Client login


blog-img 18

A management system year planner

Posted by Mike Stevens – Client Service Director

Here’s a new year’s resolution for you. How about putting in place an internationally recognised health and safety management system?

What do we mean by “management system”? The International Organization for Standardization (ISO) describe it as “the way in which an organization manages the inter-related parts of its business in order to achieve its objectives”. Those objectives can include product or service quality, operational efficiency, environmental performance and health and safety in the workplace. Most management systems objectives can be summarised though as “the avoidance of costly errors”.

British Standards Institution (BSI) define it as “systematic frameworks designed to manage an organization’s policies, procedures and processes and promote continual improvement within”. BSI quote research suggesting that businesses that adopt and certify to best practice, as outlined in internationally-recognized standards, reap substantial benefits[1]:

  • 75% experienced improved customer service
  • 77% boosted their performance
  • 74% acquired new customers and retained existing clients
  • 44% achieved cost savings


International management systems are based on a variation of the continuous improvement cycle made famous by the theorist W Edwards Deming: “Plan-Do-Check-Act (PDCA). The theory posits that focussing on improving quality by learning from your mistakes leads to greater success than focussing on cost. This was dramatically proven by the application of his theories in Japan, devastated by the second war, but becoming the worlds second largest economy less than two decades later. The application of the theory to health and safety is based on the simple premise that accidents are at least as much an unwanted consequence of business as damaged product and dissatisfied customers.


  • PLAN: a management review, establish objectives and process in accordance with policy
  • DO: Implement process
  • CHECK: Monitor and measure progress against policy objectives and legal requirements and report the results
  • ACT: Act on the results


At the beginning of 2018 the much anticipated and delayed ISO 45001 Occupational health and safety management systems standard was released in final draft form followed a couple of months later by the official introduction. There has been time to digest and process what the new standard means and for organisations certified to OHSAS 18001 there are still two more years to convert. ISO 45001 embeds PDCA and risk-based thinking but probably deviates from previous health and safety management systems in its identification of interested parties and opportunities as well as identifying and managing risks. There is a tendency in health and safety management to be focussed on reactive indicators such as accidents and sickness absence as success factors and not seeing risk analysis as a tool for generating innovation and improvement.

For a great many organisations interested in being certified, the process starts with selecting a consultant and a certification body and commissioning a gap analysis. But that process takes you down a particular road that we think doesn’t actually fit with good business practice. Instead we’d like to suggest to you an alternative.



As many financial years start in spring (matching the start of the tax year on 5th April) and budgets might target capital and operational expenditure for spending in the first quarter, now would be the right time to carry out a review, update your organisational policy and make some health and safety strategic plans.

ISO 45002 indicates that to Plan effectively you need to

decide what the organization wants to achieve (taking into account the needs of interested parties, risks and opportunities”.

This immediately implies that it is necessary to involve more people than just the health and safety practitioners and management. The plan is outward looking It is going to be worth your while aligning the ethos and objectives of the policy with existing values and culture and corporate plans and strategies. Planning might include the concept of an integrated management system approach that embraces other organisational management systems such as ISO 9001 – 2015 Quality Management and ISO 14001 Environmental Management which are fundamentally aligned.  Stakeholder groups may include corporate governance, compliance, risk management and supply chain management and procurement. As companies discover the benefits of implementing more than one management system standard, complexities related to conflicting objectives and duplication of content may arise. The most recent development in management systems is Annex SL. Each new system and all of the existing ones will have the same clause numbering systems. Similar activities in different management systems can share procedures and audits. This leads inevitably to integration; at first as a means to reduce duplication of effort, but eventually because the system data being generated creates opportunities for improvement that a single system on its own may not realise (more about those later). In the words of BSi, an integrated management system helps you to:

  • Audit more than one system at a time to save money and resources
  • Improve overall efficiency, avoid duplication and gain cost savings
  • Reduce risks
  • Expose conflicting objectives
  • Identify and rationalize conflicting responsibilities and relationships
  • Gain a structured balance of authority/power
  • Focus organization onto business goals
  • Create a formalisation of informal systems
  • Harmonize and optimize practice
  • Make it easier to continually improve all your management systems
  • Identify and facilitate staff training and development

The implication was always that a single management system on its own might be hard work but each addition you make has the potential to lighten that overall load if it’s implemented correctly.

Furthermore, one of the Principles of Prevention[2] is

developing a coherent overall prevention policy

The word coherent was included for a good reason. Too often health and safety policy documents, being a legal requirement, are produced by health and safety subject matter experts and practitioners sometimes without the influence of other management functions and can lack coherence. It goes on to say

which covers technology, organization of work, working conditions, social relationships and the influence of factors related to the working environment;

This suggests the involvement and input from many stakeholders that might include production operations, finance and procurement, sales, facilities and human resources, workforce representatives and leadership in order to be truly owned by them all.

Too many health and safety policies can be seen as statements of legal compliance and regurgitate the provisions of law. How does that result in action without any performance standards or performance measurement? It is little wonder most people in organisation have not read their health and safety policy because it isn’t really saying anything. This is in direct contrast to some of the other corporate messaging in organisations. Everyone will know the dress code for example. Health and safety policy should reach the level of integration with business as usual that no one needs to be told if they are doing something safely or not. They just do it.

That’s a long term target.   In the short term our main problem is that some health and safety practitioners haven’t yet reached the Board Room in significant numbers sometimes due to failing to understand where health and safety management fits into the business of the organisation and its Directors. So perhaps practitioners are not influential enough to shape corporate culture and that might be due to failing to understand what is important and how to describe what good looks like for the directing mind of an organisation. Do practitioners battle to be heard, or is it better to work within the existing structures to achieve implementation of health and safety compliance and continuous improvement? In most organisations that are already successful, trying to sponsor continuous improvement is easier.

Corporate cultures were once categorised by the Quinn and Cameron Model as valuing:

  • Adhocracy – valuing dynamism, independence, entrepreneurship, risk taking
  • Hierarchy – valuing structure, control, efficiency, stability
  • Market – valuing results, competition, achievement
  • Clan – valuing family atmosphere, participation and collaboration, mentoring and nurturing

Types A &M tend to be more outward looking and differentiated; whereas Type H & C are inward looking and are integrated. Types A & C will tend to put more importance on flexibility and discretion; whereas Types H & M prefer stability and control.

Therefore if we’re looking for ways to develop our policy, consider the following:

In an Adhocracy, policy should be succinct. Emphasise trust. Provide support for well-planned risk taking. Direct accountability comes with the freedom to decide how to approach risk. Highlight the benefits of pragmatic risk assessment. Have high standards. Challenge people to meet them. Encourage high quality risk analysis and good decision making. Example: For example, imagine writing a policy for Sky

In a Hierarchy the policy should be focussed on roles and responsibilities, with everyone knowing their part and what is required of them. It should have a strong emphasis on procedure and discipline. There should be clarity about who does what and how they are to achieve it. Use organisation charts and strict job descriptions. Don’t leave anyone out.   For example, imagine writing a policy for Boeing

In Market organisations, your policy should play to the competitive instincts. You want to be the best and be an acknowledged leader. Focus on how the best organisations make the fewest mistakes. Align the policy with CSR objectives. Emphasise the reputational benefits for example, imagine writing a policy for Vodafone

In Clans, a policy needs to make people feel valued. You can feel comfortable emphasising the caring and nurturing aspects of health and wellbeing management and the way the policy is there to show you how much your organisation cares for and appreciates you. Openness and trust are your watchwords. For example, imagine writing a policy for The Body Shop

Once you have a style for your policy, think about objectives, targets and performance standards.

The commonest way to think about indicators of performance is either as leading or lagging. A leading indicator might be how many assessments and inspections were carried out against the number defined or agreed. Or how many surveys you did and their results. Or who has had defined and planned training that matches their risk profile. The leading (proactive) indicator therefore is active and investigative. The lagging (reactive) indicator is the measure of everything that has happened to the organisation. It is passive and reactive.

One of the great challenges of health and safety is being able to delve further than accident records; if accidents are the measure – and we appear not to be having any – surely we are doing everything right and there is nowhere we need to go in order to improve? No one in their heart of hearts believes that. But it has been the basis for the zero harm culture that has driven health and safety for many years and is accepted as intuitively right by senior management.

Unfortunately it masks true performance in several ways.

Firstly, lagging indicators: if we don’t attach costs to things that happen, we aren’t really able to compare them with other business data that is costed. Think about the following questions (in terms of measures of performance) and see how much more they are integrated as business data than, say, an accident frequency rate:

  • How much do we pay out in training temporary labour to cover an absent skilled worker?
  • What was the cost in damage and production delays of an incident and which was greater?
  • What types of incident cost us the most in, for example, time to reset equipment?
  • How much of the waste we produce is linked to accidents we’ve had?
  • How many sick absence days are lost to musculoskeletal disorder (MSDs) or stress or dermatitis?

All of the above are reasonable requests from a board of the health and safety professionals they employ. Unfortunately, it seems not all board members are sufficiently curious about these things to ask us. And we practitioners are not always seemingly sophisticated enough to have the answers at our disposal. Hence the terrific value of an integrated management system. It takes some of these performance indicators from quality, operations, health and safety, sustainability, HR and accounts depts and lets them mingle and coalesce. The story you have to tell as a result is more nuanced; it has more finesse. It is more revealing about the nature and culture of your organisation. After all an error in quality is a mistake just like an accident. A person is an asset just as much as machinery is; more so even. When accidents or ill health increase, there is also an increase in waste and loss. Information Security and Business continuity are as much about sustainability and avoiding error as are environmental management quality or health and safety.  Integration opens up vistas of relational data to be exploited.

Second of all, we tend not to make the best use of leading indicators. When thinking about why you inspect a workplace, for example, it is usually in order to identify deviations from a norm. It should also be to provide assurance that plans are being enacted or if discipline is being maintained. Maybe it’s a measure of the work-rate of your health and safety function as well? But one problem here is entropy. We know that conditions in a workplace will deteriorate over time and we must put in work just to maintain a status quo. In other words you’re running to stand still. You can never realistically expect a workplace or operation to stay the same over time.  Plus the law and management system standards require that we review risk assessments, for example, frequently and in the light of significant change. We know that we’ll be revisiting tasks, systems of work, areas, activities, plant etc. on a frequent basis for inspection. But we will often be looking at it the very same way each time. That way our risk management can stagnate. Actually, the very “Hierarchy of Control” that helped us choose the best measures to manage a risk, is also the source of future mediocre risk controls. The Management of Health and Safety at Work Regulations recognised this problem when the Principles of Prevention were included as Schedule 1 to Reg 4. They were meant to inspire an opportunistic tendency: if a chance arose at any stage to reduce a risk, you take it. Don’t wait around for the next scheduled review.  This opens the door for a “continuous improvement” culture in health and safety rather than a “business as usual” culture. If everyone has a say in how to improve a process and can say so at any time and expect their suggestion to be reasonably considered and potentially implemented, that is anything but a stagnant environment. It is teeming with activity.

Leading and lagging indicators can be fitted into a diagrammatic view of cause and effect familiar to many as a “bow tie diagram”. Say an accident, or the diagnosis of an illness, occurs in the present (or as the late, great Stephen Hawking would say exists on the “event horizon”). Think of the famous accident triangle turned on its side; where the apex of the pyramid is the exact moment of harm. A range of different causal factors lead up to the accident which, given a subtle change in conditions, could instead have led to a near miss, or a different type of accident or no accident at all.  And a range of effects stretch forward over time; leading from that nexus (the point of the triangle), is another pyramid of future possibilities leading from the accident. The fact of the event creates information.

The above figure is an illustration of the data landscape around an event. You can use it as a model for an investigation, or more broadly as a way to ensure that your management systems obtain a balance of data from across the spectrum. There are several possible futures as a result of any event but many of them are familiar to us as the lagging indicators (or reactive data if you prefer) that one thinks of instinctively as the default measurements of success in health and safety: accident reports and statistics or sickness absence data. There are also the choices we made that lead up to the event, which can be discerned by looking at our proactive data/leading indicators (or not as the case may be). The more data we have the better we understand the causes and effects of that event. It is important to note that we can never hope to prevent an accident by dealing only with immediate causes. A commitment to learning from incidents necessitates we establish some system of inspection and auditing so that we can get to understand the underlying and root causes that lie behind them; a successful and effective management system is one in which all of those root and underlying causes can be captured and addressed.


Going forward…

  • Whilst it’s not a legal requirement to investigate every accident, it is remiss of organisations not to glean as much information as possible from every negative event that happens. It also ensures compliance with RIDDOR and early investigation. A systematic approach to accident investigation – with a “no blame” culture of learning – is an essential building block of a successful safety management system.
  • The total costs of accidents and incidents (insured and uninsured) needs to be accounted for, preferably as an abnormal loss transaction. Integration with accounting in this way makes sure these costs are accurately treated, just the same as other business costs, and that they get reported. Management shouldn’t just find out one day that they’ve had a lot of accidents but no indication of the associated losses of each. They should be appraised of the running total of losses from incident and error regularly. It will hone their commitment to improvement.
  • Health surveillance is not only the monitoring of the progress of disease but also a means of confirming that agreed controls are in place and working. Just as we look at long term financial health, we should have an idea of the level of compliance with controls, any disease burden due to failures on an organisation and understand future commitments such as pensions, healthcare funding and rehabilitation budgeting. People who are long term sick or incapacitated mustn’t be invisible (for lots of reasons). Financial data should also be accessible to health and safety personnel so that they can see the contribution they are making to the bottom line through “costs avoided”.

Working back…

  • Workplace monitoring essentially measures agents of harm in real time and is your way of demonstrating direct knowledge and control of the risk factors in your operations and provide assurance and improvement opportunities.
  • Inspections and surveys, observations, behavioural safety measures all help to identify and reduce unsafe acts and conditions and provide assurance and improvement opportunities. The approach to this activity must be systematic and risk based because it is labour and cost intensive to manage in this way
  • Auditing is our way to interrogate those management performance standards and make organisational changes that avoid a range of negative outcomes or recognise where performance has been achieved. We’re comparing what the business says it does with evidence that it does it and providing meaningful metrics to compliance assurance and to take action.

You will no doubt have some data being gathered in all these areas. The challenge here is to agree what is important as part of the planning process and then systematise it. And you may need to start budgeting for resources to ensure you can fill any gaps. But if you are already at the stage of maturity where there is a good range of both proactive and reactive data available to you, then now is the time to start setting those targets and objectives. You know what the data says about what you are. What do you want it to say in the future? What do you want your organisation to become?

It’s a cliché but the SMART[3] methodology does make sense here. Try putting in commitments that will push for improvements without being a hostage to fortune. The zero accident commitment might be a popular option but is it realistic? Is it achievable?

Performance standards that are written into the policy statement can provide you with that necessary authority to get things done but may be a bit invisible over the course of the year. Consider presenting your objectives in the form of a management report. Marketeers know how to get things read. You can include influential information from outside the usual sources. You can use imagery. Include stories about similar companies who’ve had accidents and run-ins with the law. A case study of a Director being jailed is worth a thousand accident stats. Everyone has seen a table of Accident Frequency Rates, but few Directors will know what they actually mean. And yet you actually want them to grasp this and consider funding and supporting a programme of improvement to prevent precisely those accidents and that ill health you’ve reported. They won’t do that for a table of figures. They will do that to avoid a damaging headline.

When a director chooses to seize on a line of figures and ask you about that one outlier, you will make more impact by knowing the story behind the accident rather than by speculating vaguely upon the possible meaning of the figures. All CEO’s have an internal narrative about what their company is about, what it stands for. Whether confirming or confounding that narrative, you are making an impression.

Another way to make your safety data even more influential is to show it alongside that of a competitor. Use your SIC code to find out who is directly comparable to you, phone them up and ask them their incidence and frequency rates for comparison and share yours (no shame in it; we’re all trying to get better aren’t we?).

The improvements you are after are based on risk as well as opportunity. One way to ensure you ring the Pavlovian bell is to survey your senior management first on what they think the biggest risks are. Either this will provide a blueprint for your strategy, or else will show just how much you need to educate them about the realities of their own firm. But suffice to say management will more readily fund improvements to manage risks they acknowledge. And if you can do it, get them to then commit to reducing those risks in public through a CSR report or a visible commitment.

When presenting policies and setting objectives it can be helpful to know where your organisations priorities lie:

  • In “innovation oriented” organisations – problem solving can be emphasised. Show people what the issues are and state how you intend to tackle them. Improvement is going to come from your genius for invention. Example: IBM, Tesla


  • In “process oriented” organisations – there should be milestones and KPI’s included. People should know how well they’re doing all along the way. You can trust people to be comfortable with data and how to interpret it, so you make it available. Improvement arises out of relentless incremental gains: Example: Toyota, Unilever


  • In “service oriented” organisations – the wellbeing of your earners and anything that draws positive attention from customers. Make H&S integral to CSR policies and get support for participating in awards schemes. Encourage philanthropy by combining corporate improvement with community involvement. Example: Deloitte, Freshfields


  • In “output and product oriented” organisations the integration of H&S with quality can really work. The corporate aim should be fewer defects, fewer errors, fewer mistakes, better products. Publish and learn from data, particularly the lagging indicators such as absence and near misses. The health and safety policy is about getting better at what we do. Example: Rolex, BMW


  • In “employee oriented” organisations your focus is on how working conditions and benefits are going to be improved. Highlight workplace risks and the results of employee surveys and state your commitment to fixing things. Example: Virgin, IKEA


There’s nothing dishonest about strategising like this. Health and safety practitioners need to get into – and get comfortable in – the boardroom. We can start by writing policy like we’re already in there using the language of the organisation, aligning with the organisational objectives and avoiding quoting the law.


In the next article we’ll take a look at implementing your plans, carrying out the differentiation and analysis of risk and deciding where to cut the most risk and put in place the best value preventative measures.


[1] https://www.bsigroup.com/en-IN/Our-services/Certification/

[2] From the Framework Directive 89/391 and Regulation 4 of the Management of Health and Safety at Work Regulations 1999

[3] Choose your favourites from:
S – specific, significant, stretching

M – measurable, meaningful, motivational

A – agreed upon, attainable, achievable, acceptable, action-oriented

R – realistic, relevant, reasonable, rewarding, results-oriented

T – time-based, time-bound, timely, tangible, trackable


Praxis42 management system year planner – download the whole article here


Mike Stevens – Client Service Director

Mike was one of the founders of Praxis42 back in 2001 and is a Chartered Health and Safety Practitioner with expertise in the development of management systems in complex organisation. Experience gained internationally with Mercury Communications, Cable Wireless and before that at RoSPA. Mike focuses on the Consultancy side of the business working with our clients to enable them to establish targets, objectives and metrics that help them meet their compliance and governance obligations.

Previous Article Next Article