We use a Risk Register to have all significant findings recorded in one place so that the scores can be readily compared and to enable the business to direct its efforts in risk elimination across multiple locations

A Risk Assessment and a Risk Register are two different things. A risk assessment is something that is carried out locally by a particular work-team or even an individual to decide what is the safest way (so far are reasonably practicable) to carry out a specific task or process.

A risk register is usually something complied at the corporate level and it identifies what are the most significant risk for the organisation as a whole. Typically it would list up to 6 or so “breakers” which are those risks that if they played out would severely disrupt or even kill the business.

It is a risk register not just of list of hazards since as in a risk assessment it is quite possible for a risk to be well controlled, and be low even though the hazard may be high e.g. a foundry can be seen as hazardous but if it is well managed it would be in reality a low risk. By contrast driving for work might not be on the radar and be completely uncontrolled and so in reality be one of the most serious risks for the business.   The Risk Register aims to identify these risks and enables you and the business to prioritise them.

Just to echo at #3. Risk registers should entail business risks and are managed at corporate level. H&S risks will play a part in the register along with an array of other business risk. One of the biggest risk to any organisation is the financial wellbeing of the business and the risks associated with items such as, business growth, new competitor in the marketplace, damage to reputation, share price drop, loss of big clients or large commissions, safe recruitment, loss of workforce skills, business continuity, data protection breach, changes in government, effect on Brexit etc.

As the H&S person for the place I work, I am responsible for managing our risk register. This entails meeting with the risk managers for the specific risks categories (Finance Director, Head of HR, Head of IT and Systems etc) and understand what has the potential do damage or severely disrupt the business and how to mitigate or minimise their impact. Our register is reviewed every 6 months and discussed at board level. The risk register should be dynamic, and changes from time to time, for example what may have been a risk a year ago may now be well managed and can be removed from the register. Sometimes an event may happen, for example the recent London fire, and fire safety may now feature onto the register.

Just to note the benefit of a risk register: we identified we needed another IT ‘ghost’ server set up in another location a few years back. This has certainly been beneficial when our IT connection was severed outside our HO last year and we were able to keep trading.

Edited by user 28 June 2018 23:00:42(UTC)  | Reason: spelling