top of page

Five Risk Management lessons we can learn from elephants - Lesson 3

Likelihood x Frequency of Risk Occurring. When both are present, you will eventually hit the Elephant. It's not if but when! One winter night during one of the many German air raids of World War II, a distinguished professor of statistics showed up in his local air-raid shelter. He had never appeared there before. “There are seven million people in the city,” he used to say. “Why should I expect them to hit me?” His friends were astonished to see him and asked what had changed his mind. “Look,” he explained, “there are seven million people in the city and one elephant. Last night they got the elephant.” Learn how to do Risk Assessments.

During my past career, first, as an airborne combat medic attached to the special forces and later on as a close protector in the Middle East, I realised that it is neither about the risk of something happening nor the "perceived" level of risk that is important when determining if it is safe to undertake an activity. If you want to know if something is safe, determine the controls' effectiveness, in the event that something will go wrong.

In this third lesson of five articles on Risk Management Lessons, we can learn from elephants; I have again reached out to my friend Rodger Hollins, a Health and Safety Advisor from The Waikato, and asked him to share his thoughts.

Rodger explains, This month’s topic sounds relatively simple, doesn’t it? The more frequently someone is exposed to something, the more likely an event could occur. Given that, according to ISO31000, the risk is defined as “the effects of uncertainty on objectives”, and adding that consequences of uncertainty can be both positive and negative, one could say that the more frequently someone visits the gym, the more likely they are to become fit and meet their objective. This is being very simplistic, of course. Health & Safety generally don’t focus on positive outcomes of objectives, well, at least my experience hasn’t shown me much of that, and I suppose it depends on what the specific objective is. In many cases, health & safety systems tend to try and focus on the adverse outcomes of risk. “What could get in the way of meeting our objectives?”, “what could go wrong?” So, from that perspective, I suppose the same could apply; the more likely someone is exposed to a hazard, the more likely an event could occur, at least without any controls in place. It is necessary to add the “without any controls in place” to that previous sentence as in the context of work; many people are exposed to hazards very often, it is all relevant to the work that people do. Roofers spend a lot of time on rooves, civil workers spend a lot of time with mobile plant and traffic. Laboratory workers face chemicals every day, so when calculating the risk level, or the likelihood of an event occurring, perhaps it is important to remember that high-risk levels are usually proportionate to the frequency of exposure but are inversely proportionate to efficient controls.

A few weeks ago, I spent the day reviewing Site-Specific Safety Plans for a company that is subcontracting out some work. I am not at liberty to share specific details; however, they are unnecessary. The observation that I thought of sharing though, was that even though the maintenance work being planned was relatively simple, and all contractors were submitting plans for the same job, there was a vast difference in risk perception between the plans, so much so, that some contractors submitted formal confined space arrangements and lock-out-tag-out processes, whilst others specifically declared that there was no confined space in the planned work or need for electrical isolation. Even though recent articles have discussed some of the points that affect risk assessment, such as the understanding of the hazard and internal and external factors that influence perception, how is it possible that for the same, relatively simple job, the assessment of the risk is so far apart? Theory and reality might suggest many reasons for these discrepancies however as a focus point; I’d like to stir thought around the following:

· Variances in likelihood assessments. What is actually being assessed?

· Are we using risk assessment as it is intended?

· Can the incorrect application of a likelihood assessment cause unsafe behaviour?

Thought 1: “Likelihood”, the likelihood of what?

Depending on the risk matrix that you and your team choose to use, the assessment of the level of risk is commonly based on “likelihood” and “severity”. Severity is generally seen as the most foreseeable outcome that could result if an event occurred, for example, if someone fell from a 6-meter height on a developing construction site with rebar sticking out of the ground or trenches below, the severity most would agree upon could be death or a permanently disabling injury. “Severity” however, is not the primary focus of this discussion.

For now, let’s focus on “likelihood”. The first thought for consideration when assessing the “likelihood” is, what specifically is being assessed? In other words, it’s… “the likelihood of what?”. As health & safety would have it, there isn’t one correct answer. Perhaps this question is specific to the type of risk being assessed, for the specific viewpoint that the risk assessment team need to understand. In certain cases, teams choose to determine the likelihood of “the hazardous event occurring”. What is the likelihood that someone could fall from height or the likelihood that a cloud of gas could form in sufficient concentration to accommodate fire or explosion? In other cases, teams choose to select a certain type of consequence and then try to determine the likelihood that such an outcome will occur. For example, the team agrees that death is the consequence associated with being struck by a vehicle, and then they try to determine the likelihood that someone would die if struck by a vehicle on their site. In rarer cases, some sources of information share the idea that the likelihood assessment considers the “likelihood that a hazard has the potential to cause harm if exposed to it”, for example, exposure to moving machine parts is very likely to cause harm. Each option may make sense in its own context, however how often do teams really consider the importance of being specific when undertaking a risk assessment? Should worker teams really delve this deep or should risk assessments be left for those with a particular skill set? Given that hazard registers and task analysis documentation have become such a “formality” and an “expectation” in health & safety plans, do some teams merely provide a quick, illustrative assumption of a risk level in general, considering that most people understand this assessment to be subjective anyway? Should business leaders consider how the differences in these assessment options impact the magnitude of the calculated risk if used inappropriately, and in turn, affect the priority of managing important controls for health & safety risks that their people face daily?

Whatever you and your team choose to assess the likelihood of, how likely is it that it will occur? That’s the million-dollar question, isn’t it? Experience suggests that for some teams in some industries, this is seemingly a simple guess where opinion is shared around a table of teammates, whereas in other settings, this decision is based on data from past events or the answers to some strategic questions, aligned to the specific hazard being assessed.

So how do we consider the likelihood of something occurring? In most cases, it depends on the type of risk being assessed. If referring to business-level risk, perhaps data from previous events is valuable as this may allow businesses to focus on areas that are known to cause harm, ill health, or some other form of loss. This data can either be generated or can be sourced from reputable sources such as the Regulator or other trade bodies. The insurance industry, for example, has benefited from years and years of specifically attained data that they use to understand their risk as an insurer. This is probably one of the reasons why we pay a higher premium for driving a certain type of car, living in a certain neighbourhood or where we have had previous claims. Seemingly, through watching a recent insurance company’s advert, this particular insurer is even willing to stipulate the type of event that is most likely to occur on a given day of the week, which might illustrate the extent of data being analysed. There may be a helpful link between historical data as a tool in identifying certain types of risk, particularly for business-level risk. This may help create awareness and focus on certain work aspects, processes, equipment, and tools to help protect people, but tell a worker that they should be careful as statistics show that many people have fallen from ladders in the past around the world and have been seriously hurt or killed, and the conversation probably gets pushed right back to the previous article, on risk perception and its challenges.

Thought 2: Risk. Is it “level of risk” or “risk of”?

So, are we utilising risk assessment as it is intended by health & safety legislation? Unfortunately, I am not the person to offer you the answer to this question, but it is worth a good thought though. The word “risk” has definitely been at the forefront of people’s minds, particularly since the change in New Zealand legislation back in 2016. “We are no longer focusing on the hazard now, it’s all about risk.”, a seemingly very common comment that I hear regularly, but let’s share a more specific example.

I have undertaken basic site audits over the past year for a large construction site and during this time, have developed a few good relationships with the people on site. During a walkabout one day, it was time to focus on the mobile crane operations, so I asked the crane operator, who I knew quite well a few questions. “How often do you crane a suspended load over workers' heads? Mike immediately replied, “never, it’s not allowed”. I thought that that was a pretty good answer as I, like most I hope, would believe that the risk of being under a suspended load is significant, if not for the likelihood that the load could fall, for the consequence that would occur, when it falls. A heavy load landing on a few workers, even one, is almost guaranteed to result in a fatality which would be catastrophic not only to the individual and their family and friends but to the organisation as a whole. Looking around, the site was really busy, so I asked Mike another question. “What’s your schedule looking like Mike, are you guys running on time?” Mike laughed. ”We’re easily 3 weeks behind, the pressure is on.” This was a perfect opportunity for me to ask my final question. I asked Mike for complete honesty which would go unjudged. Highlighting that the site looked quite busy, considering that there was no designated zone for crane movement at the time, I asked Mike if he was willing to tell me the truth. Did they really stop work every time something needed to be moved? The tone changed. “To be honest mate, we probably move a load over people’s heads at least once a week, but it is… relatively low risk.” Those three words intrigued me as further conversation suggested that if the frequency of exposure was low, then the risk was low, perhaps to “acceptable levels”. This experience got me thinking. How many times have I had conversations with people who have tried to downplay the approach to health & safety simply because the risk was low, in their eyes? Have you ever had such conversations? Combined with many different views of “reasonably practicable” and other concepts that are spoken about, is this the type of decision making that risk-based legislation is trying to encourage on the ground or does risk assessment possibly means something different? Even though the level of risk is assessed within a business, at the coal face, should teams rather be focusing on analysing “the risk of” as opposed to the “level of risk”?.

Sharing an idea – What could likelihood assessments look like?

Jeff and Samantha work in the roofing industry. Every day, they move from site to site and access various rooves to complete different maintenance and installation tasks. Before they even get to do their work, the company that they work for acknowledges its duty to identify hazards associated with the work that they expect their people to do and therefore their senior leadership instigates a risk assessment process, undertaken by a group of competent people.

The risk assessment process, from a higher-level perspective, tries to understand the danger of working at heights and includes some of the risks associated with this work, two distinctive risks in this quick example, being the risk of falling from the roof and the risk of falling through a roof. The likelihood component of the assessment then uses various factors to analyse this, including historical data from the business itself or industry where available. In line with this article, the frequency may also be a consideration where the company identifies the fact that their workers are exposed to heights for a fair portion of their workweek, perhaps up to 70% of the time.

These, amongst others, may be the triggers that suggest that this type of work is a critical risk for the business and its people. Once this is established, the business then sees the sense in analysing the risk further. Further likelihood consideration, determined through task analysis or similar tools, may include determining other factors that increase the likelihood that a fall could occur, for example, the pitch of the roof, surface conditions, wind factor, poor housekeeping, age of the roof, its construction, distraction of workers etc, and factors that affect the likelihood that the predicted consequence will occur, perhaps the height to some degree, the ground conditions, age of the worker, the lack of emergency response or assistance after a fall, isolated workers and so on. These factors can be determined through brainstorming, site visits, the sharing of experiences with the team and even identified causal factors from helpful guides, past incidents, or near-miss investigations.

Once the core risk assessment has been done, the business can determine the controls that should be implemented and the processes (“rules”) that should be followed. When determining the processes, careful attention should be paid to applicable Laws, Regulations and even good practice guides as the requirements in these documents should set minimum standards or expectations, especially when managing critical risks. This would help support a culture where even if the risk level is calculated by the team to be “very low”, the minimum health & safety standards expected by the business, are maintained.

Workers who do the work can now be trained on the findings of the risk assessment. Over and above any unit standard training conducted by an external provider, internal training should close knowledge gaps by including company-specific details. Historical data can be included in such training to highlight the risk and to influence risk appetite, however in most cases, causal factors should be a focus in training to help grow the worker's capability in assessing the “risk of” (what could go wrong) before a job starts. “Minimum standards” or “the rules” could also be included in this training so that workers acknowledge legal boundaries.

Jeff and Samantha are now at the worksite planning to get on with a job. Given the different contexts of the on-site risk assessment, frequency of exposure is possibly not included in their thoughts as working at heights is now a given and they will face the hazard. Perhaps now the “level of risk” is not as important as it was during the PCBU’s risk assessment earlier but now rather, understanding the “risk of” becomes more important. “Armed” with foundational knowledge through their training, the understanding of the risk assessments that have already been done for this type of work and having the right range of controls to use for common circumstances, Jeff and Samantha are ready to get on with the work. Before they start the job, they are encouraged to review the existing understanding of the risk, which means that they have an opportunity to think for themselves, to view the actual area of work, and consider the likelihood factors that apply (pitch of the roof, surface condition, wind factors etc.) and select the appropriate controls that they have been given by the company. Effectively they have an opportunity to close the gap between work as imagined and work as done.

Many may call this a pre-start inspection, a step back 5 by 5. Call it what you wish, it allows the workers to compare the actual to the planned and to either apply the appropriate control measures that they have been given or to contribute towards their health & safety by contacting their manager if they feel that the provided controls are unsuitable. These days, particularly in the construction sector, this process is encouraged to be written down for various reasons, and this may be why the task analysis document has become such a popular piece of paper, which is arguably quite effective if used appropriately. The above is of course merely an idea of how processes could work together to achieve a meaningful outcome. Depending on the company’s maturity level, experience, influences, and values, a similar or completely different approach could be applied.

In closing, likelihood and severity play a role in understanding risk. In this article, thought was given to the “likelihood” and the supporting factors that could help businesses understand the likelihood of certain events or outcomes occurring, which included the frequency of exposure to the hazard. Key points to take away from this article include:

  • Context is important. Risk assessments come in various shapes and forms and it is perhaps important to ensure that teams are using the most appropriate approach when determining the likelihood and frequency.

  • It’s not just Likelihood and Frequency: Frequency is an important and helpful factor to consider, however depending on the type of risk being assessed, other key factors should be considered too.

  • Risk should be assessed by competent people. This of course means with the help of those that do and know the job, however, it also includes those that have a deeper understanding of risk and the technical skills and abilities to ask the right questions and quantify the right factors. Try to make use of outside experts where necessary.

  • Always keep an eye on severity: When critical risks have the potential to kill, one or many, teams should be careful not to let the manipulation of the likelihood assessment lower the risk ranking as seen in the shared example of crane works earlier.

For those of you who have followed Rodger's thoughts over the past few months, you may already realise that it is not his intention to create researched “white papers” on the subjects discussed. His inputs on these topics are reflections of his theories, and his experiences and to share some ideas or thoughts that hopefully trigger you to do the same.

As always, we are keen to hear from you and your team. How do you tackle this aspect of health & safety in your business and if your methods used are effective, what type of benefits are you and your team seeing for your efforts?

Take care.


bottom of page