Welcome Guest! The IOSH forums are a free resource to both members and non-members. Login or register to use them

IOSH Forums are closing 

The IOSH Forums will close on 5 January 2026 as part of a move to a new, more secure online community platform.

All IOSH members will be invited to join the new platform following the launch of a new member database in the New Year. You can continue to access this website until the closure date. 

For more information, please visit the IOSH website.

Postings made by forum users are personal opinions. IOSH is not responsible for the content or accuracy of any of the information contained in forum postings. Please carefully consider any advice you receive.

Notification

Icon
Error
Organisation risk registers
Options
Go to last post Go to first unread
Previous Topic Next Topic
Admin  
#1 Posted : 16 August 2007 10:58:00(UTC)
Rank: Guest
Admin
Posted By Angela Oakey-Jones
I'm interested to find out about the types of risk register different organisations use. Invariably, there are different styles, but which are the most workable? Are all the risks noted together in a hotch-potch, or split into headings e.g. "H&S", "Financial" etc?

I'm asking as I'm wondering about the effectiveness of registers. It may be that the over-populated ones look like they were created by control freaks or the under-populated look like the incompetents had a hand in things... It may be that "keep it simple" should be the watchwords for success.

I'd be grateful for any experiences you're prepared to share of an appropriate, proportionate level of risk registering.
Many thanks

Angela
Back to top
Admin  
#2 Posted : 16 August 2007 12:36:00(UTC)
Rank: Guest
Admin
Posted By Ian G Hutchings
Angela

I have a blank with some example headers if you would like to email me.



Ian
Back to top
Admin  
#3 Posted : 16 August 2007 12:47:00(UTC)
Rank: Guest
Admin
Posted By Chris Jerman
Angela. This is a great question, but a huge answer in fairness. I'll try to keep it brief for now.

We are a national multi-site organisation with several distinct functions. Each individual site performs its risk assessments, lays them out according to the risk rating and makes a decision about the top 6. (too big to explain that precise mech here) save to say that 6 is enough! These local registers (merely an index to the assessment with a brief synopsis of the issue with the haz, likelihood and final risk score visible for QA purposes) come together centrally to be merged to be one Divisional register of the most significant top 6. At this point the picture becomes a little fuzzier as the very local circumstances get ironed out into Divisional issues. This gives us several registers. One each for manufacturing, retail, supply chain and leisure. What starts to emerge is that there are some very common issues across ALL of those Divisions. Eg MH or pedestrian segregation. These topics are then reported to the Board along with a narrative and proposals for a national strategy. We feel that giving the Board very detailed info on a specific safety issue is not effective (say, manual handling of 4m carpets for example) They don't need nor want that. They want to know their degree of 'exposure' in relation to compliance across the business.

Now this is all working terrifically well. BUT. Your question was, I know, wider than this. What about all of the other risk based disciplines - environment, fire, financial, operational etc etc. Damn good question. How do you make strategic decisions, properly, if the only stream that gives you a cohesive argument (ie not guesswork) is safety and health? YOU CAN'T!

Only now are we starting to assess each location's operational risk and controls assurance in the same manner. Using the same methodology and reporting streams. As yet we haven't any results, but they will be comparable.

We originally thought that we could produce a risk register for the entire business, ie the top 6 'threats' to the business at Board level. In the end, we decided that this wouldn't represent the various stake holders adequately. So there will be a risk register for each subject area. OH, S and Fire would merge and some would be included in Ops as a business risk. In the end there would be about 3 to 4 registers in total, but perhaps reduced to the top 3 issues not 6. We have 68,000 employees so there's a lot to cover, I feel that if you only had, say, 200 emplyees, it may be possible to produce a single register for the Board

Happy to chat through some more if this interests you.

Regards

Chris
Back to top
Admin  
#4 Posted : 16 August 2007 13:26:00(UTC)
Rank: Guest
Admin
Posted By Rakesh Maharaj
Hi Angela,

As an aside, when I advise companies on incorporating H&S risk with business risk registers, I find that it is important, if not vital to engage the audit committee and director for/of risk (which on some occasions are non-exec roles) in deciding what factors are going to be considered and what weighting, in any, will be applied when creating the risk register. Missing this step could mean that the register would loose all meaning once developed.

Good luck

Regards

Rakesh
Back to top
Users browsing this topic
Guest
You cannot post new topics in this forum.
You cannot reply to topics in this forum.
You cannot delete your posts in this forum.
You cannot edit your posts in this forum.
You cannot create polls in this forum.
You cannot vote in polls in this forum.

Powered by YAF.NET | YAF.NET © 2003-2025, Yet Another Forum.NET