If you’ve worked in HSE in Malaysia long enough, you’ve written these three findings:
Procedure not followed. Inadequate supervision. Lack of training.
You’ve read them in other people’s reports. You’ve sat in CIPA meetings where those findings were accepted, CAPAs were assigned, and everyone moved on. Twelve months later, you’re in the same meeting after a similar incident.
These findings are almost always true. And they are almost always incomplete.
Why Standard Findings Don’t Drive Real Change
“Procedure not followed” tells you what the worker did. It doesn’t tell you why the procedure was worth bypassing — whether it was outdated, unworkable under actual production conditions, or simply never enforced. That’s a different management system.
“Inadequate supervision” tells you the oversight failed. It doesn’t tell you whether supervision was even defined for that specific task, or whether the supervisor’s workload made real oversight structurally impossible. That’s another management system.
“Lack of training” tells you the worker wasn’t prepared. It doesn’t tell you who was accountable for ensuring they were, or why the competency gap wasn’t caught before they were deployed on the task. That’s a third management system.
These findings describe symptoms. They don’t name systems. And because they don’t name systems, they can’t identify who in the organisation owns the problem — or what specifically needs to change.
The 11 Basic Risk Factors in Tripod Beta
Tripod Beta is a systemic incident investigation methodology built around 11 categories of management system failure — called Basic Risk Factors (BRFs). When an investigation uses the BRF framework, it doesn’t stop at “inadequate supervision.” It classifies that finding under the Supervision BRF, names the supervision system specifically, identifies who owns it, and generates a corrective action that addresses the system rather than the individual.
Under OSHA 1994 and the OSH (Amendment) Act 2022, Malaysian employers are accountable for every one of these management systems. The BRFs give you a structured way to see which one broke.
1. Hardware
Physical equipment not fit for purpose. The tool, machine, or piece of equipment didn’t do what it was supposed to do — whether because of a manufacturing defect, wear, or selection of the wrong equipment for the task.
2. Design
Tasks or systems designed in a way that creates risk. The work was set up so that the safe way to do it was harder than the unsafe way — a sign that the task design itself was flawed.
3. Maintenance Management
Keeping equipment in safe operating condition. The maintenance system — scheduling, verification, priority-setting — allowed equipment to deteriorate to a point where it failed or contributed to an incident.
4. Procedures
The quality and usability of documented work standards. The procedure existed but was outdated, unclear, impractical, or not aligned with how work was actually done on the ground.
5. Training
How competency is developed, verified, and maintained. Workers were signed off as competent when they weren’t — because the training system had no effective mechanism for verifying that competency was real and current.
6. Supervision
How operational oversight is exercised in practice. Supervisors weren’t in a position to see what was happening, weren’t expected to verify conditions, or had normalised non-compliance to the point where it was no longer flagged.
7. Communication
How critical information flows across shifts, teams, and functions. Safety-critical information didn’t reach the people who needed it — because of shift handover gaps, language barriers, information silos, or missing escalation channels.
8. Incompatible Goals
Production, cost, and safety targets pulling in opposite directions. The organisation’s metrics and incentives made the safe option the slower or more expensive choice — so workers and supervisors consistently chose the faster or cheaper route.
9. Organisation
How roles, responsibilities, and accountabilities are structured. Nobody was clearly accountable for the system that failed — or the person who was accountable didn’t have the authority or resources to manage it effectively.
10. Change Management
How changes to process, people, or equipment are controlled. A change was made — to a process, a team structure, a piece of equipment, or an operating condition — without adequately assessing its safety implications.
11. Defence
The barrier system itself. The barriers designed to prevent the incident or limit its consequences were not in place, were not functioning, or were not adequate for the hazard they were supposed to control.
From Finding to Fix: How BRFs Change the Corrective Action
The power of the BRF framework is in the specificity it forces. When the investigation classifies a finding under the Supervision BRF, the next questions become: which specific supervision practice failed? What was the supervisor actually responsible for verifying? Who in the management chain owns that supervision standard?
The corrective action then goes to the right person — the one with the authority to change how supervision is exercised for that task type. Not to HSE to run a refresher course.
Under the OSH (Amendment) Act 2022, directors and senior managers in Malaysia face personal liability for safety failures in their operations. The BRF framework makes visible exactly which management systems they are accountable for — and which ones need to change after an incident.
The Most Common BRFs in Malaysian Incidents
Based on industry experience across Malaysian oil and gas, manufacturing, construction, and plantation sectors, the BRFs that appear most frequently are Supervision, Procedures, and Incompatible Goals — often in combination. The Incompatible Goals BRF is particularly underidentified: production pressure is rarely named as a contributing factor in incident reports, even when it was the primary driver of the decision that led to the incident.
Learn to Use the BRF Framework in Your Investigations
Tripod Beta training in Malaysia covers the full BRF classification system — including how to identify which BRF applies, how to distinguish between multiple contributing BRFs, and how to generate corrective actions that target the right management system. Delivered by Asyraf Khalil, Malaysia’s only accredited Tripod Trainer (Energy Institute UK and Stichting Tripod Foundation).
Learn more about Tripod Beta Incident Investigation Training →
Or contact us to discuss in-house delivery for your team.