Risk Matters - January 2018

FROM CHALLENGER in 1986, Hillsborough in 1989, Potters Bar in 2002 to Deepwater Horizon in 2010 the real-world application of risk management became diluted over time. Early indications are that the Grenfell Tower tragedy shares all these factors but was also fundamentally different. As each new piece of information emerges, we are building up a picture of what happens when decisions about safeguarding people are taken by removing those people from the risk equation. Above all, Grenfell demonstrates a catastrophic failure of collective culture.

For decades, successive governments have focused on the potential benefits of deregulation, culminating in the Coalition’s ‘one in, two out’ announcement in 2012. This required that every new regulation that imposes a new financial burden on businesses and voluntary organisations must be offset by reductions in ‘red tape’ that save double the cost. 

Regulation cannot exist in a vacuum, isolated from the practical and individual contexts within which it operates. The more complex the context, the more vital this becomes. The journey to Grenfell was particularly complex, including a major external refurbishment that altered previous fire safety arrangements, internal fire safety and exit issues, the safety advice given to residents, access for the emergency services and the inherent complexities of joining-up the various responsibilities that attach to shared spaces.

The confusion caused by this reductionist approach has been illustrated by the wave of commentary, about what was legal and what wasn’t. Regulation works when it is grounded in context, rather than solely in law. Post- Brexit, organisations and risk specialists will need to be alert to more than just the dangers of a potential regulatory race- to–the- bottom. We will also need to remind legislators that regulation is only one piece of the safeguarding process – and can only ever be meaningful when interpreted using risk-based judgement. 

Value of information

Getting this holistic understanding of the context of risks involves actively seeking information from a number of sources – both for completeness and to avoid the dangers of Groupthink. Yet it appears that grassroots warnings about Grenfell were systematically excluded from decision-makers’ thinking. Grenfell’s residents group had repeatedly warned Kensington and Chelsea Council, as well as their landlord, the Kensington and Chelsea Tenant Management Organisation (KCTMO), about fire and other health and safety risks. 

These warnings were not acted on; indeed, the council had previously threatened one blogger with legal action. Valuing information about risk from everyone in a hierarchy – and empowering them to provide it – is one of the most powerful and effective tools any organisation has to reduce risk. 

Rather than shutting out these warnings, they could have been treated as valuable sources of information. That they weren’t, speaks directly to a culture that residents were seen as a nuisance, rather than a resource. They were cut out of the risk management process when they should have been at its centre.

But did an under-developed culture and approach to risk management mean those with responsibility for implementing fire safety saw the fire brigade’s requirements as just another regulatory hurdle to overcome? 

The independent inquiry into the Grenfell tragedy will take months, and possibly years, to report. We cannot wait until then. Some things we already know. Everyone should be involved in ‘risk management’, from design and construction professionals to civic leaders, planners,  insurers, procurers, inspectors, approvers and installers needs to expand their view of what competent means. We must move away from a narrow culture of compliance towards one where everyone working in risk is equipped, allowed and encouraged to educate all stakeholders involved to identify wider risks, challenge Groupthink and ensure that the views of key stakeholders are not just listened to, but actively sought.

IIRSM is working hard to increase the understanding and competence in the management of risk across industry, governments and society. IIRSM’s managing risk course is a good place to start. It emphasises that everyone within an organisation is responsible for managing risks, no matter their role or where they are within the hierarchy – they all play a vital part of the risk management process. 

You can read more from IIRSM and find out about our training and events, including the fire risk workshops planned for 2018, by visiting www.iirsm.org