Hazard vs Risk
One of the most common issues I see in the risk management world is confusion between what is a risk and what is a hazard.
A hazard is actually a source of risk; it’s not the risk event itself. The challenge though is how do you transpose the hazard into a risk statement that allows for it to be managed?
The definition of a risk from a safety perspective is that a risk is equal to the hazard times the exposure. A hazard could be a tool, process or a piece of equipment – but the hazard is not the risk.
Here’s an example: working at heights is a hazard, but that’s not the risk. There are a couple of risks that come from that hazard working at heights. First and foremost, a worker can fall from heights and you can actually determine what controls you have in place, and the effectiveness of those controls when determining the likelihood of the risk occurring.
We could have a second risk from that which is that a worker drops equipment or tools from that height. Obviously there are different controls around that and you would then look at the likelihood of that event occurring based on the effectiveness of the controls.
The most common thing I see, however, is hazards being assessed as risks. What I mean by that is that once a hazard is identified, a risk assessment is conducted on the hazard without actually working out what the risk is first.
I have also observed safety practitioners holding the belief that the management of safety risk differs from the management of any other type of risk, however, that could not be further from the truth. The management of safety risk can – and should – follow the risk management process in the ISO31000 Standard as shown in the diagram below:
If this process is not followed we can over-rate the severity of a risk by focussing purely on the consequence of the hazard without also looking at the Likelihood of the risk occurring.
A sweet example is a well-meaning safety person of an organisation I was working with had decided that the mangos falling out of a tree was a hazard. The risk that should have been identified was – mango strikes person walking under the tree. The Likelihood is relatively low as not many people walk under the trees but even if were to say it is Possible, the consequence of a mango landing on someone’s head is that they will have sweet smelling mango hair given that the reason mangos fall out of trees is because they are ripe.. His plan to chop down all the mango trees was an extreme response to a hazard that wasn’t posing such a great risk – it was way out of proportion.
So let’s get some common sense in this: identify the hazard, transpose that hazard into a risk/s look at the exposure and identify the controls and their effectiveness to determine the Likelihood of the risk and then ask yourself the question, what is the most likely consequence if this risk occurs. From this analysis you can determine a risk level and then manage the risk as you would any other.
As much as it may be commonly believed that the management of safety risk differs to other types of risk it is simply not the case. Safety risk management is not special.
Remember, the greatest hazard facing your organisation is turning a blind eye to risk management which can lead to exposing your organisation to unnecessary risks.
Get your organisation on the front foot and integrate risk managers into your organisation with a Paladin Risk Management course today!
For more information about the Paladin Risk Management courses click here. There’s a risk to not managing risk!