Electrical power controls governed by risk management legislation in Australia
Managing risk

WHS risk management in four steps

Work Health and Safety (WHS) legislation requires that all foreseeable hazards in a business are identified and the risks arising from these hazards are eliminated or controlled.

9 February 2023

Risk management is a legal requirement for all businesses regardless of their size. Basically it involves asking the following questions:

  • What hazards exist in the workplace?

  • How serious are the hazards?

  • What control measures can be taken to avoid these hazards?

The best practice strategy for WHS risk management is a four-step process:

1. Workplace hazard identification

2. Risk assessment of those hazards

3. Implementation of control measures

4. Eliminate or minimise the risk of injury from the hazards identified.

Implemented control measures should be reviewed every two years at least, to check they actually fixed the problem without creating another one.

Step 1: hazard identification

Hazards can be identified through:

  • workplace inspections (walking around undertaking an observational risk analysis)

  • incident reporting

  • a risk register of injuries

  • consultation with workers

  • feedback from workers.

There are a number of business activities that can involve a risk to health and safety:

  • Purchasing: the equipment or chemicals purchased to run your business may introduce issues for occupational safety, e.g., plant and equipment or cleaning agents.

  • Work activities: when carrying out work tasks, the physical and psychological demands of the tasks, equipment used, or working environment can place employees at risk, e.g., repetitive or strained movements, length of time spent on the computer, air quality, or manual handling.

  • Contractors, casual employees, or customers: Other workers who come into the workplace can be at risk or place your employees at risk from the work activities they conduct, e.g., cleaning agents used by cleaners, electrical contractors, or verbal or physical abuse by customers.

Step 2: risk assessment

Risk assessment is where you determine how likely and how serious the effects will be on people in the workplace who are exposed to a hazard. Identify which hazards are the most serious and manage them first.

To do a risk analysis, consider:

  • the type of hazard

  • how severely the hazard could injure or cause illness (consequence)

  • how likely is this consequence going to happen (likelihood)

  • the frequency and duration of exposure

  • who it may impact and the consequences

  • capabilities

  • skills, experience, and age of people

  • layout and condition of the working environment.


Step 3: risk control

Risk control involves deciding what needs to be done to eliminate or control the risks to health and safety.

Where possible, you should always try to remove or eliminate the problem from the workplace.

For example, could you use a different process or change the way a job is done?

If it is not possible to eliminate the hazard, the hierarchy of risk control must be used to determine the most effective measures to minimise the risks.

Hierarchy of control for risk

1. Design or reorganise to eliminate the hazard from the workplace: try to ensure hazards are identified when new materials, equipment and work systems are being planned for the workplace.

2. Remove or substitute the hazard: where possible, remove the hazard or substitute with less hazardous materials, equipment or substances.

3. Enclose or isolate the hazard: this can be done through the use of barriers, introducing a strict work area, and enclosing a noisy process from workers.

4. Minimise through engineering controls: this can be done by using machine guards and effective ventilation systems.

5. Minimise the risk by adopting administrative controls: establish appropriate procedures and safe work practices such as job rotation to reduce exposure time or complacency. Time the work so fewer workers are exposed. Set up routine maintenance and housekeeping procedures. Provide training and instruction on hazard controls and correct work methods in how the job should be done to minimise the risks.

6. Provide personal protective equipment: provide suitable and properly maintained personal protective equipment and ensure your employees are trained in its proper use (examples include gloves, earplugs, safety glasses, etc.).

If no single control is appropriate, a combination of the above controls needs to be taken to lower the risk as much as is practical.

Step 4: review

Reviews of control measures and risk assessments should be conducted at least every two years to ensure the control measures implemented are appropriate and effective and the risk assessments are valid and reliable. 

This WHS strategic plan can be achieved through safety audits, regular workplace inspections, consultation with employees and reviews of incident investigations. Risk management should be built into all workplace activities and become part of the leadership and safety culture.

My Business Workplace has a WHS General Policy available to download today, that provides a framework for managing WHS risks.

Your HR sidekick

From contracts of employment to letters of termination and everything in between, My Business Workplace has got you covered.


Found this useful?

Subscribe to our newsletter and receive the best business tips and articles straight to your inbox.

Thank you for signing up to our newsletter. You're one step closer to receiving more insightful information to help better your business.

We take your privacy seriously and by subscribing to our newsletter you agree to the terms of our Privacy Policy available below.