Risk normalization: 5 cracks that turn drift into routine

Across more than 250 cultural transformation projects in 30+ countries, Andreza Araujo has seen the same failure repeat: a shortcut survives long enough to feel normal, which is why risk normalization is so dangerous. The field still looks familiar, but the control that once required attention now runs on habit.

James Reason''s latent failure model explains part of that pattern, because weaknesses can sit quietly until the worksite loads them. In The Illusion of Compliance, Andreza Araujo makes the same point from a practical angle: what happens when nobody is watching tells you more than the tidy version on paper.

Why risk normalization is not the same as maturity

A routine only becomes mature when it still deserves scrutiny. When the same shortcut is repeated often enough, it stops feeling like a shortcut and starts looking like the work itself, which is exactly why leaders who only inspect the routine can miss the moment where risk first became acceptable.

The site whose supervisors have stopped asking for proof is already normalizing drift, even if the dashboards stay green. That is the trap, because the organization still believes it is disciplined while the field has quietly rewritten the rule.

If you want the proof lens behind this table, read Barrier Assurance Explained. It shows how a control can look complete while its field condition has already drifted away from the assumption in the register.

1. Repetition hides change

Repetition is useful only when the conditions stay the same. A lockout, permit, rescue plan, or line check can look routine on Monday and behave differently on Wednesday, where a new crew, a late delivery, a tool substitution, or a tired supervisor changes the actual risk profile.

The task whose steps never change is often the task where no one has asked whether the work changed around it. That is why routines deserve periodic challenge, because the field is never as static as the spreadsheet that describes it.

Andreza Araujo has spent 25+ years in executive EHS work, and the practical lesson is simple: if the evidence is old, the control is old. A recurring task should trigger fresh questions, not automatic trust.

2. Exceptions lose their label

Most normalization starts with one deviation that people are told to treat as harmless. The first exception is defended as temporary, the second is copied, and the third becomes the local method, which is why the exception that once felt small can become the most dangerous part of the system.

A site whose exceptions are repeated under different names is already teaching the crew that the rule can flex. Once that lesson takes root, the team stops seeing the difference between a controlled adjustment and a quiet redesign of the work.

That is the point where Safety Culture: From Theory to Practice becomes practical rather than decorative, because culture is not the banner on the wall. It is the pattern of what gets tolerated when the work is under pressure.

3. Green dashboards train tolerance

Green dashboards are useful only when the green still means what leaders think it means. A chart whose cells are based on old checks, incomplete follow-up, or thin definitions can make drift look like stability, and the longer that happens, the more the organization learns to trust appearance over evidence.

If the dashboard is green while the field is making exceptions, the metric is teaching tolerance. Leaders should ask whether the number reflects control or merely paperwork, because a number can be current without being meaningful.

This is where the internal article on How to Run a Field Proof Walk in 8 Steps helps, since the walk forces a direct answer at the point where the hazard exists. A dashboard may guide attention, but only the field can prove the claim.

4. Supervisors stop asking for evidence

Supervisors carry the first line of defense, so risk normalization usually shows up as a change in the questions they no longer ask. The checklist still gets completed, but the conversation about what changed, what failed, and what needs proof starts to disappear.

The supervisor whose only evidence is a form has already accepted a lower standard, even if the form looks complete. This is why the question matters so much, because the question reveals whether the leader is still thinking or only confirming.

In more than 250 cultural transformation projects, Andreza Araujo has seen that field proof survives only when leaders keep asking for it. Silence is rarely neutral. In practice, silence means the system has trained people to stop looking closely.

5. Decision rights stay vague

Normalization grows when nobody is sure who can stop the work. If the supervisor waits for the manager, the manager waits for EHS, and EHS waits for maintenance or engineering, the shortcut stays alive because responsibility has no sharp edge.

That kind of ambiguity is dangerous because the team keeps moving while the decision is still floating. The person who should own the pause is not always the highest title in the room, but someone has to own it, and everyone else has to know who that is.

James Reason''s work is useful here, since latent weaknesses in decision rights often stay hidden until the system is under load. The control looks present, but the hand that should close the gate is unclear, which is exactly where drift survives.

6. What leaders should change this month

The next 30 days should not start with a slogan. They should start with three routines that have become too familiar to question, because that is where normalization has already begun to harden.

• Name the three work routines where people say, "we always do it this way," and ask what changed around them.
• Pick one exception log, one permit, and one dashboard line, then compare each against the actual field condition.
• Assign a single owner who can stop, escalate, and restart the work without waiting for a chain of approvals.
• Recheck the result in the field before the next shift turns the same shortcut into policy by repetition.

For a deeper control lens, pair this with Risk Management: 6 Decisions That Turn Control into Theater. The two pieces together show how weak control language and familiar shortcuts reinforce each other.

FAQ

What is risk normalization?

Risk normalization is the process by which a shortcut, deviation, or weak control becomes so familiar that the team stops seeing it as unusual. The danger is not only the act itself, but the loss of sensitivity that follows.

How can a supervisor spot it early?

Look for repetition without challenge, exceptions without names, and decisions that nobody can own quickly. If the same workaround keeps returning, the routine may be training the team to accept more risk than it should.

Is every routine a problem?

No. A routine becomes a problem when it no longer deserves trust. Stable work can still be safe, but stable work should still be checked whenever the crew, the task, or the exposure changes.

What should leaders do first?

Start with one high-risk routine, then ask for field proof, a named owner, and a fresh review of the exception trail. That first review usually shows whether the problem is a one-off or a pattern.

Which Andreza Araujo resource fits best here?

The Illusion of Compliance is the closest book lens, because it asks what the system really does when nobody is watching. On Headline Podcast, the same question comes back through leadership and control conversations.

What to do next

If this pattern sounds familiar, use the next leadership review to challenge one routine that has become too comfortable. Then read How to Run a Field Proof Walk in 8 Steps and compare the answer with what the field shows.

For the broader leadership angle, go to Headline Podcast and use the episode archive as a pressure test for your own assumptions. The goal is not to make the work look tidy. The goal is to keep the control honest before the routine turns drift into policy.