Risk Assessments

Risk assessments are carried out in many workplaces to identify potential risks and outline steps taken to mitigate or limit the impact of those risks on people or the environment.  While different forms or templates may be used in these assessments, they will generally follow a standard process.

A new risk assessment requires a relatively similar approach, irrespective of what is being assessed.  If possible, the assessment should be carried out in the environment being assessed.  For example, if you are assessing risk related to sample preparation, the assessment should be carried out in the sample preparation laboratory.  When considering a large-scale project where it is not possible to carry out the assessment on-site (such as maintenance on dams in multiple locations), appropriate aids (images, videos, schematic diagrams) should be used. In addition, at least two people with experience in the process being assessed should be involved in a new risk assessment.  If the process is complex or consists of multiple steps or processes, it may require more risk assessors.

To commence the assessment, it is first necessary to identify the potential individual risks associated with this process.  When identifying the risk(s), be sure to distinguish between the potential risk and the item used and/or step in the process.  For example, “hazardous chemicals” is not a risk; “exposure to concentrated sodium hydroxide solution” is.  Similarly, “slips or trips” does not appropriately identify the risk, whereas “trip or fall from ladder” does.

Once the risk is identified, its inherent risk can be determined.  A risk matrix uses the likelihood (how often it will happen) and the consequence (the gravity of the outcome) of the risk to determine the potential impact of the risk (low, medium, high, extreme).  The risk matrix will also generally include guidelines to define likelihood and consequence.  For example, a likelihood of “rarely” may be defined as “happens less than once ever five years”, whereas “certain” means “happens at least 90% of the time”.  A consequence of “insignificant” may mean “minor first aid required and/or no environmental impact”, and “catastrophic” means “multiple deaths and/or major, reportable environmental impact”.

Following the determination of the inherent risk, the process then considers if any sort of risk mitigation needs to be put into place.  If the inherent risk has a very low likelihood and insignificant consequence (giving it a risk rating of “low”), there is likely no need to put any controls into place.  On the other hand, something that will almost certainly happen with a moderate or major consequence will need controls in place to ensure that the step is carried out as safely as possible.

Controls to mitigate risks are identified using the hierarchy of control.  Most effective are those controls that eliminate or substitute the high risk action; moving all the way down to the use of personal protective equipment (PPE) as the final option in the hierarchy. 

After the controls are defined, each identified risk is reassessed for its residual risk.  This determines the risk that remains even with all controls in place.  This reassessment uses the same risk matrix as the inherent risk determination.

Risk matrices can vary, depending on company, industry and process.  Some matrices will only classify risks as low, medium and high; others may also use extreme and catastrophic.  Some will have only one square in the matrix that is designated the highest risk; others may have three or more.  The definition of the likelihood and consequence options in the risk assessment may vary, depending on the risk document being used.  It is important to use these particular definitions to appropriately assess risk and identify the residual risks associated with a process.