- Strategy & Partners
- News & Views
- My IIRSM
Accidents, safety and risk-based thinking – why IIRSM’s new Competency Framework should matter to you
In the past year, the UK has actually seen a 4% increase in the number of fatal injuries, whilst the number of other major injuries remains static at about 20,000 a year. A similar pattern can also be seen in other countries. Despite significant investments in health and safety over the years, we are no longer seeing a reduction in the most serious injuries. Whilst this may be related to the increasingly technical and complex nature of work today, or the multiple interconnections between processes and systems, there may be other, more human factors behind this trend.
Consider also that an international survey, the Business Continuity Institute’s Horizon Scan Report 2019, now ranks health and safety incidents as the costliest disruptions of all to business, with estimated combined losses for 28 surveyed organisations of £0.9bn last year, and consequent reputational damage at a further $0.8bn. OSH failures can also contribute to supply chain failures, separately estimated at £145m.
Finally, think of Grenfell Tower and similar residential fire-related catastrophes and one must ask whether we still have the right approaches to safety and health? Are we thinking about it the right way?
True, the nature of risk itself is changing in so many areas of work and life, and it can be hard to keep up. We know already from the UK government’s Grenfell Tower review that more holistic approaches to risk management would have paid dividends in both preventing the initial fire, and reducing the effects of the disaster to follow. Instead of looking at building materials, construction techniques, fire protection, life preservation, brigade access, evacuation arrangements and building maintenance and alterations separately, and determined by separate authorities with separate regulatory regimes, it is now recognised that a more holistic ‘joined up’ approach would have helped greatly, had someone taken that overview role. Individual risks could still have been assessed and mitigated on their own, but critically also the way they interact considered alongside.
Both the UK’s Health and Safety Executive, and the now established new international standard for occupational safety, ISO45001, stress the importance of taking ‘risk based’ approaches to all aspects of safety. Yet so often, safety, in all its many guises, is still seen as a legally and regulatory focussed discipline, relying on tick-box type approaches.
Risk management meanwhile can still be seen as ‘something to do with insurance’ or an esoteric office-based paper exercise.
Instead risk and safety must be seen as two sides of the same coin – a truly integrated discipline.
It follows therefore that consultants providing guidance in this area must take a similarly integrated approach. The old days of the safety advisor wearing a hard hat and carrying a clip board, busy spotting hazards, is misleading.
Indeed, a recent HSE review looking at the quality of advice on health and safety provided by consultants, concluded that, despite pockets of excellent practice, in others it can be positively patchy.
The report on ‘Blue tape research into 3rd party advice’ says that 3rd party advice can sometimes focus on paperwork, rather than on holistic risk control as such. It can make H&S feel too bureaucratic and burdensome, making it difficult for businesses to manage themselves.
HSE’s work also discovered confusion amongst those they asked about what signifies a competent, qualified and up to date for H&S consultant. Consultants are indeed often chosen purely by ‘word of mouth’ or by Google search – business simply doesn’t know what good looks like.
Furthermore, some consultants are seen to operate outside their own competency zone, and fail to tailor their advice to the needs of specific businesses, handed out instead standardised factsheets.
Whilst businesses do generally have a positive view of the consultants they employ, HSE and local authority inspectors generally feel there is a gap between the quality of advice received and what businesses believe they are receiving.
This doesn’t mean all consultants are bad: there are many excellent practitioners, but equally others are simply out of date.
IIRSM’s competency framework
So, what’s the answer? IIRSM's new risk management and leadership competency framework goes back to first principles by recognising the importance of risk management in every role, without losing sight of the importance of health and safety, because all functions have the potential to cause harm if risks are not properly controlled. The framework reflects both the different things that risk and safety professionals should be able to know and do (‘technical competencies’) at their own particular career level, whether operational, managerial or strategic, as well as the behavioural skills (‘leadership behaviours’) they need to practice.
The framework isn’t just relevant to consultants either. Whether you work in consultancy or are employed in house in a role with either a risk or safety dimension, it provides guidance for the knowledge and skills you need to develop.
Risk systems, culture and plain language approaches
It is one thing to identify risk, but organisational survival and indeed development requires the establishment of systems, processes and particularly culture to ensure that risks are controlled systematically. This means that as risks change, or new risks emerge, organisations are able to adapt to manage and control those risks appropriately.
Such systems and processes can also act as a source of competitive advantage. They also help organisations make informed decisions and provide a basis for all employees to work safely and record and track events and consequences. IIRSM recognises through the framework that different roles, departments, industries and territories need address and manage risk differently.
So far, so good. However, before we all decide that the answer is yet more process and obtuse terminology such as ‘risk appetite’ or ‘risk culture’, it’s worth stepping back for a moment. All businesses run by making decisions. We all hope those decisions are rational, considered, informed, and based on the best possible information. Now, is the answer to those questions ‘risk management’? Certainly risk management tools and techniques, underpinned by the IIRSM competency framework, and due consideration of organisational culture, all matter a great deal. However, risk management must never ever become an aim in itself, practised solely by a specialist department.
Instead , if we think of risk management as ‘decision support’ we are getting much closer to truly effective risk management. Remember that risks include opportunities as well as threats: if all you do is manage the downside, you are not helping to manage the upside. Risk management musn’t just be a handbrake on business: this applies equally whether we’re talking risk management, governance or business continuity, or that new buzzword, resilience. Effective risk management approaches must be designed in such a way that they deliver real value to a business in excess of its cost. It’s not all policies and processes, you know, and we are not the ‘fun police’ nor are we ‘business prevention managers’.......