Risk Assessments are at their most basic level, ‘Plans to reduce risk’
And planning, in the analogy I’m drawing with Eisenhower’s quote, is the act of ‘risk assessing’ i.e. an active process (as opposed to being shown a risk assessment that you haven’t formulated yourself).
This is why I believe Eisenhower used this phrase – clearly on the battlefield there’s a need to respond quickly to events and re-set the plan i.e. do some reactive planning. If you were the one who set the original plan, this will be a quicker task than if it was given to you and you didn’t quite understand how it was supposed to work.
So substituting we have:
‘Risk Assessments are worthless, but risk assessing is everything’?
Certainly this is out-of-kilter with the belief of most business owners who want to show they’re compliant by having a big file of risk assessments (even if they’re out-of-date or unrealistic to implement).
But maybe there’s something in this – after all, if an employer has under 5 employees then they don’t have to have written risk assessments anyway, they can show they were ‘risk assessing’ verbally if they want to. Obviously, this was allowable to save small businesses extra bureaucracy, but if the actual document was the valuable ‘thing’ saving lives then all employers would have been made to have them in their possession.
I must admit, as a H&S Professional, one of the first things I ask a company (with 5 or more employees) is: ‘Can I see your risk assessments’…
BUT, in the absence of any being produced the task then moves on to seeing whether there has been a lack of ‘risk assessing’ which has led to the potential for exposure to risk,
OR, if there are written risk assessments then my task is normally to check whether those ‘plans’ are relevant to today’s risks…and often from my experience the thicker the risk assessment, the more likely they are to quickly lose relevance (as the old saying went it’s often a case of: ‘never mind the quality – feel the width!’)
Generic Risk Assessments
Sometimes the worst ‘offenders’ in terms of ineffective risk assessments are ‘Generic Risk Assessments’.
What are they? They’re Risk Assessments produced for a variety of different jobs – maybe those occurring over a period of time, or which have slight differences but have the same controls to minimize risk. Starting from scratch each time would be silly as you’ve done it all before and there’s no reason to keep ‘re-inventing the wheel’.
This seems reasonable, as long as each job is checked to make sure it’s similar enough for the Generic Risk Assessment still to apply.
However ‘Generic Risk Assessments’ can be problematic when they’re produced by managers for frontline workers maybe because ‘staff just don’t know what to write’, along the lines of ‘let’s give them an example and ask them to tailor it to suit the exact circumstances’.
Often, this doesn’t work because the risk assessments aren’t checked – maybe staff don’t feel confident enough, or they’re worried about being held liable, or maybe they just feel pressed for time, and sometimes they believe that if the document runs to several pages it must have some good in it.
Additionally, when staff are just presented with an already filled in form, they would then have to ‘get their heads around it’ and ‘buy into’ what’s written in order to put the risk-reducing controls into effect – not always as easy as the writer would have intended: I find that when I’m reading other people’s risk assessments – some are beautifully clear and understandable, but most tend to be illogical, frustrating and a real puzzle to work out.
So the problems are that although Generic Risk Assessments can be part of the organizations risk assessment system:
- They’re often not understood
- They’re seen as fixed and not tailored to suit the exact circumstance
- They can use different language and style to that commonly used by the reader
- If the matters above aren’t recognized this can lead to complacency by the ‘issuer’
Aiming for a Risk Assessing Culture
The answer to the above, of course, is that whoever needs to understand the risk reduction measures should be involved in the writing of them in the first place.
Whether businesses are happy to involve staff at all levels comes down their own culture, and this is usually something that has been built up over many years and involves many factors beyond just ‘health and safety’ ones.
However, assuming the business has a culture where everyone can get involved some training or coaching to be able to do some logical ‘risk assessing’ and then to record the results will be a real advantage.
Teach a person to do some written ‘risk assessing’ and they’ll:
- Know that it applies to them
- Be familiar with what’s written
- Support what they’ve helped to create and pass the message on
- More easily review it and tailor it further – which could be useful in any situation where changes happen quickly and the documents can never keep up
Of course, such training, in order to be relevant, has to be designed and refined: the ‘sheep-dip’ approach where everyone gets trained in ‘general risk assessment theory’ regardless of need and not in the context of the hazards faced in their particular workplace (or worse in the absence of any risk or the need to risk-assess) will just put people off.
To summarise in one sentence:
Focus on the ability of staff to get involved in risk assessing, rather than on the building up of large quantities of risk assessment paperwork.