Identifying Risks In Your Organisation
This is the third step in a seven-stage process of successfully tackling risk management in your organisation.
Identifying risks requires a broad approach – in fact, the broader, the better. This is an ideal opportunity to get everyone in your organisation involved in the risk management process. Perhaps you could begin with a organisation wide brainstorming session to identify any and all risks that could confront your organisation.
This may not be possible with every organisation; establishing a risk management committee or in smaller groups having one person responsible may be a better solution.
In a meeting room, have someone up the front with a pen and a white board or sheets of butcher’s paper. Their job is simply to write down any risks that the others think of; such as slipping on the polished floorboards to being hit by a stray meteorite. Depending on the size of your organisation, you may want to break up into smaller groups to brainstorm ideas, then present them to the group – you may want to assign groups to different areas of potential risk.
In any case, whilst a scattergun approach may be useful, it is worth breaking down the potential risks into sub-headings to make sure all areas are covered.
Remember that it is important to document all the potential risks that you identify, in each step of the risk management process. The statute of limitations in public liability cases in quite broad; therefore complete documentation is vital.
A risk is anything that can cause harm, ranging from an overfilled urn to the smell of rotting food left in a cupboard in a lunch room. The classic test for identifying risks is to imagine a person entering your premises or working for the organsation; what would you warn them about or keep them away from
Some useful questions to ask when identifying risk include:
- What can happen When, where, why and how might this occur
- Who and what might be involved
- Who will be affected if this happens
It is important to define risks in terms that are useful in figuring out how to treat that risk.
A risk usually comprises three parts:
- A source
- Something at risk
- An effect
For example, just listing “fire” as a risk doesn’t provide enough information to properly evaluate or treat that risk. But if the risk is defined as “there is a risk that a heater in a process will catch fire and cause damage to the machinery” we have somewhere to start.
Every organisation will produce a long list of potential hazards. So, the question is, where do we start There are a number of ways of tackling the task of identifying all the risks in your organisation, but each involves breaking them down so you’re not trying to tackle the whole problem at once.
You might want to go through your premises room by room, or list your activities one by one, identifying areas of potential risk as you go.
- Are benches at a safe height, are the surfaces appropriate for the application
- Are there any trailing power cables
- Are doors and windows fitted with locks to prevent break-ins
- Are there adequate first aid kits available and trained staff to administer first aid
Toilets and Rest Rooms
- Is the hot-water system regularly serviced and well maintained
- What is the floor like Can it get wet and create the danger of slips or falls
Lunch Room and Meals area
- Are there any electrical items that could create a fire hazard
- Do you have cooking areas, hot food or boiling water that could cause burns
- Do you have food handling measures in place
These are just a few of the questions that may arise – many others will present themselves as you walk through your premises taking a close look at everything and just thinking about what could happen. Remember to also think above and below your premises – the roof, basement, storage areas, car parks etc.
Going from room to room is one way of identifying risks, but it might not be suitable for every organisation. However, it is a good idea to attempt to break down hazards into particular topics.
It is your responsibility to make your organisation a safe environment for anybody who is likely to come into contact with it, including those who do not have permission to enter. A key point is to make sure you inspect your facilities, equipment and premises regularly.
Other ways to help complete a list of potential risks include:
- Incident review – examine events that have occurred previously and are recorded or remembered, to help generate an image of the site or function you are examining.
- Interviews – talk to locals, council risk managers, other professionals, people who know the area or function, staff, emergency personnel. Talk to people who run organisations similar to yours to find out what risks they have encountered.
- Documentation – what maps, procedures, photographs, video, records, articles, signs, notes or reports are already in existence
- Guidelines – eg. electrical safety standards, signage guidance manuals
- Site visits – physical findings. Use a checklist. What should you look for
- Checklists – numerous applications. These are tools that can help you structure your findings in a logical and consistent manner.
- Experience – yours, others. Go back to incidents, interviews and brainstorming.
- Scenario analysis – set up a scenario or “what if “and see what may be lacking. This could even be a live run through to see how your organisation reacts, emergency exercises, dummy runs, etc Ensure that processes are in place for these scenario’s prior to trialing to avoid any unforeseen circumstances; provide a warning to the organisation in advance that one of these scenarios is planned.
If your organisation is large it may well be that you need to hire a risk management consultant to assist you in your process.
Checking any guidelines that may have already been produced that relate to your organisation and its activities. For example, builders may need to consider the presence of asbestos and methods of removal when demolishing a building.
Users of laser equipment may need specialised eye protection; depending on the type of laser in operation.
A case example
Remember to keep your focus broad. In a 2001 court case in South Australia, a woman in her sixties was shopping in a supermarket when she slipped on a grape, or grapes, and fell to her knees, injuring her right knee permanently.
The supermarket argued that it had in place a system of inspection and cleaning, and that mats were on the floor to prevent people slipping. But the court found in favour of the woman because the cleaning was found to be poorly supervised and was not carried out as it had been claimed, and awarded her damages of almost $30,000.
Claims of well above this figure have been recorded. Although in this case the fall occurred at a supermarket, this type of event can and does happen in any business. You might not have grapes on the floor, but the same scenario could be written with slippery tiles, a badly-placed doormat or equipment left lying around for people to trip over or an uneven pathway.
This is also a lesson to carry out procedures you come up with for fixing hazards that you identify.
Another, similar, case illustrates the need to keep in mind when identifying potential hazards that risks might vary at different times of the day or year – the footpath might not be slippery now, but may well be on a wet winter night.
In Canberra, Australia a woman aged in her 50’s was awarded more than $86,000 after slipping outside the entrance to a supermarket (again, it could just as easily be your organisation’s premises) and sustaining injuries that eventually required a hip replacement.
The judge found non-slip mats were in place but were worn and no longer serving their purpose, and the situation was worsened by wet leaves and slippery cotton blown on the wind from a nearby cottonwood tree, a phenomenon well known in Canberra at that time of year. It is important to document all the risks that you identify, and a good way of doing this is on a risk register.
The aim of the register is to pro-actively, but without a major imposition on time and effort, begin to raise the profile of what risks exist within your organisation.
Leave spaces blank and ask employees and associates to add items that they feel could be a problem (e.g. the fraying electrical cord to the jug or urn, the slippery tiles at the entrance, the jagged wire on the fence). This is the first step along a detailed process.
The other columns on the risk register will allow you to document and monitor the process of analysing, evaluating and acting on these risks.
Circulate the risk register to all personnel. The list of potential risks will be longer for some organisations than others. For instance, the risks associated with a construction company would outweigh those for a solicitors office. Potential areas of risk might also include noise levels, regular or occasional maintenance work, harm from repetitive tasks or staring at computer screens.
While all care has been taken in the preparation of this material, no responsibility is accepted by the author(s), Cornstalk Software P/L or its staff, for any errors, omissions or inaccuracies. The material provided in this document has been prepared to provide general information only. It is not intended to be relied upon or be a substitute for legal or other professional advice.
No responsibility can be accepted by the author(s) or Cornstalk Software P/L for any known or unknown consequences that may result from reliance on any information provided in this publication
- Analysing Risks In Your Organisation
- Communicating Risk Management To Your Organisation
- Establishing A Context For Risk Management
- Evaluating Risks In Your Organisation
- Monitoring and Reviewing Risks In Your Organisation
- How to use bottlenecks in your business to help you write effective standard operating procedures (SOP)
- SOP Software to help you manage your standard operating procedures (SOP)
* Please read our disclaimer before downloading any of our documents