Why is a Health and Safety Risk Assessment Important?

Risk management is a framework of principles, practices and criteria for implementing best practice in managing environmental and occupational health and safety risks.

There are 3 basic types of Risk Assessments:

1. Baseline Risk Assessment

In order to find out how they stand with regard to health and safety risk, employers
need to ask these questions:

• What are the major risks?
• What are the immediate priorities?
• What is the existing risk control system?

The following needs to be kept in mind:

• This risk assessment must be comprehensive.
• It must provide the broad picture.
• It may lead to more in- depth risk assessments.
• It needs to be reviewed periodically.

2. Issue-based Risk Assessment

This assessment is done whenever there is a change in the workplace, for example:

• New product to be manufactured.
• New procedure or system of work.
• Specific hazards to be assessed.
• After a near miss incident has occurred.
• New knowledge regarding a substance comes to light.
• New machinery.

3. Continuous Risk Assessment

This entails continuous monitoring of conditions in the workplace by means of audits, inspections, pre-use checklists, task observations, etc. This is the most important form of risk assessments and should mainly be conducted by supervisory staff.

Risk management, like many aspects of occupational health and safety is a team effort and requires everyone employer and employee to come together to keep the workplace risk free. To have an effective risk management culture means developing a proactive approach in which people work together to identify potential problems and remove them before any loss occurs. To implement risk management throughout an organization, risk management programmes must be established at each level.

The risk management process is as follows:

1. Communicate and consult

The processes used to establish the context, identify, analyse, valuate, treat, monitor and review the risks must be systematic and involve consultation with employees, contractors and other stakeholders so that everyone has confidence in the outcomes. With regards to OHS risk management, this step is generally mandated by legislation.

2. Establish the context

In this preliminary step, information is gathered and an OHS Risk management programme planned. It sets the scene for the way risk is managed. The broad strategic position of the organization is considered. This involves identifying why the organization has adopted risk management, viewing the risks in the organizational context of culture, values, business needs, etc. and addressing the background of OHS risk in the workplace. Stakeholders are identified and communication and consultation policies are defined. OHS risks to the environment and to employees are one of many types of risks that an organization must manage. The links between OHS risks and other risk areas need to be established.

3. Identify Risks

A task risk assessment looks at all the activities performed in the organization. For each activity, hazards are identified by considering the risk that might exist and what might go wrong to cause injury, ill health or fatalities. The TRA process requires the following:

• Identification of hazards associated with the steps involved in each principle activity.

• Assessment of the level of risk associated with the identified hazards.
• Developing risk control strategies to eliminate or reduce the level of risk associated with each principle task.

4. Risk Control Plan

A risk control plan is an action plan that sets out how the safety, health and environmental (SHE) risks that were identified in a risk assessment will be eliminated or controlled. Risk control plans are developed from risk assessments.

Risk control plans could include a list of:

• Hazards identified
• Risks associated with the identified hazards
• Existing risk controls
• Proposed short-term controls (including proposed completion dates)
• Proposed medium term controls (including proposed completion dates)
• Proposed long-term controls (including proposed completion dates)
• Person(s) responsible for implementing controls
• Resources required for implementing controls
• Proposed review date and/or review when change occurs

The PEMEEL principle enables the assessor to list the activity.

• PEOPLE:  Tasks
• EQUIPMENT:  Plant and equipment
• MATERIAL:  Chemicals, substances, raw materials
• ENERGY:  Electricity, gas, steam, wind, etc.
• ENVIRONMENT:  Ground, air, water and waste
• LEGAL:  All relevant legislation, standards and bylaws

All the above information is listed on a capturing tool.

5. Analyse Risks

Analyse risks in terms of consequence and likelihood within the context of existing controls. Note that “within the context” may also include deliberate evaluation of risk without controls. A range of consequences may be considered, and consequence, probability and exposure are combined to produce an estimated level of risk. Risk analysis may involve the use of qualitative, semi qualitative or quantitative techniques.

6. Evaluate Risks

Levels of risk may be compared with pre-established criteria of acceptability such as may be found in standards or codes of practice and a decision is then made about whether action is needed. Risks that require treatment or action can then be ranked to decide which ones to deal with first. Once you have ranked the risks identified, you will have to decide what to do about them, i.e how you will treat them.

7. Treat Risks

Risk treatment involves identifying the range of options for dealing with the risk, deciding on the best course of action, preparing a plan, implementing it and defining how it will be monitored. In the OHS context risk must be made as low as reasonably practicable following the “hierarchy of controls”.

8. Monitor and review

Risks and the risk management process should be subject to regular reviews. Also, when factors occur that are likely to affect the degree of risk or the context, risk management must be reviewed. Such factors include changes in materials, work location, processes or methods. In addition there may be specific legislative requirements related to the type or frequency of monitoring and review activities such as safety inspections and audits.

Few OHS risks remain static and additional information comes to light as time proceeds so the whole risk management cycle needs to be repeated regularly. Repeating the risk management process with increasingly rigorous acceptability criteria also promotes continual improvement in managing risks.

Application of the risk management process

Risk management could be applied at all levels in an organization.

1. Strategic Level

Strategic level OHS risk management commonly involves considering how OHS issues might affect the overall business, its mission and objectives – i.e. risk to an organization from E & OHS – related issues. Application of OHS risk management at the strategic level might include:

• Creating and updating the organizations OHS policy and management system.
• Undertaking strategic planning for the organization, using a risk-based Approach.

• Incorporating risk management concepts and processes into an OHS management system.

• Setting of OHS risk acceptance criteria (generally with current legislation and statutory requirements as the minimum standard).

• Overall OHS risk management for the purpose of good corporate governance.
• Ensuring that community expectations are satisfied.

2. Operational Level

Operational risk management is linked to the day-to-day activities of an organization, where decisions are continually being made from moment to moment.
Application of OHS risk management at the operational level might include:

• Conducting a preliminary review of OHS risks to define broad areas of OHS risk or areas of the organization which need priority attention.

• Managing specific risks to workers at a workplace.
• Managing OHS risks within a specific project or area
• Selecting between different processes or equipment on the basis of OHS risks.
• Planning new projects to achieve objectives while minimizing OHS risks.
• Ensuring emergency plans deal with the possible repercussions of an unwanted incidents.

• Determining conformance with regulatory or organizational risk acceptance criteria or standards.

• Providing information to aid in OHS reporting.

Communication and Consultation

Effective two-way communication together with timely reporting is essential to the management of OHS.  These are important parts of each step in the risk management process and may be legally required. An organization should have procedures for ensuring that the relevant OHS information is communicated to all the people who need it. This requires making arrangements for determining information needs and ensuring that these needs are met.

The concept of consultation is based on the recognition that the employee and other stakeholder input matters.

The elements of consultation

• Sharing relevant information about OHS and welfare with employees, contractors and visitors.

• Giving employees the opportunity to express their views and contribute to the resolution of OHS and welfare issues in a timely fashion (i.e. before decisions are made).

• Valuing the views of stakeholders taking them into account.

Consultation with employees should occur when:

• Changes which may affect OHS are proposed to work premises.
• Systems and methods of work change.
• Plant or substances used for work change.
• Risk to OHS are assessed.
• Decision are made about measures to eliminate or reduce risk.
• Introducing or changing procedures for monitoring risk.
• Decisions are made concerning facilities for employee welfare.
• Decisions are made about consultation procedures.
• New information becomes available.

In order to ensure that proper consultation takes place, the employer should adopt a systematic approach to decision making about OHS welfare. This means having a planned rather than ad hoc approach to addressing issues that may affect employee safety, health and welfare.

Consultation mechanisms could include:

• An OHS committee or committees.
• An OHS representative or representatives.
• Other arrangements agreed between employer and employees, e.g. toolboxmeetings.

• Strategies for appropriate communication with other people where a responsibility for health and safety exists, e.g. visitors and contractors and, for some workplaces, members of the public.

In general, communication procedures should:

• Provide the opportunity for stakeholders to have input at each stage of the process as appropriate

• Determine the nature of information to be shared
• Determine the media to be used (e.g. written material, video, etc.)
• Include a mechanism, for determining whether or not the communication is effective

Documentation and records

It is important that OHS risk management is adequately documented for the purpose of auditing. Documentation is necessary as good management practice, because it is essential to communicate about risks and their control and in order to demonstrate due diligence in OHS risk management.

Documentation must be subject to control to ensure that it is

• Current
• Readily available (those people who need to know its location must be able to find it)

• Regularly updated

Some organizations may find an electronic database system useful, particularly where there are many hazards and risks.

Typical records may include:

• A risk management policy or risk management incorporated into the OHS Policy.

• Documented responsibilities.
• A register of hazards and risks.
• A description of the methods used for identifying hazards.
• A description of methods by which risks were analysed and evaluated  (including assumptions made and the reasons why any risks were considered negligible and accepted).

• Data from workplace or health monitoring.
• Rationale for the selection of a particular risk treatment strategy.
• Risk treatment plans detailing responsibilities, the schedule and the mechanism of monitoring the risk treatment programme.

• Actions taken to treat risks.
• Safe operating procedures.
• Incident and injury registers.
• Inspection and audit documents.
• Results of audits and reviews.

A risk assessment is never complete and could manifest in a normal day to day activity like driving a vehicle or more formally, in the form of a regulated risk assessment as required by the various Acts.