• Renier Barnard
  • 5 April 2012

Risky business

If a director within your organisation asked you (the health and safety professional) the question in a board meeting – ‘Are we safe?’ – what would your answer be?

Following the media circus surrounding David Cameron’s comments on what he labelled ‘the health and safety monster’, you would be forgiven for thinking that UK organisations have covered every base when it comes to risk, so much so that we no longer require legislation.

I was reading an article in this month’s Safety and Health Practitioner Magazine and the very last sentence, as well as the very appropriate title – ‘PM’s approach to health and safety not helpful, says Prof Lofstedt’ – caught my eye.

Professor Lofstedt said:

“We should have health and safety education in schools and universities. Risk communication is so important, even to young children.”

Yet even in vital positions within businesses and organisations there often seems to be a lack of full understanding of risk – what it is and how to deal with it.

The first thing that springs to my mind is the British and International Standard BS ISO 31000: 2009 – Risk Management Principles and Guidelines. Our PM and your Director surely should be aware of its existence, or so we think.

Another salient point to remember, and one that is often forgotten, is that health and safety is not the only risk that requires managing in organisations, private or public. As such, far more than health and safety risks are covered by ISO 31000. Being able to demonstrate that tax or environmental laws have been complied with, and that you understand the potential risk of getting those things wrong, is just as important as ensuring the safety and welfare of staff.

BS ISO 31000:2009 is aimed at those:

  • responsible for developing risk management policy;
  • accountable for ensuring risk is effectively managed;
  • who want to evaluate the effectiveness of how risk is managed; and
  • who develop standards, guides and procedures.

When you ask those individuals accountable or responsible for risk within your organisation, how many do you think would be aware of the requirements of this Standard? Yet those individuals are tasked with the responsibilities set out above!

For risk management to be effective at all levels of the organisation, you should comply with the 11 principles set out in clause 3 of the standard:

  • Risk management creates and protects value.
  • Risk management is an integral part of all organisational processes.
  • Risk management is part of decision making.
  • Risk management explicitly addresses uncertainty.
  • Risk management is systematic, structured and timely.
  • Risk management is based on the best available information.
  • Risk management is tailored.
  • Risk management takes human and cultural factors into account.
  • Risk management is transparent and inclusive.
  • Risk management is dynamic, iterative and responsive to change.
  • Risk management facilitates continual improvement of the organisation.

The time has come to ensure a consistent approach to common topics such as risk management, which is an integral part of all functions and levels within organisations. After all, if we all have a good foundation in the principles of risk management we could eradicate the perception of burden, and limit comments that do not add value or aid understanding.

Should this International Standard form part of the syllabus for the new occupational safety and health advisor / consultant requirements? Have you used or implemented these principles within your organisation, and has it helped change perceptions and behaviours towards the topic?

Risks are everywhere and in everything, and surely ignorance – especially from those at the top – is no longer an excuse.

We welcome your views.

For further information:

Risk Management. Principles and guidelines BS ISO 31000:2009

Risk management. Code of practice and guidance for the implementation of BS ISO 31000 

Risk Management. Risk Assessment Techniques BS EN 31010:2010