Controlling risk to prevent work-related fatalities, injuries, diseases and ill-health is the core role of the safety professional. Legislation governs the duty to control workplace risk and looks for organisations to do more than just compliance activities.
A chapter published by the Australian Institute of Health and Safety explores the underpinning principles of controlling risk. The law does not require a risk-free work environment where accidents never happen, but instead requires employers to take such steps as are practicable to provide and maintain a safe working environment. The safety professional must consider controlling risk to decrease the probability or likelihood that hazards become uncontrolled and they need to mitigate the effects of the consequences of risks. Several principles underpin the strategies for controlling risk.
This article summarises requisite variety, the hierarchy of controls, time-sequence approaches, barriers and defences, the precautionary principle and the socio-technical systems approach to controlling risk. We also offer control strategies that health and safety professionals can use.
What is Requisite Variety?
The first principle to controlling risk discussed in the chapter is requisite variety. Risks in organisations can be understood to arise from the interaction of people, equipment and systems, and can be dealt with only by using a sufficient variety of control actions to cover all of the possible ways that the system can go wrong.
Controlling risk is generally via setting rules. However, the variety of rules we develop to govern safe behaviour will always be less than the variety of unsafe situations. A way around this is to provide the capacity to adapt rules to local circumstances, while still achieving your organisational goals. This is where continuous consultation with all relevant stakeholders is important when making decisions about controlling risks.
The Hierarchy of Controls
The hierarchy of controls underpins health and safety legislation and is a global concept to help in controlling risk. The hierarchy of control establishes the priority order to consider hazard and risk controls.
The Australian hierarchy of controls pyramid has six levels. You must always aim to eliminate the risk, which is the most effective control. If this is not reasonably practicable, you must minimise the risk by working through the other alternatives in the hierarchy. Administrative controls and PPE are the least effective at reducing risk because they do not control the hazard at the source and rely on human behaviour and supervision.
- Elimination: Is it possible to physically eliminate the hazard? Using this control, the hazard becomes void and therefore, does not expose employees to a risk of injury.
- Substitution: Is it possible to replace the hazard, for example, changing the equipment or tools used to perform a hazardous task?
- Isolation: Can we isolate or separate the hazard or hazardous work practises from people not involved in the work or the general work areas? For example, by marking off hazardous
areas, installing screens or barriers. - Engineering Controls: Can we use machinery and devices to remove the hazard? For instance, use mechanical devices such as trolleys or hoists to move heavy loads; place guards around moving parts of machinery; install residual current devices (electrical safety switches); set work rates on a production line to reduce fatigue; install sound dampening measures to reduce exposure to unpleasant or hazardous noise.
- Administrative Controls: Is it possible to change the process or the way that employees perform a hazardous task? This type of control is highly dependent on workers following the preventative process, and they remain at risk of a workplace injury.
- Personal Protective Equipment (PPE): Is it possible to provide PPE that will protect employees from the hazard? Relying on PPE to protect your employees is the last line of defence against a workplace injury. Too often, PPE is forgotten, ill-fitting or doesn’t provide the appropriate level of protection.
On the Tap into Safety Training Platform, there is a microlearning course on the Hierarchy of Controls. The course unpicks the levels of the hierarchy pyramid and provides practical examples of each stage.
See our article, Workplace Hazards and the Hierarchy of Controls.
Understanding the Time Sequence Factor
Causation models often feature a ‘time-sequence’ factor that provides a framework to develop risk control strategies. Generally, a time-sequence commences before an incident (pre-conditions), the incident itself (occurrence) and extends to including damage and injury outcomes (consequences). It is useful when performing accident investigations because it helps you to understand what happened and when. For example:
Controlling risk in the pre-conditions phase:
- Control of specific hazards, such as chemical or biological hazards that cause specific diseases or initiate responses such as asthma.
- System-wide occupational health management strategies integrated into OHS management systems.
- Health promotion activities focusing on individual vulnerabilities and causal factors.
Controlling risk in the occurrence phase:
- Adaptive response by a competent operator as a process variable starts to move outside of safe parameters.
- Active management of the individual by medical and other health professionals once a medical condition presents, for example, management of a lead worker.
- System-wide occupational health interventions.
Controlling risk in the consequence phase:
- Support for injured workers and others who may be affected.
- ‘Return to work’ strategies.
On the Tap into Safety Training Platform, there is a microlearning course on Choosing Hazard Control Measures. The course unpicks the levels of the hierarchy pyramid and provides practical examples of each stage.
The Role of Barriers and Defences in Developing Controls
There are three categories of barriers that you can draw on when controlling risk and they vary in their level of effectiveness.
1. Technical barriers (high effectiveness) – can prevent risk escalation, attenuate the risk, mitigate its consequence or reduce its likelihood. These barriers are generally included in the design (or retrofit) of the process/structure.
2. Human/organisational barriers (medium effectiveness) – contribute to the control of the process or activity, and reduce the likelihood of initiating events by reinforcing barriers or preventing their decay. Such barriers can degrade over time, and need to be routinely reviewed.
3. Fundamental barriers (low effectiveness) – barriers separated in time from threat initiation and risk realisation. Fundamental barriers contribute to system safety by checking for system weaknesses and any underlying or latent failures.
A Sociotechnical Systems Approach
Health and safety performance and controlling risk are influenced by internal and external factors including:
- System climate or environment – in which the organisation operates, including economic and regulatory requirements. External pressures affect the organisation and management needs to keep informed of relevant impacts and legislative changes. An organisation’s safety culture is an important mechanism linking external forces to its approach to safety.
- Organisation and management – includes structures, objectives, targets, strategies, etc., operating within the organisation. It defines safety policy and systems.
- Control, communication and feedback processes – ensures that the system operates according to its intended goals, and identifies deviations from those goals so that appropriate corrections can be made.
- Operator reliability – covers the required competence (skills, knowledge and motivation) of staff to meet task demands imposed by technology, procedures and other external constraints. Competence and work demands need balancing.
- Engineering reliability – refers to the design and maintenance of the plant or system.
The Precautionary Principle
There will be situations where full or sufficient health and safety information on a hazard is unavailable. In such cases, the precautionary principle should be adopted. This principle
states that:
Where there are threats of serious or irreversible health or environmental damage, lack of full scientific certainty shall not be used as a reason for postponing cost-effective measures to prevent environmental damage.
Risk Strategies That You Can Use
To design appropriate strategies when controlling risk, you need to consider the size and profitability of your organisation, as well as the safety maturity level. What is suitable for a multi-national organisation may not be appropriate for a small business. What may be appropriate controls for an organisation at a reactive maturity level will not be enough for one at the proactive stage. As organisations improve their safety systems, the type of accidents that they need to control also changes. Therefore, control strategies have to be dynamic and adapt to the organisation during all stages of its life cycle.
Consequentially, as a health and safety professional, you need to be able to use a range of system views to suit the complexity of any situation. Successful control of risk requires an in-depth understanding of hazards and the physical, organisation and psychosocial environments. Therefore, you need an understanding of the psychological principles that explain the behaviour of workers as individuals and in groups. Also, you should seek a ‘richness’ of information to identify and understand the risks.
Use a Variety of Tools
When assessing the control measure to use, you need to use a variety of tools that match various situations. For hazards such as working at heights, you can obtain good results by following the legislated guidelines. For organisations with a low safety maturity that do not have safety systems or processes in place, you should use traditional approaches. Some examples include training workers and supervisors, assessing risk and providing basic controls. These should provide significantly improved safety outcomes.
Increase Safety Maturity
You need to identify the safety maturity of your organisation to know what appropriate control strategies you can use, which in most cases will not be best practice. At the very minimum, organisations need to comply with relevant legislation. However, to add value, you should try to develop strategies to increase the maturity levels of your organisation and become an organisational change agent.
Finally, you have to monitor the effectiveness of any control strategy that you implement. This means including performance measures into the design of the controlling risk strategy. Where possible, you should quantify in monetary or statistical terms. These terms are the main language of management and essential if you are to convince them to change and accept that ‘safety is the way we do things around here’.
To Conclude
Controlling risk to prevent work-related fatalities, injuries, diseases and ill-health is complex and control measures need to be comprehensive. There are several approaches you can take to control risk before, during and after an incident occurs. You need to be informed by knowledge of barriers and defences, and how they may break down or be breached. Sociotechnical system models provide a broad-based approach that reflects the requisite variety of strategies to address the complexity of causation.
You should be up-to-date with current health and safety knowledge because providing advice on appropriate ways of controlling risk is your fundamental role.