Last reviewed 11 September 2013
There is more than one way to assess risk, but which way is best for your organisation? Mike Sopp considers some of the techniques that can be used.
In addition to being a legal requirement, effective risk assessment protects people and business interests alike.
The legislation does not expect the employer to eliminate all risk, but to reduce risks to “as low as reasonably practicable”. Risk assessing enables the employer to carefully examine, within the workplace, what can cause harm, and decide whether sufficient precautions are being taken or whether additional risk control measures are required to meet this objective.
For many organisations, the Health and Safety Executive (HSE) suggests, the “five-step” approach is adequate. However, the HSE recognises that “there are other methods that work well, particularly for more complex risks and circumstances”. This implies that to meet the “suitable and sufficient” criteria of risk assessing, employers need to give consideration to the risk assessment techniques selected.
Suitable and sufficient criteria
Regulation 3 of the Management of Health and Safety at Work Regulations 1999 (MSHWR) contains the general requirement that every employer “shall make a suitable and sufficient assessment” of the risks to the health and safety of its employees to which they may be exposed while at work, and to that of others who may be affected by the work activities undertaken.
The phrase “suitable and sufficient” is not defined in legislation, but the now withdrawn Approved Code of Practice to MHSWR suggested that, to meet the criteria, the risk assessment should “identify the risks arising from or in connection with work” and should be “appropriate to the nature of the work”.
In essence, risk assessing is about gathering information through the systematic general examination of the undertaking, work activities, and the condition of the premises so as to identify the associated risks. This, in turn, will enable decisions to be made “in an informed, rational and structured manner” on risk control measures, with the action taken being proportionate to the risk.
The revised HSE website on risk assessing states that the “level of detail in a risk assessment should be proportionate to the risk” and that “there are no fixed rules about how a risk assessment should be carried out; indeed it will depend on the nature of the work or business, and the types of hazards and risks”.
This is also reflected in BS 18004 Guide to Achieving Effective Occupational Health and Safety Performance, which notes that there is no single methodology for hazard identification and risk assessment that will suit all organisations, and individual hazards might require a variety of methods to be used.
As such, to meet the suitable and sufficient criteria, the organisation will have to choose approaches that are appropriate to its scope, nature and size, and which meet its needs in terms of detail, complexity, time, cost and availability of reliable data.
In general terms, the level of risk arising from the work activity should determine the degree of sophistication of the risk assessment. This suggests that some level of foresight and planning is required to ensure the most appropriate techniques are selected.
As BS 18004 states, “it is counterproductive to apply elaborate assessment methods to risks that are manifestly trivial. Small, low-risk organisations in particular should be highly selective about the risks that they assess in detail”.
However, this implies that the employer may have to undertake some form of basic screening exercise to determine which risk assessment techniques will have to be adopted. BS 18004 suggests that an initial status review, if completed correctly, can assist in making preliminary judgments as to the significance of any risks. Screening will also assist in ensuring that the most significant risks are prioritised and managed appropriately.
The HSE website suggests that to meet the suitable and sufficient criteria, the following will apply.
In small businesses with limited hazards, an informed judgment and reference to appropriate guidance can be used with no complicated skills or processes required.
In intermediate cases, some form of specialist advice may be required along with analytical techniques.
Large and hazardous sites will require the most developed and sophisticated risk assessments using quantitative techniques.
This is reflected in BS 18004, which states that “for low-risk environments, analysis may be qualitative in nature (eg high, medium, low), which will require a degree of judgment to be made. For more complex and hazardous work environments, a quantitative approach may have to be adopted, which uses available quantifiable data.”
Other factors influencing technique selection may be specific, hazard-related legislative requirements and associated guidance, such as techniques utilised to complete workstation assessments or manual handling. Fire risk assessors may follow the guidance under PAS79:2012, for example. Other factors to consider include:
the needs of decision-makers, in terms of detail required, to make a decision on risk control that is proportionate
the degree of expertise, human and other resources (including costs) needed to ensure the assessment is suitable and sufficient
the availability of intelligence in terms of information and data pertinent to the activities being assessed
the need for modification/updating of the risk assessment and the ease with which this can be achieved.
It may also be the case that a basic risk assessment could identify the need for a more complex assessment to be undertaken. As an example, a qualitative assessment completed in relation to a harmful substance may require additional analytical techniques to be adopted for measuring potential exposure levels of the substance.
When selecting the most appropriate technique, the British Standard on risk management (BS EN 31010) suggests that, in general terms, suitable techniques should exhibit the following characteristics.
They should be justifiable and appropriate to the situation or organisation under consideration.
They should provide results in a form that enhances understanding of the nature of the risk and how it can be treated.
They should be capable of use in a manner that is traceable, repeatable and verifiable.
More specifically from the health and safety perspective, the risk assessment would normally be expected to:
ensure the significant risks and hazards are addressed
ensure all aspects of the work activity are reviewed, including routine and non-routine activities
take account of the non-routine operations
take account of the management of incidents such as interruptions to the work activity
be systematic in identifying hazards and looking at risks
take account of the way in which work is organised.
Clearly, for risk assessments completed in the field of health and safety, there will be some common elements as detailed in the five-step approach, these being: hazard identification; identification of person/s that may be harmed; risk analysis; recording; and monitoring/review.
However, different approaches in terms of hazard identification and risk analysis may have to be applied, depending on the techniques selected based upon qualitative (eg checklist), semi-qualitative (eg five-by-five matrix) to quantitative (eg fault-tree) analysis.
Both BS 18004 and BS EN 31010 contain useful information detailing the various applications, strengths and weaknesses of various risk assessment techniques. Both also qualify the limitations of risk assessing.
Indeed, BS 18004 states that “the organisation should consider limitations in the quality and accuracy of the data used in the risk assessments, and the possible effect these could have on the resulting determination of risk. The higher the level of uncertainty in the data, the greater the need for caution in determining whether the risk is acceptable”.
BS18004:2008 Guide to Achieving Effective Occupational Health and Safety Performance
BS EN 31010:2010 Risk Management. Risk Assessment Techniques
the HSE website