Posted By fawzy ahmad farrag Hi Hilal, To estimate the risk level we take the existing safety measures into consideration.In my opinion the positive measures will be taken. But I do not take PPE as an existing measures when estimating the risk level because they are considered negative protective devices as the source of risk is still existed. Fawzy

Posted By Hilal KINLI Hi Fawzy, Thank you for your e-mail Sorry, but I couldn't understand what you mean by positive and negative safety measures. Could you please make an explanation or give some examples for those positive and negative safety measures Thanks. Hilal

Posted By Hilal KINLI Dear Chris and Fawzy, I agree both of you. Yes, I know very well that first step in the risk control hierarcy is removing the hazard that causes the risk. Last step is PPE. But my spesific question was; when rating the risks and finding the importance level of the risks, do we need to consider existing risk control measures? If we need to consider, why? If we do not need to consider, why? My opinion was; we do not need to consider existing risk control measures. Because, existing risk control measures can not change the importance level of the risks. As you have mentioned also, risk control measures do not prevent or remove the risks. They are only barriers or defences for the risks. I also believe that following two things are not the same; 1. lowering the importance level of a risk from very high level to negligible level by putting excellent risk control measures in place 2. lowering the importance level of a risk from very high level to negligible level by removing the hazard related to risk Even the results of these two approaches mentioned above seem to be the same, they are obviously very different from each other. If you rate the risks considering existing control measures, you may not differentiate these to approaches. Best wishes Hilal

Posted By Chris Jerman Hi Hilal An interesting read. An observation for you. (previous posts spot on by the way, guys) You suggest that it is possible in situation 1. to reduce the level of risk to an almost negligible level through excellent control measures - which do not, however, entail the treatment of the hazard. It is unlikely that in such a risk calculation which results in HIGH that this will be possible. Taking the two components of RISK, consequence and likelihood, both would have to be high to give the maximum value yes?. If you applied excellent control measures to likelihood to reduce exposure potential to low, you would still be left with a high hazard consequence - therefore risk would now be medium NOT low. IN other words "It is well controlled, but IF exposed, the full outcome may still be realised. The only way to get the highest value of assessed risk down to low is to treat BOTH the hazard and the exposure as you have illustrated in the example 2. This is a mistake commonly made in respect of hazards such as electricity, where people put in measures to control people, then think that the RISK is low. It is not, it is medium - and when the controls fail, someone often dies! When adopting controls for likelihood when the consequence is still high, a controls assurance assessment must be made to make absolutely sure that the controls WILL remain in force under all conditions. This is where the previous post was correct in saying that you need to treat the situation and not the person. Chris

Posted By Hilal KINLI Hi Chris (Packham) I have studied very long time for the definition of terminologies: "hazard" and "risk". Because as you know, in many literature, you may find some different definitions. I have concluded that hazard is the main cause of an injury or illness (for example; work at height, manual handling, electricity, etc.). Risk is the probable result or sequence of results of an hazard (for example fall from height, back injury, electrical shock, etc.). Magnitude of the risk depends on severity and likelihood of the risk. Sorry, but I do not agree with your interpretations. As I have mentioned previously, in my opinion, risk control measures do not lower the importance of the risks. They are barriers in front of the risks. Of course, if these barriers are strong enough and if you quarantee that these barriers will be always in place, then there will be no problem. You will probably never be face with that risk. However, this will not mean that you have removed the hazard causing the risk. Risk will be waiting for any small gap in the risk control measures. If it finds a gap, then you will face with the risk in its original significance value. If you remove the hazard causing the risk, you will quarantee not to face with that risk. These two situations are obviously not the same. That is why I believe that existing risk control measures do not lower the importanc of the risks. This idea is my personnel idea developed by searching considerable amount of documents and making interpretations on them. Best wishes Hilal

Posted By Rakesh Maharaj Hi Chaps, This is an interesting discussion... One approach to interpreting risk in the context of Hilal's original example relating to noise is that risk is a 'dependent' factor. A risk calculation in this instance uses the exposed person as a point of reference. So using Chris's logic, suitable control of risk at the level of the exposed person through the use of PPE, is only likely to reduce the risk to the person using the PPE as opposed to others exposed to the same noise source who may not. Therefore one may argue that the risk to others, providing that controls are absent, remains unaffected. I hope this helps. R

Posted By Chris Jerman Where our profession suffers, as identified earlier in this thread, is in the use of language. Now is perhaps not the time for a long thread on this, but you only have to look at the postings so far to see what I mean. Firstly, there is no point looking in any sort of lexicon for a definition of RISK, as in my view we are not using the word in the same way as it is commonly used. Again in my view, risk does not mean - the chances of, nor does it mean likelihood of harm, nor outcome or even something that can hurt you. No, risk is merely a concept that allows us to contextualise something in a comparable way to allow prioritisation and determine tolerability / intolerability. Sounds complicated - it isn't but the explanation is. Whether you look at assessment with or without controls is neither here nor there in the language argument (I'd go 'with controls', by the way like you Chris, no-one said that assessment needed to be complicated and doing it twice seems to be a waste of my time and anyway, what does no controls mean - a new born baby? The minute you introduce any level of human awareness you are introducing controls of some sort). Many activities that people undertake are described as high risk, when in fact they are high hazard potential, but actually low likelihood. I don't agree Hilal with your rating of HIGH x Low = low. That doesn't make sense. That would give you a 5x5 matrix with only two levels of risk; high and low. What happened to medium? Anyway, sorry getting into distractions here. To make an assessment work in the real world, you need some ingredients (yes, my view again) Firstly a task. Someone needs to be doing something or else we are performing a different type of assessment (say, critical component failure - OK?)The task allows us to contextualise the hazard(s). Then we need to understand what could actually 'go wrong' in order to expose them. Example: We are surrounded by electricity in our homes. Not a problem. We use electricity without a problem it's not until something goes wrong that we get exposed (no this isn't likelihood yet, it's a prediction of a reasonably foreseeable event during the task) Task is working on an 240v electrical appliance. 'RF event' would be contact with live conductors due to failure to isolate correctly (for eg). The reasonably forseesable outcome from which would be electrocution. Many people get shocked and don't die, sure, but it isn't a surprise when they do is it? It IS a reasonable outcome OK. So far, Task, hazard, prediction of event and estimation of outcome. Now we get to likelihood. This is not, not, not the likelihood of dying. It is not even the likelihood of touching the exposed conductors. It's the likelihood (chance not probability) of being in a position where you MAY touch the conductors. What makes up that chance? Competency, pressure, your environment, effectiveness of the isolation procedure etc etc. Risk is made up of three components, 1 is the task and 2 and 3 are the independent variables of consequence at its reasonable worst and likelihood of exposure to the conditions described. Anything else isn't independent. So where's risk in all of this? Nowhere. Not until you perform the full assessment does risk appear. Using a simple 3 point matrix, electrocution would be HIGH and likelihood? Well let's say highly competent electrician, good isolation and test, no pressure to cut corners, we'll give likelihood of 'getting it wrong' as low. High x low would result in medium RISK. There I used the R word. That's the only time I ever use it. And I mean EVER. As a manager, it allows me to understand something. In this context, a job which is being well done, but if I allow the controls to be eroded it will increase back to the point that I will have people exposed to the point where I would not be surprised if someone did contact live conductors - and I know what could be the result. Let me be very clear here. This is not the only type of assessment out there, it's not the only right one either, so there's no need to disagree with my thinking or get offended, all I am merely trying to illustrate is that I have a very clear definition for myself of what the word RISK actually means and whether you agree or not, it is clear that we have many uses and definitions of it within the SAME PROFESSION. This is clearly not helpful especially for new practitioners and some enforcers. Agree or disagree with my method (by the way an assessment looks altogether much more obvious than the explanation) we do need to sort out the language of risk so that we're all discussing the same thing. I am currently working with the Technical Committee with the intention that we may produce a guide to risk assessment. Now isn't the time, but we do need to explain qualitative, quantitative, probabilistic, etc etc.with examples too. Different people need different assessment types. I would sincerely hope that BNFL (as was) don't use a 3x3 matrix for the assessment of their cores! But then does a local newsagent actually need much more than hazard spotting and some simple controls? However, I do feel that in order to be called a RISK assessment, there needs to be a definitive conclusion or else it's merely AN assessment. The new release from the HSE on what 'good enough' looks like simply has no conclusion. It's a list of hazards and some controls that should be in place but no identification of whether they are or not. I would say not a risk assessment at all. Right off to be. Just been to see Joe Bonamassa live in Sheffield and my ears are ringing. No, I didn't do a risk assessment nor a noise assessment beyond "Blimey, that's loud" Nighty night Chris

Posted By Chris Packham Hilal I entirely agree with you that a risk assessment has to be task based. However, this raises two questions. 1. As has already been suggested, their could be a significant difference between two persons carrying out the same task. To use the analogy, a trained electrician will probably be at lesser risk in carrying out electical work than someone with no knowledge at all. I use the analogy of two people painting a piece of machinery. One gets almost all the paint on the machinery and almost nothing on him. The other gets much more paint on him. Which do you use for your exposure model for the risk assessment? This is one reason why I prefer to control the process not the person. 2. What is the hazard. With ladders it is relatively straightforward - falling off. However, as soon as you introduce chemicals it becomes much more problematic, as I attempted to demonstrate in my earlier thread on safety data sheets. Water is the most common cause of occupational contact dermatitis. It is far too complicated to discuss here, but if you let me have your e-mail address I will happily send you our bulletin on this subject. Chris

Posted By Chris Jerman And the very best wishes to you too Hilal. Lovely to have conversed. My parting thought on the matter is to say that when designing any risk assessment process, thought must be given to 'what and whom' In other words what's it for and who will get the benefit from it. There is a common perception here in the UK that A. risk assessments keep people safe - wrong and B. that risk assessments are carried out for the 'shop floor' employees. Our assessments are carried out for managers as a tool to enable them to understand what they need to be doing. And as that is the case, they must be written in a way that 'talks' as a document.The comparative levels of risk allow them to prioritise resources and actions and to escalate that which they cannot manage themselves. In this calculation, medium is a very important position. It is actually one of the more complex levels of risk and needs in depth explanation to managers. All of our operational managers attend a day and a half course to have this explained and tested, passing the course is a requirement upon them. The assessment filter works in such a way that the management Board get a view of the six most significant issues across the entire business (69,000 employees)therefore our assessment process has to encompass great diversity with ease, which it does. It can only perform this function if we assign strict understanding of risk matrices. A smaller organisation that doesn't have the same size and diversity may not need such a tool. And the conclusion 'OK not OK' could well be satisfactory. I wish you well with your deliberations and you group. Please continue to post your thoughts. Best wishes Chris Jerman

Posted By Hilal KINLI Sorry, my last e-mail was respond to Chris (Packham), not Chris (Jerman). I apologize. Hilal

Posted By Chris Packham Hilal Caution on relying upon safety data sheets. Several studies have shown that these are frequently inaccurate. I recently collected seven safety data sheets from a large newsprint works. All seven gave inaccurate information that, if it had been taken at face value, could have resulted in workers being put at risk. Of course, these are UK data sheets, but studies in the USA and Australia have shown similar results. Are they any better in your country? Secondly, even where accurate, the information can be misleading. I was recently involved in a case where compensation was being claimed for allergic contact dermatitis due to handling a material of which over 60% was a potent sensitiser, as stated on the safety data sheet (R43). However, my investigation (using our Health and Safety Laboratory for tests) confirmed my suspicion (from observing the work and noting the history within that company) that the sensitiser was not bioavailable and thus could not have been the cause of the dermatitis. Result was the withdrawal of the compensation claim and cancellation of a programme of expensive control measures which were not needed, i.e. substantial cost savings. Chris

Posted By Alan Hoskins Chris J, Will that be a 'simple' guide? AKA 'Risk Assessment for Dummies'? I do hope so... ;-) Alan

Posted By Chris Jerman And I'm not saying that you're wrong, but here's my take on your scenario. I've crudely stuck my responses in in capitals. hope that's ok with you. I understand the risk as probable result of a hazard.[I DON'T] For example, in my view, walking on a slippery surface is a hazard [I WOULD SAY THAT WALKING ON THE SURFACE - ACCESS/EGRESS PERHAPS, IS THE TASK, THE SUBSTANCE ON THE FLOOR BEING THE HAZARD NOT THE ACTION. WALKING IS A VERB], slip and fall [WOULD BE THE REASONABLY FORESEEABLE EVENT] which is probable result of that hazard is a risk [I HAVEN'T GOT TO RISK YET] related to that hazard. So when I talking about the risk, I mean probable result of a hazard.[I MEAN A RELATIVE VALUE SUCH AS HIGH MED OR LOW SET AGAINST A SPECIFIC TASK] I assess likelihood and consequence of that risk[DO YOU MEAN TASK?] separately.[SO DO I, THEY'RE INDEPENDENT VALUES] If a person is walking in a slippery surface [TASK WITH IDENTIFIED HAZARD], either low or high, there will be possibility of slip and fall risk [EVENT NOT RISK] [FROM WHICH THERE MAY BE AN INJURY]. After identifying the risk [EVENT] as "slip and fall", then I try to estimate likelihood and consequence of that risk [EVENT] assessing the task, properties of the floor, etc.. together with the people performing the task [VERY MUCH AGREE WITH THIS BIT] for finding magnitude of the risk [LIKELIHOOD, ONLY RISK WHEN COMBINED WITH INJURY OUTCOME WHICH HAS NOT BEEN IDENTIFIED SO FAR]. One issue that you haven't addressed there Hilal is the injury. Until you do that you don't have the complete picture, so you don't have anything to rate for consequence. I would say that the reasonably foreseeable worst case injury for a slip and fall onto a hard floor by a 'normal' person would be a fracture to an arm or perhaps leg. A high percentage would result in only sprains sure, but reasonably a fracture. Now if this was in a care home for the elderly I would reassess that 'reasonableness' and estimation of injury for the patients. But for the staff it would remain the same. In a nursery, I'd go the other way - children tend to bounce. The lesson here is that assessments need to be clear on what they cover. The 5 steps model in the UK would just ask who's exposed? So who do you take as the model - staff, children or patients? In my view the task is different too, not merely the potential outcome. Bruce

Posted By Chris Jerman But of course my friend. It is quite one thing to see someone else's point of view and another to agree with it. On this occasion, I can't quite see how you form you point of view, so agreeing is difficult for me on this occasion. I cannot agree with all of your fundamental points such as walking being the hazard for example. No matter, as you say as long as someone actually does something, we have achieved our common goal. One thing is that I do agree with is that there are different approaches and that this has been a pleasant exchange in exploring our various points of view. We should not be afraid to discuss opinion. I shall look out for your postings in the future. I have to go now as we have had a rather unpleasant incident in the South where despite very clear assessment, no-one acted! Regards Chris (not Bruce really) Jerman

Posted By Adrian Watson Bruce, Now I am confused. Hazard is simple; it is an event or situation with the potential to cause harm. It is not something. It is something being done to something else. All hazards are contextual events in that they occur at a specific time and place. This may affect the risk of the hazard occurring or not. Walking per se is not a hazard. Walking on a slippery floor is a hazard. Walking on uneven ground is a hazard. Walking in the dark is a hazard. Walking without shoes in a building site is a hazard. Risk is also simple; it is the likelihood (Possibility/Probability) that a specified outcome (Death, disease, injury or damage) will occur to the specified target (Group/Individual). The risk is the likelihood of an event occurring and the consequences of that hazard once it occurs. The risk of falling is dependant upon the ground, speed of individual, time of day, ground conditions and care being taken. The risk of injury depends upon the individual (an old lady with osteoporosis having a greater risk than a young fit girl), the environment (falling 1 m onto concrete as opposed to 1 m onto grass. Each event has not one risk attached to it but a series of risks. Risk modifiers such as control measures affect the outcome by reducing the probability of an event or by reducing the severity of the outcome. Other risk modifiers such as using incompetent individuals increases risk by increasing the probability of an outcome. Others such as increasing intensity increase the severity of the outcome. To have a unified risk theory, you should be able to calculate societal risk from individual. The model risk = probability x severity does not allow this to be done and is a logical nonsense. Regards Adrian Watson

Posted By Adrian Watson Geoff, No you have not missed the point. Electricity is only a hazard if you have the potential to come come in to contact with it. Electricity is therefore not a hard; climbing a pylon is; as is repairing a live plug; or using a live appliance in the wrong (wet) environment. Regards Adrian Watson

Posted By Alan Hoskins Adrian, Surely electricity is a hazard. It is only when the hazard is being controlled - by insulation, distance (pylon), etc. - that prevents it from causing us harm? Alan

Posted By JasonGould Just on this discussion and after having quite a heated debate on the issue of severity measurements in risk assessments. Based on my studies and from past colleague conversations is my following belief:- We make a initial judgement be it mathematical or not on the initial severity of a incident e.g. A Fall. In most cases, we usually take the worst case scenario as the initial figure e.g. Fracture, death or damage dependant on the recipient being human or product, young or old etc etc. We can either include existing control measures or in fact start as though no control measures are in place at all. We then implement a control measure or a series of further control measures to reduce the probability or likelihood of this incident leading to the worst case scenario. It was my opinion that the severity measurement does/should not actually change as any failure, by-passing etc of the control measure/s implemented could end in the same consequence(worst case scenario) that one originally started with. The counter argument I was up against is that severity does and can change e.g wearing a harness or falling into a secured net will alter the severity. I always thought that things such the provision of safety nets will only affect the probability /likelihood. Now I know there are all sorts of debates in the middle grounds regarding numbers (Quantitative v Qualitative and probabilistic / Frequency etc but is this not the basic rule of thumb. Severity is 99.9 times based on worst possible outcome of which is subject to numerous other factors such as frequency/probability and the initial potential of the hazard to cause harm to a recipient. I am quite happy to re-evaluate my initial beliefs but the severity stays the same argument seems easier to digest than the severity changes argument. Ouch my head hurts Would be nice to see some good evidence based answers or reference to free materials that may help clarify either point. Thanks Jay

Posted By Barry Cooper For what it's worth, in my opinion, electricity is a hazard at all times. The likelihood of it causing harm, is controlled by such things as insulation, distance, enclosure etc. The risk is the likelihood of harm being caused Also in some cases the severity can be reduced by control measures. e.g. fall arrest. The severity of falling 6m could be fatal, but with a fall arrest could just be bruising. I don't always have severity as the worst case scenario, I make a judgement of what the most likely severity would be. Barry

Posted By JasonGould Hazard is anything with potential to cause harm. Risk is likelihood that harm occurs. The above is common knowledge to most however I still struggle with severity being reduced. I tend to think that subject to control measures being in place, it is only the probability that is reduced. I do know there is another way of looking at itbut want to understand why? Risk Ratings have been determined using a number of different ways e.g. below show just a few formula's 1. Frequency × Severity 2. Frequency × (Maximum Potential Loss + Probability). 3. Frequency × (Severity + Maximum Potential Loss + Probability) Now I am led to believe that this can be further complicated due to people using either a estimated maximum Loss or a estimated probable loss. Those that use the estimated probable loss will tend to use probabilistic methods to determine a final risk rating but is subjective to perception the hazards and control measures in place and these tend to state a reduction in severity. Those that use estimated maximum Loss presume the worst and tend to state a reduction i the likelihood/frequency when control measures are introduced. Either way, lets suppose we do reach a initial risk rating that states death as the worst case outcome in both of the above scenarios. Now we add a control measure What would the adding of a control measure actually influence? Severity, Probability, Frequency, Maximum Potential Loss, or estimated probable loss, likelihood. This is where I even get confused and is the cause of the debate today and most likely many debates within the industry. Now what I am saying is in these type of assessments that have a before Risk rating and a after risk rating, is that I hardly see them with the severity reduced as sods law comes into play and control measures may fail. I tend to see many more risk assessments that lean towards the likelihood/probability being the figure that has actually changed and the severity being a constant throughout the assessment thus stressing the importance of the requirement for tight control measures. Whats your thoughts? Do you care so long as what you are using is actually getting the results you want? Should we all not just agree that it is a horses for courses and that people use different methods and are equally right in doing so e.g. severity is actually reduced once control measures are implemented? It is definitely a interesting one for me as it caused a healthy debate to get out of hand thus going back to the safety cant make its mind up perception some people get.