Risk assessment is a simple idea with big impact: identify what could cause harm, work out how likely it is and how bad it could be, then decide what you’ll do to eliminate or minimise the risk. Put another way, it’s a structured check that helps you spot hazards before they bite—whether that’s a wet floor, a cyber breach, a faulty lift, or a fatigued driver—and put sensible, proportionate controls in place.
This article gives you a clear, practical overview. You’ll get a plain‑English definition, why risk assessment matters for workplaces and organisations, and the key concepts you’ll hear—hazards, risks, controls and what’s “reasonably practicable”. We’ll walk through the recognised four‑step process (identify, assess, control, review), show how likelihood and consequence feed into a risk matrix, and explain how to choose controls using the hierarchy of control measures. You’ll learn when to assess, who’s responsible, and how to document and review your approach, with examples spanning an office, a warehouse, and vehicles used for business and rideshare. We’ll finish with common mistakes, best‑practice tips, and tools to get you started fast.
Why risk assessment matters for workplaces and organisations
A risk assessment prevents harm before it happens. By spotting hazards early and evaluating likelihood and consequence, you can eliminate or minimise risks so far as is reasonably practicable. This reduces injuries, downtime and costs (including workers’ compensation and absenteeism), strengthens compliance with WHS duties, and covers both physical and psychological risks. Done well, it builds a safety culture, targets spend on the most effective controls, and protects business continuity and reputation.
Key concepts you need to know: hazards, risks, controls and ‘reasonably practicable’
Clear definitions make risk assessment usable day to day. Keep these four concepts front of mind so your decisions are consistent, defensible, and effective.
- Hazards: Things or situations that could cause harm (physical or psychological).
- Risk: The likelihood of harm occurring and how severe the consequence could be.
- Controls: Measures to eliminate or minimise risk using the hierarchy (eliminate → substitute/engineer → administrative → PPE).
- Reasonably practicable: Do what’s achievable considering likelihood, potential harm, what’s known, available/suitable ways to reduce risk, and cost unless grossly disproportionate.
The Australian WHS context: duties, consultation and compliance
Australia uses model WHS laws developed by Safe Work Australia, while the Commonwealth, states and territories regulate and enforce them. Duty holders must eliminate risks, or if not reasonably practicable, minimise them using the hierarchy of control and then review measures. At each step, you must consult workers and their health and safety representatives. “Reasonably practicable” weighs likelihood, potential harm, what’s known, available and suitable controls, and cost (unless grossly disproportionate). Compliance means applying the four‑step process to physical and psychological risks, prioritising higher‑order controls for hazards such as hazardous manual tasks, chemicals, falls, plant/electrical/construction work, noise, confined spaces, and remote or isolated work.
The risk assessment process: identify, assess, control, review
Risk assessment is a practical, four‑step cycle used across Australian workplaces for both physical and psychological risks. You identify what could cause harm, analyse likelihood and consequence, choose the highest‑order controls you can, and then check they work. Consult workers at every step and document what you decide.
- Identify: Look for hazards in tasks, equipment, environment and work design.
- Assess: Consider how harm could occur, how severe it could be, and how likely it is.
- Control: Aim to eliminate; if not reasonably practicable, minimise using the hierarchy of control (engineering before admin/PPE).
- Review: Monitor, verify effectiveness, and improve after incidents or changes.
If hazards and effective controls are well‑known, a formal assessment step may not be required.
How to identify hazards in practice
Hazard identification is a systematic look at your work, equipment, environment and people to find anything that could cause harm. Do it when planning work, introducing change, and after incidents. Include both physical and psychological hazards, and always consult workers and HSRs—frontline insights surface issues that paperwork can miss.
- Walk-through inspections: Spot obvious issues (unguarded plant, cords, spills, blocked exits, poor lighting/ventilation).
- Consultation: Ask workers/HSRs about pain points, near misses and customer-related risks.
- Records review: Check incident/near‑miss and maintenance logs for patterns.
- Documents check: Use safety data sheets for chemicals and manufacturer guidance for plant.
- Work design factors: Remote or isolated work, fatigue, workload, shift patterns, aggression.
- Vehicle-based work: Vehicle condition, loading/manual handling, routes, weather, distraction, driver fatigue.
How to assess risk: likelihood, consequence and risk matrices
Assess risk by estimating consequence and likelihood. Consider hazard scenarios: what could happen if someone is exposed; how severe the harm could be (from first aid to fatality); and how likely it is, given exposure, environment and current controls. Many workplaces use a simple risk matrix that combines consequence and likelihood to produce a risk rating (low to extreme). That rating drives priorities and urgency, with higher‑order controls first. If hazards and controls are well known, you may not need a formal matrix—just record your reasoning.
Choosing controls using the hierarchy of control measures
After you’ve rated the risk, choose the highest‑order control that’s reasonably practicable. The hierarchy of control measures is ranked by protection—eliminate first; if that’s not possible, minimise. Administrative rules and PPE are least effective because they rely on behaviour. Combine measures and consult workers.
- Eliminate: Remove the hazard (e.g., replace a site visit with a remote meeting).
- Substitute: Swap in safer options (e.g., less volatile chemical; safer route/time).
- Engineering: Isolate or redesign (e.g., guarding; reversing cameras and fatigue alerts).
- Administrative: Procedures, training, scheduling and supervision to limit exposure.
- PPE: Last line (gloves, eye/ear protection, hi‑vis); maintain and fit‑check.
Implementing, documenting and reviewing your controls
Turn decisions into action by assigning owners, timeframes and resources. Communicate changes, train workers, update procedures and maintenance schedules, and verify the control is installed or embedded as intended. Monitor performance (e.g., observations, inspections, incident and near‑miss data) to confirm the residual risk is as low as reasonably practicable. Always consult workers during rollout and review, then refine.
- Document: What the hazard is, chosen controls, why they’re reasonably practicable, who’s responsible, dates, and any training/maintenance required.
- Keep evidence: Risk assessments, photos, purchase orders, checklists, sign‑offs and consultation notes.
- Review: After incidents or changes, and periodically, to ensure controls continue to work as planned and remain suitable.
Types and methodologies of risk assessment
There’s no single “best” risk assessment. Choose a method that suits the work, the data available and the decision at hand. Whatever you use should still follow the four steps and favour higher‑order controls under WHS.
- Qualitative: Workshops/inspections plus a risk matrix to rate severity and likelihood.
- Quantitative: Numerical estimates to compare options and set priorities.
- Job Safety Analysis (JSA): Task‑specific, step‑by‑step hazards and controls.
- Safe Work Method Statement (SWMS): Required for high‑risk construction; specifies hazards, controls and implementation.
Risk assessment vs risk management: how they fit together
Risk assessment is the analytical part of risk management. It identifies hazards and evaluates likelihood and consequence, considering existing controls. Risk management is the full, ongoing cycle—identify, assess, control and review—done in consultation with workers. Assessment guides which higher‑order controls are reasonably practicable and how urgent action is. Management then implements, monitors and improves controls, and documents decisions.
When to conduct a risk assessment and who is responsible
Do a risk assessment when planning work; before new equipment or tasks; after any incident or near miss; when staffing, location or conditions change (e.g., high turnover, new sites); and periodically to confirm controls still work. Duty holders must ensure assessments happen and choose controls, consulting workers and HSRs. Workers participate, follow procedures and report hazards.
Examples of risk assessments in different settings: office, warehouse, motor and rideshare
Here are quick, practical snapshots of what a risk assessment looks like in real work. In each case you identify the hazard, judge likelihood and consequence, pick the highest‑order control that’s reasonably practicable, then review with workers to confirm it works and refine as needed.
- Office: Cords and spills; workload pressures. Controls: eliminate clutter, cable management, scheduled cleaning, ergonomic setup, workload planning, and consultation.
- Warehouse: Manual handling; forklift–pedestrian interactions. Controls: mechanical aids, layout redesign, physical separation/marked walkways, speed limiters, training, and hi‑vis.
- Motor (business use): Fatigue; distraction; poor maintenance. Controls: trip planning, eliminate late runs, telematics/fatigue alerts, maintenance schedules, phone‑blocking, breaks policy.
- Rideshare: Late‑night driving; aggressive passengers; unfamiliar areas. Controls: route presets, dashcams where permitted, no‑cash, pickup protocols, de‑escalation training, fatigue limits.
Common mistakes to avoid and best-practice tips
Strong plans fail if basics are missed. Avoid these pitfalls to keep your risk assessment practical and compliant.
- Over‑relying on PPE: Use higher‑order controls first.
- Not consulting workers: Involve them at every step.
- Skipping reviews: Reassess after change or incidents.
- Thin records: Note hazards, controls and reasoning.
- Ignoring psychosocial risks: Include workload, fatigue, aggression.
Tools and templates to get started fast
You don’t need fancy software—simple, consistent templates make risk assessment faster and more defensible. Start small, keep versions, and consult workers as you fill them in.
- Risk assessment form: Hazard, consequence, likelihood, controls, owner, due date.
- Risk matrix: A simple consequence × likelihood grid to prioritise.
- Hazard inspection checklist: Room, plant, and task prompts.
- JSA template: Step-by-step task, hazards, controls, residual risk.
- SWMS template: For high‑risk construction work—hazards, controls, implementation.
- Incident/near‑miss log: Track trends and trigger reviews.
- Vehicle safety checklist: Pre‑start checks, fatigue/breaks, routes and weather.
Key takeaways
Risk assessment is a structured way to spot hazards, weigh likelihood and consequence, and choose the highest‑order controls that are reasonably practicable. In Australia, applying the four‑step cycle—identify, assess, control, review—across physical and psychological risks, with worker consultation and clear records, turns intent into safer work, fewer incidents, and lower business costs.
- Start with elimination: Favour substitution/engineering before admin rules and PPE.
- Consult workers at every step: Frontline insights surface real‑world hazards and fixes.
- Prioritise by risk rating: Tackle high consequence/likely scenarios first.
- Document decisions and why: Record controls and why they’re reasonably practicable.
- Review after change or incidents: Verify controls work and keep improving.
For tailored cover that supports your motor risk controls and budgets, visit National Cover.
