Risks are everywhere in the workplace, especially in the electrical industry. Peter Vandenheuvel writes about everything you need to be conscious of.

Risks, they are everywhere. In business, they are in every decision you make. The consequences can be rare and insignificant, but the much greater proportion is not, with many being almost certain and catastrophic.

Knowing this, it will be no surprise that the more risks you can reduce to an insignificant outcome, the better your business will perform. Just think, no waste, no injury, no losses, the list is almost endless.

So; do you want to break into a cold sweat daily worrying what disaster will hit the fan next, or sleep like a log with nothing to fear? It’s your choice!

How? Simply analyse your risk profile, eliminate the ‘hitting the fan’ moments, at the same time get more sleep and learn more about your business.

But not just that, there will be no bad outcomes haunting you till doomsday. You’ll also keep clear of all those dreadful courts or tribunals and forever avoid the lawyers’ accusations that “you knew or should have known”.

Remember, risk is not confined to actions related to a serious or disastrous workplace injury. You wish, they are only the tip of the iceberg. The real risks lurk deep below.

They hide also in your legal, commercial, financial, business, property customer and other issues. Also there are; customer bankruptcy, failure to pay, a job gone pear-shaped big-time or foreseeable natural events.

Any of these could be about to torpedo your business, seriously affect your employees, make your customers’ premises unsafe or place the public at risk. And with each you’ll wish you could turn the clock back.

Controlling them will increase performance and add to your bottom line. What’s there to lose?

So what to do?

Well, if you are smart, the bad consequences can be dodged. All you need is a risk management system focused on eliminating – or at least mitigating – the  ‘hit the fan’ moments.

Too hard? Not as hard as you going out of business. Remember; an ounce of prevention is a whole lot cheaper than a pound of cure.

Start with the most critical and catastrophic events that could send you or your business down the gurgler, and the sooner, the better. Then work down the list.

And it doesn’t need to be perfect or cover everything from the outset. After all, having a risk management plan, even with some minor shortcomings, is a much better defence, than for you to be called out for gross negligence because haven’t addressed it at all.

What about the SWMSs and JSAs?

Your Safety Work Method Statements and Job Safety Analyses are all part of the work safety system and if in place and properly followed will eliminate most workplace hazards and unsafe working practices.

But that’s where they stop. Yes they should cover most of the workplace and work methods issues you run into. However, even they may not cover the unique or one-off situations needing extra checks and balances.

Their objective is only about ensuring the wellbeing of the people within the enterprise.

The bigger picture

This article is about the much more. Yes it also embraces the WHS aspects, but they are not even the tip of the risk iceberg. There is much more lurking in the deep, too easily overlooked until it’s too late.

Risk assessment is about controlling the other risks any business manager or owner like you has to deal with every day. Risks that can be just as catastrophic as WHS incidents for the wellbeing of the company. They ensure sure you continue to prosper well into the future.

But our enterprise is too small

Wrong, wrong, wrong! The smaller the business the less you can afford a disaster. It’s the one-person, small and medium enterprises that need attention most!

So don’t just skip over this article without giving it very serious thought. Don’t think for one second “this is not for me, just for the big end of town”.

In fact the complete opposite. It is most likely they already have the expertise and experience in-house, whereas you, as a smaller business, are probably still flying blind.

Don’t forget; managers and owners of sole-operator enterprises, like those with small and mid-size ones have exactly the same obligations and risks as the ‘big’ organisations. So, thinking it doesn’t apply – or that tired old excuse of being too busy – aren’t just wrong, they can be disastrous.

Just think about what happens if someone in your organisation is injured (or worse), your premises  burnt down, a large customer bankrupted, your vehicle found unroadworthy in an accident or one of your employees’ unsafe work leading to a shock incident, fire or worse.

Always remember; to keep your business healthy and at the leading edge, regardless how small it is, you need to be working ON your business, as well as IN it; well here is something to be working ON.

But keep it simple

Don’t be frightened-off or overawed by the task. Your risk assessment process doesn’t have to be an ‘all bells and whistles’ system. The simplest solutions often give the highest rewards and here is a roadmap to get you under way.

Start with the uber-critical, the low hanging fruit. Then work down the list until all that can things that can harm your business that you won’t be able to recover from are fixed.

Typical examples for your business;

• Poor working practices, shock hazards, electrical explosions and fires.
• Unusual operational or WHS risk outside your SWMSs.
• Rework, non-compliant or substandard work.
• Unexpected financial loss or customer non-payment.
• Your premises or records destroyed.

For a more comprehensive list, look for the quick list toward the end of this article.

Use a risk analysis matrix

The best tool is always the simplest. There are many similar matrixes on the web to choose from. Here is a typical example; one of the better ones as it lists both the risk bracket and its risk scores for better comparison;

Note the columns list the severity of the possible outcome and the rows list the potential occurrence possibility of the event. The rating brackets and score combinations are in the table.

All you do to determine the risk is;

1. Identify the risk and the issues or hazards it presents in its situation.
2. Decide the most severe consequence (the worst case outcome) for that risk.
3. Decide the most severe possibility level (the how often) of it occurring.
4. Determine the score and risk range from where two and three intersect.

The intersect score then shows the risk-event severity and the score, with the scores aiding in ranking the different scores in the same bracket.

It will be for you to decide if the score reasonably reflects the risk being assessed and determine your ‘risk appetite’ for that risk.

Where the risk level is deemed acceptable for the particular risk – or combination of risks if more than one are grouped together – then proceed ‘as is’.

Where the risk level is not considered acceptable, further controls must be put into place to lower the risk until it is acceptable.

Also, it would be good practice to record the outcome.

Typical scoring examples

Example one; working on an energised switchboard. This would typically score;

• For consequence; ‘catastrophic’ as it could result in serious injury or death as well as significant damage to the switchboard and its surroundings.
• For possibility; ‘almost certain’ or at best ‘likely’ as the risk of an incident is definitely higher than the next row down (just ‘possible’).

The risk in the matrix would therefore score an 80 or 100.

This would not be acceptable, in fact far in excess of, what a person responsible for a safe work place and safe system of work would deem acceptable. Even more so, when most conscientious employers would now be striving for a score of ‘low 12’, and certainly not over ‘medium 16’.

As the score is considered unacceptable, additional controls must be put into place to lower the risk to an acceptable level. Generally, that can be done by either reducing the consequence or possibility – or both.

In this example however, the ‘catastrophic’ consequence can’t be reduced as long as the switchboard remains energised. Likewise, the possibility of it occurring will only result in it happening less often, but when it does happen, it will not change the extreme outcome seriousness.

So the only foolproof control in this situation will be to lower the consequence; with the only obvious solution being the de-energisation the switchboard. And even then, given the possibly of the very serious consequence, that must be done in a way where there is no possibility of it becoming energised during the work.

The most effective control could include;

1. Identifying all main and alternative supplies, including back-feeds, to the switchboard.
2. Isolating and locking each supply off using an isolation and lock-off procedure.
3. Verifying every supply AND all other accessible conductive parts have been isolated.
4. Confirming what PPE must be used (may include arc flash PPE or insulated gloves).
5. Attendance of a suitably trained observer where required.

The controls should then all be documented and put in place. In addition, they must also detail the exact re-energising and recommissioning procedure.

To prove the extra controls have now made the risk acceptable, the now-posed risk must be reassessed based on these new controls being in place.

For this example, it should now have reduced to a consequence of ‘minor’ and possibility of ‘unlikely’ with a new score of ‘medium 16’.

Example two; assessing the risk for taking on a large or complex project.

Assessing this is extremely important especially where; a project could exceed half of the company’s turnover for a long duration, the customer is not well known, the skills or equipment required may be new, or any other issue that may put it outside your comfort zone.

This is because a project having some or all of these risk issues has the potential to seriously negatively impact the future of the company and will likely be beyond your comfort zone.

So, an assessment, again using the matrix above, should be undertaken either for each of the issues of concern separately or for the group of concern-issues overall.

Assessing each issue separately is recommended as it is more precise. You can then assess each issue and decide it on its own merit. In addition, you can identify any deal-breaker issues that could on their own be sufficient to veto it. Also, controls to overcome the hurdles can be developed along the way.

For any complex project, the issues could include you having or getting; the right skills, the right manager, the right plant etc.

Also financially; will it over stretch your financial resources, is the customer a credit risk, what if you don’t get paid at all, could it bankrupt your company? Not forgetting of course that there may be opportunities lost if it prevents you from working for your other key customers during that time.

Once you have identified all the issues of concern you’ll have a much clearer picture of all the hurdles you need to jump over and how, enabling a much better informed decision. You can also then assess the effort required, the reward likely to result and the financial risk it may present; similar as in example one above.

Remember of course that any remaining catastrophic-outcome issues – those still scoring a ‘high’ or ‘extreme’ – will need to be considered extremely carefully as they are still potential deal-breakers.

If the risk is then within your acceptable range then you may decide to proceed with it ‘as is’.  However if a high risk, you may make your offer conditional so reducing your risk, increase the price to get a more worthwhile reward, or decide to walk away if the risks still remain too high.

Where do you start?

By;

• Being aware of the many risk you and your people face every day.
• Understanding the risks are not just for WHS but across your entire enterprise.
• Using a tool that puts the risk (or risk combinations) into perspective.
• Embedding the risk controls in your Standard Operating Procedures (SOPs).
• Eliminating repetitive decision-making for you and your team.

Do an audit and priority list;

You can do a quick desk-top audit on your typical business risks NOW – just off the top of your head;

1. Select each issue that applies to your enterprise from the quick list later in this article.
2. Add any other issues not listed but important to you.
3. Do a quick one-to-five consequence and possibility score for each issue identified.
4. For consequence; 1-insignificant, 2-minor, 3-moderate, 4-major, 5-catastrophic.
5. For Possibility; 1-rare, 2-unlikely, 3-possible, 4-likely, 5-almost certain.
6. Multiply your consequence and possibility scores together for each issue.
7. Arrange your issues in order highest to lowest.

Just by doing that, you now already have a priority action list to work from.

A quick list

Here is a list of typical risks that could substantially negatively impact your enterprise to consider;

• WHS & Covid; lack of or inadequate controls or poor adherence to the system.
• PPE; not available, unsuitable, not being worn in poor condition.
• Buildings; lack of or poor security, condition, housekeeping, fire risk.
• Records; (employee, business, customer, work) loss, incomplete, not secure.
• External influence; flood, fire, arson, storm damage, impact.
• Power supply; continuity, blackout risk, installation safety, vandalism protection.
• IT systems; security, backup, standby power, hacker attack, outdated technology.
• Vehicles; roadworthiness, overnight security, safe driving, operator licence currency.
• Plant & equipment; fitness for purpose, operator licenses, inspections, training.
• Work; workmanship, licences, standards compliance, dangerous work practices.
• Quality systems; adherence to, audits, training, continuous improvement, suitability.
• Inspection & testing; test procedures, records retained, form lodgements.
• Site security; theft, damage, arson, site safety, equipment storage.
• Insurance; all risks covered, conditions compliance, up to date, records kept, paid-up.
• Accounts; in order, billing, ability to pay, outstanding, follow-up, theft, fraud.
• Customers; bankruptcy, failure to pay, over expectation, relationships, marketing.
• Cash flow; control, accurate forecasting, confirmation, collection, debt recovery.
• Work in Progress; control, assessing work done, progress claims, variations, productivity.
• Business planning: vision, business strategy, keeping at leading edge, competition.
• Marketing; branding, brand building, reputation protection, growth strategies.
• Employees; retention, career paths, training, workflow, hiring, dehiring, performance.
• Procurement; supplier competition, supply chains, control, logistics, storage.

The above are not in any particular order, or fully inclusive but highlight just how important risk management can be, especially with other enterprise related issues to also consider.

Also include other mission-critical risks from the four key business areas, the ‘getting’ – marketing, the ‘doing’ – operations, the ‘controlling’ – management and the ‘cash’ – finance. Then focus on those having the biggest impact and pay-back.

Prioritise scores high in the ‘one-to-five’ initial desk-top assessment as these are potentially the most mission-critical. The others can then follow later.

Action plan

Once prioritised, for each issue or type of risk event listed;

1. Identify all the big-impact things that may go wrong.
2. Develop the controls to lower the risk score to your acceptable targets.
3. Change your systems or SOPs to suit.
4. Train all involved in the processes and changes.
5. Regularly audit to confirm the new controls are followed.

Where possible, buy-in from the team members involved can add considerably the outcome.

In conclusion

There is a huge potential for your business to convert many of the unidentified or poorly managed risks across the whole of your enterprise for the substantial betterment of it.

This is about identifying those many risks faced by your enterprise each day. It provides a yardstick to measure the risks and provides at least some extra measure of confidence and uniformity in dealing with them.

By identifying and quantifying them, you, the manager or owner will better recognise, understand and control them. Then, through the changes in your SOPs you will eliminate or at least minimise their impact to acceptable level, as well as adding to your bottom line.

But the best thing? Once you’ve built your controls into your system, they will always be there. No more reinventing the wheel every time a repetitive risk has to be dealt with, nor suffering the consequence of it being overlooked.

Break out in a cold sweat fearing the next disaster that hits the fan – or sleep like a log with nothing to fear? You choose!