10 Implementing: Risk Assessment

Having learned the importance of hazard identification, and some tactics to compile a thorough list of potential sources of harm in the workplace, it is now time to understand how to assess WHS risk.

Learning Objectives

This chapter explains:

  • The objective of WHS risk assessment.
  • The difference between likelihood and probability.
  • Risk assessment techniques.
  • The important role of workers in risk assessment and Safety I versus Safety II approaches.

Risk assessment identifies, for each hazard, the “likelihood and consequence of injury or harm occurring” (Standards Australia & Standards New Zealand, 2001, p. 5).  What do risk assessment tools do?  They aim to facilitate the ranking of the likelihood, and consequences, of an interaction between the hazard and workers, plant and/or the environment.


In risk analysis, it is useful to begin by connecting hazards with their potential harm.  Wide-reaching tools, such as brainstorming and using scenarios (see Box 10.1), are useful to understanding the hazard’s potential behaviour in different work contexts and conditions.


Box 10.1: Risk assessment strategies


A transcript of this video is available here.

Source: Sheridan, L. (producer, narrator) & Treadwell, L. (producer). (2019). Excerpt from Video 6: An introduction to work health and safety management. Preston, A., (audio engineer); Orvad, A., (artist) and Franks, R., (animator), Learning, Teaching and Curriculum, University of Wollongong, Australia. YouTube

Beginning broadly, and working down to task-specific risk assessments, is only achievable through extensive worker consultation.  What the workplace looks like, and how the hazard behaves, can be different. In Risk Assessment Example 1, seeking to understand the consequence of sunlight exposure leads to consideration of sun sensitive workers, sunstrike and, following a conversation with a worker, discovers a range of unexpected potential hazards that may have been left undiscovered should worker consultation have not have occurred.


Risk Assessment Example 1: Exposure to sunlight (and the Glastonbury Festival!)

Due to public health efforts, awareness of common harms (consequences) of exposure to sunlight, such as UV exposure being linked with skin cancer, are relatively well known.  However, some people are more sensitive to sunlight than the general population and “a medical assessment may be required to assess whether an offer of employment is in the mutual interest” (The University of Queensland, 2022, Section 3.0).  If already employed, reasonable adjustments to roles may be required if prolonged sun exposure is currently a requirement of the job.

Through brainstorming and the use of scenarios, workers may identify less commonly known risks specific to their work team that make a usually controlled hazard, hazardous for them—such as sunstrike (see Figure 10.1).  Waka Kotahi (the New Zealand Transport Agency) identifies sunrise and sunset as “a very dangerous condition to drive in” as the sun is low in the sky and usual hazard controls, such as a vehicles sun visors, are ineffective (Waka Kotahi, n.d., para. 1).  Between 2013 and 2017, sunstrike-related crashes led to 21 deaths and 780 injuries (Tischler, 2018).

The rising sun causes glare on a dirty windshield in an urban street. The image almost appears to be in black and white.

Figure 10.1: Sunstrike reduces driver visibility
Source: “Morning glare through a dirty windshield!” by Bethesda Magazine, flickr.com, CC BY 2.0

British bakery delivery driver Steve Thomas begins his shift at 1.15am and concludes his shift at 11.30am (Empson, 2021); this potentially exposes him to sunstrike every single day.  Sunstrike will also be seasonally impacted, it will be worse in winter when the sun is lower in the sky expanding the sunstrike window for a longer period each day (Tischler, 2018).  However, further discussion (worker consultation) with Steve reveals other task-specific risks and uncovers a particularly an unexpected one: the Glastonbury Festival!  What could a music festival have to do with risk to a bakery delivery driver?

A crowd of thousands look towards a performance on a large stage. There are many different flags flying ranging from different countries to a smiley face icon. Many of the crowd have there hands up.

Figure 10.2: Glastonbury Festival attendees enjoying a performance.
Source: “Glastonbury Festival (2010)” by Neal Whitehouse Piper, flickr.com, CC BY-SA 2.0

Paul Empson, General Manager of Bakers Basco, rode along with Steve Thomas for the day and discovered:

For Steve, the early mornings are becoming more challenging as he gets older. Road rage among car drivers has increased over the years and he notes that, with people more and more in a hurry these days, there is a lack of tolerance generally on the roads towards fellow drivers.  Added to that, the carnage caused on the roads of Steve’s route around Glastonbury each year has a knock-on effect with delivery times and additional hours due to heavy traffic. (Empson, 2021, para. 18)

Spending time with Steve has revealed 1) potential age-related fatigue (see Medical University of South Carolina, 2023), 2) a psychosocial hazard, road rage, and 3) that the Glastonbury Festival creates traffic congestion which likely would amplify Steve’s fatigue, his exposure to road rage and contact with drivers heading for the festival who may be less familiar with the roads.

It is only by taking a broad approach that unique, job specific, risks of harm can come to be understood.  Sometimes at this stage, like in this example, additional hazards will be identified, and these will need to be added to the hazard register.



Once all possible potential links between a hazard and a consequence are identified, it is time to focus in on assessing the likelihood of the consequence occurring.  Broadly speaking there are three types of risk assessment: large scale assessment “for large scale complex hazard sites”, required specific assessments “that are required under specific legislation or regulations” or general assessments as part of due diligence to comply with WHS legislation and WHS regulator expectations (Safety Culture, 2023, para. 8).  Large scale assessment will probably require risk assessment specialists.  The accuracy and effectiveness of required specific assessments and general assessments will benefit from authentic worker engagement during the consultation process and this could even extend to include worker consultation on the choice of risk assessment tools to be adopted for the task.

No matter the specific tool, this aspect of risk assessment is focuses on the ‘likelihood’ that the consequence of the hazard interacting with the workers, plant or environment will be harm.   The likelihood of the harm occurring is ranked from low to high (see Table 10.1).  The magnitude of the potential harm is then usually described and classified according to its severity from low to high (see Table 10.2).


Table 10.1: Likelihood hazard-related incident scale (1–5)

Likelihood 1 2 3 4 5
Likelihood of an incident relating to this hazard Highly unlikely Unlikely Possible Likely Very likely
Source: Lynnaire Sheridan


Table 10.2: Injury severity scale (1–5)

Harm 1 2 3 4 5
Severity of likely harm Minor Moderate Serious Severe Critical
Source: Lynnaire Sheridan, adopting Susan Baker’s Injury Severity Scale retrieved from MD+Calc (2023)

At this point, some organisations will combine the consequences and likelihood scales together into a table.  Some of the tables propose that consequence severity and likelihood be added together (summed) whereas others suggest that they are multiplied (as per Table 10.3).


Table 10.3: Hazard prioritisation (likelihood x severity)

Hazard Likelihood Severity Risk Score
Hazard Example 1

High likelihood-high consequence

5 5 25
Hazard Example 2

Medium likelihood-medium consequence

3 3 9
Hazard Example 3

Low likelihood-high consequence

1 5 5
Source: Lynnaire Sheridan

Other organisations will prefer to generate a risk matrix (see Figure 10.3).  In a risk matrix, the low probability–low severity are often represented in green to infer these risks do not merit hazard control.  High probability–high severity risks are often red to infer they are unacceptable risk and that hazard control efforts must be taken.  Finally, there will be risks, often represented by yellow or orange, that are medium risks.  Medium risks are assumed to be ones that can be managed using an As Low As Reasonably Practicable (ALARP) or So Far As Is Reasonably Practicable (SFAIRP) approach (Wolters Kluwer, n.d.).

A risk assessment matrix with severity on the x-axis and probability on the y-axis. The matrix is color-coded with red, yellow, and green to indicate high, medium, and low risk respectively. The table is divided into 9 cells, each with a risk rating and a numerical value. The highest risk rating is “High - 9” in the top left corner, and the lowest risk rating is “Low - 1” in the bottom right corner. The matrix has labels for the axes and the cells in English.

Figure 10.3: 3 x 3 risk matrix
Source: Lynnaire Sheridan, modified from Vector Solutions (2019)

The key challenge for Table 10.3 and Figure 10.3 is that they are fundamentally built on the flawed assumption that likelihood is objective and that matrices objectively calculate priorities for actioning.  These two assumptions can result in risk management errors that have led to large-scale critical incidents.

Assumption error 1: Likelihood is objective, like probability

It is vital to understand that collective negotiation of the likelihood that a particular hazard will cause an identified corresponding harm is a subjective, not an objective, decision.  While data may inform some aspects of the likelihood of occurrence, often it requires speculation of the timeframe and/or likely severity of the consequence; it is not based on mathematical or statistical probability.

Many different factors can impact on individual risk perception including a person’s pre-disposition towards optimism or pessimism (optimists reduce the likelihood of the risk and pessimists the inverse), how numerate they are (more numerate people use data better and tend to be less risk biased), personal experience (lived experience of harm increases perceived likelihood of the risk), control over the risk (uncontrolled risks are perceived as more dangerous) and mood (angry people experience reduced risk perception and fearful individuals have amplified risk perceptions) (Ferrer & Klien, 2015).  Likelihood is not a fixed value but it is instead based on the perceived likelihood as generated collaboratively by the stakeholders involved, based on what they know and what they perceive at that time.

In summary, likelihood is “the chance that something will happen” (Cambridge Dictionary, n.d., para. 1) and is not the same as mathematical probability (see Porter, n.d.).  This distinction is important in safety management as the term likelihood should be used instead of probability because the actual probability of when a hazard will generate a particular harm is currently incalculable.  However, risk tables and matrices complexify the misconception of likelihood as probability because often qualitative perceived likelihood is presented on rating scales using numbers (see Tables 10.1 and 10.2).  It is then tempting to generate an overall ‘sum’, or simple multiplication (see Table 10.3) of likelihood and consequence but, as explained above, likelihood is based on risk perception rather than risk probability.  There are no ‘real’ numbers assigned to risk matrices and therefore it is not possible to do calculations using it (Wolters Kluwer, n.d.).


Assumption error 2: Matrices (or tables) reflect the ‘actual’ priority

Risk tables or matrices are perceived as effectively ranking the risks of hazards from high to low, in many cases this is simply not true.  Consider Table 10.3 Hazard prioritisation (likelihood x severity), it is based on the mathematical logic of one organisation’s online risk assessment tool (it will remain anonymous as it is erroneous).  Hazard Example 1, the high likelihood-high consequence hazard, achieved a risk assessment score of 25.  Hazard Example 2, the medium likelihood-medium consequence hazard, achieved a risk assessment score of 9.  Hazard Example 3, the low likelihood-high consequence hazard, achieved a risk assessment score of 5.  Figure 10.3, the risk matrix, ranks hazards similarly.

The flaw is that both Table 10.3 and Figure 10.3 place the lowest priority for action on low probability–high consequence events.   Poorly designed tables and matrices inadvertently lead to low probability–high risk critical incidents being completely overlooked (Wolters Kluwer, n.d.).  This was one of James Reason’s insightful discoveries when investigating large-scale WHS incidents and why they were still occurring despite the existence of functional safety management systems (Reason, 1997), Hudson also mentions this in his video (see Chapter 6).  Dekker proposes improper use of risk tools has focused organisations on resolving less complex hazards.  Ironically when a organisation succeeds “in lowering a non-serious injury incident rate [it] definitely puts an organization at greater risk of accidents and fatalities” (Dekker, 2018, p. 8).  Due to their flaws, efforts are being made to create and implement alternatives to risk matrices in the field of risk assessment (see Box 10.2).

Box 10.2: Developments in risk assessment

Adequately capturing low probably–high risk hazards for meaningful consideration during risk assessment is a challenge, one which is beyond the capabilities of risk matrices.  Ortwin Renn presents an alternate model for risk assessment (German Advisory Council on Global change, 1998).  His approach seeks to move beyond likelihood and probability, to adequately consider what acceptable risk actually is (reasonably practicable) from a societal perspective (Government Office for Science, 2011).

Through the German Advisory Council on Global Change, Renn proposes six risk classes (assigned names from Greek mythology) derived from nine overarching concerns derived from experts and the general public: “extent of damage, probability of occurrence, incertitude, ubiquity, persistency, reversibility, delay effect, violation of equity and potential of mobilization” (Government Office for Science, 2011, p. 42).  Risk class descriptors encapsulate the characteristics of the risk challenges they represent:

  1. Damocles. Risk sources that have a very high potential for damage but a very low probability of occurrence. e.g. technological risks such as nuclear energy and largescale chemical facilities

  2. Cyclops. Events where the probability of occurrence is largely uncertain, but the maximum damage can be estimated. e.g. natural events, such as floods and earthquakes.

  3. Pythia. Highly uncertain risks, where the probability of occurrence, the extent of damage and the way in which the damage manifests itself is unknown due to high complexity. e.g. human interventions in ecosystems and the greenhouse effect

  4. Pandora. Characterised by both uncertainty in probability of occurrence and the extent of damage, and high persistency…e.g. organic pollutants and endocrine disruptors.

  5. Cassandra. Paradoxical in that probability of occurrence and extent of damage are known, but there is no imminent societal concern because damage will only occur in the future. There is a high degree of delay between the initial event and the impact of the damage. e.g. anthropogenic climate change.

  6. Medusa. Low probability and low damage events, which due to specific characteristics nonetheless cause considerable concern for people. Often a large number of people are affected by these risks, but harmful results cannot be proven scientifically. e.g. mobile phone usage and electromagnetic fields. (Government Office for Science, 2011, p. 42)

Firstly, these descriptors appear conceptually translatable to smaller-scale organisational scenarios despite being designed to address global environmental risk.  Secondly, low probably–high risk situations become clearly visible for consideration.  Renn explains that the descriptors are particularly useful to reduce the “gap between the layperson’s risk perception and expert risk analysis” (Renn & Klinke, 2004, p. S44).

If adopting this perspective, risk assessment is conceptualised as the probability of occurrence versus the extent of damage (see Figure 10.4).  The goal of this model is to recognise which class a risk scenario falls into and, ideally, to move it from the outer intolerable area towards the normal areas so it can be managed on a day-to-day basis (the hazard is ‘controlled’).  Their model is based on the premise that risks can shift classes as their threat is downgraded, for example Pythia can downgrade to Cyclops through the implementation of risk management strategies (German Advisory Council on Global change, 1998).


The image is divided into three areas. The smallest area is green, the normal area, and this occurs on the bottom left side of the image. The medium area is a yellow colour, and it corresponds to the intermediate area. The largest area, comprising over half the entire image, is positioned on the diagonal towards the upper right side of the image and it corresponds to the intolerable area and is a red to orange colour. Five of the classes of risk are blue in colour and are positioned as different shapes within (or cutting across) these green, yellow or red to orange coloured areas. Medusa is an egg shape entirely situated in green normal area. Pythia is a large circle mainly contained within the yellow intermediate area but a third of it crosses into the red intolerable area. Cyclops is shaped like a surfboard and comprises about the same area as Medusa but is situated between intermediate and intolerable, similar to Phythia. Damocles is a small circle which, again, sits between intermediate and intolerable similar to Phythia and Cyclops. Cassandra is an egg shape that appears to be approximately double the size of Medusa, three times as large as Cyclops, many times the scale of Damocles and about a third of Pythia. It is situated entirely within the intolerable area. Pandora, the final risk class, is predominantly coloured in a lighter version of the red to orange colour. It is a little larger than Pythia but its shape is irregular appearing to be an informal star shape. It is mainly in the intolerable area, but the bottom of the star appears to melt into the intermediate and normal areas taking on a more transparent form of those area’s colours.

Figure 10.4: A typology of risk
Source: Renn (2004) adapted from original by German Advisory Council on Global Change


Alongside of their model, to actually enhance risk management, Renn and Klinke (2004) suggest management strategies appropriate for each class of risk (see Table 10.4).  They propose that Damocles and Cyclops respond best to science-based management.  Pythia and Pandora require application of precautionary principles.  Cassandra and Medusa risks should be managed via discursive approaches.  Notably, discursive approaches are a more transparent approach to risk management compared to matrix tables and their numerical scales that infer objectivity, while actually being based on the perceived likelihood attributed by stakeholders when engaging in risk assessment in any given workplace at any given time.


Table 10.4: Renn and Klinke’s proposed management strategies for each risk class

Management Risk class Extent of damage Probability of occurrence Strategies for action
Science-based Damocles












Reducing disaster potential

Ascertaining probability

Increasing resilience

Preventing surprises

Emergency management

Precautionary Pythia












Implementing precautionary principle

Developing substitutes

Improving knowledge

Reduction and containment

Emergency management

Discursive Cassandra












Consciousness building

Confidence building

Public participation

Risk communication

Contingency management

Source: Lynnaire Sheridan, modified from Renn & Kinke (2004)

While Renn’s approach may not entirely be relevant to WHS, or applicable at the scale of an organisation, its philosophical premise is useful when critiquing risk assessment tools to ensure that they are robust in the prioritisation of risk.


Further reading:

Renn, O., & Klinke, A. (2004). Systemic risks: a new challenge for risk management. EMBO Reports, 5(51), S41 – S46. Retrieved from https://www.embopress.org/doi/epdf/10.1038/sj.embor.7400227


Risk assessment in the field

Due to change blindness, it is important before a worker begins a task that they undertake a quick risk re-assessment.  While a formal risk assessment for their workplace hazards should have already taken place, via the processes outlined above, things can and do change in the workplace.  Changes relevant to a worker’s safety need to be noticed, and acted upon, to ensure the risk that a hazard poses remains stable day to day (with the exception being when the safety management system identifies an opportunity for improved hazard control).

Hazard identification, and then risk assessment, may be required ‘in the field’ for workers who undertake their work in different environments.  While they should be familiar with the hazards that their equipment poses, requiring risk re-assessment, it is important that they pause to consider what hazards exist in their less-familiar surroundings.  Two risk assessment tools that are often used in the field are Take 5 and Checklists (see Box 10.3).

Box 10.3: Tools for worker risk assessment ‘in the field’

This video explains two risk assessment tools, Take 5 and Checklists, that are particularly useful for workers who undertake work outside of regular workplaces i.e. ‘in the field’.


A transcript of this video is available here.

Source: Sheridan, L. (producer, narrator) & Treadwell, L. (producer). (2019). Excerpt from Video 6: An introduction to work health and safety management. Preston, A., (audio engineer); Orvad, A., (artist) and Franks, R., (animator), Learning, Teaching and Curriculum, University of Wollongong, Australia. YouTube

It must be acknowledged that, in this context, risk assessment is heavily dependent on the worker authentically engaging. Dekker (2018), in Safety Anarchy, warns that these types of procedures become bureaucratic; in a worst-case scenario they might even be designed at head office and pushed out to work sites leading to worker skepticism (see Box 6.3).  Risk assessment by workers of their work is heavily reliant on this procedure being embedded within a functional safety culture. Box 10.4 presents one company’s clever solution when seeking to raise up their safety culture and communicate their new expectations to their employees.  Effectively, it expects workers to engage in informal risk assessment and, importantly, to take action to reduce the risk posed by the hazard.

Box 10.4: ‘Don’t walk on by’ worker risk assessment training

This is a safety culture training video designed to encourage staff to risk assess their environment and take action, where possible, to reduce potential worker interactions with hazards through ‘good housekeeping‘.



Source: “Don’t Walk on By” Safety Music Video by Nick James Productions, YouTube


Risk signage

Risk signage is designed to raise the awareness of staff (and potentially visitors) to a hazard in their immediate environment and usually communicates a common consequence caused by that hazard with graphics used to overcome any language barriers (see Figure 10.5).


A yellow triangle sign demonstrates a head potentially hitting a low beam. The text is in a language other than English.

Figure 10.5: Hauteur reduite [Reduced Height]
Source: “Hauteur Reduite [Reduced Height]” by Leo Reynolds, flickr.com, CC BY-NC-SA 2.0

Many will be fixed signs whereas others are portable if the hazard is only present occasionally, such as Figure 10.6 for use only when the floor is wet.

A yellow portable sign says wet floor and demonstrates a stick figure person slipping and falling.

Figure 10.6: A portable wet floor sign can be placed by cleaners to warn of the slip, trip and fall hazard posed by slippery wet floors
Source: “Stock photo image of a yellow ‘caution wet floor’ sign” by Rainbow International, flickr.com, CC BY 2.0

Finally, some other signs simply state the hazard as being present, in this case a toxic gas is used at this workplace (see Figure 10.7).

A sign states danger poison gas

Figure 10.7: Danger sign advising that a poisonous gas is at the work site
Source: VectorPortal, CC BY 4.0

Tabal et al. (2023) found that safety signage is most accurately interpreted, and effectively used, when workers have undertaken general safety training as well as sign-specific training.  Moreover, use of signs improves as workers age and/or acquire greater work experience.  So while signs inform workers of the hazards, adherence to their message is enhanced when organisations also educate and train workers on the purpose of signage.

 Safety I versus Safety II

In concluding this chapter, it is important to discuss Safety I versus Safety II.  The transition from Safety I to Safety II is fundamentally a shift in mindset from focusing on what went wrong in an incident (Swiss Cheese Model) to what goes right day to day. It extends beyond considerations of safety culture (Reason, 1997; Hudson, 2007) towards a much more worker-centric approach to safety management, perhaps returning back towards Weick & Sutcliffe’s (2001) discussions of the mindfulness of workers in high reliability organisations.  Safety I’s focus is on people as a source of error, whereas Safety II sees them as a “resource necessary for system flexibility and resilience” (Hollnegal et al., 2015, p. 4).

The shift from Safety I to Safety II is maybe no where more apparent than as reflected in the certification standards, as impacting on risk assessment.  For AS/NZS 4801:2001 the focus was on taking organisations through the steps of the safety management system, adopting scientific management’s task orientation, whereas ISO 45001:2018 diagrammatically (see Figure 6.4) depicts leadership commitment and workers at the centre of safety management, reflecting a greater emphasis on human relations managerial approaches as critical to fostering the intrinsic worker motivation upon which safety management has always actually relied.

The emergence of Safety II recognises that everyone in the business, no matter their rank or status, must prioritise safety and take appropriate action in accordance with their role.  In acknowledging the importance of front-line workers in their own safety, and that of others around them, we see James Reason’s flexible culture (Chapter 6) coming to life through efforts to balance a system’s administration with ‘Do’ and ‘Act’ (Plan-Do-Check-Act) to achieve continuous improvement.  Whereas Safety I emphasises in the field risk assessment checklists, Safety II is more likely to encourage mindfulness, such as Take 5 (see Box 10.3).


Having completed risk assessment, and having contextualised its underpinnings during a time of transition from Safety I to Safety II, the next chapter will focus on how to control the risk associated with the hazard through hazard control.




Share This Book