NOWECO Management Software

The Role of Risk Management
for Occupational Health and Safety

Benefiting from effective risk assessment
By Andreas E. Fiedler


Many workplaces have hazards. Hazards put employees at risk of injury or harm to health. Therefore health and safety need to be managed in a systematic manner. This is the job of occupational health and safety management.

Occupational health and safety already is a legal requirement in several countries. Others have established such system but the application is still optional.

Risk management is an integral part of performing occupational health and safety. It serves to identify and assess the risks derived from the hazards. It finally leads to appropriate action to reduce or even eliminate such risks. Risk management is the critical success factor in occupational health and safety.

The Management System for Occupational Health and Safety

The management system provides the framework for the process of identifying hazards, assessing associated risks, taking action and reviewing the outcome. Like any modern management system it conforms to the kind of management system as it was developed for quality management (ISO9000). Hence, the occupational health and safety management system just has to be integrated into the existing management systems.

The following are the elements of a management system for Occupational Health and Safety (OHS) as suggested by OSHAS 18001 which embraces BS8800, AS/NZ 4801, NSAI SR 320 and a number of other publications. It is based on the Plan - Do - Check - Act cycle:

Managing Risks


Risk management has become part of lots of management systems. The information security management system for example uses risk management to assess the risks associated with the audit findings of the information security management system. The same way the occupational health and safety management system makes use of risk management to assess the risk associated with hazards.

This gives the frame for the process in occupational health and safety:

Identifying hazards

A hazard is anything that is a threat to health and safety in an organisation. Therefore it is linked to the people of the organisation and it immediately becomes clear that everybody has to contribute to finding hazards at his or her workplace. It is a legal requirement in some countries that employers have to consult their employees.

A hazard is not just linked to a technical equipment or a material used at a workplace but has to include processes and procedures that determine the work at the workplace.

Sources for hazard identification can be:

Assessing associated risks

Prior to assessing risks these risks associated to the identified hazards have to be determined. Mind the gap and clearly understand that hazards and risks resulting from hazards are something different!

Risk assessment itself is very much the same as with risk assessment in other management systems. Typically, a risk is assessed by its likelihood and its consequence. Risk assessment will provide you with an insight in your risks and allow to prioritise risks for taking mitigating actions.

A risk matrix serves well to define and classify likelihood and consequences of a risk. A risk matrix makes use of descriptors to define levels of both likelihood (from almost certain to rare) and consequence (from insignificant to catastrophic).

The following aspects may be helpful to determine the likelihood of a risk:

Accordingly the consequences have to be determined. With regard to property and environmental damage these consequences can be expressed in terms of money. Whenever people are harmed the consequences can be expressed in terms of seriousness of the illness or injury. This has further to be put in relation to who is harmed, especially people at a particular risk such as expectant mothers or young people.

Risk assessment will be completed with prioritisation of risks and assigned risk factors to understand the scope of mitigating actions required.

Taking actions to mitigate risks

Mitigating actions focus on reducing the likelihood and/or consequence. There is a hierarchy in different solutions whereby the most effective usually is also the most difficult and sometimes most expensive to realise:

Monitoring the effectiveness

The outcome of each risk mitigating action has to be reviewed on two levels:

Any control measures have to be maintained in order to ensure that they are kept in working order. As well procedures have to be audited to ensure they are being followed as intended.

After completing one entire cycle of risk management the next has to be scheduled to ensure that always the best actions are taken and new hazards are included into risk management.

Keeping Records

All analysis and assessments made as well as all actions taken need to be recorded. A Risk Register or Risk Log will serve to do so. To allow record keeping being an efficient task most organisations will look for a software solution providing such risk register.

Why have a Risk Register

Support of risk management efforts

A risk register is able to support the risk management efforts as it provides:

A risk register usually supports four main types of actions which are:



Risk management of occupational health and safety will be a regular guest on the agenda of management. However, apart from just being a requirement management may realise the benefits of occupational health and safety, especially when registered to the respective local standard:


© 2005 Northwest Controlling Corporation Ltd.