Author Bio ▼

Phil completed an apprenticeship with an engineering company, gained a Production Engineering degree and subsequently became a Chartered Engineer.  After a career mainly with Moog Controls and Cosworth, Phil joined CRA in Melbourne where he immediately started work on the safety of molten aluminium in addition to his main management role.  After a period concentrating on health & safety and environmental management, including molten aluminium operations in Australia, New Zealand and the USA, he returned to the UK in 1996 and formed Strategic Safety Systems Ltd. (SSS) Phil is a Chartered Health and Safety Practitioner.  He has carried out health and safety support work for over 400 companies.  In addition to this, he has provided certification support for many companies, with certification gained to ISO 9001, ISO 14001, OHSAS 18001 and FSC/FEPC. Phil was a contributor to the second edition of the Printers Guide to Health and Safety (available from HSE Books)   In addition to certification support, SSS also provides health & safety and environmental services and computerised systems to manage these and other areas.

February 2, 2015

Get the SHP newsletter

Daily health and safety news, job alerts and resources

Risk assessment: where people miss the mark

For the last 40 years, the approach to health and safety has been based on the concept of assessing risks. For very good reasons, the methodology is not prescriptive, but this has meant that quite often there are gaps in what people do.

The biggest mistake I often see is that people don’t understand the real reason for carrying out risk assessments. In my opinion, the prime purpose is to identify gaps in control measures and the outcome of such identification is the compilation of an action plan to address these gaps. The item that is quite often missing is this action plan.

People will also often record a control measure that nominally addresses the risk, but then fail to realise that such a control measure may need other actions to keep it working.

For example, guards interlocked to the control system may be provided so that the machine is forced into a safer mode when the guard is open. It may be prevented from running, be only able to be jogged or whatever.

However, if there is no inbuilt crosschecking of the interlock, unless it is periodically checked, you have no assurance that it will force the safe mode when required, and therefore the risk creeps upwards. Your action plan needs the scheduled check of interlocks.

Then there are other actions which may be necessary because a high-level action is not practical. For example, it is impossible to guard a forklift truck, but you can have systems of work that exclude people from the area in which they operate, restrict the driving to trained drivers, etc.

Therefore, I’d expect the risk assessment to include:

  1. Risks and the controls already in place;
  2. Any actions to keep these controls in place;
  3. Actions required to establish new controls; and
  4. Actions to minimise a residual risk.

Rather than leaving these in individual risk assessments, I always transpose these into an action plan, so you can have a single document to which you refer.

Which brings me onto the scoring of risks. There are many ways you can score risks, but whichever method you use you need to transfer the scoring to the action plan so that the actions are arranged in descending order of risk.

Don’t confuse being busy with being effective; you need to tackle the big issues first rather than those which are easy to do. Again, this is something I quite often see missing.

The penultimate activity I see missing is that of verifying that any control measure that you’ve put in place actually works and does not introduce other risks. For example, near where I live a chicane has been introduced to reduce speeds, but the chicane has been positioned on the approach to a roundabout.

So, vehicles are forced onto the right hand side of the road so that they meet traffic exiting the roundabout. So the likelihood of a crash has increased, but it would be at a slower speed. In my opinion, the new control measure has still increased the risk.

Most people are aware of the continuous improvement Plan-Do-Check-Act cycle. This verification is the ‘check’ part of the cycle following the ‘plan’ and ‘do’ parts of risk assessment and the introduction of control measures. And if it doesn’t work, then that’s where the ‘act’ part comes in.

Finally, you need to update risk assessments with your new control measures and their impact. Risk assessment isn’t something that is done once and then forgotten, it is part of your on-going safety management programme.

Related Topics

7 Comment threads
1 Thread replies
Most reacted comment
Hottest comment thread
8 Comment authors
John battyeMalcolmPeter ForsterRobin GatenbyRobam Recent comment authors
newest oldest most voted
Notify of

Interesting enough perspective on risk assessment but does not address or cover human error which is in the title of blog?

Mark Rowland
Mark Rowland

Point taken. We’ve altered the headline.

Keith waterhoude
Keith waterhoude

Simply stating stsndard risk assessment practice


Very nice article, I have learnt new things that I did not know regarding risk assessment action plans and monitoring

Robin Gatenby
Robin Gatenby

Thanks Phil, an interesting article, highlighting some of the things that I have also found “missing” in the risk assessment process of various organisations!

Peter Forster
Peter Forster

A good article that I would have liked to have seen go further. The issues missing from most risk assessments is the knowledge of the principles of prevention and an understanding of Reg 4. Assessors add controls to the risk assessment and then believes the controls actually lower the ‘Consequence Level’, not taking into account machanical or human failings. Therefore, you touch a 415V cable, it is death, add controls, and it lowers the consequence level, so all you need is a plaster on your finger. Clearly, this is only possible if the hazard is eliminated or subsituted for something… Read more »


In the article Philip mentions scoring of risk however scoring is left out of the HSE examples. I would be interested to see copies of templates used as the above article suggests a different approach to HSE.

John battye
John battye

An excellent & professionally rewarding article

Fortunately I work in an office (low risk environment). hence we push to make risk assessment as simple as possible, otherwise they would be filed with every other piece of paper and duly forgotten

So its back to the standard “5 Steps” for me.