When a serious incident occurs, investigators don’t start by asking who made the mistake.

They start by asking something far more uncomfortable: Was this foreseeable - and if so, why wasn’t it prevented?

For QHSE engineers, the first hours and days after an incident are often when long-standing document and system weaknesses are exposed. Understanding what investigators look for first isn’t about fear - it’s about building defensible, resilient safety management systems.

1. Was the risk already known?

One of the first things investigators examine is whether the hazard was:

• Previously identified

• Mentioned in a risk assessment

• Raised through near misses, audits, or inspections

If a hazard appears in historic documentation but wasn’t adequately controlled, this raises immediate red flags. The UK HSE is explicit that failure to act on known risks is a key factor in enforcement decisions. This is why “we didn’t know” is rarely a strong defence.

2. Are the risk assessments suitable and sufficient?

Investigators scrutinise risk assessments early - not for formatting, but for relevance.

They look for:

• Task-specific hazards

• Controls that match the actual work being done

• Evidence that the assessment reflects site conditions

Generic or copied risk assessments that don’t align with reality are a recurring finding in prosecutions. HSE guidance states risk assessments must be proportionate, task-specific, and kept up to date. A signed document that doesn’t reflect the task provides little protection.

3. Do documents match what happened on site?

One of the most damaging gaps after an incident is the mismatch between:

• Documented controls, and

• Actual work practices

Investigators compare:

• Method statements vs witness statements

• PPE requirements vs what was worn

• Training records vs task allocation

Major incident inquiries repeatedly show that work as imagined (documents) often diverges from work as done. This gap is rarely accidental - it’s usually systemic.

4. Was the system actively managed or passively maintained?

Investigators look beyond the document itself and ask:

• When was it last reviewed?

• What triggered the review?

• Who approved it and why?

ISO 45001 places strong emphasis on continual improvement and active management of documented information. Documents that exist but aren’t meaningfully reviewed suggest a paper system, not a living one.

5. What signals were missed beforehand?

Near misses, minor incidents, audit findings, and informal concerns are all examined for patterns.

Investigators ask:

• Were similar issues raised before?

• Were actions closed or just logged?

• Did the organisation learn - or normalise deviation?

This aligns with James Reason’s “latent conditions” model, widely used in incident investigation methodology. Serious incidents are rarely isolated events.

6. Was responsibility clear - and realistic?

Finally, investigators assess governance:

• Who was responsible for managing the risk?

• Were they competent and resourced?

• Was responsibility reasonable given workload and scope?

Unclear ownership or unrealistic expectations often indicate organisational failure rather than individual fault - but documentation still becomes the evidence trail.

The uncomfortable truth for QHSE professionals

Investigators don’t expect perfection. They expect reasonable foresight, proportional control, and evidence of active management.

The real vulnerability isn’t missing paperwork. It’s paperwork that exists but doesn’t reflect reality - especially when volume makes deep review impossible.

This is why modern QHSE risk isn’t just operational. It’s informational.

Why this matters before an incident - not after

Knowing what investigators look for changes how safety systems should be designed:

• Fewer assumptions

• Better visibility of gaps

• Earlier detection of misalignment

The goal isn’t to predict every incident. It’s to make sure the system can withstand hindsight.