Risk Assessments :- Should they or not have a Risk Matrix 

Recently I have become aware of Risk assessments that dont have the usual Probabilty/ Severity/ Risk,

now these are for public sector events / Activites low level any way, but i have noticed that this fomate is sneeking into the acctual Occupational side of formal events and even the commercial premisis we over see. 

Ive come from a consturction back ground that is very much you should always rate your risk. Im now looking at RAs with no Risk rateing at all, so is this a thing?

It is usual to do so, but not neccessary. So long as the hazards, risks and controls have been evaluated, and the level of risk is them deemed to be acceptable, then this is "sufficient and sutable", in my experience.

You don’t need a number as this is really subjective.  What you need to decide is a) is there a significant risk of harm that needs managing b) if there is, what controls can you apply and then c) has the residual risk been lowered sufficiently?

Simple answer. Yes.

Longer answer:

Law doesn't stipulate what suitable and suffient risk assessment is.  Law doesn't even define risk assessment, let alone suitable and sufficient.  Your RECORD of the assessment (cause that's what you're talking about here in practice) must include the significant findings...and that's it.  Now that could include a specific rating derived from a model, or it could be a simple statement of significance e.g. trivial/high.  It doesn't even need to include that. 

The key element is the nature of the process undertaken in examining the activity/hazards and then the outcomes/controls derived from that process.  Contextually that may require some form of risk ranking but if such ranking serves no purpose then its simply marks on a document for their own sake.

Risk assessment should be a thought of as a verb rather than a noun then it'd be much easier to explain.

What were you being audited against?

Originally Posted by: achrn

Originally Posted by: charlottewdhd

anyone an auditor? I was once given a minor on an audit because I hadnt put a numbers which in eyes wouldnt  rate which was the higher risk.  So is it a specific thing person to person wheather RAs shoudld have a risk rateing ?

Auditors have to find something to comment on.  I think it's part of the auditors code of ethics that they must always find at least a minor non-conformance.

The risk assessment needs to be 'suitable and sufficient' and any person (auditor or not) will always be able to assert that something is not sufficeint in their opinion. 

I've been told by an auditor that it is mandatory that a risk assessment has the two score numbers before controls have been applied and the two score numbers after controls, and you can only modify one of the numbers between the before-and-after.  'An auditor said so' doesn't make it true.

What's the difference between God and an auditor? 

God knows he's not an auditor.

Auditors ethics don't require a non-conformance to be found (had my Quality one 2 months ago and I didn't have a major, minor or observation) :D.  Anyway, consider the HSE's 5 steps to Risk Assessment and you will see NO. 3 = EVALUATE THE RISK.

So you can evaluate the risk by qualifying or quantifying, thats down to you, but you have to be able to demonstrate that you have conducted an evaluation.

Kind Regards

Waz

The law does not state that a risk assessment must be calculated. Following the 5 steps to assess the risks is simple and not complicated.  If i was to give 10 people a blank risk assessment form and request they assess the risk on the same task, would they return the same risk rating calculation, almost certainly not.  In my experience the residual risk rating always ends up low, which would allow work to begin, so why bother putting all the effort into rating the risks when valuable time should be spent on identifying suitable and sufficient controls.

Without sounding critical or condecending, the majority of operators in construction do not understand the risk rating process and have no desire to understand it.   All they want to know is how to do their work safely.  We recently issued the HSL's Safety Climate Tool for the second time in 2 years and "Usability of Procedures" came out on top as the least favourable response.  We then held consulation sessions with the workforce from all levels in the business and we were informed the "Risk Rating" is too complicated and it switches operators off when it comes to being briefed on the Risk Assessment. We were requested to remove the rating which we have done, to date, the feedback has been great.  I can honestly say after using risk ratings for over 20 years i have have been wasting my time, some of you reading this will highly disagree.  All i can say is try it, go back to basics and simplify the risk assessment process and focus on the controls.  The key to ensuring the controls are suitable and sufficent is the risk assessment is reviewed & signed off by a highly competant person.

I have had 2 HSE inspectors review our RAMS template and they were both impressed as it is simple to use.

Please get in touch if anyone wants and example of our Risk Assessment & Method Statement (RAMS) form.

Edited by user 27 September 2018 13:57:20(UTC)  | Reason: Spelling