Safety Concepts Part 2

In this 33-minute session, Safety Concepts Part 2, The Safety Artisan equips you with more Safety Concepts. I look at the basic concepts of safety, risk, and hazard in order to understand how to assess and manage them.

Exploring these fundamental topics provides the foundations for all other safety topics, but it doesn’t have to be complex. The basics are simple, but they need to be thoroughly understood and practiced consistently to achieve success. This video explains the issues and discusses how to achieve that success.

Highlights of Safety Concepts, Part 2 video.

Get the full-length Lesson as part of the FREE Triple Learning Bundle.

Safety Concepts Part 2: Topics

Risk & Harm;
Accident & Accident Sequence;
(Cause), Hazard, Consequence & Mitigation;
Requirements / Essence of System Safety;
Hazard Identification & Analysis;
Risk Reduction / Estimation;
Risk Evaluation & Acceptance;
Risk Management & Safety Management; and
Safety Case & Report.

Safety Concepts Part 2: Transcript

Click Here for the Transcript

Hi everyone, and welcome to the safety artisan where you will find professional, pragmatic, and impartial advice on safety. I’m Simon, and welcome to the show today, which is recorded on the 23^rd of September 2019. Today we’re going to talk about system safety concepts. A couple of days ago I recorded a short presentation (Part 1) on this, which is also on YouTube. Today we are going to talk about the same concepts but in much more depth.

In the short session, we took some time picking apart the definition of ‘safe’. I’m not going to duplicate that here, so please feel free to go have a look. We said that to demonstrate that something was safe, we had to show that risk had been reduced to a level that is acceptable in whatever jurisdiction we’re working in.

And in this definition, there are a couple of tests that are appropriate that the U.K., but perhaps not elsewhere. We also must meet safety requirements. And we must define the Scope and bound the system that we’re talking about a Physical system or an intangible system like a computer program. We must define what we’re doing with it and what it’s being used for. And within which operating environment within which context is being used. And if we could do all those things, then we can objectively say – or claim – that the system is safe.

Topics

We’re going to talk about a lot more Topics. We’re going to talk about risk accidents. The cause has a consequence sequence. They talk about requirements and. Spoiler alert. What I consider to be the essence of system safety. And then we’ll get into talking about the process. Of demonstrating safety, hazard identification, and analysis.

Risk Reduction and estimation. Risk Evaluation. And acceptance. And then pulling it all together. Risk management safety management. And finally, reporting, making an argument that the system is safe supporting with evidence. And summarizing all of that in a written report. This is what we do, albeit in different ways and calling it different things.

Risk

Onto the first topic. Risk and harm. Our concept of risk. It’s a combination of the likelihood and severity of harm. Generally, we’re talking about harm. To people. Death. Injury. Damage to help. Now we might also choose to consider any damage to property in the environment. That’s all good. But I’m going to concentrate on harm to people. Because usually, that’s what we’re required to do. By the law. And there are other laws covering the environment and property sometimes. That. We’re not going to talk. just to illustrate this point. This risk is a combination of Severity and likelihood.

We’ve got a very crude. Risk table here. With a likelihood along the top. And severity. Downside. And we might. See that by looking at the table if we have a high likelihood and high severity. Well, that’s a high risk. Whereas if we have Low Likelihood and low severity. We might say that’s a low risk. And then. In between, a combination of high and low we might say that’s medium. Now, this is a very crude and simple example. Deliberately.

You will see risk matrices like this. In. Loads of different standards. And you may be required to define your own for a specific system, there are lots of variations on this but they’re all basically. Doing this thing and we’re illustrating. How do we determine the level of risk. By that combination of severity. And likely, I think a picture is worth a thousand words. Moving online to the accident. We’re talking about (in this standard) an unintended event that causes harm.

Accidents, Sequences and Consequences

Not all jurisdictions just consider accidental events, some consider deliberate harm as well. We’ll leave that out. A good example of that is work health and safety in Australia but no doubt we’ll get to that in another video sometime. And the accident sequences the progression of events. That results in an accident that leads to an. Now we’re going to illustrate the accident sequence in a moment but before we get there. We need to think about cousins. here we’ve got a hazardous physical situation or state of a system. Often following some initiating event that may lead to an accident, a thing that may cause harm.

And then allied with that we have the idea of consequences. Of outcomes or an outcome. Resulting from. An. Event. Now that all sounds a bit woolly doesn’t it, let’s illustrate that. Hopefully, this will make it a lot clearer. Now. I’ve got a sequence here. We have. Causes. That might lead to a hazard. And the hazard might lead to different consequences. And that’s the accident. See. Now in this standard, they didn’t explicitly define causes.

Cause, Hazard, and Consequence

They’re just called events. But most mostly we will deal with causes and consequences in system safety. And it’s probably just easier to implement it. Whether or not you choose to explicitly address every cause. That’s often an optional step. But this is the accident Sequence that we’re looking at. These sorts of funnels are meant to illustrate the fact that they may be many causes for one hazard. And one has it may lead to many consequences on some of those consequences. Maybe. No harm at all.

We may not actually have an accident. We may get away with it. We may have a. Hazard. And. Know no harm may befall a human. And if we take all of this together that’s the accident sequence. Now it’s worth reiterating that just because a hazard exists, it does not necessarily lead to harm. But to get to harm, we must have a hazard; a hazard is both necessary and sufficient. To lead to harmful consequences. OK.

Hazards: an Example

And you can think of a hazard as an accident waiting to happen. You can think of it in lots of different ways, let’s think about an example, the hazard might be. Somebody slips. Okay well while walking and all. That slip might be caused by many things it might be a wet surface. Let’s say it’s been raining, and the pavement is slippery, or it might be icy. It might be a spillage of oil on a surface, or you’d imagine something slippery like ball bearings on a surface.

So, there’s something that’s caused the surface to become slippery. A person slips – that’s the hazard. Now the person may catch themselves; they may not fall over. They may suffer no injury at all. Or they might fall and suffer a slight injury; and, very occasionally, they might suffer a severe injury. It depends on many different factors. You can imagine if you slipped while going downstairs, you’re much more likely to be injured.

And younger, healthy, fit people are more likely to get over a fall without being injured, whereas if they’re very elderly and frail, a fall can quite often result in a broken bone. If an elderly person breaks a bone in a fall the chances of them dying within the next 12 months are quite high. They’re about one in three.

So, the level of risk is sensitive to a lot of different factors. To get an accurate picture, an accurate estimate of risk, we’re going to need to factor in all those things. But before we get to that, we’ve already said that hazards need not lead to harm. In this standard, we call it an incident, where a hazard has occurred; it could have progressed to an accident but didn’t, we call this an incident. A near miss.

We got away with it. We were lucky. Whatever you want to call it. We’ve had an incident but no he’s been hurt. Hopefully, that incident is being reported, which will help us to prevent an actual accident in the future. That’s another very useful concept that reminds us that not all hazards result in harm. Sometimes there will be no accident. There will be no harm simply because we were lucky, or because someone present took some action to prevent harm to themselves or others.

Mitigation Strategies (Controls)

But we would really like to deliberately design out or avoid Hazards if we can. What we need is a mitigation strategy, we need a measure or measures that, when we put them into practice, reduce that risk. Normally, we call these things controls. Again, now we’ve illustrated this; we’ve added to the funnels. We’ve added some mitigation strategies and they are the dark blue dashed lines.

And they are meant to represent Barriers that prevent the accident sequence from progressing towards harm. And they have dashed lines because very few controls are perfect, you know everything’s got holes in it. And we might have several of them. But usually, no control will cover all possible causes, and very few controls will deal with all possible consequences. That’s what those barriers are meant to illustrate.

That idea that picture will be very useful to us later. When we are thinking about how we’re going to estimate and evaluate risk overall and what risk reduction we have achieved. And how we talk about justifying what we’ve done is good. That’s a very powerful illustration. Well, let’s move on to safety requirements.

Safety Requirements

Now. I guess it’s no great surprise to say that requirements, once met, can contribute directly to the safety of the system. Maybe we’ve got a safety requirement that says all cars will be fitted with seatbelts. Let’s say we’ll be required to wear a seatbelt. That makes the system safer.

Or the requirement might be saying we need to provide evidence of the safety of the system. And, the requirement might refer to a process that we’ve got to go through or a set kind of evidence that we’ve got to provide. Safety requirements can cover either or both of these.

The Essence of System Safety

Requirements. Covering. Safety of the system or demonstrating that the system is safe. Should give us assurance, which is adequate confidence or justified confidence. Supported with evidence by following a process. And we’ll talk more about the process. We meet safety requirements. We get assurance that we’ve done the right thing. And this really brings us to the essence of what system safety is, we’ve got all these requirements – everything is a requirement really – including the requirement. To demonstrate risk reduction.

And those requirements may apply to the system itself, the product. Or they may provide, or they may apply to the process that generates the evidence or the evidence. Putting all those things together in an organized and orderly way really is the essence of system safety, this is where we are addressing safety in a systematic way, in an orderly way. In an organized way. (Those words will keep coming back). That’s the essence of system safety, as opposed to the day-to-day task of keeping a workplace safe.

Maybe by mopping up spills and providing handrails, so people don’t slip over. Things like that. We’re talking about a more sophisticated level of safety. Because we have a more complex problem a more challenging problem to deal with. That’s system safety. We will start on the process now, and we begin with hazard identification and analysis; first, we need to identify and list the hazards, the Hazards and accidents associated with the system.

We’ve got a system, physical or not. What could go wrong? We need to think about all the possibilities. And then having identified some hazards we need to start doing some analysis, we follow a process. That helps us to delve into the detail of those hazards and accidents. And to define and understand the accident sequences that could result. In fact, in doing the analysis we will very often identify some more hazards that we hadn’t thought of before, it’s not a straight-through process it tends to be an iterative process.

Risk Reduction

And ultimately what we’re trying to do is reduce risk, we want a systematic process, which is what we’re describing now. A systematic process of reducing risk. And at some point, we must estimate the risk that we’re left with. Before and after all these controls, these mitigations, are applied. That’s risk estimation. Again, there’s that systematic word, we’re going to use all the available information to estimate the level of risk that we’ve got left. Recalling that risk is a combination of severity and likelihood.

Now as we get towards the end of the process, we need to evaluate risk against set criteria. And those criteria vary depending on which country you’re operating in or which industry we’re in: what regulations apply and what good practice is relevant. All those things can be a factor. Now, in this case, this is a U.K. standard, so we’ve got two tests for evaluating risk. It’s a systematic determination using all the available evidence. And it should be an objective evaluation as far as we can make it.

Risk Evaluation

We should use certain criteria on whether a risk can be accepted or not. And in the U.K. there are two tests for this. As we’ve said before, there is ALARP, the ‘As Low As is Reasonably Practicable’ test, which says: Have we put into practice all reasonably practicable controls? (To reduce risk, this is a risk reduction target). And then there’s an absolute level of risk to consider as well. Because even if we’ve taken all practical measures, the risk remaining might still be so high as to be unacceptable to the law.

Now that test is specific to the U.K, so we don’t have to worry too much about it. The point is there are objective criteria, which we must test ourselves or measure ourselves against. An evaluation that will pop out the decision, as to whether a further risk reduction is necessary if the risk level is still too high. We might conclude that are still reasonably practicable measures that we could take. Then we’ve got to do it.

We have an objective decision-making process to say: have we done enough to reduce risk? And if not, we need to do some more until we get to the point where we can apply the test again and say yes, we’ve done enough. Right, that’s rather a long-winded way of explaining that. I apologize, but it is a key issue and it does trip up a lot of people.

Risk Acceptance

Now, once we’ve concluded that we’ve done enough to reduce risk and no further risk reduction is necessary, somebody should be in a position to accept that risk. Again, it’s a systematic process, by which relevant stakeholders agree that risks may be accepted. In other words, somebody with the right authority has said yes, we’re going to go ahead with the system and put it into practice, implement it. The resulting risks to people are acceptable, providing we apply the controls.

And we accept that responsibility. Those people who are signing off on those risks are exposing themselves and/or other people to risk. Usually, they are employees, but sometimes members of the public as well, or customers. If you’re going to put customers in an airliner you’re saying yes there is a level of risk to passengers, but that the regulator, or whoever, has deemed [the risk] to be acceptable. It’s a formal process to get those risks accepted and say yes, we can proceed. But again, that varies greatly between different countries, between different industries. Depending on what regulations and laws and practices apply. (We’ll talk about different applications in another section.)

Risk Management

Now putting all this together we call this risk management. Again, that wonderful systematic word: a systematic application of policies, procedures, and practices to these tasks. We have hazard identification, analysis, risk estimation, risk evaluation, risk reduction & risk acceptance. It’s helpful to demonstrate that we’ve got a process here, where we go through these things in order. Now, this is a simplified picture because it kind of implies that you just go through the process once.

With a complex system, you go through the process at least once. We may identify further hazards when we get into Hazard Analysis and estimating risk. In the process of trying to do those things, even as late as applying controls and getting to risk acceptance. We may discover that we need to do additional work. We may try and apply controls and discover the controls that we thought were going to be effective are not effective.

Our evaluation of the level of risk and its acceptability is wrong because it was based on the premise that controls would be effective, and we’ve discovered that they’re not, so we must go back and redo some work. Maybe as we go through, we even discover Hazards that we hadn’t anticipated before. This can and does happen, it’s not necessarily a straight-through process. We can iterate through this process. Perhaps several times, while we are moving forward.

Safety Management

OK, Safety Management. We’ve gone to a higher level really than risk because we’re thinking about requirements as well as risk. We’re going to apply organization, we’re going to apply management principles to achieve safety with high confidence. For the first time, we’ve introduced this idea of confidence in what we’re doing. Well, I say the first time, this is insurance isn’t it? Assurance, having justified confidence, or appropriate confidence because we’ve got the evidence. And that might be product evidence too we might have tested the product to show that it’s safe.

We might have analyzed it. We might have said well we’ve shown that we follow the process that gives us confidence that our evidence is good. And we’ve done all the right things and identified all the risks. That’s safety management. We need to put that in a safety management system, we’ve got a defined organizational structure, and we have defined processes, procedures, and methods. That gives us direction and control of all the activities that we need to put together in combination to effectively meet safety requirements and safety policy.

And our safety tests, whatever they might be. More and more now we’re thinking about top-level organization and planning to achieve the outcomes we need. With a complex system, a complex operating environment, and a complex application.

Safety Planning

Now I’ll just mention planning. Okay, we need a safety management plan that defines the strategy: how we’re going to get there, how are we going to address safety. We need to document that safety management system for a specific project. Planning is very important for effective safety. Safety is very vulnerable to poor planning. If a project is badly planned or not planned at all, it becomes very difficult to Do safety effectively, because we are dependent on the process, on following a rigorous process to give us confidence that all results are correct. If you’ve got a project that is a bit haphazard, that’s not going to help you achieve the objectives.

Planning is important. Now the bit of that safety plan that deals with timescales, milestones, and other date-related information. We might refer to it as a safety program. Now being a UK Definition, British English has two spellings of program. The double-m-e-version of programme. Applies to that time-based progression, or milestone-based progression.

Whereas in the US and in Australia, for example, we don’t have those two words we just have the one word, ‘program’. Which Covers everything: computer programs, a program of work that might have nothing to do with or might not be determined by timescales or milestones. Or one that is. But the point is that certain things may have to happen at certain points in time or before certain milestones. We may need to demonstrate safety before we are allowed to proceed to tests and trials or before we are allowed to put our system into service.

Demonstrating Safety

We’ve got to demonstrate that Safety has been achieved before we expose people to risk. That’s very simple. Now, finally, we’re almost at the end. Now we need to provide a demonstration – maybe to a regulator, maybe to customers – that we have achieved safety. This standard uses the concept of a safety case. The safety case is basically, imagine a portfolio full of evidence. We’ve got a structured argument to put it all together. We’ve got a body of evidence that supports the argument.

It provides a Compelling, Comprehensible (or understandable), and valid case that a system is safe. For a given application or use, in a given Operating environment. Really, that definition of what a safety case is, harks back to that meaning of safety. We’ve got something that really hits the nail on the head. And we might put all of that together and summarise it in a safety case report. That summarises those arguments and evidence, and documents progress against the Safe program.

Remember I said our planning was important. We started off by saying that we need to do this, that the other in order to achieve safety. Hopefully, in the end, in the safety report, we’ll be able to state that we’ve done exactly that. We did do all those things. We did follow the process rigorously. We’ve got good results. We’ve got a robust safety argument. With evidence to support it. In the end, it’s all written up in a report.

Documenting Safety

Now that isn’t always going to be called a safety case report; it might be called a safety assessment report or a design justification report. There are lots of names for these things. But they all tend to do the same kind of thing, where they pull together the argument as to why the system is safe. The evidence to support the argument, document progress against a plan or some set of process requirements from a standard or a regulator or just good practice in industry to say: Yes, we’ve done what we were expected to do.

The result is usually that’s what justifies [the system] getting past that milestone. Where the system is going into service and can be used. People can be exposed to those risks, but safely and under control.

Everyone’s a winner, as they say!

Copyright – Creative Commons Licence

Okay. I’ve used a lot of information from a UK government website. I’ve done that in accordance with the terms of its creative commons license, and you can see more about that here. We have complied with that, as we are required to, and to say to you that the information we’ve supplied is under the terms of this license.

Safety Concepts Part 2: More Resources

And for more resources and for more lessons on system safety. And other safe topics. I invite you to visit the safety artisan.com website Thanks very much for watching. I hope you found that useful.

We’ve covered a lot of information there, but hopefully in a structured way. We’ve repeated the key concepts and you can see that in that standard. The key concepts are consistently defined, and they reinforce each other. In order to get that systematic, disciplined approach to safety, that’s what we need.

Anyway, that’s enough for me. I hope you enjoyed watching it and found that useful. I look forward to talking to you again soon. Please send me some feedback about what you thought about this video and also what you would like to see covered in the future.

Thank you for visiting The Safety Artisan. I look forward to talking to you again soon. Goodbye.

Safety Concepts Part 1 defines the meaning of ‘Safe’, and it is free. Get the full-length Lesson as part of the FREE Triple Learning Bundle.

Meet the Author

Learn safety engineering with me, an industry professional with 25 years of experience, I have:

•Worked on aircraft, ships, submarines, ATMS, trains, and software;

•Tiny programs to some of the biggest (Eurofighter, Future Submarine);

•In the UK and Australia, on US and European programs;

•Taught safety to hundreds of people in the classroom, and thousands online;

•Presented on safety topics at several international conferences.

Tags 10-basic-principles-of-safety, 5-digital-safety-rules, basic-principles-of-safety, def-stan-00-56, defence-standard-00-56, difference-between-safe-and-safety, Safety-concept, safety-concepts, safety-definition-in-english, safety-definition-in-nebosh, safety-engineering, safety-of-principal-definition, safety-principle, safety-principles-and-practices, system-safety-concepts, system-safety-training, what-are-the-3-principles-of-safety

Blog Safety Management

Hazard Logs – a Brief Summary

Post author By Simon Di Nucci
Post date July 20, 2022
1 Comment on Hazard Logs – a Brief Summary

Photo by Lukas on Pexels.com

In Hazard Logs – a Brief Summary, we will give you an overview of this important safety management tool. This post serves as an introduction to longer posts and videos (e.g. Hazard Logs & Hazard Tracking Systems), which will provide you with much more content.

Hazard Logs – a Brief Summary

Description of Hazard Log

A Hazard Log is a continually updated record of the Hazards, Accident Sequences, and Accidents associated with a system. It includes information documenting risk management for each Hazard and Accident.

The Hazard Log is a structured means of storing and referencing Safety Risk Evaluations and other information relating to a piece of equipment or system. It is the principal means of tracking the status of all identified Hazards, decisions made and actions undertaken to reduce risks. It should be used to facilitate oversight by the Project Safety Committee and other stakeholders.

The Hazards, Accident Sequences, and Accidents recorded are those which could conceivably occur, as well as those which have already been experienced. The term Hazard Log may be seen as misleading since the information stored relates to the entire Safety Programme and covers Accidents, Controls, Risk Evaluation, and ALARP/SFARP justification, as well as data on Hazards.

Operation

The Hazard Log is maintained by a Hazard Log Administrator, who is responsible to the Project Safety Engineer/Manager. The Hazard Log Administrator has primary access to the Hazard Log allowing him/her to add, edit or close data records. All other personnel requiring access to the Hazard Log are normally allowed read-only access. This allows for visibility of Hazards to all but limits the control/administration of data records to the Hazard Log Administrator.

Records can be tracked by the use of a status field. This, for example, identifies whether the record has just been opened, is awaiting confirmation of mitigation actions, or is ALARP/SFARP.

It is best practice for the Hazard Log to record each Hazard as “open” and for ALARP/SFARP arguments to be provisional until all mitigation actions are confirmed to be satisfactorily completed. An example is where the mitigation depends upon the production of an operational procedure that may not be written until well after the Hazard is first identified in the early stages of design or construction.

Hazards should not be deleted from the Hazard Log, but closed and marked as “out of scope” or “not considered credible”, together with appropriate justification. Where such Hazards are no longer considered relevant to the system, the Log entry should be updated to reflect this.

Application

In general, the Hazard Log should relate to a specified system and record its scope of use, together with the safety requirements. When Hazards are identified, the Hazard Log should show how these Hazards were evaluated and note the resulting residual risk assessment; the Hazard Log should then record any recommendations for further action to mitigate the Hazards, or formally document acceptance of the Hazards and any ALARP/SFARP justification.

Since a Hazard Log is a structured way of storing and referencing data and records on Hazards, documenting the Risk Evaluation and other information relating to a piece of equipment or system, clear cross-referencing to supporting documentation is essential. The supporting documentation can be either directly embedded or cross-referenced within the Hazard Log.

When it Might be Used

A Hazard Log should be established for all projects. This will allow full traceability of the formal decision process which would justify the assessed level of Safety Risk.

The Hazard Log is established at the earliest stage of the program and should be maintained throughout the system life cycle as a “live” document or database. As changes are integrated into the system, the Hazard Log should be updated to incorporate added or modified Hazards and the associated residual risks noted to reflect the current design standard.

It is essential that the Hazard Log is reviewed at regular intervals, to ensure that Hazards are being managed appropriately and enable robust safety arguments in the Safety Case to be established.

Advantages, Disadvantages, and Limitations

Advantages

The Hazard Log contains the traceable record of the Hazard Management process for the Project and therefore:

Ensures that the Project Safety Programme uses a consistent set of Safety information;
Facilitates oversight by the Safety Panel and other stakeholders of the current status of the Safety activities;
Supports the effective management of possible Hazards and Accidents so that the associated Risks are brought up to and maintained at a tolerable level;
Provides traceability of Safety decisions made.

Disadvantages

The relationship between Hazards, Accidents, and their management through setting and meeting Safety Requirements could be included within the Hazard Log. However, if it is not sufficiently robust or well-structured, this may obscure the identification and clearance of Hazards;
If Hazards are not well defined when they are entered into the Hazard Log, then the rigor enforced by the need for a clear audit trail of changes made may make it very difficult to maintain the Hazard and Accident records in the most effective way. An appropriate structure should therefore be designed and agreed upon before data entry starts.

Comments

A Hazard Log can be produced in any format, but an electronic format is the most common, as this tends to provide the quickest means of cross-referring and providing traceability through the Hazard Log. A paper-based Hazard Log would have limitations for most defense Systems as it would become large, staff-intensive, and cumbersome as the System developed. This in turn introduces a significant maintenance overhead for a project.

The electronic form of the Hazard Log can be developed using Database development tools like Microsoft Access or SQL Server. Alternatively, you can use an existing application such as DOORS. Alternatively, it can be completed in a simple spreadsheet package such as Microsoft Excel. The UK Ministry of Defence’s preferred Hazard Log tool was Cassandra, a proprietary Database based upon Microsoft Access. (We will use Cassandra as an example in another blog post.)

A bespoke Database enables the originator to custom define fields appropriate to the System. Conversely, a proprietary tool allows for a consistent and standardized approach across a range of programs. A bespoke system may be relatively simple to administer and manipulate, whereas a proprietary tool may require external training. Widespread use of different bespoke solutions may become unmanageable.

Sources of Additional Information

Additional guidance on the Hazard Log can be found within the following references: MoD’s Project-Oriented Safety Management System – procedure SMP11 – Hazard Log. An example Hazard Log structure is also presented there.

Copyright Acknowledgement

In this article, I have used material from a UK Ministry of Defence guide. It is reproduced under the terms of the UK’s Open Government Licence.

Hazard Logs – a Brief Summary: Ask Me Anything!

Tags hazard-control-log, hazard-log-example, hazard-log-form, hazard-monitoring-system, hazard-tracking, hazard-tracking-log, hazard-tracking-system-template, how-many-hazard-categories-are-there, risk-management-tracking-tools, risk-tracking-and-reporting, risk-tracking-in-project-management, risk-tracking-process, risk-tracking-software, what-is-a-hazard-log

Course Work Health and Safety

Australian WHS Course

Photo by Catarina Sousa on Pexels.com

In this Australian WHS Course, we show you how to practically and pragmatically implement the essential elements of Australian Work Health and Safety Legislation. In particular, we look at the so-called ‘upstream’ WHS duties. These are the elements you need to safely introduce systems and services into the Australian market.

Lessons in This Course

A Guide to the Australian WHS Act

Image by Wendy Van Zyl, from Pexels

This Guide to the WHS Act covers many topics of interest to system safety and design safety specialists, this full-length video covers key sections (§) of the Act:

§ 3, Object [of the Act];
§ 4-8, Definitions;
§ 12A, Exclusions;
§ 18, Reasonably Practicable;
§ 19, Primary Duty of Care;
§ 22-26, Duties of Designers, Manufacturers, Importers, Suppliers & those who Install/Construct/Commission;
§ 27, Officers & Due Diligence;
§ 46-49, Consult, Cooperate & Coordinate;
§ 152, Function of the Regulator; and
§ 274-276, WHS Regulations and CoP.

The Consultation, Cooperation & Coordination Code of Practice

Photo by August de Richelieu from Pexels.com

In this 30-minute session, we look at the Consultation, Cooperation & Coordination Code of Practice (CC&C CoP). We cover the Commonwealth and Model versions of the CoP, appendices & a summary of detailed requirements; and further commentary. This CoP is one of the two that are generally applicable.

Topics:

CC&C in the Federal or Commonwealth CoP;
Extra CC&C in the Model CoP;
(Watch out for Jurisdiction);
Further commentary; and
Where to get more information.

The Risk Management CoP

Photo by Marta Branco from Pexels

In this 40-minute session, we look at the Risk Management Code of Practice (CoP). We cover: who has WHS duties; the four-step process; keeping records, appendices & a summary of detailed requirements; and further commentary. This CoP is the other one of the two that are generally applicable.

Topics:

Who has WHS duties;
The four-step process;
Keeping records, appendices & summary of detailed requirements;
Further commentary; and
Where to get more information.

Safe Design

Karolina Grabowska STAFFAGE from Pexels

Want some good guidance on Safe Design? In this 52-minute video from the Safety Artisan, you will find it. We take the official guidance from Safe Work Australia and provide a value-added commentary on it. The guidance integrates seamlessly with Australian law and regulations, but it is genuinely useful in any jurisdiction.

Topics:

A safe design approach;
Five principles of safe design;
Ergonomics and good work design;
Responsibility for safe design;
Product lifecycle;
Benefits of safe design;
Legal obligations; and
Our national approach.

How to Demonstrate SFARP

Photo by Sondre Dahl from Pexels.com

So our learning objectives for this session at the end of this session, you should understand the SFARP concept: what it’s all about. You should understand the variety of techniques that are available to you. Most importantly, you will be able to apply these techniques in the correct order, because that’s important in the real world.

Topics

Introduction – Reasonably Practicable;
How to SFARP with:
- Codes, Standards & Regulations; and
- Controls, or groups of controls.
Some practical hints on good practice;
Examples; and
Source information.

Behind the Scenes Blog

Career Change

The Safety Artisan - anticipating risk

Career change: in my lecture to the System Engineering Industry Program at the University of Adelaide, I reflect on my career changes. What can you learn from my experiences? (Hint: a lot, I hope!)

I want to talk about career changes because all of you – everyone listening – have already started to make them. You’ve already made the ‘career change’ from being a school student to coming here. You’re going to graduate – hopefully – and then move on into industry or academia or whatever you choose to do. And there are a lot of things to take in. Some of them are directly relevant to safety. But a lot of these things are relevant to whatever you’re doing.

I’m a High-School Student: How Can I Plan My Career Path?

When I was a student at school, I knew what I wanted to do. I guess I was quite lucky in that respect. I wanted to be a pilot in the Air Force. But then I flunked my first eye test at 14, and I knew that was the end of that dream. So I had to choose something else. And I ended up becoming an engineer in the Air Force.

The relevance of that is that I joined the Air Force before I went to university, and they paid me some money. They paid my fees (Well, there weren’t fees at the time.) I know it’s a strange concept these days, but University was free back in the day. But far fewer people went to university, so it’s swings and roundabouts.

But I’d gone from school, where I was in the top three of everything in every class. Then I started doing my engineering course at university. I found myself in the bottom quarter of the class in terms of performance. So that was a bit of a shock, I have to say. I suddenly realized that I was now a small fish in a much bigger bowl. I suppose if you never leave Adelaide, you never have to experience that.

But if those of you do move on and move out of the Goldfish Bowl is ‘Adle’-brain, you’ll discover there’s a big world out there. One with lots of competition. And it’s a very exciting world, but it can be a little bit frightening sometimes. But anyway, I got through it. Most of us got through the course. I was doing an aerospace systems engineering course, and we had a wash-out rate of about 10% in the first year. But if you survived your first year, it got easier.

I’ve got these questions – I lifted these questions, actually, from an essay education website. It’s a bit tongue in cheek saying, ‘How can I plan my career path?’. Because when you’re at school, you don’t really have any idea about what work is all about. Unless maybe you’ve got a part-time job. Or your family owns a business or whatever, and you’ve worked in it, and you have a more realistic idea of what work is. But work is very different from school, as I’m sure you know, and University is very different from school.

I’m a Graduate: What Do I Do Next?

And then when I graduate, I think, ‘Well, I had a career path mapped out for me’, which was ‘Join the Air Force’. But I had some second thoughts. University opened my eyes and widened my horizons. And I thought about doing other things. ‘Should I stick with the Air Force?’. Although, there was always the issue that I’d have to pay them back lots of money, which I didn’t have. So, I decided to stay.

And so, you’re thinking as a graduate, ‘Well, what do I do next?’. There’re opportunities in the public sector, working for the government. There’re opportunities in the private sector. Do I go for a small or medium or work for a large firm? Do I stay in academia and do some research? What do I do? (Do you all go straight to a master’s on your course? Or is it a bachelor’s?) So maybe you think, ‘Well, do I stay and do a master’s?’ ‘Do I stay and do a Ph.D.?’ My results weren’t good enough to do a Ph.D. so that was a decision I didn’t have to make.

There are lots of choices. And there are pros and cons of working for large firms and small firms or the public sector. I have to say the public sector is probably better at training you and investing in you. This is because they typically employ large numbers of people. And certainly, the Air Force was very enlightened about the way it did education.

And a lot of people in the Air Force studying – even the troops who had maybe joined the Air Force early, those who left school at 16 with very few qualifications. Lots of people were doing a part-time study with the Open University. A lot of people I worked with did that. Part of my job was to help them get through trying to do a master’s degree in software engineering or safety part-time and support them. Which was a great privilege and I really enjoy doing that. So, you’ve got lots of choices.

So, there’re lots of opportunities out there for you. Do go out and look at what’s out there. And as I say, some firms will have a formal graduate development scheme. Others will not. It’ll be an informal scheme, but make your mind up about which way you want to go. And what you want. Always bearing in mind, of course, that, as you’ll have seen, I ended up making a series of big career changes. I had no idea I was going to do those things. I got into software by accident. I got into safety by accident. Sorry, but no cheesy pun intended.

I’m a Veteran: How Can I Make the Career Change into Industry?

And then when I left the Air Force after 20 years, I had to make a career change from Air Force into ‘Civvy Street’, as it was known. And fortunately for me, the Air Force – in fact, all the armed forces in the UK – had a really good career change scheme. A scheme where you’re entitled to go back to the classroom and you could do courses. There were some basic courses everybody had to do.

Specifically, one where you were taught how to deal with grief, surprisingly. Because if you’ve been institutionalized in a large employer for a long, long time and you only know one way of doing things, then it’s difficult to leave. Then when you leave that and you’ve got to go out and make your own decisions and stuff, and that’s really challenging.

And the forces introduced this career change scheme based on – I think it was at a New York Police Department experience. The New York police discovered that a lot of their veterans who left the police force were dying after only a few years of retirement. And they thought ‘This is weird. They’ve done this dangerous job all their lives, and then they leave and then they all die’.

Of natural causes, I should say, and suicide. And the New York police said, ‘We’re not preparing our people to leave the stresses and strains of the police and get used to a completely different way of life.’. Fortunately, the force has introduced this career change training to help you do that. To learn practical skills. I did my project management training, et cetera.

So, that was helpful. And often I would say, if you’re going to make a career change, retraining is often a big part of that. Whether it’s the cause or the effect of the career change.

I’m Looking for A Career Change: What Are My Options?

In all of these things – as I say, I’ve done a lot of changes in my career. Some of my career was planned, but a great deal of it was not. And that’s okay. Sometimes choices are made for you by personal circumstances or whatever. I decided I had to leave the Air Force because our daughter was about to go to secondary school. We couldn’t afford to move around anymore and disrupt her education. So, the choice was made for me.

But also you might be tracking along quite nicely in your job and an opportunity comes up. And you think, ‘Well, I’d never thought about doing that, but actually, this is interesting. I’ve just got to try this.’ And I would encourage you to do that.

I’m An Employer: How Can I Ensure I Have the Workforce I Need?

One of the things I do nowadays – what I have done for a long time – is interview people. Whether it be for Frazer-Nash, QinetiQ before, or even in the Air Force. Because some of the jobs I was in were specialists and we had the right to interview. We could choose people. We could choose volunteers. So, I’ve interviewed hundreds and hundreds of people over many years. And potential employers are looking for the right people to employ. You’re looking for a good employer. How do I perform an interview and get that job? Or that career that I want?

And it’s not a secret, but when I’m interviewing people, if you rock up at the office, I’m going to find out what you do. What you’ve been doing academically. What you do outside of work. Because obviously – it’s not ‘obviously’, sorry. Often some of the most interesting things about people are what they do in their spare time. And you can learn a lot about somebody. People have got interests, particularly those who serve in different ways. Whether you volunteer for anything or sport or something like that. Because you often find that high achievers in life tend to be high achievers in everything.

And I’ve interviewed one or two people and they’ve gone out the door and I’ve looked at the other interviewer. And I’d say, ‘Well if we hire her, we’re all going to have to raise our game, aren’t we? Because she’s going to make us look bad.’. Which is a wonderful problem to have, by the way. You think ‘Great. We can get this person on the team who’s going to allow us to do something we’ve never done before.’. So, we’re looking for people that we can utilize. That we can deploy. What have you done? What tools and techniques are you able to use?

Consultancy is a bit unusual. Most of you will probably not start in consultancy. You probably won’t start in safety. In safety, most of us tend to have done another job first and then got into it for whatever reason. So, we’ve made that ‘career change’ as a graduate or an ex-graduate early in your career. I guess we’ll be looking mainly at your potential.

It’s not the technical skills so much that we’re looking for. Technical skills can be taught. If I want somebody who can do fault tree analysis, we can teach you how to do fault tree analysis. We can send you on a course. What I can’t or what is not so easy to teach is attitude and the way you approach work. And are you a team player and all those kinds of things? So, that’s often much more important.

I’m An Educator: How Can I Inspire or Educate?

I suppose this is what I’m trying to do today. In my spare time, I also run my own business called The Safety Artisan so please check it out. You can go to www.safetyartisan.com. And there’re lots of lessons on there about safety. About Australian WHS and system safety. Some of it is free and some of it you have to pay me some money for which I will be very grateful. Thank you very much. The only problem is you have to listen to me talking, but never mind. You can’t have everything.

There’re a lot of opportunities out there, and I think the Australian jobs market is very dynamic. And it works both ways. Big firms will hire hundreds of people to do a project. And then some of them will then fire you just like that when the project is over. Not all firms are like that. Many are looking for people with transferable skills. If one door shuts, usually another door opens. So, we’re looking for people who can be flexible and adaptable. This is why I find myself doing cybersecurity these days as well as safety.

Reflections On a Career in Safety

I’ll move on to some quick reflections. It says ‘Reflections on a career in safety’ but you could apply this to almost anything. At University, I learned – and in training courses throughout my career – I’ve learned a theoretical framework. Whether it be engineering. Whether it be marketing. Marketing is a science and an art and a very complex one, for example.

So, whether it’s engineering or not, there’re lots of things to learn during your career. And you’ll get to learn on a course, or an institution like this – You’ll get to learn some theory. A framework to plug things into. But actually, it’s the practical experience where you sort of put the flesh on the bones, and the two go together.

And then the second point I’d just like to make on reflection. To a degree, I would say go with the flow because opportunities will come up that you hadn’t planned for. That you hadn’t thought of. But give it a go. If you’ve got an opportunity, try it. Particularly as I found, if the alternative is doing something you really don’t want to do. That makes the choice a lot easier. But go for it.

Also, you’ve got to remember to stick to your principles. So, you’ve got to decide what’s important to you and hold on to those values. Otherwise, you could end up doing something you’re not happy with. In fact, somebody much cleverer than me once said that the secret or the art of progress is to “preserve change amidst order and preserve order amidst change”. And those are very wise words. So, decide what’s really important to you. What you will not change. What you will not compromise on under any circumstances. But other than that, go for it.

And finally, in safety and in many other things, I’ve seen people tend to overcomplicate things. I think Einstein said, if you can’t explain something in simple terms, you don’t really understand it. And that’s a very challenging quote but it’s very true. So, there’s a lot of complexity out there. And that’s the whole point of systems engineering, isn’t it? To deal with complexity. So, big programs, are complex things and difficult to understand. But it’s all about boiling it down to something simple. And then, understanding what those core principles are and holding fast onto them while dealing with the complexity. So, a little plug for systems engineering.

I’m very happy to talk about systems engineering, it’s so important to safety.

Do You have any Career Change Questions? Leave a Comment, below.

Tags can-i-change-career-at-30, can-you-change-career-at-30, career-change, career-change-after-10-years, career-change-at-40-australia, career-change-don't-know-what-to-do, career-change-for-over-50s, career-change-without-experience, career-path, how-can-i-plan-my-career-path, objective-for-career-change, to-change-career-path, what-are-my-options, what-do-i-do-next, when-to-change-career, when-to-change-career-paths, where-to-start-career-change, why-career-change-reason, why-change-career-interview-questions

Blog Safety Management

Safety Management Policy

Photo by Produtora Midtrack

In this post on Safety Management Policy, we’re going to look at the policy requirements of a typical project management safety standard. This is the Acquisition Safety & Environmental System (ASEMS).

The Ministry of Defence is the biggest acquirer of manufactured goods in the UK, and it uses ASEMS to guide hundreds of acquisition projects. They will range from the development of large, complex systems to buying simpler off-the-shelf items.

(You may be aware that the UK Ministry of Defence has a terrible record of project failure. I have personal experience of working on both sides of contracts – for buyer and seller. I can tell you that they would have done better if they had followed ASEMS more carefully. The standard is good, but no standard can help if you don’t use it!)

The policy clauses listed here are typical of many found around the world. There is a lot to be learned by studying them.

Safety Management Policy – Overview

ASEMS Part 1 – Policy comprises a series of policy statements grouped in six loosely related sections as follows:

Part 1 – General Clauses

These clauses represent those overarching general requirements that shall be used in all instances. If the clause is self-explanatory, there may not be explicit Instructions in ASEMS – Part 2 Instructions, Guidance, and Support to support them but where these are provided, the Instructions and Guidance will provide a best practice method for compliance.

Clause 1.1 Conform to Secretary of State for Defence’s Policy

Those holding safety and environmental protection delegations shall ensure that in the procuring or supporting Products, Systems, or Services, they conform to the Secretary of State’s Health, Safety, and Environmental Protection Policy Statement.

Clause 1.2 Instructions

The instructions defined in ASEMS – Part 2 Instructions, Guidance, and Support shall be used to manage safety and environmental impact within the Enterprise.

Clause 1.3 Duty Holders

Duty Holders shall be appointed and Letters of Delegation issued in accordance with the Enterprise Chief Executive Officer’s Organisation and Arrangements.

Clause 1.4 Interfaces

Interfaces between organizations shall be identified so that risks across them can be appropriately managed and effectively communicated.

Clause 1.5 Data and Record Format

Data shall be maintained in a format, which satisfies the reporting requirements of senior management within the Enterprise. Auditable records shall be made and kept under review in accordance with relevant legislation.

Clause 1.6 Significant Occurrences and Fault Reporting

All Delivery (Project) Teams shall record and report significant Product, System, or Service faults, accidents, incidents, and near misses to the Enterprise Safety, Health & Environment Committee through the Quality, Safety, and Environmental Protection Team.

Clause 1.7 Learning From Experience

Business Units, Delivery (Project) Teams, or equivalents shall ensure accidents and incidents are investigated to identify opportunities to reduce the likelihood and impact of recurrence. Lessons learned shall be shared amongst all relevant stakeholders to maximize benefit.

Clause 1.8 Training

Enterprise-sponsored courses for system safety and environmental protection shall be the recognized route for achieving suitable and sufficient competence throughout the Enterprise.

Part 2 – Management Responsibilities

Management responsibilities for safety and environmental protection permeate through every Clause, and are the heart of any successful safety and environmental management system; however, these Clauses confer specific requirements upon management and make compliance easier to measure.

Clause 2.1 Organisation and Arrangements

Business Unit Directors or equivalent shall document their Organisation and Arrangements that shall communicate their commitment to the Secretary of State for Defence’s policy statement, continual improvement, positive safety and environmental culture, to minimize adverse effects on the environment, and comply with legal and other appropriate requirements.

Clause 2.2 Communication

Business Units, Delivery (Project) Teams, or equivalents shall ensure that communication procedures are implemented that provide an effective flow of safety and environmental protection information upwards, downwards, and across their organization.

Clause 2.3 Organisational Change Management

Business Unit Directors or equivalent shall identify any increased safety risk associated with organizational change and manage it appropriately.

Part 3 – Safety and Environmental Management System

These Clauses place specific requirements upon organizations and individuals and represent the minimum requirements for a safety and environmental management system. They include the requirement to plan for safety and environmental protection, to enact that plan, check that the plan is working, and to make changes where necessary to improve the system

Clause 3.1 Safety and Environmental Management System

Business Units, Delivery (Project) Teams, or equivalents shall operate in compliance with established Safety and Environmental Management Systems.

Clause 3.2 Safety and Environmental Management Plan

Business Units or equivalent shall ensure that all Products, Systems, or Services have a suitable and sufficient through-life safety and environmental management plan.

Clause 3.3 Stakeholder Agreements

Agreements between Stakeholders shall define and document system safety and environmental protection responsibilities.

Clause 3.4 Availability of Resources

Business Units, Delivery (Project) Teams or equivalents shall ensure the availability of resources necessary to establish, implement and maintain the safety and environmental management system and detail these in a through-life safety and environmental management plan.

Clause 3.5 Core Element Documentation

Business Units, Delivery (Project) Teams or equivalents shall establish, maintain and retain suitable and sufficient information that describes the core elements of the safety and environmental management system(s), their interaction, and any related documentation.

Clause 3.6 Accountability

Individuals deployed to assignments that require the formal delegation of safety and environmental responsibilities, accountabilities, and authority shall be mapped against, and comply with, the requirements of the Enterprise Acquisition Safety taxonomy.

Clause 3.7 Monitoring

Business Units, Delivery (Project) Teams or equivalents shall establish, implement and maintain a suitable and sufficient procedure to monitor and measure safety and environmental performance of their safety and environmental management system on a regular basis.

Clause 3.8 Audit Frequency

Compliance with the documented safety and environmental management system shall be verified via audit at planned intervals according to a published schedule, and as required.

Clause 3.9 Internal Audit

At planned intervals commensurate with the risk:

Business Units shall audit their Delivery (Project) Teams, or equivalents, safety, and environmental management systems.
Delivery (Project) Teams or equivalents shall audit the safety and environmental management systems of their projects.
The Enterprise Quality, Safety, and Environmental Protection Team or their representative, shall audit the safety and environmental management systems of Business Units and Delivery (Project) Teams.

Policy Clause 3.10 Review

Business Units, Delivery (Project) Teams, or equivalents shall review their safety and environmental management systems, at planned intervals commensurate with the risk, to ensure their continuing suitability, adequacy, and effectiveness.

Part 4 – Safety and Environmental Cases/Assessments

These Clauses contain the requirements that each safety and environmental case/assessment shall contain. Defense Regulators may require further, additional, requirements to what is contained in these clauses. Adherence to these Clauses will ensure safety and environmental cases/assessments contain the minimum evidence necessary to support safety and environmental arguments that Products, Systems, and Services are safe to use.

Clause 4.1 Safety Cases

Delivery (Project) Teams or equivalents shall establish and maintain through-life safety cases that provide a compelling, comprehensible, and valid argument that a Product, System, or Service is safe for a given application in a given operating environment.

Clause 4.2 Environmental Cases

Delivery (Project) Teams or equivalents shall establish and maintain through-life environmental cases that provide a compelling, comprehensible, and valid argument that the environmental impact of a Product, System or Service is reduced, or Best Practicable Environmental Option (BPEO) is applied.

Clause 4.3 Identification of Legislation and other Requirements

Business Units or equivalent shall establish and maintain a procedure for identifying and accessing the relevant safety and environmental legislative and other requirements that are applicable to their projects.

Clause 4.4 Legislation Compliance and other Requirements

Delivery (Project) Teams or equivalents shall establish, and demonstrate compliance with, relevant legislation and other requirements.

Clause 4.5 Environmental Impact Identification

Business Units, Delivery (Project) Teams or equivalent shall establish, implement and maintain a procedure for the on-going proactive identification of environmental impacts.

Clause 4.6 Safety Hazard Identification

Business Units, Delivery (Project) Teams or equivalent shall establish, implement and maintain a procedure for the on-going proactive identification of safety hazards.

Clause 4.7 Safety and Environmental Objectives and Targets

Business Units, Delivery (Project) Teams or equivalents shall establish and maintain relevant safety and environmental objectives with a resourced programme to achieve targets.

Clause 4.8 Accident and Incident Records

Business Units, Delivery (Project) Teams or equivalent shall monitor and record accidents, incidents and near misses, where the performance of their Product, Systems or Services results in harm to individuals or damage to the environment and use this information to keep their risk assessments valid.

Clause 4.9 Assessment Approval

Safety and environmental case reports shall be personally approved by the individual with formally delegated authority to confirm their acceptance with the progress of the safety case/assessment and of the risks associated with the project.

Clause 4.10 Independent Assurance

Independent review of the Safety and Environmental Management System shall be ensured, as appropriate and commensurate to the risk, by the individual with formally delegated authority for safety and environmental protection.

Part 5 – Risk management

Risk Management is an essential function of safety and environmental protection and these Clauses reflect that importance. They set both general safety and environmental protection standards and specific the Enterprise requirements that support the need for assurance and performance monitoring to the Defence Board. The requirement to refer risks through Line management is included here.

Clause 5.1 Risk and Impact Assessment

All foreseeable Safety Risks and Environmental impacts shall be identified, assessed, prioritised and managed.

Clause 5.2 Change Management

Business Units, Delivery (Project) Teams or equivalents are to ensure that all new or increased safety risks arising from changes to Products, Systems or Services or to their operating environment are managed appropriately

Clause 5.3 Hierarchy of Controls

Business Units, Delivery (Project) Teams, or equivalent shall adopt a recognized hierarchical approach for achieving a reduction in safety risk and environmental impact.

Clause 5.4 Consultation

Business Units, Delivery (Project) Teams, or equivalent shall ensure that all stakeholders are identified and consulted so that their views and responsibilities are considered when managing safety and environmental risks.

Clause 5.5 Safety Risk

Products, Systems or Services shall not have safety risks that have not been formally assessed, justified and declared to be Tolerable and As Low As Reasonably Practicable (ALARP), unless communicated and accepted by a Duty Holder (DH).

Clause 5.6 Environmental Impact

Significant environmental impacts shall be minimised utilising BPEO.

Clause 5.7 Non-compliance Reporting

In circumstances where the ability of the Delegation Holder to achieve compliance with the requirements of ASEMS may have been compromised, Business Units, Delivery (Project) Teams or equivalents shall take immediate steps to correct the situation. Actions required could include improving the clarity of the authority, instructions or responsibilities provided, increasing resources or correcting deficiencies in practices or procedures. Where resolution of the problem lies outside the control of the Delegation Holder, the issue is to be referred through the line management chain. This requirement is to be applied to any further levels of delegation as necessary.

Clause 5.8 Referral Requirements

Where risks cannot be managed within an individual’s delegated responsibility, the risk shall be formally referred using the Enterprise Risk Referral procedure.

Part 6 – Competence

It is necessary that those involved in safety and environmental protection are suitably qualified and experienced in order for them to perform their roles. These Clauses detail the way that competence is to be captured and assessed.

Clause 6.1 Roles and Responsibilities

Business Units, Delivery (Project) Teams or equivalents shall demonstrate that competence requirements have been established for all roles in accordance with appropriate standards including the Enterprise System Safety & Environmental Protection Competency Maps, Assignment Specifications, and Success Profiles.

Clause 6.2 Suitably Qualified and Experienced Personnel

Business Units, Delivery (Project) Teams or equivalents shall ensure that those engaged in safety and environmental protection are suitably qualified and experienced to discharge their safety and environmental responsibilities.

Clause 6.3 Competence

The competence of all staff with system safety and environmental responsibilities shall be regularly assessed, monitored, and recorded. Staff with formally delegated system safety and environmental responsibilities shall demonstrate their competence to receive the delegation prior to deployment, and their competence shall be regularly monitored and recorded.

Safety Management Policy: which clauses will you use?

Tags health-&-safety-policy-legal-requirements, how-long-is-a-safety-good-for, safety-&-health-policy-statement, safety-is-the-best-policy, safety-policy-and-objectives, safety-policy-in-industry, safety-policy-statement-of-intent, safety-training-policy-statement, what-is-safety-policy-statement, when-should-health-and-safety-policy-be-reviewed, why-health-and-safety-policy-is-important

Blog Safe Design

Good Work Design

Good work design can help us achieve safe outcomes by designing safety into work processes and the design of products. Adding safety as an afterthought is almost always less effective and costs more over the lifecycle of the process or product.

Introduction

The Australian Work Health and Safety Strategy 2012-2022 is underpinned by the principle that well-designed healthy and safe work will allow workers to have more productive lives. This can be more efficiently achieved if hazards and risks are eliminated through good design.

Work is currently underway by Safe Work Australia to update the WHS Strategy for 2022-2032.
Top Tip

The Ten Principles of Good Work Design

This handbook contains ten principles that demonstrate how to achieve the good design of work and work processes. Each is general in nature so they can be successfully applied to any workplace, business, or industry.

The ten principles for good work design are structured into three sections:

Why good work design is important;
What should be considered in good work design; and
How good work is designed.

These principles are shown in the diagram in Figure 1.

Figure 1. Good work design principles.

This handbook complements a range of existing resources available to businesses and work health and safety professionals including guidance for the safe design of plant and structures see the Safe Work Australia Website.

Scope of the Handbook

This handbook provides information on how to apply good work design principles to work and work processes to protect workers and others who may be affected by the work.

It describes how design can be used to set up the workplace, working environment, and work tasks to protect the health and safety of workers, taking into account their range of abilities and vulnerabilities, so far as reasonably practicable.

The handbook does not aim to provide advice on managing situations where individual workers may have special requirements such as those with a disability or on a return to work program following an injury or illness.

Who Should Use this Handbook?

This handbook should be used by those with a role in designing work and work processes, including:

Persons conducting a business or undertaking (PCBUs) with a primary duty of care under the model Work Health and Safety (WHS) laws.
PCBUs who have specific design duties relating to the design of plant, substances, and structures including the buildings in which people work.
People responsible for designing organizational structures, staffing rosters, and systems of work.
Professionals who provide expert advice to organizations on work health and safety matters.

Good work design optimizes work health and safety, human performance, job satisfaction, and business success.

Information: Experts who provide advice on the design of work may include: engineers, architects, ergonomists, information, and computer technology professionals, occupational hygienists, organizational psychologists, human resource professionals, occupational therapists, and physiotherapists.

What is ‘Good Work’?

‘Good work’ is healthy and safe work where the hazards and risks are eliminated or minimized so far as is reasonably practicable. Good work is also where the work design optimizes human performance, job satisfaction, and productivity.

Good work contains positive work elements that can:

protect workers from harm to their health, safety, and welfare;
improve worker health and wellbeing; and
improve business success through higher worker productivity.

What is Good Work Design?

The most effective design process begins at the earliest opportunity during the conceptual and planning phases. At this early stage there is the greatest chance of finding ways to design-out hazards, incorporate effective risk control measures, and design-in efficiencies.

Effective design of good work considers:

The work:

how work is performed, including the physical, mental and emotional demands of the tasks and activities
the task duration, frequency, complexity, and
the context and systems of work.

The physical working environment:

the plant, equipment, materials, and substances used, and
the vehicles, buildings, and structures that are workplaces.

The workers:

physical, emotional, and mental capacities and needs.

Effective design of good work can radically transform the workplace in ways that benefit the business, workers, clients, and others in the supply chain.

Failure to consider how work is designed can result in poor risk management and lost opportunities to innovate and improve the effectiveness and efficiency of work.

I suspect that many of us have seen badly-designed work, which results in workarounds or waste, or both. A little fore-thought can prevent this.
Top Tip

The principles for good work design support duty holders to meet their obligations under the WHS laws and also help them to achieve better business practice generally.

For the purposes of this handbook, a work designer is anyone who makes decisions about the design or redesign of work. This may be driven by the desire to improve productivity as well as the health and safety of people who will be doing the work

The WHY Principles

Why is good work design important?

Principle 1: Good work design gives the highest level of protection so far as is reasonably practicable

All workers have a right to the highest practicable level of protection against harm to their health, safety, and welfare.
The primary purpose of the WHS laws is to protect persons from work-related harm so far as is reasonably practicable.
Harm relates to the possibility that death, injury, illness, or disease may result from exposure to a hazard in the short or long term.
Eliminating or minimizing hazards at the source before risks are introduced in the workplace is a very effective way of providing the highest level of protection.

Principle 1 refers to the legal duties under the WHS laws. These laws provide the framework to protect the health, safety, and welfare of workers and others who might be affected by the work. During the work design, process workers and others should be given the highest level of protection against harm that is reasonably practicable.

Prevention of workplace injury and illness

Well-designed work can prevent work-related deaths, injuries, and illnesses. The potential risk of harm from hazards in a workplace should be eliminated through good work design.

Only if that is not reasonably practicable, then the design process should minimize hazards and risks through the selection and use of appropriate control measures.

New hazards may inadvertently be created when changing work processes. If the good work design principles are systematically applied, potential hazards and risks arising from these changes can be eliminated or minimized.

Information: Reducing the speed of an inappropriately fast process line will not only reduce production errors, but can also diminish the likelihood of a musculoskeletal injury and mental stress.

Principle 2: Good work design enhances health and wellbeing

Health is a “state of complete physical, mental, and social wellbeing, not merely the absence of disease or infirmity” (World Health Organisation).
Designing good work can help improve health over the longer term by improving workers’ musculoskeletal condition, cardiovascular functioning, and mental health.
Good work design optimizes worker function and improves participation enabling workers to have more productive working lives.

Health benefits

An effective design aims to prevent harm, but it can also positively enhance the health and wellbeing of workers, for example, satisfying work and positive social interactions can help improve people’s physical and mental health.

As a general guide, the healthiest workers have been found to be three times more productive than the least healthy. It, therefore, makes good business sense for work design to support people’s health and wellbeing.

Information: Recent research has shown long periods of sitting (regardless of exercise regime) can lead to an increased risk of preventable musculoskeletal disorders and chronic diseases such as diabetes. In an office environment, prolonged sitting can be reduced by allowing people to alternate between sitting or standing whilst working.

Principle 3: Good work design enhances business success and productivity

Good work design prevents deaths, injuries, and illnesses and their associated costs, improves worker motivation and engagement, and in the long-term improves business productivity.
Well-designed work fosters innovation, quality, and efficiencies through effective and continuous improvement.
Well-designed work helps manage risks to business sustainability and profitability by making work processes more efficient and effective and by improving product and service quality.

Cost savings and productivity improvements

Designing-out problems before they arise is generally cheaper than making changes after the resulting event, for example by avoiding expensive retrofitting of workplace controls.

Good work design can have direct and tangible cost savings by decreasing disruption to work processes and the costs from workplace injuries and illnesses.

Good work design can also lead to productivity improvements and business sustainability by:

allowing organizations to adjust to changing business needs and streamline work processes by reducing wastage, training, and supervision costs
improving opportunities for creativity and innovation to solve production issues, reduce errors and improve service and product quality, and
making better use of workers’ skills resulting in more engaged and motivated staff willing to contribute greater additional effort.

The WHAT Principles

What should be considered by those with design responsibilities?

Principle 4: Good work design addresses physical, biomechanical, cognitive, and psychosocial characteristics of work, together with the needs and capabilities of the people involved

Good work design addresses the different hazards associated with work e.g. chemical, biological, and plant hazards, hazardous manual tasks, and aspects of work that can impact mental health.
Work characteristics should be systematically considered when work is designed, redesigned or the hazards and risks are assessed.
These work characteristics should be considered in combination and one characteristic should not be considered in isolation.
Good work design creates jobs and tasks that accommodate the abilities and vulnerabilities of workers so far as reasonably practicable.

All tasks have key characteristics with associated hazards and risks, as shown in Figure 2 below:

Figure 2 – Key characteristics of work.

Hazards and risks associated with tasks are identified and controlled during good work design processes and they should be considered in combination with all hazards and risks in the workplace. This highlights that it is the combination that is important for good work design.

Workers can also be exposed to a number of different hazards from a single task. For example, meat boning is a common task in a meat-processing workplace. This task has a range of potential hazards and risks that need to be managed, e.g. physical, chemical, biological, biomechanical, and psychosocial. Good work design means the hazards and risks arising from this task are considered both individually and collectively to ensure the best control solutions are identified and applied.

Good work design can prevent unintended consequences which might arise if task control measures are implemented in isolation from other job considerations. For example, automation of a process may improve production speed and reduce musculoskeletal injuries but increase the risk of hearing loss if effective noise control measures are not also considered.

Workers have different needs and capabilities; good work design takes these into account. This includes designing to accommodate them given the normal range of human cognitive, biomechanical and psychological characteristics of the work.

Information: The Australian workforce is changing. It is typically older with higher educational levels, more inclusive of people with disabilities, and more socially and ethnically diverse. Good work design accommodates and embraces worker diversity. It will also help a business become an employer of choice, able to attract and retain an experienced workforce.

Principle 5: Good work design considers the business needs, context, and work environment.

Good work design is ‘fit for purpose’ and should reflect the needs of the organization including owners, managers, workers, and clients.
Every workplace is different so approaches need to be context-specific. What is good for one situation cannot be assumed to be good for another, so off-the-shelf solutions may not always suit every situation.
The work environment is broad and includes: the physical structures, plant and technology, work layout, organizational design and culture, human resource systems, work health and safety processes, and information/control systems.

The business organizational structure and culture, decision-making processes, work environment, and how resources and people are allocated to the work will, directly and indirectly, impact on work design and how well and safely the work is done.

The work environment includes the physical structures, plant, and technology. Planning for relocations, refurbishments, or when introducing new engineering systems are ideal opportunities for businesses to improve their work designs and avoid foreseeable risks.

These are amongst the most common work changes a business undertakes yet good design during these processes is often quite poorly considered and implemented. An effective design following the processes described in this handbook can yield significant business benefits.

Information: Off-the-shelf solutions can be explored for some common tasks, however usually design solutions need to be tailored to suit a particular workplace.

Good work design is most effective when it addresses the specific business needs of the individual workplace or business. Typically work design solutions will differ between small and large businesses.

However, all businesses must eliminate or minimize their work health and safety risks so far as reasonably practicable. The specific strategies and controls will vary depending on the circumstances.

The table on the next page demonstrates how to step through the good work design process for small and large businesses.

Good design steps	In a large business that is downsizing	In a small business that is undergoing a refit
Management commitment	Senior management make their commitment to good work design explicit ahead of downsizing and may hire external expertise.	The owner tells workers about their commitment to designing-out hazards during the upcoming refit of the store layout to help improve safety and efficiency.
Consult	The consequences of downsizing and how these can be managed are discussed in senior management and WHS committee meetings with appropriate representation from affected work areas.	The owner holds meetings with their workers to identify possible issues ahead of the refit.
Identify	A comprehensive workload audit is undertaken to clarify opportunities for improvements.	The owner discusses the proposed refit with the architect and builder and gets ideas for dealing with issues raised by workers.
Assess	A cost-benefit analysis is undertaken to assess the work design options to manage the downsizing.	The owner, architect, and builder jointly discuss the proposed refit and any worker issues directly with workers.
Control	A change management plan is developed and implemented to appropriately structure teams and improve systems of work. Training is provided to support the new work arrangements.	The building refit occurs. Workers are given training and supervision to become familiar with a new layout and safe equipment use.
Review	The work redesign process is reviewed against the project aims by senior managers.	The owner checks with the workers that the refit has improved working conditions and efficiency and there are no new issues.
Improve	Following consultation, refinement of the redesign is undertaken if required.	Minor adjustments to the fit-out are made if required.

Table 1 – steps in good work design for large and small businesses

Principle 6: Good work design is applied along the supply chain and across the operational lifecycle.

Good work design should be applied along the supply chain in the design, manufacture, distribution, use and disposal of goods and the supply of services.
Work design is relevant at all stages of the operational life cycle, from start-up, routine operations, maintenance, downsizing and cessation of business operations.
New initiatives, technologies, and changes in organizations have implications for work design and should be considered.

Information: Supply chains are often made up of complex commercial or business relationships and contracts designed to provide goods or services. These are often designed to provide goods or services to a large, dominant business in a supply chain. The human and operational costs of poor design by a business can be passed up or down the supply chain.

Businesses in the supply chain can have significant influence over their supply chain partners’ work health and safety through the way they design the work.

Businesses may create risks and so they need to be active in working with their supply chains and networks to solve work health and safety problems and share practical solutions for example, for common design and manufacturing problems.

Health and safety risks can be created at any point along the supply chain, for example, loading and unloading causing time pressure for the transport business.

There can be a flow-on effect where the health and safety and business ‘costs’ of poor design may be passed down the supply chain. These can be prevented if businesses work with their supply chain partners to understand how contractual arrangements affect health and safety.

Procurement and contract officers can also positively influence their own organization and others’ work health and safety throughout the supply chain through the good design of contracts.

When designing contractual arrangements businesses could consider ways to support good work design safety outcomes by:

setting clear health and safety expectations for their supply chain partners, for example through the use of codes of conduct or quality standards
conducting walk-through inspections, monitoring, and comprehensive auditing of supply chain partners to check adherence to these codes and standards
building the capability of their own procurement staff to understand the impacts of contractual arrangements on their suppliers, and
consulting with their supply chain partners on the design of good work practices.

Information: The road transport industry is an example of the application of how this principle can help improve drivers’ health and safety and address issues arising from supply chain arrangements. For example, the National Heavy Vehicle Laws ‘chain of responsibility’ requires all participants in the road transport supply chain to take responsibility for driver work health and safety. Contracts must be designed to allow drivers to work reasonable hours, take sufficient breaks from driving and not have to speed to meet deadlines.

The design of products will strongly impact both health and safety and business productivity throughout their lifecycles. At every stage, there are opportunities to eliminate or minimize risks through good work design. The common product lifecycle stages are illustrated in Figure 3 below.

Figure 3 – common product lifecycle

Information: For more information on the design of structures and plant see ‘Safe design of structures’ and Managing the risks of plant in the workplace and other design guidance on the Safe Work Australia website.

The good work design principles are also relevant at all stages of the business life cycle. Some of these stages present particularly serious and complex work health and safety challenges such as during the rapid expansion or contraction of businesses. Systematic application of good work design principles during these times can achieve positive work health and safety outcomes.

New technology is often a key driver of change in work design. It has the potential to improve the quality of outputs, efficiency, and safety of workers, however introducing new technology could also introduce new hazards and unforeseen risks. Good work design considers the impact of the new initiatives and technologies before they are introduced into the workplace and monitors their impact over time.

Information: When designing a machine for safe use, how the maintenance will be undertaken in the future should be considered.

In most workplaces, information and communication technology (ICT) systems are an integral part of all business operations. In practice, these are often the main drivers of work changes but are commonly overlooked as sources of workplace risks. Opportunities to improve health and safety should always be considered when new ICT systems are planned and introduced.

A diagram of the WHAT principles — Figure 4, The ICT Triad

The HOW Principles

Principle 7: Engage decision-makers and leaders

Work design or redesign is most effective when there is a high level of visible commitment, practical support, and engagement by decision-makers.
Demonstrating the long-term benefits of investing in good work design helps engage decision-makers and leaders.
Practical support for good work design includes the allocation of appropriate time and resources to undertake effective work design or redesign processes.

Information: Leaders are the key decision-makers or those who influence the key decision-makers. Leaders can be the owners of a business, directors of boards, and senior executives.

Leaders can support good work design by ensuring the principles are appropriately included or applied, for example in:

key organizational policies and procedures
proposals and contracts for workplace change or design
managers’ responsibilities and as key performance indicators
business management systems and audit reports
organizational communications such as a standing item on leadership meeting agendas, and
the provision of sufficient human and financial resources.

Good work design, especially for complex issues will require adequate time and resources to consider and appropriately manage organizational and/or technological change. Like all business changes, research shows that leader commitment to upfront planning helps ensure better outcomes.

Managers and work health and safety advisors can help this process by providing their leaders with appropriate and timely information. This could include for example:

identifying design options that support both business outcomes and work health and safety objectives
assessing the risks and providing short and long term cost-benefit analysis of the recommended controls to manage these risks, and
identifying what decisions need to be taken, when and by whom to effectively design and implement the agreed changes.

Principle 8: Actively involve the people who do the work, including those in the supply chain and networks

Persons conducting a business or undertaking (PCBUs) must consult with their workers and others likely to be affected by work in accordance with the work health and safety laws.
Supply chain stakeholders should be consulted as they have local expertise about the work and can help improve work design for upstream and downstream participants.
Consultation should promote the sharing of relevant information and provide opportunities for workers to express their views, raise issues, and contribute to decision-making where possible.

Effective consultation and cooperation of all involved with open lines of communication will ultimately give the best outcomes. Consulting with those who do the work not only makes good sense, it is required under the WHS laws.

Information: Under the model WHS laws (s47), a business owner must, so far as is reasonably practicable, consult with ‘workers who carry out work for the business or undertaking who are, or are likely to be, directly affected by a matter relating to work health or safety.’ This can include a work design issue.

If more than one person has a duty in relation to the same matter, ‘each person with the duty must, so far as is reasonably practicable, consult, co-operate and co-ordinate activities with all other persons who have a duty in relation to the same matter’ (model WHS laws s46).

Workers have knowledge about their own job and often have suggestions on how to solve a specific problem. Discussing design options with them will help promote their ownership of the changes. See Code of practice on consultation.

Businesses that operate as part of a supply chain should consider whether the work design and changes to the work design might negatively impact on upstream or downstream businesses. The supply chain partners will often have solutions to logistics problems that can benefit all parties.

Principle 9: Identify hazards, assess and control risks, and seek continuous improvement

A systematic risk management approach should be applied in every workplace.
Designing good work is part of the business process and not a one-off event.
Sustainability in the long-term requires that designs or redesigns are continually monitored and adjusted to adapt to changes in the workplace so as to ensure feedback is provided and that new information is used to improve the design.

Good work design should systematically apply the risk management approach to workplace hazards and risks. See Principle 4 for more details.

Typically good work design will involve ongoing discussions with all stakeholders to keep refining the design options. Each stage in the good work design process should have decision points for review of options and to consult further if these are not acceptable. This allows for flexibility to quickly respond to unanticipated and adverse outcomes.

Figure 5 outlines how the risk management steps can be applied in the design process

Continuous improvements in work health and safety can in part be achieved if the good work design principles are applied at business start-ups and whenever major organizational changes are contemplated. To be most effective, consideration of health and safety issues should be integrated into normal business risk management.

Figure 5 – Steps in the good work design process

Principle 10: Learn from experts, evidence, and experience

Continuous improvement in work design and hence work health and safety requires ongoing collaboration between the various experts involved in the work design process.
Various people with specific skills and expertise may need to be consulted in the design stage to fill any knowledge gaps. It is important to recognize the strengths and limitations of a single expert’s knowledge.
Near misses, injuries and illnesses are important sources of information about poor design.

Most work design processes will require collaboration and cooperation between internal and sometimes external experts. Internal advice can be sought from workers, line managers, technical support and maintenance staff, engineers, ICT systems designers, work health and safety advisors, and human resource personnel.

Depending on the design issue, external experts may be required such as architects, engineers, ergonomists, occupational hygienists, and psychologists.

Information: If you provide advice on work design options it is important to know and work within the limitations of your discipline’s knowledge and expertise. Where required make sure you seek advice and collaborate with other appropriate design experts.

For complex and high-risk projects, ideally, a core group of the same people should remain involved during both the design and implementation phases with other experts brought in as necessary.

The type of expert will always depend on the circumstances. When assessing the suitability of an expert consider their qualifications, skills, relevant knowledge, technical expertise, industry experience, reputation, communication skills, and membership of professional associations.

Information: Is the consultant suitably qualified?
A suitably qualified person has the knowledge, skills, and experience to provide advice on a specific design issue. You can usually check with the professional association to see if the consultant is certified or otherwise recognized by them to provide work design advice.

The decision to design or redesign work should be based on sound evidence. Typically this evidence will come from many sources such as both proactive and reactive indicators, information about new technology, or the business decisions to downsize, expand or restructure or to meet the requirements of supply chain partners.

Proactive and reactive indicators can also be used to monitor the effectiveness and efficiency of the design solution.

Information: Proactive indicators provide early information about the work system that can be used to prevent accidents or harm. These might include for example: key process variables such as temperature or workplace systems indicators such as the number of safety audits and inspections undertaken.

Reactive indicators are usually based on incidents that have already occurred. Examples include the number and type of near misses and worker injury and illness rates.

Useful information about common work design problems and solutions can also often be obtained from:

work health and safety regulators
industry associations and unions
trade magazines and suppliers, and
specific research papers.

A diagram of the HOW principles — Figure 6, Sources of Work Design Information

Good Work Design: Summary

The ten principles of good work design can be applied to help support better work health and safety outcomes and business productivity. They are deliberately high level and should be broadly applicable across the range of Australian businesses and workplaces. Just as every workplace is unique, so is the way each principle can be applied in practice.

When considering these principles in any work design also ensure you take into account your local jurisdictional work health and safety requirements.

My name’s Simon Di Nucci. I’m a practicing system safety engineer, and I have been, for the last 25 years; I’ve worked in all kinds of domains, aircraft, ships, submarines, sensors, and command and control systems, and some work on rail air traffic management systems, and lots of software safety. So, I’ve done a lot of different things!

Good Work Design: Copyright

Much of the content of this post is taken from the Principles of Good Work Design handbook from Safe Work Australia. The handbook is © Commonwealth of Australia, 2019; this document is covered by a Creative Commons licence (CCBY 4.0) – for full details see here.

I have made some changes to the text to improve the layout and correct minor problems with Figure numbering in the original document. ‘Top Tips’ are my own, based on my 10+ years of experience working in system safety under Austalian WHS.

What do you think of Good Work Design?

Back to the Home Page

Tags 10-principle-of-good-design, best-design-words, good-design-ideas, good-design-principles, good-work-design, how-to-safe-design, how-to-safe-design-analysis, learn-safe-design, learn-safe-design-analysis, Safe-by-design-principles, safe-design-analysis-technique, safe-design-analysis-training, safe-design-analysis-tutorial, safe-design-technique, safe-design-training, safe-design-tutorial, safe-design-video, safety-principles, what-is-effective-design

Blog Work Health and Safety

So Far As Is Reasonably Practicable

Post author By Simon Di Nucci
Post date March 30, 2022
No Comments on So Far As Is Reasonably Practicable

Photo by EKATERINA BOLOVTSOVA from Pexels

‘So Far As Is Reasonably Practicable’ is a phrase that gets used a lot, but what does it mean? How do you demonstrate it?

In this post, I will talk about how to demonstrate SFARP. I’ve been doing this on complex programs for 20+ years now, both in the UK and Australia. The concept of ‘reasonably practicable’ is much easier to apply than people think. I’ve watched a lot of programs over-complicate the process. We just don’t have to do that!

I have some practical tips for you, not just theory. In Australia we do it like this … and you can learn from this wherever you operate!

Attribution

This post uses text from ‘How to Determine what is Reasonably Practicable to Meet a Health and Safety Duty’, published by Safe Work Australia in May 2013.

This copyright work is licensed under a Creative Commons Attribution-Noncommercial 3.0 Australia license. To view a copy of this license, visit here. In essence, you are free to copy, communicate and adapt the work for non-commercial purposes, as long as you attribute the work to Safe Work Australia and abide by the other license terms.

How is ‘reasonably practicable’ defined?

Section 18 of the WHS Act defines the standard that is to be met and describes the process for determining this:

S.18: In this Act, ‘reasonably practicable’, in relation to a duty to ensure health and safety, means that which is, or was at a particular time, reasonably able to be done to ensure health and safety, taking into account and weighing up all relevant matters including:

the likelihood of the hazard or the risk concerned occurring; and
the degree of harm that might result from the hazard or the risk; and
what the person concerned knows, or ought reasonably to know, about the hazard or risk, and about the ways of eliminating or minimising the risk; and
the availability and suitability of ways to eliminate or minimise the risk; and
after assessing the extent of the risk and the available ways of eliminating or minimising the risk, the cost associated with available ways of eliminating or minimising the risk, including whether the cost is grossly disproportionate to the risk.

Note that this definition is actually a risk analysis process. The WHS Risk Management Code of Practice provides the minimum process that will meet this requirement.
Top Tip

All Relevant Matters

The process requires that all relevant matters, including those listed in the section, are taken into account and weighed up when determining what is reasonably practicable in particular circumstances.

There are two elements to what is ‘reasonably practicable’. A duty holder must first consider what can be done—that is, what is possible in the circumstances for ensuring health and safety. They must then consider whether it is reasonable in the circumstances to do all that is possible.

Some of the matters listed in section 18 will be relevant to identifying what can be done, for example, if control measures that will eliminate or minimize the risk are available and suitable. Other matters will be relevant to identifying whether what can be done is reasonable to do, for example, if the risk and degree of harm are grossly disproportionate to the cost of implementing the control measure.

To identify what would be reasonably practicable to do, all of the relevant matters must be taken into account and a balance achieved that will provide the highest level of protection that is both possible and reasonable in the circumstances. No single matter determines what is or was at a particular time reasonably practicable to be done to ensure health and safety.

What Each of the ‘Relevant Matters’ Mean

Factor	Relevance
The likelihood of the hazard or the risk concerned occurring	The greater the likelihood of a risk occurring, the greater the significance this will play when weighing up all matters and determining what is reasonably practicable. If harm is more likely to occur, then it may be reasonable to expect more to be done to eliminate or minimize the risk. The frequency of an activity or specific circumstances will be relevant to the likelihood of a risk occurring. The more a worker is exposed to a hazard, the more likely they are to suffer harm from it.
The degree of harm that might result from the hazard or the risk	The greater the degree of harm that could result from the hazard or risk, the more significant this factor will be when weighing up all matters to be taken into account and identifying what is reasonably practicable in the circumstances. Clearly, more would be expected of a duty holder to eliminate or minimize the risk of death or serious injury than lesser harm.
What the person concerned knows, or ought reasonably to know, about the hazard or risk, and ways of eliminating or minimizing the risk	The knowledge about a hazard or risk, and any ways of eliminating or minimizing the hazard or risk, will be what the duty holder actually knows, and what a reasonable person in the duty holder’s position (e.g. a person in the same industry) would reasonably be expected to know. This is commonly referred to as the state of knowledge. The courts have consistently stated a duty holder must consider all reasonably foreseeable hazards and risks when identifying what is reasonably practicable.
The availability and suitability of ways to eliminate or minimize the risk	This requires consideration of not only what is available, but also what is suitable for the elimination or minimization of risk. A risk control that may be effective in some circumstances or environments may not be effective or suitable in others, because of things such as the workplace layout, skills of relevant workers, or the particular way in which the work is done. Equipment to eliminate or minimize a hazard or risk is regarded as being available if it is provided on the open market, or if it is possible to manufacture it. A work process or change to a work process to eliminate or minimize a hazard or risk is regarded as being available if it is feasible to implement. A way of eliminating or minimizing a hazard or risk is regarded as suitable if it: is effective in eliminating or minimizing the likelihood or degree of harm from a hazard or risk does not introduce new and higher risks in the circumstances, and is practical to implement in the circumstances in which the hazard or risk exists.
The cost associated with available ways of eliminating or minimizing the risk, including whether the cost is grossly disproportionate to the risk.	Although the cost of eliminating or minimizing risk is relevant in determining what is reasonably practicable, there is a clear presumption in favor of safety ahead of cost. The cost of eliminating or minimizing risk must only be taken into account after identifying the extent of the risk (the likelihood and degree of harm) and the available ways of eliminating or minimizing the risk. The costs of implementing a particular control may include costs of purchase, installation, maintenance, and operation of the control measure and any impact on productivity as a result of the introduction of the control measure. A calculation of the costs of implementing a control measure must take into account any savings from fewer incidents, injuries, and illnesses, potentially improved productivity, and reduced staff turnover.

The ‘Relevant Matters’ – we will look at each one of these in turn, below.

The first three Factors are covered in the Risk Management Code of Practice, so we won’t repeat that stuff here. I just want to note:

Remember that “what you ought reasonably to know” includes what your legislator and regulator has published. You can’t be ignorant of this basic stuff and claim to have minimized risks SFARP!
Top Tip

Is the Control Measure Available and Suitable?

Investigations and inquiries may identify many ways to eliminate or minimize a particular type of risk. Some of these may, however, not be available … or may not be suitable in the particular circumstances.

Examples:

A device may not have been introduced into the Australian market, or may be incompatible with Australian operating conditions.
Radio communication to minimise risks from people working in isolation or in remote locations may not be suitable in areas where there is no signal or a poor one.
Mechanical lifting aids may not be able to operate in areas where there is insufficient room to move them around.
Equipment may not be able to be used in areas where the necessary energy source, such as electricity or gas, is unavailable.
Particular processes may not be able to be used if they rely on circumstances, including the behaviour of others, over which the duty holder has no control.

Availability

Equipment to eliminate or minimize a hazard or risk is regarded as being available if it is provided on the open market, or if it is possible to manufacture it.

A work process or change to a work process to eliminate or minimize a hazard or risk is regarded as being available if it is feasible to implement.

Suitability

A way of eliminating or minimizing a hazard or risk is regarded as suitable if it:

is effective in eliminating or minimising the likelihood or degree of harm from a hazard or risk
does not introduce new and higher risks in the circumstances, and
is practical to implement in the circumstances in which the hazard or risk exists.

These tests of availability and suitability are very powerful, but they are often overlooked. Make sure that you apply these tests before you consider whether a control is reasonable – it saves a lot of effort.
Top Tip

How to Determine what is Reasonable

Just because something can be done does not mean that it is reasonably practicable for the duty holder to do it. What is required is an assessment of what a reasonable person in the position of the duty holder would do in the circumstances, taking a careful and prudent approach and erring on the side of caution.

There are options for determining what is reasonable, including Codes of Practice and Standards. We will look at this in more depth in another lesson.
Top Tip

The aim must be to keep trying to lower the likelihood and degree of harm until further steps are not reasonable in the circumstances. Questions you should ask to identify if they are doing enough are:

Is there more I can do to either
- minimise the risk myself, or
- ensure another party with the relevant skills and expertise can properly implement health and safety measures and minimise risks?
If the answer is yes to either of the above, is it reasonable for me not to do so?

Okay, here we are looking at Consultation, Cooperation and Coordination between a Duty Holder and workers or other Duty Holders. Look at the C, C&C Code of Practice for help with this.
Top Tip

The more likely the risk, the more that is required to be done to eliminate or minimize it. The greater the degree of harm, the more that is required to be done to eliminate or minimize it.

If there is at least a moderate likelihood of death or serious injury, then the highest level of protection should be provided.
The Guidance

This statement is fine in a workplace, but if you are designing something like a car, a plane, or a ship – something complex which could hurt lots of people – then this approach is inadequate. You need to apply the concept of risk tolerability and a Cost-Benefit Analysis.
Top Tip

It may not be reasonable to require expensive and time-consuming controls, for example, engineering controls, to be applied to minimize or further minimize a low likelihood of minor harm. It may however be reasonable to apply less expensive controls such as training and supervision to further lower the likelihood of the risk.

When considering each control or combination of controls, a duty holder must take into account the likelihood of a particular control [is] effective. Guards may be removed, systems of work may not be understood and followed, and personal protective equipment may not always be worn. Further controls such as signs or supervision, may be needed to make a control more likely to be effective.

Cost

While cost is specified in Section 18 (of the WHS Act) as a matter to be taken into account and weighed up with other relevant matters to identify what is reasonably practicable, this must only be done after assessing the extent of the risk and the ways of eliminating or minimizing it.

The cost of implementing a particular measure may include the cost of purchase, installation, maintenance and operation of the control measure and any impact on productivity as a result of the introduction of the control measure.

A calculation of the cost of implementing a control measure should also take into account any savings it will yield in reductions in incidents, injuries, illnesses and staff turnover, as well as improvements in staff productivity.

Remember there must be a clear presumption in favor of safety over cost.
Top Tip

Before determining whether expenditure to eliminate or minimize a risk is reasonably practicable in the circumstances, the PCBU must consider:

the likelihood and degree of harm of the hazard or risk, and
the reduction in the likelihood or degree of harm that will result if the control measure is adopted.

The more likely the hazard or risk, or the greater the harm that may result from it, the less weight should be given to the cost of eliminating the hazard or risk.

Okay, this is really talking about tolerability, as found in discussions of ALARP in the UK, although this Australian guidance avoids saying so!
Top Tip

If you cannot afford to implement a control measure that should be implemented after following the weighing-up process set out in Section 18 of the WHS Act, they should not engage in the activity that gives rise to that risk.

What are your questions about SFARP and Reasonably Practicable?

Lesson System Safety

Safety Assessment Techniques Overview

Post author By Simon Di Nucci
Post date March 23, 2022
No Comments on Safety Assessment Techniques Overview

Photo by Karolina Grabowska from Pexels

In Safety Assessment Techniques Overview we will look at how different analysis techniques can be woven together. How does one analysis feed into another? What do we need to get sufficient coverage to be confident that we’ve done enough?

Learning Objectives: Safety Assessment Techniques Overview

You will be able to:

List and ‘sequence’ the five types of risk analysis;
Describe how the types fit together as a whole;
Describe the benefits of each type of analysis;
Describe an example of each type of analysis;
Select analyses to meet your needs;
Design an analysis program for different applications; and
Understand issues driving the use of techniques and level of effort.

This is the ten-minute demo version of the full, 70-minute video.

buy the full video here

Topics: Safety Assessment Techniques Overview

Overview of Sequence;
Hazard Identification;
Requirements Analysis;
Cause Analysis;
Consequence Analysis; and
Control Effectiveness Analysis.

Transcript: Safety Assessment Techniques Overview

Click Here to See the Transcript

Welcome to The Safety Artisan

I’m Simon, your host. And today we’ve got, quite a special subject.

I’m going to be talking about safety analysis techniques, and this is a special subject because it’s by special request from my friends at the University of Southern California. Thank you to them. And what we’re going to be doing in today’s session is an overview of these different techniques, their benefits and the options that you have for applying techniques in order to come up with a whole programme of analysis.

Let’s explain what I mean

What we’re going to get out of today is after this you will be able to list and sequence the five types of risk analysis, and it says sequence in inverted commas because, as we’ll see, it’s not quite as simple as just going through it once in sequence, and that’s it. We tend to reiterate, but anyway, there is a natural sequence to this stuff, and we’ll see what that is.

Secondly, you’ll be able to describe how these different types of analyses fit together and how they feed each other and complement each other. That’s very important. If we’re going to come up with a reasonable whole; we’re going to describe the benefits of each type of analysis.

I will provide at least one example of each type of analysis, sometimes more than one.

We’re going to talk about how you would select analyses to meet your needs when analysing a specific system. Because we don’t always need to do everything. We don’t always need to throw everything at the problem. some systems are simpler than others, and they don’t need, the whole works in order to get a decent result.

With that in mind, we’re going to be able to design an analysis programme for different applications or for different systems.

And finally, we’re going to understand the issues that drive the use of techniques and the level of effort. The level of rigour that we need to apply now, to set expectations. There’s no magic answer here. I can’t tell you that the amount of hours that you have to spend on a problem is X squared, plus whatever.

We can talk about the factors that drive it, but I cannot give you a nice cut and dried answer. It just doesn’t work like that.

Those were the learning objectives

What we’re going to talk about, we’re going to give an overview of the sequence and then I’m going to recap that at the end.

And then the five types of analyses we’re going to talk about in order hazard identification requirements, analysis, cause analysis or cause or analysis, consequence analysis and control, effectiveness, analysis or control, identification and effectiveness analysis.

I’m going to talk about a couple of other things during that, which will help us pull things together. But those are the five main types that I’m going to talk about. Those are the five types of analysis that I said you would be able to list. We’ve covered one learning objective already.

I promised you we were going to look at the overview of the sequence.

And I think this is what pulls it all together and explains it powerfully. So the background to this is we’ve got, an accident or mishap sequence. Whatever you want to call it and we start with causes on the left and causes lead two a hazard, and then a has it can lead to multiple consequences.

That is what the bowtie here is representing. It’s showing that multiple causes can lead to a single hazard, and a single hazard can lead to multiple consequences.

Don’t worry too much about the bow tie. I’m not pushing that in particular, it’s a useful technique, but it’s not the only one. We’ll come onto that – that’s the background.

This is the accident sequence we’re trying to discover and understand.

I’m going to talk a lot about discovery and understanding

Yeah, typically, we will start with trying to identify hazards. There are techniques out there that will help us identify hazards associated with the system being used in a specific application, or purpose, in a specific operating environment.

Always bear in mind those three questions about the context, that help us to do this.

What’s the system? What are we using it for? and in what environment?

And if we change any of those things, then probably the hazards will change. But we start off to preliminary hazard identification, which is intended to identify hazards. Big, big arrow pointing at hazards, but also, inevitably, it will identify causes and consequences as well, because it’s not always clear. What is the hazard when you start? talking of discovery, we’re going to discover some stuff.

We may finally classify what we’re talking about later. we’re trying to discover hazards. In reality, we’re going to discover lots of stuff, but mainly we hope hazards, that’s stage one.

Now, then we’re actually going to step outside of the accident sequence itself. We’re going to do some requirements analysis, and the requirements analysis has to come after the PHIA because some safety requirements are driven by the presence of certain hazards.

If you’ve got a noise hazard somebody’s hearing might be affected, then regulations in multiple countries are going to require you to do certain things to monitor the noise. Let’s say or monitor the effect that it’s having on workers and put in place a program to handle that. The presence of certain hazards will drive certain requirements for safety controls or risk controls.

Then there are the broader requirements. Analysis of what does the law require, what the regulations require, codes of practise, etc. We’ll get onto that, and one of the things that requirements analysis is going to do is give us an initial stab of what we’ve got to have – certain controls because we’re required to. That’s a little bit of an aside in terms of the sequence, but it’s very, very important.

Thirdly, and, fourthly, once we’ve discovered some hazards, we’re going to need to understand what might cause those hazards and therefore how likely is the hazard to exist in particular circumstances, and then also think about the consequences that might arise from a hazard. And once we’ve explored those, we will be in a position to actually capture the risk.

Because we will have some view on likelihood. And we would also have some view on the severity of consequences from considering the consequences. We’ll come onto that later.

Finally, having done all those other things, we will be in a position to take a much more systematic look at controls and say, we’ve got these causes. We’ve got these hazards. We’ve got these potential consequences. What do I need to do to control this risk and prevent this accident sequence from playing out?

What I need to put in place to interrupt the accident sequence, and I’ve put the controls. The dashed lines indicate that we’ve got barriers to that accident sequence, and they are dashed because no control is perfect. (Other than gravity. But of course, if you turn your vehicle upside down, then gravity is working against you, so even gravity isn’t foolproof.)

No control is 100% effective

We need to just accept that and deal with that and understand. There is your overview of the sequence, and I’ve spent a bit of time talking about that because it is absolutely fundamental to everything you’re going to do.

But let’s move on and start to look at some of these individual types of techniques.

Which Safety Techniques do You Use? Leave a Comment below…

Tags how-to-use-a-risk-assessment, safety-assessment-of-aircraft-systems, safety-assessment-report-did, safety-assessment-vs-risk-assessment, safety-case-assessment-guide, safety-report-assessment-manual, safety-risk-assessment-and-management-plan, signs-of-safety-assessment-tool, what-is-a-health-and-safety-assessment

Course System Safety

The Safety Artisan is on Thinkific

Post author By Simon Di Nucci
Post date February 23, 2022
No Comments on The Safety Artisan is on Thinkific

The Safety Artisan's first course on Thinkific!

I’m pleased to tell you that The Safety Artisan is on Thinkific!

Thinkific is a powerful and beautifully-presented online Learning Management System. This will complement the existing Safety Artisan website.

My first course will be ‘System Safety Assessment‘ with ten hours of instructional videos. The new course is here.

(Please note that this is the same course as my ‘Complete System Safety Analysis Bundle’ of 12 videos available here. So, if you’ve already bought that – thanks very much – please don’t buy it again, as you already have all the material.)

What will the System Safety Assessment Course do for you?

Transcript of the Video

Read the Transcript Here:

Welcome to the System Safety Assessment course

In this course, you will gain knowledge, skills, and confidence. You will gain knowledge of what is involved in system safety assessment. The individual tasks and techniques you need to carry out.

But more importantly, how to put them together into a successful program and how to tailor all these different tasks keeping some, but leaving out others so that you get an efficient and effective safety program, no matter what application or what system you are working with.

So that’s the knowledge and the skills

You’ll also get the confidence to be able to get you started. Now, there is no substitute for live face-to-face training and coaching. But this format is much more accessible to you and much more reasonably priced. So wherever you are in the world, whatever time and day you want to do your learning, you can access this course and you can gain confidence to get you started.

So if you’re worried about a job interview, what you’re going to say or you’re worried about how to do a job and there’s nobody around to help you. Then this course will give you the confidence to get started and to be aware of the pitfalls before you begin.

So what makes me confident that I can help you?

Well, first of all, I’ve got 25 years of experience applying system safety.

And I’ve done that in the UK, in the United States, in Australia, and in the European Union. I’ve seen a wide variety of legal jurisdictions that I’ve worked in. Also, I’ve worked on a wide variety of systems. I’ve worked on planes, trains, ships and submarines, software, and I.T. systems all kinds of stuff.

I’ve worked on some gigantic multibillion-dollar projects and some much smaller ones. So I know how to pragmatically apply this stuff, at a reasonable scale without spending stupid amounts of money.

And in fact, as part of my job as a consultant, I spent half the time telling clients to do less and spend less and still get an effective result. So that’s where I’m coming from.

I’ve also got experience teaching system safety in the classroom. I’ve taught hundreds of students, from various different projects. And now I have hundreds of online students, and I’m very pleased to be able to help all of those as well.

So that’s why I think that I can help you

And I hope that you will enjoy this course and get a lot out of it. Thanks very much for considering The Safety Artisan.

What do you think of the new page?

Tags risk-assessment, risk-assessment-definition, risk-assessment-example, risk-assessment-framework, risk-assessment-in-safety, risk-assessment-matrix, risk-assessment-methodology, risk-assessment-process, risk-assessment-report, risk-assessment-steps, safety-assessment, steps-to-risk-assessment

Blog Safety Management

The Risk Matrix

In this article, I look at The Risk Matrix, a widely used technique in many industries. Risk Matrices have many applications!

In this article, I have used material from a UK Ministry of Defence guide, reproduced under the terms of the UK’s Open Government Licence.

Introduction

A risk matrix is a graphical representation of the various risks associated with a project and its corresponding risk management strategies. It helps to identify and prioritize potential risks.

What is a Risk Matrix?

A safety risk matrix provides a framework for ranking or classifying safety issues according to their significance. The matrix is sometimes called a “hazard ranking matrix” or a “hazard classification matrix”, but it is strictly applied to accidents, since these have harmful outcomes, whereas hazards only have the potential for harm. The matrix can be used as a risk screening tool to help decide which issues need treatment first or which need not be considered further at this time.

Risk matrices can cover exposure to different types of loss, including harm to humans, damage to the environment, financial loss or impact on reputation. If a loss in these diverse categories can be considered in common terms (e.g. the monetary impact of all types of loss), then a single matrix can cover all such issues together and prioritize which are the most significant.

The matrix covers a “risk space” defined by the two component parts of risk, namely likelihood on one axis and consequence (or severity) on the other. Each axis must span the full range of outcomes, which are considered possible for the system of interest. Each range is divided into a number of categories or bands (typically between 3 and 8) to define the cells of the matrix.

The bands on the two axes may be defined in terms that are purely qualitative, semi-quantitative, or fully quantitative, for example:

Qualitative:
- Likelihood is (Frequent/Reasonably Probable/Remote/Extremely Remote)
- Severity is (Minor/Significant/Severe/Catastrophic)
Semi-quantitative:
- Likelihood is (e.g. likely to occur once per year on one site)
- Severity is (e.g. a single death)
Quantitative:
- Likelihood is (e.g. between 1×10-4 and 1×10-5 per year on one site)
- Severity is (e.g. between 1.0 and 10.0 Fatalities and Weighted Injuries)

Each cell of the matrix is assigned an indicator defining the relative significance of issues falling in that zone. This indicator could be:

A risk descriptor (e.g. Low, Moderate, High, Very High)
A risk score or index (e.g. a number from 1 to 20)
A priority category (e.g. High, Medium or Low)
A risk class (e.g. A, B, C or D)
A measure of expected rate of harm or loss (e.g. 5.4 Fatalities and Weighted Injuries per year or £45,000 per year)

Where likelihood and consequence are stated quantitatively, the axes are usually considered to have logarithmic scales. Adjacent bands will typically differ by one order of magnitude. In this case, lines of constant risk run diagonally across the matrix and the risk will range by a factor of 100 across the area covered by a single cell. This illustrates that the matrix is a coarse tool, which can show large differences in risk, but does not address fine detail, such as compliance with quantitative risk requirements.

To apply the matrix, users must have a list of the relevant safety issues (from Hazard Identification and Hazard Analysis) and estimates of the likelihood and severity of each possible accident (from Risk Estimation). The matrix is therefore a technique for Risk Evaluation, which follows on from Risk Estimation. The estimates of accident likelihood and severity may be generated by different methods, depending on the stage of the project, the information available and the significance of the safety issue being explored. For example, the estimates may come from:

Engineering judgement by Subject Matter Experts with knowledge of similar systems
Historical data from this or similar systems
Detailed modelling (e.g. using Fault Tree Analysis and Event Tree Analysis or Bow-Tie Analysis)

Examples of Risk Matrices

The following example matrices show some of the variations in format, terminology and risk indicators across a range of sectors and standards.

Example 1: IEC 31010 Example risk ranking matrix. Severity on x-axis increasing left to right, likelihood on y-axis increasing bottom to top, with five “risk levels” which are linked to decision rules such as the level of management attention or the time scale by which response is needed.

Example 2: Def Stan 00-56 Issue 2 Example accident risk classification table. Severity on x-axis increasing right to left, likelihood on y-axis increasing bottom to top, four risk classes identify significance and so management level for approval.

	Catastrophic	Critical	Marginal	Negligible
Frequent	A	A	A	B
Probable	A	A	B	C
Occasional	A	B	C	C
Remote	B	C	C	D
Improbable	C	C	D	D
Incredible	C	D	D	D

Def Stan 00-56 Issue 2 Example Accident Risk Classification Table

Example 3: IMO Guidelines on FSA. Example hazard risk index matrix. Severity on x-axis increasing left to right, likelihood on y-axis increasing bottom to top, risk index (RI) in each cell calculated by adding Severity Index (SI) for column and Frequency Index (FI) for a row. RI can be considered as log(risk), obtained by adding FI and SI.

FI	Frequency	Severity (SI)
1	2	3	4
Minor	Moderate	Serious	Catastrophic
7	Frequent	8	9	10	11
6		7	8	9	10
5	Reasonably probable	6	7	8	9
4		5	6	7	8
3	Remote	4	5	6	7
2		3	4	5	6
1	Extremely remote	2	3	4	5

IMO Guideline on FSA: Risk Ranking Matrix

Example 4: ISO 17776 Offshore Sector Example risk matrix. Severity on y-axis increasing top to bottom, likelihood on x-axis increasing right to left to top, matrix areas define future action to be taken.

Risk Matrix Assessment

When it Might be Used

The matrix is usually set up at an early stage of the lifecycle, defining the framework to be used for risk evaluation at subsequent stages. It should be used early in the lifecycle to provide a coarse sift of the identified safety issues so that attention can be focused on the most significant ones. This attention may involve more detailed analysis to understand complex accident sequences and to apply semi-quantitative or fully quantitative risk assessment techniques where appropriate.

Later in the lifecycle, the risk matrix may be used for determining the appropriate management level for review and acceptance of each safety issue. This ensures that the key risk drivers are brought to the attention of senior managers but they are not swamped with masses of information on less significant matters.

During the in-service stage of the lifecycle, the risk matrix technique can be applied to give an indication of significance for new safety concerns, such as those revealed by incidents or due to proposed design changes. Risk monitoring can be focused on the issues of highest significance as well as targeting resources for risk reduction.

Advantages & Disadvantages

Advantages

Risk matrices provide a quick appreciation of the most significant issues so that attention can be focused where it will have most benefit.
Matrices provide a visual representation which is easily understood and so aids communication with non-specialists.
Risk matrices can cover impacts which are different in nature (e.g. harm to people, harm to the environment, material or financial loss), provided that these can be equated in common units (e.g. in money terms).

Disadvantages

Risk matrices are good for examining different issues affecting one system or activity on the basis of their risk relative to each other. They are not effective for understanding absolute risk.
There is no single, correct interpretation of the level at which “safety issues” should be selected for presentation on the risk matrix. This means that different analysts may choose different levels and the resulting list of prioritised issues is somewhat subjective. The apparent results may be changed by “accident splitting” (i.e. defining one safety issue as two or more different accidents, each of which will appear to have lower risk).
Risk matrices consider safety issues one at a time and so do not help understanding the overall or aggregate risk exposure.
When a variety of different outcomes is possible from a single issue (e.g. fire – consequences can range from no harm to multiple deaths) it can be difficult to choose which likelihood and consequence combination should be used.
As a broad-brush technique, risk matrices should not be used for considering whether quantitative risk targets have been met or as the only technique for examining complex or high consequence issues. The matrix can, however, highlight high consequence issues so that they then receive more detailed consideration.

Risk Matrices for Project Management

In project management, we are aiming for specific outcomes, often represented as the project management triangle.

In the center is quality (and/or safety), which is central to indicate that this cannot be compromised. The three corners are cost, time, and scope (or requirements), and these can be traded off against each other.

This representation helps us to identify project risks by the effect that they might have on the project’s objectives. ISO 31000 defines risk as “the effect of uncertainty on objectives”. Again, the risk matrix allows us to identify and rank risks, identifying the biggest, most critical risks. These risks are where we will focus most attention, looking for multiple controls, or defense-in-depth, for the most serious ones.

An old saying is that “you can have a quick job, a proper job, or a cheap job; you can have two out of three, but you can’t have all three.” Taken literally this is a little pessimistic, but it does remind us that if we set an absolute target on one of these axes, then we will likely have to trade the other two off against each other.

This axiom also gives us some basic principles on which to identify controls. We might desire controls that allow us to achieve all objectives at the same time, but this is often unrealistic. Practical experience – encoded in a saying – suggests that we must be prepared to accept some trades in budget/schedule/scope.

Thus the risk matrix, in combination with some basic project management principles, enables more realistic decision-making. (Real decisions involve saying ‘no’ to some things in order to say ’yes’ to others.) Rather than naively thinking that we can have it all, the risk matrix supports robust early decision-making.

This should make project success more likely – until somebody changes the objectives!

Additional Considerations

It should be noted that risk matrices from different standards and industry sectors are not always represented in the same way. The most common convention has a Cartesian representation (i.e. values increasing left to right and bottom to top on the two axes) so that risk increases from bottom left to top right, but the examples below show that several common matrices have a different format.

If risk estimates are generated by a team of Subject Matter Experts, their deliberations can be biased (consciously or unconsciously) if they know the risk matrix framework. There may be a tendency to choose likelihood and/or severity estimates that result in a lower apparent risk so that it attracts less management scrutiny.

Uncertainty of the estimates of severity and likelihood can be represented on a risk matrix by showing that risk with error bars rather than a single point. This can help understanding by senior managers.

Using common matrices for different systems does not necessarily result in risk estimates that can be compared in a meaningful way. The systems may have diverse risk exposure factors (e.g. number of people exposed, usage rate) and different numbers and types of accidents to consider.

(For more on risk management, see the FAQ.)