Anyone who has had any sort of formal training in safety
management or hazard mitigation is familiar with the hierarchy of controls. To
make sure we’re all on the same page, the hierarchy of controls is meant as a
decision-making hierarchy to assist people in choosing the most effective risk
mitigation measure. There are various versions of the hierarchy of controls,
but a typical one is shown below. 
Now most of the types of controls work by acting directly on
the object creating the risk. For example, ventilation (an engineering control)
reduces the number of toxic contaminants in a given atmosphere, reducing the
risk. Wearing fall protection PPE reduces the effect of gravity, reducing the
likelihood that one will fall
far enough and land hard enough to cause injury.
Elimination of a given process through design or redesign eliminates the risks
inherent in that process.
However, administrative controls are interesting because
they are the one control that actually does not directly act on the object creating
the risk. For example, a procedure that requires isolation of hazardous energy
sources before work can begin actually has no direct effect on the hazardous
energy. Instead, the procedure is designed to influence the worker who will
work around the hazardous energy sources.
When you think of other examples of administrative controls
you will probably reach the same conclusion – the control itself (rules,
procedures, regulations, training, etc.) doesn’t really manage risk. Instead, administrative
controls, following the logic, are designed to control people. It’s the people who control the risk.
If we were to graphically illustrate this, whereas other
types of control measures on the hierarchy work in an almost linear fashion on
the risk they are meant to control. You implement the control and the risk is
reduced.*
Administrative controls, by contrast, have an intervening
variable, the person.
To illustrate this point, imagine if the person did not
adjust their performance as a result of the rule, either because they didn’t
know about the rule or because the rule was unfollowable. In that case there
would be no risk reduction as a result of the rule.
Now, the fact that rules and other types of administrative
controls do not directly control risk and that people do seems pretty obvious,
and so many of you are likely saying “so what?”
Well, here’s the thing, that simple intervening variable of
the person may seem like a trivial point, but, in reality, it changes
everything. The change is so profound that if you treat administrative controls
(rules, regulations, policies, procedures, training, etc.) like you treat any
other type of control you likely will run into problems. As the famous
astrophysicist, Neil deGrasse Tyson, said recently on Twitter – “In science,
when human behavior enters the equation, things go nonlinear. That’s why
Physics is easy and Sociology is hard.”
To illustrate, here’s a few implications for rules based on
the idea that administrative controls don’t control risk, people do:
- The perspective of the rule follower is the only one that matters. For a rule to be effective it needs to make sense to the people who are meant to follow the rule. Often we see a violation of a rule and the first assumption is that the person is the one at fault because we clearly see how the rule makes sense to us. But we forget that our perspective doesn’t matter. We aren’t the one who has to follow the rule. This leads to the second point.
- Given how much we rely on rules (and similar), we should devote more attention to understanding the perspective of our workers. Much of safety is designed around creating a standard and then ensuring everyone follows the standard. But, building on the first point, perhaps we should begin to understand more about the people who work for us. How do they see the world? What makes sense to them? What do they see as the challenges that inhibit their ability to do safe work and would do they think adding a rule would do to that? The most important attribute of a safety professional is empathy and we need to practice it in this case through asking good questions.
- And in doing so we see that rules are often not used in the way we think they are – they are more like guidelines than rules. It’s pretty common to hear people speak of someone who violated a rule and point to other people in the organization saying “they aren’t having trouble following the rule.” But often we have no evidence to back up this claim. All we really know most of the time is that we don’t have evidence that people are violating the rule. Others could be better at covering it up, or, more commonly, others may not be violating the rule, but they aren’t following it. Think about it, as people get better at a task they often do the task without much thought. This means that the written rule is not really doing much to enable their performance anymore. Often times it’s quite the opposite, as we just put rules in place without helping people know how to follow them. In some cases the workers find the way to do the work according to the rule in spite of the rule, not because of it.
- And then we see that calling them “controls” at all is misleading. A rule doesn’t have the ability to control anything because it is really nothing more than a “good idea” at best. It’s probably better to think of them as “influencing factors” or “guidelines.” Anyone who thinks that people can be easily controlled is obviously not a student of history or the social sciences.
None of this is meant to imply that rules and other
administrative controls are not important and that they have no place in how an
organization manages itself. Rather, it is to say that we cannot ignore the central
role that our people have in managing risk. This is not a bad thing. In fact,
given how much is reliant on people we should marvel at how effectively people
manage risk, given that most of the time no accidents happen and “the trains
run on time.”
So what’s our role here as leaders in the organization?
Here’re a few points to consider and discuss:
- Rules should be resources for action. This means they should enable performance, i.e., help people know what they need to do to achieve goals. Ask your workers what rules help them get their job done and which ones do they merely have to overcome to get the work done. That will give you a clue as to where your rules are adding value and where they are holding you back.
- Have rules for your rules. We wrote a blog about this in the past, so you should check that out if you’re interested.
- Try conducting an Appreciative Audit on a rule or procedure. This requires taking a different lens to the audit – focus on identifying and appreciating how work is actually happening in a given process without judgment. Choose one rule or procedure in your organization and trace its movement through your organization. Start where the rule was developed (and why) and work your way down to how it is implemented, taking time to review how people have adopted the rule into how practice. Is it as was intended? Why or why not? Keep in mind what David Woods says – systems work as designed, but rarely as intended. What does how the rule/procedure was implemented tell you about how your system was designed and is functioning?
Have a particularly
troublesome issue with rule violations in your organization or just looking for
someone to bounce ideas off of regarding your administrative controls? Contactus today!
