Risk Assessment Categories

All organisations assess their overall risk exposure in groups or categories. Not all of these categories relate to safety. For example, an organisation might have risks relating to the market, critical customer retention, the technology they use, economic risk, and many more.

Safety risk is a particular category that needs to be managed across the entire operation. The objective is zero harm, and therefore, no level of safety risk is tolerable. But safety risk is not totally isolated from the rest of the business. There will be overlaps between safety- risks and other risks, for example, the risk of environmental damage and loss of brand reputation arising from an incident.

Principles of a risk assessment

Many safety risks will be intrinsic to the nature of the process or operation. For example, handling toxic chemicals or changing the rods in a nuclear power generator.

Or, they may be related to the nature of the job itself, like entering a confined space or working at heights.

While each of these risk types might be quantified using different techniques, the underlying principles of a risk assessment are always the same:

• Assess the nature and level of the threat.
• Determine how likely it is that there could be an adverse event.
• Determine if and how an adverse event can lead to several other cascading events that could cause more harm.
• Quantify the potential consequences (impact on the operation, costs, downtime, injuries, etc.).
• Identify and determine the effectiveness of control measures in place to manage the risks.

Safety risk assessment techniques

Techniques for assessing risk in the workplace have evolved into recommended (“best”) practices that are widely adopted across different industries.

Examples of these are JRA (job risk assessment), PTW (permit to work), a “Take Five” checklist and many others. There are variations in terminologies across different industries, and while these differences can sometimes create confusion for contractors working across many different sites, the underlying principles are always the same.

As mentioned above, each organisations risk profile will be unique. On top of this, each job will also present its own unique set of risks relating to the site conditions on the day, the skills and experience of the people involved, human factors and other variables.

While many of the risks can be mitigated with administrative controls such as standard operating procedures, there ultimately needs to be a balance between the nature of the risk and the tools used to manage it.

• A process operator trained to routinely work with a specific hazardous chemical does not need to repeat a job risk assessment every time they perform a standard routine procedure.
• On the other hand, a maintenance technician who occasionally works with the same hazardous substance will undoubtedly be required to perform a JRA before commencing maintenance activities on the equipment.

If the risk assessment technique used is too cumbersome, people will find a way to bypass the procedure.

Clarity and responsibility

It should be clear to everyone working in the organisation when a risk assessment is necessary, who is responsible and the exact process to follow.

There can be “grey areas” in this regard, and these need to be eliminated as far as possible. For example, contractors working on a site may submit their safety plan ahead of arriving on-site to do the work. The contractor safety plan will be based on certain assumptions around the experience and competence of the individuals concerned and their familiarity with the site. All of these assumptions should be verified before the work is finally authorised.

A risk assessment must be done by a person with knowledge of the work, the process steps, the nature of the hazards, and the people’s competencies. This means that a risk assessment cannot be done remotely in an office, it must involve an on-site inspection of the actual working conditions.

While some of the steps in a job risk assessment involve the simple completion of a straightforward checklist, other measures will require extensive two-way communication with other role players. Critical safety communication is a crucial aspect of safe work. Toolbox talks and VSCC (Verbal Safety Critical Communication) can be used to ensure this communication takes place regularly.

Specialist analytical techniques may sometimes also be needed to determine the risk, depending on the process, the complexity of the job and the nature of the activity. Examples of these include bowtie analysis, HAZOP, FMEA and others.

Systems (whether paper-based or digital) will always fail if the human element is ignored and adequate consultation does not occur.

What is the minimum requirement for a risk assessment?

Should there be an incident, there is every possibility that the responsible person will have to account under the law for the safety measures taken. While the legal specifics will differ between countries, the leader will likely be challenged on the following:

• Did the operator perform an adequate check of the worksite, were all the hazards identified and were appropriate precautions taken?
• Was the operator competent for the job being done, are there proper training records in this regard?
• Was the communication effective with all involved?
• Did the operator identify who else might be affected by the activity?
• Were the significant risks adequately addressed?
• Were the precautions reasonable, and were they effective in reducing the risk to an acceptable level?

The HSE has published a number of simple templates that can be used to develop your own risk assessment form. You can find such an example at https://www.hse.gov.uk/simple-health-safety/risk/factory.pdf

This template illustrates the concept and is by no means adequate until you have assessed the specific process steps and the nature of the work taking place in your own environment.

The template allows you to record the following:

• What is the specific hazard?
• Who might be harmed, and how?
• How are you controlling the risk around this hazard?
• What additional measures or precautions are necessary to control this risk?
• Assigned to who?
• By when should this action be complete?
• Status

This concept applied to a job risk assessment will build on the above to include reference to the permit to work, a risk assessment and so on as in the example below:

• What is the job/task/activity?
• Provide a reference to the permit to work, maintenance work order, standard operating procedure and other attached documents/
• What are the hazards and potential hazards?
• Who can be harmed and how?
• What is the risk (likelihood and severity)?
• What are the precautions already in place? (These should already be on the permit if applicable).
• What additional precautions are needed to work safely?
• Verify that all precautions and other safety measures are in place.

Digital Risk Assessment Systems

A well-designed digital risk assessment tool supporting Job Risk Assessment (JRA) or Point of Work Risk Assessment (POWRA) system will ensure that all the steps are followed, exceptions are raised, actions are followed through, learnings are captured evidence of the process is retained and more.

In the job risk assessment example above, a digital system will allow all related data from the permit to work, the maintenance work order, names of authorised persons and so on to be automatically linked to the risk assessment.

Digital JRA / POWRA systems can make the whole risk assessment process more robust by making it easy to record findings at the worksite, provide additional evidence of procedures being followed, such as linking to a valid electronic permit to work and photographic evidence etc.

Where there are statutory requirements or other standards, an electronic system can also embed these requirements into the risk assessment templates. Examples of these standards include the Control of Major Accident Hazards Regulations (COMAH) in the United Kingdom or Australia’s Dangerous Goods Act and Regulations.

Senior business leaders need to ensure that all risk assessments are delegated to competent persons, that they are effective, and that the control measures are adequate to protect people from harm. An electronic risk assessment system will help manage this process and allow leaders to focus on exceptions when the system is not working as intended.

Other supporting tools such as regular safety audits are used to determine whether the risk assessments are effective and help identify areas needing attention.

Conclusion

Safe work is reliant on adequately managing risks in the workplace. Safety risk is a particular risk category in the organisation’s risk profile and is unique to each job. Risk assessment techniques such as JRA and POWRA are used to assess safety risks at the workplace itself. These processes should align with safety management tools such as the permit to work and safety audits.

Leaders are accountable under the law to ensure that risk assessments are effective. This means proper delegation, clear procedures, and good follow up on exceptions and audit findings.

Ultimately safety is non-negotiable. Sound safety risk assessment systems are indispensable tools to ensure people work safely and achieve more.

For more information

For more information on safety risk, the HSE in the UK has provided an excellent guide on “Managing for Health and Safety”, available as a free download at https://www.hse.gov.uk/pubns/priced/hsg65.pdf

For more information on how IntelliPERMIT and OpSUITE can help you better manage your process safety please contact the team at Adapt IT.