Occupational safety and health management and risk governance
Anja Dijkman and Jeroen Terwoert, Netherlands Organisation for Applied Scientific Research
- 1 Introduction
- 2 Risk governance
- 3 Ambiguity, uncertainty and complexity of risks
- 4 When and how to organise stakeholder involvement and participation?
- 5 The precautionary principle
- 6 Can uncertain risks be managed within occupational safety and health management systems?
- 7 Risk perceptions and acceptance of risks
- 8 Risk Communication
- 9 References
- 10 Links for future reading
The advancement in new technologies, substances and new ways of working make it necessary to look beyond traditional methods of risk management. General drivers to emerging occupational safety and health (OSH) risks are: globalisation; demographic changes; technical innovations and digitalisation; changes in risk perception; and an increase in natural hazards. OSH issues affected by these rapid developments are, for example: physical risks associated with inactivity; psychosocial risks; work intensification and increased job demands; violence and harassment at work; and the use of emerging dangerous or unknown substances (e.g. exposure to Nano-particles and electromagnetic fields). A new and broader approach to dealing with risk management in the workplace, in particular when the risks concerned are relatively new, is ‘Risk Governance’.
Working with new technologies and uncertain risks has an impact not only on occupational health and safety policies in the workplace, but also outside the workplace (community and societal). Although in the case of a known safety risk, the time and place of the event are often unknown, the likelihood/probability of the event, the nature of the event and the likely outcome can be determined (at least statistically). In the case of a health risk, the dose-response relationship, the nature of the effect and the effect size are known. Validated models are often used to assess such health risks.
For ‘uncertain risks’ the uncertainty is more fundamental; the likelihood/probability and/or the nature of the effect and the effect size are unknown. For example, for assessing the risks of nanomaterials remains difficult since there are no robust quantitative data to underpin the evaluation of hazard, exposure and health effects. Uncertainty makes it difficult to quantify hazard or assess exposure and effects for highly complex and emerging threats.
Dealing with uncertain risks in the workplace means, therefore, that several stakeholders need to be involved, internal and external to the organisation (e.g. suppliers and users, the community, local government, etc). Therefore, OSH professionals working in an environment with new production techniques need to adopt a broader approach when assessing the risks in the workplace. An integrative risk management concept that is being used more and more frequently and which deals with the uncertainty of risks arising from new production techniques is called risk governance. Risk governance is a comprehensive approach for dealing with risks which is sensitive to the context. It reflects the fact that decisions in modern society are no longer taken only by governments, or company executives in a ‘top down’ fashion. Instead, decisions are arrived at by involving all parties concerned. The application of such ideas to risks and risk-related decision-making is termed risk governance.
Risk governance: the identification, assessment, management and communication of risks in a broad context. It includes the entirety of actors, rules, conventions, processes and mechanisms concerned with how relevant risk information is collected, analyzed and communicated, and how and by whom risk management decisions are taken (Renn, 2008).
The idea of risk governance involves a paradigm shift that helps professionals acquaint themselves with the broader concept of risk.
Many questions need to be answered on how to deal with uncertain risks in the workplace. This article will provide answers to some of the questions concerning risk governance and its relationship to OSH management. For example, what are uncertain risks? Can uncertain risks be managed within OSH management systems? How can one recognise situations in which uncertain risks are in place? What can be said about risk perception? Is an uncertain risk a matter of perception or an objective fact? How can we start up a risk governance process in order to deal with uncertain risks? Who are involved and who are the ‘actors’? Should risk communication be carried out and how? And when should we put the precautionary principle in place?
The risk governance framework of the International Risk Governance Council (IRCG), Figure 1 was developed to assist policymakers, ‘captains of industry’, regulators, risk managers and OSH professionals understand the concept of risk governance and how to apply it to the way they deal with risks. The framework provides a thorough overview of the activities involved in dealing with (uncertain) risks. The framework (Figure 1) distinguishes activities associated with understanding a risk (awareness, appraisal and evaluation) and deciding what to do with the risk (management). This segmentation of activities also allows for a clear separation of the responsibilities for risk appraisal and management (decision making). The role of communication in the risk governance framework is crucial. Communication connects the activities of the organisation with stakeholders and the general public as well as within the organisation itself. The aim of communication is to provide a basis of trust and support for responsibly governing risks. Dependent on the nature of the risks and the context for making risk management choices, communication will serve various purposes.
Ambiguity, uncertainty and complexity of risks
Ambiguity is a result of divergent and contentious views on the justification, severity or broader significance of a given threat. In relation to risk governance it means ‘giving rise’ to several meaningful and legitimate interpretations of accepted risk assessment results. A distinction can be made between normative and interpretative ambiguity. Normative ambiguity relates to different views about what is acceptable from an ethical perspective, e.g., with regard to the quality of life or the distribution of benefits and risks throughout the population. Interpretative ambiguity relates to differing interpretations of identical research results. For example, when a certain chemical is “not classifiable as to its carcinogenicity to humans” according to the International Agency for Research on Cancer (IARC category 3), it means that there is inadequate evidence of carcinogenic effects in humans, and inadequate or limited evidence of carcinogenic effects in animals. Consequently, authorities or Non Governmental Organisations (NGOs) may regard the substance as a ´suspected carcinogen´, while industry may conclude that the substance has not been (definitely) classified as a carcinogen.
Uncertainty refers to the lack of scientific certainty about hazards, the levels of exposure, the effect of these hazards and exposures, and the resulting risks. Sources of uncertainty include, for example: natural hazards, such as earthquakes or tsunami; and unpredictable hazards, such as those stemming from the behaviour of individuals. Uncertainty also arises from limitations to our current knowledge, such as the uncertain (unpredictable) effects of social and technological developments (e.g. the positive and negative impact of flexible working hours on the interference of work and family life). Uncertainty which arises from limitations to our current knowledge is termed epistemological uncertainty. Epistemological uncertainties can take various forms, ranging from measurement errors, or a lack of observations or measurements to contradictory research results. In the daily operations of a business using new technologies and where knowledge is continually evolving, a suitable risk governance policy can help account for uncertainties.
Complexity of risk is when it is difficult to identify and determine (dynamic) links between multitudes of potential causes and observed (perhaps long term) effects. Complexity and continuous changes mean that cause and effect are not closely related in time and space and often more difficult to distinguish.
All three risk characteristics are not necessarily independent of one another. Uncertainty often results from the failure to reduce or eliminate complexity when modelling cause-effect relationships. In turn, significant complexity and uncertainty often results in differences of interpretation and valuation, which facilitates ambiguity of risks. Conversely, ambiguity can give rise to uncertainty. Most risks present a mixture of complexity, uncertainty, and ambiguity. For instance, passive smoking is characterised by low complexity and uncertainty, but high ambiguity while nuclear energy is characterised by high complexity and high ambiguity, but relatively little uncertainty.
When and how to organise stakeholder involvement and participation?
It is important to involve several stakeholders when the work comprises new technologies and when risk perceptions (often negative) may affect employees, the general public, as well attract the attention of the media.
Table 1 gives an overview of suggestions for participation with respect to 4 risk classes of risk: simple; complex; high uncertainty; and high ambiguity.
The precautionary principle
When there are potentially serious risks with large scientific uncertainty the precautionary principle can be applied. Although not clearly defined, the precautionary principle is a process involving prescribed steps to which conditions and rules are attached and frequently tailored to specific topics. The common elements that can be found in virtually all descriptions of the precautionary principle are: uncertainty; damage; consideration of the pros and cons (including cost-benefit analysis); a transparent decision-making process; stakeholder involvement; and an active policy. Often the following description of the precautionary principle is used: "When an activity raises serious irreversible threats of harm to the environment or human health, precautionary measures should be taken even if some cause and effect relationships are not fully established scientifically."
The precautionary principle is a moral and political principle. It aims to provide guidance for protecting public health and environment in the face of uncertain risks, stating that the absence of full scientific certainty shall not be used as a reason to postpone measures where there is a risk of serious or irreversible harm to public health or the environment.
Definitions of the precautionary principle contain two key elements:
- To anticipate harm before it occurs.
- The establishment of an obligation.
Which means in practice:
- measures should be taken to reduce (potential, anticipated) severe irreversible risks as much as possible; and
- there are sound indications that there may be a risk, although as yet, it is not certain whether this risk will actually occur.
As a result, the precautionary principle does not suggest a standstill, but it requires all stakeholders (industry and policymakers) to actively investigate potential risks, take proactive measures to reduce risks, and be open and transparent to all stakeholders. Although application of the precautionary principle is not the same as preventing or prohibiting activities, in some cases it may be the most appropriate approach. Such a prohibition following, for example, the introduction of a new technology or the use of certain materials or processes, can be formulated in terms of a ban (for a limited period of time) that requires further studies to be carried out.
What approach is best in a situation where new technologies or products become available and the effects on human health or the environment can not yet be predicted with any accuracy?
Uncertainty about ill-health or damage to the environment calls for a policy in which precaution is the prime focus. However, that does not necessarily mean that these technologies or products should be kept off the market or banned. Rather, the precautionary principle should be seen as a strategy for dealing with uncertainties in a way that is careful, transparent and tailored to the situation at hand. The outcome is not a foregone conclusion.
The fields of nanotechnology, biotechnology, digitalisation, artificial intelligence, synthetic biology, food safety, sustainable energy production and security are ones that have a high technological and scientific content. At the same time, they carry with them social concerns, ethical issues and major democratic challenges. Therefore, it is important that politicians and the public have insight into the risks so that societal decisions are made with awareness. Participation and communication in the process of risk assessment, decision making and the implementation of actions are a crucial element in the process of risk governance and the application of the precautionary principle. A good example of the application of the precautionary principle is ‘REACH', the European Community Regulation on chemicals and their safe use (EC 1907/2006). REACH governs the Registration, Evaluation, Authorization and Restriction of Chemical substances, which became law on 1st June 2007. Article 1 of REACH says: This Regulation is based on the principle that it is for manufacturers, importers and downstream users to ensure that they manufacture, place on the market or use such substances that do not adversely affect human health or the environment. Its provisions are underpinned by the precautionary principle. The precautionary principle is a cornerstone of EU decision-making. The principle can be used to enable and promote democratic, transparent and inclusive decision-making processes in which different voices are heard and considered in cases when regulators have to take decisions in advance of scientific ‘certainty’. The EU has issued a communication on how to apply the precautionary principle in decision-making in 2000. But, the precautionary principle is also been criticised as an obstacle to innovation. This tension between innovation and precaution is also emerging in the field of artificial intelligence (AI). The implementation of artificial intelligence poses major challenges to society. It is clear that AI has many benefits and can bring solutions to societal problems such as treating diseases. But AI also entails risks, because it can cause both material damage (safety and health of persons, including loss of life, damage to property) and immaterial damage (loss of privacy, human dignity, discrimination). Also in the workplace, the use of AI may bring about benefits as well as lead to new risks. The EU-OSHA discussion paper OSH and the future of work: benefits and risks of artificial intelligence tools in workplaces. To address the issues the EU Commission supports a regulatory and investment oriented approach with the twin objective of promoting the uptake of AI and of addressing the risks associated with certain uses of this new technology. The EU Commission has published a report (2020) on the safety and liability implications of Artificial Intelligence, the Internet of Things and robotics. This report is the basis of the adaptation of the EU regulatory framework, especially on product safety aiming at ensuring safe and reliable products, to take into account the risks of AI.
Can uncertain risks be managed within occupational safety and health management systems?
Whilst OSH Management Systems (OSH MS) can be a valuable method for the improvement of health and safety it may not be the most appropriate approach. What is the value of OSH MS in the process of risk governance?
OSH MS are an on-going process, requiring constant interpretation, adaptation, anticipation, and monitoring (e.g. with regard to ‘hard’ and ‘soft’ risks, newly emerging risks, such as psychosocial risks, or those stemming emerging technology like nanotechnology, biotechnology etc). They alter over time due to changes in the way businesses operate, societies develop, and priorities and risk perceptions of the internal and external stakeholders change. Therefore, the functioning of OSH MS involves dynamic complexities, uncertainties, and ambiguities. There is no doubt that an OSH MS is of benefit to risk (pre-) assessment and risk appraisal during the process of risk governance. For example, it should include an early warning system. There should be dialogue and management review to contribute problem framing, and internal and external stakeholder involvement in the identification of hazards and exposure, and the vulnerability of management. Stakeholder involvement and participation should be considered during the assessment, identification and prevention of risks. How and when OSH management professionals should organise stakeholder involvement depends on the characteristics of the risk (see table 1).
Risk perceptions and acceptance of risks
Management of risk perceptions
Risk perception is the subjective judgment that people make about the characteristics and severity of a risk. The perception of risks is most commonly used in reference to natural hazards and threats to the environment or health, such as nuclear power.
At the individual and societal level risk perceptions can be distinguished as: acceptable, tolerable and constrained risks (see table 2 for definitions and examples of these risks).
OSH management professionals should be aware that the different risk perceptions of stakeholders can influence the way risk governance is implemented. When new risks or uncertain risks are involved, one cannot limit the management of risks in the conventional way by simply assessing and managing the risks. In addition there is a need to asses and manage the perceptions of the risks among all (internal and external) stakeholders in order to create trust and prevent unnecessary fears and opposition (IRCG). Social learning is required in order to find ways to discuss uncertainty, complexity and/or ambiguity. The key challenge is to facilitate successful and meaningfully interaction between the various ‘actors’ (e.g. employees, management, users, suppliers) with their different backgrounds. Social learning is required to find what type of communication, when and with whom is important. Furthermore, communication depends on the context in which it occur, as political culture, dominant social values and trust relationships vary between actors.
OSH professionals should be aware of the way risk perceptions and risk awareness is established, as this is dependent upon the workplace, the users and suppliers, and the community in which the business operates. Risk perceptions are also influenced (or manipulated) by the (social) media Therefore, media influences need to be taken into account during the process of risk governance.
Several theories have been proposed to explain why different people assess risks in different ways. Three major kinds of approaches have been proposed: psychological (heuristics and cognitive); anthropology/sociology (cultural theory) and interdisciplinary (social amplification of risk framework).
Social amplification of Risk Framework
The interdisciplinary approach of Social Amplification of Risk Framework (SARF) is a method to map effects and gain an overview of the risks involved. The framework states that risk events interact with individual psychological, social and other cultural factors in ways that either increase or decrease public perceptions of risk. The behaviours of individuals and groups then generate secondary social or economic effects, while also increasing or decreasing the physical risk.
SARF combines research in psychology, sociology, anthropology, and communications theory. The framework also outlines how communications of risk events pass from the sender via intermediate stations to a receiver and in the process stimulate or reduce perceptions of risk. All links in the communication chain (e.g. individuals, groups, media, etc.) contain filters through which information is sorted, processed and understood.
In the mapping and overview conducted with SARF, effects can be divided into: mental perceptions at an individual, business, community, industry, and societal level. Eventually this overview is helpful for determining the risks and the communication strategy.
The most important aim of risk communication is to build mutual trust by responding to the concerns of the public and relevant stakeholders. Above all, risk communication should assist internal and external stakeholders in understanding the outcome of risk assessments and the decisions about risk management. Effective risk communication enables stakeholders to make informed choices, as well as creates trust.
Risk communication is important part throughout the risk assessment process, from framing the issues to the monitoring of risk management decisions and their impacts. Communication needs to ensure that those central to appraising and/or managing the risks understand what is happening, how they will be involved, and what their responsibilities will be. Others involved, but outside the immediate risk appraisal or risk management process, should be informed. However, risk communication in the context of risk governance is not simple. It is not just a matter of bringing people together. Risk communication and trust are delicately interconnected. Communication is closely connected to a multiple actor process in which the aspect of social learning is crucial.
There are two important tasks for risk communication:
- To establish a close communication link between all those involved in the pre-assessment and judgments of risks;
- To communicate risk appropriately internally, as well as externally to the outside world. This requires an extensive consideration of different viewpoints and agenda’s, including those of the media, the general public and others, in order that objective information is conveyed about the risks.
Risk communication plays an important role in responding to the questions people might have, informing them about potential risks or reassuring them about their safety. It is therefore important to collect information about perceptions, concerns and knowledge about the risks. Communication with all stakeholders and the broader audience should provide input into the learning process and build a comprehensive program of risk management and risk governance.
- Houtman, I., Douwes, M. De Jong, T., Meeuwsen, J.M., Jongen, M., Brekelmans, M., Nieboer-Op de Weegh, M., Brouwer, D., Van den Bossche, S., Zwetsloot, G., Reinert, D., Neitzner, I., Hauke, A., Flaspöler, E., Zieschang, H., Kolk, A., Nies, E., Brüggemann-Prieshoff, H., Roman, D., Karpowicz, J., Perista, H., Cabrita, J., Corral, A., New Forms of Physical and Psychosocial health Risk at work. A specific study request for the European Parliament under the framework contract Health and Safety at the Workplace. TNO report R08738/031-12152.01.02, 24., July 2008.
- Trump, B., Hristozov, D., Malloyn T., Linkov, I., Risk associated with engineered nanomaterials: Different tools for different ways to govern, Nanotoday, vol. 21, 2018, pp. 9-13. Available at: 
- Erbis, S., Ok, Z., Isaacs, J.A., Benneyan, J.C. and Kamarthi, S., Review of Research Trends and Methods in Nano Environmental, Health, and Safety Risk Analysis. Risk Analysis, 2016, 36: 1644-1665. Available at: 
- IRGC. Introduction to the IRGC Risk Governance Framework, revised version. 2017. Lausanne: EPFL International Risk Governance Center. Available from: 
- Renn, O., Klinke, A., van Asselt, M., Coping with complexity, uncertainties an ambiguity in risk governance: a synthesis. Ambio, 40, 2011, pp. 231-46.
- Renn, O., Risk Governance, Towards an integrative approach, White paper no. 1., International Risk Governance Council (IRGC), 2005.
- Zwetsloot ,G.J.I.M., Gort, J., Zwanikken, S., Steijger, N., van der Vorm, J., Gallis, R., Starren, A., Safety in a complex world as the result of co-creation and co-learning by key agents. In: Safety Science Monitor, 2007.
- Renn, O. Stakeholder and Public Involvement in Risk Governance. Int J Disaster Risk Sci6, 8–20 (2015). Available at: 
- EU Commission, Communication from the commission on the precautionary principle. COM(2000). Available at: 
- Bijker, W.E., d. Beaufort, I.D., Berg, A. v.d., Borm, P.J.A., Oyen, W.J.G., Robillard, G.T., et al. A response to 'Nanotechnology and the need for risk governance', 2007.
- Regulation (EC) No 1907/2006 of the European Parliament and of the Council of 18 December 2006 concerning the Registration, Evaluation, Authorisation and Restriction of Chemicals (REACH), establishing a European Chemicals Agency, amending Directive 1999/45/EC and repealing Council Regulation (EEC) No 793/93 and Commission Regulation (EC) No 1488/94 as well as Council Directive 76/769/EEC and Commission Directives 91/155/EEC, 93/67/EEC, 93/105/EC and 2000/21/EC. Available at: 
- EU Commission, The precautionary principle: decision-making under uncertainty, Science for Environment Policy, Future Brief, September 2017, Issue 18. Available at: 
- EU Commission, Report on the safety and liability implications of Artificial Intelligence, the Internet of Things and robotics, COM/2020/64 final. Available at: 
- EU-OSHA, European Agency for Safety and Health at Work, OSH and the Future of Work: benefits and risks of artificial intelligence tools in workplaces, Discussion paper, 2019. Available at: 
- EU Commission, White paper: On Artificial Intelligence - A European approach to excellence and trust, COM(2020) 65 final. Available at: 
Links for future reading
Andersson, K., Research, K., Soneryd, L., SCORE, Stockholm University Risk Governance discussion document. Comparison of Approaches to Risk Governance (CARGO), 2008.
IRGC – International Risk Governance Council 
Klinke, A., & Ortwin, R., A New Approach to Risk Evaluation and Management: Risk-Based, Precaution-Based, and Discourse-Based Strategies, Risk Analysis, Vol. 22 No. 6, 2002, pp. 1071-1094.
Kasperson, J. X., Kasperson R. E., The Social Contours of Risk. Volume I: Publics, Risk Communication & the Social Amplification of Risk. Earthscan, Virginia, 2005.
Kasperson, R. E., Renn, O., Slovic P., Brown, H. S., Emel, J., Goble, R., Kasperson, J. X., Ratick, S., The Social Amplification of Risk: A Conceptual Framework, Risk Analysis, Vol. 8 No. 2, 1988, pp. 177–87.