Risk Assessment


Risk assessment, “….a careful examination of what, in your work, could cause harm to people, so that you can weigh up whether  you have taken enough precautions or should do more to prevent harm….”

It is the cornerstone of any planning, whether in the short term and the medium or long term. The Appropriate analysis will allow visualising both the risks and the dangers to which it is exposed. The risk analysis should be carried out for new projects not only for Safety and process technique issues but also for their viability. In operations already in process to know its updating, resilience, and sustainability.
Based on the above, a project or an existing operation can not be developed that is appropriate, logical, understandable, and can be activated easily, feasible and quickly. The Risk assessment must include the company’s total activities and can be divided for its implementation in sites, divisions, operations, process, and departments.

Five steps to risk assessment can be followed to ensure that your risk assessment is carried out correctly. These five steps are:

  1. Identify the hazards
  2. Decide who might be harmed and how
  3. Evaluate the risks and decide on control measures
  4. Record your findings and implement them
  5. Review your assessment and update if necessary

Risk Identification

To effectively address the hazards and risks within a workplace, you must first correctly identify them. When conducting risk identification, the ISO 31000-2018 standard recommends that safety professionals and stakeholders examine a wide variety of factors, including:

  • Tangible and intangible sources of risk
  • Threats and opportunities
  • Causes and events
  • Consequences and their impact on objectives
  • Limitations of knowledge and reliability of the information
  • Vulnerabilities and capabilities
  • Changes in the external and internal context
  • Indicators of emerging risks
  • Time-related factors
  • Biases, assumptions and beliefs of those involved

Focusing on these areas, a risk assessment team can use several different methods to identify the hazards present in the workplace. One such way is a hazard identification (HAZID) study that offers a qualitative, structured risk identification technique. 

HAZID uses guide words and checklists to identify potential hazards, their causes and consequences. Along with its qualitative structure, HAZID can also include qualitative analysis to determine the potential severity of a particular risk and the likelihood of occurrence. 

The risk assessment team can use risk assessment matrices and heat maps to compare and prioritise hazards. These tools allow safety professionals to place risks into the matrix or chart based on a potential incident’s likelihood and severity. From there, decision-makers can analyse each threat to determine the highest-level risks to address. 

Risk Evaluation

As the final step of risk assessment, risk evaluation calls on safety professionals to examine the risk analysis results and compare them to established risk criteria to determine where additional controls may be required and what those controls might be. 

As noted, bow-tie risk analysis is a technique for risk evaluation that has gained traction in the safety profession because it provides a more holistic view of risk and paints a picture of a specific hazardous event. The bow-tie analysis is centred around a potential incident, examining its causes, the preventive controls in place, the mitigative rules if they were to occur, and the consequences of the incident. 

The benefit of a bow-tie analysis is the ability to visualise a specific hazardous event better, how it could occur, the consequences and how those consequences could be prevented or mitigated. Such an analysis does not, however, usually include a risk scoring mechanism, nor does it reflect the effectiveness of controls. 

Regardless of the method, keep in mind that risk-based decision-making should consider the broader context and the actual and perceived consequences to internal and external stakeholders.