Effective risk management

Effective risk management

Author: Philip Ryan

Effective risk management is an integral part of ensuring compliance across many aspects of regulatory law.

It enables organisations to identify, assess and prioritise the risks within a business and put in place adequate control measures to minimise the likelihood of those risks eventuating. However, when managing risk within a business, organisations should be mindful not to over-interpret regulations and become too risk averse. To do so may lead to an organisation incorrectly restricting legitimate activities and the commercial opportunities that go with it.

Myth busting

When somebody mentions the term 'risk assessment', it is more often than not considered to be a health and safety requirement, which can in turn be met with a rolling of the eyes and seen as a barrier to carrying out an activity or having fun.

In order to combat this, the Health and Safety Executive's 'Myth Buster panel' actively reviews decisions taken by companies and individuals to blanket ban certain practices and/or activities under the pretence of 'health and safety' restrictions. The panel's aim is to publicise the scores of bogus health and safety bans being used by organisations, which overshadow what health and safety is all about - ensuring people return home without injury from their day's work, every day.

The 'Myth Buster panel' has assessed more than 150 cases in its first year. Among the most well known myths were:

  • a bus driver refusing to allow a passenger on board with a hot drink
  • the airline that banned hard boiled sweets on flights for risk of choking
  • a school that banned triangular-shaped flapjacks and replaced them with 'less dangerous' square-shaped versions
  • the local council that banned hanging baskets from a village high street to prevent taller visitors banging their heads
  • the university that banned graduates from throwing their mortar boards in the air upon graduating, to prevent injuring bystanders

All of which are legitimate activities where health and safety has been used as a convenient excuse to stop what are effectively sensible and low risk activities going ahead.

The importance of an accurate risk assessment

A risk assessment is the corner stone of health and safety management. Its purpose is to accurately identify, and then evaluate the risks that an individual may be exposed to. Any risks identified should fall within an acceptable level and control methods should be put in place to ensure that any risk presented remains as low as possible. The risk assessment needs to be suitable and sufficient, but it does not mean the activity needs to be stopped or banned.

Some organisations that have chosen to adopt a more risk-averse approach, by banning certain activities which have been perceived as risky, could be missing out on opportunities.

Out of the first 100 cases the panel reviewed, 38% were adjudged as 'poor customer service', rather than any specific breach of regulations. Another 25% were stated to be 'disproportionate', which was caused by organisations over-interpreting the regulations.

Some organisations may consider it easier to impose a blanket ban rather than carrying out a proper risk assessment. However, health and safety just requires a good dollop of common sense and the adoption of a reasonable and sensible approach.

The trend of over-cautious organisations is not just relevant to health and safety, but can be seen across all areas of regulatory compliance. The introduction of the Bribery Act is a good example of where organisations have over-interpreted legislation. A couple of years ago, organisations would not hesitate to host an annual golf day or gala dinner for their contacts with a view to cementing good business relationships. This practice was not banned by the Bribery Act, but we have seen many examples of organisations banning all types of hospitality through fear of non-compliance.

Risks will be present in all areas of an organisation, and while they must all comply with the requisite regulatory and compliance legislation applicable to its business, organisations should invest sufficient management time in assessing the real risks. All too often, it is these risks that are overlooked because organisations are too busy trying to eliminate trivial ones.