This far into the pandemic, there is a huge amount of information and guidance for organisations around COVID-19 and what needs to be done to ensure compliance with regulatory and health requirements.  It does seem at times that organisations are so focussed on compliance, and ensuring the correct policies are in place and records maintained that the focus on managing COVID-19 risks can be overlooked. Many have been too busy to take a step back and look at the actual COVID-related risk, and consider whether is a risk in its own right or a cause that relates to existing documented risks.

When considering risks from the pandemic, the first one most people would think of would be the risk of staff or customers contracting and dying of COVID-19. Statistics in Australia at the time of writing indicate that there have been 28,905 cases, with active cases in the 2 digits range (information here).

With a population of 25 million and the current controls in place, the odds of actually contracting the virus at any given time is thus very low. And then with effective treatment, the recovery rate is very high (although in saying this we do recognise that there are still the long term effects of the virus that are very much an unknown at present). Hence the common perception of risk is mismatched with the actual risk.

When managing any risks from an ISO 31000 perspective, one should first consider the context.  In the case of COVID-19, in Australia, the context would include the above facts and statistics.

Following the assessment of the context, one should then be looking at identifying the risks – the ACTUAL risks and not simply the perceived ones. As indicated above, the most credible consequence of contracting the virus in Australia would be ‘moderate’ to ‘minor’ (to apply the typical descriptors) at present, with the likelihood being at the ‘unlikely’ or ‘rare’ level.  Depending on the risk matrix in use, this would typically result in a ‘medium-level’ risk.

However there are certainly other related risks to consider in the workplace. Additional health and safety risks may include:

  • Mental health risks arising from employee anxiety and stress as a result of isolation and the COVID19 climate.
  • Musculoskeletal injuries due to poor ergonomics in ‘work from home’ set ups.
  • Fatigue from working longer hours to meet high demand.
  • Aggressive customers (depending on the work sector).
  • Sensitivities from ongoing use of PPE (gloves, masks, soap or hand sanitiser).

Apart from the health and safety risks there are also a range of broader enterprise risks.  Putting aside any direct financial risks, other risks to consider would include:

  • Staff travelling interstate and being caught in snap border closures resulting in quarantine stays with the associated costs and time off work. Included in this risk would be the employer’s duty of care to the family of staff who have to quarantine because of work.
  • Reputational risk to the organisation should an outbreak be linked to it in any way.
  • Staff travel to and from work.
  • Staff engagement and retention.
  • Maintaining a positive workplace culture.

As can be seen from the above examples, the potential risks related to the pandemic are much broader than possible illness / death, and if we focus mostly on that overly simple risk alone, we’re in danger of failing to manage many more likely risks.

Whilst there is no direct legislative requirement to maintain a risk register (WHS or otherwise), legislation and good governance, does require that an organisation identify its risks and then manage them accordingly.  The most effective way to document risks during COVID-19 to ensure both compliance with regulatory requirements is maintained and that controls are systemically monitored, would the development of a COVID-19 Risk Register that includes both health and safety risks and broader enterprise risks.

Please contact QRMC for more information.