Five steps of a risk assessment follow to carry out a risk assessment in your workplace. Risk assessments should be performed by persons who are competent and experienced in the five steps of the risk management process. We developed this blog to provide you with basic knowledge of the risk assessment process within the five basic steps of the risk management system.
Remember in risk management, three types of methods are known for their qualification and evaluation: the qualitative, semi-qualitative and quantitative methods. We are going to describe here only the qualitative risk assessment method. This type of assessment manages general workplace hazards and is required under the direction of statutory health and safety administrations such as HSE.
A new risk assessment must be carried out when there are new machines, substances and procedures that may give rise to new hazards. They should be periodically reviewed and updated. The five steps of a risk assessment are a fundamental part of health and safety management in the company that helps the employer control risks in the workplace.
Five steps of a risk management process aimed at estimating the magnitude of the risks that could not have been avoided, providing the employer with the necessary information to decide on the need to adopt adequate measures to guarantee the safety and health protection of workers. Learn risk assessment with muniriyathse (safety zone).
Tips for conducting the Five steps of a risk assessment
Risk assessment is essential within management, this is done before designating the action plan to be implemented for prevention. It is key to keep in mind that the evaluation must be validated and recorded, once this is done, it must be communicated to the entire organization.
To carry out the five steps of a risk assessment, the dangerous elements must be determined and then evaluating the existing risk based on objective evaluation criteria. So, a conclusion can be reached on deciding on control and reducing the risk.
At the end of the process, the risk assessment must be documented on the five steps of a risk assessment template, including the identification of the job, the existing risk and the list of affected workers, the result of the assessment and the appropriate preventive measures to make a suitable and sufficient assessment.
- Involve employees in the risk assessment process. They can provide valuable insights into the hazards and risks in the workplace.
- Use a risk assessment template or checklist to help you document your findings.
- Keep the risk assessment record up-to-date.
- Review the risk assessment regularly and make changes as needed.
By following these tips, you can ensure that your risk assessments are effective and that you are taking the necessary steps to protect your employees.
The five steps of a risk assessment process
Risk assessments should be performed by competent persons who are experienced in evaluating the severity, likelihood, and control measures of injury from hazards. To begin with, good planning will be essential to implementing a risk assessment effectively. Consider the following 5 steps as established by the Occupational Safety and Health Administration (OSHA).
The Five steps of a risk assessment are an important part of any health and safety management system. By following these steps, you can identify and control the risks in your workplace, and help to keep your employees safe.
- Identify the hazards
- Identify who might be harmed and how
- Evaluate the risk and decide on control measures
- Record the findings and implement them and
- Review and update if necessary
Step1: Identify the hazards
As its name indicates, at this stage the possible risks, both internal and external, that the company is facing must be identified. This is the first and most important step in any risk assessment. You need to identify all of the hazards that could potentially cause harm to people in your workplace. This includes physical hazards, such as slippery floors or sharp objects, as well as hazards from work activities, such as lifting heavy objects or using machinery. The following aspects must be taken into account:
- What creates the risk? Whether tangible or intangible.
- Causes and events.
- SWOT (strengths, weaknesses, opportunities, and threats).
- Internal and external context.
- Changes that can be generated.
- Indicators of each risk.
- Company assets and resources.
Take a look at the workplace and consider what could reasonably be considered dangerous. Identify the most common hazard (hazard means “something potential to cause harm”) in the workplace that leads to disease or ill health such as work at height, vehicle movement, toxic or corrosive chemicals etc. Health hazards can be divided into five categories:
- Physical: radiation, vibration, noise etc.
- Chemical: lead, mercury, acid, dust etc.
- Biological: Bacteria, viruses etc.
- Ergonomic: stooping, bending, twisting etc.
- Psychological: stress, trauma etc.
Hazard identification method
Consult manufacturers’ or suppliers’ instructions or safety data sheets for any obvious hazards. Review accident reports, risk assessments, medical records, inspections, audit and investigation reports, national and international legislation and previous accidents are the information sources to find out hazards. There are various methods to identify the hazards. Here we are going through the NEBOSH IG1 Book:
- Job safety analysis
- Legislation
- Manufacturer’s information and
- Incident data
Step 2: Identify who might be harmed and how
The second step of a risk assessment is to identify who might be harmed and how. This involves considering the following factors:
- The people who are likely to be exposed to the hazard. This could include employees, visitors, contractors, and members of the public.
- The type of harm that could be caused. This could include physical injuries, illnesses, psychological harm, or financial loss.
- This could range from minor injuries to fatalities.
By asking these questions, you can start to identify who might be harmed by the hazards in your workplace and how. This information will help you to develop effective control measures to protect people from harm. Here are some examples of questions you can ask to identify who might be harmed and how:
- Who are the people who are likely to be exposed to this hazard?
- What type of harm could be caused by this hazard?
- How severe could the harm be?
- Are there any vulnerable groups of people who are more likely to be harmed by this hazard?
- Are there any people who are not normally present in the workplace who could be harmed by this hazard, such as visitors or contractors?
Identify the people at risk by the activities being done, which might be workers or operators, maintenance staff, cleaners, contractors, or visitors who could be injured. Ask workers if they can think of anyone else who might be hurt by the hazard.
Step 3: Evaluate the risk and decide on control measures
After identifying the hazards and who might be harmed, the next step in the assessment is to evaluate the risk. This evaluation can be done taking into account different degrees of detail and complexity, this depends on what you want to achieve with the evaluation. On the other hand, it is important to know the availability and reliability of information and resources.
For this analysis, qualitative, quantitative or both techniques are commonly applied, this already depends on each company directly. The purpose is to know whether the risk arising from the hazards is acceptable or needs to bring this risk to an acceptable level by deciding on control measures.
This involves considering the likelihood of the hazard occurring and the severity of the harm that could be caused. To carry out this evaluation, it is essential to take into account:
- The probability that it could occur and the consequences that it would bring.
- The origin and impact of the consequences.
- Complexity and interconnectedness.
- The effectiveness and efficiency of the established controls.
- The level of sensitivity and trust.
Numerical risk rating
Risk is defined as:
Risk = Severity * Likelihood
Severity: How serious would the most serious injury be if exposed to the hazard? It is common to group the severity and consequence of injury into the following five categories:
(1) Insignificant (2) Minor (3) Moderate (4) Major (5) Catastrophic
Likelihood: How likely is one to be injured if exposed to the hazard? When evaluating probability, the question should be asked “If the hazard occurs, how likely is it that the worker will be injured?” It is common to group the probability of a hazard causing injury to the worker into the following five categories:
(1) UNLIKELY (2) RARE (3) POSSIBLE (4) LIKELY (5) VERY LIKELY
Likelihood | Severity |
| 1 – Unlikely | 1 – First aid injury |
| 2 – Rare | 2 – Medical treatment |
| 3 – Possible | 3 – Lost time injury |
| 4 – Likely | 4 – Severe injury |
| 5 – Very likely | 5 – Fatal incidents |
Using this risk matrix system, a hazard created by a keeping grinding machine in busy access can cause a trip hazard that might be calculated as 5 * 4 = 20 (very likely * serious injury). With the same grinding machine kept at the same access close to the wall, possible trip hazards might be rated 3 * 4 = 12 (possible * serious injury).
In both scenarios, the severity of the injury (4)is the same. Change of likelihood minimizes the risk rating. In this risk rating system, if the score is: (see below image) When evaluating the severity of a hazard, the first question should be asked: “If a worker is exposed to this hazard, how serious would the most likely serious injury be?” For this consideration, we assume that a hazard and injury are unavoidable and are only concerned with its severity.
Decide on control measures
Look for existing controls. Follow the hierarchy of controls prioritizing their implementation. Once you have assessed the risks, you need to decide on what precautions you need to take to control the risks. The general hierarchy of risk control (based on ISO45001). Eliminating the hazards is the best option, if it is not possible use substitution and engineering control.
Administrative controls are using the work permit system, reducing exposure or the exposure time, provision of instruction, information, instruction and training and use of safety signage. PPEs are the least preferred option.
After a hazard is identified and assigned a risk classification, effective controls must be put in place to protect workers. Working through a hierarchy of controls can be an effective method for choosing the appropriate control measure to reduce risk.
- Elimination: it is the most effective control. If it is possible to physically remove a hazard, it should be done.
- Substitution: it is the second most effective control. Proposes replacing the hazard with a safer alternative, e.g. eg automate a manual process identified as dangerous, purchase a newer model of equipment with better safety ratings, etc.
- Engineering controls – refers to physically isolating people from the hazard if possible
- Administrative controls: refer to changing the way people work. This may include procedural updates, additional training, or increasing the visibility of caution signs and warning labels.
- PPE – is the last line of defence if workers cannot be fully removed from a hazardous environment.
Step 4: Record the findings and implement them
You should record your findings from the risk assessment so that you can refer to them later. This record should include the hazards identified, the risks assessed, the precautions taken, and the date of the assessment. Use a 5 steps risk assessment template to document your conclusions. Apply an action plan for implementing the conclusion. Write the name of the assessors who carry out the risk assessment.
This step is essential because it contributes directly to decision-making. When we speak of assessment, we refer to the comparison made with the results obtained in the risk evaluation and the criteria established for each risk to identify and when needed to implement the additional plan.
You may like
Consider the personnel involved in the planning and implementation of the risk assessment. They can be managers, supervisors, workers or suppliers. Review and update if necessary follow up on your assessments to see if controls have been put in place or if new hazards have emerged or if further precautions are needed. Several situations can arise for review such as:
- New processes, substances, equipment or steps are introduced in the workplace.
- Changes are made to existing processes,
- Equipment and tools; or new dangers arise.
- After an accident or near-miss
Step 5: Review and update if necessary
Always monitor the effectiveness of control measures and incident rates whether the precautions are elective or need more control measures. The Health and safety management system of the organization must keep a close eye to implement solutions for effectiveness.
So, a risk assessment should be reviewed by a competent person regularly to make sure that it is still accurate and up-to-date and that the control measures are effective or that further precautions are needed. The risk assessment must be reviewed after process change, technology change, legal change, work activity or work location change, the arrival of new equipment etc. If there is no condition change then a risk assessment should be updated annually. (HSE)
Difference between Risk Assessment and Job Safety Analysis
Safety professionals are often confused about the difference between a Job Safety Analysis (JSA) or Job Hazard Analysis (JHA) and a risk assessment. The key difference between a risk assessment and a job safety analysis is the scope. Risk assessments assess safety hazards throughout the workplace and are often accompanied by a risk matrix to prioritize hazards and controls.
Risk assessment is a broader process that identifies and assesses all of the hazards in a workplace. It is typically conducted by a team of people, including safety professionals, managers, and employees. The results of a risk assessment are used to develop and implement control measures to reduce the risks.
Job safety analysis is a more focused process that identifies and assesses the hazards associated with a specific job or task. It is typically conducted by the employee who is responsible for performing the job. The results of a JSA are used to develop and implement safe work procedures.
Risk assessment and job safety analysis (JSA) are both important tools for identifying and controlling hazards in the workplace. However, they have different purposes and are conducted in different ways. Here is a table that summarizes the key differences between risk assessment and JSA:
| Characteristic | Risk assessment | Job safety analysis |
| Purpose | Identify and assess all of the hazards in a workplace | Identify and assess the hazards associated with a specific job or task |
| Scope | Broad | Narrow |
| Who conducts it | Team of people | An employee who is responsible for performing the job |
| Results | Used to develop and implement control measures to reduce the risks | Used to develop and implement safe work procedures |
Whereas a JSA focuses on the specific risks of the job and is usually done for a single task, evaluating each step of the job. JSA also have five steps are:
- Choose a task
- Divide the task into small steps
- Identify the hazards of each step
- Decide control measures and
- Monitoring the effectiveness of control measures
Conclusion
According to NEBOSH, a risk assessment is a systematic process of identifying, evaluating, and controlling hazards. It is a key part of any health and safety management system. The purpose of a risk assessment is to identify and control the risks in the workplace to protect the health and safety of employees.
The NEBOSH approach to the Five steps of a risk assessment is a widely accepted and effective way to identify and control hazards in the workplace. By following the Five steps of a risk assessment, you can help to keep your employees safe and healthy. The risk assessment process should be:
- Systematic: It should be a structured process that is followed consistently.
- Proactive: It should identify and control risks before they cause harm.
- Proportionate: The level of detail and effort put into the risk assessment should be proportionate to the level of risk.
- Documented: The findings of the risk assessment should be documented so that they can be reviewed and updated as needed.
