When numbers lie, the world believes them, and reality denies them

Engr. Khalid Al-Ajmi | Updated: 10 March 2026

In the world of risk management, "Heinrich's Pyramid" is frequently cited as the bedrock of modern safety theories. But what if this pyramid was built on flawed figures? What if the legend we were taught about the relationship between minor and major accidents is nothing more than a convenient myth?


The Origin: Herbert Heinrich and His Famous Triangle

In the 1930s, Herbert William Heinrich introduced a model that became a landmark in occupational safety. He stated a simple ratio:

"For every 1 fatal accident, there are 29 minor injury accidents and 300 non-injury incidents."


This simple numerical model gained massive popularity. It was adopted as the foundation for preventive policies in workplaces, particularly in factories and engineering sites.


However, the surprise lies in the fact that Heinrich did not rely on rigorous statistical data. Instead, he gathered observations from poorly documented reports, mostly from employees untrained in data collection. There were no peer reviews or in-depth field studies to confirm these ratios. In other words, the numbers lied... and we believed them.


Problem vs. Risk: Understanding the Fundamental Difference


To navigate this correctly, we must distinguish between a "Problem" and a "Risk."

  1. A Problem is an event that has already occurred and requires a solution (Reactive).
  2. A Risk is the probability of an undesired event occurring in the future (Proactive).

Dealing with a problem means response and repair, while risk management requires anticipation, analysis, and preparation. Confusing the two is common, but it often leads to flawed decision-making.


Beyond Heinrich: Modern Analytical Tools


As management thought evolved, more realistic and systematic analytical tools emerged:

  1. SWOT Analysis: Assessing Strengths, Weaknesses, Opportunities, and Threats to evaluate strategic positioning.
  2. PESTEL Analysis: Studying Political, Economic, Social, Technological, Environmental, and Legal factors.
  3. Risk Matrix: Mapping the relationship between the probability of an event and its impact.
  4. FMEA/MFEA (Failure Mode and Effects Analysis): A powerful tool for identifying potential failure points in a system and assessing their severity.

Practical Application: A Risk Management Plan for a Bank Project


Suppose you are overseeing the construction of a new branch for a major institution, such as Al Rajhi Bank . How do you initiate a risk management plan?

  1. Risk Identification: Supply chain delays, design errors, electrical failures, onsite accidents, or non-compliant subcontractors.
  2. Risk Analysis: Using the Risk Matrix to evaluate each risk based on its likelihood and impact.
  3. Response Planning:
  4. Avoidance: (e.g., switching to pre-verified alternative suppliers).
  5. Mitigation: (e.g., enhancing safety measures and rigorous training).
  6. Transfer: (e.g., through comprehensive insurance policies).
  7. Acceptance: (if the potential loss is within manageable limits).
  8. Monitoring and Control: Continuously tracking, evaluating, and adjusting the plan.

Lessons Learned: Numbers Are Not Sacred; Skepticism is a Virtue


The goal of this article is not to demolish Heinrich’s legacy, but to re-examine it with a critical eye. Criticism and healthy skepticism are the foundations of reaching the core of the truth.

The world is changing, and today’s data is more accurate than ever. We must constantly reassess what we perceive as "facts," especially when those facts form the basis for decisions involving human lives and vital resources.

Risks are not managed by impressions... they are managed by understanding and realism.


Share this article