Occupational health legislation requires businesses to protect their workers’ physical and mental health as they participate in their designated business activities. The critical aspects are the working environment and the working practices. Occupational health doesn’t just protect from immediate harm; it also ensures workers will remain medically fit to conduct their work safely over the long term. A key aspect of achieving this is a safety risk assessment.

Risk assessments do not have to be an onerous overhead; self-assessment using competent employees offers businesses a pragmatic solution. Plenty of resources are available to support this process, and once up and running will require minimal effort to maintain.

Source: Kings Access/Adobe Stock imageSource: Kings Access/Adobe Stock image

Risk assessments

Risks come from the exposure of something or someone to a hazard. For example, a loose cable lying across a corridor is a trip hazard. This situation creates the risk that a person trips on the cable and falls, striking something hard or sharp and injuring themselves or dropping something fragile and valuable and damaging it.

Risk assessment is a methodical process involving identifying, analyzing and managing risks. One can identify most risks using readily available lists of typical risks for common situations and environments combined with local knowledge and experience of workplace hazards. Specialist risk professionals are also available to fill the gaps in identifying novel or unusual risks for a specific circumstance.

Risk analysis quantifies risk in terms of how likely the risk will materialize and how severe the consequences are. For example, the loose cable across a corridor may result in at least one person tripping each day, resulting in a minor injury. The consequences may not be severe, but the frequency makes this risk unacceptable.

On the other hand, a gasoline pipe routed next to a source of ignition such as high voltage machinery may leak once in ten years. The hazard may be infrequent, but the consequences could be an explosion that kills several people.

These are credible hazards that would typically be unacceptable in both cases. Managing risk means reducing the risk to acceptable levels, such as taping down loose cables to stop trips or rerouting gasoline pipes to keep any leaks away from an ignition source.

Any competent person can undertake risk assessments, allowing businesses to conduct self-assessments where resources are available. For smaller firms, external consultants can provide the necessary expertise as required. The advantage of maintaining in-house expertise for self-assessment is that those involved will completely understand the environment and work practices, both routine and exceptional. In addition, this can provide a more thorough understanding of credible risks that may not be apparent to a third party.

Pre-acquisition assessments

Before acquiring new equipment, a self-assessment review can identify potential problems before they materialize. This approach allows an organization to eliminate or mitigate risks before they occur. It is always better to determine if there is an unacceptable risk before purchasing and installing the new equipment.

Is the new equipment intrinsically safe, with built-in safety controls in compliance with relevant health and safety standards and regulations? Are all emergency controls and alarms compatible with the intended operating environment? For example, an audible alarm you cannot hear above normal ambient noise levels or a visual warning obscured from view by other equipment create unacceptable risks.

Accessibility issues to consider will include whether you can safely transport the new equipment into position through existing access routes and whether the building is strong enough to support the gross weight of the packaged equipment. In addition, once in place, does the new equipment block access to escape routes or safety equipment such as fire alarm buttons, extinguishers or hoses?

Where equipment requires access to services such as fuel, electricity or water, does routing these services create additional risks such as high voltage cables located near accessible locations or water pipes routed above electrical equipment?

Does the equipment require ventilation or pipework to carry exhaust gases away from the environment, and in which case, what failures in these facilities create additional risks?

Does the new equipment adversely affect the environment by affecting temperature, humidity, high noise levels, vibrations or other environmental factors? This includes generating harmful materials or fumes and high pressure or flammable gases.

Does the new equipment require storage or replenishment of toxic or hazardous materials? Does the new equipment need operators to work at height, physically handle heavy objects, interact with moving objects or undertake repetitive physical movements?

Have you assessed all operating activities required when using the new equipment to ensure the acceptability of risks, including any requirements for personal protective equipment, training needs and monitoring? In addition, all new equipment’s routine and exceptional maintenance activities require an assessment to ensure all associated risks are acceptable.

Have you identified and assessed the risks associated with the eventual decommissioning and disposal of the new equipment?

Periodic re-assessment

Once a business is up and running, with all risks assessed and managed, it will only require additional risk assessments under specific circumstances, such as in response to significant changes including new equipment, new work practices or equipment relocation. It is also good practice to revisit periodically, such as annually, to ensure that the accumulation of small changes has not adversely affected risk levels and capture any changes to legislation or regulations that may have an impact.

The self-assessment process

The self-assessment can be divided into three focus areas: identify, analyze and manage.

Identifying Risks

Businesses can discover the applicable risks from sources that include:

  • Lists of common workplace hazards
  • Equipment safety documentation
  • Material data sheets
  • Records of previous accidents and near misses

Risk identification can use this information to determine applicable and credible risks. For example, equipment safety documentation may identify that connection to mains electricity creates a potential electrocution hazard for operators. However, if that equipment only operates from low voltage batteries, this electrocution risk is not credible for the business. In situations such as this, one must document these decisions to exclude this risk and periodically review them to ensure that the use of the equipment does not change, for example, to include connection to a mains electricity supply.

Analyzing risks

Risk analysis requires expertise to identify the severity and likelihood of risks correctly. For some risks, such as equipment failing or pipes leaking, historical data is available to guide the probability of this event occurring. This information provides a quantitative measure of risk likelihood. However, in other situations, such as an operator failing to act, a qualitative estimate based on judgment is necessary.

For severity, one can typically separate these into impact on humans (minor injury, major trauma or death) and impact on inanimate objects (repairable damage, significant damage, total loss). A matrix of severity against likelihood allows simple categorization of risks.

For example, a minor severity occurring once in a lifetime is at the low end of the scale, while death or destruction frequently occurring is at the highest end. The business then needs to decide what risk levels are acceptable, and any risks above this level will need reduction.

Managing risks

Risk management is the process of eliminating or reducing risks to acceptable levels. This process can introduce controls to reduce the likelihood of protective measures to reduce the severity. Often businesses will face the prospect of balancing risk reduction against cost. For example, a control may be available to reduce risk but at a price that makes the business economically unviable. As a result, the company will need to consider whether to accept the risk at its current level or explore alternative lower-cost controls to reduce the risk.

It’s critical in risk management to document all decisions fully and periodically review these. Prohibitively expensive controls may become cheaper and economically viable after a few years, altering the cost-benefit balance in favor of implementing the control. Alternatively, better controls may become available that allow a business to reduce existing risks.

One key factor in risk assessment is the safety culture of the business. Self-assessment requires openness and transparency to be successful, especially when it comes to risk identification and a willingness to take whatever means to reduce risks to acceptable levels.

This process starts with induction training, awareness and the message that safety is everyone’s responsibility.


Identifying, analyzing and managing risks is an essential part of any business to protect employees from harm and any third parties. The latter can be visitors to premises such as suppliers or maintainers or simply members of the public walking past the building.

Risk management is not only necessary for legal compliance; it delivers long-term cost savings by preventing incidents and accidents that can damage property, injure people, or disrupt business operations. All these consequences have a business impact that affects the bottom line. Eliminating risks, or reducing them to acceptable levels, will minimize such disruption.

Risk processes do not have to be an onerous overhead; self-assessment using competent employees offers businesses a solution in most situations. Where process complexity or novel risks require specialized expertise, external consultants can supplement the in-house capability on an as-needed basis.

A case in point is the emergence of novel risks with step changes in operational processes as seen with the Industry 4.0 revolution. However, these changes also offer the opportunity to address occupational risk management as part of process changes, applying safe by design principles.

About the author

Stephen Mash is a freelance editor from the U.K. He has over 30 years of practical experience in IT, aerospace, defense and communications sectors. He develops and assesses safety-critical and business-critical systems, providing risk management and cybersecurity consultancy. He has a bachelor’s degree in electrical and electronic engineering, and has been a Member of the Institute of Engineering and Technology (MIET) for over 20 years.