OCCUPATIONAL HEALTH & SAFETY MANUAL
6.
Section 6 – Risk Management Policy
Version:
04
Page:
1 of 8
Issue Date:
6 June 2002
Authorised by: Marjorie Dickenson
RISK MANAGEMENT POLICY
As directed by current occupational health and safety legislation and in accordance with best
practice, SimuLab will adopt a risk management approach to all occupational health and safety
matters. To ensure this, the policy of his company is to provide tools and training to all employees to
follow this approach. Accordingly this document will provide the following items to facilitate the
process:

Risk Assessment Policy, procedures and forms.

Risk Assessment Checklists and management records relating to all major areas and aspects
of the workplace.

Copies of the SimuLab Manual Handling, Hazardous Substances, and Noise Policies.
6.1.
The Risk Management Process
According to company policy, risk management process should be undertaken as follows:
1. Attend occupational health and safety and risk assessment training.
2. Familiarisation with SimuLab Risk Assessment Policy and Procedures.
3. Use the tools provided to identify actual or potential hazards.
4. Complete a risk assessment using the risk assessment severity table and/or checklists
contained in this document.
5. Examine and implement control measures using SimuLab’s Risk Management Chart.
6. Record the results of the procedure in the Risk Management Register.
7. Communicate important information with fellow employees who may experience similar
hazards.
6.2.
Risk Assessment And Control - Guidelines And Procedures
Occupational health and safety management systems include risk assessment in the
workplace in order to meet legislative requirements, minimise injury and illness, and prevent
damage to physical resources.
Risk assessment is best undertaken by a team with multi-disciplinary skills, hence a team
approach generally provides better results. It is an interactive process of continual
improvement. With each cycle, risk criteria can be strengthened to achieve progressively
better levels of risk management. For each stage of the process adequate records should be
kept, sufficient to satisfy independent audits.
Risk management can be applied at many levels in an organization. It can be applied at the
strategic level and at operational levels. It may be applied to specific projects, to assist with
specific decisions or to manage specific recognised risk areas.
Risk management may be applied at strategic and operational levels in an organization. It
may even be applied to specific projects, to assist with decisions, or to manage specific
recognised risk areas.
SimuLab's risk management policy has been prepared in accordance with Australian
Standard AS/NZS4360:1999 Risk Management, AS/NZS 4804:2001 Occupational Health
and Safety Management Systems, and NSW WorkCover Regulations and codes of practice
developed under the NSW Occupational Health and Safety Regulation 2001.
02-002
OCCUPATIONAL HEALTH & SAFETY MANUAL
Section 6 – Risk Management Policy
Version:
04
Page:
2 of 8
Issue Date:
6 June 2002
Authorised by: Marjorie Dickenson
The main elements of the risk management process are outlined below. For more detail you
should consult AS/NZS 4360:1999 Risk Management.
The main elements of the risk management process, as shown in Figure 1, are the following:
a) Establish the context/ identify the need for Risk Assessment
This step seeks to identify the important stakeholders, their perceptions and objectives, and
communicate with these parties. It should focus on the environment in which operations
occur. Assessment should endeavour to determine the crucial elements which might support
or impair the ability to manage risk.
b) Identify risks
Identify what, why and how risks can arise as the basis for further analysis. This is best
achieved by using a risk assessment checklist, or conducting a workplace safety audit, but
often risks are only identified as a consequence of undertaking an accident investigation.
c) Analyse risks
Determine the existing controls and analyse risks in terms of consequence and likelihood in
the context of those controls. The analysis should consider the range of potential
consequences and how likely those consequences are to occur. Consequence and
likelihood may be combined to produce an estimated level of risk.
d) Evaluate risks
Compare estimated levels of risk against the pre-established criteria. This is most easily
achieved by using a risk assessment severity table, which enables risks to be ranked, and
also management to identify priorities.
e) Treat risks
Accept and monitor low-priority risks. For other risks, develop and implement a specific
management plan which includes consideration of funding.
f) Monitor and review
Monitor and review the performance of the risk management system and changes that might
affect it.
g) Communicate and consult
Communicate and consult with internal and external stakeholders as appropriate at each
stage of the risk management process and concerning the process as a whole.
Figure 1. The Risk Management Process (after AS/NZS 4360:1999)
02-002
Section 6 – Risk Management Policy
Version:
04
Page:
3 of 8
Issue Date:
6 June 2002
Authorised by: Marjorie Dickenson
OCCUPATIONAL HEALTH & SAFETY MANUAL





Establish the Context
YES
The strategic context
The organisational context
The risk management context
Develop criteria
Decide the structure


What can happen?
How can it happen?
Identify Risks
Communicate and Consult
Analyse Risks
Determine
likelihood
Monitor and review
Determine existing controls
Determine
consequences
Estimate level of risk
Evaluate Risks


Compare against criteria
Set risk priorities
Assess
Risks
YES
Accept
risks
NO
Treat Risks





Identify treatment options
Evaluate treatment options
Select treatment options
Prepare treatment plans
Implement plans
02-002
(a) r
e
OCCUPATIONAL HEALTH & SAFETY MANUAL
Section 6 – Risk Management Policy
Version:
04
Page:
4 of 8
Issue Date:
6 June 2002
Authorised by: Marjorie Dickenson
This is a continual task that would be performed by managers at many stages of the work
process. Some examples of this may include:

Purchase of new or replacement plant, equipment, or chemicals.

Installation of new plant or equipment.

Normal operational procedures.

Maintenance and repair.

Change of work procedures.

Storage.

Decommissioning.

Disposal.
As part of the risk management process, managers should always request hazard
information for any of the above. Examples of these include:

When purchasing new chemicals a material safety data sheet should be routinely
requested.

When designing new facilities, or workplace procedures a risk assessment provides a
means to control hazards before people are exposed to them.

When procuring new plant or equipment restricting purchases to those which pose no
risk to health and safety.
6.3.
Undertaking a Risk Assessment
The recommended procedure or conducting a risk assessment is as follows:
1.
2.
3.
4.
5.
6.
7.
8.
Identify the risks, both actual and potential.
Assess the risk.
Compare the risk against set criteria.
Establish risk priorities.
Control the risk using options from hierarchy of hazard control.
Prepare an action plan.
Implement the action plan.
Monitor and review the effectiveness of the control procedure.
More detail of each of these steps is provided below:
Step 1. Identify The Risks
In order to control risk you need to be aware that it first exists. Managers, supervisors, and
employees may identify risks by several means including both proactive and reactive
methods.
Proactive methods include:

Workplace audits conducted by occupational health and safety committee's,
consultants or even workplace occupational health and safety specialists.

Observations by managers, supervisors, employees or other persons.

Consultation with staff, particularly those with experience in the job.

Information from literature. Examples of this might include Material Safety Data
Sheets, product labels and other product information, manufacturer's instructions for
plant, machinery, equipment, occupational health and safety texts and journals, etc.

Monitoring of equipment or areas. This is particularly useful for noise and airborne
contaminants.

Statistical analysis. Examining the number of injuries illness and near misses from
accident reports and also workers compensation data to highlight the areas of most
concern.
Proactive identification of risks is always desirable as it prevents accidents from occurring.
02-002
OCCUPATIONAL HEALTH & SAFETY MANUAL
Section 6 – Risk Management Policy
Version:
04
Page:
5 of 8
Issue Date:
6 June 2002
Authorised by: Marjorie Dickenson
Reactive methods include:

Accident investigation.

Complaints.
Step 2. Assess the risk
After a risk has been identified it is necessary to determine how significant it is. This allows
establishment of priority for control measures. In order to do this it will be necessary to
establish the effects in consequences of the risk for determining potential injuries, illnesses
or diseases which may result. It might also be necessary to consider environmental impact of
disposal of waste generated in the workplace from equipment or process failure.
When assessing the risk the following should be considered:

The factors, which cause the risk - a risk may present more than one potential
method of harm. For example, the chemical hazard may present a risk by being
absorbed through the skin or gastrointestinal tract, inhalation of toxic fumes, corrosion
of skin, plant or equipment, being highly flammable, etc.

The likely exposure - essentially the longer a person is exposed to the risk the
greater level of hazard. This is particularly important when examining risks posed by
chemicals and noise.

The severity - the greater severity of the risk the more likely that it may be caused.

Individual differences - all individuals will react differently to situations, exposure,
psychological problems, etc. This should be taken into account when assessing the
risk to groups or individuals.
In order to provide a quick numerical assessment of the severity of a risk, it is convenient to
use a risk assessment severity table. An example of this is given in Table 1.
02-002
OCCUPATIONAL HEALTH & SAFETY MANUAL
Section 6 – Risk Management Policy
Version:
04
Page:
6 of 8
Issue Date:
6 June 2002
Authorised by: Marjorie Dickenson
Table 1 – Assessment of Risk Severity (modelled on material from WorkCover NSW)
How likely is it to happen?
How severely could it hurt someone?
Likelihood
that the
hazard will
cause
harm
Killed or
severely
disabled
Long term
illness or
serious
injury
Likely to
cause lost
time
injuries
May require
first aid
treatment
Very likely
– Could
happen any
time
1
1
2
3
Likely –
could
happen
some of the
time
1
2
3
4
Unlikely rarely
happens
2
3
4
5
Extremely
unlikely - will
probably
never
happened
3
4
5
6
Legend: 1 = very high - immediate action is required; 6 = very low - only take action when practical.
Hazard:
Assessed by:
Assessment date:
Severity rating:
(1 – 6)
Comment:
02-002
OCCUPATIONAL HEALTH & SAFETY MANUAL
Section 6 – Risk Management Policy
Version:
04
Page:
7 of 8
Issue Date:
6 June 2002
Authorised by: Marjorie Dickenson
Step 3. Control the risk
Once a hazard has been identified and the risk assessed, control measures must be
implemented to reduce the risk associated with a hazardous work process or system, and/or
to minimise the potential for harm to occur.
When implementing control measures to minimise risk the hierarchy of hazard control
should be utilised. This hierarchy is as follows:
1.
Elimination - removal of any hazardous procedure, substance, equipment or even
obsolete technology by designing it out of the work process. This is the best way to
control hazard, and should always be the first means of hazard control considered. An
example of this might be buying wood in pre-cut sizes to eliminate dust hazards
caused by workplace machining; as no machining is required, the hazard is
eliminated.
2. Substitution - replacement of a material, process, plant or chemical with one which
is less hazardous. An example of this would be the removal of oil based paint, and
its replacement with water-based paint. This would remove hazard associated with
organic paint fumes. Another form of hazard substitution is the changing of an old
procedure or process for a new safer one. This may range from simply swapping the
physical form of an item used in the production process (such as pellets instead of
powder to eliminate the dust hazard), to changing the whole process (use of paint
dipping instead of spray painting).
3. Isolation - separate the hazard from the person put at risk. This may be done with
physical barriers distance or time.
4. Engineering controls - minimise the risk by utilising engineering controls. Some
examples of this might include: isolation of plant, equipment or processes, changing
workplace design, use of automatic controls or guards on plant, or the use of
extracting ventilation.
5. Administrative controls - lower the exposure to workplace hazards by the use of
administrative controls on the workplace. Examples of these include limiting the
number of workers exposed to hazards by restricting access to only essential
personnel and certain areas, job rotation, adopting routine maintenance and
housekeeping procedures, safety training, adopting recommended safe work
practices (use of safe operating procedures). These techniques are low on the
hierarchy due to the fact that they rely on human beings behaving in a specific way.
This is a poor mechanism for hazard control as people are likely to ‘bend the rules’or
take shortcuts for many reasons.
6. Personal protective equipment - refers to clothing or any other device that forms a
barrier between the wearer and the physical hazard such as chemicals, noise, light,
radiation, temperature extremes, etc. This is the least desirable (but most often
used) form of hazard control. It offers protection only for the wearer, and is subject to
failure through poor maintenance, or lack of training in correct usage. Whenever the
workplace procedure requires the wearing of personal protective equipment, workers
should always be properly trained its use before employing it on the job. Personal
protective equipment should only ever be considered as a short-term solution to
hazard control, and should be used only when all other measures have failed or are
unsuitable. Examples of situations where personal protective equipment might be
appropriate include: wearing of safety glasses in laboratories to prevent chemicals
from splashing into eyes; when hazardous tasks are a very short duration; if the task
is very rarely carried out; in emergency situations; or for maintenance procedures on
safety systems.
02-002
OCCUPATIONAL HEALTH & SAFETY MANUAL
Section 6 – Risk Management Policy
Version:
04
Page:
8 of 8
Issue Date:
6 June 2002
Authorised by: Marjorie Dickenson
Once an appropriate control measure is chosen from hierarchy, it should be applied and its
effectiveness assessed. Regardless of which control measure is utilised, information and
training should be provided to staff and other persons in the workplace which may be
affected. The training should always outline the nature of the risk and the safe operating
procedures which are implemented.
Step 4. Monitor and review
Once a safety system has been put in place, it is prudent to ensure the control measure
does not introduce any further risks, and that the original risks have been removed. It is
important to regularly repeat the risk management cycle, as the workplace is dynamic as
people and processes often change. Review is an integral part of the risk management
process.
All stages of the risk management process should be fully documented. The risk assessment
table in the risk management chart should facilitate this process.
6.4.
Consultation
Effective decision-making in risk management relies heavily on the consultation process. It is
important that during each of the steps of the risk management cycle, managers and
supervisors should, wherever possible, consult with staff when performing the assessment
and control process. The Occupational Health and Safety Committee and Human Resources
Section should also be involved in the consultative process.
6.5.
Risk Management Records
SimuLab requires that all managers and supervisors maintain records of the following:

Workplace risk assessments.

Injury/illness incident reports.

Near miss reports.

Accident/incident investigation reports.

Workplace safety audits.

Records of training.

Plant certification and tests certificates.

Worker’s compensation claims.

Individual rehabilitation programs.

Standard operating procedures and safe working procedures.

Material safety data sheets and chemical registers.

Building, plant, machinery and equipment commissioning data.

Maintenance requirements and contracts.

Waste disposal procedures and contracts.

Workplace inductions.

Other documents which might be used in the risk management process.
02-002