10 Steps of a Practical Team Based Workplace Risk Assessment Process

A risk assessment is an important part of the system that employers must introduce to protect workers and company assets. It helps to focus the attention of all the decision makers on the risks that really matter in the workplace - the ones with the potential to cause real harm. In many instances, straightforward measures can readily control risks, for example ensuring spillages are cleaned up promptly so people do not slip, or cupboard drawers are kept closed to ensure people do not trip. For most risks that mean simple, cheap and effective measures to ensure the most valuable asset - the workforce - is protected.

A risk assessment is simply a careful examination of what, in the workplace, could cause harm to people, so that the responsible person can weigh up whether enough precautions have been taken or whether more should be done to prevent harm. Workers have a right to be protected from harm caused by a failure. This is normally achieved by the introduction of reasonable control measures.

Step 1: Preparation

The first step in the ten step workplace risk assessment process for health and safety purposes is preparation. It is very valuable to identify the facilitator how will be facilitating the risk assessment process during the early stage to ensure that the scope is not set at to an optimistic level.

As soon as the scope of the risk assessment has been approved, the risk assessment team must be selected and appointed. A critical part in any qualitative risk assessment process is to ensure that the team conducting the assessment comprises of a vertical slice of persons from within the origination that is being assessed.

Before proceeding with a risk assessment exercise it is important to obtain a very clear mandate from senior management for the scope of work by getting formal approval. This will minimise any misunderstandings that may arise later.

Once the team is assembled, a short preconditioning session should be embarked upon where the team is taken through a process where some of the risk issues are highlighted in order to sensitise the team for the Risk Assessment that will be embarked upon.

Step 2: Hazard Identification

The next step in the process is the identification of the hazards involved in the process, task or activity being assessed.

A hazard, in the context of health and safety risk assessment, is simply the presence of an energy source that has the potential to cause a loss.

Workers who do the job usually know the most about the related risks and should therefore participate in the hazard identification process. The employer should pay particular attention to involving groups who have distinct health and safety issues so that no job that concerns workers is missed.

During this step the team should systematically isolate the hazards that are contained in each step of the process by determining the energy sources that are present in the various steps. This may include Mechanical, Electrical, Kinetic, Gravitational, Chemical, Biological, Radiation and Noise energy to mention only a few of the more obvious types.

The hazard identification process is the step that should also be used to assess the adequacy of existing controls developed by previous teams.

Step 3: Convert Hazard to Risk

Once the hazards have been identified for each step of the process, it would be necessary to convert the identified hazards to risks. This is important in order to assess the risks. One must remember that it is the risks that are assessed and not the hazards.

In order to convert hazards into risks one needs to know how a risk is defined in terms of health and safety assessments. Various authors define risk differently, depending on what they want to achieve, however, for simplicity sake, a risk can be defined as an energy source that can go out of control.

In converting the hazards into risks, it is important to work systematically and consider every hazard for each step in the process, including informal steps and deviations from the prescribed process as determined earlier.

The effectiveness of each of the above must be considered for normal, abnormal as well as emergency conditions. These abnormal and emergency conditions could include changing environmental conditions, changes in the process or operational control as well as unusual natural and man made conditions.

The outcome of this part of the process would be a list that contains the step of the process, the energy source that can go out of control, the cause for uncontrolled energy as determined above as well as the potential consequence that it may result in.

Step 4: Risk Ranking

Once all the steps and all the risks have been identified the risks needs to be analysed in order to establish the priority of future actions as well as the sequence and extent of these actions.

The purpose of analysing the risk is purely to objectively establish the priority of the actions required in order to reduce identified risks to tolerable levels.

It should be noted that if this part is neglected, the rest of the risk assessment and the decisions made upon it could be totally invalid.

Experience indicates that, if one is not careful, this section can unnecessarily take up the bulk of the time required to conduct risk assessments. This should be avoided at all cost as the calculations per se is not important, it is more important to be consistent than to be absolutely accurate during this phase.

Traditionally it was considered sufficient to consider the potential severity and frequency of a risk in order to rank it. The introduction of the duty of care into legislation, however, requires that the exposure of the workforce to the risk should also be considered during the evaluation phase.

This implies that the simple risk matrix currently in use by many organisations would be very difficult to use, as three dimensions of the risk should be considered. In order to analyse the risk by utilising all three the dimensions a second matrix may be used where the output of the first is utilised as one of the axis of the second.

It is also important to consider that all the dimensions do not have the same weighting. In most cases it would appear that severity has a higher weighting than frequency and that frequency in turn has a higher weighting than exposure. In addition to this it is clear that the scales used in matrices very seldom have a linear function, with the exception of the exposure that is normally expressed as a percentage and normalised for duration of exposure.

On its own the risk ranking numbers are pretty useless. The purpose of conducting the risk assessment is to draw up a risk profile of the workplace. To achieve this all the risk rankings should be reflected on a risk profile chart.

At this stage the team will have a long list of potential problems (risks), each with an individual risk ranking. The facilitator should lead the team through a discussion of all the potential problems that have significant risk rankings, starting with those with the highest rank (i.e. the most serious risks). The actual risk ranking value will vary from mine to mine as differences in the risk analysis methodologies may exist.

Step 5: Risk Control

The next step in the risk assessment process is to determine the control measures that need to be taken and the ongoing review of those measures. There is a hierarchy or preferred order of control measures ranging from the most effective to the least effective.

Broadly defined, risk control techniques are designed to minimize, at the least possible costs, those risks to which the organization is exposed. Risk control methods, include risk avoidance and the various approaches to reducing risk through loss prevention and control efforts. In the case of risk avoidance, the individual or organization refuses to accept any exposure to loss arising from a particular activity.

Some controls are more effective than others. In the list following, the five types of controls for reducing risk are listed in descending order of effectiveness.

This hierarchy of control is defined by the ILO Convention C176 is as follows:

• Eliminate any recorded risk;
• Control the risk at source;
• Minimise the risk; and
• In so far as the risk remains--
• Provide for personal protective equipment; and
• Institute a programme to monitor the risk to which employees may be exposed.

As the risk assessment analysis is normally conducted by evaluating the potential severity, frequency and exposure it would be necessary to establish the effectiveness of existing controls before any decision is made as the necessity of additional controls.

Step 6: Risk Quantification

Safety measures always cost money and the employer must foot the bill. A perpetual conflict of interest exists between employers and employees as to the type and magnitude of safety, health and environmental measures that could be considered reasonably practical and reasonable necessary.

One way to quantify the risk is to determine costs of uncontrolled risks and the costs of new control measures. This financial value is normally a measure that is understood by most managers, despite the limitations it has in terms of putting a valuation on the cost of suffering associated with injuries and illnesses.

The financial resources and nature of safety and health prevention measures require to reduce accidents/incidents to tolerable levels should be determined accurately and reported on regularly.

Step 7: Cost Benefit Analysis

The cost benefit analysis should be conducted in the light of the corporate objectives. This should be guided by the following principles:

The risk management structure should not support an inappropriate measure of cost in relation to the cost of the loss events. The cost-benefit analysis should consider the impact of any loss in the earnings stream as well as direct losses.

The corporate risk aversion and suppression desire should be utilised to assist in the evaluation process.

The approach to the handling of risk should be an integrative process. Considerations relative to risk control and its management should form an integral part of the evaluation process.

By introducing the concept of the cost-of risk, attention is focussed on the aspects of integration on optimisation. One should realise that this approach have a macro and micro impact. The macro and micro approach have a number of consequences as follows:

A longer-term view is necessary when determining the levels of expenditure on risk aversion

Risk control measures should be undertaken with the broader corporate financing objectives and constraints guiding the decision

The decision should be taken with due consideration of the social, safety, health, environmental and quality considerations measured against with a discounted cash flow of the cost of reducing the risk to a tolerable level.

Both financial and non-financial issues should be included in the cost benefit analysis. The issues to consider under financial factors should include items:

• Influencing Cash flow
• Influencing Income
• Influencing Investments

The non-financial factors to consider include:

• Moral
• Ethical
• Social and
• Legal issues

Step 8: Additional Controls

The complete set of information should be presented to the executive team of the company for consideration.

Before making a final decision on the introduction, or not, of any specific additional control the Chief Executive Officer of the company must make a decision, based on the financial, practical, moral and social values of the organisation. On finalizing of these decisions a final approval for the introduction of the additional controls must be issued.

On receipt of the final approval action plans and an implementation schedule should be drafted for recommended additional controls. These action plans should include the required personnel, resources and completion dates. It is good management to first obtain approval for action plans before starting with the implementation thereof.

The implementation of the action plan should be integrated into the action plans normal day to day activities of the responsible persons.

Step 9: Audits

Although evaluation and review is an ongoing process that is performed without interruption, the risk management program should periodically be subjected to a comprehensive review called a risk management audit. Most people are familiar with the term audit as it is used in the accounting field, where it refers to a formal examination of financial records by public accountants to verify the accuracy, fairness, and integrity of the accounting records.

The term audit has a second meaning, which is any thorough examination and evaluation of a problem, which is implied in the term risk management audit. A risk management audit is a detailed and systematic review of a risk management program designed to determine if the objectives of the program are appropriate to the needs of the organization, whether the measures designed to achieve those objectives are suitable, and whether the measures have been properly implemented.

While an external party may conduct risk management audits for the company, they must also be performed internally.

Step 10: Follow-up

At the conclusion of the audit phase of the workplace risk assessment the process is not completed. The procedure will start again from the top, revisiting all the steps in the assessment process. The purpose of this is to give management the opportunity to:

• Ensure that the plan was followed.
• Check that the recommended controls in place
• Develop additional controls for any additional risks identified during the audit and follow up steps.
• Deactivate existing controls that became redundant as a result of changes in the risk profile.

Conclusion

Experience has shown that by using the ten steps to conduct a risk assessment, will overcome many of the practical problems of conducting a workplace risk assessment. It should be noted that conducting a risk assessment alone will not produce a safe and healthy workplace. In addition to this, there needs to be management acceptance that all role-players have a contribution to make and a workforce commitment to implementing the outcomes of the risk assessment.

The acknowledgment that the risk assessment process is a tool to achieve continuous improvement of health and safety conditions and that the process is a never ending cycle of activities, will contribute greatly to the success of the outcome.

© Carl Marx 2009