2. Risk Assessment, Likelihood and Severity of Hazards

Without a doubt, risk assessment is the most complex step in the implementation; however, many companies make this step even more difficult by defining the wrong risk assessment methodology and process (or by not defining the methodology at all).
You are required to document the whole process of risk assessment, and this is usually done in the document called Risk assessment methodology.

This is where too many companies make the first big mistake: they start implementing the risk assessment without the methodology – in other words, without any clear rules on how to do it.

Click here to watch a video about health and safety fall protection hazards.

The three (3) Levels of Risk Assessment:

1. Baseline Risk Assessment: Primary, Broad-based:
   1. Geographical - Location of activities, for example, welding on the ground has certain risks, and the same task in a vessel or in an elevated position identifies additional risk
   2. Functional - Types of activities
   3. Pure hazards – inherently dangerous
2. Issue-Based Risk Assessment: New process, equipment. new legislation changes, accident
3. Continuous Risk Assessment: Day-to-day assessment, pre-start-up checks, SHE Rep inspections, operator checks

Program Requirements Components

The risk management program is a dynamic process consisting of four interdependent phases:

Step 1: Identification and Classification

• Physical Hazards: Ionizing radiation (x-rays), noise, lighting, vibration, extreme temperatures, poor ventilation
• Chemical Hazards: Acids, pesticides, herbicides, fumes, dust, gasses, flammable substances, solvents, effluent, solid waste, pharmaceutical (Levothyroxine) 600 micrograms humans versus rats
• Biological Hazards: Vermin (rats & mice), pathogens, viruses, HIV/AIDS, medical waste
• Equipment Hazards: Mechanical lifts, cutting machines, electrical hand tools, portable electrical equipment, lifting equipment, forklifts, ladders scaffold, slip trips and falls
• Ergonomic Hazards: Manual handling, repetitive movement, poor design, restricted space; outdated design & technology, work stations, prolonged standing
• Psychosocial Hazards: Shift work, peer pressure, alcohol/drug misuse
• Stress Environmental Aspects: Contaminated air and water, hazardous waste, resource use

Step 2: Analysis - Decide Who Might Be Harmed & How?

• Operator type (final assembly)
• Maintenance staff
• Support staff
• Cleaning staff
• Contractors
• Visitors
• Vulnerable employees

Step 3: Evaluation (Prioritize Risks for Action)

• Quantitative risk assessments
• Numerical values assigned giving hazards measurable qualities to prioritize
• Qualitative risk assessments
• Rely on experience and opinion of risk assessors and team
• You cannot argue one risk assessment is better than the next
• One must keep in mind that the success of any evaluation methodology employed is measured on the outcomes it has achieved
• Must pass the test of reasonable practicability
• There may be several risks related to one hazard

Step 4: Hierarchy of Control/Prevention:

• Elimination/Substitution: Eliminating the hazard or the task or by substitution e.g. using less hazardous chemicals
• Changing Work Methods: Automation of high-risk tasks, job rotation etc.
• Isolation/Segregation: Isolating the hazard e.g. flammable store, machine guarding or segregating. For example, radiographers are segregated from X-Ray equipment
• Engineering Control: Local exhaust ventilation to remove contaminants can be utilized to minimize risks
• Administrative Control
• Personal Protective Equipment: PPE should only be considered as a last resort or in combination with other more effective control measures

General Principles of Prevention Order of Priority:

a. Eliminate the hazard/risk
b. Control the hazard/risk at source, through the use of engineering controls or organizational measures
c. Minimize the hazard/risk by the design of safe work systems, which include administrative control measures
d. Where residual hazards/risks cannot be controlled by collective measure, the employer should provide appropriate personal protective equipment, including clothing, at no cost, and should implement measures
e. To ensure its use and maintenance

Risk Likelihood/Frequency Ratings, Risk Consequence/Severity Ratings, Effectiveness of Control

Effectiveness of Controls:

• Look at standards and requirements and if they are in place i.e. lockout procedure
• Engineering controls i.e. Guarding, barriers
• Administrative control i.e. Job rotation SOP, medical surveillance, monitoring and measurement and training programs
• PPE: Goggles and safety shoes are used as a last resort

Hazard Prevention and Control Procedures or Arrangements Should:

• Be adapted to the hazards and risks encountered by the organization
• Be reviewed and modified if necessary on a regular basis
• Comply with national laws and regulations, and reflect good practice
• Consider the current state of knowledge, including information or reports from organizations, such as labour inspectorates, occupational safety and health services, and other services as appropriate

Action Plan: Once you have Identified the Necessary Control, you May Put an Action Plan Together for your Program. Such a Plan Should Include:

• Short-term controls that are cost-effective and can reduce the risk with little fuss
• Long-term solutions for significant risks (preferably engineering or elimination controls) would further reduce the risk
• Actions for training or conveying the information regarding the risks
• A means to follow up on the implementation of the plans
• Assignment of responsibilities and roles for accountability
• A time frame for implementation

Record Your Findings

Significant findings and action plans are recorded as proof of implementation and control.

• Hazards, risks and ratings
• Affected persons, groups and departments
• Existing controls
• Planned controls
• Persons responsible for implementing controls
• Reference to standards, legislation, codes of practice Raw Risk Score

Raw Risk Score

Raw Risk = Risk without controls in place S x (P + E) other examples are S x P x E etc.
Residual Risk =‘Residual Risk’ refers to the level of risk that remains after controls have been implemented.

N - Normal circumstances: indicates a hazard which occurs under normal operating conditions, i.e. the way a process or activity is presently carried out during everyday routine work

A - Abnormal circumstances: indicates a hazard which occurs during planned or unplanned non-daily routines that may occur around a process or activity, i.e. maintenance, plant upgrades, start-up/shut down

E - Emergency circumstances: indicates a hazard which may lead to emergency conditions, i.e. catastrophic incidents or accidents which are unplanned events

Simple Risk-ranking Matrix

Hazard Identification & Risk Assessment Item Task Hazard Risk

Likelihood or Frequency (L): How Often can the Event be Expected to Happen?

Risk Classification

Risk Severity

Severity (degree of harm in terms of injury or ill health or extent of damage to the environment)

Probability

Exposure

Exposure (the number of persons, expressed as a % of the facility, that could be exposed to a specific H&S risk; the geographical extent to which the environment could be exposed to a specific impact)

Raw Risk = Risk without controls in place
S x (P + E) other examples are S x P x E etc.
Residual Risk =‘Residual Risk’ refers to the level of risk that remains after controls have been implemented.

Review and Update - Review if Significant Changes:

• New machinery/equipment
• Relocation of plant or machinery
• New substances
• Legislative changes/directives
• Personnel changes
• Accidents, incidents or near misses
• New standards
• Audit or monitor findings
• Periodic review (usually annual)

Communication and Monitoring:

All departments and business units shall:

• Investigate incidents to determine their causes
• Assess the extent and value of damages and determine potential legal liability
• Establish new or improved measures to help prevent the recurrence of incidents
• Maintain their own risk management database as part of the feedback system of information management and communication
• Annually review the risk management process to determine its effectiveness
• Communicate relevant information to assist in managing any incidents, claims, public perception or litigation
• Internal Audits should be performed periodically to monitor and assess the efficiency and effectiveness of the management program

Responsibilities:

Every employee is responsible for the effective management of risk, including the identification of potential risks. Management is responsible for the development of risk mitigation plans and the implementation of risk mitigation strategies.

Chief Executive Officer:

The delegated manager, in terms of section 16(2) of the OHS (Occupational Health and Safety) Act, together with appointed responsible managers as defined in the OHS Roles and Responsibilities and Statutory
Appointments Standard shall be responsible for safety in their designated area of responsibility. Each department shall where required, compile appropriate work instruction documents to support this standard.
The Chief Executive Officer is responsible for ensuring that a risk management program is established, implemented and maintained in accordance with the company policy.

Monitoring:

Risk management extends beyond merely setting out systems and procedures. The process requires monitoring and assessment. The CEO (16.2) is charged with the valuation and improvement of the risk management process in executing its operational objectives and ensuring that the risk management program is a dynamic process. Methods of communicating, the risks to which the employees are exposed and the measures in place to mitigate and control such risks include the risk register and the risk treatment schedule and action plan.

Incident Reports:

After the occurrence of an incident, it is critical that staff members prepare a timely report that includes the results of an investigation and an assessment of the loss or damages.

Investigating the facts of a harmful or damaging incident has four purposes:

1. Establishing its cause
2. Assessing the extent and value of damages and potential legal liability
3. Providing a database in support of submissions for approval to pay claims; and
4. Providing feedback on the effectiveness of existing control measures, and acting as a basis for establishing new or improved measures to prevent a recurrence

Click here to view or download the handouts for Risk and Hazard Identification and Evaluation.