Warning: Long lecture ahead.
This is a tricky one, as there may also be an issue of ‘competency’ relating to safety practitioners too, so what I have to say may upset an applecart or two.
The HSE have repeatedly said for years that risk assessment is 1. simple and 2. needs no special training providing that it is done by those who know the work / process. This has tended to be summarised (by HSE) as ‘RA done by line managers’.
However (sorry Mr Gove!) they are also the first to stand on the steps of court houses and make damning comment about lack of, or inadequate, RAs.
So. What IS competence to assess risk?
What strategy or processes does the business of your friend have ALREADY for assessing and managing risk? What strategy or tactics would work – and maybe better that existing one(s).
I ask this because we – practitioners – are not, IMO, either well-trained or have a common view of this in the first place (refer to various threads in this and LinkedIn H&S groups) so how can we judge?
There is no commercial training available to my knowledge which provides useful RA competency – the IOSH Managing Safely course is appalling, and the methodology used is likely to conflict with the in-house approach at least to some degree.
The method taught by IOSH (and possibly NEBOSH although I only judge this on how recent students have approached RA) is also a world away from what the HSE say. As someone has asked on this forum recently – who says which is correct? (Personally I veer towards the HSE as they are the enforcer, although I can see why some may disagree).
So in terms of getting managers / supervisors ABLE to assess risk, it will have to be done in-house. First point.
Before this can be done, strategy and methodology need to be agreed and adopted. There are far too many risk assessment record forms around,(operational) and far too few plans on where these are going to take us (strategic & tactical).
This is why I would start with the safety practitioner. Waving the ‘scary stick’ at executives clearly didn’t work (doesn’t usually) so influencing style may need help. The skills and style to implement the following may not come naturally either, and I doubt ‘safety school’ included much.
A large organisation with just 1 SP as described means they HAVE to be strategic.
If the SP was to carefully analyse the situation (industry, sector, size, risk profile, or general culture – these are all relevant) and think how ‘it’ (RA) would look when it was ‘finished’, then work backwards to set out all the steps and stages required, this would produce a plan.
(Lets hope that doesn’t look like 000’s of RA forms all filed on a central database . . .)
Call this a strategy, plan whatever, and set out the framework to get there (who, when, how, (training?) and what methods (forms) are indicated – personal preference of the SP no doubt) and present this to the board. The ‘who does what’ part should include that the board will have an overseeing role, so how will the SP help with this? What information will the SP be able to / want to collate and how will this look to the board? A question I have been asked is “have we done all our risk assessments?”, although nonsense in many ways, gives an insight into boardroom expectations. Better to have a plan and measure against that.
If you are already controlling risk to any degree (usually the case) it is a wearisome process to “assess” as if you were just starting out, using a tedious form. Instead take the current RCMs and analyse those – with the SP – to ask “is this enough?” and “can or should we do more?” This is where I might start in an organisation today still struggling with RA (It is over 20 years ago since this was ‘sprung’ on a waiting world – we need to move with the times!). From the information given on the organisation in the question, I would focus on ‘occupations’ as a way of grouping for assessment purposes. That’s all I’ll say on that for now!
The aim is for the SP to set up the big picture and the method, and then arrange for that to be embedded across managers. This may be via workshops (please don’t call it RA training) or even SP / manager coaching sessions. Start with the easiest and work on successes. Avoid trying to train managers in “RA”. Encourage them to make safety observations and decisions around their own operational area. Make it real, try to make it ‘different’. See if you can even not even mention the “RA” word very much – sneaky nudges. A prize if you can avoid the word ‘hazard’ too!
Maybe now you see why I started with the SP competency question.
This is a great opportunity to show mettle.
Lecture over.