Risk Assessment

Identify, analyze, and mitigate potential hazards and the risks associated with it.

Published April 12th, 2021

What is a Risk Assessment?

A risk assessment is a systematic process that involves identifying, analyzing and controlling hazards and risks. It is performed by a competent person to determine which measures are, or should be, in place to eliminate or control the risk in the workplace in any potential situation.

Risk assessment is one of the major components of a risk analysis. Risk analysis is a process with multiple steps that intends to identify and analyze all of the potential risks and issues that are detrimental to the business. This is an ongoing process that gets updated when necessary. These concepts are interconnected and can be used individually.

Risk communication is the process of exchanging information and opinion on risk to concerned parties. Risk management is the proactive control and evaluation of threats and risks to prevent accidents, uncertainties and errors. Together with risk assessment, these are all vital elements that help make informed decisions such as mitigating risks.

Risk analysis framework includes risk assessment, risk management, and risk communication

Risk Analysis Framework

Importance of Conducting Risk Assessments

Identifying hazards by using the risk assessment process is a key element when ensuring the health and safety of your employees and customers. OSHA requires businesses to conduct risk assessments. According to regulations set by OSHA, assessing hazards or potential risk will determine the personal protective gears and equipment a worker may need for their job. There are guidelines available for different industries since present types of possible risks may vary, an example of this is agribusinesses. Unique risks for this industry include manure storage, tractor operation, animal handling, behavior, and health.

The Environmental Protection Agency (EPA) of the US specializes in assessing hazards related to humans and its environmental receptors such as animals, chemicals, and other ecological factors. While in the UK, conducting risk assessments are a legal requirement as stated in the Health and Safety at Work Act. The specific regulation under this law can be retrieved from the Management of Health and Safety at Work Regulations Section.

The gravity of hazard identifications is clear with all these organizations and governments requiring risk assessments at work. Prevent and reduce risks to save lives and to ensure that the workplace stays as a safe space.

When to Perform a Risk Assessment?

Beyond complying with legislative requirements, the purpose of risk assessments are to eliminate operational risks and improve the overall safety of the workplace. It is employers responsibility to perform risk assessments when:

  • new processes or steps are introduced in the workflow;
  • changes are made to the existing processes,
  • equipment, and tools; or new hazards arise.

Difference Between Risk Assessment and Job Safety Analysis (JSA)

Risk assessments are often confused with a Job Safety Analysis (JSA) or Job Hazard Analysis (JHA). The key difference between a risk assessment and a JSA is scope. Risk assessments assess safety hazards across the entire workplace and are oftentimes accompanied with a risk matrix to prioritize hazards and controls. Whereas a JSA focuses on job-specific risks and are typically performed for a single task, assessing each step of the job.

3 Types of Risk Assessment?

While the exact details of risk assessments may vary greatly across different industries, HSE distinguishes three general risk assessment types:

  • Large Scale Assessments – This refers to risk assessments performed for large scale complex hazard sites such as the nuclear, and oil and gas industry. This type of assessment requires the use of an advanced risk assessment technique called a Quantitative Risk Assessment (QRA).
  • Required specific assessments – This refers to assessments that are required under specific legislation or regulations, such as the handling of hazardous substances (according to COSHH regulations, 1998) and manual handling (according to Manual Handling Operations Regulations, 1992).
  • General assessments – This type of assessment manages general workplace risks and is required under the management of legal health and safety administrations such as OSHA and HSE.

Risk Assessment Examples

Risk assessments are essential to identify hazards and risks that may potentially cause harm to workers. There are a variety of risk assessments used across different industries tailoring specific needs and control measures. Here are common risk assessment examples:

  • Health and Safety Risk Assessment – a type of risk assessment used by safety managers to determine health and safety risks associated with the job, work environment, and current processes. Hazards can be identified as biological, chemical, energy, environmental, and the like.  
  • Workplace Risk Assessment – performed by office managers and school administrators, this tool helps ensure that a workplace is free from health and safety threats. This assessment also helps boost employee morale and productivity.
  • Fall Risk Assessment – performed by nursing staff of aged care units or centers to evaluate the possibility of falling. This checklist will ensure that the facilities, equipment, and other factors are safe for elderly patients.
  • Construction Risk Assessment – a vital assessment used in the construction site to help safety teams implement corrective measures and stakeholders comply with safety regulations.

Risk assessments can be seen as a regulatory paperwork burden, but understanding the reason and purpose of a risk assessment will help your team identify, prioritize and control hazards in your workplace. 

Planning for a Risk Assessment

Risk assessments should be carried out by competent persons who are experienced in assessing hazard injury severity, likelihood, and control measures. To start off, good planning will be essential in order to implement a risk assessment effectively. Consider the following 4 elements as stated by the Occupational Safety and Health Administration (OSHA):

  1. What is your scope?
    Determining the scope when planning your risk assessment can help you figure out what resources you would need. Be specific about what you’re assessing. Are you assessing a product? An organizational process? Or a workplace area?

  2. What resources do you need?
    Determine the kind of training, tools, and equipment your team needs to effectively carry out the risk assessment. You should also determine the risk analysis measures you are going to use and know why they are the best choice for your purpose.

  3. Who is involved?
    Note the personnel involved in your risk assessment planning and implementation. They could be managers, supervisors, workers, or suppliers. This helps you identify additional resources that can help you improve the effectiveness of your risk assessment.

  4. What laws, regulations, and internal policies do you need to comply with?
    Non-compliance could lead to hefty fines and other offenses that can spell trouble for your operation. Determine the laws, regulations, codes, standards, and internal policies you need to consider when conducting your risk assessment.

By determining all of these, you can create a solid foundation for an effective risk assessment. Once you’ve planned out your risk assessment, you can proceed with performing the risk assessment. A risk assessment is performed in 5 steps or stages.

5 Steps of a Risk Assessment?

  1. Identify hazards
    Survey the workplace and look at what could reasonably be expected to cause harm. Identify common workplace hazards. Check manufacturers or suppliers instructions or data sheets for any obvious hazards. Review previous accident and near-miss reports. Efficiently identify hazards by using checklists. This ensures everything is covered during risk assessment and hazard identification which prevents risks from escalating.Hazards and risks are sometimes used interchangeably; however, they actually refer to two different elements of a potential incident. A hazard is something that has the potential of causing harm to people, property, or the environment, while risk is the likelihood of a hazard to actually cause harm or damage under defined circumstances.
  2. Evaluate the risks
    To evaluate a hazard’s risk, you have to consider how, where, how much and how long individuals are typically exposed to a potential hazard. Assign a risk rating to your hazards with the help of a risk matrix. Using a risk matrix can help measure the level of risk per hazard by considering factors such as the likelihood of occurrence, and severity of potential injuries.
  3. Decide on control measure to implement
    After assigning a risk rating to an identified hazard, it’s time to come up with effective controls to protect workers, properties, civilians, and/or the environment. Follow the hierarchy of controls in prioritizing implementation of controls.
  4. Document your findings 
    It is important to keep a formal record of risk assessments. This can help your organization keep track of hazards, risk, and control measures. Documentation may include a detailed description of the process in assessing the risk, an outline of evaluations, and detailed explanations on how conclusions were made.
    Use a risk assessment template to document your findings. Get started with iAuditor’s free risk assessment templates that you can use on your mobile device while on-site. Share your report and findings with key parties who can implement changes.
  5. Review your assessment and update if necessary
    Follow up with your assessments and see if your recommended controls have been put in place. If the conditions in which your risk assessment was based on change significantly, use your best judgment to determine if a new risk assessment is necessary.

Risk Assessment Tools and Techniques

There are options on the tools and techniques that can be seamlessly incorporated into a business’ process. The four common risk assessment tools are: risk matrix, decision tree, failure modes and effects analysis (FMEA), and bowtie model. Other risk assessment techniques include what-if analysis, failure tree analysis, and hazard operability analysis.

How to use a Risk Matrix?

Likelihood Very Likely Likely Unlikely Highly Unlikely
Consequences Fatality High High High Medium
Major Injuries High High Medium Medium
Minor Injuries High Medium Medium Low
Negligible Injuries Medium Medium Low Low

A risk matrix is often used during a risk assessment to measure the level of risk by considering the consequence/ severity and likelihood of injury to a worker after being exposed to a hazard. The two measures can then help determine the overall risk rating of the hazard. Two key questions to ask when using a risk matrix should be:

  1. Consequences: How bad would the most severe injury be if exposed to the hazard?
  2. Likelihood: How likely is the person to be injured if exposed to the hazard?

How to Assess Consequences?

In assessing the consequences of a hazard, the first question should be asked “If a worker is exposed to this hazard, how bad would the most probable severe injury be?”. For this consideration we are presuming that a hazard and injury is inevitable and we are only concerned with its severity.

It is common to group the injury severity and consequence into the following four categories:

  • Fatality – leads to death
  • Major or serious injury – serious damage to health which may be irreversible, requiring medical attention and ongoing treatment
  • Minor injury – reversible health damage which may require medical attention but limited ongoing treatment). This is less likely to involve significant time off work.
  • Negligible injuries – first aid only with little or no lost time.

To illustrate how this can be used in the workplace we will use the example of a metal shearing task. A hazard involved could include a piece of metal flying out of the equipment while in use. In this example the probable most severe injury would be “Major or Serious Injury” with the possibility of bruising, breakage, finger amputation.

How to Assess Likelihood?

In assessing the likelihood, the question should be asked “If the hazard occurs, how likely is it that the worker will be injured?”. This should not be confused with how likely the hazard is to occur. It is common to group the likelihood of a hazard causing worker injury into the following four categories:

  • Very likely – exposed to hazard continuously.
  • Likely – exposed to hazard occasionally.
  • Unlikely – could happen but only rarely.
  • Highly unlikely – could happen, but probably never will.

In our metal shearing example the question should not be “How likely is the machine expected to fail?” but instead “When the machine fails and causes metal to fly out, how likely is the worker expected to be injured?”. If in our example we observe a safe distance between the machine and worker and proper PPE being worn, we could rate it as “Unlikely” given our observations

We recommend OSHA’s great learning resources in understanding how to assess consequence and likelihood in your risk assessments.

How to Implement Control Measures?

After identifying and assigning a risk rating to a hazard, effective controls should be implemented to protect workers. Working through a hierarchy of controls can be an effective method of choosing the right control measure to reduce the risk.

Below is the National Institute for Occupational Safety and Health’s  Hierarchy of Controls that can help guide you in the process of formulating your organization’s control measures.

niosh hierarchy of controls

NIOSH Hierarchy of Controls

  • Elimination is the most effective control. If it is possible to physically remove a hazard, it must be done.
  • Substitution is the second most effective control. It proposes to replace the hazard with a safer alternative e.g. automating a manual process identified to be dangerous, buying a newer equipment model with better safety ratings, etc.
  • Engineering controls refer to physically isolating people from the hazard if at all possible
  • Administrative controls refer to changing the way people work. This may include procedural updates, additional training, or increasing the visibility of precautionary signs and warning labels.
  • PPE is the last line of defense if workers cannot be completely removed from a hazardous environment.

OSHA recommends the following guidelines to accomplish hazard control

  • Eliminate or control all serious hazards immediately.
  • Use interim controls while you develop and implement longer-term solutions.
  • Select controls according to a hierarchy that emphasizes engineering solutions (including elimination or substitution) first, followed by safe work practices, administrative controls, and finally personal protective equipment.
  • Avoid selecting controls that may directly or indirectly introduce new hazards.
  • Review and discuss control options with workers to ensure that controls are feasible and effective.
  • Use a combination of control options when no single method fully protects workers.

 

How do You Perform a Risk Assessment with iAuditor?

Many factors and processes can come into play when conducting a risk assessment. The process usually takes a lot of time as it involves going through multiple hands for review and completion. Which in turn, opens the whole risk assessment procedure to issues like losing track of paperwork and records.

Using a risk assessment app like iAuditor makes it easy for you to have everything in one place. Organizations are able to track hazards, risks, control measures, and corrective actions within just a few taps.

See how iAuditor can help your risk assessment every step of the way:

  1. Identify hazards
    Using your mobile or tablet device, survey the workplace and list down risks and hazards you’ve identified. Provide better understanding of the risks and hazards, by attaching or capturing photo evidence within the app during inspection.
  2. Evaluate the risks
    Risk and hazards identified, can be assigned the appropriate risk rating and control measures then and there. Image references can be included within the risk assessment form for users to base on for a more accurate rating.
  3. Assigning control measures
    Be proactive by not only listing down the appropriate control measure for each risk, iAuditor enables users to assign corrective actions so action items are immediately resolved instead of piled up.
  4. Recording your risk assessment
    Comprehensive reports are automatically generated after completion of the risk assessment forms. They can be shared in word, pdf or by link across your team members and others.
  5. Reviewing and updating your risk assessment
    Risk assessment documents are instantly and securely saved in your account, ready for you to access and update whenever you need to. 

iAuditor is the World’s #1 Inspection Software and App

iAuditor gives you the flexibility to power any inspection you require – onsite, underground, and across the globe. Inspect construction sites, restaurants inspections for food safety, conduct temperature checks, pre-flight checks, toolbox talks and more. It is the mobile forms inspection solution for all industries.

SafetyCulture staff writer

Jai Andales

Jai is a content writer for SafetyCulture based in Manila. She has been writing well-researched articles about health and safety topics since 2018. She is passionate about empowering businesses to utilize technology in building a culture of safety and quality.

Jai is a content writer for SafetyCulture based in Manila. She has been writing well-researched articles about health and safety topics since 2018. She is passionate about empowering businesses to utilize technology in building a culture of safety and quality.