Recently I was discussing a business idea with a friend, and decided to check out what others were offering in the same vein already. I came across one supplier of risk management services (basically just software) who thought it wise to advertise his products with phrases that led to a few frowns from my side. Let’s take some of their statements under scrutiny: 

“Risk assessments are often experienced as costly exercises that cost a lot of time and resources”

“Often methods are complicated and people are unsure about their competence with regard to risk assessments”

Isn’t it interesting for a safety consultancy firm (at least nominally) to capitalize on safety’s bad name? There seems to be an established truth among some that safety is trouble, difficult, complicated and that it costs a lot of money and resources (with the unspoken implication that one doesn’t get anything in return).

Don’t get me wrong, I don’t have problems with someone trying to make a living with their risk matrix packed tool (I haven’t tested or reviewed it so I cannot say anything about the quality). But it annoys me endlessly that a safety consultancy firm finds it necessary to contribute to safety’s bad name by enforcing the message of risk assessments being complicated, time and money consuming with little return on investment. Tell often enough that risk assessments are complicated, expensive and they will be - at least in the minds of most people.

During the past decade I’ve spent a lot of effort de-mystifying, clarifying, explaining, supporting and probably most of all stressing the added value of risk assessments - which includes among others systematic knowledge of possible challenges before they arise and the opportunity to anticipate and prepare for them.

Growing understanding for the positive effects of systematic safety work is a slow process that is easily harmed, so it’s even worse that harmful signals are coming from within our own ranks. 

“Risk assessments always compete with running the business”

Much of the same discussion here, but if possible this statement screams Wrong Understanding even louder. What it does, is confirming the view that many managers probably already have that risk assessments are something that only creates trouble, costs time and money and contributes nothing to what they do - but is a good way to keep regulators and safety departments at bay, so let’s do a quick one and back to work.

If risk assessments don’t support the business and contribute to the bottom-line then they either should not be done at all, or they are not used properly. 

“ProductX is developed so that everyone understands and that the work goes quickly“

A tool that is self-explanatory: excellent. Tools should be as intuitive as possible since this greatly increases the chances of them being used successfully. But, mind you, it’s not the tool that makes a good assessment. Give a perfectly ergonomically designed hammer to a crappy carpenter and the result is likely to be below par.

Although it surely will contribute, it’s not the tool that ensures a good result (as the text on this particular website seems to suggest). Were that be true, this would mean that risk assessment is a mechanical process that can run itself if only you use the right tool.

The key is competence - we need to teach people how to do things properly. For most applications, and certainly every day applications, risk assessments are not really that hard to learn properly. In fact, we do them all the time in the backs of our minds, e.g. when crossing the street, driving our cars or when deciding to take an umbrella before leaving the house. We can teach people to do this systematically in work situations as well, even though it in some cases may be a wise move to have a competent process facilitator to guide and support the process.

On the other hand, expose people to a risk matrix without proper training and guidance, and you are asking for serious trouble and misunderstanding. The result then gives participants a false sense of certainty and control: they think they have done a good job, but it’s likely that they have not. 

“User-friendliness increases the number of assessments done…”.

“Our customers tell us that after they acquired ProductX they started many more risk assessments than before”

User-friendliness is a great characteristic for any tool, but I strongly doubt that the main aim of user-friendliness is to increase the number of assessments done. And by the way, are we suggesting here that it’s a goal to do as many as possible assessments? One often hears the expression “It’s not the size, but what you do with it”. The same applies to risk assessments: it should be about what you do with a risk assessment (i.e. putting in place actions to facilitate doing the best job possible and creating controls and barriers to prevent bad things from happening, or reduce their harmful effects), not about the number of pages, hazards identified or number of assessments done.

This is most likely another symptom of not fully understanding the matter, and so “better” is confused with “more”. I think things should be about quality, not quantity, but interestingly (and ironically, and disappointingly) there is not a word about the quality of the product or if it actually contributes to improvement.


(By the way, the firm selling this tool had no serious HSEQ competence on its staff as far as I could detect. I wonder if they would be equally comfortable having their car maintenance done by people without the relevant skills.)


Also published on Linkedin.