Risk Assessments: Mitigated Risk with Unmitigated Value
Expertise provided by Bashir Zayid, BBSI Risk Consultant
Employee safety should be a top concern for any business owner. Not only is it a legal requirement, but without healthy and safe employees, you will have a difficult time keeping your business in operation. One key way to evaluate workplace safety is by conducting risk assessments.
A risk assessment defines safety risks and hazards in your operation and their costs and consequences. This information will allow you to determine if each hazard’s risk level is acceptable, or if you need to take action to mitigate their risk.
Let’s take a closer look at how you can optimize risk management with risk assessments.
TABLE OF CONTENTS
What Is the Purpose of a Risk Assessment?
At a base level, risk assessments satisfy legal requirements. But beyond that, there are a number of reasons you should perform risk assessments, including:
- Reducing hazards and hazardous exposures in your company’s workplace
- Quantifying risk, or determining short and long-term costs associated with risks
- Allocating appropriate resources to the mitigation of workplace safety hazards
- Leveraging leading indicators (proactivity) and lagging indicators (past incidents)
- Holding responsible parties accountable for unnecessary risk and injury
By directly addressing the risks involved in your business, you keep your most valuable resource safe — your people. This will help ensure your operations can continue without issue.
Types of Risk Assessments
Below, we’ll take a closer look at each one and compare their relative strengths and weaknesses.
Regulatory Compliance Assessment
Your business should always be compliant with the legal risk-mitigation requirements for your industry. If it’s not in compliance, you could face fines, legal repercussions, a poor company reputation, and may even be forced to shut down. Compliance with the Occupational Safety and Health Act of 1970 (OSH), certified by the Occupational Safety and Health Administration (OSHA), often involves an audit. And assessments also come into play during audit preparation.
OSHA stipulates basic safety protocols to prevent injury and illness for workers in every industry, with a special focus on the construction, maritime, and agriculture sectors. OSHA makes hazard identification assessment materials available to all businesses to keep workers safe. Using these tools before and during assessments is the best — and often only — way to ensure compliance.
These assessments are often less formal than their regulatory compliance counterparts, but they serve similar ends. The internal assessment can be handled by an on-site safety manager or a contracted risk professional who will analyze each job and/or project in your workplace for hazards, risks, and exposures, either by OSHA, other standards, or according to unique metrics designed for your specific business. This low-level assessment sets the stage for broader, company-wide auditing and assessing for compliance, business, or other reasons.
Plan for a general risk assessment to take six months. This will allow your safety manager or risk professional to gather the data necessary to form a clear picture of your company’s risk. General assessments are more flexible than the other options on this list and may offer less safety assurance, as they may not certify compliance nor meet stakeholders’ expectations.
Comprehensive Risk Assessment
A comprehensive risk assessment is the most thorough method for assessing all potential and existing risks in each department or division of your business. They provide unparalleled insights into the risks facing your staff and require the most time and resources to complete. At their most robust, these may also include audits for one or more regulations (OSHA, DOT, CSB, etc.).
One advanced risk assessment, known as a quantitative risk assessment, creates a detailed and actionable picture of risk and accountability, down to specific costs.
Large-scale assessments like this are typically performed in operations with greater, more dangerous, or highly complex risks, such as those in the energy and manufacturing industries.
Risk Assessments vs. Job Hazard Analysis (JHA)
Another form of assessing threats, similar to a risk assessment, is a job hazard analysis (JHA). You may perform job hazard analyses during your risk assessment, but they are not the same thing.
As noted above, a risk assessment analyzes safety hazards and risks throughout the organization.
Conversely, a JHA is an analysis of the specific risks and hazards involved in a single task, like unloading a truck. It outlines the steps necessary to safely and productively perform this job, mitigating as much risk as possible to keep all stakeholders involved as safe as possible.
Risk assessments have a much wider scope than JHAs, both in terms of the organization and the time frame that they analyze. Ideally, you should consider implementing both for your business.
How Often Should You Perform Risk Assessments?
At a minimum, you should renew your business’s risk assessment every two years. But ideally, you should perform one risk assessment per year to ensure that you remain compliant as you grow.
You should proactively plan a risk assessment around upcoming events, such as:
- The start of a new long-term project: Perform a general risk assessment at the start of your project to determine limitations around safety. Once the project is underway, perform another risk assessment to determine the efficacy of your initial risk mitigation.
- A significant organizational change: If new equipment, materials, procedures, or staff are implemented, assess all the newly introduced hazards and regulations.
- Deciding to pivot your organization: If you want to change industries or expand into a new sector or location, you need to determine the new risks that may be involved.
Of course, unpredictable safety incidents should also prompt risk assessments to determine what led to the incident, so you can implement safety controls to prevent it from happening again.
Risk assessments are valuable for all organizations. Even if your business is stable, you aren’t beginning new projects, and you haven’t experienced any recent incidents, that could all change.
How To Perform a Risk Assessment
A risk assessment includes five steps, with each stage feeding into the next:
1. Identify the Hazards
First, you need to establish the potential dangers associated with your workplace and the specific jobs and tasks that are most closely associated with them. Factors to consider are:
- The equipment used and how your employees engage with it
- Degradation or wear-and-tear on equipment over time
- Any potentially harmful chemicals or substances
- Which (if any) safety protocols are already in place
- What unsafe habits your employees may have developed
- Non-routine operations, like maintenance and cleaning
- Health hazards such as heavy lifting and work-related stress
For each of the hazards you identify, consider how they may be harmful and whom they may harm (your employees, contractors, visitors to your premises, members of the public, etc.).
2. Evaluate the Risks
Next, you’ll assess the risk level of each identified hazard using a risk assessment matrix (or risk matrix), which measures the overall level of risk in your workplace using three variables:
- Severity of consequences, measured on a scale of one to three
- Likelihood of consequences, measured on a scale of one to three
- Frequency of consequences, namely “rare,” “often,” or “frequent”
By adding the numbers assigned to each risk, you create a quantified dataset of risk variability. Lower total numbers represent lower overall risk, while higher numbers represent higher overall risk. You can use the risk level to determine priority and appropriate responses to each identified hazard.
3. Implement Control Measures
After evaluating the level of all risks facing your organization, you need to address each one.
The highest risk should be addressed first, but you should also avoid overwhelming yourself, and any staff tasked with risk mitigation. Delegate corrective actions to department leads and/or volunteers, and hold them accountable with realistic deadlines. If a lower-priority risk can be addressed swiftly and easily, alleviating it sooner rather than later may be best.
4. Document Your Findings
As you address organizational risks, you should develop a documentation process to record the methods used and the results of your risk assessments. Your documentation should also track significant findings, including:
- Who they could harm
- Your control measures
Your records should be updated frequently to reflect a changing reality, but you should also keep older versions on file for a historical record of your safety precautions, improvements, and the reason you made them.
5. Review and Update the Assessment Frequently
Finally, you should implement an overall review of your risk assessment program.
After you have completed an assessment and implemented controls, you should track whether or not they’ve successfully mitigated the safety risk. This reflects the efficacy of the assessment and the implementation and can suggest further adjustments.
Success may not be immediate, but if certain areas of risk mitigation still need improvement during your review, you should begin the process again. Ideally, you should look at your risk assessment process at every stage and make adjustments to maximize safety throughout.
Evaluate and Assess Your Business’s Risk with BBSI
Strategizing and implementing a risk assessment can be challenging, especially for smaller businesses or those expanding into new markets or industries. Luckily, you don’t have to tackle it alone.
BBSI partners with businesses to complete risk assessments and implement risk mitigation strategies to improve workplace safety. BBSI’s Risk Consultants will help you understand your current safety culture and then establish processes to improve your bottom line and maintain compliance with critical legislation. Contact your local branch today to learn what BBSI can do for your business.
Disclaimer: The contents of this white paper/blog have been prepared for educational and information purposes only. The content does not provide legal advice or legal opinions on any specific matters. Transmission of this information is not intended to create, and receipt does not constitute, a lawyer-client relationship between BBSI, the author(s), or the publishers and you. You should not act or refrain from acting on any legal matter based on the content without seeking professional counsel.