Last week I wrote a short piece on ‘what a risk assessment is’; This week’s follow up is all about how to do a risk assessment for yourself because, as we all know, every organisation/business should have a risk register, especially in these turbulent and unprecedented times.

There are many guides to ‘How to do a risk assessment’ but the basic steps are as follows:

  1. Identify potential risks/hazards
  2. Identify who or what may be impacted by them
  3. Evaluate the likelihood and severity of each risk/hazard identified (in point 1)
  4. Implement controls to reduce or eliminate risk/hazard
  5. Review & re-assess your risk assessment register

The risk assessment process should consider internal and external hazards and risks. Many risks for an organisation  have an external focus. It is common for a business to be impacted by third party suppliers for example.

It is important to document your assessment in a register for reference and communication as well as for reviewing and updating – it’s not a set and forget exercise! The register should include who is accountable for the management of any particular risk and regular reports should be provided on the state of the risk; ie whether it is reducing or increasing.

Identifying risks/hazards

Sometimes easier said than done but the key to identifying risks and hazards is consultation. Talk to staff and service providers, take a walk around your premises, review previous accident or Ill-health records and any manufacturers’ recommendations for goods-handling or storage or machinery operations. And use third-party data, such as insurance contracts, to provide information and ensure your processes are rigorous and comprehensive.

Identifying who might be impacted

Different groups can be impacted differently by the same hazard or risk. For example, pregnant women would be more at risk from exposure to, say, radiation than other groups; Employees on site might be more at risk than contractors visiting. So, identifying categories of ‘at risk groups’ becomes critical to evaluating the severity of a risk and the controls you choose to mitigate or eliminate risk.

Evaluating the likelihood and severity of each risk/hazard

In a nutshell, any assessment will basically evaluate how likely it is for a risk/hazard to occur and how severe the consequences would be should it occur. By doing this you can consider what controls are available to eliminate or reduce risk ‘as far as practically possible’. And you can identify any costs associated with the control measures you choose to eliminate, reduce or control the risk.

Implementing controls

Not all controls are equal! That is, what’s good for the goose isn’t always what’s good for the gander. Whilst some businesses or organisations will often have the same risks/hazards the choice of suitable control measures may vary depending on the likelihood and severity of potential impact. The consequences of a fire on an offshore major hazard facility are likely to be more serious and require more costly control measures than say a fire in a single storey storage unit housing non-hazardous goods for distribution. There is a proportionality relationship between the risks and controls which are evident in many regulated sectors to exemplify the principle that not all controls are equal.

Reviewing & assessing your risk assessment

Having a written record of your risk assessment is critical; in most cases it’s also a legal requirement, not just an excellent business practice. We refer to this document as the ‘Risk Register’. Having a risk register not only provides a record of your assessment considerations and control measures but it provides the basis for auditing your business/organisation enabling you to be proactive in identifying new risks and new controls. It is a fundamental and significant business resilience tool for any organisation.

Before 2020 how many businesses/organisations would have had ‘working from home’ procedures identifying and evaluating risk and appropriate control measures? How much would mental health factors have been a consideration before the global Covid pandemic? And would the evaluation of mental health factors be the same now as it was in 2020?

Nuffield Group provides consultancy and support services including risk assessment and compliance. Find out more here.

Picture this if you can: Two kayaks tied side-by-side to the roof of my car as I set out for the small town of Tarwin Lower in Gippsland to drop them into the river for a bit of R&R on the water. Life vests in the boot? Check. Paddles aboard? Check. Tides checked and favourable. So, risk assessment complete and all OK for the day, right? Well, not quite.

It certainly seemed like I’d covered all my bases, but I’d taken a calculated risk that my years of cub scouting meant the knots used to tie the kayaks to the roof racks were suitable and secure. And to be fair, they were. But I had not factored in the forces of nature and wind speed at 80kph on a twisty, open road. My risk assessment checklist was inadequate.

Of course, we do things every day that entail risk assessment and largely, our personal experience, knowledge & judgement prevent anything untoward occurring. In the above example I mitigated the risk by having a passenger watch the kayaks carefully through the sunroof! As soon as we saw movement we didn’t like we were able to abort the trip and return home to find better bindings.

In business, risk assessment needs to be a little more measured and proactive!

Businesses have the responsibility to ensure their staff understand any risk associated with their work and their working environment and what controls need to be adopted to remove or reduce risk – particularly risk of an accident at work. The consequences of not doing so are far more costly than turning a car loaded with kayaks around and starting again! The bottom line is:

“A risk assessment will protect your workers and your business, as well as complying with law”

Every organisation should have a risk assessment done by a suitably qualified person capable of identifying hazards, evaluating and categorising risk. This allows an organisation to then implement reasonable control measures to remove or reduce risk.

An assessment needs to address the following elements:

  1. An accident: ‘an unplanned event that results in loss
  2. hazard: ‘something that has the potential to cause harm’
  3. risk: ‘the likelihood and the severity of a negative occurrence (injury, ill-health, damage, loss) resulting from a hazard.

Naturally, there are many diverse types of risk assessment (fire risk, handling dangerous goods, working from heights etc) so any risk assessment you carry out needs to be “proportionate and relevant to the operational activities” of your business or organisation”. That said, many industries will have specific legislative requirements that businesses must incorporate into their  risk assessments.

So, the bottom line is a risk assessment is a simple, structured method of identifying, eliminating, reducing and/or controlling risk to benefit the health, safety, and wellbeing of your employees. Every business needs one.

Nuffield Group provides consultancy and support services including risk assessment and compliance. Find out more here.