element a1 introducing the principles of …...element a1 _____ © cambridge safety, nebosh diploma...

Element A1

© Cambridge Safety, Nebosh Diploma, 2012, 1

Element A1

INTRODUCING THE PRINCIPLES OF HEALTH AND SAFETY MANAGEMENT

Sections indicated with a “ * ” indicate a subject covered by prior learning from the NGC1 (Nebosh Certificate) syllabus however as they also feature in the Nebosh Diploma syllabus they are included in the notes for clarification purposes. However they may not be explored in detail during the tutorials, as delegates are expected to have this level of prior learning from their previous experience or study.

In some cases topics or legislation overlaps more than one course element, to avoid

duplication the issue will covered fully together in one element, but reference will be

made to this is any other relevant elements.

Learning Outcomes

On completion of this element, candidates should be able to:

� Explain the moral, legal and economic reasons for a health and safety

management system

� Outline the societal factors which influence health and safety standards and

priorities

� Explain the principles and contents of health and safety, quality, environmental

and integrated management system with reference to recognised standards and

models

� Outline the role and responsibilities of health and safety practitioners

Relevant legal requirements

HASAWA S2

Management of Health and Safety at Work Regulations 1999 – as amended Regs

3,4,5,7

Note: The handout for Element 4(1) gives a full summary of the Management of Health

and Safety at Work Regulations, even though some of the individual requirements are

also covered within a number of the different elements of Unit A.

1. 1. WHY MANAGE HEALTH AND SAFETY? Organisations need to consider and control as many of the risks they face as possible

not just those involving health and safety. The principles which are set in the

Management of Health & Safety At Work Regulations 1999 can be used to assess the

other risks that the business faces. This may include areas such as the environment,

security, infection, fire, finance and product safety.

Safety management concerns the elimination or reduction of the adverse effects of

health and safety risks within an organisation.

Element A1 _____________________________________________________________________________

© Cambridge Safety, Nebosh Diploma 2012, 2

These risks may lead to the possibility of loss of business assets or resources, which

may include:

• manpower

• others who could be affected

• materials

• machinery

• manufactured goods/services

• finance

The company must consider the impact of certain events on the performance of the

organisation, i.e. a major fire and where possible devise strategies for controlling these

risks or reducing their impact

on the organisation.

There are a variety of reasons

why an organisation should

manage the risks faced by it

and its employees, these can

be broadly grouped into

economic, business, social or

legal grounds.

1.1.1 Legal Considerations

Legal considerations should

include all aspects of risk

management related

legislation, codes of practice

(approved and non-approved), guidance notes and accepted standards (British,

European and other). In addition to health and safety legislation, there is legislation in

the fields of fire prevention, pollution control and product safety/consumer protection to

be taken into account in an assessment exercise which considers all aspects of risk.

The risk management technique of risk assessment has now become the cornerstone

of most new and proposed national or EU health and safety legislation. The

requirements for risk assessment is included in the following legislation (non exhaustive

list)

- Control of Lead at Work Regulations

- Control of Asbestos Regulations

- Control of Substances Hazardous to Health Regulations

- Management of Health and Safety at Work Regulations

- Manual Handling Operations Regulations

- Health and Safety (Display Screen Equipment) Regulations

It is very likely that any legislation to be issued in the future will be built around the

framework of risk assessment. A risk is the likelihood that harm from a hazard is

realised, normally this is considered by reviewing the likelihood of injury along side the

typical type of injury which may occur.

Why Manage Safety?

MoralMoral

LegalLegal

FinancialFinancial

““A matter of A matter of common common humanity”humanity”

Health & safety is Health & safety is

both a criminal both a criminal

and civil matterand civil matter

Failure to manageFailure to manage

safety can have safety can have

serious financial serious financial

implications implications –– and and

even put an even put an

organisation out organisation out

of businessof business

MoralMoral

LegalLegal

FinancialFinancial MoralMoral

LegalLegal

FinancialFinancial

““A matter of A matter of common common humanity”humanity”

Health & safety is Health & safety is

both a criminal both a criminal

and civil matterand civil matter

Failure to manageFailure to manage

safety can have safety can have

serious financial serious financial

implications implications –– and and

even put an even put an

organisation out organisation out

of businessof business

Business – If listed on the

London Stock Exchange

Element A1 _____________________________________________________________________________


1.1.2 Economic Considerations

Economic considerations should include the financial impact on the organisation of:

• Legal action

• The uninsured cost of accidents

• The adverse effect on insurance premiums, both property and liability

• The overall profitability of the organisation

The fundamental reason for utilising economic assessment in the promotion of risk

management is the fact that accidental losses cost an organisation money; knowledge

of these costs is therefore needed. Essentially there are two types of costs, i.e. insured

and uninsured.

Insured costs - These are predominantly covered by the sum of those insurance

premiums or risk transfer payments made by the organisation to insurers to offset

certain financial losses arising as a result of unmanaged risks.

Uninsured costs - These costs should also be established and may include:

- safety administration/accident investigation

- medical/first aid treatment

- lost time of injured person

- lost time of other employees

- replacement labour

- payments to injured person

- loss of production/business interruption

- repair to damaged plant/equipment

The uninsured risks are normally far higher than those insured, in some cases even a

relatively small problem can still cost the organisation time, money and effort in putting it

right.

1.1.3. Social/Ethical/Moral Considerations

Employees do not normally go to work to get injured, equally visitors and clients in an

organisation do not normally expect to be put at an unacceptable level of risk.

Employers have a general requirement to ensure the well-being of employees and

others.

The social evaluation is based on the notion that it is the duty of every organisation,

employer or person to ensure the general well-being of all other persons. This places

an onus on the organisation to provide a safe working environment for all employees.

The image of the organisation can also suffer due to the adverse publicity that results

when enforcement action is taken following a breach of statute law. Such enforcement

action is also possible under other risk management legislation including fire

precautions, consumer protection and environmental protection. The loss of company

image has predominantly many economic disadvantages, usually because of the loss of

goodwill or other intangible and invisible organisation assets which, in turn, indirectly

lead to a loss of business.

Element A1 _____________________________________________________________________________


The state of the economy can influence how an organisation manages the risks it faces.

In a downturn training budgets may be cut and employees encouraged to undertake a

wider range of activities, possibly without the key competencies required.

Government policy can influence health and safety standards both directly and

indirectly. They can decide the level of cover provided by HSE, introduce approved

codes of practice and legislation under its direction. Equally they can review legislation

and reduce or simplify it where practicable, assuming the requirement is not covered by

a European Directive,

Each year a number of initiatives are introduced to improve health, safety, well-being

and public health, some focusing on specific issues such as “Keep your top on” which

was designed to reduce instances of skin cancer amongst construction workers, “Good

health is good business” which aimed to promote good H&S standards in small

businesses. The Health Protection Agenda (soon to be incorporated into the HSE) runs

an annual campaign on reducing the risks of influenza, but it also covers issues such as

biological hazards, food safety and protection from electromagnetic radiation.

Modern businesses are increasingly global industries, presenting a range of new

working methods with implications for both health and safety issues. Modern working

patterns of nine to five are changing, employees are now expected to be available 24

hours a day with new technology enabling this. Home working and teleworking (which

involves working via information technology) at a remote location from the employer is

becoming more common.

A multicultural society with migrant workers where English is not their first language can

also represent new challenges to businesses and H&S practitioners.

Managing common health problems is an occupational issue (Waddell et al 2004), the annual number of working days lost through employee sickness absence in the UK is estimated to be 172 million (CBI/AXA, 2008), costing £12.5 billion, with additional incapacity benefits and £34.5 billion paid for personal injury compensation (Tehrani, McIntyre, Maddock, Shaw and Illingworth, 2007). Current organisational approaches to managing sickness absence range from non-existent to highly proactive, resulting in ranging sickness absence rates, with 9 days between best and worst employers (CBI/AXA, 2008). Public sector organisations including healthcare are more likely to have formal procedures to manage absence but are less likely to take formal disciplinary action if unacceptable absences continue. There needs to be a balance “taking firm action against the minority of people that seek to take advantage of their occupational sick pay scheme” but also supporting those employees with genuine ill health problems (CIPD, 2009, p11). The average annual sickness rate has reduced to 7.4 days per employee, for the healthcare sector this averages 11 days. In 2008/9 the costs were calculated as £692 per worker but for healthcare the costs were higher at £952, a massive drain on a finite NHS resource. The UK has the second highest number of long term absentees within Europe, with only 25% of employers offering any form of rehabilitation (CIPD,2004). Research by the British Society of Rehabilitation Medicine suggested that once an individual was absent for six months they only had a 50% chance of returning to work, this falls to 25% if the

Element A1 _____________________________________________________________________________


absence continues for 12 months (CIPD, 2008). Early interventions are needed rather than waiting for the employee’s sick certificate (fit note) to expire.

1.1.4 Corporate social responsibility

"In my view the successful companies of the future will be those that integrate business and employees' personal values. The best people want to do work that contributes to society with a company whose values they share, where their actions count and their views matter." - Jeroen van der Veer, Committee of Managing Directors (Shell)

The 21

st Century is a competitive place. Not only is the need for ever greater efficiency

a constant demand, other world economies are catching up and, in some cases, far outstrip our own in terms of competitiveness.

“Corporate social responsibility is the commitment of businesses to contribute to sustainable economic development by working with employees, their families, the local community and society at large to improve their lives in ways that are good for business and for development”.

However, as there is no set definition of CSR, there is confusion regarding what, if anything, should be expected of companies in the area of social responsibility. The working assumption is that a company is responsible for its wider impact on society, not merely the return to shareholders.

How can corporate social responsibility (CSR) help my business with these? It is well accepted that involvement in one’s community has personal benefits and that corporate responsibility and community involvement initiatives are increasingly having significant positive impact for many companies. Aside from generating considerable public goodwill, the direct effects of CSR for business is the subject of increasing research and analysis. Here is a synopsis of what the latest research is indicating:

� Evidence shows that CSR can assist companies to build links with public policy makers, aid innovation, involve, motivate and retain employees, build corporate reputation and enhance competitiveness.

� An increasing number of companies have high profile ethical projects and

marketing campaigns. CSR is helping these companies to lead the field and gain a competitive advantage. Regaining market share will be difficult as they will have a well-established ethical reputation.

� Increasingly the public see a company’s ethical profile as a determining factor as

to whether they will buy products or services. A strong company that engages in high profile CSR will be more appealing to a growing sector of the population.

� Large companies are trying more than ever to satisfy their customers and are

pushing ethical demands down the supply chain to the companies that they use and buy from. Being ahead of the game will help your business to be a first choice for bigger companies who are more in the media spotlight, as they use your good reputation to improve their own.

Element A1 _____________________________________________________________________________


� Powerful environmental lobby groups are managing to change UK legislation – the Companies Act 2006 has corporate responsibility implications for company directors and publicly listed companies due to be implemented in 2008.

Benefits to the Company

� Risk management – At the end of the day, investing in a company is a gamble and investors want to see that their investment is a relatively safe bet. CSR means that companies understand and manage the issues which might cause them to be targeted by campaigners. This doesn't necessarily mean cleaning up their act; it can equally mean trying to occupy the ideological space around an issue.

� Investor relations and access to capital – Many investors consider more 'socially

responsible' companies to be more secure investments. Nearly 90% of institutional investors believe that CSR will have a positive effect on business.

� Reputation management – Corporations are increasingly trading on their

reputations, brand value and 'intellectual capital'. These 'intangibles' can have an actual numerical value on the company balance sheet.

� Employee satisfaction – With over 60% of workers reporting that they want to

work for a company whose values are consistent with their own, being seen by employees as a responsible company as well as a fair employer helps to attract and retain the best staff.

� Competitiveness and market positioning – Taking lead in CSR means that a

company can position itself as the leader in its field, and will be ahead of the game if regulations are brought in or when other companies in the sector take up CSR as a business strategy.

� Maintaining the licence to operate – Mistrust of corporations is widespread, and

many companies see that the tacit licence to operate that society grants them is under threat. A valid response is to attempt to convince society that they have a positive impact.

Benefits to Society

� The type of activities companies undertake to be seen as socially responsible include:

� Corporate philanthropy – Donating to charities is a simple and reputation

enhancing way for a company to put a numerical value on its CSR 'commitment'. Unfortunately, because it is easy and very PR friendly, corporate giving is more often dismissed as a PR exercise than other forms of CSR.

� Cause-related marketing – Cause-related marketing is a partnership between a

company and a charity, where the charity's logo is used in a marketing campaign or brand promotion. Companies often choose charities which will attract target consumers. The charity gains money and profile, and the company benefits by associating itself with a good cause as well as increasing product sales.

� Sponsoring awards – Through award schemes, companies can position

themselves as experts on an issue and leaders of CSR simply by making a significant donation.

Element A1 _____________________________________________________________________________


� Codes of conduct – Corporate codes of conduct are explicit statements of a

company's 'values' and standards of corporate behaviour.

� Social and environmental reporting – Linked to codes of conduct, reporting on social and environmental performance, as pioneered by Shell, is a mainstay of a company's CSR efforts. Many of the world's largest companies now produce CSR reports.

� Stakeholder engagement – Stakeholders are the individuals or groups affected

by the activities of the company, for example: the company's employees, shareholders, customers, communities living in the vicinity of the company sites, and staff in the supply chain. In stakeholder meetings, an empty chair left to represent stakeholders that cannot speak for themselves can send an important message to those who do attend.

� Community investment – Many companies develop community projects in the

vicinity of their sites, to offset negative impacts or 'give back' to the community and local workforce.

� Eco-efficiency – Eco-efficiency was the phrase coined by the World Business

Council for Sustainable Development in advance of the Rio Earth Summit to describe the need for companies to improve their ecological as well as economic performance.

Corporate social responsibility index This identifies donations made to charities and community organisations by companies in the south of England. All of the information is based on their latest accounts filed. This unique index has been researched, calculated and compiled solely by DECISION business magazine, working from data provided by companies or filed by them at Companies House. A number of companies also contribute to their communities in ways other than direct financial donations, such as by encouraging the involvement of their staff in local projects or by the use of company products and facilities. That won’t necessarily be reflected in the figures. Donations expressed as a percentage of profit relate to pre-tax profits.

Element A1 _____________________________________________________________________________


1.2 FINANCIAL REPORTING COUNCIL GUIDANCE ON INTERNAL CONTROL

The London Stock Exchange Listing Rules require companies to abide by their code of

conduct on corporate governance. This applies to listed companies only, however those

companies who supply and work with listed companies may start to be expected to

follow and meet the same standards.

The “Internal Control: Guidance for Directors on the Combined Code” was prepared by

Nigel Turnbull and has become known as the Turnbull report. This document sets out a

risk based approach to internal control systems, companies must make a statement on

this as part of their annual report. Any areas of specific risk need to be included, these

will include safety, health, environmental and other areas of risk which effect the

company. Company directors must ensure the annual report includes the required

information.

The company needs to show it has an approach to highlight and deal with the significant

risks which may effect the business through its own internal control systems. The

system of control may be different depending on the structure of the company but the

basic safety management systems depicted in HSG65, OHSAS 18001 and ISO 14001

can be broadened to include a wider variety of risks.

Directors have to take into account the effect of their business on the local community

and environment, this also normally cover their Corporate social responsibility. The rules

require companies to report on report on environmental, employee, community and

social issues. Large Companies are also required to set and monitor a number of key

Combined Code

Internal Control

Implement

Set the policy

Internal Audit

Review

Annual Report

Risk assessment

Control the environment &

activities

Information &

Communication

Monitoring

Senior Management Commitment

Element A1 _____________________________________________________________________________


performance indicators (KPIs). There must be clear communication to shareholders and

others and directors need to ensure they are kept informed. Despite these rules in 2006

a survey showed that only 16% companies complied with all the reporting requirements.

The stock exchange rules operate in conjunction with:-

� HSC/DETR’s ‘Revitalising Health and Safety’ strategy

� HSC’s ‘Health and Safety in Annual Reports’ guidance

� DTI’s draft OFR and Directors Reports Regulations

A new updated code was published in June 2010, now published by the Financial

Reporting Council , the corporate governance code. However reference is still made to

the original Turnbull report for specific guidance on how to comply.

Part C.2 Risk Management and Internal Control of the June 2010 Code Extract The board is responsible for determining the nature and extent of the significant risks it is willing to take in achieving its strategic objectives. The board should maintain sound risk management and internal control systems. Code Provision C.2.1 The board should, at least annually, conduct a review of the effectiveness of the company’s risk management and internal control systems and should report to shareholders that they have done so. The review should cover all material controls, including financial, operational and compliance controls. C.3 Audit Committee and Auditors16 The board should establish formal and transparent arrangements for considering how they should apply the corporate reporting and risk management and internal control principles and for maintaining an appropriate relationship with the company’s auditor. Code Provisions C.3.1 The board should establish an audit committee of at least three, or in the case of smaller companies two independent non-executive directors. In smaller companies the company chairman may be a member of, but not chair, the committee in addition to the independent non-executive directors, provided he or she was considered independent on appointment as chairman. The board should satisfy itself that at least one member of the audit committee has recent and relevant financial experience. C.3.2 The main role and responsibilities of the audit committee should be set out in written terms of reference19 and should include:

• to monitor the integrity of the financial statements of the company and any formal announcements relating to the company’s financial performance, reviewing significant financial reporting judgements contained in them;

• to review the company’s internal financial controls and, unless expressly addressed by a separate board risk committee composed of independent directors, or by the board itself, to review the company’s internal control and risk management systems;

• to monitor and review the effectiveness of the company’s internal audit function;

Element A1 _____________________________________________________________________________


• to make recommendations to the board, for it to put to the shareholders for their approval in general meeting, in relation to the appointment, re-appointment and removal of the external auditor and to approve the remuneration and terms of engagement of the external auditor;

• to review and monitor the external auditor’s independence and objectivity and the effectiveness of the audit process, taking into consideration relevant UK professional and regulatory requirements;

• to develop and implement policy on the engagement of the external auditor to supply non-audit services, taking into account relevant ethical guidance regarding the provision of non-audit services by the external audit firm, and to report to the board, identifying any matters in respect of which it considers that action or improvement is needed and making recommendations as to the steps to be taken.

The Turnbull guidance suggests means of applying this part of the Code. Copies are available at www.frc.org.uk/corporate/internalcontrol.cfm. The FRC Guidance on Audit Committees suggests means of applying this part of the Code. Copies are available at: http://www.frc.org.uk/corporate/auditcommittees.cfm. C.3.3 The terms of reference of the audit committee, including its role and the authority delegated to it by the board, should be made available. A separate section of the annual report should describe the work of the committee in discharging those responsibilities. C.3.4 The audit committee should review arrangements by which staff of the company may, in confidence, raise concerns about possible improprieties in matters of financial reporting or other matters. The audit committee’s objective should be to ensure that arrangements are in place for the proportionate and independent investigation of such matters and for appropriate follow-up action. C.3.5 The audit committee should monitor and review the effectiveness of the internal audit activities. Where there is no internal audit function, the audit committee should consider annually whether there is a need for an internal audit function and make a recommendation to the board, and the reasons for the absence of such a function should be explained in the relevant section of the annual report. C.3.6 The audit committee should have primary responsibility for making a recommendation on the appointment, reappointment and removal of the external auditor. If the board does not accept the audit committee’s recommendation, it should include in the annual report, and in any papers recommending appointment or re-appointment, a statement from the audit committee explaining the recommendation and should set out reasons why the board has taken a different position. C.3.7 The annual report should explain to shareholders how, if the auditor provides non-audit services, auditor objectivity and independence is safeguarded.

Element A1 _____________________________________________________________________________


Meeting the Requirements

The internal control system should ensure that: -

• The business is able to respond to business, operation and financial compliance

issues

• External and internal reporting is maintained

• Legal compliance is maintained

Consideration must be given to how the risk will be established and assessed, the

measures required to reduce these risks and the costs and benefits involved. The focus

of this requirement is on the monitoring and following up of action to ensure it has been

completed.

The Turnbull report requires the Board of the company to carry out an annual review

and make a public statement on its systems of control. This should take into account

any changes in the significant risks since the last annual report, how the risks have

been monitored, the means for the communication of monitoring to the board, details of

any significant problems or failings which have occurred and have presented a risk to

the company or its position.

Internal Control - Extract From Guidance for Directors on the Combined Code – Issued by the Institute of Chartered Accountants & by The London Stock Exchange (Turnbull report) a. Internal control requirements of the Combined Code This provides guidance to assist listed companies to implement the requirements in the Code relating to internal control. “The board should maintain a sound system of internal control to safeguard shareholders’ investment and the company’s assets’. ‘The directors should, at least annually, conduct a review of the effectiveness of the group’s system of internal control and should report to shareholders that they have done so. The review should cover all controls, including financial, operational and compliance controls and risk management’. ‘Companies which do not have an internal audit function should from time to time review the need for one’. Paragraph 12.43A of the London Stock Exchange Listing Rules states that ‘in the case of a company incorporated in the United Kingdom, the following additional items must be included in its annual report and accounts: - a narrative statement of how it has applied the principles of risk management, providing explanation which enables its shareholders to evaluate how the principles have been applied; - a statement as to whether or not it has complied throughout the accounting period with the Code or reasons for non compliance’. The Preamble to the Code, which is appended to the Listing Rules, makes it clear that there is no prescribed form or content for the statement setting out how the various principles in the Code have been applied. The intention is that companies should have a free hand to explain their governance policies in the light of the principles, including any special circumstances which have led to non conformances.

Element A1 _____________________________________________________________________________


The guidance in this document should be followed by boards of listed companies in:

• assessing how the company has applied Code principles

• implementing the requirements of Code

• reporting on these matters to shareholders in the annual report and accounts. A company’s system of internal control has a key role in the management of risks that are significant to the fulfillment of its business objectives. A sound system of internal control contributes to safeguarding the shareholders’ investment and the company’s assets. A company’s objectives, its internal organisation and the environment in which it operates are continually evolving and, as a result, the risks it faces are continually changing. A sound system of internal control therefore depends on a thorough and regular evaluation of the nature and extent of the risks to which the company is exposed. Since profits are, in part, the reward for successful risk taking in business, the purpose of internal control is to help manage and control risk appropriately rather than to eliminate it. b. Maintaining a sound system of internal control The board of directors is responsible for the company’s system of internal control. It should set appropriate policies on internal control and seek regular assurance that will enable it to satisfy itself that the system is functioning effectively. In determining its policies with regard to internal control, and thereby assessing what constitutes a sound system of internal control, the board’s deliberations should include consideration of the following factors:

• the nature and extent of the risks facing the company;

• the extent and categories of risk which it regards as acceptable for the company to bear;

• the likelihood of the risks concerned materializing;

• the company’s ability to reduce the incidence and impact on the business of risks that do materialise; and

• the costs of operating particular controls relative to the benefit thereby obtained in managing the related risks.

It is the role of management to implement board policies on risk and control. In fulfilling its responsibilities, management should identify and evaluate the risks faced by the company for consideration by the board and design, operate and monitor a suitable system of internal control which implements the policies adopted by the board. All employees have some responsibility for internal control as part of their accountability for achieving objectives. They, collectively, should have the necessary knowledge, skills, information and authority to establish, operate and monitor the system of internal control. The system of internal control should:

• be embedded in the operations of the company and form part of its culture;

• be capable of responding quickly to evolving risks to the business arising from factors within the company and to changes in the business environment; and includes procedures for reporting immediately to appropriate levels of management any significant control failings or weaknesses that are identified

• together with details of corrective action being undertaken.

Element A1 _____________________________________________________________________________


c. Reviewing the effectiveness of internal control Reviewing the effectiveness of internal control is an essential part of the board’s responsibilities. The board will need to form its own view on effectiveness after due and careful enquiry based on the information and assurances provided to it. Management is accountable to the board for monitoring the system of internal control and for providing assurance to the board that it has done so. d. Internal audit The Code states that companies which do not have an internal audit function should from time to time review the need for one. e. Information and communication Do management and the board receive timely, relevant and reliable reports on progress against business objectives and the related risks that provide them with the information, from inside and outside the company, needed for decision-making and management review purposes?

• Are information needs and related information systems reassessed as objectives and related risks change or as reporting deficiencies are identified?

• Are periodic there effective reporting procedures, including half-yearly and annual reporting?

• Are there established channels of communication for individuals to report suspected breaches of laws or regulations or other improprieties?

f. Annual Report Provision Incorporated companies must include risk management issues in their annual accounts/report. This will need to include:-

� A statement on risk management � How this has been applied � Any serious non compliances � Any special circumstances which have led to these non conformances � Changes since last assessment � Quality of monitoring/audit findings � Significant failings � Effectiveness of communication both internal & external

Element A1 _____________________________________________________________________________


1.3 SAFETY MANAGEMENT SYSTEM REVIEWED

A typical management system may actually appear to revolve around:-

� Problem occurs

� Panic

� Do – take some action

� Cry when things do not work out

There are a variety of reasons for implementing a safety or risk management system

within an organisation:-

Legal - The Management of Health and Safety at Work Regs 1999 (as amended)

“Regulation 5 Health & Safety Arrangements - Every employer shall make

appropriate arrangements for the effective planning, organisation, control,

monitoring and review of safety arrangements within the organisation.”

To assist in meeting legal requirements – e.g. on corporate manslaughter and H&S.

They may assist in ensuring legal standards are completed.

The London Stock Exchange – The stock exchange requires listed companies to meet

their code of practice, this requires the adoption of a risk management approach.

PR Image – the company may wish to demonstrate openly that it is taking risk and

safety issues seriously.

Customers/Clients – Many customers and clients will be asking for information on how

the organisation is managing risk.

Costs – the costs of accidents and ill health is still rising, these issues need to be

controlled effectively.

Current legislation – The threat of fines and notices exists for companies who refuse

to comply.

There are many different systems based on different standards, some covering health

and safety, quality and risk or the environment. They are all based around Think – Do –

Check - Act.

ISO 9001 – Quality systems

ISO 14001 – The Environmental Management System, 14004 General guidelines,

14010 Guidelines for environmental auditing general principles & 14011 –

Environmental audit.

BS8800 – This is not a certifiable or accreditable standard but provides a thorough

framework for setting health and safety standards and then measuring in a variety of

ways to ensure their effectiveness. These principles have been adopted within

OHSAS18001 which is accreditable to a set standard.

Element A1 _____________________________________________________________________________


OHSAS 18001 – This is a system for occupational health and safety, it is not a British

standard but certification through accredited bodies can be obtained. This is compatible

with ISO 9001 and ISO 14001 and is internationally recognised and as such suitable for

multinational organisations who wish to use one standard throughout their organisation

wherever it is based.

HSG65 – This is the safety management system devised by the HSE and is published

as a guidance note. Compliance with it is not mandatory but it does set out a common

sense approach to managing safely within any workplace.

1.3.1. INTRODUCING HSG65*

The stages of setting up a safety management structure are outlined in the HSE

guidance note HSG65, this offers practical guidance on the key steps in the process. It

is not legally enforceable as it is guidance but it can be used to comply with Regulation

5 of the Management of Health & Safety at Work Regs which require :-

Setting the Policy

Typically, the initial phase of developing an OSH management system involves the establishment of a corporate policy towards occupational health & safety. The OSH policy should be specific to the organisation, and to both its size and the nature of its activities. Ideally the policy will be aligned with human resource policies which identify people as the key resource within an organisation. Some features of a good OSH policy are described below:

• The policy should show that leadership in OSH will come from the very top of the organisation. Further to this, it should make it clear that management of the health & safety aspects of their function is an integral part of every manager’s role.

• The policy should show that the company are not merely concerned with meeting the requirements of legislation, but that a standard of performance will be set which is aimed at securing the health and well being of all employees. If the stated target for an organisation is simply to meet legislative requirements, then failure to meet the organisational aims means, by definition, that the law is also being breached.

Organising

Planning and Implementing

Measuring Performance

Policy

Reviewing Performance

Auditing

Element A1 _____________________________________________________________________________


However, if the organisation sets a target for performance above the legal minimum, then shortfall in performance (which is fairly likely in the early days of operating such a system) is less likely to lead to breach of statute.

• In relation to health & safety risks to persons other than employees, the policy should demonstrate that the organisation is concerned about the total impact of its undertaking, insofar as it affects not only its own employees, but also workers in co-operating undertakings, contractors, visitors and the public at large. Such statements of social responsibility should be common to all aspects of the organisation’s impacts, including environmental, employment of overseas labour etc.

• Finally an undertaking to aim for continual improvement is an acceptance that the organisation will always have scope for improving its performance, and that the issue must be continually kept under review so that both defects in the system and opportunities for improvement can be identified.

Organising for health & safety Organising for safety entails the creation of a robust framework for management activity and the specifying of the responsibilities and relationships that are necessary to enable the OSH management system to function effectively. An essential element of this is consideration of the organisation’s safety culture. The importance of ensuring that an appropriate safety culture exists within the organisation before attempting to implement an OSH management system cannot be over-emphasized. HSG65 uses the following useful definition of a safety culture. “The shared common knowledge, or culture unique to each organisation shapes the way it deals with health and safety issues. This culture may take years to mature but it bears on all aspects of work, affecting individual and group behaviour, job design and the planning and execution of work activities. Evidence indicates that successful companies have developed positive cultures which promote safe and healthy working” Four pre-requisite elements are necessary to ensure the success of an OSH management system, each of which are interrelated. They are:

• Control – establishing control begins with getting all managers to take responsibility for health and safety, and being clear as how to exercise their responsibilities. Only then can all employees be given clear direction on health & safety issues. However, the emphasis must be on a collective effort to develop and maintain control systems, rather than controlling by allocating blame after the event.

An essential element of control is supervision. The degree of supervision necessary will vary from job to job, and will depend on a number of factors, such as the safety-criticality of the work and the competence and ability of the workforce. This will largely be determined through the risk assessment process – what is important is that supervision is planned, and does not just occur on an ad hoc basis.

• Co-operation – for health & safety to be everybody’s business it is necessary that

worker participation and involvement is a part of the process. Not only does this allow the best use of the organisation’s assets of knowledge and experience, but it also promotes ownership in the resulting control procedures, making compliance more likely.

Element A1 _____________________________________________________________________________


It is a legal requirement for all employees in Great Britain to be consulted on matters which may affect their health & safety. If there is a recognized trade union, then safety representatives may be appointed under the Safety Representatives and Safety Committees Regulations 1977, and they will act as the vehicle for consultation for the employees they represent. In other cases where there is no recognized trade union, then employees must be consulted, either directly or through elected representatives, under the Health & Safety (Consultation with Employees) Regulations 1996. However, these regulations only provide for employee involvement on a limited basis. Wider involvement of employees can be achieved by means such as:

o Involvement of all affected parties in the risk assessment process. Risk assessments carried out by the safety advisor, or worse, by an external consultant, without consultation and involvement of the people affected by the hazards often result in risk control measures which are not readily accepted.

o Broader-based safety committees which consider wider issues of

planning and reviewing performance than the traditional safety committee which often limits discussion to accident investigations and statistics.

o Involvement of all workers in performance monitoring, such as

behavioural safety observation, where employees look for pre-determined undesirable behaviours, and the ratio of observations where undesirable behaviours to the total number of observations is determined. Such methods are particularly useful in assessing the effectiveness of new control systems or training interventions.

o Formation of ad hoc problem solving teams to look at a particular

problem, for example, following an accident or incident.

o Safety circles (similar to quality circles) where groups of employees from various part and levels of the organisation discuss safety issues and feedback to the management.

• Communication – Effective communication means ensuring that the message received is the same as one which the sender intended to communicate. Poor communication is a problem for organisations not only with respect to health & safety, but in all aspects of management. In terms of health & safety, effective systems are needed to manage information:

o coming into the organisation – such as information on legal

developments, technical developments and developments in safety management practice;

o flowing within the organisation – both formal and informal means are

important to communicate not only the physical procedures, accident reports etc, but also the vision and beliefs of the organisation, especially the commitment of senior management. To this end, not only is it important to have a high standard of written communication, but also there must be positive visible communication, which means, in particular, senior managers leading by example. The means of disseminating information within the organisation is also critical, so that employees may readily obtain the right information at the right time. Many organisations

Element A1 _____________________________________________________________________________


now use a corporate intranet as the primary means of distributing health & safety information.

o going out of the organisation – an organisation may need to pass health

& safety to others, such as the enforcing authorities, customers, and potential customers. It is imperative that these contacts successfully covey the organisation’s policy, commitment, procedures and standard of performance - demands on an organisation to produce comprehensive and meaningful information on its’ management systems and performance are increasing, particularly from potential clients.

• Competence – having a competent workforce in terms of health & safety is a prerequisite for having a successful OSH management system. The need for competence is stated in many health & safety regulations, as well as the primary Act. However, competence is a broad concept, and includes attitudes, as well as skills and knowledge. An organisation needs to be aware of what competence its employees need to have, and importantly, what competence its contractors need to have. It will be necessary to have effective and comprehensive systems & arrangements to manage competence within the organisation. These arrangements may include:

o Recruitment procedures which are sufficiently sophisticated to ensure

that prospective employees (including managers) have the necessary physical and mental capabilities to carry out their job safely, or have the aptitude to acquire them through training and experience.

o Systems to identify training needs – either at the organisational,

functional or individual level. These needs may arise from recruitment or due to the introduction of new processes, substances or technologies. The training need process is closely linked with the risk assessment process. It will consider the need for refresher training, and other means of maintaining levels of competence.

o Means of identifying the competence requirements for non-employees,

such as contractors.

o Resources and arrangements to ensure that information, instruction and training is delivered so as to meet to foregoing needs.

o Arrangements to ensure continuity during absence, so that competent

staff can provide cover, particularly in safety-critical roles.

Planning and Implementing the system

The ultimate purpose of the OSH management system is to prevent the occurrence of

injury and ill health as a result of the organisation’s undertaking. The system should

therefore:

• Support a method of identifying hazards within the organisation, and describing the level of risk presented by each hazard

• Enable a process of systematically analysing each hazard to determine an appropriate method of controlling it

Element A1 _____________________________________________________________________________


• Support the continued application of the selected controls

• Monitor the application of the controls to determine a) their continued appropriateness, and b) their effectiveness

• Include a feedback system to allow an effective response to the monitoring activities.

The basis for determining the first three of these items is the risk assessment process. The process for carrying out risk assessments and the legal requirement to do so are dealt with elsewhere. In terms of ensuring the success of the management system in general, it is critical that the risk assessment process is carried out effectively. The following should be considered:

• The risk assessment is a management decision tool which should provide a cost-effective solution to identifiable risks to the organisation. It must be accepted by the senior and line management as such, and not simply as a paper exercise necessary to satisfy a legal requirement. The management training described earlier to induce a positive safety culture must emphasize this point in particular.

• The process must be tailored to the particular requirements demanded by the situation. For example, an organisation whose employees are solely involved in office work would need a different mechanism for risk assessment from a construction company whose work is both high-risk and highly variable.

• The risk assessment should generally not be an exercise carried out solely by the organisation’s safety advisor. Whilst they will be involved in the development of the process, and provide support to it, the actual assessment is best carried out by those most affected by its outcome, i.e. the immediate managers, supervisors, and those carrying out the task in question. Principal responsibility for ensuring that the assessments are effectively carried out should fall to someone of some management seniority, but who has direct control over the task/process being assessed.

• Comprehensive training should be provided to everyone involved in the risk assessment process.

The hierarchy of control is a well-known principle of safety management, which is reflected by the requirements of regulation 4 of the Management of Health & Safety at Work Regulations 1999. The hierarchy broadly states that any risks identified by the risk assessment process should be avoided in possible, and if not dealt with by engineering means. Only if such an approach is not reasonably practicable should people-orientated controls, such as the use of personal protective equipment (PPE) be used. However, it is a common feature of risk assessments that PPE is the first, last and only control considered. The risk assessment process and any associated training should ensure that the hierarchy is properly explored in each case, so that the controls finally decided upon can be fully justified.

Measuring performance

This can be done reactively after accidents and actively via workplace inspections,

which will be explored in later course elements.

Reviewing performance

This enables the company to learn from experience. Reviews of risk assessments,

policies, procedures, permits to work can all help identify if any improvements are

required.

Element A1 _____________________________________________________________________________


Auditing

This is a systematic and independent view of the health and safety performance of an

organisation. In the context of auditing, "independent" means independent of the line

management being audited. As with reviews, audits should cover all aspects of health

and safety performance.

HSG65, as it is commonly referred to, was first published in 1991 by the HSE as a practical guide to safety management. Although it is not a legal requirement to follow HSG65, the HSE often refer to it as good practice in safety management, and in some respects it goes beyond what is strictly required by law. The guidance contained within HSG65 is more extensive than any of the other documents examined here, and approaches the management of health and safety within organisations as one of the core business requirements – much of the language used in the guidance will be familiar to students of general management techniques, such as Total Quality Management (TQM). Whilst there is no certification available to companies which follow HSG65, its importance should not be underestimated, as this document forms the framework within which HSE inspectors will judge the safety management arrangements of organisations. This document provides useful advice on the implementation of an OSH management system, even if an organisation decides to base its system on another specification.

1.3.2 BS8800: 2004 – GUIDE TO OCCUPATIONAL HEALTH & SAFETY

MANAGEMENT SYSTEMS The quality standard ISO 9000 may be amended to include some H&S issues but at the moment there are two standard H&S management systems which comply with BS8800. This standard considers the main elements of a health and safety management system such as HSG65 but explores each section in more detail giving specific and often measurable issues which can be adopted to develop a true health and safety culture. Unlike other British Standard 8800 cannot at the moment be accredited by the British Standards Institute (BSI). However in the next few years the standards may be linked with other international standards - which may mean they change again. Rather than being a standard for certification, this standard provides guidance on the content of an OSH management system, and also on the implementation of such a system. BS8800:2004 has been used as the basis of many specifications and standards, particularly those developed by the independent certification companies. Unusually, it bases its guidance on two existing approaches, one based on HSG65 and one based on the environmental standard ISO14001. As well as describing the elements of an OSH management system, this standard includes large informative annexes which, as well as detailing the links between BS8800 and the ISO quality & environmental standards, give considerable guidance on the activities which form part of an OSH management system. These include such things as a generalized risk assessment methodology and examples of performance measurement techniques.

Element A1 _____________________________________________________________________________


Stage 1 - Status Review

The concept of the initial status review derives from ISO 14001. It is based on the philosophy of “before we can decide where we are going, we need to know where we are”. Hence such as review will aim to accurately identify all the drivers which affect health & safety in the organisation, as well as all the relevant legislation and standards that apply. The review will also analyze the current arrangements for health & safety in order to establish a baseline for measuring future progress, and for identifying the scale of the task ahead. An approach to this would be to audit the current arrangements against the chosen standard, guide etc. Other systems, which do not have an initial status review phase, normally incorporate similar activities within the planning phase of system implementation.

The initial review is based on identifying relevant legal requirements, any gaps and

developing an action plan which aims to meet all the relevant clauses of the standard.

Stage 2 - Set the Policy

• Define accountability, responsibility

• How are interfaces between departments dealt with - I'm not responsible for that!!!

• Competency

• Training needs

Stage 3 – Planning

• This should aim to bring about change in the organisation, change plans.

• "No evidence of anyone at the helm while staff were kept swabbing the decks"

• Business planning

• Management objectives

• Top level and sub level plans needed

• Consider changeover time period from one system to another

Stage 4 – Implementation and Operation

• Making change in practice

• Operation - in the new way

• Continuous Improvement Process - continuous loop

• Corrective Action - signed off and responded to - even if negatively

Stage 5 – Checking and Corrective Action (See element also A3)

• Measure inputs and outputs

• Audit process needs to be defined

• Formal process from start to end

The emphasis is that safety should start with the business’ objectives for the year, any

health and safety action should be led from there.

Performance measurement may either be reactive or active (pro-active). Reactive

monitoring data (e.g. accident investigation reports and statistics) helps risk assessors

Element A1 _____________________________________________________________________________


to make judgements on the likelihood and consequences of hazardous events within

their organisation, and select appropriate controls. Pro-active monitoring data is used to

monitor compliance with risk controls. Pro-active and reactive monitoring are therefore

complimentary activities.

Stage 6 – Management Review

A management review will normally be held at least annually to review the SMS to ensure its continuing suitability for the needs of the business and its adequacy and effectiveness. The meeting will also set and review progress on H&S targets and objectives. The results of internal audits, inspections and other monitoring results should be provided to the board or senior management team. The agenda of the management review should include the following items:

• Review of actions raised at the previous meeting

• Review of H&S performance (audit results/ non conformances / incidents/ Site

inspections/external audits)

• Conformation of preventative actions required to rectify issues raised

• Review of progress towards targets and objectives

• Review of policy statement

• Review of SMS (to ensure still applicable to business)

• Setting of new targets

• Improvement action plans – for each business

• Review of health and safety training

• Changes to the circumstances including developments in legal and other

requirements

• Confirmation of legal compliance

Element A1 _____________________________________________________________________________


1.3.3 OHSAS 18001

BSI Occupational

Health & Safety

Assessment Series

OHSAS18001:2007

Occupational

Health and Safety

Management

Systems –

Specification

The British Standards Institution (BSI) as a member body of ISO have several times launched proposals for technical activity in the field of occupational health and safety management with a view to developing an ISO standard for OSH management systems which would be the equivalent to the ISO standards for quality and environmental management, ISO 9000 series and ISO 14000 series. There was strong international opposition, and the BSI proposals failed in favour of the ILO work, which ultimately resulted in the ILO-OSH guideline discussed previously. However, customer demand for a recognizable OSH management system specification which enabled assessment and certification of an organisation’s management system lead the BSI to produce OHSAS 18001. The OHSAS 18001 standard includes the principles laid down in BS 8800:2007, but during its drafting also referenced standards from other countries.

OHSAS 18001 was created via the concerted effort from a number of the worlds leading

national standards bodies, certification bodies, and specialist consultancies. A main

driver for this was to try to remove confusion in the workplace from the proliferation of

certifiable OH&S. specifications.

As perhaps would be expected, a number of older documents were used in the creation

process. These included:

• BS8800:1996 Guide to occupational health and safety management systems

• Technical Report NPR 5001: 1997 Guide to an occupational health and safety

management system

• SGS & ISMOL ISA 2000:1997 Requirements for Safety and Health

Management Systems

Initial StatusReview

OHS policy

Planning

Implementationand operation

Checking &corrective

action

Management

review

Continual

improvement

Element A1 _____________________________________________________________________________


OHSAS 18001 was a specification produced by several organisations (both from the UK and internationally), it uses the system model from ISO 14001 model. As a specification, OHSAS 18001 lists a number of management system requirements using ‘shall’ statements such as ‘the organisation shall establish and maintain documented health and safety objectives, at each relevant function and level within the organisation’. OHSAS 18002 was originally produced in 2000, it provides generic guideance on the application of 18001. The document describes the intent, typical inputs, processes and typcial outputs, againest each requirement of 18001, its purpose is to aid the understanding and implementation of OHSAS 18001.

The OHSAS 18001 Specification follows the Plan-Do-Check-Review cycle, with an

emphasis on continual improvement. The following steps form the basic structure of

the management system and link into the structure of OHSAS 18001.

• Review

• Plan

• Implement a Health and Safety Management System

• Check the management system and take any necessary corrective action

• Gain registration

• Continual assessment

a. Application And Benefits

The OHSAS specification is applicable to any organisation that wishes to:

• Establish an OH&S management system to eliminate or minimise risk to

employees and other interested parties who may be exposed to OH&S risks

associated with its activities

• Implement, maintain and continually improve an OH&S management system

• Assure itself of its conformance with its stated OH&S policy

• Demonstrate such conformance to others

• Seek certification/registration of its OH&S management system by an external

organisation

• Make a self-determination and declaration of conformance with this OHSAS

specification.

b. Design of the OHSAS 18001 Management System

The OHSAS 18001 Specification follows the Plan-Do-Check-Review cycle, with a

concurrent emphasis on continual improvement. This model fits in neatly with the

structure of other management system documents such as ISO 14001. This alignment

of the management system documents helps in the facilitation of Integrated

Management Systems.

Element A1 _____________________________________________________________________________


c. 18001 Clauses

OHSAS 18001 Clause

Description

4.1 General requirements

4.2 OH&S policy

4.3 Planning

4.3.1 Planning for hazard identification, risk assessment and risk control

4.3.2 Legal & other requirements

4.3.3 Objectives

4.3.4 OH&S management programme

4.4 Implementation and operation

4.4.1 Structure and responsibility

4.4.2 Training, awareness and competence

4.4.3 Consultation and communication

4.4.4 Documentation

4.4.5 Document and data control

4.4.6 Operational control

4.4.7 Emergency preparedness and response

4.5 Checking and corrective action

4.5.1 Performance measurement and monitoring

4.5.2 Accidents, incidents, non-conformances and corrective and preventive action

4.5.3 Records and records management

4.5.4 Audit

4.6 Management review

element a1 introducing the principles of …...element a1 _____ © cambridge safety, nebosh diploma...

Documents