• Craig Macdonald
    4
    I have recently worked with a large international company on how they assess risk and together we have developed a risk management framework that works very well.

    Common problems highlighted in the initial review were:
    1. There was a wide range of interpretations on how to assess risk through the company
    2. The risk framework was designed with a business focused, and was not necessarily suited for health, safety and wellbeing
    3. The risk matrix was too limited, and the definitions/actions were standard (possibly copied from another one), and had not been thought through. E.g., a Lost Time Injury of one day pushed the risk level to Very High.
    4. Corporate Head Office did not follow through on extreme risk items (e.g., stop process)

    The review process included:
    1. Setting-up a working group of 4 people
    2. Reading at length the 'Risk Management Guidelines ISO31000:2018(E)', the Handbook - 'Managing Health and Safety Risk SA/SNZ HB 205:2017', and the document 'How to manage work health and safety risks: Code of Practice' Safe Work Australia May 2018
    3. Researching the value and construction of risk matrices
    4. Moving from a standard 2 dimensional risk 4 x 4 matrix to a 3 dimensional 6 x 6 x 6 Matrix (we added frequency)
    5. Debating at length the context, and definitions of the risk matrix and the outcomes
    6. Trialing the new process across the group with great success - taking on board any room for improvement. For this part, we made sure we have people from the factory floor in the trial - they have tp understand it.
    7. Getting the Executive Management Team to sign off on their role/responsibility when a risk is considered High/Very High.

    Key elements to the new process are:
    1. Involve the right people in the risk assessment
    2. Inherent risk is not evaluated (it has been removed) as this is to confusing. You have a hazard, associated risks, and current controls. You then evaluate your current level of risk.
    3. Focused on reducing risk SFAIRP, not ALARP.
    4. Not including the level of risk if controls were in place - this provides a false sense of security with no action having been completed
    5. Review the risk level once an improvement has been made.

    The key thing to remember is that the process is not perfect, and will not give you an answer that takes away a level of debate, thinking, input, collective knowledge etc.

    Where Risk Assessment processes fall down is the organisation has not followed a robust process that is unique for them, and they tend to adopt a standard off the shelf solution.
  • Steve H
    308
    4. Moving from a standard 2 dimensional risk 4 x 4 matrix to a 3 dimensional 6 x 6 x 6 Matrix (we added frequency)
    5. Debating at length the context, and definitions of the risk matrix and the outcomes
    6. Trialing the new process across the group with great success - taking on board any room for improvement. For this part, we made sure we have people from the factory floor in the trial - they have tp understand it.
    7. Getting the Executive Management Team to sign off on their role/responsibility when a risk is considered High/Very High.
    Craig Macdonald

    Liking all these in particular Craig, especially the last one, takes away the "I didn't know' excuse.
  • Aaron Marshall
    117
    For me the consequence of an activity is not if it will happen, but when it will happen. And the consequences I worry about are death (HSWA S25) or a notifiable injury or illness (HSWA S23). So for me, I look at the activity, identify the hazard(s), determine the consequence(s) and work through the hierarchy of controls.KeithH

    And there I think you're missing the point of risk management.

    What if an accident may have a low injury, but result in millions of dollars of damage (think Skycity fire)? Risk management is where all of these factors (financial loss, reputation loss, regulatory implications, etc) should come together. Everyone here is working in a very silo'd manner, without looking at the wider implications.

    I don't consider the likelihood. Progress down the HoC automatically takes care of that. Once the controls for each level have been identified, it's up to the officers and workers of the PCBU to choose and find their own balance. There's only so much money in the kitty and so much time to get the job done.KeithH

    HoC work through the likelihood first (isolation), then the consequences (minimisation), so you must be looking at likelihood, even if not acknowledging it.

    I'm interested in how you would look at the risk associated with aircraft flying through uncontrolled airspace. Consequences are a death, but likelihood is extremely low.
  • Craig Macdonald
    4
    Some good points. You also need to consider:
    1. Is the outcome realistic and credible? Anything can kill us
    2. Focus on the event occurring, not the outcome (i.e., what has to happen before the final outcome? What is the event (risk) that will cause the plane to crash? One of the standards has a great example where before you can get HIV from a needle stick injury (commonly used consequence), you have to a). find a needle, b). be stuck by a needle, c) the needle has to have HIV on it. If you already have great controls in place, there is not a large number of needles found, there is not a significant problem with HIV in the community, the level of risk is extremely low.
  • Chayne Zinsli
    7
    Dr Sharon O'Neil and Karen Wolf's report for Safe Work Australia (Measuring and Reporting on Work Health and Safety. ISBN 978-1-76028-909-6
    https://www.safeworkaustralia.gov.au/system/files/documents/1802/measuring-and-reporting-on-work-health-and-safety.pdf) offers an alternative approach to the traditional risk matrix.

    Rod Farrar Blog (Paladin Risk Management - https://paladinrisk.com.au/do-we-need-a-risk-matrix/) also offers a alternative to the traditional risk matrix.
  • Kip Mandeno
    31
    We can talk to the cows come home on risk matrices versions and theories but at the shop floor if you don't have one in your paperwork the clients will pop a vein becasue it appears that you have done something wrong, illegal or some other very bad thing. We were forced several years ago add one in ours to appease clients and prequalifications companies. Unfortunately the risk matrix has grown to mythic preportions where alternatives or better options are not acceptable. Perhaps we could have an industry wide matrix burning party one day?
  • MattD2
    337
    We can talk to the cows come home on risk matrices versions and theories but at the shop floor if you don't have one in your paperwork the clients will pop a vein becasue it appears that you have done something wrong, illegal or some other very bad thing. We were forced several years ago add one in ours to appease clients and prequalifications companies.Kip Mandeno
    And did adding that risk matrix to your paperwork (I am guessing it was some sort of pre-task anlysis like a JSA) result in;
    • Safer work,
    • Annoyed workers,
    • Both,
    • Neither.

    Unfortunately the risk matrix has grown to mythic preportions where alternatives or better options are not acceptable. Perhaps we could have an industry wide matrix burning party one day?Kip Mandeno
    Waiting for my invite in the mail... although I do have to reiterate my position that I think risk matrix (in some form) have a purpose when comparing options relative to each other, but definitely not at the "coal-face" for discussing the absolute danger the workforce is about to face.
  • Kip Mandeno
    31
    I think our staff noticed it one day in passing and wondering what it was and probably concluded it was to add colour and cheerfulness to the forms. :smile: . The truth is they appreciated it to avoid conflict with the client so it didn't improve safety but it did improve customer relationships so i guess maybe there is a benefit to the matrix. I do agree that they are useful for guiding a "risk" conversation, I have used them to discuss risk opinions with the team.
  • Aaron Marshall
    117
    I've had our regulator tell one of my clients that they didn't need to have the matrix, so they definitely aren't compulsory. But the same client also said that they wanted to keep them because it enabled him to justify whether he called a risk high, medium or low, and allowed him to have that open discussion with clients.
12Next
bold
italic
underline
strike
code
quote
ulist
image
url
mention
reveal
youtube
tweet
Add a Comment

Welcome to the Safeguard forum!

If you are interested in workplace health & safety in New Zealand, then this is the discussion forum for you.