Just to add that I also include a section to be completed on-site. This would be the engineers comments on the actual site conditions/additional hazards that may have arisen when on-site.

I think the general consensus is that applying any kind of scoring 'before controls' is fairly pointless. Whether you agree with scoring per se or not. What does 'no controls' actually look like? However, what we mustn't miss is that some organisations use risk assessment for purposes other than to simply identify and control etc. My organisation is pretty large and in terms of reporting across 400 sites and 80 000+ people to three main boards, having some way of grouping, categorising, analysing, comparing, contrasting and reporting is essential. It is not a 'legal' requirement, nor necessary for everyone. There isn't a right or wrong in this, only a right for you and wrong for someone else. It's perfectly possible to provide a risk profile without numbers etc. In terms of evaluate the risk - you could state simple 'adequately controlled at present'. But as I have explained, for my purposes, that simply isn't sufficient. As to the original question, I think more than enough answers have been provided on that one. They were simply wrong to request that before and after ratings were necessary. That's one for the challenge panel then!! Jericho

At use level it's not a science :) For me 'scoring' the RA after precautions helps to identify where we need to do more, and prioritise on the (simplistic) 'higher' end of the risk spectrum. Barely more than just a wet finger in the air to check the wind direction.

But who's insisting it is the correct way? It's not even endorsed by the HSE! A matrix has it's place, but it's not the be all and end all of the risk management process. We use one (with numbers but it's qualitative) and it works well for prioritising actions and justifying decisions and levels of control for the company. It may not work for everyone, but who cares? As long as the significant hazards are suitably controlled, you're doing all right! Use it if it works for you, don't if it doesn't. And a risk assessment (with or without a matrix) can be used for myriad businesses purposes, not just for health and safety hazards. I sometimes think we (as a profession in general) get too bogged down in the detail, when we could use our time more smartly to actually deliver results (i.e. rather than wrangling over the minutia of risk assessment matrixes, why not just accept it for what it is and spend your time implementing etc.).

Fortunately for us we do neither of those things - A) spend huge amounts of time on basic risk assessments B) use a mathematically flawed process. For me there is a basic argument here. Now, leaving aside the point that given that we have had at least 20 years of formal risk assessment requirement and we should all be pretty much done by now - is there general agreement that in a medium to large sized organisation, you simply cannot fix everything at once? Some solutions are complex, some time bound, some limited by technology and others; it's about timing. So given a free hand, which issues would you want to to be focussed on? Let's call them the most important. Forget calling them high risk or anything like that. They simply are the most important. As this may leave other issues on the back burner for the moment (taking account of quick wins and all of that) would it not also be prudent to be able to demonstrate why your focus is where it is? Let's call this prioritisation. I would suggest that if you took this path, you would need a set of rules for making those decisions which could be used to prove why you followed a particular path. I am not advocating that this rule set need be highly complex and energy consuming. But I am saying that it need be robust and transparent. We use quantified risk assessment as part of this process not because there is or isn't a legal requirement nor because of any myth nor commonly held perception, but because it works for us. If I left my chosen profession and opened a grocery shop, I can tell you right now that I would NOT use this methodology. I would walk around my store, look at what I thought might need a bit of work and I'd order up some bits and bobs that afternoon. I think that only real myth here, if I may be so bold, is that there is and can be only one answer. The phrase horses for courses has never been so apt. There is no wrong assessment format really, only the wrong application. What I would say however in the support of the suggestion of flawed calculation, is that some matrices are confusing, have potential for error and if nothing else are more work than is necessary. I still don't see why you would have 'insignificant' as one of the options when attempting to quantify only the significant findings of an assessment. I (and our teams) have no difficulty at all in separating the outcomes of risk assessment into 'We're pretty good at this, it'll do as long as we stay on top of it' 'Actually being honest, we're not really controlling this very well at all, we'd better come up with something' and 'Well, it would be better if we did what we say we should, let's have a tighten up and see if we can get back to where we ought to be" Nothing clever, technical or fancy in that. But - if we ran a nuclear power station would that be good enough? Fortunately, we don't so I don't have to ponder that one. Jericho

"Now, leaving aside the point that given that we have had at least 20 years of formal risk assessment requirement and we should all be pretty much done by now " Well said Jericho I often feel that this very obvious point gets missed. in the 1994 HSC review of the "burden" of H&S legislation they give this example: "on one visit it took a detailed presentation by an HSE Insepctor to convince the company that, because of the the conscientious approach to existing H&S legislation, it was already fulfilling the risk assessment and other key requirements of the relevant Six Pack legislation" Bob, I would suggest that it is not before and after but more this is how we are, do we need to do more.

Change jobs / clients so you're not working for / advising contractors?!! In all seriousness, I'm lucky in that I'm not employed by a contractor, so I don't have this issue. When we set a tender for any project work we never stipulate a 5x5 (or any type of) matrix to be submitted. I'd like to say have a sensible chat with the person demanding rhe 5x5 matrix and explain your point of view, I expect in reality you just have to lump it and produce the document! If it gets the company work, and the work is worth more than the time / cost it takes to produce the matrix, then just accept it for what it is (a means to gain work rather than anything else, and manage H&S as you would normally).

I'd agree with all of that. Risk assessment has many possible facets and that link into operational risk is one of them. When you have more sites than you could possibly visit (and why would you?) you do need to have some way of well, checking up on things. Each of our sites completes risk assessments to a standard format, they list the top 6 on a register than comes in centrally. We have been in existence long enough to know what these scores should look like. There can be reasons for deviations, mistakes for one and local differences for another. OK they could have the 'right' scores purely by luck. But there is more to the system to this. All factors considered, we get a picture across the estate. Because each line carries a narrative from the head of that business unit that justifies the outcome of the risk assessment we can draw a landscape on which to make risk management decisions. Many sites may have the same issue, but some might have a higher rating, for clear reasons. This has allowed us to produce very accurate reports for the business as to why some locations simply cannot get their scores lower for operational reasons. This allows for a transfer of ownership if like from a manager who can seriously do no more, to a director who can. We consider these locations as hot spots that need prioritised assistance. We then use external auditors to visit our sites and report back on the understanding and ability of local managers in producing accurate risk registers. We don't inspect their sites for hazards. That's their job as managers! And they are there all the time whereas we are not. This approach is not solely for safety. We get sales figures, stock taking results, customer complaints etc all reported in. They all have values against them. Nothing unusual therefore in having some values in a safety related report. Might be a bit tricky to report sales if all they sent in was 'Quite busy this Saturday' Jericho

Can't help you there I'm afraid. I did my certificate in 1992. Didn't have to worry much about risk assessment back then. Factories Act kept me busy though. Mgt Regs very new then. Even when I went through my Dip after that, RA was NOT a huge element. We certainly didn't get bogged down in it. It was really a look at whether you have the necessary controls in place and simply document the situation. It wasn't really very formulaic. Not until 5 steps came along. I was one of the individuals who were consulted back then, by the HSE on my view on risk assessment - which is the same as it is now. There really wasn't much about back then. Following that 5 steps appeared. needless to say I didn't agree with it. Not only for my purposes but because I thought it flawed as a concept. It was never held up as the right way nor the only way but in the absence of much else is sort of became a standard and was taught in just about every course out there except the IOSH risk assessment course which used a different methodology and 3 point matrix. My gravestone will read 'There is no such thing as one size fits all - so stop looking' Jericho

Now you know I didn't say that, cheeky. Did they? Could they? Nah, fraid not. J

Talking to an eminent author of H&S textbooks he confirmed that he was aware of nine (9) different risk assessment techniques. I can name only three - two of which are whollly acceptable the other being a "dynamic" risk assessment which in my work is unacceptable . Any advances on three? Please no HAZIDS or HAZOPS - these are studies. Jon

@JohnM: Suitable, unsuitable, sufficient, insufficient - there's another 4! Sorry, I've started on the single malt.