A complete guide to the risk assessment process

Mark Zuckerberg, founder of Facebook, once said, “The biggest risk is not taking any risk. In a world that's changing really quickly, the only strategy that is guaranteed to fail is not taking risks.”

While this advice isn’t new, we think you’ll agree that there are some risks your company doesn’t want to take. Specifically, risks that put the health and well-being of your employees in danger. These are risks that aren’t worth taking. But it’s not always clear what actions, policies, or procedures are high-risk. 

That’s where the risk assessment process comes in.

With a risk assessment, companies can identify and prepare for potential risks in order to avoid catastrophic consequences down the road and keep their personnel safe.

What is risk assessment?

Risk assessment is the process employers take to identify processes and situations that may cause harm in their organization, especially to people. This is known as hazard identification. Once those hazards are identified, they must determine how likely each hazard is to occur and, if it does, how severe the consequences would be. From there, organizations should determine steps to mitigate hazards or control risks properly if they cannot be eliminated. This is known as risk control.

It’s important to note the difference between hazards and risks, because they’re often conflated. A hazard is anything that can cause harm, including work accidents, emergency situations, toxic chemicals, employee conflicts, stress, and more. A risk, on the other hand, is the chance that a hazard will cause harm. As part of your risk assessment plan, you will first identify potential hazards and then calculate the risk or likelihood of those hazards occurring.

The goal of a risk assessment process will vary across industries, but overall, the goal is to help organizations prepare for and combat risk. Other goals include preventing injury or illness, creating awareness about hazards and risks, and meeting legal requirements. Additionally, there’s the issue of budget. Risk assessment can help you make an accurate inventory of available assets, justify the costs of managing risks, determine the budget needed to remediate risk, and understand the return on investment of risk management as a whole.

Businesses should perform a risk assessment before introducing new processes or activities, before introducing changes to existing processes or activities (such as changing machinery), or when the company identifies a new hazard.

The steps used in risk assessment form an integral part of your organization’s health and safety management plan and ensure that your organization is prepared to handle any risk.

Preparing for your risk assessment 

Before you start the risk management process, you should determine the scope of the assessment, necessary resources, stakeholders involved, and laws and regulations that you’ll need to follow. 

Scope: Define the processes, activities, functions, and physical locations included within your risk assessment. The scope of your assessment impacts the time and resources you will need to complete it, so it’s important to clearly outline what is included (and what isn’t) to accurately plan and budget. 

Resources: What resources will you need to conduct the risk assessment? This includes time, personnel, and financial resources required to develop, implement, and manage the risk assessment. 

Stakeholders: Who is involved in the risk assessment? In addition to senior leaders who need to be kept in the loop, you’ll also need to organize an assessment team. Designate who will fill key roles such as risk manager, assessment team leader, risk assessors, and any subject matter experts.

Laws and regulations: Different industries will have specific regulations and legal requirements governing risk and work hazards. For instance, the Occupational Safety and Health Administration (OSHA) sets and enforces working condition standards for most private and public sectors. Plan your assessment with these regulations in mind so you can ensure your organization is compliant.

5 steps in the risk assessment process

Once you’ve planned your assessment and allocated the necessary resources, you can begin the risk assessment process. Proceed with these five steps.

Step 1: Identify the hazards

The first step to creating your risk assessment is determining what hazards your employees and your business face, including:

• Natural disasters (flooding, tornadoes, hurricanes, earthquakes, fire, etc.)

• Biological hazards (pandemic diseases, foodborne illnesses, etc.)

• Workplace accidents (slips and trips, transportation accidents, structural failure, mechanical breakdowns, etc.)

• Intentional acts (labor strikes, demonstrations, bomb threats, robbery, arson, etc.)

• Technological hazards (lost Internet connection, power outage, etc.)

• Chemical hazards (asbestos, cleaning fluids, etc.)

• Mental hazards (excess workload, bullying, etc.)

• Interruptions in the supply chain

Take a look around your workplace and see what processes or activities could potentially harm your organization. Include all aspects of work, including remote workers and non-routine activities such as repair and maintenance. You should also look at accident/incident reports to determine what hazards have impacted your company in the past.

Step 2: Determine who might be harmed and how

As you look around your organization, think about how business activities or external factors could harm your employees. For every hazard that you identify in step one, think about who will be harmed should the hazard take place.

Step 3: Evaluate the risks and take precautions

Now that you have gathered a list of potential hazards, you need to consider how likely it is that the hazard will occur and how severe the consequences will be if that hazard occurs. This evaluation will help you determine where you should reduce the level of risk and which hazards you should prioritize first.

Later in this article, you’ll learn how you can create a risk assessment chart to help you through this process.

Step 4: Record your findings

If you have more than five employees in your office, you are required by law to write down your risk assessment process. Your plan should include the hazards you’ve found, the people they affect, and how you plan to mitigate them. The record—or the risk assessment plan—should show that you:

• Conducted a proper check of your workspace

• Determined who would be affected

• Controlled and dealt with obvious hazards

• Initiated precautions to keep risks low

• Kept your staff involved in the process

Step 5: Review your assessment and update if necessary

Your workplace is always changing, so the risks to your organization change as well. As new equipment, processes, and people are introduced, each brings the risk of a new hazard. Continually review and update your risk assessment process to stay on top of these new hazards.

How to create a risk assessment chart

Even though you need to be aware of the risks facing your organization, you shouldn’t try to fix all of them at once—risk mitigation can get expensive and can stretch your resources. Instead, prioritize risks to focus your time and effort on preventing the most important hazards. To help you prioritize your risks, create a risk assessment chart.

The risk assessment chart is based on the principle that a risk has two primary dimensions: probability and impact, each represented on one axis of the chart. You can use these two measures to plot risks on the chart, which allows you to determine priority and resource allocation.

 

Be prepared for anything

By applying the risk assessment steps mentioned above, you can manage any potential risk to your business. Get prepared with your risk assessment process—take the time to look for the hazards facing your business and figure out how to manage them.