top of page
Search

Psychosocial risk is an operational risk - Thresholds, ownership and governance under SAM and ISO 45003

  • CC
  • Feb 17
  • 2 min read

You don’t have a culture problem.You have an ungoverned risk surface.

In many organisations, psychosocial risk is described as:

  • Engagement

  • Leadership style

  • Wellbeing

  • Climate

But operational risk is not defined by experience.It is defined by governance.

Operational risk requires:

  • A structured signal surface

  • Clear thresholds

  • Named ownership

  • Clear escalation logic

  • Fixed review cadence

If these elements are missing, it is not a culture issue. It is unmanaged exposure.


What Operational Risk Means

Operational risk is exposure that can:

  • Affect delivery

  • Reduce performance

  • Increase absence

  • Create legal risk

  • Undermine strategic execution

What matters is not the topic.What matters is whether the organisation has built governance around it.

Risk without thresholds is interpretation.Risk without ownership is responsibility diffusion. Risk without cadence is drift.


Thresholds, ownership and governance under SAM and ISO 45003

Why Psychosocial Risk Qualifies

Psychosocial conditions affect:

  • Cognitive load

  • Conflict levels

  • Decision-making capacity

  • Staff turnover

  • Managerial burden

Under SAM (Systematic Work Environment Management), employers must systematically investigate, assess and address work environment risks — including organisational and social factors.

ISO 45003 clarifies that psychological health and safety must be managed within occupational health and safety management systems.

Yet many organisations stop at measurement:

  • Surveys

  • Workshops

  • Training

Measurement is not governance.

Governance begins when signals are linked to thresholds, ownership and follow-up.


The Minimum Governance Structure

To treat psychosocial exposure as operational risk, an organisation must be able to answer:

  • What constitutes elevated exposure?(Clear decision boundaries.)

  • Who is accountable at role level?(Named responsibility, not generic delegation.)

  • What happens when exposure increases?(Predefined response logic.)

  • When is it reviewed again?(Structured cadence.)

Without these components, the organisation relies on judgement rather than control.


What SAM and ISO 45003 Provide — and What They Don’t

They provide:

  • Obligation

  • Structural direction

  • Conceptual clarity

They do not provide:

  • Calibrated thresholds

  • Clear ownership structures

  • Control architecture

  • Designed governance cadence

These must be developed within the organisation’s operating model.


The Governance Gap

If psychosocial initiatives do not result in:

  • Clear decision boundaries

  • Role-level accountability

  • A visible follow-up loop

Then they are advisory, not operational.

Psychosocial risk becomes operational risk the moment it can affect performance or legal responsibility.

At that point, governance — not interpretation — is required.


From Conversation to Steerability

When psychosocial exposure is governed structurally, it becomes:

  • Traceable

  • Accountable

  • Reviewable

  • Visible to leadership

This is not about stronger language.It is about structural clarity.

Culture matters.Governance decides.

If you want to see how psychosocial risk can be structured as operational exposure within a leadership and board context, explore GATE™ at Change Collective.

Risk that cannot be steered is not managed. It is endured.



 
 
 

Comments

Change Collective ® : the premium standard for sustainable organizational resilience

info@changecollective.se

Phone   

+46 10 173 40 03

Follow us on: 
  • Instagram
  • LinkedIn

©2023 by Change Collective 

bottom of page