Ensuring that psychosocial risk management meets legal requirements

Psychosocial hazards are fluid, cumulative and numerous, each carrying a varied level of risk that may change over time. It can often take years before the true impact of psychosocial and cultural risks becomes apparent, and simply undertaking risk assessments and surveys does not prevent harm — nor does it meet the legal requirements of psychosocial risk management. RANJEETA SINGH, founder of EnableOrg and a health and safety auditor, takes a look at how organisations can more effectively manage psychosocial risks in the workplace.

The legal requirement to manage psychosocial hazards is not new — in fact, it has been present in health and safety legislation across countries such as the UK, Australia and New Zealand for decades. All countries draw their health and safety legislation and high-level requirements from the same source — the International Labour Organization, a part of the World Health Organization. These health and safety regulations have always incorporated both physical and mental health. However, mental health is arguably more difficult to manage and has often been ignored or overlooked as a consequence. This all changed when COVID struck, and the ailing mental health of many workers was brought to the forefront globally.

Despite this, a great deal of misinformation still surrounds the concept of psychosocial risk management. Most workplaces genuinely want to get it right, but with many professionals being misinformed themselves, it can be difficult to achieve clarity and the successful implementation of robust risk management processes.

The importance of qualifications

In most countries, the requirements for managing psychological hazards are pretty similar. Any differences usually come down to technical things, such as the size of the personal and company fines or prison sentences employers in each country may face, or which hierarchy of control is preferred. Terms used in legislation, such as ‘competent’, ‘expertise’ and ‘qualified’ are the same across the board.

However, the true test of the legal requirement to be competent/expert in the field is to be in possession of tertiary qualifications. A person cannot possibly judge ‘reasonably foreseeable’ and ‘reasonably practicable’ if they are not qualified to understand organisational psychological needs and interactions, as well as how to manage risks within the requirements of health and safety legislation.

Google, LinkedIn and two-day ISO courses are not enough to achieve competency or expert status. When it comes to physical hazard management, no reputable organisation would hire anyone without the correct tertiary qualifications. Given the complex nature of psychosocial hazards, employers need to ensure they also have appropriately qualified individuals overseeing this aspect of workforce safety. In other words, an individual must possess qualifications in both health and safety risk management and organisational psychology to be fully competent for the role. Anyone implementing and conducting psychosocial risk management without these tertiary qualifications is failing to meet legal requirements, both for the organisation and for themselves as an individual. Not only that, but doing so can leave the individual/organisation vulnerable to fines and — depending on what the risk factors and fallouts are — prosecution.

How do organisations achieve compliance?

Simply undertaking risk assessments and surveys does not prevent harm, and does not meet the legal requirements of psychosocial risk management. Psychological assessments carried out by organisational psychologist consultancy firms and most software analysis only fulfil about 20% of legal requirements. The remaining 80% of compliance still comes from the subject matter expertise of risk management (a whole complex field in its own right) combined with health and safety management and legislation requirements.

In addition, assessments need to be carried out at specific frequencies to eliminate and mitigate risk. One-off surveys, or surveys conducted at random frequencies (as will often be the case without health and safety risk management knowledge), are a waste of resources that can lead to increased risk and failed legislative requirements.

Below are the key components of psychosocial risk management for compliance:

1. Psychosocial risk identification (20% compliance). This is often survey based, and must be carried out using psychologically validated surveys. In-house, self-developed surveys will not achieve compliance, and it is important to note that psychosocial is not the same as psychological safety. Organisational psychology qualifications are needed for this component.

2. Psychosocial risk assessment (20% compliance). This involves evaluating the outcomes of the previous step. Qualified expertise is needed to interpret the findings, both psychologically as well as knowing how and what the risks mean — both individually and cumulatively. Organisational psychology and health and safety risk management qualifications are needed for this component.

3. Psychosocial controls (20% compliance). This is critical, requiring a very robust knowledge of what controls are and how to implement controls that do not compete with BAU or other workplace factors. Organisational psychology and health and safety risk management qualifications are needed for this component.

4. Psychosocial control reviewing (20% compliance). This is critical, requiring a very robust knowledge of the frequency at which controls should be monitored, and how to implement cumulative control measures that do not compete with BAU or other workplace factors — as well as how to assess whether the right controls are in place. Organisational psychology and health and safety risk management qualifications are needed for this component.

5. Consultation (20% compliance). This does not merely mean asking people how the changes are going and encouraging them to provide their feedback. Health and safety legislation has specific stipulations as to who is responsible for what throughout the organisation, from top level to manager to frontline. They all have different legal responsibilities (with some overlap). Consultation includes incorporating these tiered and varied requirements. Health and safety legislative management qualifications are needed for this component.

Image credit: iStock.com/Thank you for your assistant