Last week we noted the proposed changes in Unit A, elements 2 & 3. Much of element is much the same as it was (previously element A3). There is a greater emphasis on business terminology now, with explicit reference to performance management, key performance indicators and leading/lagging indicators. Though quite a bit of this has been a feature of such standards as BS 18004 (one of the neat supporting guides to OHSAS 18001) for many years.
A new development in A4.3 is something borrowed from the health and well-being qualification – that is how sickness absence data can be used to feed back into occupational health policies (and the targets that help drive them). This is just another example of PDCA, where monitoring data can be used to refine policy, objectives and targets in a beautiful ballet of continuous improvement (I ought to be a poet). This is the dynamic between active and reactive – reactive data (absence rates/causation) can be used actively to avert future incidents. That’s a learning culture for you.
The penultimate part of A4.3 brings up again the role of the safety professional. In this context it’s about being in the frame for external audits. I assume NEBOSH mean audits of the company by third parties (like certification bodies and customers) but could possibly also mean external audits by the safety practitioner of suppliers. Both happen.
Element A5 is now the core element on risk assessment. An issue sometimes raised is that students can feel no more confident about risk assessment after the NEBOSH diploma than they were after the certificate. That is, whilst the diploma tells you more about risk assessment, it doesn’t necessarily tell you any more about how to do it (well, anything beyond certificate level). You could argue that you get that practice in Unit D/ID, but it would be good to see more mention of practical tools out there for general workplace risk assessments and maybe the typical traps in risk assessment – how it is done badly (like using it to justify a decision you already made instead of helping you make better decisions). A5.1 does bring in the current debate on sensible/proportionate risk management and the more corporate term “risk profiling”. This latter term is used almost interchangeably with “risk assessment” in HSE’s own revised HSG65 guidance, so it might be they are confused by it too. It’s difficult to know how much is corporate management speak and how much is real at the best of times. That said, risk profiling does have a stronger emphasis on the wider business implications of risk choices (like reputational damage) and also the appetite of the organisation for risk acceptance (e.g. how much damage to reputation are we prepared to accept before we invest in more measures to stop it getting that bad).
We see, in A5.4, the mention of generic, specific and dynamic risk assessment. In a low risk business, you probably wouldn’t do much of the latter. They are encountered far more by emergency responders and school field trip organisers. The inclusion of dynamic risk assessments is an acceptance of the difficulty of risk assessing developing situations. The emergency services have had to do this for years and recognise that some of the thinking can be done up front but some of it needs to be adapted on the ground, depending on what you find and how it develops. So, we’ll see how that develops then.