- Strategy & Partners
- News & Views
- My IIRSM
Why risk management competence is important
Date of Issue: Thursday, 3 January, 2019
By John Huckstepp SFIIRSM FCIPD
A co-pilot was arrested at Heathrow airport because he had consumed so much alcohol prior to a flight that he could hardly stand up.
When I worked on the railways, our drug and alcohol policies established consequences that reduced the likelihood of anyone turning up under the influence of drink or drugs, but they were not fool-proof. The basis for safety was fear of losing your job if you were caught with levels of alcohol or drugs in your system, but random drug screening was carried out at such low levels, the chances of being caught were very low.
Since then a lot of research has been carried out into the psychology of safety. There has been a greater focus on collective harm rather than personal harm, and there has been a greater focus on the reputational consequences of such an event.
The requirements on the railways were very different to the standards in other sectors. Some years later, I dealt with fallout from a Christmas party and a couple of corporate hospitality events where the effects of alcohol had all got a little out of hand. Whilst these events were significant at the time, the consequences were always going to be poles apart from the potential for harm caused by workers on the rail network.
What might be adequate or proportionate in one organisation might be completely different to any other. The work the IIRSM is currently undertaking on competencies recognises that risks vary widely across industries, territories, and organisations.
When the context is recognised and understood, it becomes a lot easier to recognise the risks the organisation is exposed to, and the expectations in terms of managing those risks. Even within the same organisation, different departments have to consider their own risks and develop proportionate mechanisms for dealing with them.
The management of risks means that hazards are identified, considered, and that appropriate action is taken to remove or reduce the risk of harm. IIRSM's new competency framework (launching Spring 2019) recognises the importance of risk management in every role, without losing sight of the importance of risks to health and safety because all functions have the potential to cause harm if risks are not properly controlled.
It is one thing to recognise risks and to do something about them, but organisations survive by establishing processes and other mechanisms to ensure that risks are controlled systematically. This means that as risks change, or new risks emerge, organisations are able to flex and adapt to manage and control those risks differently.
Good systems and processes act as a source of competitive advantage and protect organisations from the type of harm they might otherwise be exposed to. They also provide support and guidance to managers to help them to make informed decisions and provide a basis for all employees to work safely and record and track events and consequences.
IIRSM recognises that different roles, departments, industries and territories address and manage risk differently.
Everybody I speak to seems to be going through some kind of journey at work. That might be because they are involved in a project or because their organisation is going through change. It is nearly always the case that as projects develop or change occurs, so risk shifts. Different activities create different risks and the process of change itself often means that roles, responsibilities, and accountabilities change. Whether we are responsible for determining the change, driving the change, or living with the change, we are all affected by it.
Project work and change creates dynamic risks, but these risks are as much a part of our day to day activities as those present in our day to day activities. For that reason, the IIRSM have recognised this as a separate area of competence.
What we do and how we do it has the potential to affect lots of people. As well as having a responsibility towards our shareholders, we also have a duty to our customers, employees, suppliers, and our local community, wherever and whoever that might be.
Effective risk management considers the potential for harm across all stakeholders and provides controls to safeguard and protect those relationships. The changing shape of the media and the growth of ‘people power’ means that organisations have to think about stakeholders more widely than they have done in the past. The growth of review websites rating product, experience, and even employee satisfaction has meant that the traditional shop window of an organisation now has a global presence. The IIRSM competence model recognises the importance of stakeholder identification and engagement.
All of these elements combine to provide a basis for risk management that reflects the needs of the organisation and its risks in a way that is structured and systematic, but sufficiently flexible to address changing risks and sufficiently broad to recognise the expectations of all stakeholders.
The final area of competence the IIRSM have identified recognises the importance of capturing information and data that forms a part of risk management, whether that is in the form of capturing safety concerns, spotting trends, or learning from experiences so that actions can be taken to identify and implement workable solutions.
I have always been fascinated by the research of Lekka and Healey, and their analysis of recurrent themes across research into 16 major incidents. They reported on contributory factors such as poor safety commitment, procedures, control, competence, learning from events, hazard awareness, safety communications, role clarity, and change as the precursors to such events as Piper Alpha, the Columbia Space Shuttle, Buncefield, and the Herald of Free Enterprise disasters.
The work the IIRSM has conducted on competence largely reflects their research and establishes a framework that meets the needs of professionals across all disciplines but with a particular focus on health and safety in a way that recognises everyone has a responsibility to manage and control risk.