5 Types of Risk Assessment & How to Use Them
13 December 2022 - Evotix
Risk assessments aren’t just a ‘nice to have’; in most cases, they’re a legal requirement. In basic terms, a risk assessment identifies risks and hazards in the workplace and determines methods of either mitigating or eliminating them altogether to ensure a safe working environment.
As we know, hazards come in all shapes and sizes – meaning risk assessments do too. To accurately evaluate the variety of hazards hidden in a workplace, you should use a different type of risk assessment. It’s important to know that different types of risk assessments can often be used alongside one another. Workplace hazards aren’t black and white, so sometimes you may need to mix and match – collating the most relevant parts of each type of assessment into one single risk assessment.
In this article, we’ll cover the five different types of risk assessments and how you can use them to maintain top-level health and safety standards.
Stages of a risk assessment
While there are 5 different types of risk assessment, the stages involved in carrying out each assessment are very similar. A risk assessment should include these 6 steps:
Good planning is integral to ensuring you get your risk assessment off to a strong start. Before conducting your risk assessment, consider these four elements noted by OSHA:
What are you assessing? (A piece of equipment, process or workplace area?)
What resources do you need to carry out the assessment? (Tools or equipment?)
Who is involved? (Workers, managers, supervisors or suppliers?)
What laws, regulations and internal policies do you need to comply with?
2. Identify hazards
This involves a walkthrough of your workspace to identify anything that could reasonably be expected to cause harm. Involving other employees in this stage could be helpful, as they may have noticed things that don’t immediately stick out at you.
While assessing the workplace, ensure you consider long-term hazards to health (like high noise levels or exposure to harmful substances) and safety hazards.
Once you’ve identified each hazard, make sure you understand how it could harm someone or the environment – as this will help you identify the most impactful way of managing the risk further down the line.
3. Evaluate identified risks
Now that hazards have been identified, it’s time to decide how to handle them.
Under the OSH Act, employers have a duty to provide workplaces that are free of known hazards that could harm their employees. Comparing what you’re already doing with best practice is the most effective way to do this.
First, assess the controls you currently have in place and how they’re implemented. Compare these controls against identified best practices to see if there’s room for improvement.
4. Take action
Once you’ve identified specific areas for improvement to reduce risks, it's time to act. HSE suggests applying the following principles:
Try a less risky option (for example, switching to a less hazardous chemical)
Prevent access to the hazard (such as guarding)
Organize work to reduce exposure to the hazard (for example, by placing barriers between pedestrians and traffic)
Issue personal protective equipment (gloves, goggles, etc)
Provide emergency areas (like first aid or eye wash stations)
5. Record findings and actions taken
At this stage, you should write down the risk assessment results and share them across your organization to encourage all employees to put these new actions into practice.
Write down your results as simply as possible, for example: “‘Fire door blocked: area cleared, staff instructed, weekly checks.”
While recording your risk assessment findings, you should be able to demonstrate:
That you've identified the hazards
That you’ve decided who could be harmed
How you plan to eliminate/minimize the risks and hazards
6. Review process
Workplaces seldom stay the same. New processes could be brought in that present new risks and hazards. That’s why it's important to ensure that you’re regularly reviewing what you’re doing on an ongoing basis and updating the appropriate risk assessment form when needed.
What are the different types of risk assessment?
Risk assessments come in many different forms, but here are the five most common:
Qualitative risk assessment
Qualitative risk assessments are the most frequently used risk assessments for companies in high-risk industries. Assessments of this kind measure the severity of a risk. In most cases, qualitative risk assessments are used to determine the severity of multiple risks at once. These assessments rely on the perceptions and judgments of an individual—often an expert in the company’s field or a member of management.
When these assessments are employed, the assessor’s personal experience, observations and interviews are used to gather qualitative data, which are then analyzed with the goal of determining the severity of multiple risks.
The severity of a risk can be determined using the following formula: impact describes how severely a risk could negatively affect a project and likelihood describes how often the risk is likely to occur.
Severity = Impact x Likelihood
When the information is presented, it is organized either into categories or a graph known as a Qualitative Risk Assessment Matrix. Both schemes are based on severity. Categories are labeled High, Medium, and Low—or, depending on the company’s preferences, Green, Amber, and Red (GAR). In a Qualitative Assessment Matrix, one axis is labeled ‘Impact’ and the other ‘Likelihood,’ and plot points (risks) are charted in according to severity. Presentations allow the company to quickly identify the highest-severity risks.
When compared to quantitative risk assessments, qualitative risk assessments can often be more practical. These assessments are cheaper and faster and allow for the comparative analysis of multiple risks. They don’t require gathering vast amounts of numerical data; instead, qualitative risk assessments rely only on the judgments of one person. Most importantly, qualitative risk assessments enable companies to invent solutions for the most severe risks quickly and efficiently.
Quantitative risk assessment
A quantitative risk assessment involves determining the severity and likelihood of a risk by giving it a number. This type of assessment aims to gauge how much the impact of the risk will cost an organization. Rather than referring to a risk as high, medium or low, a quantitative risk assessment assigns a digit to the risk.
The main difference between a qualitative and quantitative risk is that rather than being based on a person’s judgment, as a qualitative risk is, a quantitative risk analysis relies on hard data. Another contrast between the two is how each process values risk. While in a qualitative risk assessment, an innocuous risk may be rated “low,” the same risk will be given a low percentage in a quantitative assessment to indicate the possibility of it occurring or causing harm.
A scenario in which quantitative risk assessments are commonly used is to predict the likelihood of a fire or explosion when using harmful chemicals. Project managers can select one of the following methods for quantitative risk assessment:
Failure Mode and Effects Analytics (FMEA) - anticipating shortcomings in business processes and coming up with ways to mitigate their impact on customers
Business Impact Analysis (BIA) - identifies and evaluates impact of natural disasters and sets aside investment in recovery, prevention and mitigation strategies for organizations effected
Expected Monetary Value (EMV) - this method involves senior management carrying out the following equation: Probability in % of Risk Occurring x Cost of Impact in Preferred Currency
Results can also be recorded in a risk assessment matrix (or any other form of an intuitive graphical report) to communicate outstanding hazards to stakeholders. Although this method involves the assignment of numbers to the degree of risk, it is technically a qualitative method in that it's based on the assessor’s judgment.
Generic risk assessment
Generic risk assessments include assessing a broad range of specific workplace activities. Generic risk assessments are most useful regarding repetitive tasks which are consistent in application for organizations, such as:
Working in confined spaces
Working at heights
Fire emergency responses
Use of different pieces of machinery
Use of display equipment
Carrying out generic risk assessments in these circumstances often proves useful for large organizations, as the findings can then be applied equally to similar tasks across different areas of the workplace or different sites altogether.
This can be done, for example, with the act of locking out a piece of machinery commonly used across several areas of a manufacturing site or installing electrical equipment.
Site-specific risk assessment
As the name suggests, a site-specific assessment places a particular site, environment and team of employees performing the task under the microscope to ensure everything is running as safely as it should be.
The main difference between generic and site-specific assessments is that while generic risk assessments place a spotlight on common hazards associated with general activities carried out regularly by employees, such as roofing works, site-specific risk assessments pay attention to hazards that can only be found in one specific location with controls put in place that are very distinct to the risk – for example, valley gutters on a roofing site.
When you consider here the link between both assessments being carried out on a roofing site, it's easy to see why it often makes sense to follow up an initial generic assessment with a site-specific assessment, as it enables inspectors or senior management to hone in on an area of concern in more detail.
Other examples of hazards that could be picked up by a site-specific risk assessment that wouldn’t otherwise be recognized by a generic risk assessment on roofing works include potential asbestos from cement roof sheets or glazing rope or trip hazards, including lightning conductors or drain vents.
Dynamic risk assessment
A dynamic risk assessment evaluates risks in rapidly changing, uncertain and often high-risk environments. In contrast to formal risk assessments, which are a legal requirement and should be carried out as a precursor to any task being done, dynamic risk assessments are normally carried out by a lone worker when they arrive in a new environment. There may also be circumstances where a person’s regular working environment changes, making generic or even site-specific risk assessments obsolete and presenting the need for a dynamic approach.
It’s important that the person carrying out a dynamic assessment understands that not every risk can be prepared for because of the nature of these environments. It would be expected that the person conducting a dynamic risk assessment has the experience required to make an informed judgment call if a situation becomes too dangerous – such as delaying a task until safe equipment is sourced.
An example of a dynamic risk assessment includes a construction worker visiting a new worksite and assessing the hazards he hasn’t seen before, having not been on that site. Not to be mistaken as a replacement for formal risk assessments, dynamic risk assessments are to be carried out alongside them to identify any unknown risks.
How Evotix can help
While carrying out risk assessments manually is always an option, it might not be the most efficient way for all organizations to stay proactive regarding hazards and risks. Using software can help streamline the risk assessment process by helping you easily manage large data sets from all different sides of the organization.
The benefits of utilizing Evotix’s Risk Assessment Software are vast, as it enables you to not only use matrices to ensure high-risk activities stand out so controls can be put in place rapidly, but also lets users track actions to completion so they can ensure controls are implemented and work as intended. With all forms stored in one neat place, the software also enables workers from all areas to easily carry out risk assessments and review the results of each one – ensuring the whole workforce stays in the loop regarding hazards.
Whether they’re used separately or alongside one another, knowing the different types of risk assessment is key to achieving a safe workplace and happy, productive workforce. Whatever risk assessment process you adopt, ensure your employees are included so they can stay in the loop when it comes to the solutions required to complete tasks safely and efficiently.
Want to learn more about how we can help streamline your risk management processes?
7 Benefits of Conducting a Risk Assessment
27 October 2022 - Evotix
Risk assessments aren’t just about clipboards and checking boxes; they bring real, irreplaceable value to the workplace by helping identify current and potential hazards and risks in the workplace..
What is a Risk Assessment?
20 October 2022 - Evotix
So first things first, what exactly is a risk assessment?
What is an EHS Audit?
28 July 2022 - Evotix
An EHS audit is an assessment of an organization’s health and safety policies, processes and systems to ensure that they are meeting regulatory standards.