Recently I was discussing a business idea with a friend, and decided to check out what others were offering in the same vein already. I came across one supplier of risk management services (basically just software) who thought it wise to advertise his products with phrases that led to a few frowns from my side. Let’s take some of their statements under scrutiny: 

“Risk assessments are often experienced as costly exercises that cost a lot of time and resources”

“Often methods are complicated and people are unsure about their competence with regard to risk assessments”

Isn’t it interesting for a safety consultancy firm (at least nominally) to capitalize on safety’s bad name? There seems to be an established truth among some that safety is trouble, difficult, complicated and that it costs a lot of money and resources (with the unspoken implication that one doesn’t get anything in return).

Don’t get me wrong, I don’t have problems with someone trying to make a living with their risk matrix packed tool (I haven’t tested or reviewed it so I cannot say anything about the quality). But it annoys me endlessly that a safety consultancy firm finds it necessary to contribute to safety’s bad name by enforcing the message of risk assessments being complicated, time and money consuming with little return on investment. Tell often enough that risk assessments are complicated, expensive and they will be - at least in the minds of most people.

During the past decade I’ve spent a lot of effort de-mystifying, clarifying, explaining, supporting and probably most of all stressing the added value of risk assessments - which includes among others systematic knowledge of possible challenges before they arise and the opportunity to anticipate and prepare for them.

Growing understanding for the positive effects of systematic safety work is a slow process that is easily harmed, so it’s even worse that harmful signals are coming from within our own ranks. 

“Risk assessments always compete with running the business”

Much of the same discussion here, but if possible this statement screams Wrong Understanding even louder. What it does, is confirming the view that many managers probably already have that risk assessments are something that only creates trouble, costs time and money and contributes nothing to what they do - but is a good way to keep regulators and safety departments at bay, so let’s do a quick one and back to work.

If risk assessments don’t support the business and contribute to the bottom-line then they either should not be done at all, or they are not used properly. 

“ProductX is developed so that everyone understands and that the work goes quickly“

A tool that is self-explanatory: excellent. Tools should be as intuitive as possible since this greatly increases the chances of them being used successfully. But, mind you, it’s not the tool that makes a good assessment. Give a perfectly ergonomically designed hammer to a crappy carpenter and the result is likely to be below par.

Although it surely will contribute, it’s not the tool that ensures a good result (as the text on this particular website seems to suggest). Were that be true, this would mean that risk assessment is a mechanical process that can run itself if only you use the right tool.

The key is competence - we need to teach people how to do things properly. For most applications, and certainly every day applications, risk assessments are not really that hard to learn properly. In fact, we do them all the time in the backs of our minds, e.g. when crossing the street, driving our cars or when deciding to take an umbrella before leaving the house. We can teach people to do this systematically in work situations as well, even though it in some cases may be a wise move to have a competent process facilitator to guide and support the process.

On the other hand, expose people to a risk matrix without proper training and guidance, and you are asking for serious trouble and misunderstanding. The result then gives participants a false sense of certainty and control: they think they have done a good job, but it’s likely that they have not. 

“User-friendliness increases the number of assessments done…”.

“Our customers tell us that after they acquired ProductX they started many more risk assessments than before”

User-friendliness is a great characteristic for any tool, but I strongly doubt that the main aim of user-friendliness is to increase the number of assessments done. And by the way, are we suggesting here that it’s a goal to do as many as possible assessments? One often hears the expression “It’s not the size, but what you do with it”. The same applies to risk assessments: it should be about what you do with a risk assessment (i.e. putting in place actions to facilitate doing the best job possible and creating controls and barriers to prevent bad things from happening, or reduce their harmful effects), not about the number of pages, hazards identified or number of assessments done.

This is most likely another symptom of not fully understanding the matter, and so “better” is confused with “more”. I think things should be about quality, not quantity, but interestingly (and ironically, and disappointingly) there is not a word about the quality of the product or if it actually contributes to improvement.


(By the way, the firm selling this tool had no serious HSEQ competence on its staff as far as I could detect. I wonder if they would be equally comfortable having their car maintenance done by people without the relevant skills.)


Also published on Linkedin.


Ron Gannt shared this thought provoking article about thinking differently about accidents... Recommended reading!

The University of Sussex is currently rolling out a new version of the multicriteria mapping tool (MCM) as a university enterprise. You can see more detail on the website:

The aims behind MCM are to help researchers, policy makers and stakeholders to 'open up' risk decision making in ways that illuminate issues, uncertainties, options and perspectives that are often unduly obscured. As a research tool, MCM aims to put the participant 'in the driving seat' - and to give as much importance to eliciting qualitative reasons as to the quantitative data. The tool rigorously documents complexity and diversity and also aims to be clear and practical in highlighting concrete options for action. Although the challenges remain, MCM does offer a way to help allow greater scrutiny and critical understanding.

MCM is freely available to anyone for a period, and then as a web-based service for a subscription. It can also be downloaded and used on a laptop, to help run interviews or small group discussions in any setting. Revenues raised will be reinvested by Sussex University into further development of the tool and associated services. 




The past weeks have been spent studying Erik Hollnagel’s new book, “Safety-I and Safety-II: The Past and Future of Safety”. It will take a couple of months before a review is posted on this site, but let’s provide some literature anyway.

An earlier paper on the subject by Hollnagel is A Tale Of Two Safeties

An excellent intruduction to the subject is: From Safety-I to Safety-II: A White Paper

And while you’re at it, get also this one: Systems Thinking for Safety: Ten Principles. A White Paper (Moving towards Safety-II)

Steven Shorrock has done a great blog about the subject.

Another fine article is done by David van Valkenburg and has been published by Drilling Contractor. Looks like a good summary of some of the material.

Finally, none less than Sidney Dekker has a book review on Safety I & II found at the following link

Been invited to do a slightly philosophical presentation about risk assessment and risk perception at nest Tuesday's Human Factors Mastermind Seminar of the Psykologiforbundet. That's going to be a lot of fun. Looking forward to hear Bjarte K. Røed too!

Update: it was great, indeed. Uploaded my presentation to SlideShare. A little philosophical talk about various sides of risk (and is it actually risk, or something else...)