Trial Contact Us
Tim's Blog
Back to Resources

How to address risks and opportunities in ISO 45001

Written by Tim Hamilton

Risks and opportunities play a crucial role in the implementation of a Safety Management System (SMS) and its effectiveness to achieve its intended outcomes, comply with legal and other requirements and prevent work-related injury, illness and fatalities.

 

Determining and managing risks and opportunities is a critical activity in ISO 45001. It requires ongoing, proactive and systematic planning and processes to ensure the continued safety of workers and the continual improvement of safety performance and compliance.

 

In this blog I will take you through what risks and opportunities are in relation to Clause 6.1.2 of ISO 45001, how to identify, control and mitigate risks and how to identify and determine opportunities with processes from our Safety Management System documentation package and offer guidance on building ISO 45001 risk and opportunities registers.

 

 

 

What are risks and opportunities?

In a workplace safety management context, risks represent the likelihood of workplace hazards occurring and their severity for causing physical or psychological harm, financial loss, operational failure or reputational damage, among other things.

 

In the same context, opportunities are circumstances or actions that allow for the possibility of positive outcomes such as the risk elimination and SMS improvement.

 

ISO 45001 requires organisations to consider both sides of the coin, the potential threats (risks) and the potential benefits (opportunities).

 

Some risk and opportunity examples

 

Risk Opportunity
Workers suffering physical injuries due to lack of ergonomic practices while working from home Conduct ergonomic assessments on home office set ups and provide ergonomic training to workers
Increase in musculoskeletal disorders from repetitive strain Invest in new technologies to minimise monotonous and repetitive work
Health issues for workers handling products with potentially harmful materials Source alternative products with safer materials
Work-related stress due to product delays and irritated customers Offer counselling for workers dealing with stress and provide adequate training in customer conflict

 

 

 

 

Identifying and managing risks

As risk is related to the likelihood and severity of hazards occurring, identifying and managing risks requires identifying and assessing the hazards associated with your SMS.

 

Identifying the hazards associated with your SMS

Hazards can be physical, chemical, biological, psychosocial, mechanical, or based on movement and energy. Hazards can arise from multiple sources within and around the workplace. Some hazards may be easy to identify, such as chemical spills or misuse of machinery, and others may not seem so obvious.

 

To comprehensively identify all your hazards, you should implement ongoing and proactive processes that capture hazards throughout the entire life cycle of any work area, process, project, equipment or product – from conception to decommissioning.

 

Ensure you capture not just new hazards but changed hazards too, especially those associated with any recent or proposed changes to the organisation’s operations, activities, plant or equipment.

 

Involve your staff in your hazard identification processes as they have the best understanding of how work is performed under varying conditions, and also knowledge of what conditions might lead to potential risks.

 

Here are some factors to consider in your hazard identification:

  • how the worker, activity and work area interact and impact work health and safety
  • the design of work areas, processes, installations, machinery/equipment, operating procedures and work organisation
  • routine and non-routine use of infrastructure, tools, equipment, materials and hazardous substances
  • physical conditions in the workplace such as temperature, noise, etc.
  • potential emergency situations, including those which may require urgent evacuation
  • start up, shutdown, infrequent maintenance and cleaning
  • the results of any recent health and safety audits
  • past incidents or near-misses
  • changes to legal and other requirements that might require additional controls or monitoring
  • any new needs and expectations of key stakeholders or interested parties.

 

Performing risk assessments on the hazards associated with your SMS

A safety risk assessment helps determine the likelihood and severity of incidents associated with each hazard occurring and the type and immediacy of risk management controls and mitigation strategies.

 

ISO 45001 does not stipulate a risk analysis process to be used to identify risk levels, however it does require that the risk assessment process adopted adequately captures all risks (including health and safety risks, operational risks, project risks, external risks etc.) and is ongoing, proactive and systematic.

 

As with your hazard identification, your risk processes should be developed in consultation with your staff.

 

This is an example of a simple risk analysis process used in our SMS documentation package. It uses a risk matrix to obtain an overall risk score for each identified hazard. A high overall risk score means a high likelihood of an incident occurring and/or a severe injury to a worker.

 

 

 

 

Controlling and mitigating risks

Knowing the risk levels for each identified hazard allows for more informed decision making on risk management activities and mitigation strategies. Measures can be focused on the hazards that present the more critical risks to worker health and safety, SMS performance and legal compliance.

 

When establishing and implementing your risk controls, ISO 45001 requires organisations to work through the hierarchy of controls, a systematic approach aimed at eliminating or, if not practicable, reducing risks to levels as low as reasonably practicable in operational areas and activities.

 

In addition to the hierarchy of controls, I also suggest considering the following criteria:

  • adequate resource allocation (e.g. budget, staff time, approval) to implement and maintain the risk controls
  • alignment with business strategy and requirements, and any specified operational criteria
  • compliance with legal and other requirements
  • any additional potential or emerging risks resulting from the risk control
  • any training or competence-testing required for staff related to the risk control
  • the development or modification of work procedures.

 

As with hazard identification and risk assessment, risk management should be proactive and ongoing with risk controls regularly reviewed to ensure their continued effectiveness and suitability for controlling and mitigating risks. Consult with staff on these reviews and improve any risk control issues.

 

 

 

 

Identifying, determining and evaluating opportunities

If you see risks as the “negative effect” of a hazard, then opportunities can be seen as the positive counteraction. Opportunities lead to risk mitigation strategies and improvement actions to strengthen health and safety performance and ensure the SMS achieves its intended outcomes.

 

Opportunities can stem from the same sources as risks, i.e. new or existing hazards and legal and other requirements, as well as from the organisation’s context statement, needs and expectations of interested parties, ideas raised in staff discussions or staff meetings, even planned changes to your organisation, policies or processes, among other things.

 

As with risk management, opportunity management requires ongoing, proactive and systematic processes to determine which opportunities offer the best benefit and improvement potential as well to regularly monitoring and evaluation of their effectiveness and suitability.

 

There is no mandated opportunity management process in ISO 45001, but a method we use in our SMS documentation package, is determining beneficial and improvement potential by ranking each opportunity (low, moderate or high) in five categories – risk reduction, legal compliance, corporate image, interested parties and cost savings.

 

 

 

Documenting your risks and opportunities

ISO 45001 requires you to document and retain all information, methodologies and criteria relating to your risk and opportunity management.

 

A risk register and opportunity register offer the most effective method for recording risk identification and assessment data and opportunity data. Templates for both of these registers are in our SMS documentation package.

 

These registers not only serve as evidence of compliance with your ISO 45001 requirements, but they also serve as visual tools to help staff to identify the behaviours and hazards that could significantly impact health and safety, and for senior management to plan for future events and emerging threats.

 

Information to include in your registers

Here are some pointers to help you build your risk and opportunity registers.

 

Risk register:

  • Details about the hazard and its associated activity
  • The risk levels for each hazard
  • Any legal or other requirements associated with the hazard
  • The operational controls for the hazard

 

Opportunity register:

  • Details of the opportunity
  • How the opportunity will improve health and safety performance
  • The benefit rankings of the opportunity
  • Current performance
  • Improvement ideas and measures

 

 

To learn more about our SMS documentation package or to view a sample pack, contact us today.