedures do I really need and why’? Good practice would be to determine which situations require someone to follow a specific set of tasks, in a particular order, to ensure safety or to achieve a particular quality of outcome. Example of this would be a permit to work procedure or the isolation of energy sources to a machine.
A documented procedure that simply states what a competent person already does, for example the provision of first aid, is unlikely to be necessary.
One tool which I have come across in a number of organisations, as an alternative to a large suite of procedures, is an operational control plan. For specific, repeated tasks it can clearly and simply map out, on a spreadsheet or similar planning tool, what is required by whom and when, what standards must be met and where the results should be recorded.
For larger organisations involving a wide-range of operating locations clear, goal-based company-level standards which set a standard of practice to achieve but leave individual sites the flexibility to design and implement their own procedures is a common and often effective approach.
Finally, the procedures I have seen which are the most effective at communicating requirements to staff are those which make good use of flowcharts, photographs and pictograms rather than words. This can also have a benefit in the increasingly common situation where staff use a range of languages to communicate.
In the next article I will cover the ‘Check/Act’ stages of the PDCA approach and specifically cover assurance processes, auditing and management review.
James Clayton is a Director of Clayton EHS Services and has 19 years experience assisting organisations develop and maintain effective environmental, health and safety management and assurance systems and secure performance improvement. He is a chartered member of IOSH and a chartered environmentalist. He can be contacted at [email protected]