Managing exposure to risk is a critical foundational component of an organisations safety maturity. We know that understanding risk exposure, both at an individual and organisational level, and determining how effectively you are controlling that risk, is fundamental in the prevention of harm. As Andrew Hopkins defines it in his book Safety, Risk and Culture “to be blind to risk means to be unaware of it. To deny risk implies some degree of awareness of risk, coupled with a rejection of its significance”. Both of these positions pose a significant threat, and are indicative of low-level safety maturity.
When we assess the risk exposure element, we look for the way in which leaders address injury causation. This includes the balance between the degree of focus on injury prevention versus reduction in exposure to risk, addressing both personal injury and catastrophic events.
There are seven sub-elements of ‘Exposure to Risk’ including; orientation to risk, individual contribution to exposure, catastrophic events, hazards and behaviours, critical risk rules, audits and inspections, and incident investigation. In this article we explore what best practice looks like, covering all seven sub-elements. We have also included some of the challenges organisations face when addressing ‘Exposure to Risk’.
1. Orientation to risk
‘Orientation to risk’, relates to the organisation recognising the systemic nature of exposure and appreciates the need to monitor both active failures and latent failures. Best practice is recognising that there are multiple influences on exposure, considering conditions, processes and behaviour and distinguishing between errors and violations when responding to incidents. Significant physical and behavioural risks across all job functions should be well known, documented, managed and regularly reported for variance in frequency or consequence. Recent experience has seen organisations limiting their thinking to operator error when it comes to incident/injury causation.
2. Individual contribution to exposure
Best practice can partially be achieved when everyone in the organisation understands their individual contribution to impacting exposure. During a visit to a workplace where lifesaving behaviours were introduced, the workers were challenged by the thought that they could influence other workers behaviours by having high quality safety conversations, and that their own behaviours and choices could impact exposure to risk. If everyone understood their personal impact on exposure to risk, employees in a variety of roles across the organisation would have an informed view of risk exposure and therefore be aware that a measured risk assessment is the right thing to do before undertaking a new behaviour. Excellence in this sub-element is truly achieved when everyone understands that their contribution to exposure goes beyond what might happen to them, and that what they do and say impacts the whole workforce.
3. Preventing catastrophic events
When working towards best practice, the potential for catastrophic events in an organisation must be recognised, and critical controls should be in place and understood at every level of the organisation. Bowtie analysis is undertaken at some organisations where there is potential for catastrophic events. The bowtie method is a risk assessment technique which is used to analyse and communicate the manner in which major accident scenarios develop. An organisation recently undertook a Bow Tie Risk Analysis for each of their Fatal Risk Standards. The aim was to identify a risk event related to a particular hazard. Once the risk event was determined, the analysis required the identification of all known threats that could cause the risk event. The final step in the process was to identify all known and suggested barriers (controls) that would prevent a particular threat from causing the risk event. This process involved workshops for each of the Fatal Risk Standards including a cross section of workers, subject matter experts, leaders and managers to ensure that all known barriers (controls) were recognised, implemented, effective and communicated to all levels of the organisation. Roles and responsibilities for the implementation of all critical risk controls must be well understood. An area of weakness in many organisations is not the identification and implementation of the controls, but the scheduling and practice of routine drills and reviews to ensure the effectiveness. For this reason, critical controls need to be reviewed regularly for currency and effectiveness.
4. Implementing critical risk rules
Critical Risk Rules are often introduced into organisations. Alternatively known as Life Saving Rules, F8tal Eight, Life Saving Behaviours or Golden Rules, these rules are implemented to emphasise and focus on controls which are critical for prevention of fatal injuries. The rules need to be clear and concise and followed consistently regardless of who is watching. An example of a lifesaving rule may be, ‘don’t walk under a suspended load’. The aim of this is to prevent workers from walking or standing under a load suspended from a crane. This rule can pose a significant challenge to workers and leaders where the culture has allowed many workers to either stand under a load or touch the load while it is suspended. To achieve in this area all workers and leaders, without exception, need to be willing and capable of having a safety conversation with anyone who is working in an at-risk manner, particularly when they are observed breaking a Critical Risk Rule.
5. Hazard reporting and review
Succeeding in this element requires a heavy focus on identifying and formally reporting on hazards proactively. A formal system of reporting may include the completion of a paper hazard report or a verbal report to a supervisor or leader. It is becoming more common to introduce an ‘app’ for workers with smart phones to take a photo, write a short description and upload the hazard immediately to a hazard register. The benefit of a digital system is that all hazards, no matter the level of risk, are recorded on the spot and can be reported visually until they are addressed.
6. Incident Investigations
Incident investigations should be comprehensive and always conducted by well-trained investigators. To achieve best practice, the investigations should consider multiple causes and include factors from the following areas: conditions, systems, behaviour and culture. Outcomes, with appropriate control strategies must be reported concisely and communicated widely. Investigations are often only conducted when there is an injury, they tend to be superficial and are often focussed on assigning blame. Organisations should focus on redesigning the work practice to reduce or eliminate exposure to risk.
7. Audits and inspections
A superior auditing and inspections program must be implemented in order for an organisation to be considered resilient in terms of exposure to risk. Audits and inspections should be planned, scheduled and both internally and externally sourced. The process must have effective oversight and ownership, with audits and inspections routinely conducted and with an emphasis on corrective actions measured and reported.
In summary, to work towards a resilient maturity level in the exposure to risk element, a laser light focus on all of the sub-elements is required. For more information please get in touch.
Comment