THE MORE RISK THINGS CHANGE, THE MORE THEY REMAIN THE SAME
So, the more things change in risk, the more they stay the same. And Lord Chesterfield (1753) wrote “The chapter of knowledge is very short, but the chapter of accidents is a very long one”. We have more guidance in the form of standards but still have disasters – high profile (and front page) as well as low profile. In this short article I explore some of those disasters and some of the consequences.

PIPER ALPHA 1988
It’s 25 years since the Piper Alpha disaster off the north-east coast of Scotland when 167 people died in one of the UK’s worst industrial disasters. The cause was a valve, removed for maintenance, combined with a breakdown in the permit-to-work system that allowed the escape and ignition of flammables (Lord Cullen, 1990). Lord Cullen’s subsequent recommendations included regulatory oversight for the safety of offshore installations be moved to the UK Health and Safety Executive and adoption of a Safety Case regime for high-risk activities. And, subsequently, safety management systems became popular.

MANAGEMENT SYSTEMS STANDARDS
International standards on risk and management systems are proliferating. ISO 31000 Risk management – Principles and guidelines (with an AS/NZS prefix for readers in Australia and New Zealand) was published in 2009 and provided the first internationally agreed approach to risk that was not sector-, industry- or risk-specific. Indeed, the scope to the standard says it can be used in any industry, for any risk.

International standards on quality and environmental management systems have been available for many years and a compliance management system standard is near completion. Why do we need all these standards?

A full answer to that question might be quite long but a short answer is that different interest groups have promoted their own, quite valid, world views – so much depends on how you frame a question. Thus, the question: “how do we improve the quality of our goods or services?” might lead to the answer “through a quality management system”. Or the question: “how do we ensure compliance with legislation and codes?” might lead to the answer “through a compliance management system”.

A RISK BASED APPROACH
However, a risk-based approach might ask: “what risks associated with goods and services are we exposed to?” or “what risks associated with legislation and codes are we exposed to?”. In each case the answer might result in changes other than implementation of a specific form of management system.

Assessing compliance-related risks could lead to re-engineering activities so that non-compliance is less likely and risks become acceptable. Or redesigning a chemicals manufacturing process could avoid quality- or environment-related risks. Adopting a risk-based approach and not taking an environmental or quality management system approach may have led ICI to develop the Leading Concept Ammonia technology in 1984 and so reduce production costs and environmental emissions.

WHO AUDITS THE AUDITORS?
A further reason for taking a risk-based approach is that management systems must be audited to give assurance to stakeholders (eg, management, the board, regulators) that the management system is delivering the expected results. Following the Esso Longford gas plant explosion in Australia in 1998, it was found the safety management system was deficient and, in turn, the audits of the safety management system were deficient (Longford Royal Commission, 1999). Thus, the management system response to a perceived need in turn requires assurance the management system is working as intended. And in some situations, the statutory external auditors may rely on the management system audits.

TREAT – MODIFY – THE RISKS!
So, rather than simply adopt new management systems, we need to apply the hierarchy of treatment options (set out in note 1 to the definition of risk treatment in ISO 31000) to any risks evaluated as unacceptable. My experience as a consultant and when running risk management training courses shows the need to apply the hierarchy three times to each risk evaluated as unacceptable. This helps break down preconceptions and open up ideas that could provide a big-picture solution rather than just imposing another management system.

Rather than see risks narrowly as quality-, environment- or safety-related I think it preferable to see risks as having many causes of events (including changes of a particular set of circumstances) and many consequences. In other words, no single management system will address all of the components of a given risk. This opens us up to the simple but powerful idea that, “In short, all management is risk management” (Crockford, 2005).

TAKING THE RIGHT RISKS
In 1974 Drucker wrote “The main goal of a management science must be to enable business to take the right risk. Indeed, it must be to enable business to take greater risks – by providing knowledge and understanding of alternative risks and alternative expectations; by identifying the resources and efforts needed for desired results against expectations, thereby providing means for early correction of wrong or inadequate decisions” (Drucker, 1974).

Quality, environmental and safety management systems focus on unacceptable aspects of business-as-usual risks and so enable executive management to focus on the bigger, more strategic picture. But it can be argued such systems work against evolutionary change and lead to the need for more painful revolutionary changes.

THE PLACE OF MANAGEMENT SYSTEMS
A risk-based approach means the higher the risk the more attention management must give to detail. This may be where a documented management system should be applied – to the reduction of the effect of uncertainty on objectives (ie, risk as defined in ISO 31000).

This is not the place to explore the lack of solid evidence in favour of management systems. Suffice to say, they may be of value when management at all levels takes an active and positive interest in how well the objectives of, firstly, the organisation; and, secondly, the management system, are being achieved. Both should be aligned and both require adequate resources; otherwise a management system can be a fig leaf, mere tokenism, that will result in worse consequences in the longer term.

WHERE MANAGEMENT SYSTEMS MIGHT FALL DOWN
In 1995 the collapse of a viewing platform at Cave Creek in New Zealand killed 14 people and injured four others. Judge Noble (1995) was commissioned to investigate and report to Parliament on the resources given to the Department of Conservation. Judge Noble found one primary cause and six secondary causes of the collapse. For one of the secondary causes he wrote:

“In recent years New Zealand has been regarded as an international leader in certain areas of innovative reform. It is one thing, however, to pass innovative and forward-thinking legislation; it is another thing altogether to provide the resources to make it work. When the legislature creates statutory duties for which it is responsible, it must give the lead by ensuring that its own agency is adequately resourced to carry out those very duties”.

WHAT IF THE REGULATORY AGENCY FAILS?
It’s about 25 months since the Pike River coal mine disaster in New Zealand when 29 men died. The then Department of Labour was subsequently found to have lacked the resources needed by a 21^st century regulatory agency. A report for the Ministry for Business, Innovation and Employment by Shanks & Meares (2013) found that:

“The mining inspectors, as we have found and is evident from the Royal Commission Report, were not resourced and supported so as to be able to properly carry out their functions. Serious concerns about this were raised but not engaged with effectively by senior managers who were endeavouring to balance resources for other potentially major risks”.

As a result, the regulatory agency and safety legislation are being changed and there is much bustling about in government agencies with attempts to write legislation and codes that will help prevent another Esso Longford, Pike River, Piper Alpha, Cave Creek or similar disaster here. That new legislation may require the development of management systems but, unless those systems are genuinely risk-based, the new legislation may be in vain.

“Those who cannot remember the past are condemned to repeat it” (Santayana, 1905).

Or the more things change the more they stay the same.

References

• Crockford, G. N. (2005). The Changing Face of Risk Management. Geneva Papers on Risk & Insurance – Issues & Practice, 30(1), 5-10.
• Drucker, P. F. (1974). Management: tasks, responsibilities, practices. New York: Harper & Row.
• Longford Royal Commission. (1999). The Esso Longford Gas Plant Accident (Report). Melbourne, Australia: Government Printer,
• Letter from Lord Chesterfield to S. Dayrolles. (16 February 1753) in “Miscellaneous Works” vol. 2 Maty M (ed) (1778) no. 79.
• Lord Cullen. (1990). The Public Enquiry into the Piper Alpha Disaster (Public Enquiry Report for Department of Energy). London, UK: HMSO,
• Noble, G. (1995). Commission of Inquiry into the Collapse of a Viewing Platform at Cave Creek, near Punakaiki on the West Coast. Wellington, NZ: Department of Internal Affairs.
• Santayana, G. (1905). The Life of Reason (Vol. 1, Introduction).
• Shanks, D., & Meares, J. (2013). Pike River Tragedy (Investigation MBIE-MAKO-3983458). Wellington, NZ: Ministry of Business, Innovation and Employment. Retrieved from http://www.mbie.govt.nz/, 11 April 2013

 Bio:

Chris Peace has an MSc in Risk Management and is a Chartered Fellow of the UK Institution of Occupational Health and Safety. He is the Principal Consultant and Risk Trainer with Risk Management Ltd, a specialist consultancy based in Wellington (www.riskmgmt.co.nz) and can be contacted via chris.peace@riskmgmt.co.nz. He sometimes greatly admires the ability of organisations to repeat the lessons of history.