How to Evaluate Risk & Add Controls
As part of our free, in-depth risk assessment course, Step 4 requires us to evaluate risk and add controls.
In other words, once we have assessed the level of risk that currently exists, we need to decide if it is acceptable or not. If not, we should then consider additional control measures that may be added to further reduce the risk.
Check our video lesson on evaluating risk to learn more about what you may need to consider when deciding whether risks are controlled adequately.
This task needs to be carried out in the context of regulatory compliance standards, good industry practice and risk tolerance within your organisation.
Evaluating Risk | What is Acceptable?
Every person and/or organisation will have different level of risk tolerance, which is influenced by many different internal and external factors. We can’t determine that for you right now, but we can show you how that might be reflected in your risk assessment process.
A risk matrix can be used to help visualise how this risk tolerance manifests as part of your risk assessments.
The colour scheme on a risk matrix can be used as a simple indictor. It is common that a business may decide that any risks or activities presenting anything other than ‘Green‘ in the traffic light system, is an unacceptable level of risk.
Others businesses may decide that activities/hazards judged as ‘Amber‘ level risk can be tolerated. It really depends on the context of the risk assessment.
For those with more complex operations or risks, it may make sense to decide that specific risk scoring levels are tolerable or intolerable e.g. Using the matrix above, a risk score of 36 or higher may be unacceptable.
There is no right or wrong way to go about defining the parameters of your risk tolerance, but it should be done by someone or a group of people with appropriate skills, knowledge, training & experience to make competent decisions.
Once you are able to evaluate the risk in line with your organisations level of risk tolerance, you will know if further controls are required. At that point, it’s beneficial to use a structured approach to deciding what may or may not be suitable.
Control measures include actions that can be taken to reduce the potential of exposure to the hazard.
These risk control strategies can vary extensively in terms of effectiveness, and if the risk is high, multiple layers of control may need to be considered.
So, if we are looking at a specific hazard, how do we assess the options for reducing risk?
Evaluating Risk | What is Reasonable?
We need to look at our options and balance the time, cost and effort against the level of risk reduction that we foresee being achieved.
If we can strike the right balance during our workplace risk assessment, we can truly add value for both the employee’s and for the business.
If we have a low severity, low likelihood task. It wouldn’t be reasonable to have to spend lots of money on plant and equipment to further reduce what is already a low risk.
On the other hand, if we have a high likelihood task that presents a significant risk to our employee/s. It starts to make sense to apply greater resources toward mitigating that risk.
In the UK, the term ‘Reasonably Practicable‘ is written into health and safety law. It allows those responsible for health and safety to balance risk reduction against the time, money and effort required.
Watch our short animation to learn more…
For those hazards that require further controls, we need to determine and outline the specific actions required.
Evaluating Risk | Hierarchy of Control
When we are considering options to mitigate or reduce risk, we often refer to the ‘hierarchy of control measures’ as part of the workplace risk assessment process.
Now that we’ve determined the risk level using our risk matrix, we need to decide if the risks are at a reasonable or acceptable level. Or, if we need to put further control measures in place.
If you’d like to find out more on the process of choosing control measures for your Health and Safety Risk Assessment, listen to our podcast below, keep reading or both! Also, don’t forget you can download your free Risk Assessment Template to complete alongside this risk assessment guide.
The hazard controls in the hierarchy are, in order of decreasing effectiveness:
- Engineering controls
- Administrative controls
- Personal protective equipment
Physical removal of the hazard — this is the most effective hazard control.
For example, if employees must work high above the ground, the hazard can be eliminated by moving the piece they are working on to ground level to eliminate the need to work at heights.
Substitution, the second most effective hazard control, involves replacing something that produces a hazard (similar to elimination) with something that does not produce a hazard — for example, replacing a stepladder with a mobile scaffold.
To be an effective control, the new method must not produce another hazard. Or at least, not present as hazard that has more potential to harm than the previous option.
As airborne dust can be hazardous, if a product can be purchased with a larger particle size (likely to be less harmful), the product with a smaller particle size may effectively be substituted.
The aim here is to reduce the potential for harm, whilst being careful not to introduce new risks.
3. Engineering Controls:
The third most effective means of controlling hazards is engineered controls. These do not eliminate hazards, but rather isolate people from hazards.
Capital costs of engineered controls tend to be higher than less effective controls in the hierarchy, however they may reduce future costs.
For example, a team might decide to build a work platform rather than use fall arrest equipment.
The work platform would usually provide a physical barrier between personnel and falls from height.
Other examples of engineering controls would be interlocks on electrical devices (electric shock/electrocution). Guards on grinding and cutting tools to prevent physical contact with blades or rotating devices. Or, for respiratory protection, LEV (Local Exhaust Ventilation) systems or fume-hoods can be used to remove harmful airborne materials.
4. Administrative controls: Administrative controls are changes to the way people work. Examples of administrative controls include procedure changes, employee training, and installation of signs and warning labels.
Administrative controls do not remove hazards, but limit or prevent people’s exposure to the hazards, such as completing road construction at night when fewer people are driving.
PPE is the least effective means of controlling hazards and the last line of defense – a severe event will often render PPE ineffective.
Additionally, some PPE, such as respirators, increase the physical effort needed to complete a task. Therefore, you may need to consider if workers can use the PPE without further risk to their health.
That wraps up the hierarchy of control – now you can select control measures with confidence.
Evaluating Risk | Swiss Cheese Model
When thinking about risk controls and whether multiple layers of defense are required, it’s useful to remember the ‘Swiss Cheese’ theory.
The Swiss cheese model of accident causation is a simple concept used in risk management across many sectors. As you can see in the diagram >
The Swiss Cheese model likens human systems to multiple slices of swiss cheese, stacked side by side. Here, it proposes that the risk of a threat becoming a reality (accident) is mitigated by the differing layers and types of defenses which are “layered” behind each other.
Therefore, in theory, lapses and weaknesses in one defense do not allow a risk to materialize, since other defenses also exist. In other words, you will not be vulnerable from a single point of failure.
Free Risk Assessment Course
We’ve created an instructor-led, online course for Risk Assessment. Join us for a step-by-step, interactive tutorial to give you or your employees the confidence evaluate risk.