Question

What is the main purpose for conducting a risk assessment? Is it for the business side or is it for the technical side of the organization? What risk assessment method do you think is most effective (quantitative or qualitative)? Are there any other methods at there? If so, what are the name of those methods and can you explain the differences in that method from other methods?

Answer 1

What is a risk assessment:

• A risk assessment is a systematic examination of a task, job or process that you carry out at work for the purpose of identifying the significant hazards, the risk of someone being harmed and deciding what further control measures you must take to reduce the risk to an acceptable level.

We have detailed these further below:

• Identifying the significant hazards that are present (a hazard is something that has the potential to cause someone harm or ill health).
• Deciding if what you have already done reduces the risk of someone being harmed to an acceptable level, and if not.
• Deciding what further control measures you must take to reduce the risk to an acceptable level.
• Risk Assessments should also be carried out to satisfy the requirements of legislation but above all to ensure the Health & Safety of employees.

Who should do risk assessments:

• Risk assessments should always be carried out by a person who is experienced and competent to do so, competence can be expressed as a combination of Knowledge, Awareness, training, and experience.
• If necessary consult a more experienced member of staff or external professional help to assist with the risk assessment template.
• Remember competence does not mean you have to know everything about everything, competence also means knowing when you know enough or when you should call in further expert help.

When should risk assesment be done:

• A separate risk assessment should be carried out for all tasks or processes undertaken by your organisation, they should be carried out before the task starts, or in the case of existing or long running tasks, as soon as is reasonably practicable.
• Risk Assessments should also be reviewed on a regular basis; monthly, annually, bi-annually, depending on risk, or if something changes i.e. a new worker, a change of process or substance etc.

What they are, why they're important and how to complete them:

• Risk assessment is a primary management tool in ensuring the health and safety of workers (and others). What many people perhaps are not aware of, however, is that they are actually a legal requirement for employers and certain self-employed people.
• Whether you're wondering how to complete a risk assessment or are unsure of their relevance within your industry, read on to discover everything you need to know.

When completing a risk assessment, it is important to clearly define some keywords:

• An accident is ‘an unplanned event that results in loss’
• A hazard is ‘something that has the potential to cause harm’
• A risk is ‘the likelihood and the severity of a negative occurrence (injury, ill-health, damage, loss) resulting from a hazard.’

Different types of risk assessments:

• The types of risk assessment required within any workplace should be proportionate and relevant to the operational activities being undertaken.
• In many industries, there are specific legislative requirements that apply. For example, in environments where hazardous substances are used a Control of Substances Hazardous to Health Assessment (COSHH) should be completed.

Some common types of risk assesment include the following:

• Fire risk assessments: fire safety management procedures are required to be established in all workplaces including a suitable and sufficient fire risk assessment.
• Manual handling risk assessments: should be conducted in any workplace where an employee may be at risk from injury and/or ill-health through the need to lift, carry, move loads.
• Display screen equipment (DSE) risk assessments: are required to be completed in workplaces where employees (and others) are using computers, laptops, etc.
• COSHH risk assessments: are required within workplaces where hazardous substances are stored, used or manufactured.

Why are risk assesment important:

• As previously stated, carrying out suitable and sufficient risk assessments is the primary management tool in effective risk management.
• It is a legal requirement for any employer and must be documented wherever five or more people are employed.
• Risk assessment is a straightforward and structured method of ensuring the risks to the health, safety and wellbeing of employees (and others) are suitably eliminated, reduced or controlled.

The main purpose of risk assesment are:

• To identify health and safety hazards and evaluate the risks presented within the workplace
• To evaluate the effectiveness and suitability of existing control measures
• To ensure additional controls (including procedural) are implemented wherever the remaining risk is considered to be anything other than low.
• To prioritise further resources if needed to ensure the above.

Differences between qualitative risk asessment and quantitative risk assesment:

Qualitative	Quantitative
Risk-level	Project-level
Subjective evaluation of probability and impact	Probabilistic estimates of time and cost
Quick and easy to perform	Time consuming
No special software or tools required	May require specialized tools
It considers all the risks identified in the identify risk process.	It only considers the risks which we mark for further analysis in the Perform Qualitative Risk Analysis Process. These are the risks that have a high impact on the project objectives.
It does not analyses the risks mathematically to identify the probability and likelihood. Instead, it uses stakeholders inputs (expert judgment) to judge the likelihood and impact	Perform Quantitative Risk Analysis uses the probability distributions to characterize the risk’s probability and impact. It also uses the project model (e.g., Schedule, cost estimate), mathematical and simulation tools to calculate the probability and impact.
In this, we assess individual risks by assigning a numeric ranking of probability and impact; usually; the rank of 0 to 1 is used where 1 demonstrates high.	It predicts likely project outcomes in terms of money or time based on combined effects of risks. It also estimates the likelihood of meeting targets. And communicates contingency needed to achieve the desired level of comfort.
We apply to Perform Qualitative Risk Analysis process in almost all the projects.	We don’t use this process is simple and moderately complex projects.   We may not find its use in software projects

Overview of risk assesment methods:

The following methods can be used for risk assessments:

• Use a what-if analysis to identify threats and hazards.
  What-if questions are asked about what could go wrong
  and about what would happen if things do go wrong. This
  type of analysis is a brainstorming activity and is carried
  out by people who have knowledge about the areas,
  operations, and processes that may be exposed to
  hazardous events and conditions.

• Use a checklist of known threats and hazards to identify
  your threats and hazards. The value of this type of analysis
  depends upon the quality of the checklist and the
  experience of the user.

• Use a combination of checklists and what-if analysis to
  identify your threats and hazards. Checklists are used to
  ensure that all relevant what-if questions are asked and
  discussed, and to encourage a creative approach to
  risk assessment.

• Use a hazard and operability study (HAZOP) to identify your
  threats and hazards. If you need to do a thorough analysis,
  this method is for you. However, it requires strong leadership
  and is costly and time consuming. It also assumes that you
  have a very knowledgeable interdisciplinary team available to
  you, one with detailed knowledge about the areas, operations,
  and processes that may be exposed to hazardous events and
  conditions.

• Use a failure mode and effect analysis (FMEA) to identify
  potential failures and to figure out what effect failures would
  have. This method begins by selecting a system for analysis
  and then looks at each element within the system. It then tries
  to predict what would happen to the system as a whole when
  each element fails. This method is often used to predict
  hardware failures and is best suited for this purpose.

• Use a fault tree analysis (FTA) to identify all the things that
  could potentially cause a hazardous event. It starts with a
  particular type of hazardous event and then tries to identify
  every possible cause.

Overview of other methods used for risk assesment:

• For both quantitative and qualitative approaches, a wide range of techniques exist.
• Each technique has its own:

1. Characteristics
2. Advantages
3. Disadvantages
4. The field of application

• HAZID standards for hazard identification
• HAZOP is hazard and operability
• FMEA is failure mode and effect analysis
• F-N cure is frequency-number

Qualitative or semi-quantitative techniques, such as:

• Hazard matrices
• Risk graphs
• Risk matrices
• Monographs

are often used for risk screening.

• This is in contrast to complex risks that are assessed through more expensive and sophisticated quantitative techniques, such as actuarial and hybrid risk assessment models

How to choose the techniques you’ll need:

The specific techniques used to identify and analyse risks, such as hazard and operational risks, depend on a range of relevant factors, particularly the:

• nature (including business model)
• size
• complexity, and
• the risk profile of the enterprise