Health and safety (WHS) legislation across Australia imposes important duties on businesses and their officers, and a major part of fulfilling these duties is risk management. This article helps businesses and officers meet their risk management obligations by exploring health and safety risk registers and safety strategies.
WHS obligations and risk management
Health and Safety legislation in Australia imposes a primary duty on an employer/person conducting a business or undertaking in Australia, to provide and maintain a workplace that is safe and without risk to health so far as is reasonably practicable.
This primary duty is a broad one, but the intention of the legislation is to impose a statutory responsibility on businesses to manage and control health and safety risk.
To comply with these legislative provisions, an employer/person conducting a business or undertaking must establish:
- a health and safety risk register; and
- a strategy to manage the risks identified in the register.
Establishing a health and safety risk register
A risk register documents all of the key hazards associated with a business’s operations. Each hazard listed on the register should be risk assessed and allocated an initial risk score.
A number of risk matrices are used to establish a risk score. An example of a risk rating matrix is provided below, however the recommended is the standard matrix ISO 31000 (2009): Risk Management – Principles and Guidelines as shown below:
The purpose of the risk rating matrix is to prioritise action according to the level of risk assigned to any given hazard. Items allocated a n extreme or high-risk score require immediate action in terms of implementing risk control (in accordance with the hierarchy of control) measures to mitigate the risk associated with the hazard.
A risk register enables a business to group all known hazards identified via:
- risk assessments (i.e. plant, work at height, confined space entry, manual handling, noise, traffic management, hazardous substances/dangerous goods);
- workplace inspections;
- hazard reports;
- incident reports; and
- external audits/inspections.
The hazards are then compiled into the one document and prioritised according to the risk scores.
A risk register also allows company officers to have clear oversight of known health and safety risks and the current and future measures that are required to mitigate these risks.
Each high-risk item must be assigned:
- a date of commencement;
- commentary on actions taken to control the risk;
- the residual risk score assigned post implementation of controls; and
- the proposed date of completion/close out of the item.
Each of these items will be explored below in greater detail.
1. Date of commencement
Each high-risk item listed on the risk register must be allocated a specific date as to when risk controls were first established to mitigate the associated risk. As high-risk items are closed out or the risk managed to an acceptable level (i.e. a lower residual risk score on the matrix) attention must shift to the medium and low risk items listed on the register.
As an employer/person conducting a business or undertaking, oversight must include scrutiny of the time taken to implement the first control measure for a high-risk item. Officers must ensure that personnel who are delegated with the responsibility of risk control implementation act with an appropriate degree of urgency.
2. Detailed commentary on the actions taken to control the risk
Commentary assigned to each high-risk item must be detailed and include documented evidence to justify each step down in the hierarchy of control.
Definition: Hierarchy of Control
The hierarchy of control sets out the priority of risk control actions in order of decreasing effectiveness.
The hierarchy of control sequence is as follows:
- Elimination, i.e. eliminate the hazard altogether;
- Substitution, i.e. substitute the hazard with something less hazardous;
- Engineering, i.e. redesign plant or work processes;
- Isolation, i.e. isolate the hazard;
- Administration, e.g. procedural controls, training; and
- Personal protective equipment, e.g. high-visibility clothing, helmets.
A duty is imposed by health and safety legislation to eliminate risks in the workplace so far as is reasonably practicable. As such, a reliance on administrative controls to control high-risk hazards is often fraught with danger. Administrative measures alone should only be considered as a short- to medium-term option while higher-level controls are considered and must have well established oversight measures to ensure their effectiveness.
Officers, as part of their oversight process, should scrutinize the risk controls implemented to ensure that high-level controls (i.e. elimination, substitution, isolation/engineering) have been considered before lower-level controls are implemented (i.e. administration, personal protective equipment). As such, personnel with the delegated responsibility for risk control implementation must document their justification process for each step down in the risk control hierarchy.
3. A residual risk score
Definition: Residual Risk Score
A residual risk score is the remaining level of risk assigned to a hazard after the implementation of a risk control measure.
From an oversight perspective, the residual risk score is important as it enables close scrutiny of risk control measures assigned to a high-risk item. In the event a high-risk item is assigned a medium or low residual risk score, an officer must scrutinise the effectiveness of the controls implemented to ensure the lower assigned residual risk score is accurate.
4. A date of proposed completion
Each item must be assigned a specific and realistic proposed date for completion. Items must not be allocated wording such as ‘in progress’, ‘not started’ or ‘on hold’.
Developing a safety strategy
Once the health and safety risk register is established, a strategy should be developed to manage the risks identified on the register. Such a strategy should:
- Set the organisational goals in terms of the management and control of the business’s top five to ten high-risk health and safety items. Consideration should be given to sourcing technologies that may be used to upgrade existing control measures.
- Allocate responsibility and accountability. Specific leadership performance guidelines must be established in accordance with the business’s governance structure.
- Allocate a demonstrable budget that matches the risk controls required to mitigate the business’s high-risk health and safety items.
- Establish positive performance measures, including the number of high-risk items:
- listed on register for a defined reporting period; and
- closed out or downgraded (i.e. reduced residual risk rating) for a defined reporting period.
- Establish an oversight process to enable officers to scrutinise plan progression. Minutes must be kept and any variance against the plan must be justified and new timeframes established.
Survey: Are you exercising due diligence to manage risk?
Contact us at SafeT Now Consulting on 0487 700 898 to discuss this in further detail.