Risk Assessments – Legal Requirements, Trends, and ISO 45001

Neil HartleyHealth & Safety Issues/TrendsLeave a Comment

Risk Assessments

Risk assessments are a central component of health and safety in every industry and sector. This is because risk assessments significantly reduce accidents, including accidents that cause deaths or the most serious types of injury.

However, it is easy for organisations to become unconsciously complacent (or even deliberately complacent) about conducting risk assessments. In these situations, the process drifts into being a tick box exercise, dramatically reducing their effectiveness.

That said, there are new trends in the field of risk assessments which is making them more suitable to the modern workplace. The health and safety standard ISO 45001 will also change the way organisations approach risk assessments.

We’ll explore all this and more in a moment, but first… what does the law say about risk assessments?

Your Legal Responsibilities

If you are an employer or you are self-employed, it is a legal requirement for you to assess the health and safety risks of your business and/or work. This applies to everyone, whether you are a one-person operation, or you employ thousands.

That said, if you employ fewer than five people, there is no requirement for you to document risk assessments or keep records.

Just because it is not a legal requirement, however, does not mean you shouldn’t go through the process of documenting and keeping records of risk assessments. In fact, in many situations, it makes sense to do so.

One other point to remember is the law makes no distinction between safety and health in relation to risk assessments. In other words, you must also conduct risk assessments if health risks arise as a result of your work or operations. This includes the risk of employees suffering from stress.

In addition, if you employ five or more people, you must document and keep records of health risk assessments just like you do with safety risk assessments.

Current Risk Assessment Trends

Evolving Responsibilities

In many organisations we are seeing the responsibility for risk management moving up the chain.

Previously, it was the responsibility of front-line managers to manage risks.  Now, however, risk management is going to the very top, i.e. to C-suite and boardroom level.

When this happens in an organisation there is a clear impact on risk assessments, specifically, risk assessments become less of a box-ticking exercise.

The Establishment of Risk Management Cultures

The above point leads on to this one, which is about the cultivation of an ingrained risk management culture through every level of the company. Similar to the above, this leads to more effective risk assessment processes.

This includes a greater willingness to take ownership of the process, particularly when the organisation views health and safety as being about continuous learning and improvement rather than taking an approach that centres on blame and fault finding.

Increasing Use of RAMS

The above, in addition to wider adoption of ISO 45001 (see below), is likely to lead to a new trend of organisations choosing to use RAMS. RAMS, or Risk Assessment Method Statements, are documents created after a risk assessment that provide specific advice on how workers can avoid identified risks.

Many organisations do this already on an informal basis, with construction being the only sector that formalises the process in a widespread way using RAMS. In the near future, however, we are likely to see other industries start to adopt RAMS too, despite the fact there is no legal or regulatory requirement to do so.

Improved Access to Data

Improved access to data is another factor that is changing and improving the risk assessment process in organisations. In the past, completing and then acting on a risk assessment was often disjointed and fragmented, with varying levels of commitment, accuracy, and knowledge sharing.

New technologies and platforms, however, are now streamlining the risk assessment process while also improving consistency. Crucially, data collection, analysis, and knowledge sharing are also improving. This leads to better quality risk assessments, more effective real-world procedures, and improved overall risk management.

The Impact of ISO 45001 on Risk Assessments

ISO 45001 is the new ISO health and safety standard, but how will it impact the way organisations conduct and use risk assessments?

One of the key aspects of ISO 45001 is that it transforms health and safety from a delegated responsibility to it being the responsibility of everyone in the organisation. From the point of view of workers, they must take ownership, while managers must empower staff to create the space for this to happen.

This means employees at all levels becoming more directly involved in conducting risk assessments. In addition, companies must provide sufficient resources to enable them to do risk assessments as well as other health and safety-related tasks such as training and incident investigations.

There is also a greater emphasis in ISO 45001 on companies effectively communicating with workers in relation to the risks identified in risk assessments and requires companies to be able to quickly adapt to new risks. As a result, risk assessment procedures must become not only resilient, but more versatile.

Wider Use of Dynamic Risk Assessments

One way that organisations can make their risk assessment process more versatile is to begin using dynamic risk assessments. Risk assessments and dynamic risk assessment perform the same function, but they take place at different times and in differing situations.

You typically conduct a standard risk assessment before you start work on a task. The process usually involves documenting the risk as well as procedures and actions to eliminate or mitigate it (see the section on RAMS above).

This, however, cannot take into account changing situations and circumstances. This is where you use dynamic risk assessments. In other words, dynamic risk assessments involve assessing risks during a task and making decisions based on those assessments.

As they happen in a live environment, it is not possible to document the assessment, or the decisions taken, although, in some situations, documentation takes place after the event.

In most tasks where dynamic risk assessments occur, there will already be a standard risk assessment in place. The dynamic risk assessment deals with changes in circumstance, particularly those the standard risk assessment could not foresee.

A good example of the use of standard risk assessments and dynamic risk assessments is in the emergency services. The general risks that paramedics face, for example, will be the subject of standard risk assessments. As part of that process, decisions will be made and procedures created to mitigate or eliminate those risks.

However, paramedics will still face situations that do not fit neatly into boxes defined by risk assessments. Therefore, paramedics continuously conduct dynamic risk assessments while on call outs, taking into account new and changing situations.

Drilling into a more specific example, there will be risk assessments conducted on how a paramedic should drive an ambulance to an emergency. That will set certain parameters for the paramedic to work within, but the reality is they will still face ever-changing road conditions. This requires individual paramedics to conduct dynamic risk assessments in the moment.

Of course, when doing this, it is not practical to stop and document the risk. That said, the dynamic risk assessment process is still an essential part of managing workplace risk, particularly when it is part of an organisation’s wider health and safety strategy.

Increasing Use of Risk Management Software

The coming years will also see a more widespread use of risk management software. The technology winners in this space will likely be those that offer a consistent view of, and access to, data across the business. This data would include employees, contractors as well as the buildings and environment they work in.

Software like this goes some way to preventing risk assessments from becoming a box ticking exercise, although the benefits of risk management software also include better management oversight and improved communication.

As with just about everything in the modern workplace, new technologies are changing the way we do and use risk assessments. That said, cultural and attitudinal evolutions in health and safety will have an impact in the coming years too.

Leave a Reply

Your email address will not be published. Required fields are marked *