With so much 'out there' it is often confusing as to what exactly is Legal Psychosocial Compliance, and what is not. And what are the requirements for a Healthy Culture and how does Compliance needs address this.
When I was at a WHS summit 2 years ago in Sydney (so not a small town in the middle of nowhere) someone asked me why I was in the area of work of Psychosocial Risk Management because 'it's so obscure and niche, why such a small area of focus". Which was news to me as a WHS professional certification & compliance lead auditor. As far as I knew this was literally half the legal requirement of all workplaces to ensure workplace safety & health, entire departments being dedicated to this in some larger organisations. Fast forward to current times and people everywhere are talking about 'psychosocial'. It's great to see people moving forward on this trajectory and maturity in thinking within the field. But with all things 'new' when you're figuring out the path while you're on it you're not likely to be able to tell when you're veering off it towards a trendy trend cliff rather than moving towards your desired end point destination. (no doubt someone is going to chime in here to comment on how psychosocial factors are not an end point but a continual journey.)
Auditor vs investigator? Auditor systematically checks entire organisational processes for risk management effectiveness to ensure risk mitigation BEFORE incidents, accidents happen, and compliance is met. Proactive risk management. An investigator investigates an accident AFTER it has happened to find the cause through process outcome. Reaction to risk failings.
Psychosocial Risks Compliance is by far the most misunderstood workplace concept at present. The conversation has come a long way in the last 2 years. But the problem with finding your way as you go is you don't if the way you're going is on the right path. So you in good faith to 'consultants' looking for proficiency based guidance. It may also surprise you to know that most softwares and consultants along this way are equally trying to find their way in this field. And are not proficiency based.
Not understanding these requirements likely leads to incomplete Compliance implementation, wasted money, time, personnel and other resources managing insufficient support, increased risks, incidents, accidents and injury from gaps in management requirements and employees continually experiencing injuries and unnecessary deterioration of wellbeing, mental health and psychosocial risks. Also leading to increased risks and revenue loss and increased insurance costs.
Australian Work Health and Safety Act 2011: Management of risks
A duty imposed on a person to ensure health and safety requires the person:
(a) to eliminate risks to health and safety, so far as is reasonably practicable; and
(b) if it is not reasonably practicable to eliminate risks to health and safety, to minimise those risks so far as is reasonably practicable.
New Zealand Health and Safety at Work Act 2015: Management of risks
(1) A duty imposed on a person by or under this Act requires the person—
(a) to eliminate risks to health and safety, so far as is reasonably practicable; and
(b) if it is not reasonably practicable to eliminate risks to health and safety, to minimise those risks so far as is reasonably practicable.
(2) A person must comply with subsection (1) to the extent to which the person has, or would reasonably be expected to have, the ability to influence and control the matter to which the risks relate.
It should not be surprising the 2 countries have identical wording. Australian & New Zealand legislation were both adopted from the UK legislation. Yes these are federal requirements before people start piping up in the comments about State requirements being different. The difference are in Controls, Codes of Practice, etc NOT Legislation. They are not the same thing.
Legislation
Codes of Practice are not Compliance, they are only guides to establish best practice
Wellbeing is NOT a legal requirement. It is only in the Code of Practice
Code of Practice
Key differences:
Psychosocial Risk Management of surveying to measure work demand, job control, role clarity, support, reward/recognition, bullying etc, is not Legal compliance. Risk Elimination (or Harm Prevention) of causes of work demand, job control, role clarity, support, reward/recognition, bullying etc, is what legally must be done, first.
Unless not reasonably practicable, "A person must comply with subsection (1) to the extent to which the person has, or would reasonably be expected to have, the ability to influence and control the matter to which the risks relate."
ie, not knowing the difference between surveying work demand, job control, role clarity, support, reward/recognition, bullying and eliminating risks of work demand, job control, role clarity, support, reward/recognition, bullying is not acceptable
Compliance: Employers must comply with legislative requirements related to psychosocial risk management.
ie Psychosocial Risk Surveys are not themselves Compliance. Or hazards! Psychosocial Risk Surveys are only the starting point to know 'what' avenue to explore to Eliminate
The literal wording in the legislation, which supersedes ALL codes of practice (COP), standards, policies etc is "Eliminate Risk" FIRST, and minimise is ONLY if prevention is not reasonably practicable. Not because the implementor doesn't know what elimination, or harm prevention, is.
Act exposure. Most people are never exposed to the actual legislative wording (and therefore requirements) because mostly it is the Codes of Practice that they are exposed to. One notable reason being legal acts are written in lawyer speak and confusing for the lay person. This however doesn't change that wording in the Act is what will be prosecuted and fined to in Courts. Not COPs. It is up the PCBUs responsibility to know and implement the legal requirements. Because Legislative Acts are often confusing for lay people, regulators put out COPS as GUIDELINES on how to set up frameworks to help meet legal requirements. ie
Psychosocial Risk Management to survey and 'control' work demand, job control, role clarity, support, reward/recognition, bullying etc. is guide to BEGIN to know what to investigate and THEN to establish how to "eliminate risk". Surveying here does not 'Eliminate Risk'
Risk Management is also a whole field in itself. The knee jerk reaction has been to hand the entire psychosocial requirements over to Org. Psychs./Sociologists. When in reality they only have specialisation to INFORM psychosocial risks, not manage them as Risk Management requires. Risk 'elimination' 'mitigation' 'minimisation' are very specific Risk Management requirements in how they are done, and how to know when to make changes. The scope of which is out of organisational psychology or sociology.
New field. For the vast majority. Most people are trying to find their way. And like most people new to something, what the 'known' and 'most people are doing it' avenue is what makes up the collectively understanding. Till prosecutions make it explicit where the lines, limits and expectations are. Which is, unfortunately, only then when people's accepted thinking changes. We all saw this with physical safety, for decades of wrong implementation. Yet the legal requirements were always there.
The first and foremost legal requirement is Psychosocial Elimination, wording in the Act (across Au, NZ, UK and more). All other mitigation, COP, policy requirements are carried out after this ie
before any Standards eg ISO 45003 and operational docs eg in-house bullying policy become relevant
If there was an external investigation into a workplace psychosocial event, it would be the primary legislation requirements for Risk Elimination/Harm Prevention that any non-compliance would be raised against.
The first psychosocial prosecution was in 2013, for bullying. Nowhere in the findings of what the failing were did they talk about surveys, policies, training, ISO 45003 or even the bullying itself as the reason to bring charges.
Psychosocial surveys to measure work demand, job control, role clarity, support, reward/recognition, bullying etc, are themselves NOT meeting legal compliance. You're also not preventing harm or fixing things in a preventive manner which is what is required to eliminate risk. All these psychosocial risks have already happened by the time you send out these surveys to ask how bad it is. And used about 80% more time, personnel, money and other resources logging, investigating, fixing this harm compared to if this harm was prevented in the first place. And the root cause that results in each of these psychosocial risks is not addressed or fixed. So all you end up doing is re-measuring the same psychosocial risks every time you do a survey in an endless reactive, time and revenue hungry cycle.
From a compliance perspective, if you aren't harm preventing, all your COP workplace aggression, bullying, sexual harassment etc are inherently going to be increased not properly mitigated. From an operational perspective, people are going to be at increased risk of making mistakes and increasing incidents, from an organisational point, high turnover, burnout, low productivity, revenue losses. All avoidable. With preventive management. Which NOT will come from psychosocial risk surveys.
In risk management terms, and the literal LEGAL requirement is psychosocial RISK MANAGEMENT, these are all lag indicators. The common psychosocial risks "survey & fixes" is not compliance, it is only an evaluation. Current Work demand, job control, role clarity, support, reward/recognition, bullying etc all lag after foundational issues and measuring here is reactive management. Unnecessarily leaving employees exposed to psychosocial risks that could have been prevented with lead indicators, which are upstream causes of all these work demand, job control, role clarity, support, reward/recognition, bullying etc risks.
E.g. bullying will 100% NOT BE PREVENTED with policies, reporting, investigating, training, mediation, more surveys. People vastly bully because they are experiencing chronic stress from multiple organisational factors that have gone unchecked for years and react and take out this stress onto other people. Which keeps going unmitigated. Because another psychosocial risk survey has come their way. Rather than address the underlying dynamics. Same as all the other psychosocial risk lists people survey as current understanding. This is what the legal system says.
Just picking up an item, or few, from 'lists' of controls and throw them in after doing a psychosocial risk survey, thinking they are putting 'controls' in place. Often with their interpretation of legal requirements to 'monitor' and 'review' controls translated as 'monitor which random we are calling controls are closed vs pending vs outstanding and 'review with another survey'. Or worse, after doing this, go 'that's us controls our risks for a year, we'll have a look at the 'controls' in year'!
This is the equivalent of you going to see your GP and they hand you a bag of pills and say 'have a go at these and see if it cures you................
'Controls' are specific in requirements to manage risks and hazards. Just because you have one or several in place for identified risk out, DOES NOT mean they are the right control, or even controls at all for that particular risk in that specific environment.
And correct controls in place this month may no longer be appropriate controls in 3 months as psychosocial risks are invisible, dynamic and cumulative and the causes may change in 3mths to interact differently where you will need new controls. The ONLY way to know this is with proficiency in RISK MANAGEMENT, and qualified understanding of psychosocial dynamics.
And it's hard to know which consultants & softwares are proficiency based and which are more of the same generic nonsense. In the age of internet and mass marketing most will rely on the first google hit, marketing or event speakers. But you can buy your way to the top of those platforms, and have zero subject matter expertise. So let's break it down to the obvious low hanging fruit of recognising reputable from not.
It's also worth highlighting here that physical risks tools like risk matrix, risk registers, risk heat maps, swim lanes, ICAM etc are all completely ineffective tools to try to apply to psychosocial risks. They simply do not work because these latter risks are a completely different animal in dynamics to physical risks where these are appropriate.
The literal definition of Consultant is "Expert advisor: Provides specialised knowledge and expertise to organisations or individuals." If you are an organisational psychologist, there is no proficiency to accommodate "specialised knowledge and expertise" for H&S Risk Management or H&S Compliance, by definition.
Looking at you Flourish Dx, who have been replicating mine and EnableOrg's content and claiming it as their own for years. Yet still consistently not meeting psychosocial RISK MANAGEMENT requirements, and therefore not meeting COMPLIANCE. As Jason's claims of proficiency and 'propriety' formula appear to change with each of my compliance posts. Though 'risk management' or 'compliance' is specific requirements that you either carry out as required, or not, and can not possibly be 'propriety formula', unless it is non compliant. No doubt talk about being experts in Harm Prevention or Risk Elimination will pop up as their newest propriety claim after posting this post....................
Psychological safety does NOT establish a Healthy Culture. It is the other way around
PsychoLOGICAL safety, PsychoSOCIAL safety, Psychosocial risks, wellbeing, mental health are all very different things. Not interchangeable terms
Anything measuring or talking about moods, sleep, fatigue, burnout, stress is NOT psychological wellbeing. It is stress management, related but not the same
Wellbeing does NOT result in Mental Health. Really
Founded by a certification compliance WHS Lead Auditor, EnableOrg® was established by a real need for credible information and practice. Whilst carry out audits, most non-compliances were due to either 'google' solutions implemented or external consultants and apps that had no subject matter expertise behind them. Disheartened at always having to tell people the consultant or software they had invested in wasn't effective or doing what it portrayed, being at the start of the implementation journey was solution born.
With workplaces wanting to do the right thing, but with endless claims 'out there', and providers often churning out the same generic piece-meal misunderstood psychosocial, wellbeing, mental health and culture pitfalls, and always being at the end of implementation, after copious money was spent, time was consumed and risks had been unnecessarily increased, that these ineffective solutions were picked up at the end of an audit, our founder decide being at the start of the process and educating along the process was a far more desirable avenue to offer.
So built with Organisational Psychology, legislative WHS Risk Management and the inventors of ISO input, EnableOrg® was founded. No generic piece-meal misinformed ineffectiveness. Just expertise consulting, training, Software-compliance & healthy culture management & Leadership Development.
