Every organisation needs to manage health and safety, and control any hazards to employees and others. The adequacy of controls are identified during a risk assessment and there is a duty to ensure the risk assessment is suitable and sufficient. Any adverse incident will draw attention to the risk assessment to ensure it is such. But what makes a risk assessment suitable and sufficient?
The phrase suitable and sufficient is not defined in any legislation but is defined by the Health and Safety Executive within INDG163 Risk assessment brief guide.
This guidance note is designed to clarify the issue of ensuring a risk assessment is suitable and sufficient, covering some of the underlying factors that should be taken into account when carrying out risk assessments.
Whilst this alone would not constitute that the risk assessment was not suitable and sufficient, someone who is not competent may fail to identify all relevant hazards or evaluate the risk etc. The person conducting the risk assessment must be competent to do so with the degree of competence dependent on what it is that is being assessed. The more complex the subject, the more competent the assessor should be. It is incumbent upon an employer to ensure that if employees are being asked to carry out risk assessments, they are competent.
The Health and Safety Executive (HSE) defines competence as a “combination of training, skills, experience, and knowledge that a person has and their ability to apply them to perform a task safely”. Additionally, they also suggest factors such as attitude and physical ability can affect someone’s competence.
There is a requirement to identify any hazards and reasonably foreseeable risk which may result from the hazard not being controlled.
In its position paper Reducing Risks, Protecting People (R2P2) published in 2001, the HSE explains: “So as not to impose unnecessary burdens on duty holders, HSE will not expect them to take account of hazards other than those which are a reasonably foreseeable cause of harm, taking account of reasonably foreseeable events and behaviour.”
Part 6 of the Position Paper gives an example of a reasonably foreseeable event regarding the collapse of a building.
Therefore, you cannot do a safety risk assessment sitting at a desk. At some point you will need to record the findings, but to get the full picture you need to walk around the workplace and look for, and take note of what could cause harm – hazards. As you walk round, speak to employees and users and gather information from them on hazards which may not be obvious.
Take note of all issues found as you can discount them later if necessary. Also, if you find a hazard, record as much as you can about it. As an example, oxygen therapy cylinders are hazardous – they pose a risk of musculoskeletal injuries caused by poor manual handling, and a risk of fire and explosion caused by poor maintenance and management of the cylinder resulting in leaks and an enriched oxygen atmosphere. You should record the size of cylinder(s), how many are present, specific location and note any impact on other legislation i.e. under the RRFO or F(S)A, a review of the fire risk assessment will be required and a risk assessment may be required to comply with DSEAR.
Also, consider other factors which may have a bearing on the hazard being realised such as weather conditions throughout the year (if outdoors), peak times for workloads, annual leave impacts on workloads.
When we talk about health and safety it is easier to foresee a personal injury incident. More difficult, and sometimes overlooked, is the ‘Health’ part – someone suffering from a work related illness caused by exposure to harmful materials. These are normally, but not always, latent illness i.e. prolonged exposure to a substance may cause dermatitis in the future. An example would be a mechanic carrying out vehicle maintenance and repairs being exposed to used engine oils or exhaust fumes over a number of years, known carcinogens.
Compared to accidents, work-related health problems cause far more absence. HSE statistics for 2019 showed that there were 23.5 million work related ill-health working days lost compared to 4.7 million due to non-fatal workplace injuries.
This is not ‘everyone’. It must be categorised into the different exposure types i.e. employee, visitors, member of public, contactor, volunteers resident etc., including approximate numbers of each category. Each category may require different control measures.
Consider if there is anyone especially at risk including children, elderly, lone workers, people with impairments etc. Again, there may be a need for specific controls measures.
The HSE do not provide a general definition of ‘significant hazard’ or ‘significant risk’ however, these can be referenced elsewhere. The Quarries Regulations 1999. Approved Code of Practice, paragraph 295 indicates:
|‘The hazard should be considered significant if such a failure would, directly or indirectly, be:
(a) …; or
Within the Glossary to the Construction (Design and Management) Regulations 2015 Guidance on Regulations, reference is made to ‘significant risks’ as being:
|‘not necessarily those that involve the greatest risks, but those (including health risks) that are not likely to be obvious, are unusual, or likely to be difficult to manage effectively.’|
In dealing with the most significant hazards, you need to implement controls taking account of the number of people who could be involved. Hence recording the approximate numbers for each category at risk of harm. Involve users, employees, and employee representatives, investigate what controls are currently in use and if these are effective and practicable.
Control measures (precautions) must be reasonably practicable and follow the principles of prevention (see the Management Regs). For some specific legislation such as COSHH8, the hierarchy of control will need to be considered.
Reasonably practicable requires judgement. It is the balance between the cost, time, and effort to implement the control, weighed against the benefit that the control brings. The ethos is linked to the principles of prevention. As an example, the principles of prevention begin with elimination; is it reasonable for you to eliminate the hazard? If not, it may not be reasonably practicable. What is reasonable is also measured by what a similar person would do in the same circumstance given the same information.
When you evaluate the risk, given all the information gathered during observation and research, you need to ensure that you have reduced the risk to a level which is as low as reasonably practicable, sometimes referred to as ALARP. This again is linked to the concept of reasonably practicable and the hierarchy of control. Can we evidence that you have done everything reasonably practicable to reduce the risk? Have you met or exceeded any industrial standards, best practice guides etc.?
Many people see risk assessment and health and safety as ‘bolt-ons’ to their normal work tasks but it is inherent in everything you and your staff do. It is not just a compliance issue or paper exercise. The findings must be acted upon to produce a real improvement in health and safety at work. The controls listed in an assessment are things that your staff are working to every day – wearing PPE, following a safe work method or procedure, implementing knowledge gained on training course(s), providing supervision. Consider it as a positive aspect of ensuring you achieve your outcomes safely with a motivated workforce.
The employer has a legal duty to review a risk assessment periodically to ensure it is current. There is no defined period as to when this should happen, however this must be related to the risk. Not all risk assessments have a scoring matrix, and if you look at the HSE examples these do not have a scoring matrix either.
With an initial risk assessment, you will want to be informed if the controls are effective and you need to monitor and review it at frequent intervals. If you suspect it is no longer valid then it must be reviewed. New equipment, processes, personnel, new locations, alterations to premises and workplace layouts, and enforcement letters are some matters that will require a review.
Reviewing does not necessarily mean repeating the whole process. If the existing controls in place are still considered adequate, just make a record of that.
Given that the HSE have example risk assessments on their website, it would seem OK to use an OTS product, and why ‘reinvent the wheel’. But beware – the risk assessment is yours not the HSE’s or anyone else’s that you have sourced it from. If you are tempted to use an OTS assessment you MUST check that it is valid. You still have a legal duty to ensure it identifies all significant hazards – the only way you can do that is to observe your workplace.
Employers must provide employees and others with information on the risks in the workplace and how they are protected.
In many circumstances, the provision of information, instruction, and training will be part of your control measures.
There are numerous benefits to ensuring your risk assessments are suitable and sufficient.
Risk assessments don’t have to be complicated but need to be reflective of the practices that are employed to ensure employees and others are safe.
Controls need to be reasonable and proportionate to the environment in which they are carried out.
Health and safety will not stop you doing your work but it will help you to work safely.
Risk Management Partners Limited is the data controller of any personal information you provide to us or personal information that has been provided to us by a third party. We collect and process information about you in order to arrange insurance policies and to process claims. Your information is also used for business purposes such as fraud prevention and detection and financial management. This may involve sharing your information with third parties such as insurers, reinsurers, other brokers, claims handlers, loss adjusters, credit reference agencies, service providers, professional advisors, our regulators, police and government agencies or fraud prevention agencies.
We may record telephone calls to help us monitor and improve the service we provide. For further information on how your information is used and your rights in relation to your information please see our privacy notice at https://rmpartners.co.uk/privacy-policy. If you are providing personal data of another individual to us, you must tell them you are providing their information to us and show them a copy of this notice.