How to get Health & Safety Assurance right

Jon Slade, Director at Campbell Tickell, discusses how to get Health & Safety Assurance right within your organisation.

Here at Campbell Tickell we are healthily obsessed with assurance.

We work on the subject from a range of angles: when advising on risk management and assurance frameworks; in IDA preparations; when reviewing services; when designing new service models; and when evaluating governance structures/mechanisms or Board skills and performance.

For many years, achieving and maintaining compliance on Health and Safety (H&S) matters has been relatively high up the list of corporate priorities. The tragic events at Grenfell have increased the focus on H&S even further. Almost without exception, performance reporting will be in place as will a service infrastructure designed to manage key H&S risks.

But it is also the case that when we look at how Board’s take assurance that H&S is being sufficiently well-managed, it is not uncommon that we find one or more of:

  • “That’s dealt with in Audit and Risk Committee”;
  • The mistaken belief that going through things in detail equates to assurance being taken;
  • Poorly described risks e.g.: ‘Gas boiler not serviced’ not a risk but ‘Loss of life arising from un-serviced gas installation’ is;
  • The same small number of people talking on technical subject matter.

A model

So what do we say about how a Board gains assurance on H&S matters?

CT applies a simple, straightforward approach, which covers all assurance activity. While the potential negative H&S outcomes may be worse, the approach to gaining assurance is the same.

Put simply, controls are the range of things you do to manage risks. And assurance is seeking evidence that the controls are working effectively. Of course there are layers. You need to:

  • Identify the right risks;
  • Describe them well;
  • Identify the right controls that truly reduce the likelihood or impact of that risk crystallising;
  • Ensure appropriate quality of people, process and performance within the controls;
  • Have an appropriate degree of scrutiny of the controls within your assurance framework (internal and external audit plus other sources of assurance);
  •  And evaluate that scrutiny to gain assurance.

Though the model is simple, it requires appropriate capabilities and understanding at a range of levels to achieve a framework populated, operated, monitored and scrutinised, such that sufficient assurance is taken. At CT, we see a number of challenges in this area.

1. Risk maps alone do not guarantee assurance

Perhaps the most pervasive challenge each organisation needs to overcome is when ‘good enough’ and ‘not good enough’ look superficially similar.

It is not uncommon for us to be directed to the mere existence of a populated corporate risk map, audit reports and minutes of audit committee meetings as evidence of assurance. But when we look within the framework, we find one or more of poorly described risks, incomplete controls, weak scrutiny of the controls and minutes that demonstrate consideration of lots of detail, but do not demonstrate evidence of the existence of assurance. On occasions we find organisations relying on the existence of an external assurance report as sufficient, even when the content of the report delivers weak or limited assurance.

2. Do more than ‘monitor’

An error we often see is ‘monitoring’ quoted as a method of controlling risk. Keeping an eye on something is not capable of influencing whether that thing happens or worsens. This is an example of a small misunderstanding which, particularly if compounded by other small misunderstandings, can potentially have negative outcomes.

3. The role of the board

While the vast majority of work to achieve assurance is conducted by officers and suppliers, the role of the Board is crucial. A key skill is the ability to enquire on technical subject matters when you are not a technical expert. And the key questions are ‘How are we assured that…?’ and ‘Where’s the evidence?’.

Remember, it is reasonable to hold officers to account to make things understandable. If you are blinded by science, what may you have missed?

A short blog can never do more than scratch the surface of these intertwining issues of Health and Safety and Assurance. If you have further questions or an issue you would like to discuss please get in touch.

Email: jon.slade@campbelltickell.com

 

About us

Campbell Tickell is an established multi-disciplinary management and recruitment consultancy, operating across the UK and Ireland, focusing on the housing, social care, local government, sport, leisure, charity and voluntary sectors.

We are a values-based business and firmly place the positioning of our support and challenge on helping organisations to attain change that is well thought through, planned and sustainable. At CT, we want to help organisations create the landscape within which we ourselves would like to exist: fair, inclusive, diverse, engaged and transparent. We build from our values in how we approach all our work as a practice.

Find out more about CT’s Risk, Audit & Assurance Services.