A risk assessment is a process that involves identifying, analysing, and controlling hazards and risks present in a situation or a place.
It is performed by a competent person and aims to determine which measures should be put in place to eliminate or control those risks.
The process also specifies which risks should be prioritised according to the level of likelihood and impact they have on the business.
Risk assessment is one of the major components of a risk analysis, which is an ongoing process that gets updated when necessary.
Risk communication is the process of exchanging information and opinions on risk with concerned parties.
Risk management is the proactive control and evaluation of threats and risks to prevent accidents, uncertainties, and errors.
Together with risk assessment, these are all vital elements that help make informed decisions such as mitigating risks.
Why it is important to have a risk assessment plan?
A risk assessment is crucial in dangerous working environments because it helps identify potential hazards and risks that could cause harm to employees.
By identifying these risks, employers can take steps to eliminate or control them, reducing the likelihood of accidents and injuries.
Risk assessments are also important for ensuring compliance with health and safety regulations. Under the Management of Health and Safety at Work Regulations 1999, employers are required by law to protect their employees from harm.
By conducting a risk assessment, employers can demonstrate that they have taken steps to comply with these regulations and ensure the safety of their employees.
Risk analysis frameworks
A risk analysis framework is a systematic approach to identifying, assessing, and managing risks. It is a process that helps organisations and individuals identify potential risks and develop strategies to manage them. The framework typically involves several steps, including:
Identifying the risks: This involves identifying potential risks that could impact the organisation or individual.
Assessing the risks: This involves analysing the risks to determine the likelihood and impact of each risk.
Managing the risks: This involves developing strategies to mitigate the risks and reduce their impact.
Monitoring and reviewing the plan: This involves regularly monitoring and reviewing the risk assessment plan to ensure that it remains up-to-date and effective.
There are many different types of risk analysis frameworks, each with its own unique approach and methodology. Some of the most common frameworks include the ISO 31000, COSO ERM, and NIST SP 800-30 frameworks.
When should you perform a risk assessment?
According to the Health and Safety Executive (HSE), risk assessments should be performed when there are changes in the workplace that could affect the level of risk.
For example, when new processes or steps are introduced in the workflow, changes are made to the existing processes, equipment, and tools, or new hazards arise.
It is also important to note that risk assessments should be reviewed regularly, especially if there are any changes in the workplace that could affect the level of risk.
Identify the risks
How to identify the risks
When conducting a risk assessment, there are several ways to identify risks. Here are some common methods:
Speak to employees: Employees may be aware of hazards that are not immediately obvious to you.
Observe tasks: Observe the tasks carried out by employees to identify potential hazards.
Check records: Check accident, near-miss, and ill-health records to identify patterns and trends.
Read instructions: Read instructions for tools and equipment to identify potential hazards.
Check safety data sheets: Check the information contained within safety data sheets for hazardous substances.
By using these methods, you can identify potential hazards and risks that could cause harm to employees or others.
Once you have identified the risks, you can take steps to eliminate or control them, reducing the likelihood of accidents and injuries.
Examples of risks to consider
Here are some examples of risks that should be considered when conducting a risk assessment:
Physical hazards: These include hazards such as slips, trips, and falls, as well as exposure to harmful substances or radiation.
Ergonomic hazards: These include hazards such as repetitive motion injuries, poor posture, and improper lifting techniques.
Psychological hazards: These include hazards such as workplace violence, stress, and harassment.
Environmental hazards: These include hazards such as extreme temperatures, natural disasters, and pollution.
Equipment hazards: These include hazards such as malfunctioning equipment, electrical hazards, and inadequate safety guards.
These are just a few examples of the types of risks that should be considered when conducting a risk assessment.
Assess the risks
What are the 5 steps of risk assessment?
According to the Health and Safety Executive (HSE), risk assessment is a step-by-step process for controlling health and safety risks caused by hazards in the workplace. The following are the steps needed to manage risk.
Identify hazards: Look around your workplace and think about what may cause harm. Take account of non-routine operations, such as maintenance, cleaning, or changes in production cycles. Think about hazards to health, such as manual handling, use of chemicals, and causes of work-related stress. For each hazard, think about how employees, contractors, visitors, or members of the public might be harmed.
Assess the risks: Once you have identified the hazards, decide how likely it is that someone could be harmed and how serious it could be. This is assessing the level of risk. Decide who might be harmed and how, what you’re already doing to control the risks, what further action you need to take to control the risks, who needs to carry out the action, and when the action is needed by.
Control the risks: Look at what you’re already doing, and the controls you already have in place. Ask yourself: can I get rid of the hazard altogether? If not, how can I control the risks so that harm is unlikely? If you need further controls, consider redesigning the job, replacing the materials, machinery or process, organising your work to reduce exposure to the materials, machinery or process, identifying and implementing practical measures needed to work safely, providing personal protective equipment, and making sure workers wear it.
Record your findings: If you employ 5 or more people, you must record your significant findings, including the hazards (things that may cause harm), who might be harmed and how, and what you’re already doing to control the risks.
Review the controls: Review your risk assessment and revise it if necessary. You should review it regularly, especially if there are any changes in the workplace that could affect the level of risk.
Examples of how to assess the risks
Here are some examples of how to assess the risks using the 5 step risk assessment plan for a chemical manufacturing company:
Hazard identification: A company that manufactures chemicals must identify the hazards associated with the chemicals they produce. They must consider the potential for fire, explosion, and toxicity.
Risk assessment: Once the hazards have been identified, the company must assess the risks associated with each hazard. They must consider the likelihood of an incident occurring and the severity of the consequences.
Risk control: The company must then implement measures to control the risks. This may include engineering controls, administrative controls, or personal protective equipment.
Monitoring and review: The company must monitor the effectiveness of the controls and review the risk assessment regularly to ensure that it remains up-to-date.
Documentation: The company must document the risk assessment process, including the hazards identified, the risks assessed, the controls implemented, and the results of monitoring and review.
Accept the risk: This strategy involves accepting the risk because it has a low impact or low likelihood of occurring. For example, if the risk were to occur, it could be managed using well-known and repeatable actions, or the risk has such a low probability of occurring that it is a risk worth taking.
Avoid the risk: This strategy involves avoiding the risk entirely, perhaps by taking a different approach or by abandoning a course of action. For example, a pharmaceutical company may abandon a research and development project due to risks around finding a cost-effective synthesis route.
Transfer the risk: This strategy involves transferring the risk to another party, such as an insurance company. For example, a construction company may transfer the risk of damage to a building to an insurance company.
Reduce the risk: This strategy involves reducing the likelihood or impact of the risk. For example, a company may implement engineering controls, administrative controls, or personal protective equipment to reduce the risk of injury to employees.
Share the risk: This strategy involves sharing the risk with another party. For example, a joint venture between two companies may share the risks and rewards of a project.
Exploit the risk: This strategy involves taking advantage of the risk to achieve a positive outcome. For example, a company may exploit the risk of a competitor leaving the market to increase its market share.
Enhance the risk: This strategy involves increasing the likelihood or impact of the risk to achieve a positive outcome. For example, a company may enhance the risk of a new product launch to increase its potential rewards.
Monitor and review the risk assessment
How to monitor and review the plan
Monitoring and reviewing the risk assessment plan is the final step of the risk assessment process.
It allows you to check whether the measures you have implemented to control risks work as they should and correct them if they don’t. Here are some steps to monitor and review the plan:
Plan: Define the scope of the review, including the objectives, the scope, and the resources required.
Do: Collect data on the effectiveness of the controls, including incident reports, near-miss reports, and audit findings. Review the data to identify trends and areas for improvement.
Check: Evaluate the effectiveness of the controls and identify any gaps or deficiencies. Determine whether the controls are still appropriate and effective, or whether they need to be revised.
Act: Develop an action plan to address any gaps or deficiencies identified during the review. Assign responsibilities and timelines for completion.
Review: Monitor progress against the action plan and evaluate the effectiveness of the actions taken. Review the risk assessment regularly to ensure that it remains up-to-date.
It is important to note that monitoring and reviewing the risk assessment plan should be a planned part of the risk management process and involve regular checking or surveillance.
The results should be recorded and reported internally and externally, as appropriate. The results should also be an input to the review and continuous improvement of the firm’s risk management framework
Examples of how to monitor and review the plan
Here are some examples of how to monitor and review the plan:
Incident reports: Incident reports are a valuable source of information for monitoring and reviewing the risk assessment plan. They can help identify trends and areas for improvement.
Near-miss reports: Near-miss reports are similar to incident reports but describe events that could have resulted in an incident but did not. They can help identify potential hazards and risks.
Audit findings: Audits can be used to evaluate the effectiveness of the controls and identify any gaps or deficiencies. The results of audits can be used to develop an action plan to address any issues identified.
Regular reviews: Regular reviews of the risk assessment plan can help ensure that it remains up-to-date and effective. Reviews should be conducted at least annually, or more frequently if there are any changes in the workplace that could affect the level of risk.
Employee feedback: Employee feedback can be a valuable source of information for monitoring and reviewing the risk assessment plan. Employees can provide insights into the effectiveness of the controls and identify any areas for improvement.
Training and awareness: Regular training and awareness programs can help ensure that employees are aware of the risks and the controls in place to manage them. Training can also help identify any gaps in knowledge or understanding.
It is important to note that monitoring and reviewing the risk assessment plan should be an ongoing process and involve regular checking or surveillance.
The results should be recorded and reported internally and externally, as appropriate.
The results should also be an input to the review and continuous improvement of the firm’s risk management framework.
Join 5,000 H&S professionals and sign up for the spacebands monthly newsletter and get the latest blogs, free resources, tools, widgets and a dose of health & safety humour.