< Home

Search

Looking for something else?

Guidance: How do I implement my risk assessments?

Mar 06, 2022

Homepage > Industry Guidance

Submit your risk assessment for review

As a risk assessor, you may be competent, but you cannot form an impartial view of your own work. From a governance perspective, you would be advised to submit your risk assessment to a competent person for review to provide you and your employer with the confidence the risk assessment is adequate.

This can also contribute positively to the professional development of risk assessors within the organization, and peer review should be encouraged. Remember that the risk assessment you are completing is for and on behalf of your employer to mitigate your employer's future liability.

Review and approval of risk assessments may be completed by a single or group of persons. It is important that the approval of the risk assessment comes from those within the organization and not its external advisors (although they may form part of the decision-making process). 

In some cases, you may be able to implement controls immediately and submit for review and approval of the effect on residual risk once implementation has been completed. In other situations, it may be advisable to submit the risk assessment for an initial review before implementation begins to determine the adequacy of the assessment and proposed implementation plan. You might then re-submit your residual risk results for final approval after implementing control measures. This is likely to be determined by the scale, cost, and business interruption required by the controls you are implementing. 

 

Implementation

It is important you ensure the safety of those who are affected by the results of a new or reviewed risk assessment whilst the new controls are agreed upon, implemented, and validated to confirm they achieve the desired result. 

When a company becomes aware they have exposed persons to an unacceptable risk of harm, they should consider themselves as on notice of the risk. If they continue to operate in the way they have previously without additional controls, this may act as a significant aggravating factor in any investigation or prosecution which follows. Failure to continue to operate may also carry significant financial costs.

This creates a real urgency to identify and implement effective controls to enable a return to normal operation. This may involve a significant and unexpected level of spending over a short period of time. It is another reason why getting a risk assessment right the first time will save substantial future costs.  

 

Residual risk validation

In the first instance, it is for the risk assessor to validate that the risk assessment controls implemented in the workplace have delivered the desired result. The validation completed should then be reviewed and approved by a competent person independent of the risk assessment done. 

To validate a risk assessment:

1. The risk assessor must produce the risk assessment and the methodology used to assess the residual risk 

2. A competent, independent reviewer or review group should determine the adequacy of the methodology followed to assess residual risk, and the result reached

3. The reviewer should communicate their decision to the risk assessor and any further action which needs to be taken before a second review can take place.

 

Live test and exercise

Where possible, opportunities to test and exercise arrangements in real-world conditions can provide valuable insight into the strengths and limitations of existing arrangements. Testing may be completed proactively or reactively, with or without giving prior notice to lifeguards. Where possible, testing completed with members of the public should be preferred to scenario training.

Testing can have positive effects on team confidence and assist in embedding positive safety behaviours. Steps should be taken to avoid members of the public being put at additional risk where lifeguards on duty are not given prior notice that testing is to take place. 

 

Desktop exercises and scenario training

Where live test and exercise options are unsuitable, desktop exercises and scenario training should be encouraged. Desktop exercises can help teams to develop a proactive culture toward identifying problems and finding solutions, especially in situations where the person identifying the problem is not able to identify the appropriate solution.

Scenario training can help build confidence and reduce sensory overload in the event of an emergency. Scenario training already forms part of the ongoing refresher training for most lifeguards in the UK. Those benefits extend to other members of staff who have responsibilities under the NOP and EAP, and it is important that the lifeguard team learns and practices emergency responses with all the relevant stakeholders in the emergency response.  

New arrangements typically arise out of identified deficiencies with existing arrangements. From the moment deficiency in the existing arrangements has been identified, the employer is on notice to seek out any additional arrangements that it would be reasonably practicable to implement in order to ensure persons are not exposed to a risk to their health and safety by the employer's operation of the pool.

 

Unplanned introduction of new arrangements

The most serious risks an operator can expose persons to are those it does not know about or those it later discovers it has exposed persons to as a result of its lack of understanding. Examples may include the outbreak of COVID-19 in April 2020, the discovery of a software glitch on a safety-critical application, or the discovery that key safety documents have been falsified by a supplier.

An operator cannot be in a position in which it can demonstrate having discharged its duty to implement reasonably practicable steps where it neither knows what those steps are nor the sufficiency of those steps. In such instances, it invariably involves ceasing operation until further information is obtained to make an informed decision on exposure and the adequacy of controls. 

The employer should act quickly to establish that its existing arrangements meet, as a minimum, its legal obligations by re-assessing the risk posed. Where that risk is intolerable, immediate steps must be taken to remove persons from that potential exposure. Where a risk is tolerable but in excess of the organization's risk appetite, steps should then be taken to identify what more could be done to mitigate the risk. If an employer discovers they are taking all reasonably practicable steps, then the activity should resume. If an employer identifies additional steps that it is reasonably practicable for them to take, they should take those steps before resuming the activity. 

 

The planned introduction of new arrangements

Some changes are made to improve safety performance rather than respond to a failure to comply with the minimum legal requirements. These changes may be scheduled to take place to enable the test and exercise of the new arrangements, consultation and participation with employees, documentation to be updated, and employees re-trained before the new arrangements are implemented.

This will enable the new arrangements to be validated and verified, provide opportunities for adjustments if needed, and ensure that the changes do not have unexpected effects on other safety systems. "Old habits die hard" as the saying goes, and some employees may need this transition in order to transition established routines, build confidence, and accept the new arrangements. 

 

How do you make changes to improve the effectiveness of your risk assessment? 

You may need to create or revise sections of your Normal Operating Plan or Emergency Action Plan. You may need to create or revise the way you induct or refresh competency within your team. There may be checklists that need re-designing or documents which need to be digitized and integrated into different parts of the workflow of your teams. You may need to create work instructions for specific tasks. 

You may need to invest in new technology or re-design existing aspects of your digital systems. You may need to work with suppliers to achieve the changes you need. You may need to identify or revise the ways you communicate with your teams or ensure their competency. You may need to change attitudes and behaviours as well as skills and knowledge to achieve your desired result. 

 

Roles, responsibilities, accountability, and authorizations

New or existing roles, responsibilities, accountabilities, and/or authorizations arising from your risk assessment that needs to be implemented. This may involve creating or amending job descriptions or person specifications. It may also involve providing information, instruction, or training to relevant persons to ensure competency in the new arrangements.  

 

Citation: Jacklin, D. 2022. How do I implement my risk assessments? Water Incident Research Hub, 6 March.

How helpful was this page?