Health and safety failures rarely happen because people “don’t care.” Most of the time, they happen because systems are weak, responsibilities are unclear, and risk becomes normalised over time. The good news is that the most common mistakes are also the most fixable—once you know what to look for.

Below are the top health and safety mistakes companies make, why they matter, and what better looks like.

Treating Health and Safety as a Tick-Box Exercise

The aim of health and safety management is to protect people indetifying hazards and risks and implimenting measures to eliminate or control those risks. These measures need to be documented as evidence of compliance, but documentation isn’t itself a control measure. 

Health and safety processes become a a “tick-box” exercise when organisations begin to prioritise record of safe work rather than safe work itself. This is known as the “work as imagined” vs. “work as done” gap.

Over time, organisations get very good at demonstrating compliance and quietly accept the gap between work as imagined (in documents) and work as done (in the field). That gap is where serious harm tends to incubate.

For health and safety professionals, the warning sign isn’t missing paperwork—it’s paperwork that doesn’t change anything. 

Time and budget pressures incentivise workers to complete safey documentaion without conducting the necessary checks.

A better approach is shifting from evidence of activity to evidence of control:

  • Controls-first thinking: Start with what must be true on the day, such as isolation, exclusion zones, guarding, ventilation, then make the documentation a reflection of that reality—not the other way around.
  • Operational ownership: Risk control lives with the line. H&S provides capability and challenge, but supervisors and managers must use the process to make decisions: stop, change the plan, add resources, or redesign the task.
  • Field verification: Build routine “control checks” into normal management—short, repeatable checks that confirm critical controls are present and working (not just that a form exists).
  • Learning loops: If assessments and reviews show the same problems repeatedly, it’s a strong signal that the issue is with the workforce. Rather, it’s how the work is designed that pushes work towards operational convenience rather than safe performance.

The practical test is simple: If an auditor removed your documents tomorrow, would the work still be controlled in the same way? If not, the organisation is managing compliance artefacts—not risk.

Inadequate Risk Assessment Processes

Risk assessments are the backbone of prevention. When they’re weak, everything built on top of them—training, supervision, controls, and monitoring—becomes fragile. The most common failures aren’t about format; they’re about quality and ownership.

Copy-Paste Risk Assessments

Templates can help, but “generic” assessments often miss the hazards that actually injure people. A risk assessment should reflect the real task, environment, tools, and people involved. If the document could describe ten different jobs, it probably doesn’t describe yours well enough.

Failure to Involve Frontline Workers

Excluding them creates assessments that look tidy but don’t match reality—especially around shortcuts, workarounds, and tricky conditions. Involving frontline workers also increases buy-in: people are more likely to follow controls they helped shape.

The people at the sharp end are often aware of the risks they face. However, when all that’s communicated is how exactly to do the work (method statements, SOPs), safety gets overridden by conformity as a priority. 

Not Reviewing Assessments After Changes

A workplace can change quickly—new shift patterns, new contractors, different materials, seasonal conditions, or higher workloads. If assessments aren’t reviewed after changes, controls can become irrelevant. A practical approach is to trigger reviews after any of the “4Ms” change: Manpower, Machinery, Materials, Methods.

Insufficient Training and Competency

Training is not the same as competence. Many companies deliver training, collect signatures, and assume the risk is handled. But if people can’t apply what they learned in the real environment, the hazard remains.

One-Off Induction Training Only

Inductions are necessary, but they’re not enough. People forget, habits drift, and tasks evolve. Regular refresher health and safety courses help reinforce standards, update knowledge, and prevent complacency from setting in.

No Verification of Understanding

Attendance doesn’t prove learning. Organisations often miss whether people truly understood the training or can apply it under pressure. Simple checks—short quizzes, practical demonstrations, buddy sign-offs, or on-the-job observation—help confirm competence and identify where extra support is needed.

Training Not Matched to Roles

Generic training can leave role-specific hazards unaddressed. A warehouse picker, lab technician, maintenance engineer, and office worker face very different risks. 

Effective training is targeted: it covers the actual tasks, common failure points, and required controls for that role, whether through in-house programmes or IOSH courses designed for supervisors and managers.

Poor Communication and Reporting Systems

Even the best controls fail if people don’t speak up when something goes wrong. Many organisations unintentionally discourage reporting by making it too complex, slow, or punitive.

Common warning signs include:

  • Employees believe reporting will get them blamed.
  • Reporting takes too long or requires too much detail.
  • Nothing seems to change after issues are raised.
  • Managers see reports as “bad news” rather than “useful insight.”

Better systems make reporting easy and safe. They also close the loop: when someone reports a hazard, they should hear what happened next. That feedback builds trust and increases future reporting—exactly what you want.

Neglecting Contractor and Third-Party Risks

Contractors, temporary staff, drivers, visitors, and suppliers can introduce significant risk—especially when communication and supervision are weak. Many serious incidents involve third parties because responsibilities weren’t clearly defined.

Common mistakes include:

  • Assuming contractors “know what they’re doing” without checking competence
  • Poor induction and site rules briefing
  • No shared method statement or risk assessment alignment
  • Weak supervision or unclear permit-to-work processes
  • Different safety standards between organisations

Managing contractor risk doesn’t require bureaucracy; it requires clarity: who is responsible for what, what standards apply, how work is coordinated, and how hazards are controlled on the day.

Health and safety mistakes are usually signs of system gaps—not individual failure. The companies that improve fastest are the ones that treat safety as a living part of operations: leaders stay involved, risks are reassessed when work changes, competence is verified, reporting is encouraged, and third-party risks are managed with the same seriousness as internal work.