If it ain’t broke, don’t fix it – reviewing risk assessments


In this video, Health and Safety Solicitor Sue Dearden and Senior Consultant Angelica Rutherford-Hacon discuss the common pitfalls of reviewing risk assessments, how the hierarchy of controls informs decisions and how duty holders should look at risks.

Reviewing Risk Assessments

When we’re looking at risk assessments very often people know about risk assessments and they’ve got them completed but they forget to go and review them when circumstances change in the workforce, such as new people coming in, retirements and new equipment.

The obligation to carry out risk assessments is pretty well known now, it’s not often that organisations don’t have them in place.

The issue is more often that in some way the risk assessments are inadequate. They might be there but they haven’t been reviewed. For example, somebody is pregnant or acquires a disability through an injury and circumstances have changed.

The next issue is that if the company has reviewed them but they haven’t in some way recorded that review, so there is no documentary follow-through in terms of what has been done, what has been looked at and what has been changed over time.

The most important thing is that people assume procedural and process change or machinery change for example might prompt a review of risk assessments, but what gets forgotten about is that the control mechanisms may change with time.

What’s available to manage a risk does change and people forget to look at that, working on the “if it ain’t broke, don’t fix it, principal”.

Very often when reviewing risk assessments, it has been found that control measures further up the hierarchy of control haven’t been thought about. Therefore, control measures were utilised that weren’t suitable and sufficient and that could leave you exposed to an accident or incident taking place.

The one thing that is important to consider is that you don’t have to have an accident to be prosecuted.

The H&S at Work Act 1974 makes very clear that it’s failing to control and manage the risks appropriately.

What do we mean by the hierarchy of controls?

Please read this article for an in-depth look at the hierarchy of controls. 

We start off at the very top of the hierarchy where you try to eliminate the risk, for example, a window cleaner working at height. Being able to use equipment such as high reach window cleaning apparatus, eliminates the need to work at height in the first instance.

If it is not possible to do that you start to come down the hierarchy and eventually you will get to the very bottom which is Personal Protective Equipment (PPE) with working at height it could be harnesses, and that is what many duty holders will go for first – the PPE element.

How should duty holders look at the risks?

Sometimes people can look at risks and think if they give a hi-vis jacket to their workers that it will protect the workers without thinking about the obligation to eliminate the risk if possible.

Don’t put them in harm’s way first of all, for example in the path of workplace traffic, then you should next try and manage it through training.

In the above example, the driver may or may not see the hi-vis jacket. If a risk assessment had been done you should have thought of putting a physical barrier in.

If we look at workplace transport, you’re looking at putting in some barriers or many other solutions which are fit for that purpose. It all comes back to what is reasonably practicable for an organisation. The costs versus the risk – that is something every organisation has to consider for themselves. It is all a part of that risk assessment process of having the best controls in place to protect your workforce.

It can be that risk assessments were created years ago and have been reviewed many times but actually, the risk control measure hasn’t changed and the rationale for that is that there hasn’t been an accident, therefore it must be ok.

This can be a very dangerous strategy for any organisation to take because sooner or later it has only been luck that you have gotten away with it, and unless you put better control measures in place you could potentially have an accident which is the worst outcome you can have.

What to take away from this article

Firstly, make sure you have got your risk assessments in place.

Secondly, review your risk assessments periodically, not just when things change. Review them proactively with a mind to have the control measures available changed. Can you put something more in place to take this up the hierarchy of controls?

Thirdly, documents and the reviews that have taken place. Whether or not it leads to any changes to the risk assessment itself but documenting that you have reviewed it will help you.

If you do need advice on any aspects of your risk assessments, the way in which you are reviewing them and what needs to go into them then please contact any of the Consultants at Finch who will be able to help you.

To subscribe to the Finch Consulting newsletter for updates please click here.

Related insights