Skip to main content

Re-thinking your approach to HSE compliance

Part of the HSE management – Comply, improve, excel series

Some organisations have invested considerable resources in developing a granular, global, picture of their businesses’ Health, Safety and Environmental (HSE) legal compliance. Indeed, there are a number of niche service providers of this regulatory content, others have made little or no effort to formally recognise the detailed obligations placed on their businesses.

The fact that approaches can differ so considerably, suggests that the very detailed and potentially costly approach, isn’t universally effective or required – if it were, surely all organisation’s would be doing it by now?

There are several stages in developing a robust legal compliance framework; from identifying all applicable obligations, to translating those into meaningful business requirements, before evaluating current compliance levels and taking any action to address identified ‘gaps’.

It’s only this last action to address gaps, that has any real bearing on risk level – and in practice, many of those ‘gap closing’ activities may simply be about tick-box compliance, rather than addressing real risk – which if significant, would likely have been revealed elsewhere, already.

"In practice, creating a granular register for legal compliance will do little to exercise this duty [to manage risk]"

Those who’ve taken a detailed approach may look over the fence with frustration, wondering how their less well-structured peers are surviving without a detailed and granular process in place. We have seen a few factors in play:

  • Practically all organisations have access to suitably competent HSE resource. This resource can guide the business toward good practice informed by vocational qualifications and prior experience;
  • In a world where it’s increasingly common to experience more than one employer during your working life, new hires bring with them experience, including HSE knowledge, gained from other organisations and may help to spot any obvious gaps. We average six employers in a lifetime, according to Association of Accounting Technicians (AAT); and
  • At the heart of HSE, particularly in the UK, organisations are legally obligated to ‘manage risk’. Such a duty has no clear endpoint, and in practice, creating a granular register for legal compliance will do little to exercise this duty. Therefore, regardless of the chosen approach to legal compliance, all organisations are primarily engaged in a pursuit to ‘manage risk’ which may be unique to their operations.
"Whilst there’s no clear answer, there absolutely is a case for all organisations to take stock of their approach to legal compliance"

Of course there is more to the story; ISO standards for HSE imply a need to document relevant legal requirements, many of the fundamental duties placed on business are common across multiple jurisdictions and so are familiar to most, and in some cases, organisation’s develop their own ‘ruleset’ which is seen to supersede specific local legal requirements; instead taking the most stringent local requirements and applying them globally.

Whilst there’s no clear answer, there absolutely is a case for all organisations to take stock of their approach to legal compliance, to understand where they sit between the coordinates of a granular register and ‘not knowing’, before asking whether they are where they need to be.

The place businesses ‘need to be’, invariably, is the place that enables them to best manage the risk of harm, with the finite resources available – a complex legal compliance programme may therefore be counter-productive for some.

Determining where you are, and should be

Answering some headline questions could be useful in framing the conversation for your organisation:

  • How diverse are your operations, both geographically and in the activities you perform, are you at increased risk of encountering unusual internal practices, or external requirements?
  • What degree of assurance is comfortable to your organisation compared to the effort to maintain that assurance, is ‘clause level’ confirmation of compliance essential?
  • Is your organisation managing risk well, thereby reducing the chance that a technical compliance issue could result in harm and therefore trigger regulatory action?
  • Is your organisation connected well within the industry, exposing you to good practice and learning opportunities between peers?

Complexity and strong performance are not inherently linked, and that’s almost certainly the case when managing HSE risks. There should be clear line of sight between any investment of effort, and a proportionate benefit to the organisation. Putting a scale to the benefit you expect to realise from investing in a HSE regulatory compliance programme should be core to determining type of approach will best fit your organisation.

Sign up to the latest updates