Guidelines for effective risk management

Successfully eliminate risks to health and safety

Risk management is the cornerstone of the WHS Act and Regulations 2011.  As the PCBU, an organisation is required to:

  1. eliminate risks to health and safety so far as is reasonably practicable; and
  2. if it is not reasonably practicable to eliminate risks to health and safety—minimise those risks so far as is reasonably practicable.

In the development of their risk management program, an organisation should refer to the SafeWork NSW Code of Practice: “How to Manage Work Health & Safety Risks”, consisting of 4 key steps:

  1. Identify hazards – find out what could cause harm;
  2. Assess risks if necessary – understand the nature of the harm that could be caused by the hazard, how serious the harm could be and the likelihood of it happening;
  3. Control risks – implement the most effective control measure that is reasonably practicable in the circumstances (elimination or otherwise); and
  4. Review control measures to ensure they are working as planned.

Picture 1

Illustration of Risk Management procedure


For the management of risk, the organisation will consult, so far as is reasonably practicable, with workers who carry out work for you who are (or are likely to be), directly affected by a work health and safety matter. Additionally, where the workers are represented by a health and safety representative, the consultation will involve that representative.


In relation to management of risk, the organisation as the PCBU, will consult, co-operate and co-ordinate activities with all other persons who have a work health or safety duty in relation to the same matter, so far as is reasonably practicable.

Picture 2


Hazard identification and elimination is not only the responsibility of the person conducting a business or undertaking in providing a safe workplace, but also requires officers and worker involvement and commitment.  As such, hazard identification, assessment and control shall be an ongoing process for all.  It is the responsibility of everyone (all workers, contractors, labour hire, volunteers) to identify, assess and control where possible, all hazards.

When controlling risks for certain hazards, the person conducting a business or undertaking must comply with the specific risk controls addressed in regulations and Codes of Practice where available.

The organisation will identify hazards through the implementation of several programs, namely:

  • safety Conversations Program;
  • scheduled safety audits;
  • workplace inspections;
  • corrective and preventative actions resulting from incident investigations;
  • hazards reported by workers through the formal risk management program;
  • ad-hoc reporting of hazards.


A systematic approach to risk assessment must be used to assist staff in the calculation of the potential severity of an injury resulting from the risk and the likelihood of an event occurring. The organisation will adopt a standard risk assessment matrix for these purposes (shown below):

Screen Shot 2020 01 02 at 8.47.18 am


The most important step in managing risks involves eliminating them so far as is reasonably practicable, or if that is not possible, minimising the risks so far as is reasonably practicable.

In deciding how to control risks you must consult your workers and their representatives who will be directly affected by this decision. Their experience will help you choose appropriate control measures and their involvement will increase the level of acceptance of any changes that may be needed to the way they do their job.

You must consider various control options and choose the control that most effectively eliminates the hazard or minimises the risk in the circumstances. This may involve a single control measure or a combination of different controls that together provide the highest level of protection that is reasonably practicable.

Hierarchy of Risk Controls

The Hierarchy of Controls deals with hazards in order of effectiveness.  The most effective method of control is to eliminate the hazard completely.  If this is impossible, consider the next method, then the next, until a solution (or series of solutions) is identified. Using personal protective equipment (PPE) is the least effective way to deal with hazards. The schematic below shows the hierarchy of controls:

Picture 3


Any changes to the control measures will require upgrading of one or more of the following documents:

  • safe Work Method Statements (SWMS);
  • work procedures;
  • training programs;
  • supervision procedures;
  • risk registers.


The organisation must ensure that the control measures that are put in place are reviewed regularly to make sure they work as planned. Proactive systems are provided to assist in this review process and every manager and supervisor is responsible for ensuring that the work area under their care employs a systematic review process using a combination of the methods below:

  • safety conversations program;
  • scheduled safety audits;
  • regular workplace inspections.

Additionally, there are certain situations where supervisors and managers must review control measures under the WHS Regulations and, if necessary, revise them. A review is required:

  • when the control measure is not effective in controlling the risk;
  • before a change at the workplace that is likely to give rise to a new or different health and safety risk that the control measure may not effectively control;
  • if a new hazard or risk is identified;
  • if the results of consultation indicate that a review is necessary;
  • if a health and safety representative request a review.


The organisation will need to have a systematic process for maintaining records. Typical examples of records that are maintained will include:

  • the identified hazards, assessed risks and chosen control measures (including any hazard checklists, worksheets and assessment tools used in working through the risk management process);
  • how and when the control measures were implemented, monitored and reviewed;
  • consultation processes used;
  • relevant training records;
  • any plans for changes.

Additionally, there are specific record-keeping requirements in the WHS Regulations for some hazards, such as hazardous chemicals and asbestos.

Partner With Us

Heading Sep

Contact BWC Safety on 0408 300 187 for advice.


Enquire Now