Upload
mark-donnelly
View
220
Download
0
Embed Size (px)
Citation preview
The Likelihood Dilemma (Risk = Consequence x Likelihood) = Ri$k
Mark Donnelly
“Risk, in terms of protection of people at the coalface, should be
determined not by the likelihood of happening, nor from
occurrence of doing, but only from the consequence of harm and
by what controls that risk” MD
I just now need to
find someone to hold
the umbrella, what is
the likelihood of that?
2
The notion of measuring risk using the equation; risk = consequences x likelihood is
somewhat credited to Pascal, whom in the 17th century was discussing the
probability of being struck by lightning, he said that; “our fear of some harm ought
to be proportional not only to the magnitude of the harm, but also to the probability
of the event.
What I hope to bring to light and prove in this paper is that there is an unambiguous
need to split the risk matrix methodology into two separate pathways when using
likelihood as a calculus to determine a risk rating. These two pathways are corporate
and coalface.
I would like to further push an issue that I feel I have uncovered some years ago and
one which has not been addressed explicitly before; that using likelihood has little
purpose at the coalface level due to the confusion, misunderstanding and shear
irrelevance of its methodology. Keeping in mind that risk management is a collective
effort mostly needing involvement from many people and information from many
sources, the use of likelihood is only a part of the whole process.
There is no direct requirement specifically stipulated for workers to use a risk matrix
using likelihood as commonly accepted and thought. The use of likelihood is an
organisational management tool used in part of the whole risk management process.
A measurement tool for an organisation to use, to help establish controls based from
the event of something occurring.
When I have questioned workers and managers alike in the workplace about their
perceptions of risks and likelihoods, they are never confident on the answer they
give, this is due mainly to the fact that they have derived an answer form no factual
information. If I ask; what data did you analyse to provide an accurate means to
measure the likelihood on, they cannot illustrate any evidence. So, if workers and
management are not confident in the score they have calculated, then how can the
score be validated, let alone approved as acceptable? Even when events are reviewed
in hindsight, people still tend to be confused and there are always many different
perspectives on likelihood.
“The likelihood confusion has to stop; the consequence of this
confusion is costing lives and livelihoods. Every person has a
different perspective on reality. The likelihood of such confusion is
high; hence the need for controls, which in itself is written in fact
throughout the whole risk management philosophy, the control that
is needed is here is the elimination of likelihood”. MD
3
Calculating risk using consequence and likelihood has these issues:
It believes that all people have the same knowledge and perception and,
All organisations have the same risk appetite and attitude
That likelihood has a unique value which is the same to all workers,
That likelihoods are easy to comprehend,
That likelihood and consequences are of equal importance and value,
That a single consequence and likelihood can represent a risk,
It does not consider uncertainties in the estimates of consequence and likelihood
as part of the definition of risk
So to further conceptualise my argument on the irresponsible use of “likelihood” as a
calculus tool at the coalface level and to provide a more solid reasoning towards my
point of view opposing its precarious and speculative use, I have decided to write
this paper in hope to build some support and to stimulate some debate behind my
quest for a safer workplace. I wish that in the near future my ideology will suffice for
a change of thinking.
The key point of the whole paper is; it is not the workers duty to provide a level of
risk using likelihood or even occurrence as it is commonly thought; it is the
organisations duty. The worker should be focusing on the consequence, pre-
approved risk controls and any other local control. The worker should be focusing on
a level of acceptability, not on level of risk. These consequences and controls should
be the determining factor for a task to be deemed acceptable prior to any
commencement.
I constantly observe it; worker confusion over the use of likelihood. The
risk scores I see in various risk assessments are allowing risks through the
organisational risk management system, which inevitably become
incidents that the organisation has not collaboratively controlled. If a
company is promoting risk management well, then risks should not even
reach the coalface level as each new task should pass through the
"management barrier". When a new task is introduced to the company,
the management level should ask for the input of the workers and
anyone else to assist in their evaluation. With all this information
gathered, even if the company says the task is low risk, the worker still
can say no. This is my whole point about the SAS soldier being asked to
do a dangerous extraction that may lead to death - if the soldier thinks
this is unacceptable, why then did he become a soldier.
4
Corporate and Coalface
I absolutely agree with Pascals notion and need to determine the chance of
something happening, but I believe it is very determinate on the level for which the
application of chance is particular too. Pascal may have wanted to know the
likelihood of being struck by lightning, but did he stand out in the open field to find
out? No, because the consequence regardless of any likelihood was too high; he was
not prepared to die finding out. Was Pascal (for argument sake) deciding to
manufacture a rubber umbrella or a metal one, because the metal one was 10 times
cheaper to manufacture than the rubber one. If the likelihood of being hit by
lightening was high, then he could maybe justify the high cost of the rubber
umbrella, on the other hand, if the likelihood of being struck by lightning was very
low, then he may not manufacture the metal umbrella because being struck by
lightning very rarely happens...keeping in mind here that all fallible humans think that
events won’t happen to them! hence, why we still buy metal umbrellas today for the
golf course.
A coalface worker who is doing the task, or in the example just given, a golfer
standing out in a lightning storm playing golf, is not going to use, or needs to use a
calculated risk rating based of the likelihood of being struck. Who cares what the
likelihood is at this point, danger is imminent. If a worker does want to use likelihood
as a tool to measure ones safety, then they are relying on a system to guide their
innate intuition. I do not know any worker who would put their faith in luck.
Picture 1.Practical splitting between consequence and likelihood and consequence
and control; showing what risk calculus should be used at each level. Keep in mind
this is a basic chart; corporate could have many more topics to consider.
In this paper, Coalface is basically anyone who works actively at a workplace (either
as a group or individual) who is not planning or controlling anything from an external
business location (worker/s) and Corporate are those planning and controlling the
workplace from a external location (officer/s). The reason I have done this is to make
5
allowance for the practical splitting between consequence and controls, and
consequence and likelihood (shown in picture 1). While senior management may
need to determine the risk using both consequence and likelihood so they can
decide to either make a metal umbrella or a rubber one, or to determine if the task
of standing out in the storm is even an acceptable option, is very different to
establishing risk for a task that has to be done at the present, by the person/s
working out in a lightning storm. This person/s should only be concerned with
consequence and controls, in this case the equation would be; risk = consequence &
controls (R= Csq & Ctrl).
Note; this equation is a simple equation making a visible and understandable point
similar to R = C x L, showing that using “controls” as a calculus is better than
using likelihood/probability. In my thinking, I have taken out the multiply calculating
sign and replaced it with an “&” sign, because one needs to examine many factors to
establish an equation and calculating these factors has many issues. The maths
behind this would be way too complex for a majority of organisations to calculate.
You can only deal with a risk with what you are prepared to use.
What I am most concerned about is that workers at the coalface are being put in
harm’s way because of a legislated method to evaluate risk, a method that has not
been accurately established nor made very clear by either government or
organisation; a method that has many variations and which are dependent on so
many factors. There is plenty of information about Risk scoring, but what I cannot
uncover is the dividing line between risk scoring at the coalface and risk scoring at
corporate levels, that distinguish who should manage what or when equations
should be used to determine level of risk; and here-in-lies the predicament.
Just because risk management explains that determining a level of risk is a legal
requirement, does not mean that every level needs to use this methodology as so
commonly believed. I always see it, workers being trained and inducted on scoring
risk using the likelihood calculus. They should be getting educated on the risks and
what controls have been approved, and how to use those controls.
If we look at AS/NZS 4360 and AS/NZS ISO 31000, both explain in various ways that
risk management should be embedded into the organisation at all levels using the
application of risk management processes. This is to ensure that information about risk is
adequately reported and used as a basis for decision making and accountability (clearly a
management area). In AS/NZS ISO 31000 it establishes the process and context and in
each point the organisation is basically named as the risk owner. Section 2.2 of AS/NZS
ISO 31000 states; Risk Management is coordinated activities to direct and control an
organisation with regard to risk. In the name of risk management, which activities belong
to the workers?
6
Workers help the organisation make decisions via raising hazards and offering practical
ideas to control them. You cannot expect coalface workers to establish and manage the
whole process that is designed to be done collaboratively by the whole organisation, this
is a management area.
If the organisation manages duty of care, then their duty is to oversee all activities under
their control. Their duty in risk management is too basically;
1. Establish the context
2. Identify risk
3. Analyse risk
4. Evaluate risk
5. Treat risk
6. Monitor and review
7. Consultation
I believe there is only one point the coalface worker needs to raise in this process,
and that is the identification of hazards/risks. If the worker cannot do the task safely
with pre-approved management controls, then they need to give the risk back to the
organisation for ownership and delegation of that risk. The organisation (managers)
will then through a collaborative approach, address the risk through the risk
management process, such as risk assessments, using coordinated activities that will
direct and control the organisation in regards to the risk. The use of likelihood should
only be used at an upper management level to help establish what may need to be
done to mitigate the risk for a known operational task.
Do you ever get into your car and say, "the likelihood of me having an
accident today is low, so I won't wear a seat belt and I won’t stop at any
stop sign? You know that there is a likelihood of an accident because the
government (organisation) has told you. The government uses collected
data from many sources to give a likelihood of crashing while on a phone,
while speeding, while not wearing a seat belt etc. With this data, the
government (organisation) can decide on whether to make phones non-
usable in cars or implement an advertising campaign.
Intangible Risk
I have briefly raised this topic before in my; The problem with risk scores and hazard
registers paper. My concern with using this accepted methodological principle is that
it provides an intangible risk score on any given probable outcome for a single task,
particularly one done at the coalface (a level I don’t believe the use of likelihood
process was intended to be used at).
7
Typical risk score calculator; giving a low score risk for a fatality.
Above is a common risk score calculator which is just a slide line version of most
typical risk matrix tables used in almost every organisation. Let’s use Pascal in this
example. Say a severe lightning storm was above you right now, and the organisation
had determined that standing out in a storm was low risk because it had done a risk
assessment (as shown above), and that it decided to use metal umbrellas because
they were cheaper than the rubber ones. Even if this calculator was done using the
best information, advanced computer simulations and various other collected data;
as a coalface worker, does the probability (likelihood) or exposure matter to you? No.
This risk tool is saying that a fatality is low risk. Low risk to who? low risk for what
level? It is certainly not low risk to the coalface worker. Even if working in a severe
lightning storm had never been raised by the organisation, should the coalface
worker base his risk acceptance on a probability? No. It means little.
I cannot accept or see how this approach using likelihood can be used as a means to
protect workers when a low score can in-fact have a fatality as a result. People get
excited about an easy-to-use tool such as the slide risk score tool, but easy can mean
faulty, just as cheap means week. Currently, any incompetent or pathological
employee that inputs incorrect data into a register will see a low score show up as a
colourful “go green light” (Low Hazard), and then say, “It’s green and only a low
score”, then feel as though nothing more needs to be done but the real risk still
remains.
Using likelihood speculation at the coalface as part of a protective barrier, regardless
of what has occurred in the past, or what may happen in the future, as a means to
manage safety both present and future, can be a very dangerous exercise. This is
because risks are being scored low, when in fact they are high. The use of likelihood
has to be calculated with accurate analytical data and knowledgeable information,
and used with a total understanding of the data and information. Likelihood is
8
derived from collected data as best practice. If an organisation does not have access
to such data, then the only measure to calculate a risk at the coalface should be the
current consequence and control, because the rest is just speculation. We should
look at consequence as “actual” and likelihood as what I call “subjective illusory”. As
my notes in my original paper allude to;
“Trying to predict when an event might occur or guess probability cannot be done;
no-one can predict an event in the future. These questions are therefore not a good
means to fundamentally calculate a correct perspective on risk”.
“Due to this shortfall, many owners/managers of companies are allowing for medium
to high risk activities to be undertaken, all because “a score” based on human
perception is classed as low risk. This is opening the way for many failures, incidents
and legal ramifications due to the inaccurate scoring of the risk in the first place”
Here is an example from the CODE OF PRACTICE 2011 | HOW TO MANAGE WORK
HEALTH AND SAFETY RISKS. In this case, the likelihood even has no valid reason to
be used. The outcome states that controls need to be put in place before the task is
acceptable, the controls matter not the likelihood.
This is clearly another example of the fallacy of using likelihood.
9
If we look at falling from a 10m ladder as an example; what are we basing the
likelihood estimation on? Are we basing it on the fact that a person might slip off the
step, miss place their footing, the ladder falling over, the ladder slipping out from
under the worker or human fallibility? These are all likelihood calculative questions
that need to be thought out and clarified, and all are correlated to the same event
outcome; fall from 10m height for which the worst case consequence is the same
(death). A majority of procedures I see have a single risk score for one step in the
procedural process, yet each step can in itself have a multitude of risks and controls.
We also have to keep in mind here and ask the question; are we calculating the
likelihood of an event happening, or calculating the likelihood of the consequence
happening? These are another two different concepts when using likelihood. When
doing a risk assessment, you should indicate whether you are talking about
likelihood of an event or likelihood of the consequences. The Likelihood of an event
is a single estimation in a given circumstance, whereas a single event can have a
number of impacts, each with different consequences.
So just with these few variations, the risk score and the perception of such risks could
change dramatically; hence giving various speculative scores. The likelihood of
someone slipping off the ladder rung might be high, but the likelihood of the ladder
slipping out from under the person maybe low. The only determinative risk
acceptance level that should be calculated as a means to grant “acceptability” is the
safety controls that are used to mitigate the risk. In the ladder case, these controls
maybe; appropriate ladder, training, fitness, fall protection and fall arrest systems.
Management Barrier
The risk appetite for any task should be decided by management via consultation
with workers an stakeholders prior to any worker being exposed to such a risk, if it is
not, then management are not identifying or managing risk in the first instance; this
corporate/management barrier I feel is the primary barrier. If we talk about safety in
design, this is part of it.
If a high consequence risk has become active outside or past accepted organisational
operations, or grown inside the organisation, and the barriers that have been pre-
approved by management are not satisfactory to mitigate the risk, then the risk
should be fed back up to senior management for evaluation and determining the risk
acceptance level and controls. It is the organisation as a whole that is to mitigate risk,
not just the worker, this means management and workers need to be involved in the
process. Management should know of every risk, it is their duty to know.
10
“The first barrier any risk should pass through is the corporate barrier. This is a very important key point. If hazards and risks are constantly being raised from inside the organisation by the coalface level, then this first line of defence has gaps for which the coalface workers have to not only discover, but control ” MD
I have developed what I have called a “Barrier of Acceptability” (BOA) flowchart
(picture 2). What this flowchart shows is the 3 levels of barriers before a task is
commenced; Corporate, Coalface, and Individual. While the hierarchy of controls are
designed as a one off tool in the risk management process to eliminate or control a
specific risk, the BOA chart shows levels of barriers. Each barrier should use the
hierarchy of controls, be it at varying levels of complexity. i.e. the corporate analysis
of elimination might be to remove the plant all together, while the individual analysis
may choose not to use the plant due to damage. The BOA chart is used from what I
call the “Point of risk entry”. Meaning; if risk has not been designed out prior to entry
into the organisation through a safety in design process, then controls need to be
put in place to mitigate the risk.
The BOA chart also makes it clear to the worker that calculating the consequence
and looking at controls prior to undertaking the task is the important part, and
ultimately overrides all other decisions made at any level. This is in-line with the stop
the job principle. This is then an acceptability perception barrier where all three levels
can make a choice on the acceptability of the task. If an individual does not want to
take the chance on a risk (stand out in the lightning storm) they then pass the non-
acceptance back up a level for further examination or re-evaluation.
Picture 2. Barrier of Acceptability” (BOA) chart. The most protective barrier after
“point of risk entry” is the Corporate Barrier due to consultation involved in the
process. If risk is managed well at this level, the lower coalface and individual levels
should not have to deal with any risk, just follow procedures and training.
11
Organisations need to be able to describe criterion that will give consistent
framework across the organisation that match the predetermined acceptable levels
of risk (such as used in my 2 examples between a secretary and a SAS soldier in the;
The problem with risk scores and hazard registers paper where its acceptable to get a
paper cut as a secretary and or to die as a SAS soldier). Decisions need to be as
objective as possible and justifiable on logical grounds for an organisation to
determine if they need to adjust or delete anything to mitigate the risk. It is likely
that a corporate decision about whether a risk needs appropriate action, will rely on
this criterion and depend little on coalface perceptions i.e. consequence of risks you
know you are involved in or joining up for i.e. SAS soldier.
To meet these different requirements, the organisation may choose to use
consequence only, or use consequence and controls at the coalface as a means to
determine risk acceptance and to determine overall actions to mitigate the risk. For
risk to be determined correctly for the organisation, both coalface and corporate
levels need to understand what they are determining their risk acceptance level on,
so to provide a full picture on the risk. If an SAS soldier for example did not what to
extract a hostage from a hostile environment, then why are they an SAS soldier when
this is a pre-determined accepted level of risk?
I constantly see it at the coalface; a score being used by onsite managers, supervisors
and workers that is derived from some basic intangible risk matrix to determine if a
task is acceptable to proceed or not, it is such a waste of time as people cannot put a
value to it. Being told that swimming in shark infested waters at midnight compared
to midday has less likelihood of being eaten does not in any way change my mind to
go swimming in the water at any time. This is because regardless of what anyone
tells me via some basic calculation derived from some irrelevant and or inaccurate
historical record or from some predicted future, no-one can give me a 100%
guarantee that a shark won’t eat me; Hence the likelihood has no value. If someone
provided me with a shark cage and shark repellent chemical, then maybe then I
would go into shark infested waters. It’s the controls that assist me in my decision
making process.
“We should be referring too and calculating risk at the coalface with consequence and or consequence and controls only, not including the equation of possible likelihood of an event happening. Why don’t we just say; do the task and we will see if anything happens, as this is basically the same principle.” MD
12
Governmental Clarity
If people are being injured, wounded or killed at the workplace because of some
governmental confusion that has legislated for a key safety tool/system to be used,
that has serious fault due to lack of explanation and guidance, then is it fair that the
government can expect any sector to provide and maintain a safe workplace? Has
the government failed in their duty of care? as it has done in many other cases
throughout history.
My question here would be; how many workers have died because of this process?
A Risk Matrix is a tool that is used during a Risk Assessment process that is to define
the various levels of risk for a task or event. This is a mechanism of varying
complexity to increase the visibility of various risks to “assist management” in their
risk decision making process. What I feel the government has failed to provide, (for
which is my key argument) is the context and application for which this methodology
should be used. Is it a corporate tool or is it a coalface tool? Because currently, and
regardless of what level risk matrix is used, it is used at both levels for determining
risk, two totally different scenarios. When one studies the risk assessment process in
detail, it should be clear to the reader that using a qualitative risk matrix (risk =
likelihood x Consequence) for determining a risk level for something that needs to be
done now, is a problematic issue that has serious consequences. And if a risk
assessment was done on using likelihood, I am sure it would prove my point.
These problematic limitations suggest that risk matrixes should only be used at
senior management levels (knowledgeable levels) with great caution, careful
explanations of embedded judgments and using pertinent information. There are
many factors that need to be considered from knowledge and experience when
using such a basic risk matrix. If a group or a person is asked to guesstimate on
likelihood, for which they have little knowledge about in the terms of how likelihood
should be calculated, then the likelihood of that information being incorrect has
increased the likelihood of failure, hence the whole process is flawed and has given
way and increased the chance for an unwanted event to occur.
Even if those doing the risk assessment are knowledgeable and have great
experience, you still cannot know for sure the outcome of any one event. Law of
probability proves this. So even in this example, the process is flawed.
13
“It is often misjudged hazards that cause the serious incidents. How many
incidents do you hear of that are explained as “I never thought that
would happen” or “What was the chance of that happening” well yes, 1
in 100 years, but they did not identify the laws of probability; in that
there is no way of knowing the exact results that you are going to get in
any particular situation. You may be applying all the laws of being safe
today, yet you may be having an unsafe day or a safe day. There is no
way to predict the outcome for any particular occasion. Just like guessing
the flip of a coin, where it is possible to see 30 heads come up in a row,
when it is expected to be a 50/50 chance” MD
The use of a risk matrix which has likelihood imbedded as a calculus therefore should
only be used as a tool to assess the risk profile for any task or event in the
organisation. If an organisation wants to determine if they were going to spend a
million dollars improving a process to make the process safer, then they would want
to establish if the likelihood of the event actually happening justifies the outlay. An
organisation may not want to spend a million dollars implementing a change to a
process that only occurs once in a hundred years. Nor may the organisation want to
spend this outlay due to a likelihood of the event happening once for every million
times, even if the worst case consequence is a fatality. What the organisation may do
is determine outlay costs on barriers that can be used to mitigate the risk.
Defeating Likelihood Rationale
Likelihood – something that may happen; the probability of a specified outcome; the
chance of something happening; the state of being profitable.
The rationale behind using likelihood is to provide a means to give a calculation so
one can determine a parameter value. It’s been used in science, medicine, maths,
societal development, business and even in sports just to name a few. It made its way
into safety to determine a measurement on risk, be-it mainly to people, environment,
or damage. It has proven its worth in some degree as a key tool to assess risk for an
organisation in the initial stages of setting up, introduction of something new, or if
change has taken place. It gives an organisation a means to prioritise actions/plans
and decide on expenditures.
Let’s look at an example that was thrown back at me and see if I can prove that even
in this example I can disprove the use of likelihood in a working environment.
If I was to travel in my car at 160kph between two points at 5pm on a Friday
afternoon, the likelihood of being caught by police would be greatly increased than if
I was to travel at 160kph at 3am on a Monday morning. I cannot argue with this fact,
and if given a must do choice, I would choose to travel at high speed at 3am on
14
Monday morning, but there is still no guarantee of not being caught by police. In this
example, I could certainly use likelihood to work out my odds of being caught by
police, but it has no bearing on key risks.
This argument at first seemed to give good debate to disprove my philosophy, even
though it was off my point of its use in the workplace. But let’s look at a few things
anyway that are disconcerting in nature with this opposing argument and how it
would relate to the work environment to which the original argument is based.
1. What is the consequence if you have an accident at the high speed; does your
consequence of injury diminish or increase?
2. Have you decreased the vehicles safety factor; is it more probable that the
vehicle may suffer a mechanical malfunction?
3. Have you decreased your level of competence; is it more probable that you
will lose control of the vehicle or unable to avoid a hazard?
4. Have you chosen and accepted to take a higher risk than normal; are you only
concerned with being caught, getting into trouble and having to pay a big
fine, instead of thinking about your safety and those of others.
For each one of these scenarios, the consequence of failure has increased
considerably. Therefore the action to use likelihood as a way to avoid the risk of
being caught by police does not lower the tangible risk of injury or damage. The
other key point in this example is that if you did take the risk of speeding, then your
attitude is of an unacceptable pathological one, not a desirable action in any
organisation.
So in the workplace using this example, if you were a professional driver; is speeding
at anytime a desirable safe practice? No. Should it matter the likelihood of being
caught? No. In this case the likelihood of having an accident has increased due to
your deviation from the law. This argument is likened to the taking away of a
foreman or site manager, and then all the workers take off their PPE and throw away
procedures, because the only reason they were doing the “safe things”, is because
they are fearful of being caught and losing their job.
The brief example I used in the; The problem with risk scores and hazard registers
paper was regarding climbing a 50 meter communication tower using a ladder. I
described the fact that regardless of any likelihood or exposure matrix calculation,
the consequence of the risk (climbing and falling from the ladder) is the important
part to consider prior to the task being done. If the organisation is proactive in risk
management, then the risk assessment should have already been done prior to this
risk becoming active.
15
“The most important part of managing risks in the workplace is not to
measure it first (qualitatively or quantitatively) but to understand the
nature of risks, the causes and consequences and then to use this
information to control the risk” MD.
The consequence of a fall in this case without any barriers is the critical factor. It is
therefore a total waste of time for a worker to even consider the inclusion of such a
meaningless likelihood/occurrence matrix tool to work out if the task is acceptable to
proceed or not. The only current concern should be; what safety controls or barriers
are in place to prevent the risk from occurring. If the organisation had not proactively
done a risk assessment prior to this task, then the coalface worker doing the task that
day does not need to be aware of likelihood. It does not mean anything or provide
any value, only confusion and misinterpretation.
Risk Appetite and Risk Acceptance
To determine a risk appetite; a level of risk that the organisation is prepared to
accept before an action is deemed necessary to reduce it, the company through a
safety/risk assessment process has identified the need to climb the tower. To
evaluate if the organisation will accept this task and associated risks, this safety/risk
assessment will need to be done using likelihood so decision makers that are setting
the agenda of what constitutes acceptable or tolerable risk can gain an acceptable
conclusion for the implementation of controls.
Again, an acceptable risk profile (the acceptable level of risk an individual or
corporation is prepared to accept) for a SAS soldier is dealing with explosives that
may kill them; this is set as a tolerable risk for this industry. We need SAS soldiers,
and someone has to do it, so if you are prepared to live a life with these sorts of
consequences, then that is your acceptance level, hence why SAS soldiers are
courageous. So, looking at the 10m ladder example, the organisation has got this
basic appraisal.
1. The Consequence is; Critical
2. The likelihood is; Possible
3. The Occurrence is; once yearly
The company does not want an incident because of their zero harm policy, but it still
needs to climb the tower, so it needs to decide on a risk mitigation action based on
various risk/cost balancing acts. In this case the action will be Risk = Consequence x
Likelihood x Occurrence, with a cost and loss factor overarching the whole process.
Looking at the falling at height consequence, the worst case scenario is a fatality. The
company has tried to eliminate the risk of climbing the ladder, but it cannot be done.
16
The organisation has investigated making the tower tilt over using an hydraulic pivot
systems, but he outlay is too expensive and would send the company broke. So the
company decides to look at what controls they can use to approve the risk that are
within their means.
Below are the 3 simple Barrier of Acceptability tables for each organisation level. For
example purposes only and do not in any way provide accurate guidance.
Corporate Acceptability Table
Risk Control 1 Control 2 Control 3 Control 4
Fall Training and
competency
Fall Protection Fall Arrest &
PPE
Rescue plan
NIL Acceptable Acceptable Acceptable Acceptable Acceptable
Coalface Acceptability Table
Risk Control 5 Control 6
Fall Approved
Ladder
Limited work
duration
NIL Acceptable Acceptable Acceptable
Individual Acceptability Table
Risk Control 7 Control 8 Control 9
Fall Human
Performance (scared of heights after
recent incident)
Weather (to windy)
Training (Forgot training)
NIL Acceptable NIL Acceptable NIL Acceptable NIL Acceptable
So what you will see in these tables is that while corporate indentified 4 key controls,
some more controls were identified at the coalface level and added 2 more layers of
protection. Then at the individual level, the consequences of the risk did not
penetrate the acceptability layer due to the worker having individual concerns, so the
task was stopped. Every level participated in the control of risk based on their area of
control and expertise.
Note; an organisation may have many controls in each barrier depending on
complexity of operation or task.
Note; I use a level of acceptability, not level of risk. Level of risk belongs to the
organisation as a whole, whereas the level of acceptability belongs to all.
In this case, because the task had already been assessed by cooperate and because
the coalface controls went above the corporate controls of acceptability, the coalface
did not have to seek approval from corporate. The Coalface level would advise
corporate of the extra controls as part of the consultation process for risk
management.
17
The below table is an example of my hierarchy of control checking table used for the
corporate barrier level to determine if a risk has been controlled. What I have been
trying to prove for some years is that these controls should form the matrix to which
governs whether a task can proceed or not. In this example a percentage calculation
is used, but a numerical value can be used to form an equation to use with
consequence to give a level/score of acceptability. The verification of each control is
done via an audit, assessment or check-sheet to ensure the control is verified.
Although no companies are using this idea as no common tool yet exist, I think this
concept that rates a risk as acceptable using controls will one day be common
practice and hopefully override the current risk matrix methodology. I have sent the
idea off to various agencies with mostly positive feedback due to the logical
approach, but all ideas and concepts take time to filter into reality.
18
Conclusion
This paper has put forth the argument that there is a definite inherent risk using
likelihood as a calculus at the coalface within Australian workplaces, even though the
regulatory framework is built around organisations taking a risk-based approach
using prescribed risk assessment methodology.
I have endeavoured to provide a practical solution to this dilemma by splitting the
calculation of risk into two separate levels in an organisation, each level addressing
their different obligations and requirements with their own level of knowledge and
skills. Below are the key points of the paper;
1. The paper has argued that for organisations; it is satisfactory to estimate
risks at the corporate level using both consequence and likelihood to give
a risk appetite level so to provide a basis to determine risk controls.
2. The paper has argued that for organisations; it is satisfactory to only
estimate risks at the coalface level based on the use of consequence and
or consequence and controls. This is due to the confusion with reference
to how to calculate risk likelihood and due to that fact that workers cannot
see likelihood as a tangible tool.
3. The paper has argued that for organisations; it should use at least three
levels of protective barriers before a task is done, each level having the
ability to use the hierarchy of controls.
4. The paper has pointed out that the level of risk is different to the level of
acceptably. Level of risk belongs to the organisation as a whole, whereas
the level of acceptability belongs to each person.
By splitting the use of calculating the risk, I hope that I have demonstrated that to
measure a level of risk using likelihood is the responsibility of the organisation, not
just the coalface worker (although the worker has valuable input). The use of
likelihood adds little value to risk management at the coalface. The use of likelihood
is a confusing non-rational term that is contributing to incidents and failures in
systems.
To make a safer workplace, a tangible means that goes towards making an informed
decision about whether a risk is tolerable and acceptable needs to be introduced.
The means to do this I believe is to use consequence, and what can be implemented
to control the risk, not likelihood. I hope all organisations take the use of likelihood
out of the risk management equation for workers. I am sure a safer, resilient more
proactive organisation will result.
“Every fallible human can and will display a poor perception of likelihood
and a poor appreciation of the laws of probability. These poor perceptions will greatly affect the calculus values mean in practice” MD
19
“The likelihood of an unwanted event occurring at the
coalface, due to not taking the likelihood calculus out of the
risk measurement equation at the coalface, will increase the
likelihood of the unwanted event happening at the coalface.
What am I basing my likelihood equation on? The likelihood
that all erroneous information leads to unwanted events”
MD