Risk Management

Risk Management

It’s a legal requirement under WHS law for an organisation to establish a plan and guidelines for development, implementation and measurement of a risk management process for the control of foreseeable WHS risks identified in the work place. There is a range of material which outlines processes for their application including the current Act and Reg’s, associated codes of practice and international standards such as ISO 31000:2009 – Risk Management – Principles and Guidelines.

Any organisation’s work activities involve a certain amount of risk which requires management. The amount of risk is dependent on the scope of work being conducted, location of the work site, workers involved etc.      

Underpinning the entire process of risk management is the need to consult with workers and other persons who have duties under safety law and actively assess and manage risk together. Consultation is the key to Risk Management where workers are involved in the identification, development, implementation and the review of risk management strategies.  


 Legal Responsibilities

With respect to risk management, a Person Conducting a Business or Undertaking (PCBU) has a duty under the WHS Act to ensure health and Safety by eliminating risks to health and safety, so far as reasonably practicable, or reduce those risks as far as reasonably practicable. 


Therefore, risk management can be seen is a systematic process that involves several basic steps in identifying hazards, assessing hazards or risks, and eliminating, controlling or managing reasonably foreseeable risks:

  1. Establish the context
  2. Identify the risks
  3. Analyse the risks
  4. Control the risks
  5. Review the risks



The current WHS Act of 2011 states in section 17 - A duty imposed on a person to ensure health and safety requires the person:

(a)  to eliminate risks to health and safety, so far as is reasonably practicable, and

(b)  if it is not reasonably practicable to eliminate risks to health and safety, to minimise those risks so far as is reasonably practicable.


Furthermore, the Australian Standard AS/NZS 4801:2001; section 4.3.1, states 4.3.1 Planning Identification of Hazards, Hazard / Risk Assessment and Control of Hazards / Risks:

  1. The organisation shall establish, implement and maintain documented procedures for hazard identification, hazard/risk assessment and control of hazards/risks of activities, products and services over which an organisation has control or influence, including activities, products or services of contractors and suppliers.
  2. The organisation shall develop its methodology for hazard identification, hazard/risk assessment and control of hazards/risks using the Hierarchy of control, based on its operational experience and its commitment to eliminate workplace illness and injury. The methodology shall be kept up-to-date.
 Managing Hazards in the Workplace

There are many ways to manage hazards and risks in the workplace.


The most common approach is to implement what is known as the Hierarchy of Control (HOC):

  • Elimination – Eliminate the hazard and therefore the risk altogether
  • Substitution – Substitute the hazard with something safer
  • Isolation – Isolate the hazard for people
  • Engineering – Engineering control measures such as mechanical devices, guarding etc
  • Administration – Training. PPE gear, signage etc


 Developing and Implementing a Risk Register

Developing and implementing a Risk Register is a vital part of an organisation’s Risk management process. Quite often, a Broad-Brush Risk Assessment (BBRA) is completed within the organisation to capture hazards associated with all activities within the organisation.


This register requires reviewing on a regular basis and made available to interested parties inclusive of workers.  Risk registers are an essential tool in managing risk and it’s advisable that these registers are linked and form part of an integrated risk management framework.

 Example of Risk Register

There are many risk management tools which are used in the risk management process. Such tools include, Pre-task risk assessments (such as Take 5, 60 seconds), Job Safety Analysis (JSA’s), Safe Work Method Statement (SWMS), Safe Work Procedures (SWP’s). Basically, they all do the same job and assist workers in identifying and controlling risk.  


A pre-task risk assessment (a Take 5) ensures that any non-routine jobs are quickly assessed prior the commenced of work being conducted. A routine job, that has been assessed previously, can be carried out on a SWMS / JSA as long as the job scope is reflective of the hazards identified in the completed SWMS.

 Example of SWMS/JSA

The risk assessment and treatment process should be developed using consultation, communication, supervisory and review processes consistent with the workplace’s health and safety management system. Organisations, should expand their respective systems to incorporate not just WHS but all areas of organisational risk (eg financial, operational risk etc). An integrated RM framework is an appropriate and effective way of measuring risk throughout an organisation.


Documenting and sharing information about RM is essential to ensure that appropriate people within the organisation are made aware and informed of the risk(s) being managed.