With respect to risk management, a Person Conducting a Business or Undertaking (PCBU) has a duty under the WHS Act to ensure health and Safety by eliminating risks to health and safety, so far as reasonably practicable, or reduce those risks as far as reasonably practicable. 

Therefore, risk management can be seen is a systematic process that involves several basic steps in identifying hazards, assessing hazards or risks, and eliminating, controlling or managing reasonably foreseeable risks:

1. Establish the context
2. Identify the risks
3. Analyse the risks
4. Control the risks
5. Review the risks

The current WHS Act of 2011 states in section 17 - A duty imposed on a person to ensure health and safety requires the person:

(a)  to eliminate risks to health and safety, so far as is reasonably practicable, and

(b)  if it is not reasonably practicable to eliminate risks to health and safety, to minimise those risks so far as is reasonably practicable.

Furthermore, the Australian Standard AS/NZS 4801:2001; section 4.3.1, states 4.3.1 Planning Identification of Hazards, Hazard / Risk Assessment and Control of Hazards / Risks:

1. The organisation shall establish, implement and maintain documented procedures for hazard identification, hazard/risk assessment and control of hazards/risks of activities, products and services over which an organisation has control or influence, including activities, products or services of contractors and suppliers.
2. The organisation shall develop its methodology for hazard identification, hazard/risk assessment and control of hazards/risks using the Hierarchy of control, based on its operational experience and its commitment to eliminate workplace illness and injury. The methodology shall be kept up-to-date.

There are many ways to manage hazards and risks in the workplace.

The most common approach is to implement what is known as the Hierarchy of Control (HOC):

• Elimination – Eliminate the hazard and therefore the risk altogether
• Substitution – Substitute the hazard with something safer
• Isolation – Isolate the hazard for people
• Engineering – Engineering control measures such as mechanical devices, guarding etc
• Administration – Training. PPE gear, signage etc
  
  

Developing and implementing a Risk Register is a vital part of an organisation’s Risk management process. Quite often, a Broad-Brush Risk Assessment (BBRA) is completed within the organisation to capture hazards associated with all activities within the organisation.

This register requires reviewing on a regular basis and made available to interested parties inclusive of workers.  Risk registers are an essential tool in managing risk and it’s advisable that these registers are linked and form part of an integrated risk management framework.

There are many risk management tools which are used in the risk management process. Such tools include, Pre-task risk assessments (such as Take 5, 60 seconds), Job Safety Analysis (JSA’s), Safe Work Method Statement (SWMS), Safe Work Procedures (SWP’s). Basically, they all do the same job and assist workers in identifying and controlling risk.  

A pre-task risk assessment (a Take 5) ensures that any non-routine jobs are quickly assessed prior the commenced of work being conducted. A routine job, that has been assessed previously, can be carried out on a SWMS / JSA as long as the job scope is reflective of the hazards identified in the completed SWMS.

The risk assessment and treatment process should be developed using consultation, communication, supervisory and review processes consistent with the workplace’s health and safety management system. Organisations, should expand their respective systems to incorporate not just WHS but all areas of organisational risk (eg financial, operational risk etc). An integrated RM framework is an appropriate and effective way of measuring risk throughout an organisation.

Documenting and sharing information about RM is essential to ensure that appropriate people within the organisation are made aware and informed of the risk(s) being managed.