risk assessment that is being performed and let them know the outcome. An effective process will involve stakeholders throughout the process and seek their input. Internal personnel such as the assessment team, management, affected operators, and uses of the systems as well as external stakeholders such as customers, investors, partners, suppliers, and vendors should be included in the communication process. In rare situation, an exception may exist where there are legal or Fair Trade Commission implications, or other reasons where communication about the risk assessment may need to be limited.
3.14 Documentation
Documentation is an important form of verification and communication. Virtually, all aspects of the risk assessment process discussed in this chapter should be documented including details on the following.
Selecting the risk assessment matrix
Determining the purpose and scope (context)
Selecting the team
Identifying the hazards or operations to be assessed
Hazard/risk identification
Risk analysis
Risk evaluation
Communication and documentation
Monitoring and continuous improvement
Documenting the risk assessment serves to record the efforts of the assessment process, as well as the resulting risk findings and recommendations. It also allows those who were not directly involved to have some understanding of the risks and risk reduction measures as well as an organization to prove and demonstrate their efforts and actions. Documentation allows future reviewers to recreate and understand the thought process behind the previous risk assessment. It enables teams conducting future risk assessments to build upon and further improve the work that has already been done. Possibly, most importantly, a good risk assessment that is well documented might serve to limit an organization’s potential liability at some point in the future by showing their decisions and actions be well thought‐out by a qualified team to the best of their ability at the time.
Communication, documentation, and employee involvement are components of virtually all standards relating to risk assessment including ANSI/ASSP Z10.0, ANSI/ASSP Z590.3, and ANSI/ASSP/ISO 31010, to mention a few. Furthermore, risk assessments would be more successful if those performing them would take a little time to think about who might be able to contribute and who might benefit from the risk assessment and engage those parties where possible.
3.15 Monitoring and Continuous Improvement
They say that only one thing is certain, and that is there will always be change. With that in mind, it is important to monitor risk assessments and the hazards and operations they cover. Hazards and operations continuously change and with these changes come new and different risks. Examples of these might include different equipment, processes, operating environments, production rates, etc. Each of these changes could have an effect on the existing controls and their effectiveness. Thus, it may be appropriate to update risk assessments to consider these possible changes.
New technologies and controls are also being created and monitoring these may offer opportunities to improve controls and further reduce the risk. New controls that are being introduced may be higher in the Hierarchy of Controls and more reliable. An example might be the Global Positioning Systems (GPS)/telematics available for vehicles today. In the past, driver training, instruction, and possibly their logs were manually used to monitor their location, speed, and driving performance – controls consider low on the Hierarchy of Controls. The GPS/telematics of today are much more accurate, factual, and reliable and might be considered higher on the scale.
Monitoring, updating, and further reducing of risk is continuous improvement. In fact, risk assessment done properly is the perfect example of a continuous improvement process. Certain risks that are accepted today will not likely be accepted in the future. There are a variety of reasons for this condition. Personal expectations are always increasing. People increasingly expect working environments that are more comfortable, convenient, and safe. This expectation comes with the improvement in technology and working conditions, as well as enhanced knowledge of risks. This is especially true as more people work for someone else as opposed to being self‐employed and willing to take more risk. Not too long ago many people would have been satisfied just working indoors at a desk. Now the expectation is that the room is properly air conditioned, and more and more people are expecting good ergonomics like sit/stand workstations. Expectations will continue to rise as will technology resulting in continuous improvement.
Regulations and standards also continue to have higher requirements to keep up with technology and expectations. The methods of improving the safety of hazards and operations and reducing the resulting risk are getting dramatically better. Thus, regulations and standards are being amended and developed to require these improvements. This is continuous improvement and risk assessment can lead the way. The term ALARP or as low as reasonably practicable is used in this book and what is reasonably practicable is increasing continuously enabling risk to be further reduced going forward. Think about fire, smoke, and carbon dioxide (CO2) detectors. At one time, they had not been invented. Then, they were invented but expensive and only used for major hazards and operations. Now, they are simple, inexpensive, and installed in most homes.
3.16 Summary
Safety professionals must understand the risk assessment process and be able to complete the steps in the risk assessment process competently if they are to fulfill their roles successfully. Risk assessments will be the norm in the future as they are required and referenced by more regulations and standards going forward. Just as safety professionals have been expected to be competent in OSHA regulations and their compliance in the past, they will be expected to lead hazard analyses and risk assessments. This is the advancement of the safety profession.
Review Questions
1 1 Describe risk assessment’s role within the framework of risk management.
2 2 Name three standards or guidelines which have the process of hazard analysis and risk assessment as a “required” core element.
3 3 State the primary purpose of an operational risk assessment.
4 4 Explain the difference between a hazard and a risk.
5 5 Within a risk assessment process, explain how “establishing the context” affects the process. When is the context established and what should it contain?
6 6 Provide a brief description of the three types of risk analysis values used.
7 7 Explain the concept of ALARP.
References
1 ANSI/ASSP Z10.0‐2019 (2019). American National Standard – Occupational Health and Safety Management Systems. Park Ridge, IL: American Society of Safety Professionals.
2 ANSI/ASSP Z590.3‐2011(R2016) (2016). Prevention Through Design: Guidelines for Addressing Occupational Hazards and Risks in Design and Redesign Processes. Park Ridge, IL: American Society of Safety Professionals.
3 ANSI/ASSP Z690.1‐2011 (2011). American National Standard – Vocabulary for Risk Management. Park Ridge, IL: American Society of Safety Professionals.
4 ANSI/ASSP/ISO 31000‐2018 (2018). Risk Management – Guidelines. Park Ridge, IL: American Society of Safety Professionals.
5 ANSI/ASSP/ISO 31010‐2019 (2019). Risk Management – Risk Assessment. Park Ridge, IL: American Society of Safety Professionals.
6 ANSI B11.TR3–2000 (2000). Risk Assessment and Risk Reduction – A Guide to Estimate, Evaluate and Reduce Risks Associated with Machine Tools. New York: ANSI.
7 ASSP.