Why a risk-based approach to compliance involves not meeting all regulatory obligations around occupational health and safety
The occupational health and safety regulatory environment is vast and overbearing, so attempts to be 100% compliant can hinder best practice risk management.
Michael Tooma, partner and head of occupational health safety and security, Asia-Pacific, Norton Rose Fulbright, says people are obsessed with regulation and full compliance.
“We have an obsession around talking about law and compliance,” Tooma said at the RIMS Australia conference in Melbourne this week. “We need to start looking at regulation and compliance a little bit differently.
“In relation to every aspect of our operational requirements, we take risks. Those are measured risks, but when it comes to law we have zero tolerance – we think we must be fully legally compliant.”
Tooma explains that health and safety laws are about 700-800 pages long, just in acts and regulations alone. Then there are company codes of practice too.
“Is it desirable to comply with all laws? Should we actually be building in risk management in our legal compliance strategies?” he asks.
“When you think of those 700 to 800 pages of law in relation to safety, some of them are quite valid. You have got some very specific regulations, dealing with high-risk activities which need to be regulated. Then there are requirements which can be considered nothing more than administrative compliance.
“There is a lot of red tape in terms of how you set-up a committee for health and safety purposes, how often it meets, how it records minutes, and a whole range of reporting and recording-keeping requirements, plus a whole other world of transactional-based regulations,” he says.
Tooma says many firms attempt to achieve a “nirvana of 100% legal compliance”.
“You cannot meet all your obligations effectively and when you try to mobilise your procedures and deal with the vast array of obligations as if they are all of equal importance, then you are going to have a blow-out in the size of your policies and procedures.
“The more that you expect people to do, the less likely they are to do it.
“It is ironic because that obsession to be 100% compliant is what is driving us not to be compliant due to the burdensome system we have built,” he says.
Tooma suggests that firms should take a “risk-based approach” to legal compliance.
“For all the talk of productivity, compliance and law, the actual reality of workplace health and safety is that no inspector comes knocking on your door unless you have had a significant incident. That is usually a fatality or serious near-miss.
“If you spend all your time preventing that event happening, in all likelihood no-one will come knocking on your door to ask you about compliance.
“So rather than being obsessed by the law, do what the law is intending for you to do – protect the health and safety of your people,” he says.
Dr Sarah Jones, group manager for road transport, Toll Group, says the biggest challenge in transport and logistics risk management is ascertaining what exactly is supposed to be done in a legal and regulatory sense around health and safety.
“Compliance is extremely difficult and there is a vast depository of legal risk obligations. The majority of companies in our industry are small businesses and only have one truck,” says Jones.
“So I pose the question: is compliance even possible for the average individual in our industry?”
Andrew Lewin, vice president of safety and security, BHP Biliton, adds that there has been an evolution from full compliance to using risk management as an optimisation tool.
“In the past it seemed like you had to manage all your risks and that drove a lack of optimisation and prioritisation,” says Lewin.
“It is impossible to manage every risk to the same level. You really need to understand what are your biggest risks and optimise them.
“Having legislation which drives you to manage all of those risks just creates issues when you are trying to prioritise risks,” he adds.