Posted By Diane Thomason Next question! this has got me thinking about risk assessment methods in general, more specifically the best way to do the "evaluating" and "recording" bits. Does anyone here use the method in "Risk assessment - a practical guide" by Brian M. Kazer, published as a supplement to SHP in May 1993? Specifically do you use the pro-forma provided in this article? Would be very interested to hear from those who use it and like it, or those who tried it and abandoned it for whatever reason.

Posted By Philip McAleenan Dear all, If in the use of these “evaluation” systems the probability of an event occurring is extremely low, e.g. 1:20,000,000 , how do you know when the next occurrence will be? Philip

Posted By Raymond Rapp Taking up Phillip's point about probability, I have similar concerns and not being an expert in maths find the whole process somewhat hit and miss. Just because an event may have a probability ratio of 1:20,000,000 does not in itself give a reliable indicator when that event will actually happen. I generally take the view, if it can happen, it will happen. That does not mean I take a risk aversion approach. Indeed, I accept that most tasks have a 'built in risk' and it is my job to reduce that risk to ALARP. A similar problem is when attaching a severity rating. For example, the risk of an electric shock, which can result in anything from a minor burn to death and is dependant on a number of variables. It is I suggest, an inherent weakness in the RA process, and another reason why I dislike the reliance on RAs for evaluating risks. Regards Ray

Posted By Adrian Watson Dear All, Once again I stand on my soapbox! The problem is not risk assessments but the way they are used; if there is an obvious danger, control it and manage the risks! Where, the risks are not obvious, identify the hazards, assess the risks and then manage the risks in an appropriate manner. HSE seems to have forgotten or never learnt this simple concept. Risk assessment is a tool to be used in the control of risks; Not every tool is needed for every job! I feel that many of the problems with risk assessments are due to the definitions of hazard and risk that are widely used. A hazard is not something with the potential to cause harm, as everything has the potential to cause harm! Therefore, if everything is a hazard - why do risk assessments? In reality a hazard is not “something”, but an event or condition with the potential to cause a specified harm; whether that harm is a fire, explosion, poisoning, etc. This means that in considering whether the “something” is a hazard, we have to consider the “something” in the context of a specific time and place. We are not therefore looking at an abstract set of conditions, but a defined set of conditions. As we are looking at specified conditions, we can evaluate the risk, by assessing the likelihood or calculating the probability of the consequences flowing from the event. Note I stated, consequences not consequence, as in reality there is never one consequence but a series of consequences that flows from the event. This means that if we were to be pedants we should really draw a risk curve, so we choose the most likely consequences and the severest consequences. In practice all we need to do is pick these two points and then evaluate whether the risks are either acceptable or tolerable. If they are not we eliminate or control them. Preferably we carry out a gap analysis between what controls should be taken and what controls are being taken. If we can close the risk gap, we should. Where we cannot close the risk gap, we should justify why we cannot! Many of the problems in risk assessment are in the simple facts that: Accidents are rare events; The adverse conditions that cause or contribute to illness are not readily perceptible by a layman. As accidents are rare events we must use industry and national statistics for our information and as the adverse conditions that cause or contribute to illness are not readily perceptible by a layman we must use appropriate specialists to evaluate these conditions. We must also educate managers, to prevent an inverse gamblers fallacy that because something has not happened, it will not happen. Furthermore, rather than wait for perfect knowledge we should use our best judgement and utilise rough and ready approximations rather than get bogged down in detail. However, enforcers should avoid the post hoc fallacy that because harm has occurred, it was likely to occur! Therefore, the risk assessment must have been inadequate. This presumption inculcates the idea that we must do all inclusive risk assessments to protect ourselves and our employers, thus defeating the ideas of risk assessments. Furthermore, in assessing risks we should separate out probability and consequences. A high probability of getting a minor injury does not equate to a low risk of death. Risk is not the sum of likelihood multiplied by severity but a function of likelihood and severity. Regards Adrian Watson PS. HSE new guidance gets 6/10 – the old guidance was 3/10.

Posted By DYNAMO Adrian Watson puts it better than I can….but I like spouting off so here goes. I was going to start a thread when I came back off my hols entitled but it seems the HSE beat me to it. I have a real problem with quantified evaluation of risk in a context or circumstance where it is not required and I feel that my position is justified on a scientific basis. Leave it in engineering and reliability studies where folks have tables of data telling them with statiscal significance how a captor/rotor/valve/shaft will behave at a certain temp/pressure/radiation level. Why? Well few of us ever have all the data to be that precise in our normal risk assessing activities therefore we are guessing. Nothing wrong with best guessing but having been trained in scientific rigor regards the use of data and the conclusions you can then draw from that data, I feel really uneasy about putting a number against a guess and then even worse multiplying two guesses to produce a totally vague guess product. What a load of wooly nonsense. Unfortuneately not everyone sees it as nonsense and don’t get that it is a parlour trick all this pseudo scientific severity x probability x phases of the moon palaver. Do we need to risk rank? Yes we might at times but do we seriously require a matrix to do that. In My early days I have fell foul of the risk talent show where the risk you thought was the most important gets 5X5 only to be trumped by a new and more excruciatingly terminal horror around the next corner “Oh this must be a 5X5 with an extra skull and crossbones then”. So I do not use it anymore. Yet managers in my new organization cling to it like a security blanket because they bought into the scientology and assuredness of giving the risk a number. They also spent a lot of their precious time deciding was it a 3 or a 4 when what mattered most was to fix the problem. “ Big hole in floor…is it a 3 or a 4… must look up my hole log tables….under 1 metre risk of death equals 2 ah there you go I’m happy now…AARRRGhhhhhhhh…….” And this is where the real nasty heart of the problem is for me. The focus is on the evaluation and not the risk. The mental block generated in some staff could only have been worse if Risk Assessment had been called “great big complicated mathematical problem that you plebs who didn’t even get CSE maths won’t have a chance at, nuh-nuh nah nuh-nuh.” Learn direct has a whole legion of Risk Asseessment gremlins ready to strike for these folks who are horrified by the process. Whereas those of us in the know are aware that the important bit is to make necessary improvements not justify inaction through computation. Kind regards Jeff

Posted By Is Kismet I'm not disputing anything in the last three contributions other than that a matrix helps to provide a common standard. Risk assessment frightens a lot of people, and if a methodology can be provided which is easily understood (if you like, the term simple can be used), which people from all backgrounds can relate to, and which helps to provide a common standard across a large organisation, then surely we all win. The deeper we go into the theory of risk assessment, the more chance we have of losing our audience. My point John, about the IOSH method, is that by using zero as a multiplier, the system becomes counter intuitive.

Posted By DYNAMO Nigel Fair enoughski. Some workplaces do not have a problem others do. For those that do I do not think that evaluation is the critical part of risk assessment, action is. Therefore they should not get ate up by this aspect. The danger is the medium to low risks generated by matrices giving a false sense of security. Case in point. Loose nosing on a stair tread in a remote part of the facility posing a trip hazard. Nosings can get loose on these metal stairs due to them having poor fixings. Severity from a trip high, death from a trip possible due to the fall height and remoteness and outside location. Likelihood very low due to the area needing to be visited only once a year, therefore overall risk falls in the low category so not really worth checking out or putting on a maintenance schedule. Those areas that are used more frequently say once a week have a risk rating of say severity again by liklihood giving 15. So plan is fix those stairs in the frequently used areas with locking nuts on the nosing fixings but the risk assessment says we don't have to do anything in the rarely used areas. Balderdash-JUST FIX ALL THE BLOOMIN STAIRS. I doubt any of us would make such decisions butI have seen risk matrices used in conjunction with fuzzy logic as an excuse not to do more by managers. "I did my risk assessment and it says were safe cos we're a 3, so there." Human error does not seem to factor much in lay person's risk assessments. What is the likelihood of the operator hating your guts enough/getting divorced/sleep deprived due to two jobs to not replace the guard/use the safety system/not check for oxygen depletion. UHH dunno so we won't consider it in our handy numbers game of 3's and 4's and crisp outcomes. I realise this position is not universal. As risk assessment was just a move of British Diplomacy, a holding move to keep so far as is reasonably practicable in our legislation and retain the flexibility SFAIRP gives, can any of us say it really has done anything for the improvement of workplace standards as it didn't really change the law. Kind regards Jeff

Posted By DYNAMO Nigel mate if 3x3 works for you great, stick with it. I am only whinging about my bad experiences with risk matrices. My honest preference though is the binary 1x1 RA matrix where you either do something or do nothing, far easier. I do not want to go into the incident details but on a recent risk assessment training session I realised what a terrible job I was doing as a trainer. This was refresher training but I was the new guy. A 5X5 matrix was the organisations favoured format over the past few years and I didn't feel like rocking the boat at that stage. We went into a sports hall to do a practical risk assessment. A mechanism on a device was shown to me. This mechanism had severed the tip of a person's finger off in the past. Because they had put their finger into an aperture as someone else closed the device a bit like a cigar chopper shearing action. The question then after telling me this was " What is the liklihood of this happening again?". My response was " How the heck do I know. Fix it, fix it now, what does it matter what the liklihood is when you can block the bloomin hole without effecting the operation of the device." "Ahh but we are replacing this in a month's time, should we still fix it. What's the likelihood of it happening in the next 4 weeks, low or remote?" Dumbfounded reply " Are you mad. It'll cost less than a tenner, fix it now" Deep sadness ensued as I realised that the message was not being picked up. Everybody was fixated in getting the maths problem right not improving the workplace/fixing the problem. So I officially hate risk matrices. Sorry but I'm jaded. Kind regards Jeff

Posted By Is Kismet And lets take all the thresholds out of door frames, it will only cost a tenner each, and somebody could kill themselves if we don't........ Come on guys, get real and start looking at the significant risks. If you waste your time on trivia nobody will ever listen to us.

Posted By Nigel Hammond It's good to talk......... about risk assessment. Even if we can't agree method, risk assessment has become the basic tool for H&S so it's important that it works for us. Jeff, those people who didn't want to spend £10 based on the risk rating and the fact it was due for replacement sound very jobs-worth! I've always found that when ever there is a pending move or equipment replacement, people say it's not worth doing anything about it because "we're moving soon". Very frustrating. Badger, you make a good point about when people got into H&S. I was an occupational hygienist in the 80's and moved into main-stream H&S in the mid-90's so Reg 3 was the norm for me. We'll probably never know if the good old days of the 80's were better for managing H&S because society has moved on and I suspect most UK employees are more H&S aware now. Also, as someone pointed out earlier, we've lost most of our heavy industries now - where the focus was probably more on prescriptive rules about guarding and safety cut out devices - which made risk assessment seem a bit irrelevant.

Posted By the badger We have probably said all that there is to say on this subject, but never mind that, let's keep going. Only another 40 posts until we have scored a century! (Has any thread reached a century yet?) Has Regulation 3 helped or hindered health and safety management over the past 13 years? Based on my own observations I feel that we have advanced considerably in the standards of health and safety achieved in most workplaces since 1993. (The RIDDOR statistics are not a useful measure here because of the decline in heavy industry which has changed the occupational health and safety risk profile of the UK.) But I feel we have achieved this despite Regulation 3 and without it we could have done even better. If we had said explicitly that employers should carry out (as RJ says) "a systematic general examination of the effect of the employer's undertaking, work activities and the condition of the premises’ and then do what is necessary "to ensure, so far as is reasonably practicable, the safety, health and welfare at work of all his employees" it would have been much clearer to everyone what was required and we would, I feel, have made ever greater progress. But then the concept of reasonable practicability is not recognised by our European partners, so we had to have something more complicated (and something which most employers did not really understand) instead. Is there any way back? Probably not. Keep posting! 100 not out by the weekend.

Posted By Stupendous Man Ray makes a very important comment in his posting - the original purpose of a risk assessment was to assess significant risk. Unfortunately, the legal system does not support this approach - a requirement to assess significant risk implies that there must be some process for determining whether a risk is significant or not. As such, there must be a record of insignificant risks, together with the reasons for why you believe they are not significant. The result is that you have to assess a risk before you can determine whether it is significant or not!! Add to this the basis on which some people are willing to make employers and public liability claims, together with the 'guilty until proven innocent' basis of alleged health and safety breaches then you are bound to create a massive volume of paperwork. As a point in kind, I am currently dealing with a claim for a member of staff who placed his fingers in the hinged side of a door frame rebate - and feels that we are at fault when the door closed, leading to a partial amputation of one of his digits. Result = a claim that we must defend, prove whether trapping fingers was a significant risk or not, and if significant, how we controlled the risk to an acceptable level. Irrespective of what happens with risk assessment, the evidential requirements of the legal system will still mean that we end up doing exactly the same as before.

Posted By Malcolm Fryer I am a ‘late arrival’ to this thread and hope that it has not died out. It is not possible for me to directly contact Diane Thomason who contributed towards the end of this thread. I found the contribution from Diane and the reply from R Joe to be particularly relevant. I would start by stating my strong support for the “sensible” approach and I am encouraged that at last it has been applied to risk assessment. There is though a big BUT in my mind though as an advisor to managers as to how this approach would prove a suitable defence against an HSE prosecution. I could clog up the thread by posting a large swathe of text from the Management Regs and the associated ACOP but will settle for e-mailing any interested parties with an analysis. Bearing in mind the status of ACOPS granted under S 17 of HASWA and their use in criminal proceedings then the ACOP text should be of great concern. If we go back to basics: RISK ASSESSMENT(r3): (b) the risks to the health and safety of persons not in his employment arising out of or in connection with the conduct by him of his undertaking, 'for the purpose of identifying the measures he needs to take to comply with the requirements and prohibitions imposed upon him by or under the relevant statutory provisions' I see a significant dilemma here for the safety professional advising management especially having studied the ACOP text and past successful enforcement actions. Basically I doubt that in many cases that the “sensible” approach will be judged as being suitable and sufficient. If Diane and others reading this thread are minded to approach the HSE to obtain further clarification on this key issue I would be interested in being involved. Malcolm

Posted By PRH Malcom, please e-mail with your analysis. I do not have much time right now but would be interested to carry on the discussion. I agree that the HSE initiative is the right one when viewed as a means to make sure that simple risk assessment processess are understood and used more effectively. you raise some interesting points Hope to hear from you soon Peter