close

Risk Assessment: Definition And 5 Steps To Risk Assessment


Risk assessment is pivotal in safeguarding individuals’ well-being and protecting organizations’ interests. In today’s dynamic and rapidly evolving world, understanding and managing potential risks is crucial for maintaining a secure and healthy environment for employees, customers, and stakeholders.

In this blog, we will explore the concept of risk assessment and its significance in various industries. We will comprehensively overview the five fundamental steps in conducting a successful risk assessment. By following these steps, organizations can systematically identify hazards, evaluate risks, and implement effective control measures to mitigate potential harm and ensure the safety of everyone involved.

Risk assessment is not just a legal obligation under Section 19 of the Safety Health and Welfare at Work Act 2005; it is a proactive approach to managing uncertainties and preventing accidents before they occur. So, let’s dive into the world of risk assessment and equip ourselves with the knowledge and tools necessary to create a safer and more secure working environment.

What Is Risk Assessment?

A risk assessment is a systematic process for identifying, analyzing, and managing potential risks to the safety, health, and property of employees, customers, visitors, and other stakeholders. It includes the identification of hazards and the assessment of risks associated with those hazards. The goal of a risk assessment is to reduce or eliminate the risks identified through the application of effective control measures.

Health and safety legally require that risk assessments be done at certain points, like when you start or change things. These documents help us understand what dangers might arise so we can try hard to prevent them from happening! A risk assessment method is important as it determines the priorities and objectives for eliminating hazards.  Wherever possible, risks should be eliminated by selecting and designing facilities. If this is not an option (maybe because it would cause too much disruption), minimize them using physical controls or PPE as a last resort!

A company’s success depends on its ability to manage all types of accidents at work before they happen so that these events cannot cause major safety problems. This blog covers hazard identification, risk assessment, and appropriate control measures to protect against hazards.

Risk Assessment Process – 5 Steps To Risk Assessment

A risk assessment is a process of identifying, assessing, and managing risks to ensure that an organization operates within its risk appetite. A risk assessment helps an organization determine its level of exposure to potential losses and take steps to minimize those losses.

There are five steps in conducting a risk assessment:

  1. Look For The Hazards; 
  2. Decide Who Might Be Harmed, And How; 
  3. Evaluate The Risks And Decide Whether Existing Precautions Are Adequate Or More Should Be Done;
  4. Record The Significant Findings; 
  5. Review The Assessment And Revise It If Necessary

Step 1 – Look For The Hazards

The essential first step in risk assessment is to seek out and identify hazards. Relevant sources of information include:

  • Legislation and supporting Approved Codes of Practice which give practical guidance and include basic minimum requirements;
  • Process information;
  • The product information
  • Relevant Irish, European, and international standards;
  • Industry or trade association guidance or codes of practice;
  • The personal knowledge and experience of managers and employees;
  • Accident, ill-health, and incident data from within the organization, from other organizations or from central sources;
  • Expert advice and opinion, and relevant research.

There should be a critical appraisal of all routine and non-routine business activities. People exposed may include employees and others such as public members, contractors, and users of the products and services. Employees and safety representatives can make a useful contribution to identifying hazards. 

In the simplest cases, hazards can be identified by observation and by comparing the circumstances with the relevant information (e.g., single-story premises will not present any stair-related hazards). In more complex cases, measurements such as air sampling or examining machine operation methods may be necessary to identify the presence of hazards from chemicals or machinery. Special techniques and systems may be needed in the most complex or high-risk cases (for example, in the chemical or nuclear industry), such as hazard and operability studies (HAZOPS) and hazard analysis techniques, such as event or fault tree analysis. Specialist advice may be needed to choose and apply the most appropriate method. Only significant hazards, which could seriously harm people, should be identified. Trivial hazards are a lower priority.

A tour of the area under consideration by the risk assessment team is essential to hazard identification, as is consultation with the relevant workforce section.

Reviewing accident, incident, and ill-health records will also help identify. Other sources of information include safety inspection, survey and audit reports, job or task analysis report, manufacturers’ handbooks or data sheets, Approved Codes of Practice, and other forms of guidance.

Unsafe conditions mustn’t be confused with hazards during hazard identification. Unsafe conditions should be rectified as soon as possible after observation. Unsafe conditions include missing machine guards, faulty warning systems, and oil spillage on the workplace floor.

Step 2 – Decide Who Might Be Harmed And How

Employees and contractors who work full time at the workplace are the most obvious groups at risk, and it will be necessary to check that they are competent to perform their particular tasks. However, other groups may spend time in or around the workplace. These include young workers, trainees, new and expectant mothers, cleaners, contractor and maintenance workers, and public members. Public members will include visitors, patients, students, customers, and passers-by.

The risk assessment must include any additional controls required due to the vulnerability of any of these groups, perhaps caused by inexperience or disability. It must also indicate the number of people from the different groups who come into contact with the hazard and the frequency of these contacts. 

Step 3 – Evaluating The Risks And The Adequacy Of Current Controls

This step is two – evaluating the risks and the adequacy of current controls.

Evaluating The Risks

During most risk assessments, it will be noted that some of the risks posed by the hazard have already been addressed or controlled. Therefore, the risk assessment’s purpose is to reduce the remaining risk. This is called the residual risk. 

Risk assessment aims to reduce all residual risks to as low a level as reasonably practicable. This will take time in a relatively complex workplace, so a system of ranking risk is required – the higher the risk level, the sooner it must be addressed and controlled.

For most situations, a qualitative risk assessment will be perfectly adequate. During the risk assessment, a judgment is made as to whether the risk level is high, medium, or low in terms of the risk of somebody being injured. This designation defines a timetable for remedial actions, thereby reducing the risk. High-risk activities should normally be addressed in days, medium risks in weeks, and low risks in months; sometimes, no action will be required. It will usually be necessary for risk assessors to receive some training in risk level designation.

A quantitative risk assessment attempts to quantify the risk level regarding the likelihood of an incident and its subsequent severity. Clearly, the higher the likelihood and severity, the higher the risk. The likelihood depends on such factors as the control measures in place, the frequency of exposure to the hazard, and the category of the person exposed to the hazard. The severity will depend on the magnitude of the hazard (voltage, toxicity, etc.). 

It is possible to apply such methods to organizational risk or the risk that the management system for health and safety will not deliver in the way it was expected or required. Such risks will add to the activity or occupational risk level. In simple terms, poor activity supervision will increase the overall level of risk. A risk management matrix that combines these two risk levels has been developed, as shown below.

Whichever type of risk evaluation method is used, the level of risk simply enables a timetable of risk reduction to an acceptable and tolerable level to be formulated. The legal duty requires that all risks be reduced to as low as reasonably practicable.

In established workplaces, some control of risk will be in place already. The effectiveness of these controls needs to be assessed so that an estimate of the residual risk may be made. Many hazards have had specific Acts, Regulations, or other recognized standards developed to reduce associated risks. Examples of such hazards are fire, electricity, lead, and asbestos. The relevant legislation and any accompanying Approved Codes of Practice or guidance should be consulted first, and any recommendations implemented. Advice on control measures may also be available from trade associations, trade unions, or employers’ organizations.

Where existing preventative measures are in place, it is important to check that they are working properly and that everybody affected clearly understands them. It may be necessary to strengthen existing procedures by introducing a permit-to-work system. More details on the principles of control are given below.

Evaluating The Controls

A hierarchy of risk controls should be considered when assessing the adequacy of existing controls or introducing new controls. The health and safety management system ISO 45001 (to replace OHSAS 18001 in 2016) states that the organization shall establish a process for achieving risk reduction based on the following hierarchy:

  • Eliminate The Hazard; 
  • Substitute With Less Hazardous Materials, Processes, Operations, Or Equipment; 
  • Use Engineering Controls; 
  • Use Safety Signs, Markings Warning Devices, And Administrative Controls; 
  • Use Personal Protective Equipment.

The organization shall ensure that the Occupational Health and Safety risks and determining controls are considered when establishing, implementing, and maintaining its Occupational Health and Safety management system.

Where a range of control measures are available, it will be necessary to weigh up the relative costs of each against the degree of control each provides, both in the short and long term. Some control measures, such as eliminating risk by choosing a safer alternative substance or machine, are reliable and provide a high degree of control. Physical safeguards such as guarding a machine or enclosing a hazardous process must be maintained. In making decisions about risk control, it will therefore be necessary to consider the control measures’ degree of control and reliability, along with the costs of providing and maintaining the measure.

Step 4 – Recording Significant Findings

It is very useful to keep a written record of the risk assessment even if there are fewer than five employees in the organization. For an assessment to be ‘suitable and sufficient, only the significant hazards and conclusions must be recorded. The record should also include details of the groups of people affected by the hazards, the existing control measures, and their effectiveness. The conclusions should identify any new controls required and a review date.

The written record provides excellent evidence of compliance with the law to a health and safety inspector. It is also useful evidence if the organization should become involved in a civil action.

The record should be accessible to employees, and a copy of the safety manual containing the safety policy and arrangements. 

Step 5 – Monitoring And Review  

A risk assessment is not a ‘one-off’ process but should be reviewed as part of the routine maintenance of the safety management system. Review is required:

  • When there are significant changes in the workplace or type of work – for example when new substances, processes, or equipment are introduced;
  • When the arrangements for controlling risks are not working as intended – for example, if accidents or ‘near misses’ occur;
  • When there is a change in the legal requirements.

In addition to the general requirement for review, some risk assessments must be carried out regularly because of the hazards involved. For example, assessments of manual handling risks and display screen equipment (DSE) workstation risks will likely be carried out annually.

The review process should consider whether the assessment is valid in light of any changes since it was first carried out. It should also consider whether the control measures identified as being necessary are still adequate and effective.

The review should be done by someone not involved in the original assessment. This will ensure a fresh view of the risks and control measures. When the review has been completed, any identified new control measures should be implemented as soon as possible. The existing control measures should continue to be used until they can be replaced by the new measures. The review date should be recorded in the written assessment and brought to employees’ attention.

Conclusion

In conclusion, risk assessment is vital for any organization seeking to create a safe and secure environment for its stakeholders. Organizations can effectively manage and mitigate potential risks through a systematic five-step process involving the identification of hazards, understanding who might be harmed, evaluating risks and existing controls, documenting significant findings, and regularly reviewing and updating the assessment. This proactive approach helps fulfill legal obligations and contributes significantly to protecting employees, customers, and the wider community from harm. By understanding and addressing risks, organizations can foster a safety culture, prioritize resources effectively, and ensure sustainable and responsible operations.