Check out the Healthy Work Community of Practice! Join today and be part of our upcoming knowledge-sharing session.
Menu
Psychosocial Hazards Audit Healthy Work Community of Practice The Wellbeing Protocol Bespoke Solutions Case Studies Blog Resources Training About Us Login
Contact Us

From Assessment to Action: Designing Effective Psychosocial Risk Controls

psychosocial risk principles May 29, 2026
Psychosocial Risk Scenario Designing effective psychosocial risk controls

From Assessment to Action: How to Design Psychosocial Risk Controls That Actually Work

Dr. Georgi Toma | Director, HeartBrain Works | Honorary Research Fellow, University of Auckland

Introduction

Getting a psychosocial risk assessment done is one thing. Knowing what to do with the results is where most organisations get stuck. The gap between a dashboard full of data and a coherent set of controls is where good intentions go to stall, and where legal and human risk quietly accumulates.

This post draws on a recent HeartBrain Works session on designing effective psychosocial risk controls. It works through the HBW Hierarchy of Controls, the challenges practitioners commonly face when moving from assessment to action, and what good control design looks like in practice, using an Emergency Department scenario to make it concrete.

Why designing controls is harder than it looks

Most WHS professionals understand the hierarchy of controls in theory. The challenge is applying it to psychosocial hazards, which are less visible than physical ones, more tangled with culture and management practice, and far easier to address with feel-good interventions that sit at the wrong end of the hierarchy.

The most common mistake is reaching for awareness and individual support controls, training, EAP, wellbeing apps, before doing the harder work of changing the conditions that created the risk. These interventions are not without value, but they cannot substitute for controls that address the source. Using them as a primary response is not compliant with the hierarchy, and it is not effective.

The HBW Hierarchy of Controls

The HBW framework organises psychosocial controls into four bands, from most to least effective.

Band 1 is elimination, removing the hazard entirely so exposure can no longer occur. Every jurisdiction requires you to demonstrate that you considered this option, even when it is not fully practicable. Band 2 is changing the work, redesigning roles, adjusting staffing, restructuring shift patterns, changing how work is managed or resourced. The defining principle here is that you are changing the conditions, not asking workers to adapt to conditions that remain unchanged. Band 3 is building awareness, training managers to recognise and respond to psychosocial risk, educating workers on reporting pathways, developing de-escalation skills. This band supports the controls above it. It must not substitute for them. Band 4 is individual support, EAP, post-incident response, peer support networks, professional supervision. These controls matter, but they should be the last line, not the first.

A combination of controls across multiple bands is almost always required. The question is whether that combination is weighted toward the more effective end of the hierarchy, or whether it is leaning on the least effective controls to do the heaviest lifting.

Putting it into practice: an Emergency Department scenario

To make this concrete, consider a 500-bed metropolitan public hospital in Melbourne. The ED handles around 70,000 presentations a year. In the past quarter alone, nursing turnover hit 28%, double the broader hospital average. Code Grey and Code Black incidents are increasing. Three nurses are on stress leave simultaneously, and three workers' compensation claims for psychological injury have been lodged in the past year.

An HBW psychosocial risk assessment across the ED nursing team returns a dashboard where incivility, work pace, quantitative and emotional demands, work-life balance, role conflict, cognitive demands, change management, bullying, threats of violence, physical violence, harassment, and cyber-bullying are all rated critical. Organisational justice, vertical trust, trauma exposure, and job control are rated high. The picture is severe and systemic.

Focus group analysis identifies six root causes. Access block is the upstream amplifier of everything in the demands cluster, the ED is running above capacity because admitted patients stay too long, mental health beds do not exist, and discharge is delayed. Abuse has become culturally normalised, verbal abuse, intimidation, and unwanted physical contact are no longer reported because they are treated as routine. Nurses are held accountable for patient outcomes but have no authority to refuse service, exclude individuals, or call security without escalating; that mismatch generates moral injury. Recovery time, meal breaks, post-incident debriefing, handover, is routinely eroded by operational pressure. The culture rewards staying late, picking up extra shifts, and not reporting, while taking breaks or leaving on time is framed as not coping. And reporting has broken down: staff have stopped lodging incident reports because past reports went nowhere, the form takes more than 20 minutes of unpaid time, and submitting a report can be used to question a nurse's clinical judgement.

Band 1: Remove what can be removed

The violence hazard in an emergency department cannot be wholly eliminated, that is the nature of the environment. But specific exposures can be. Single-officer triage for known high-risk presentations can be eliminated through a documented dual-staffing protocol. Specific repeat offenders can be removed from face-to-face contact via banning notices and security-supported transfer arrangements. The informal disincentives to reporting can be removed by taking incident reports out of unpaid time and ending any practice where making a report influences a performance review.

These are not aspirational changes. They are decisions that can be documented, implemented, and evidenced to a regulator.

Band 2: Change how the work is structured

For the violence and harassment cluster, Band 2 controls mean physically redesigning the triage station, secure barrier, clear sight lines to security, duress alarms at every workstation. It means creating controlled-access patient zones that allow physical separation from agitated individuals. It means establishing a senior nurse role with no patient load, whose function is to respond to escalating situations and back up triage and treatment teams, removing the expectation that frontline nurses absorb every escalation alone. And it means a hospital-wide behaviour-of-others policy with real, enforced consequences: defined circumstances for refusal of service, trespass notices, agreed police involvement protocols.

For the demands cluster, the most important Band 2 control is patient flow reform, working with bed management, admissions, and wards to address access block at its source, because most of the demands cluster originates there. Rostering changes to cap consecutive shifts and build mandatory recovery time into the roster after Code Black or Grey incidents. Meal breaks and debriefing time scheduled into the shift as non-discretionary. Post-incident debrief, both hot and cold, built into the roster in paid time for any significant incident.

For the work design cluster, clarifying what authority triage nurses actually have, calling security without needing to escalate, refusing service for specific documented behaviours, so that authority is brought into alignment with accountability. And moving to a change management model that consults the affected team and accounts for cumulative change load on a unit that is already running at the edge of its capacity.

Band 3: Build awareness that supports the controls above

Awareness controls are legitimate and necessary, but their function is to support Bands 1 and 2, not replace them. In this scenario, that means de-escalation training refreshed annually with practice-based scenarios rather than a slide deck. Manager training in psychosocial risk. Worker training specifically on reporting pathways and the protections that apply to people who report. Code Black and Grey procedures and drills refreshed frequently enough to remain effective. Communication to patients and families about expected behaviour, both before arrival and through visible signage in the department.

None of these controls addresses the structural causes of what this ED team is experiencing. They become meaningful only alongside the work being done in Bands 1 and 2.

Band 4: Support the people who have been harmed

Individual support controls matter in an environment like this one, where harm has already occurred and is ongoing. EAP that is actually accessible, and that is visibly used by senior staff so uptake is not stigmatised. A structured peer support program with trained peer responders available across all shift patterns. Professional supervision for nurses with sustained exposure to traumatic incidents. A return-to-work program that accounts for the specific challenges of psychological injury, gradual reintegration, role accommodation, and managers who have been trained to support that process.

These are the controls that catch people when the system has not yet prevented the harm. They are not sufficient on their own. They are part of a complete response.

What the hierarchy is really telling you

Working through a scenario like this one makes the hierarchy's logic visible. The EAP was probably already in place before the assessment. The training probably existed in some form. What was missing was everything higher up: the structural changes, the authority that matches accountability, the recovery time that is not treated as a luxury, the reporting system that does not punish people for using it.

Good control design starts by understanding the root causes, clusters the risks that share those causes, and then works down the hierarchy, allocating the most effort and investment to controls that change the conditions, and treating awareness and individual support as what they are: necessary but insufficient.

If your psychosocial risk controls are weighted toward the bottom of the hierarchy, the question is not whether more training would help. The question is what is driving the risk, and what would need to change about the work itself for that risk to reduce.

If you would like support navigating any of these priorities,, we are to help. Get in touch with us! 

About the Author 

Dr. Georgi Toma is the Director of HeartBrain Works and an Honorary Research Fellow at the University of Auckland. With over a decade of experience in psychosocial risk, occupational stress, and culture interventions, Georgi has supported high-profile clients including Myer, RMIT University, Uber, Hitachi Energy, Clough Group, MEC Mining, and Environment Canterbury to create mentally healthy workplaces. HeartBrain Works offers validated psychosocial risk audits, training for leaders and staff, and the scientifically validated Wellbeing Protocol. 

About the Healthy Work Community of Practice 

The Healthy Work Community of Practice is a professional community for health and safety professionals. Members access quarterly knowledge-sharing sessions, a psychosocial risk controls library, real-world case studies, regulatory alerts, practical toolkits, a job board, research summaries, and ongoing training and workshops. Intake opens three times per year. To learn more, visit https://www.heartbrainworks.org/Healthy-Work-CoP 

Subscribe to get notified about our free monthly workshops.
Subscribe