HAZARD IDENTIFICATION AND RISK ASSESSMENT PROCEDURE
1.0 PURPOSE
The purpose of this procedure is to describe ZPC process and actions to address the Risks and
Opportunities
2.0 SCOPE
This procedure applies to all operations, activities, employees, departments, projects
implementation and contractors working at any operation of Zimbabwe Power Company.
3.0 COMPLIANCE OBLIGATION
3.1 The user shall refer to the compliance obligations register.
3.2 The Hazard Identification and Risk Assessment Framework is guided by the Principles of
ISO 3100:2018 Risk Management Standard
4.0 ABBREVIATIONS, ACRONYMS AND DEFINITION
For the purposes of this specification the following definitions apply:
4.1
Hazard – source with a potential to cause injury or ill health
4.2
Impact: any change to the environment whether adverse or beneficial, wholly or
partially resulting from an organizations activities, products or services (effect/result).
The use of the term environmental risks in the IMS system refers to the environmental
impacts.
4.3
Risk – Potential for loss.
4.4
Inherent risk- The risk without considering internal controls.
4.5
Residual Risk - The level of risk remaining after the relevant controls have been
applied OR the risk left over after implementing a risk treatment option.
4.6
Significant risk - one where additional control measures are required to eliminate or
reduce the risk of loss.
4.7
Tolerable risk - one that attracts a low risk ranking.
4.8
Normal conditions - work performed under ordinary conditions or circumstances.
4.9
Abnormal condition - work performed under none-routine or irregular activities.
4.10
Emergency Condition - an unexpected or unplanned occurrence or situation
demanding immediate action and which could result in loss, damage or injury.
4.11
Acute Occupational Health Effects - occupational illness or disease that could be
severe, but only lasts for a relatively short period of time.
HAZARD IDENTIFICATION AND RISK ASSESSMENT PROCEDURE
4.12
Chronic Occupational Health Effects - occupational illness or disease that could last a
long time or reoccur often.
4.13
Controls - are the precautions taken to eliminate/manage a risk.
4.14
Severity – The degree of harm to the organization, employees and environment.
4.15
Frequency – Known rate per unit of time.
4.16
Probability – The chance of occurrence of an incident.
4.17
SHERQ – Safety, Health, Environment, Risk & Quality.
4.18
HOD/HOS –Head of Department/Head of Section.
4.19
Project Manager – a person appointed by ZPC to manage a specific project.
4.20
Top Management – the highest level of management in ZPC who direct and control
the operations at Corporate and Station level.
4.21
Reasonably Practicable- That which is, or was at a particular time, reasonably able to
be done to reduce or eliminate the risk.
4.22
Risks and Opportunities - potential adverse effects (threats) and potential beneficial
effects (opportunities).
4.23
Compliance obligations- legal requirements that an organisation has to comply with
and other requirements that an organisation has to or chooses to comply with.
4.24
BBS – Behaviour Based Safety.
4.25
SDS – Safety Data Sheet.
5.0 RESPONSIBILITY
5.1
The Technical Compliance Manager shall be responsible for the establishment and
maintenance of this procedure.
5.2
The Directors, Management and SHERQ personnel shall ensure the OSH Risk
Identification and assessment process is implemented and managed in all areas of
the operation, in terms of the OSH Policy. Top Management should pay attention to
strategic risks and significant operational risks.
5.3
It is the responsibility of the HODs/HOSs/Project Managers to implement actions to
address risks and opportunities following the risk assessments. The
HODs/HOSs/Project Managers and SHERQ personnel shall ensure that a multidisciplinary team carries out OSH risks assessments in their areas of responsibility.
5.4
All employees shall be responsible for carrying out pre-task risk assessments,
continuous risk assessments and participating in baseline and issue based risk
assessments as maybe required from time to time.
HAZARD IDENTIFICATION AND RISK ASSESSMENT PROCEDURE
5.5
Supervisors are responsible for the identification, assessment and management of
OSH risks within their areas of responsibility.
5.6
It shall be the responsibility of the designated SHERQ person to co-ordinate and
facilitate the OSH risk identification and assessment process in liaison with relevant
managers/supervisors.
5.7
The designated SHERQ person shall be responsible for the co-ordination of OSH
Risk management plans and risk reports to the Power Plant /General Manager and
Technical Compliance Manager. The Technical Compliance Manager shall be
responsible for the coordination of OSH risk management plans at corporate level.
5.8
The SHERQ personnel shall ensure that all the relevant Occupational Hygiene
Surveys are conducted by an Approved Inspection Authority and survey reports
obtained. The designated SHERQ person shall also interpret the report; correlate the
relevance between medical symptoms and workplace exposure where applicable.
5.9
The designated SHERQ personnel shall be responsible for conveying the survey
results to the Department/Section Heads/Project Manager. It is the responsibility of
the Department/Section Heads to carry out the recommendations of the risk
assessment/occupational hygiene survey.
5.10
The Management Systems Administrator shall ensure the OHSMS goes through a
comprehensive risk assessment as outlined in this Framework.
6.0 FRAMEWORK/PROCEDURE
6.1 Risk Management Planning
6.1.1 Actions to address risks and opportunities shall follow the principles,
methodologies and criteria outlined in this Risk and Opportunities Management
Framework.
6.1.2 Each station and site shall plan:
Actions to address its:
1) Significant hazards
2) Compliance obligations;
3) Risks and opportunities
6.1.3
When planning for changes each Station/Site shall consider:
a) The purpose of the changes and their potential consequences;
b) The integrity of the OHSMS management system;
c) The availability of resources;
d) The allocation or reallocation of responsibilities and authorities.
6.1.4
Each station and site shall plan how to:
a) Integrate and implement the actions into its OHSMS processes or other
business processes;
b) Evaluate the effectiveness of these actions
6.1.5
When planning these actions, each station or site shall consider its technological
options and its financial, operational and business requirements.
HAZARD IDENTIFICATION AND RISK ASSESSMENT PROCEDURE
6.1.6
The departmental risks and opportunities team shall comprise of, as a minimum,
SHERQ representative and Line Management. The OSH risks identification
process shall be coordinated by SHERQ in liaison with the respective managers.
The Management Appointee shall coordinate the identification of OSH strategic
risks.
6.1.7
Hazard identification shall be done as part of
 Baseline risk assessment,
 Issue based risk assessments
 Pre-task risk assessment.
 Continuous Risk/Impact Assessment
6.1.8
Identified baseline and issue-based hazards and risks shall be captured using a
form.
6.1.9
The Manager in charge of a specific area or project may initiate the need for a
HIRA process in whatever form is desirable at any point and time.
6.1.10 A competent member of the SHERQ department including a SHERQ
Representative shall always be a member of the selected team to carry out a
HIRA.
6.2 Context of the Organisation for Risk Management
6.2.1 Top Management shall determine external and internal issues that are relevant to
its purpose and that affect its ability to achieve the intended outcomes of its
OHSMS. Such issues shall include positive and negative factors for consideration.
6.2.2
Understanding external context top management will consider issues arising from
legal, technological, competitive, market, cultural, social and economic
environments, whether international, national, regional or local. Understanding the
internal context will consider issues related to values, culture, knowledge and
performance of the organisation.
6.2.3
Head office and station departments shall determine:
a) The interested parties that are relevant to the OHSMS.
b) The requirements of these parties that are relevant to the OHSMS.
c) Which of these requirements become its compliance obligations.
d) Which should be monitored and reviewed during management reviews.
Head office shall establish a corporate scope for OHSMS whilst all Sites/stations
shall determine the boundaries and applicability of the OHSMS to establish their
own scope. In establishing the scope, the following shall be considered:
6.2.4
a) The external and internal issues referred to in 6.1.1;
b) The compliance obligations and the requirements of relevant interested parties
referred to in 6.1.2;
c) Its organisational units, functions and physical boundaries;
d) Its activities, products and services;
e) Its authority and ability to exercise control and influence.
HAZARD IDENTIFICATION AND RISK ASSESSMENT PROCEDURE
6.2.5
The documented scope shall include a description of the scope and the physical
maps of the boundaries
6.2.6
Sites and Stations shall determine the processes needed for the OHSMS and their
application throughout the organisation to:
a) Determine the inputs required and the outputs expected from these processes;
b) Determine the sequence and interaction of these processes;
c) Determine and apply the criteria and methods (including monitoring,
measurements and
related performance indicators) needed to ensure the
effective operation and control of these processes;
d) Determine the resources needed for these processes and ensure their
availability;
e) Assign the responsibilities and authorities for these processes;
f) Address the risks and opportunities as determined in accordance with this
framework.
g) Evaluate these processes and implement any changes needed to ensure that
these processes achieve their intended results;
h) Improve the processes and the quality management system.
6.2.7
Departments shall:
a) Determine and have access to the compliance obligations related to its hazard;
b) Determine how these compliance obligations apply to the departments.
c) Take these compliance obligations into account when establishing,
implementing and maintaining and continually improving its OHSMS.
6.2.8
Head office legal shall maintain a documented information of corporate compliance
obligations and sites/stations maintains their localised compliance obligations.
6.3 Risk Assessment
6.3.1 To assist in the effectiveness of establishing actions to address risk and
opportunities, risk assessment teams shall go through all operational processes,
work organisation, social factors, leadership, organisational culture, projects
process and identify all activities, inputs, customer requirements, hazards, aspects
and outputs at each stage of the process flow under “normal” operating conditions.
6.3.2
The identification process shall start at the beginning of the process and follow
through to the end. Inventory/Tasks of all activities and Process flow diagrams
shall be produced wherever possible.
6.3.3
This will inform the determination exercise of the risks (including potential
emergency situations) and opportunities that need to be addressed to:
a) Give assurance that OHSMS can achieve its intended results
b) Enhance desirable effects
c) Prevent, or reduce, undesired
d) Achieve improvement.
e) Compliance Obligations.
The gathering and analysis of information from internal and external sources shall
be an essential element before and during the Risk/Impact assessment process.
Some of the documents necessary during HIRA include, but not limited to,
HAZARD IDENTIFICATION AND RISK ASSESSMENT PROCEDURE










Process flow charts,
Applicable Legal Requirements,
Customer Complaints Register,
Analysis of human behaviour, capabilities and other human factors,
Hygiene Risk Assessments e.g. noise, lighting, etc.
Fire risk assessment,
Audit reports,
SDS
Waste Inventory,
OHSMS statistic trend analysis etc.
6.4 Risk Identification
6.4.1
Within the defined scope of the OHSMS, departments shall determine the hazards
and risks of its activities, products and services that it can control and that it
influences and their associated risks and opportunities considering a life cycle
perspective.
When determining hazard and risks, the departments shall take into account:
a) Changes, including planned or new developments, and new or modified
activities, products and services; knowledge and information about hazards
b) Abnormal conditions and reasonably foreseeable emergency situations.
c) How work is organized, social factors (including workload, working hours,
victimization, harassment and bullying) leadership and the culture in the
organisation.
d) Routine and non-routine activities and situations.
e) Past relevant incidents, internal or external to the organisation, including
emergencies and their causes
f) People, including those:
1) with access to the workplace and their activities, including workers,
contractors, visitors and other persons
2) in the vicinity of the workplace who can be affected by the activities of ZPC
3) workers at allocation not under the direct control of ZPC
g) The design of work areas, processes, installations, machinery/equipment,
operating procedures and work organisation, including their adaptation to the
needs and capabilities of the workers
h) Situations occurring in the vicinity of the workplace caused by work-related
activities under the control of ZPC
i) Situations not controlled by ZPC and occurring in the vicinity of the workplace
that can cause injury and ill health to persons in the workplace
6.5 Risk Evaluation
6.5.1 The organization shall determine those hazards that have or can have significant
risks and opportunities by using the methods and principles outlined in this
framework. All significant OSH risks and opportunities shall be communicated
among the various levels and functions of the organization, as appropriate.
6.5.2
Sites and Stations shall maintain documented information of it’s:
a) Identified hazards and associated OSH risks and opportunities.
b) Criteria used to determine its significant hazards.
HAZARD IDENTIFICATION AND RISK ASSESSMENT PROCEDURE
c) Significant hazard shall require actions proportionate to the potential and
associated OSH risks impact on the conformity of products and services to
address risks and opportunities. Evaluation of the effectiveness of these
actions shall form part of the audit protocol.
6.5.3
The evaluation of OSH hazards and risks shall be done using risk registers for
baseline and issue-based risk assessments. The risk registers assess OSH risks
by considering Severity, Exposure, Frequency and Consequence to produce
inherent and residual risk.
The OSH risk assessment shall be done without controls (inherent) and then with
controls (residual). The existing control measures to be taken into consideration
include codes of practice, procedures, guards, special instructions and legal
provisions. It shall be particularly important to objectively assess these, as they
may not be working properly to reduce OSH risk.
6.5.4
The level of residual risk shall determine the significance of hazard. Any residual
risk value above 10 000 is deemed significant and shall require additional controls.
6.5.5
Risk categories shall be indicated on excel generated reports and the risk levels
range from Low risk to High Risk. High risks shall be considered significant.
6.5.6
Rating shall be on the basis of severity, exposure and frequency; the organisation
shall use the Risk Rating table to be provided.
6.6 Risk Treatment
6.6.1 Upon completion of a risk assessment, the team develops an OSH action plan to
implement control measures and manage identified risks. The OSH report/risk
register shall be used to show additional control measures recommended following
baseline and issue-based risk assessments
6.6.2
Control measures for effectively managing identified risks shall be prioritized and
actions shall be selected and applied in accordance with the risk management
hierarchy of controls i.e., Elimination, Substitution, Engineering controls,
Administrative and PPE or Reduce, Reuse, Recycle and Refuse. Control
measures are such that final residual risk levels are as low as is ‘reasonably
practicable’
HAZARD IDENTIFICATION AND RISK ASSESSMENT PROCEDURE
Figure 1.0 Hierarchy of Controls
6.6.3
Where necessary, risks shall be managed through procedures and or work
instructions
6.6.4
OSH objectives and targets shall be developed from this risk profiles and
registered in line with Objectives procedure.
6.6.5
Identified emergency scenarios shall be managed as per the Emergency
Preparedness and Response Procedure
6.7 Risk Appetite
6.7.1
The organisational risk appetite shall be established and reviewed by the Top
Management every year during the strategic meeting.
HAZARD IDENTIFICATION AND RISK ASSESSMENT PROCEDURE
6.7.2
The risk appetite shall be shown using the colour codes in accordance with the
residual risk value and defined as follows:
Colour
Description
Residual Value
Project Risk Owner
Operations Risk Owner
Green
Insignificant to
1-5 000
Technicians/Officers
Technicians/Officers
5 000- 10 000
Projects Engineer
Supervisor/Foreman/ Engineer
10 000 – 15 000
HOS
HOS
15 000- 20 000
Project site Manager
HOD
20 000 - 30 000
Projects Director/
GM Projects
GM/PPM
30 000- 40 000
Managing Director
Managing Director
Minor
Yellow
Red
Major to Critical
Very Critical to
Catastrophic
6.8 Communication/Reporting
6.8.1
All identified significant risks shall be communicated to all employees working in
the relevant areas. Appropriate awareness must be provided for all employees
exposed to the hazards and associated OSH risks. Work Instructions/Procedures
shall be developed for all tasks/activities identified as a high risk.
6.8.2
The risk assessment is communicated to all affected employees to ensure their
awareness.
6.8.3
A record of such communication shall be readily available and is kept by
HODs/HOSs.
6.9 Training and Awareness
6.9.1
Management, employees and contractors shall be trained in the identification and
control of hazards and risks during induction and other in-house training and
awareness means. This is also covered by Training, Awareness and Competency
Procedure.
6.10 Risk Registers Reviews
6.10.1 The company top ten OSH Risks shall be reviewed every quarter during the
Management Review Meetings.
6.10.2 Operational Baseline risks for Stations and sites shall be reviewed at least once
ever year.
6.10.3 Baseline risk registers for projects shall be reviewed at least once every quarter or
as prescribed by the Project Manager depending with the duration of the project.
HAZARD IDENTIFICATION AND RISK ASSESSMENT PROCEDURE
6.11 Types of Risk Assessments
6.11.1 Baseline Risk Assessment.
6.11.1.1
This shall be undertaken in all areas where Hazard Identification
and Risk Assessment (HIRA) has never been carried out.
6.11.1.2
All new projects to identify the major Risk, establish priorities and
establish a base program for future Risk control.
6.11.1.3
Relevant legal and other requirements relating to hazard and OSH
risks shall be identified at this stage and these shall be incorporated
in departmental legal and other requirements registers.
6.11.1.4
The baseline and issue-based risk assessment team shall comprise
of, as a minimum, SHERQ representative, HODs/HOSs and subject
matter experts
6.11.2 Issue Based Risk Assessment:
This shall be carried out when necessary e.g. when:
a) Some significant issues from the baseline risk assessments have been
identified.
b) A new machine, new recruits or equipment is introduced at the location.
c) There are new designs, processes and installations.
d) New work area is introduced.
e) Operations are modified.
f)
A business incident with a high potential for significant consequences.
g) Environmental spill has occurred with potential for litigation.
h) New knowledge comes to light and information received may influence the
level of Risk/Impact perception to employees at the workplace.
i)
There are changes in legislation, products, process and/or technology. All
changes shall be subjected to a comprehensive risk assessment as provided
for by the Management of Change Procedure.
6.11.3 Continuous Risk Assessment:
6.11.3.1
These assessments vary in degree of formality and include such
activities as formal studies, checklists, questionnaires, Short
Interval Control, the Five Point Safety System, Audits,
Maintenance, Performance management, inspections, on the Job
observation, and BBS. The main purpose of continuous risk
assessments is to monitor and assess the effectiveness of the
overall risk management program.
HAZARD IDENTIFICATION AND RISK ASSESSMENT PROCEDURE
6.11.4 Pre-task Risk Assessment
6.11.4.1
Pre-task risk assessments shall be conducted before commencing
work/task/project and this shall be done using checklists.
6.11.4.2
Work shall only commence if there is compliance to the risk
assessment. Depending on the nature of risks involved the
assessment shall be:
Formal: documented on the standard form and all concerned
employees shall acknowledge it by signing. Prior to undertaking
non-routine work, high risk operations, unscheduled work or tasks
which are not done regularly, the responsible line supervisor
ensures that pre-task risk assessments are done and all the
affected parties are informed of precautionary measures to be
taken. A pre-task risk assessment form shall be completed and
filed.
HAZARD IDENTIFICATION AND RISK ASSESSMENT PROCEDURE
Figure 2.0 Summarised ZPC Risk and Opportunity Management Framework
Context of the organisation





Consideration PESTEL Analysis
Consideration of SWOT Analysis
Establishment of Strategic plans
Determination of Compliance obligations
Establishment of Scope and Process flows
Risk Assessment










Process flows
Scope
Legal requirements
Projects
Processes
Products/activities/services
Customer requirements
Analysis of human behaviour, capabilities &human factors
Hygiene Risk Assessments e.g. noise, lighting, etc.
Emergencies
Risk Analysis


Risk rating
Risk categorisation
Risk evaluation




Use of excel for baseline and issue-based risk
assessment
Use of embedded formulas for calculation of Critical
Risk and Residual Risk Value
Use of risk rating matrixes and tables
Valuation of significant risk and the organisation risk
appetite
Risk treatment




Training and awareness
Control measures
Procedure/Work instructions
IMS Objectives and targets
Monitoring and review
Communication and consultation
Risk Identification
HAZARD IDENTIFICATION AND RISK ASSESSMENT PROCEDURE
7.0
PERFORMANCE INDICATORS
7.1 Conducted Risk Assessments
8.0
RECORDS
The following records are required as evidence of compliance with this procedure:
Record
Title
8.1
baseline Risk
assessment reports
8.2
Hazards/Aspects/Risk
Registers
8.3
Pre-task risk
assessments
8.4
Process Flow
Diagram/s
8.5
Training & Awareness
8.6
Strategic Plan/DIPA
Custodian
SHERQ
Office
SHERQ
Office
All
Employees
SHERQ
Office
SHERQ
Office
MD/GM/PPM
Location
Retention
Disposal
Management
Appointee’s office
3yrs
Shredding/Deleting
Management
Appointees’ Office
3yrs
Shredding/Deleting
3yrs
Shredding/Deleting
3yrs
Shredding/Deleting
3yrs
Shredding/Deleting
5yrs
Shredding/Deleting
Management
Appointees’ Office
Management
Appointees’ Office
Management
Appointees’ Office
Management
Appointees’ Office