Is risk assessment really scary for food companies?


With risk-based approaches for food safety management promoted for 20-plus years now (even in the industry context - see a seminal book in the field), one might have thought that the food industry would grab the benefits with both hands. Apart from the big corporates, why is this not happening? I have some theories but would like to hear from others on this. When I became a consultant a couple of years ago, I was excited at the prospect of using my microbiological risk assessment expertise in what I hoped would be the faster moving and more innovative environment of the core food manufacturing and retail sectors. I thought that the competitive advantages  that I had helped Unilever derive from using risk-based approaches, would be even more applicable in smaller businesses hungry for the edge over competitors. Applications such as:

- Support for innovative product and process design, decision-making on acceptable risk - Optimisation of thermal processing, for quality benefits and energy use reduction - Cost-effective risk management, including the removal of unnecessary microbiological and challenge testing costs - Quicker and more robust supply chain incident management

Despite many years of beating the drum as an evangelist for the practical application of risk-based tools and approaches, neither colleagues nor I seem to have made much headway with smaller companies. This shows in my client base, which consists almost exclusively of bigger corporates and governments/inter-governmental organisations. While I am of course happy to help them, I really believe unlocking potential for smaller companies to adopt similar approaches will benefit them, the economy and the health of their consumers.

I’ve come up with the following list of potential explanations of why this isn’t happening, but I’d like to hear from anyone who has ideas on this and also on ideas to change the status quo:

  • Everyone is too busy plugging holes and ensuring the next audit is passed to step back and think more strategically
  • The terminology is confusing; “risk assessment” applies to so many areas that it’s not clear what people are talking about (a good friend and colleague, Alejandro Amezquita, suggested I should stop going on about ‘risk assessment’ and say ‘risk-based’
  • I do that now but it can also generate head-scratching)
  • There is still the perception that “risk assessment is what governments do, industry does HACCP”
  • There is a perception that risk assessment requires complicated (and expensive) models - The benefits and approaches to apply are not known widely enough
  • Regulators, especially at the more local level, don’t understand ‘risk-based’ approaches and stick to prescriptive requirements
  • The concept of ‘risk’ is too difficult (scary?) to assimilate in safety decisions; we want to believe in ‘zero risk’.

Do any of these ring a bell, or am I off the mark here? I would love to hear your opinions.

John Bassett

John Bassett Consulting Ltd, 19 Devon Road, Bedford, MK40 3DJ, United Kingdom