• Menu
  • Skip to right header navigation
  • Skip to main content
  • Skip to secondary navigation
  • Skip to primary sidebar
  • Skip to footer

Before Header

  • LinkedIn
  • Twitter

Richard Rackham

Speaker and Business Continuity Specialist

  • Home
  • About Richard
  • Rotary
  • Blog
    • Main Blog
    • Rational Politics
    • Lost Sheep
  • Contact me

Mobile Menu

  • Home
  • About Richard
  • Rotary
  • Blog
    • Main Blog
    • Rational Politics
    • Lost Sheep
  • Contact me

Describing Risk

Richard looks at the way that risk assessments are often poor at describing risk – and looks at ways we can improve risk descriptions

You are here: Home / Blog / Describing Risk

January 6, 2015 //  by Richard Rackham

My last post was about action planning, and I concluded by saying “a good resolution for 2015 would be to put into action the risk assessments that you did in 2014”.

One piece of feedback that I received was about the quality of the risk assessments that were performed. My contributor was making the point that some people concluded a discussion about a contentious work topic with “I’ve done a risk assessment”. Somehow, as if by magic, they seem to feel that this would solve the problem and conclude to the conversation. This was exactly the issue that I was covering in my post. However, my contributor continued that the quality of the risk assessment was never discussed and this was vital.

That comment resonates with my own experience. A poorly conducted risk assessment can run into a number of problems. I have experienced both the frustration and the futility that goes along with poorly written risk assessments. I will cover a number of the pitfalls in conducting a good risk assessment in future posts. For now I’ll cover how people describe risk that they are evaluating.

Risk Assessments are Poor at Describing Risk

Many risk assessments aren’t describing risk at all – odd but true. There should be a “Risk Description” field in the risk assessment and in my experience this is always completed. However, the description that is submitted doesn’t communicate the risk. Instead, they often describe a problem being experienced by the risk assessor.

So we might see a risk expressed as “We do not issue electronic invoices”. This is not a risk. The author may have a real risk in mind. It could be that electronic invoices are standard in our industry and so we are losing customers. It could be that the customer receives a printed invoice and transcription errors are causing incorrect or late payment. But neither are being described.

General health and safety risk assessments are often worse. The descriptor might say “Sulphuric Acid”, which is a hazard (i.e. it has the potential to cause harm). But it is not a risk (i.e. the probability of actually causing harm). The difference between a hazard and a risk is quite important. We can reduce risk by changing control measures, but a hazard is a constant. So, with our sulphuric acid example, the hazard is sulphuric acid; it is either there or it is not – this does not tell us if there is any risk. The volume of acid, its concentration, manner of use and the environment in which we use it are all contextual contributors to the understanding of the risk. (My health and safety professional colleagues would note here that a COSHH risk assessment would do all this for you).

What is the Consequence?

Equally, we need to know what the consequence is. Are people going to be harmed by this sulphuric acid? Are we concerned about property damage? Is the risk that we might need to evacuate and interrupt our production line? Without a consequence in there, it is difficult to understand the risk.

So a risk assessment must describe both the consequence and the context. What is the real issue is and how does it arise? This seems very simple, but is rarely achieved.

The Man on the Clapham Omnibus

The other issue with describing risk is that we tend to write them in jargon. How many of us have seen risks such as “Plugging drill string with LCM”? I’m sure that there is a risk in there, but I have not the first clue what the risk might be. By the way, I got this one from a website, which will remain nameless, that says that it gives examples of good risk management practice!

There is a principle in English law, which is used by the court as a test of where it is necessary to decide whether a party has acted as a reasonable person would. It was first used in the 1903 English Court of Appeal libel case, McQuire v. Western Morning News and is the concept of “the man on the Clapham omnibus”. This hypothetical man is a fair-minded, intelligent and reasonably well educated. I am going to borrow this person (it need not be a man) and suggest that this person will be reading your risk assessment. Despite being reasonably well educated, they are unlikely to have a technical knowledge of the specialisms involved and, as such, we must not use language that is too technical, we should explain acronyms and generally express the risk as that person would understand it.

If we describe the consequence and the context of our risk in a way that can be generally understood by a reasonable person, then we have a reasonable chance of describing risk to those that need to act upon it.

Using a Simple Format

To help with this there is a simple format that can be used in describing risk: “There is a risk that X, which is caused by Y and results in Z”. It is useful to think about all three variables even though this might be overkill for many risks, you might not need Y and Z as the risk is adequately described using just X and Y or just X and Z. So for our electronic invoice issue the risk might be described as “There is a risk that we lose customers caused by our failure to meet industry expectations of electronic invoicing”. In this instance we didn’t need Z as the risk is adequately described by X and Y.

We might be describing risk about Sulphuric Acid hazard as “There is a risk that staff might suffer sulphuric acid burns caused by concentrated acid leaking from the corroded large volume storage cylinder in the goods yard resulting in loss of staff, litigation and industrial action”. That says a bit more than “Sulphuric Acid”, doesn’t it?

Gaining the Support of Decision Makers

Now imagine your risk being reviewed by the board. You will understand that urgent action needs to be taken to resolve the problem of the corroded sulphuric acid storage tank. The folk in that board meeting are unlikely to be familiar with the problem, and even less likely to understand that from your risk description; “Sulphuric Acid” as a risk descriptor is unlikely to gain much support.

So getting the risk description right is key. It doesn’t need to be a Shakespearian sonnet, just a good description of the risk, with consequence and context that is understandable to a reasonably educated person. If we can do this we are well on the way to having a good basic risk assessment.

Share this

Category: BlogTag: Risk, Risk Management

Previous Post: «Action planning for the new year Action Planning for a Risk Management New Year
Next Post: Controls in Risk Management Controls in Risk Management»

Primary Sidebar

  • Facebook
  • LinkedIn
  • Twitter
Cricket Health and Safety Lessons

Cricket: Health and Safety lessons

Australian cricketer Phil Hughes died this morning. A cricket ball hit him on the head. The cricket authorities will be learn some health and safety lessons. The media have highlighted the numerous messages sent from across the world. The media portrays a theme, somewhat subdued, that there must be someone to blame. The manufacturer of …

NHS Workers on Strike - Business Continuity Plan

NHS Workers on Strike: Business Continuity Plan?

On the top of the BBC news listings today, albeit for a very brief time, was the story that NHS workers were staging a four hour strike. One has to wonder if there was a business continuity plan. Of course, there will be copious copy on the reasons, the motives, how appropriate, the effect and other …

Risk Management in the Real World

Risk Management in the Real World

It always seems a relatively new development when people try to reduce risk – but clearly it isn’t at all new. Armour was developed to reduce death in war, farming to reduce the risk of starvation by hunter gatherer tribes and so on. One question though is why do people take risk at all? The …

Footer

Contact Me

Feel free to contact me here

Contact
  • Facebook
  • LinkedIn
  • Twitter
  • Terms and Conditions
  • Privacy Policy
  • Cookies Policy

Copyright © 2021 · Richard Rackham · All Rights Reserved

We use cookies to ensure that we give you the best experience on our website. If you continue to use this site we will assume that you are happy with it.OkPrivacy Policy