Health & Safety Management Lecturing Resource for Quarrying Related Degree Courses LECTURE NOTES: RISK ASSESSMENT & RISK MANAGEMENT Objectives of this Section To introduce the concept of risk assessment and its role within UK health and safety legislation. To the define the principle of risk management. To outline advanced risk assessment methodologies for use in QRA’s. To outline a practical risk assessment process. 1.0 Principals of Risk Management Risk management can be defined as: The eradication or minimisation of the adverse affects of risks to which an organisation is exposed. There are many different risk management techniques available depending on what type of risk is being assessed, but they all are made up of a number of similar stages which are: Identifying the hazards. Evaluating the associated risks. Controlling the risks. RISK MANAGEMENT RISK REDUCTION RISK ASSESSMENT Activity Characterisation Option Analysis Implementation Monitoring Hazard Identification Decision Making Risk Estimation Audit or Review RISK EVALUATION RISK ANALYSIS 1 1 From Cox S.J. & Tait R.S. (1991) Reliability, Safety and Risk Management. Butterworth Heinemann Lecture Notes: Topic 5 Risk Assessment & Risk Management 2 2.0 Risk Management in Legislation Regulation 3(1) of the ‘Management of Health and Safety at Work Regulations 1992 states that:- ‘Every Employer shall make a suitable and efficient assessment of:a) The risks to the health and safety of his employees to which they are exposed whilst they are at work. b) The risks to the health and safety of persons not in his employment arising out of or in connection with the conduct by him or his undertaking; for the purpose of identifying the measures he needs to take to comply with the requirements and prohibitions imposed on him by or under the relevant statutory provisions.’ The accompanying Approved Code of Practice (ACOP) does not specify a particular approach to how a risk assessment is carried out but does set out some general principles that should be followed. For simple hazards a risk assessment can be a ‘very straightforward process based on judgement requiring no specialist skills or complicated techniques.’ This approach is commonly known as qualitative or subjective risk assessment. At the other extreme, major hazards, such as those associated with complex chemical or nuclear plants, may ‘warrant the need of such techniques as Quantitative Risk Assessment.’ In Quantitative Risk Assessment (QRA) or Probabilistic Risk Assessment (PRA) as it is sometimes known, a numerical estimate is made of the probability that a defined harm will result from the occurrence of a particular event. The Regulations state that the risk assessment procedure used in any circumstance should be suitable and sufficient for the hazards and risks to which the workforce is exposed. A suitable and sufficient assessment should: identify the significant risks arising out of work; enable the employer to identify and prioritise the measures that need to be taken to comply with relevant statutory provision; be appropriate to the nature of the work such that it remains vital for a reasonable period of time. Lecture Notes: Topic 5 Risk Assessment & Risk Management 3 3.0 The Risk Management Process Each of the three stages of risk management are discussed below, with particular respect to health and safety risks. Identifying the hazards. Evaluating/assessing the associated risks. Controlling the risks. Hazard Identification Hazard : The potential to cause harm. Harm including ill health and injury, damage to property, plant, products or the environment, production losses or increased liabilities. Hazard identification is, in no doubt, the most important aspect of any risk assessment on the basis of ‘ a hazard identified is a hazard controlled.’ There are many different ways of identifying hazards, making it very much a discipline in its own right. Many different formal methods have been developed over the last two decades. These are generally classed into one of three categories: Comparative Methods. e.g. checklists and audits. These were, in the past, treated as safety reviews as they compared “what is” with “what should be”. Fundamental Methods: e.g. Deviation Analysis, Hazard and Operability Studies, Energy Analysis, Failure Modes & Effects Analysis. These are the formal investigative techniques, many of which developed in the high technology industries, and are structured for stimulating people to apply foresight in conjunction with their knowledge by identifying hazards by asking “what-if” type questions. Lecture Notes: Topic 5 Risk Assessment & Risk Management 4 Failure Logic: e.g. Fault Trees, Event Trees & Cause- Consequence diagrams. These are pictorial representations of logical combinations of causes that lead to a hazard, showing how a hazardous situation may arise or what may happen if that situation occurs. Several of these more detailed hazard identification methods will be explained in more detail later in this Section. Assessing the Risks Risk The likelihood that a specified undesired event will occur due to the realisation of a hazard by, or during work activities or by the products and services created by work activities. In order to be able to assess and/or evaluate risk some degree of the risk should be calculated. As risk is a function of the probability and consequence associated with a hazard occurring, judgements are made on these two properties. Such judgements can be qualitative or quantitative depending on the complexity of the operation that is being examined. Quantitative in this case means probabilistic where numerical probabilities are calculated. This method known as QRA (Quantitative Risk Assessment) is common in the high technology industries where credible values of probability are available from reliability data. In these industries QRA tends to deal with the avoidance of low probability events with serious consequences to the plant and the surrounding environment. Here the derived value of risk is compared against industry standard acceptance criteria to see if it is acceptable. Qualitative risk assessment involves making a formal judgement on the consequence and probability in the absence of detailed quantitative data. Subjective values of severity and likelihood are determined and multiplied together according to the equation: Lecture Notes: Topic 5 Risk Assessment & Risk Management 5 Risk = Severity x Likelihood A number of guides have been produced by industry and commercial organisations to help in assessing risk. A example from one of these is given below (from HS(G)65).2 Hazard – the potential to cause harm will vary in severity. The likely effect of a hazard may for example be rated: 1. Major Death or major injury or illness causing long term disability 2. Serious Injuries or illness causing short-term disability 3. Slight All other injuries or illnesses The likelihood of harm may be rated 1. High Where it is certain that harm will occur 2. Medium Where harm will often occur 3. Low Where harm will seldom occur In this case risk can be defined as the combination of the severity of the harm with the likelihood of its occurrence, or Risk = Severity of Harm x Likelihood of occurrence This simple computation which gives a risk value of between 1 and 9 enables a rough and ready comparison of risks. In this case the lower the number, the greater the risk, and so prioritises the hazards so that control action can be targeted at higher risks in the first instance. 2 HSE (1997), Successful Health & Safety Management, HS(G)65, HSE Books. Lecture Notes: Topic 5 Risk Assessment & Risk Management 6 Controlling Risk Risk control strategies may be classified into one of four main areas: risk avoidance, risk retention, risk transfer and risk reduction.3 Risk Avoidance – this strategy involves a conscious decision on the part of the organisation to avoid completely a particular risk by discontinuing the operation producing the risk e.g. the replacing a hazardous chemical by one with less or no risk potential. Risk retention – The risk is retained in the organisation where any consequent loss is financed by the company. There are two aspects to consider here, risk retention with knowledge and risk retention without knowledge. With knowledge – here a conscious decision is made to meet any resulting loss from within the organisations financial resources. Decisions on which risks to retain can only be made once all the risks have been identified and effectively evaluated. Without knowledge – this usually results from the lack of knowledge of the existence of a risk or an omission to insure against it, and this usually arises because the risks have not been either identified or fully evaluated. Risk Transfer – this refers to the legal assignment of the costs of certain potential losses from one party to another. The most common way is by insurance. Risk Reduction – here the risks are systematically reduced through control measures, according to the hierarchy of risk control described in earlier sections. The majority of health and safety risks in the workplace are controlled through the implementation of managerial/procedural and engineering controls which effectively either eliminate or reduce the risk. This is undertaken according to the hierarchy of risk control introduced earlier in the course. Legislation requires employers to reduce risks to a level that is as low as is reasonably practicable (sometimes abbreviated as ALARP). To carry out a duty so far as is reasonably practicable means that the degree of risk in a particular activity or environment can be 3 Bamber L (1999), Principals of the Management of Risk, in Ridley J & Channing J (ed) Safety at Work,5th Edition, Butterworth Heinmann Lecture Notes: Topic 5 Risk Assessment & Risk Management 7 balanced against the time, trouble, cost and physical difficulty of taking measures to avoid the risk. Types of Risk Assessment Within Industry, three types of risk assessment can be distinguished. Assessments of large scale complex hazard sites, such as those found in the process and nuclear industries. These require quantitative risk assessments, involving advanced techniques such as fault trees, HAZOP’s, FMEA’s etc. (covered in Section Four) General assessments of the complete range of workplace risks – as required under the Management of Health & Safety at Work Regulations, 1999. (covered in Section Five) Risk Assessments required under specific legislation – for example for hazardous substances (COSHH Regulations, 1998), Manual Handling (Manual Handling Operations Regulations, 1992). (covered in the next Course Topic) Lecture Notes: Topic 5 Risk Assessment & Risk Management 8 4.0 Advanced Risk Assessment Techniques Quantitative Risk Assessment In quantitative (or probabilistic) risk assessment, numerical values of risk are calculated and compared against some pre-set criteria. The probabilities and consequences are assessed using statistical techniques and consequence evaluation methods. QRA is most commonly used in the process industries to quantify the risks of ‘major hazards’. A major hazard, as defined by the HSE (1988) 4as ‘any man made industrial hazard that has the potential to cause large scale injury and loss of life from a single brief event’. In recent years significant increases in the use of QRA have taken place in the offshore oil and gas industries, the transport of hazardous materials, the protection of the environment, mass transportation (rail) and the nuclear industry. There are a number of different ways of expressing and describing levels of risk calculated in a QRA ranging from simple tables and expressions to complex graphs. When putting a quantitative figure to a risk it is necessary to be clear as to whom or what group of people the figure applies. It is normal to differentiate between individual and societal risk. Individual Risk is defined as ‘the frequency at which an individual may be expected to sustain a given level of harm from the realisation of specific hazards.’ (IChemE,19925). Frequently individual risk is estimated for a number of locations around a site so that ‘risk contours’ can be plotted to give an indication of the geographical variations for individual risk. An example of a risk contour is shown below (Nussey, 19956). 4 HSE (1988) The Tolerability of Risk from Nuclear Power Stations, HMSO. 5 IChemE (1992) Nomonclature on Risk Assessment in the Process Industries, IChemE, Rugby, UK 6 Nussey C (1995) Accidents Happen – How they can be avioded and the risks assessed. In proceedings of the IBC Conference on Preventing & Managing Emergencies, London: IBC Technical Services Ltd. Lecture Notes: Topic 5 Risk Assessment & Risk Management 9 0.3*10-6/year risk contour VILLAGE Site for proposed developmen t 10-6/year risk contour 10-5/year risk contour CHLORINE INSTALLATION 1 km The practice of QRA requires standards of acceptance commonly referred to as ‘risk criteria’. In the UK, the values of this criteria have been based on past experience from industry. The general approach in determining levels of acceptability is the ALARP (as low as is reasonable practical) principle (HSE 1988). To reduce a risk to a value as low as is reasonable practical means that the risk can be balanced against the time, trouble, cost and physical difficulty of taking measures to avoid the risk. The HSE (1988) concluded that ‘broadly, a risk of death of 1 in 1000 (1x10 -3) per annum is about the most that is ordinarily accepted under modern conditions for workers in the UK and it seems to be the dividing line between what is tolerable and what is intolerable’. It was also concluded that the tolerable risk level from a large scale industrial hazard ‘should not be less than 10 times higher’. i.e. 1x10 –4. Lecture Notes: Topic 5 Risk Assessment & Risk Management 10 Failure Modes and Effect Analysis Failure modes and effects analysis (FMEA) is used for the analysis of technical systems and involves breaking the system down into as many components or sub-systems as possible, and identifying ways that each element could fail, and its effects on the system. The system is divided into sub systems that can be handled effectively. A FMEA is typically documented in tabular format in which the table column headings show its progressive development. A FMEA data sheet typically includes: Identification of the component and parent system; Failure mode and cause of failure Effect of the failure on the subsystem or system; Method of detection and diagnostic aids available; A typical format, that is not too complex, is shown below Component Function Failure Failure Failure Mode Rate Effect Criticality Detection Preventative Method Measures For each component’s functions, every conceivable mode of failure is identified and recorded. It is also common to rate the failure rate for each failure mode identified. This can be done by using handbooks of failure rates data or by using subjective descriptors such as ‘probable’, ‘frequent’ etc. The potential consequences for each failure must be identified along with its effects on other equipment, components within the rest of the system; The various possibilities for detection of the identified failures are then recorded. In some cases sensors and alarms may be in place, in other cases failure is detected through inspection, maintenance, or by human operation. It is then necessary to record preventative measures that are in place or may be introduced to correct the failure, reduce its failure rate or provide some adequate form of detection. Lecture Notes: Topic 5 Risk Assessment & Risk Management 11 Hazard & Operability Studies Hazard and Operability Studies (HAZOP) have been used for many years as a formal means for the review of chemical process designs having been originally introduced by ICI. It is based on the assumption that a system is safe when all the operating parameters are in their normal states or at accepted values. A HAZOP study is a systematic search for hazards which are defined as deviations within these parameters that may have dangerous consequences. In the process industry, these deviations concern process parameters such as flow, temperature, pressure etc. HAZOP is a team approach, involving a team of people representing all different functions in a plant. They identify all the deviations by ‘brain-storming’ to a set of guide words which are applied to all parts of the system. They generate an extensive documentation of potentially hazardous situations as well as operational concerns. The process is as follows: The system is divided into suitable parts or sub-systems, which are then analysed one at a time. In the case of a continuous process operation, the division is into tanks, connecting pipes etc. For each sub-system each parameter (flow, temperature, pressure, volume, viscosity etc.) that has an influence on it, is noted. Guidewords are applied to each parameter in each subsystem. Due to the ‘team approach’ that is used, the intention is to prompt creative discussion of deviations and possible consequences (in terms of both hazards and operability problems). Guideword Definitions NO or NOT No part of the design intent occurs, such as no flow in a pipeline due to blockage. MORE or LESS A quantitative increase or decrease of some parameter, such as flow, temperature etc. AS WELL AS All the design intentions are fulfilled and something happens in addition PART OF Only part of the design intention is fulfilled REVERSE The logical opposite of the design intention occurs OTHER THAN Something completely different than attended occurs Lecture Notes: Topic 5 Risk Assessment & Risk Management 12 For each significant deviation, possible causes are identified. Here possible human and other software errors can be identified, as it is necessary to include factors outside the process units in the examination of causes. Example7 Consider the simple process diagram below. It represents a plant where substances A and B react with each other to form a new substance C. If there is more B than A there may be an explosion. V3 V4 B A V2 V1 V5 A < B = Explosion C The HAZOP sheet for the section of the plant from A to C will look be as follows: Guide Word Deviation Possible Causes Consequences Proposed Measures NO, NOT No A Tank containing A is empty. V1 or V2 closed. Pump does not work. Pipe broken Not enough A = Explosion Indicator for low level. Monitoring of flow MORE Too much A Pump too high capacity Opening of V1 or V2 is too large. C contaminated by A. Tank overfilled. Indicator for high level. Monitoring of flow LESS Not enough A V1,V2 or pipe are partially blocked. Pump gives low flow or runs for too short a time. Not enough A = Explosion See above AS WELL AS Other substance V3 open – air sucked in Not enough A = Explosion Flow monitoring based on weight REVERSE Liquid pumped backwards Wrong connector to motor Not enough A = Explosion A is contaminated Flow monitoring OTHER THAN A boils in pump Temperature too high Not enough A = Explosion Temperature (and flow) monitoring. 7 Harms Ringdahl L (1995), Safety Analysis: Principals and Practice in Occupational Safety, Elsevier Applied Science. Lecture Notes: Topic 5 Risk Assessment & Risk Management 13 Fault Tree Analysis Fault tree analysis breaks down an accident hazard into its contributing factors and investigates combinations of events and conditions that lead to the hazard (Suokas & Rouhiainen, 1992). A fault tree is a diagram that displays the logical interrelationship between the basic causes of the hazard. Fault tree analysis can be simple or complex depending on the system in question. Complex analysis involves the use of Boolean algebra to represent various failure states. This is so that when probabilities are defined for each event, the overall probability can easily be calculated throughout the diagram. The first stage is to select the hazard or top event that is to be analysed. This event should be well defined and not too broad, as it can result in a tree with many different branches and sub-causes, making it time consuming and difficult to analyse. The tree is structured so that the hazard appears at the top. It is then necessary to work downwards, firstly by identifying causes that directly contribute to this hazard. The same technique is applied to all these causes, breaking them down into subcauses (or events) and repeated until the basic (or ‘root’) causes are identified. When all the causes and sub-causes have been identified, the next stage is to construct the fault tree. In designing the tree, a set of symbols, shown in table 3.8. are used (after Daling & Geffen, 1983; Harms-Ringdahl, 1993). Two logical operators, AND or OR gates are used to define the relationships between the events and branches of the tree. Symbol Designation Function EVENT / CAUSE Causes or events that can be developed further BASIC Basic or Root Causes or events that cannot EVENT/CAUSE be developed further UNDEVELOPED Causes are not developed due to lack of EVENT/CAUSE information or significance. AND gate Output event occurs only if all input events occur OR gate Lecture Notes: Topic 5 Risk Assessment & Risk Management Output event occurs if any one of the input 14 events occurs Example Consider the simple circuit diagram shown below: LAMP POWER UNIT + BATTERY - FUSE SWITCH The corresponding fault tree for the above circuit, with the top event (or hazard) being the lamp not working is as follows: Lamp does not light No current through the lamp No power supply to the lamp Faulty Lamp Broken circuit No power feed No Power from battery No Power from unit Lecture Notes: Topic 5 Risk Assessment & Risk Management Broken Circuit 15 Defective switch Defective fuse 5.0 Practical Risk Assessment A number of Guides have been produced to assist organisations in assessing workplace risks in accordance with the Management of Health & Safety at Work Regulations, 1999. These include: Health & Safety Executive – Five Steps to Risk Assessment, IND(G) IChemE – Practical Risk Assessment BSI (1996) – BS8800: Guide to Occupational Health & Safety Management Systems (Annex D) Institution of Occupational Safety & Health (1993) – Risk Assessment The principal difference in these guides is the methodology for estimating risk. The following steps have been taken from BS 8800. Classify work activities Identify hazards Determine risk Decide if risk is tolerable Prepare risk control action plan (if necessary) Review adequacy of action plan Lecture Notes: Topic 5 Risk Assessment & Risk Management 16 Classify work activities: prepare a list of work activities covering premises, plant, people and procedures. Identify Hazards: Identify all significant hazards relating to each work activity. Considering who might be harmed and how. Determine risk: make a subjective estimate of the risk associated with each hazard assuming that planned or existing health and safety precautions are in place. Assessors should also consider the effectiveness of the controls and the consequences of their failure. Decide is risk is tolerable: judge whether planned or existing OH&S precautions (if any) are sufficient to keep the hazard under control and meet legal requirements. Prepare a risk control plan (if necessary): prepare a plan to deal with any of the issues found by the assessment to require attention. Organisations should ensure that new and existing controls remain in place and are effective. Review adequacy of action plan: re-assess risks on the basis of the revised controls and check that risks will be tolerable. Classify work activities A necessary preliminary to risk assessment is to prepare a list of work activities, to group them in a rational and manageable way, and to gather necessary information about them. It is vital to include, for example, infrequent maintenance tasks, as well as day-to-day production work. Possible ways of classifying work activities include: geographical areas within/outside the organisation's premises stages in the production process, or in the provision of a service planned and reactive work defined tasks (e.g. driving) Lecture Notes: Topic 5 Risk Assessment & Risk Management 17 Identify hazards Broad categories of hazard To help with the process of identifying hazards it is useful to categorise hazards in different ways, for example by topic, e.g.: mechanical; electrical; radiation; substances; fire and explosion. Lecture Notes: Topic 5 Risk Assessment & Risk Management 18 Hazards prompt-list A complementary approach is to develop a prompt-list of questions such as: Hazard Prompt List During work activities could the following hazards exist? slips/falls on the level; falls of persons form heights; falls of tools, materials, etc., from heights; inadequate headroom; hazards associated with manual lifting/handling of tools, materials, etc.; hazards from plant and machinery associated with assembly, commissioning, operation, maintenance, modification, repair and dismantling; vehicle hazards, covering both site transport, and travel by road; fire and explosion; violence to staff; substances that may be inhaled; substances or agents that may damage the eye; substances that may cause harm by coming into contact with, or being absorbed through, the skin; substances that may cause harm by being ingested (i.e., entering the body via the mouth); harmful energies (e.g., electricity, radiation, noise, vibration); work-related upper limb disorders resulting from frequently repeated tasks; inadequate thermal environment, e.g. too hot; lighting levels; slippery, uneven ground/surfaces; inadequate guard rails or hand rails on stairs; contractors' activities. Lecture Notes: Topic 5 Risk Assessment & Risk Management 19 The above list is NOT exhaustive. Organisations should develop their own hazard 'promptlist' taking into account the character of their work activities and locations where work is carried out. Determine risk The risk from the hazard should be determined by estimating the potential severity of harm and the likelihood that harm will occur. Severity of harm Information obtained about work activities is a vital input to risk assessment. When seeking to establish potential severity of harm, the following should also be considered: Part(s) of the body likely to be affected; Nature of the harm, ranging from slightly to extremely harmful: 1) slightly harmful, e.g.: - superficial injuries; minor cuts and bruises; eye irritation from dust; - nuisance and irritation (e.g. headaches); ill-health leading to temporary discomfort; 2) harmful, e.g. - lacerations; burns; concussion; serious sprains; minor fractures; - deafness; dermatitis; asthma; work related upper limb disorders; ill-health leading to permanent minor disability; 3) extremely harmful, e.g. - amputations; major fractures; poisonings; multiple injuries; fatal injuries; - occupational cancer; other severely life shortening diseases; acute fatal diseases. Lecture Notes: Topic 5 Risk Assessment & Risk Management 20 Likelihood of harm When seeking to establish likelihood of harm the adequacy of control measures already implemented and complied with needs to be considered. Here legal requirements and codes of practice are good guides covering controls of specific hazards. The following issues should then typically be considered in addition to the work activity information: number of personnel exposed; frequency and duration of exposure to the hazard; failure of services e.g. electricity and water; failure of plant and machinery components and safety devices; exposure to the elements; protection afforded by personal protective equipment and usage rate of personal protective equipment; unsafe acts (unintended errors or intentional violations of procedures) by persons, for example, who: 1) may not know what the hazards are; 2) may not have the knowledge, physical capacity, or skills to do the work; 3) underestimate risks to which they are exposed; 4) underestimate the practicality and utility of safe working methods. It is important to take into account the consequences of unplanned events. These subjective risk estimations should normally take into account all the people exposed to a hazard. Thus any given hazard is more serious if it affects a greater number of people. But some of the larger risks may be associated with an occasional task carried out just by one person, for example maintenance of inaccessible parts of lifting equipment. Lecture Notes: Topic 5 Risk Assessment & Risk Management 21 Decide if risk is tolerable Table 1 shows one simple method for estimating risk levels and for deciding whether risks are tolerable. Risk are classified according to their estimated likelihood and potential severity of harm. Some organisations may wish to develop more sophisticated approaches, but this method is a reasonable starting point. Numbers may be used to describe risks, instead of the terms 'moderate risk', 'substantial risk', etc. Using numbers does not confer any greater accuracy to these estimates. Prepare risk control action plan Risk categories shown for example in Table 1 form the basis for deciding whether improved controls are required and the timescale for action. An approach, again suggested as a starting point, is shown in table 2. Table 2 shows that control effort and urgency should be proportional to risk. The outcome of a risk assessment should be an inventory of actions, in priority order, to devise, maintain or improve controls. The action plan should be reviewed before implementation, typically by asking: will the revised controls lead to tolerable risk levels? are new hazards created? has the most cost-effective solution been chosen? what do people affected think about the need for, and practicality of, the revised preventive measures? will the revised controls be used in practice, and not ignored in the face of, for example, pressures to get the job done? Lecture Notes: Topic 5 Risk Assessment & Risk Management 22 Changing conditions and revising Risk assessment should be seen as a continuing process. Thus, the adequacy of control measures should be subject to continual review and revised if necessary. Similarly, if conditions change to the extent that hazards and risks are significantly affected than risk assessments should also be reviewed. Lecture Notes: Topic 5 Risk Assessment & Risk Management 23 Table 1 - A simple risk level estimator Slightly harmful Harmful Extremely harmful Highly unlikely Unlikely Likely TRIVIAL RISK TOLERABLE MODERATE RISK RISK TOLERABLE MODERATE SUBSTANTIAL RISK RISK RISK MODERATE SUBSTANTIAL INTOLERABLE RISK RISK RISK NOTE: Tolerable here, means that risk has been reduced to the lowest level that is reasonably practicable. Lecture Notes: Topic 5 Risk Assessment & Risk Management 24 Table 2 - A simple risk-based control plan RISK LEVEL TRIVIAL ACTION AND TIMESCALE No action is required and no documentary records need to be kept. TOLERABLE No additional controls are required. Consideration may be given to a more cost-effective solution or improvement that imposes no additional cost burden. Monitoring is required to ensure that the controls are maintained. MODERATE Efforts should be made to reduce the risk, but the costs of prevention should b e carefully measured and limited. Risk reduction measures should be implemented within a defined time period. Where the moderate risk is associated with extremely harmful consequences, further assessment may be necessary to establish more precisely the likelihood of harm as a basis for determining the need for improved control measures. SUBSTANTIAL Work should not be started until the risk has been reduced. Considerable resources may have to be allocated to reduce the risk. Where the risk involves work in progress, urgent action should be taken. INTOLERABLE Work should not be started or continued until the risk has been reduced. If it is not possible to reduce risk even with unlimited resources, work has to remain prohibited. Lecture Notes: Topic 5 Risk Assessment & Risk Management 25