Risk assessment: where people miss the mark
For the last 40 years, the approach to health and safety has been based on the concept of assessing risks. For very good reasons, the methodology is not prescriptive, but this has meant that quite often there are gaps in what people do.
The biggest mistake I often see is that people don’t understand the real reason for carrying out risk assessments. In my opinion, the prime purpose is to identify gaps in control measures and the outcome of such identification is the compilation of an action plan to address these gaps. The item that is quite often missing is this action plan.
People will also often record a control measure that nominally addresses the risk, but then fail to realise that such a control measure may need other actions to keep it working.
For example, guards interlocked to the control system may be provided so that the machine is forced into a safer mode when the guard is open. It may be prevented from running, be only able to be jogged or whatever.
However, if there is no inbuilt crosschecking of the interlock, unless it is periodically checked, you have no assurance that it will force the safe mode when required, and therefore the risk creeps upwards. Your action plan needs the scheduled check of interlocks.
Then there are other actions which may be necessary because a high-level action is not practical. For example, it is impossible to guard a forklift truck, but you can have systems of work that exclude people from the area in which they operate, restrict the driving to trained drivers, etc.
Therefore, I’d expect the risk assessment to include:
- Risks and the controls already in place;
- Any actions to keep these controls in place;
- Actions required to establish new controls; and
- Actions to minimise a residual risk.
Rather than leaving these in individual risk assessments, I always transpose these into an action plan, so you can have a single document to which you refer.
Which brings me onto the scoring of risks. There are many ways you can score risks, but whichever method you use you need to transfer the scoring to the action plan so that the actions are arranged in descending order of risk.
Don’t confuse being busy with being effective; you need to tackle the big issues first rather than those which are easy to do. Again, this is something I quite often see missing.
The penultimate activity I see missing is that of verifying that any control measure that you’ve put in place actually works and does not introduce other risks. For example, near where I live a chicane has been introduced to reduce speeds, but the chicane has been positioned on the approach to a roundabout.
So, vehicles are forced onto the right hand side of the road so that they meet traffic exiting the roundabout. So the likelihood of a crash has increased, but it would be at a slower speed. In my opinion, the new control measure has still increased the risk.
Most people are aware of the continuous improvement Plan-Do-Check-Act cycle. This verification is the ‘check’ part of the cycle following the ‘plan’ and ‘do’ parts of risk assessment and the introduction of control measures. And if it doesn’t work, then that’s where the ‘act’ part comes in.
Finally, you need to update risk assessments with your new control measures and their impact. Risk assessment isn’t something that is done once and then forgotten, it is part of your on-going safety management programme.