Summary
When it comes to health and safety in the workplace, mimimising the potential harm that could come to any of your staff has to be a priority. There was a time when health and safety was seen as a separate element when it came to running a business. Back then, the Health and Safety Executive (HSE) advocated implementing health and safety procedures based on the POPIMAR (Policy, Organising, Planning, Implementing, Measuring performance, Auditing and Review) model which tended to separate health and safety from other elements involved in the running of a business.
Today, by way of further integrating health and safety into the everyday running of a business, the HSE has turned to POPIMAR’s successor, Plan, Do, Check, Act, or PDCA.
Another part of the drive towards more effective health and safety measures includes the Institute of Occupational Safety and Health (IOSH), which is based in the UK, and has developed a worldwide organisation to educate businesses in the ways of effective implementation of health and safety measures. Here at Commodious our excellent and comprehensive seven-module Managing Safely course is based on IOSH requirements and forms a part of its Training and Skills program.
According to the IOSH, “Risk is the likelihood of potential harm from [a] hazard being realised. The extent of that risk will depend on the following:
A risk rating is the level of risk attributed to a certain hazard and the potential for that hazard to cause harm.
According to the American Chemical Society:
Risk Rating (RR) = Probability of Occurrence (OV) x Severity of Consequences Value (CV)
In simple terms, the greater the estimated probability of occurrence and the greater the magnitude of the severity of the consequences, the greater the risk rating will be.
The probability of occurrence is the likelihood of an identified risk actually happening. It is important to note here that the probability of occurrence is not the same as a risk rating. The probability of occurrence is an educated ‘estimate’ of the likelihood of an event happening, while a risk rating is a carefully calculated estimate of a risk happening. In general, the probability of occurrence is estimated to be at one of five different levels, these levels being:
Not present | Value 0 | Percentage of likelihood of occurrence 0% |
Rare | Value 1 | Percentage of likelihood of occurrence 1-10% |
Possible | Value 2 | Percentage of likelihood of occurrence 11-50% |
Likely | Value 3 | Percentage of likelihood of occurrence 51-90% |
Almost certain/certain | Value 4 | Percentage of likelihood of occurrence 91-100% |
The severity of consequences assesses impacts on personnel safety, resources, work performance, and property damage, and can also include institutional reputation. In the chart below we have created a rating of 1 and 4 for the severity level.
In theory, you would think that multiplying the probability of occurrence value by the severity of consequence value would give you an accurate risk rating. It will, but here’s the problem. It will not allow you to differentiate between high-risk activities and low-risk activities. We will explain further…
Using the standard linear scaling, an activity with a ‘certain’ probability rating (4) with a ‘no risk’ rating (1) would produce an overall risk rating of 4. However, if a different activity has a ‘rare’ probability value (1) with potentially lethal consequences (4), this activity would have an identical risk rating of 4. However, as any activity with the potential of being lethal would never be considered low risk, regardless of how low the probability, the severity of the scale needs to be weighted to consider the severity of potential consequences.
Consequence Value (CV) | Impact to... | |||||
Rating | Value | Personnel | Resources | Work | Property | Reputation |
No Risk | 1 | No injuries | No impact | No delays | Minor | No impact |
Minor | 5 | Minor injuries | Moderate impact | Modest delays | Moderate | Potential damage |
Moderate | 10 | Moderate to life-impacting injuries | Additional resources required | Significant delays | Substantial | Damaged |
High | 20 | Life-threatening injuries from a single exposure | Institutional resources required | Major operational disruptions | Severe | Loss of confidence |
Looking again at our two different activities, by using this weighted scale, an activity with a certain probability (4) with no risk (1) would still have a risk rating of 4. However, and this is the important part, an activity with a rare probability value (1) with potentially lethal consequences (20) would result in an overall risk rating of 20. Comparing a risk rating of 4 to 20 is a far more ‘informative’ way to help understand the severity of a risk.
Of course, the weighting can be adjusted to suit your own calculations, these figures are not ‘set in stone’.
One of the most important elements of health and safety in the workplace is the accurate and effective identification of risk. Of course, that in itself is insufficient when it comes to protecting the workforce. Simply telling employees that one of the tasks they have to perform is ‘quite dangerous’ is pointless as it is an employer’s responsibility to mitigate all risks to the greatest extent possible.
So, how do you identify risk in the workplace?
In order to identify risk in the workplace, you need to carry out a risk assessment. This involves looking at each and every action performed by the workforce and identifying any hazards.
According to the HSE, identifying hazards involves assessing the following as examples:
Therefore hazards, and consequentially risks, also include but are not limited to the actual working environment, the premises, the equipment, the training, other members of the workforce, and the working environment.
Having identified all hazards, you then need to decide how likely it is that someone could be harmed and how serious it could be. This is known as assessing the level of risk.
Thus, you need to assess:
If you would like to learn more about conducting a risk assessment, consider reading our detailed article here.
Ask yourself the following questions:
It will pay you to look further than at the obvious. You could perhaps consider any or all of the following:
You should then put in place all the necessary controls you have identified. You are not expected to eliminate 100% of the risks, but you are required, by law, to do everything 'reasonably practicable' to protect employees and other visitors to your premises, such as clients or customers, from harm. This means balancing the level of risk against the measures needed to control the real risk in terms of money, time or required effort.
The HSE also provides additional detailed guidance on controls relevant to your business.
If you employ five or more people, you are required to record any significant findings, including.
For further help, Commodious has produced a very useful resource, How to do a risk assessment with a free downloadable template. However, it is important to note that you should not solely rely purely on filling in paperwork as your main priority should always be to actively mitigate risks in working practices and your premises.
Once operational, you are then required to review the controls you have put in place to ensure they are working. You should also review the controls if:
It is also good working practice to involve the workforce in all the processes of risk management. Soi, consider implementing a review if your workers have spotted any problems or if there have recently been any accidents or near misses.
Subsequent to this, you should update your risk assessment record with any changes made.
Here at Commodious we specialise in providing online courses that cover many aspects of Health & Safety at work. If you would like to learn more about any of these, please feel free to get in contact with us.