Risk assessments generally get a bad press. They are often seen as a chore to get through rather than a valuable element of appraising, monitoring and improving the working environment for everyone, something which is even more relevant in high-tech R&D and manufacturing sites where there is a rapid rate of change of equipment, processes and procedures.
The best risk assessments are those which are done continually as part of normal work programmes so that they don’t become something to dread or, even worse, avoid. Things like safety audits and risk assessments are sometimes seen as being the preserve of the ‘Safety Officer’ rather than being adopted as a collective responsibility; it may seem to some people that risk assessments are done to them rather than themselves being part of the exercise. In practice, the best person to do a risk assessment is the person closest to the task being assessed, as they are sure to know the reality of the situation better than an outsider. Human nature being what it is, however, people don’t see themselves as being ‘expert’ in things outside of their usual remit and this can lead to apathy or ambivalence towards things like safety checks and risk assessments. Hence such tasks can often be seen as someone else’s job simply because we think we are not trained in doing them, even though we may be more suited to them than we think.
The truth is that we all work with risks all the time in our daily lives and we are continually doing risk assessments whether we know it or not. The assessment of risk does not just have to be about work-related activities but almost any decision – buying bread, crossing the road, choosing a pension – involves considering a multitude of factors in order to reach a decision where we believe the risk of it being the wrong decision is minimal, or at least is at a level that we can live with. Risk assessments are therefore, in effect, a way of enabling us to manage risks, since without knowing something about the prevalent risks, one cannot really take appropriate actions to mitigate and minimise those risks. Hence risk assessments, of all kinds, can be seen as an essential part of managing any business activity.
In his very readable book Risk Savvy, Gerd Gigerenzer shows how risks are everywhere, but generally how bad we are at recognising them and, even worse, at understanding or managing them. He also shows how so-called experts can be no better – and are often much worse – than the general public in handling risks (big banks being a recent, and sadly a rather catastrophic, example). Gigerenzer argues that risk-taking is a vital ingredient in any profession and is actually needed for progress but it is often the misunderstanding or poor presentation of risks that can lead to problems. For instance, after the terror attacks of 9/11, travelling by airplanes dropped dramatically in the US and people took more road trips as they thought it would be safer. The perception was that air travel was far riskier than car travel whereas far more people die on the roads than in airplane crashes.
A set of examples which are cited in Risk Savvy relate to how people decide on a particular course of action in any situation where a decision has to be made – according to Gigerenzer there are five different types of approach that people adopt in order to reach decisions. One of these approaches is called ‘satisficing’ - this is where a person assesses a problem and makes a decision when something is at a point which is good enough but not the absolute best that it could be, this being a good practical compromise, balancing the risks between not doing enough or spending far too long on something for little further benefit. So, if you are after trousers and all you want is a black pair, then you can stop as soon as you find black trousers, you don’t have to keep looking in every shop just in case there are better black trousers somewhere else. This is the satisficing approach.
Satisficing can be applied to almost any endeavour: a painting is never finished, it is just that the artist decides to release it to the public at a certain stage; equally once a micro part is acceptable in terms of meeting tolerances, there’s no point in polishing the surface to increasingly higher finishes if this doesn’t make the part any more functional. So, even in our micro manufacturing world, satisficing can be used as a good guiding principle and certainly for suppliers of services, it is a good working rule- of-thumb which most of us already use. Satisficing does not mean making the part to a lesser quality than is required – which, after all, would be unacceptable for both the supplier and the customer – but it means ensuring that sufficient effort is applied but no more (if it does not add anything significant to the final result).
Although applying sufficient and fit- for-purpose effort is nothing new in most businesses, few would regard it as a form of risk management but that is exactly what it turns out be; without sufficient effort there is a risk that the product will not meet the customer’s requirements but with more effort than is needed there is a risk that the production costs will rise and make the work less profitable. In this sense every machine operator, technician, quality-check person, group leader or anyone who makes a practical decision in a company is assessing and managing these risks all the time for the business. They make such decisions routinely and consequently are all experts at risk assessment and risk management, even though they probably would not describe themselves as risk assessment professionals.
As is so often the case, we may be more skilled than we think we are in many areas. Although risk management may not be exciting, it is certainly necessary and, when done well, it can be extremely rewarding.