Updated: 24th July 2009
At the core of any organisation's health and safety strategy is the well-being of its employees and others (i.e. members of the public, contractors, suppliers etc) for whom the organisation has a responsibility within its premises or while using its resources.
Identifying those risks, both operationally and strategically, which may threaten the achievement of that objective leads to the effective identification and application of management solutions to mitigate the likelihood of those risks arising, or their impact and effect if they do.
Risks are not just a threat to organisations, the UK itself is susceptible to risk and this is something that is recognised by the government with the Cabinet Office publishing the first UK wide National Risk Register in August 2008, setting out the Government's" assessment of the likelihood and potential impact of a range of different risks that may directly affect the UK". Inevitably, the register has been drafted largely as a consequence of the very real security threats which face the country, but also with regard to other potential national threats such as a Bird Flu pandemic. The register provides a national risk assessment of the most significant crisis and emergencies which the United Kingdom, its citizens and key organisations could face over the next five years.
So what is a 'risk register'? In simple terms, the register is a management tool that enables an organisation to understand its comprehensive risk profile; it is simply a repository (a central storage area) for all risk information. The register is the hub of the internal control system; containing the objectives (including assets, premises and personnel), risks to and controls for the whole organisation. This document should be written and managed by a Corporate Risk Manager, or similar designated officer, but owned by the organisation as a whole since every department - including Health & Safety - will play a real part in identifying potential risks within its own remit of responsibility.
It is essential when compiling the register that the risk identification process is comprehensive, covering both \ external and internal threats, for instance the threat of an arson attack on your premises to the simple failure of the heating system within your head office facility. The assessment process should not be limited by the depth and breadth of an organisation and both reactive and proactive sources should be considered. Your organisation will probably have many sources of risk identification readily available to it; for instance, incident and accident reports, audit reports, regulatory inspections, customer complaints. However, these sources are not an exhaustive list of risk identification processes.
From this first step, every potential threat and risk to the achievement of those objectives and the effective functioning of the organisation should be brainstormed and recorded - no matter how improbable or remote. This process really does require 'open thinking', devoid of any prejudices, restrictions or self-imposed barriers.
Some of the areas which should be accounted for when completing any H&S-based risk assessment could include: generic risks for general hazards, such as asbestos or working with portable tools; dealing with emergency evacuation of the premises; gas leaks or electrical failures; or, the threat of a terrorist attack or a full system failure. Specific risks, such as clearing guttering; establishing safe systems of working such as contact with an untreated water supply; dealing with disabled staff or customers; using solvents or adhesives; working in hot or cold environments; working at height, for instance, on the roof of your premises.
It should be remembered that developing the risk register will not be a panacea against all potential threats. However, it does help focus the organisation's attention on ways in which it can, or should, respond under most circumstances. As the old axiom says: "You can't prepare for everything - but you can prepare for anything."
Julie is a law graduate who qualified with Price Waterhouse in 1994. Julie joined Smith & Williamson in 1997 and became a partner in 2001. With Mike Stevenson, Julie set up Middleton Partners offices in Salisbury and Southampton, both of which are now part of Begbies Traynor.
Julie is a member of the Insolvency Practitioners Association and is a Fellow of The Association of Business Recovery Professionals. Julie deals with all aspects of Corporate Recovery and turnaround work and takes all form of personal insolvency appointments.