South African Safety Professionals will soon need to brush up on their Risk Management Skills as the landscape of the profession is most likely changing in 2019.
As the starting point of any safety intervention, the identification and classification of Hazards, has for many years been inadequately covered in the training modules available under the National Qualifications Framework. The predominant focus of a typical “HIRA” course is not on the “HI”, but on the “RA” (Risk assessment) and an array of “formulas” have been developed, mostly copied from the insurance industry, to perform anything from a basic to very advanced calculations to determine the risk posed by a particular hazard.
Sadly though, most risk assessments never went further than a list of risks and their related values, neatly packed in a spreadsheet and labelled to match the description on the tick sheet used to evaluate compliance.
This practice will need to change in the near future and a more in-depth approach needs to be adopted.
It is our prediction that the new format of risk assessment will comprise of three elements.
The Risk assessment
In order to be more than just a tick in a box, but serve as a management tool, a decently prepared risk assessment must at least cover the following:
- a complete hazard identification covering every possible hazard within a specific process or system
- identification of all persons, including the public, incidental persons and contractors, who may be affected by the hazard, thereby creating a complete exposure profile for a group of employees working in the same process or system under the same conditions, and
- A study of how each hazard will effect a particular person or group of persons
This is followed by an analysis and evaluation of the risks using an acceptable and understandable mathematical system to assign a risk rating and thereafter sorting the list of risks from high to low or prioritisation of these risks.
Following these steps above will result in a comprehensive risk assessment specific to the site or place where employees work during their employment.
But having a risk assessment done is only the starting point of the process of Risk Management.
Risk Management Plan
Information is of no value if it is not used for a benefit. And employers need to benefit from the risk assessment by creating an Action Plan to address each risk identified during the assessment process.
The Action plan must start at the highest risk and work down to the lowest risk, each time addressing the risks using a any combination available within the standard Hierarchy of Hazard Controls. It is not effective to use CATNAP (Cheapest Available Technique; Narrowly Avoiding Prosecution) for a high risk system or process. A top-down approach must be taken. If you have a noise problem, issuing ear plugs is a bottom-up approach. Removing the source of the noise is a top-down approach. Obviously there are constraints in the application of a specific control to a system, but the best solution must be considered first.
The Action plan will then give rise to the development of a Management System.
The Health & Safety Management System
As a co-ordinated, comprehensive set of interrelated or interacting elements to establish occupational health and safety policy and objectives, management must use the risk management plan as the foundation for the assignment of responsibility for the management of each system or process. With this responsibility comes the issue of competence as well as the need for checks and balances to ensure the job gets done.
The latest H&S Management system framework is ISO 45001, which is believed to replace OHSAS 18000. However, both these standards will remain valid for a considerable number of years because of its non-descriptive or “open” design.
It offers a good framework for the development of a H&S Management system, at allows a company to determine its own scope of application.
It is however only in cases of Certification, that the standard prescribes a set of rules to demonstrate compliance. While most people believe ISO systems are expensive, they ignore its value as a management guide to best practice. Certification is optional, and is only punted as compulsory by those who stand to gain financially from the ignorant.
The HOW of Risk Assessment and Management
Ideally speaking, OHS Risk Management should not be a stand-alone, but be part of the overall Enterprize Risk Management(ERM) process of your business. The International Standard for ERM is set out in ISO 31 000. This standard offers guidelines and is not intended for Certification like ISO 45001 above. (Offering ISO 31 000 certification and auditing is a false statement.)
Applying the ISO 31 000 format to OHS Risk management, will ensure the process follows the same set of rules as the rest of your business’ ERM Process and not deviate from understandable and standard norms and concepts.
In order to perform a risk assessment and its subsequent processes, it is imperative that it is started from the correct launch pad.
The three pillars of ISO 31 000 are:
- Risk Architecture
- Risk Strategy
- Risk Protocols
The standard describes each of the above and it is clear that the elements of legal compliance is harnassed within these pillars.
- Risk architecture specifies the roles, responsibilities, communication and OHS risk reporting structure.
- Risk strategy, appetite, attitudes and philosophy are defined in the OHS Risk Management Policy.
- Risk protocols are presented in the form of the risk guidelines for the organisation and include the rules and procedures, as well as specifying the OHS risk management methodologies, tools and techniques that should be used.
The end result is a comprehensive Risk Management Process for OHS in full compliance with legal, financial and social responsibility of your business.