Occupational health and safety risk assessment methodologies
Introduction
Workers should be protected from occupational risks they could be exposed to. This could be achieved through a risk management process, which involves risk analysis, risk assessment and risk prevention and control practices. In order to carry out an effective risk management process, it is necessary to have a clear understanding of the legal context, concepts, risk analysis, assessment and prevention and control processes and the role played by all involved. It is also desirable to base risk management on solid and tested methodologies.
Prevention of occupational risks
Employers have to take the necessary measures for the safety and health protection of workers, including prevention of occupational risks. This is a basic legal obligation in SA. This basic legal obligation is stated in Construction Regulations 2014 on the introduction of measures to encourage improvements in the safety and health of workers at work, which was transposed into national laws. It should be noted that OHS Act can introduce more rigorous provisions to protect their workers.
For preventing occupational accidents and ill health, employers must carry out a risk assessment, and decide on prevention measures and, if necessary, to use personal protective equipment. It is recommended to review the risk assessment on a regular basis and in particular each time a change occurs at the workplace, e.g. the use of new work equipment or chemicals, changes in the work processes or modifications to the work organisation.
Risk assessment is not only a legal duty but also good for business. Avoiding and reducing risks reduces work-related accidents and health problems, leading to cost benefits and improved productivity. Risk assessment is a dynamic process that allows companies and organisations to put in place a proactive policy for managing occupational risks. Therefore, risk assessment constitutes the basis for implementation of appropriate preventive measures and, according to the Directive; it must be the starting point of any Occupational Health and Safety (OHS) Management system. An OHS Management system should be integrated in the company’s management system. An OHS Management system allows to develop a systematic approach to OHS Act. Risk assessment is a step in the OH&S risk management process.
Basic concepts
Basic concepts in risk management are the definitions of hazard and risk.
Hazard: source or situation with a potential to cause injury and ill-health i.e. an adverse effect on the physical, mental or cognitive condition of a person. Examples of physical hazardous sources or situations can be working on a ladder, handling chemicals or walking on a wet floor. Examples of psychosocial hazardous sources or situations are job content, job insecurity, isolation, bullying or harassment.
Risk: effect of uncertainty. Occupational health and safety risk: combination of the likelihood of occurrence of a work-related hazardous event or exposure(s) and the severity of injury and ill health that can be caused by the event or exposures.
A psychosocial risk is defined as a combination of the likelihood of occurrence of exposure to work-related hazard(s) of a psychosocial nature and the severity of injury and ill-health that can be caused by these hazards. Hazards of a psychosocial nature include aspects of work organisation, social factors at work, work environment, equipment and hazardous tasks.
Risk assessment can be defined as the process of evaluating the risk to the health and safety of workers while at work arising from the circumstances of the occurrence of a hazard at the workplace [4]. This definition stems from the guide elaborated by the OHS Act to provide practical assistance for the implementation of the risk assessment requirements from the framework directive. However, it should be noted that the concept of risk assessment is not only used within the context of OH&S but it can also relate to financial, environmental, socio-economic, technical and other aspects. A Risk Assessment Framework (RAF) process is provided in Occupational Health and Safety Act No. 85 of 1993 and regulations as amended. This standard describes risk assessment as the overall process of (1) Identifying hazards, (2) Assessing the risks, (3) Controlling the risks, (4) Recording findings and (5) Reviewing the controls:
1. Identifying hazards: This means looking for those things that have the potential to cause harm
2. Assessing the risks: This is the process of assessing risks is a systematic way to consider what could go wrong and how to mitigate the impact
3. Controlling the risks: is a process that involves identifying and reducing potential threats to a company or organization
4. Recording findings: Include evidence that you’ve taken into account everyone who could be affected and their vulnerability
5. Reviewing the controls: refer to a number of different processes, including internal control reviews, risk control reviews, and hazard control reviews
Risk management
Risk management is an iterative and cyclic process.
Following the methodology PDCA (Plan-Do-Check-Act) risk management is a systematic process that includes the examination of all characteristics of the work system where the worker operates, namely, the workplace, the equipment/machines, materials, work methods/practices and work environment. The aim of risk management is to identify what could go wrong, i.e. finding what can cause injury or harm to workers, and to decide on measures to prevent injuries and ill-health and implement the measures.
It is important that employers know where the risks are in their organisations and prevent or keep them under control to avoid putting employees, customers and the organisation itself at risk. The main goal of risk management is to eliminate or at least to reduce the risks according to the ALARP (as low as reasonably practicable) principle. A key aspect in risk management is that it should be carried out with an active participation/involvement of the entire workforce. Carrying out risk management requires a step-by-step approach.
Step 1: Preparation of the process
The preparation of the risk management process involves several activities, namely:
· Identification of exposed workers – particular attention should be given to:
o workers with special needs, such as pregnant women, young workers, aging workers and workers with disabilities;
o maintenance workers, cleaners, contractors and visitors
· Description of tasks, work equipment, materials, and work procedures;
· Consideration of work patterns and organisational aspects;
· Consideration of external factors that could affect the workplace;
· Identification and description of implemented prevention measures;
· Data on workplace incidents, near-misses, injuries and work-related health problems; and
· Identification of legal requirements, standards or company regulations.
Several means can be used to support these activities. For instance:
· Direct observation while the job is being performed – walkthrough;
· Interviews with workers and managers;
· Analysing data on workplace incidents, near-misses, injuries and work-related health problems;
· Review of technical documentation and inspection reports on work equipment and machinery;
· Review of the safety data sheets of the chemicals used in workplace;
· Review of the applicable legislation, standards and company regulations.
As referred, according to SA construction regulations (CR) employers are responsible for performing risk assessment regarding safety and health at work. Therefore, the overall responsibility for identifying, assessing and preventing risks at the workplace lies with the employer, who must guarantee that the occupational health and safety (OH&S) risk management activities are properly executed.
The employer can delegate this function (not the responsibility) to occupational health and safety specialists and occupational physicians. The specialists may be part of the company staff (internal services) or be contracted outside (external services).
The participation of workers in the process of risk management in the field of safety and health at work is of fundamental importance, as workers have the best knowledge of their tasks and the associated risks. Participation also improves acceptance of the measures and facilitates their application in practice.
Step 2: Risk analysis
The risk analysis activities involve:
· Identification of hazards present in the workplace and work environment;
· Determination of the potential consequences of the risks.
Several means can be used to support these activities. For instance:
· Direct observation – walkthrough;
· Interviews with workers and managers;
· Checklists;
· Deviation analysis;
· Task analysis;
· Previous risk assessment data;
· Employee (satisfaction) surveys.
Step 3: Risk assessment
Risk assessment is the process of evaluation of the risks arising from a hazard, taking into account the adequacy of any existing controls. Several methods to perform risk assessment are available ranging from expert to participatory methodologies and from simple to complex methods. Which method for assessing risks is applied will depend on the nature of the workplace, the type of the tasks and work processes, and the technical complexity. An overview and some guidance on risk assessment techniques can be found in ISO Standard 31010:2019 Risk management – Risk assessment techniques. Risk assessment involves evaluating, ranking, and classifying risks.
Risk evaluation
Risk evaluation involves the determination of a quantitative or qualitative value for the risk. Quantitative risk evaluation requires calculations of the two components of the risk: the probability that the risk will occur, and the severity of the potential consequences. This approach is seldom applied in practice.
Qualitative risk evaluation is more common and usually adopts a methodology based on a matrix. A risk assessment matrix consists of a two-dimensional grid with categories of harmful effects on one axis and categories of probability or likelihood on the other axis. The cells within the grid are used to indicate risk.
Ranking of the evaluated risks
Based on the risk values obtained during the risk evaluation phase, risks should be sorted and ranked according to their severity.
Classify risk acceptability
A decision whether or not a risk is acceptable results from the comparison of the obtained risk value with acceptability criteria based on legal requirements, principles of the hierarchy of prevention, standards, recommendations, evidence-based information on risks, adapting to innovation, etc.
It should be highlighted that a particularly careful assessment of individual risk exposure should be performed to workers of special groups (for example, vulnerable groups such as new or inexperienced workers), or to those most directly involved in the highest risk activities (i.e. the most exposed group of workers).
This risk classification is the baseline for selecting actions to be implemented and when defining the timescale, i.e. the urgency of the implementation of the corrective measures.
To have a consistent base for all risk assessments the company should first establish the acceptability criteria. This should involve consultation with workers representatives and other stakeholders and should take account of legislation and regulatory agency guidance, where applicable.
Step 4: Taking measures
At this stage actions are identified and implemented to avoid or reduce risks having in mind the protection of workers’ health and safety, as well as their monitoring over time. The measures implemented should be the ones that best protect everyone exposed to the risk. However, it is important not to forget that additional or different measures may be required to protect workers belonging to special groups, namely workers with special needs (such as pregnant women, young workers, aging workers and workers with disabilities) and maintenance workers, cleaners, contractors and visitors.
It is very important to take account of the number of individuals exposed to the risk when setting priorities and the timeline for the implementation of prevention and control measures. The risk prevention and control strategy includes the design, planning and implementing of adequate measures, as well as training and informing workers.
Design measures
The first step is the design of the measures to eliminate risks. The risks that cannot be avoided or eliminated should be reduced to an acceptable level, i.e. the residual risk shall be minimised according to the ALARP (as low as reasonably practicable) principle. This means employers must perform a cost-benefit analysis to balance the cost (including money, time, trouble and effort) they could have to reduce a risk against the degree of risk. It should be demonstrated that the cost involved in reducing the risk further would be grossly disproportionate to the benefit gained. The residual risk should be controlled.
Implement measures
The measures to be implemented should be based on up-dated technical and/or organisational knowledge, and good practices using the following hierarchy order:
· Prevention measures
· Protection measures
· Mitigation measures
Prevention measures
The aim of implementation of prevention measures is to reduce the likelihood of injuries or ill-health. Several examples, also in hierarchical order, that can be used to achieve this objective are:
a) Using engineering or technical measures to act directly on the risk source, in order to
· Remove it, i.e. ensure that during the workplace design phase risks are ‘designed out’
· Reduce levels of hazardous materials. For instance provide effective ventilation through local or general exhaust ventilation systems.
· Replace it, i.e. substitute the risk by a less risky material, equipment or substance.
These measures are more efficient and economical when accomplished during the workplace design phase.
b) Using organisational or administrative measures for changing of behaviours and attitudes and promote a safety culture:
· Information and training (awareness)
· Establish appropriate working procedures and supervision
· Management and proactive monitoring
· Routine maintenance and housekeeping procedures
Protection measures
Implementation of Protection measures should consider, first, collective measures and then individual measures. Several examples of measures (sorted by priority) that can be used to achieve this objective are:
a) Collective Protection measures:
· Enclose or isolate the risk through the use of guards, protection of machinery and parts, or remote handling techniques;
· Physical barriers (anti-drop networks, railings, packaging, acoustic, thermal or electrical barriers);
· Using organisational or administrative measures to diminish the exposure duration:
o job rotation of workers;
o timing the job so that fewer workers are exposed;
o Implementation of safety signs, for instance restricting entry to authorised persons.
b) Individual Protection – use of Personnel Protective Equipment (PPE) to protect worker from the residual risk. The worker should participate in the selection of PPE and should be trained in its use.
Mitigation measures
When despite prevention and protective measures incidents, an injury or a cases of ill-health occurs, the company needs to be prepared (emergency preparedness) by implementing mitigation measures. The aim of mitigation measures is to reduce the severity of any damage to facilities and harm to employees and public. Several examples of measures that can be used to achieve this aim are: emergency plans, evacuation planning, warning systems (alarms, flashing lights), test of emergency procedures, exercises and drills, fire-extinguishing system, or a return-to-work plan.
Training and information
Managers must know the risk their workers are exposed to. Workers must know the risks they are exposed to. Providing information and training courses to workers is a legal requirement in South Africa.
Step 5: Review and update
The risk management process should be reviewed and updated regularly, for instance every year, to ensure that the prevention measures implemented are adequate and effective. Additional measures might be necessary if the improvements do not show the expected results. This is also a highly recommendable procedure since workplaces are dynamic due to change in equipment, machines, substances or work procedures that could introduce new hazards in the workplace. Another reason is that new knowledge regarding risks can emerge; either leading to the need of an intervention or offering new ways of avoiding or controlling the risk. The review of the risk management process should consider a variety of types of information and draw them from a number of relevant perspectives (e.g. staff, management, stakeholders).
Step 6: Document the process
In SA it is a legal obligation that employers make an assessment of the risks to safety and health at work, including those facing groups of workers exposed to particular risks and document the process. Documentation should provide an overview of the identified hazards, respective risks and subsequent measures implemented.
Risk management tools
The risk management process plays a central role for any to ensure occupational health and safety and to prevent workplace injuries and ill-health. But, companies, especially smaller ones, sometimes lack the expertise and the resources to carry out risk assessments. The need for a simple, clear and cost-effective way to ensure compliance with the legislation and to foster a positive safety and health culture has led to the development and use of web-based tools.
References;
[1] ISO 45001:2018 Occupational health and safety management systems — Requirements with guidance for use
[2] ISO 45003:2021 Occupational health and safety management – Psychological health and safety at work – Guidelines for managing psychosocial risks
[3] Criteria for Risk Assessment, Labour Guide South Africa
[4] Research Gate ‘Applications of Fuzzy Logic In Risk Assessment-The RA_X Case’