Making risk and hazard registers work is a labour of love


Should the risk/hazard register development process be just an appeasement process to satisfy the law or a proactive management tool to improve the safety of the business, asks Gordon Anderson?risk-register

The consequences of treating it as an appeasement exercise may well have exposed a contractor to a very high level of commercial risk, especially if there had been a serious injury or worse, in his operations.

There are many ways to approach the risk/hazard management process and every H&S manager or H&S advisory will address it in a different way – though usually with the same outcome.

Regardless of the approach, there are several points to consider. The first is that it is the responsibility of the owner of the business, the PCBU, to ensure the safety of all in the workplace; hence the development or the risk/hazard registers for the identification and management
of the risks.

A second party can work with the business, but it’s the PCBU’s responsibility to ensure that they are fit for purpose for the business – it can no longer be contracted out.

The second point is that the completed risk/hazard register must be a ‘living and changing’ document that should be reviewed on a scheduled basis. It’s designed to provide the business with a plan for the continual improvement of the H&S and general safety plans and improvement of the business.

There are several simple steps to follow to develop an effective risk/hazard register, though there’s no set rule as to what it should look like.

However, it should be set out so others can follow the logic and its application because it can provide you with a very good training process.

Begin with involving your employees. You’re required by law to do this, but you also don’t have a mortgage on knowledge – your employees are also experts in their own right.

Train yourself and your employees in risk/hazard definitions and risk management methods (see table).

Although the highlighted terms are not included in the new HSAW Act, I recommend that you learn how they are applicable to risk management and then apply them as they will provide you with a good insight to the following ideas.

Conduct a process and task analysis

This step requires planning in conjunction with your employees, and involves a structured identification and examination of every step, activity and task in your business or the compartment. This will identify all the actual and potential risks and hazards associated with your business processes, activities, machinery, equipment and work areas, including the administration section.

Source or develop a risk register

I suggest that you have a separate register for every risk/hazard and either use a paper-based system or an electronic tablet to record the information. Break the register into a number of columns for ease of layout and management.

Applying notifiable events

Use this new Health and Safety at Work Act definition as a benchmark when examining your business processes or operations to determine if there are any actual or potential risks.

Ask yourself the following question. “Could any of the notifiable events happen in this part of my business process?” If the answer is yes, then record it and act on it because if any of these events happen while you are operating your business they are required to be reported to WorkSafe New Zealand as soon as you become aware of them.

Causal factors

In my opinion it is an essential step in the development of your future risk control plans. In the next column of the risk register record all the reasons why the notifiable event could happen – is it because of lack of guarding, procedures, training, certification, PPE, maintenance, resources or other factors?

Brainstorming these causal factors with your employees will provide you with an easy method to start to consider the most appropriate controls for the risk/hazard.

If you identify these factors all you need to do is to swing them 180 degrees for a possible solution for the risk control.

For example:

·          no procedures – develop procedures

·          no guarding – design, develop and fit guarding

·          no maintenance – develop a maintenance programme.

Risk rating

There are number of methods to do this but I suggest a Risk Rating Matrix. This will allow you to determine the Likelihood x Consequences of the risk occurring, a risk rating of the actual or potential impact and in turn a risk priority for deciding what risks/hazards need to be prioritised for action first. There are many different risk rating matrixes available, and it doesn’t matter which one you use as the purpose is to provide you with an indicator of the likelihood of the risk/hazard to cause harm. 

Risk hazard controls

There are two parts to this, the information and the document control plan. Firstly, reasonable practicable controls.

Is the knowledge you have gained or know about the risk/hazard from your training, industry and work experience, exposure or instincts, good enough to be used as your controls?  Does practice make perfect? In some cases it does, but usually it makes it permanent.

Accepted codes of practice

While your experience is acceptable, it’s important that you also seek out the body of recognised knowledge or authority that has been documented by your industry or others. I can’t stress this enough as this is what you will be questioned about if you are ever held to account for a workplace accident.

This is where the information and recommendations from accepted industry codes of practice (ACOPs) standards, fact sheets and other recognised sources of information must be applied and documented to establish the most reasonable practicable risk controls in your register.

Document information sources

Qualify where you sourced and referenced the risk control information and document this on your risk control plan.

The risk control plan

It’s a living document that should be reviewed on a scheduled basis or sooner, especially if there is an incident or accident. You may find it easier to break it down into a number of steps for action.

Remember that you have two options for the control of the risks – eliminate the risk hazard, which is the primary goal, or minimise it.

Minimise it by using one or a combination of the following options:

  • substitute it for a softer option – e.g. water-based paints as opposed to isocyanate paints
  • engineer it – replace machinery, guarding, barriers robots etc
  • develop administration controls – training, procedures, job rotation, software
  • use PPE as the final option.

From this you can prioritise the steps and where applicable, delegate employees to act on certain steps. Don’t forget to allocate time frames for completion and stick to them. In other words, who is going to do what by when?

In many cases the work you undertake will be the same so your risk registers can be used as generic documents for different situations and applied accordingly. The difference will be the identification of any new risks/hazards that can be documented and managed accordingly.

Cost allocation

The benefit of this approach is that the control plan can also include a cost column for each control, and this then allows you to determine or allocate budget to action the plan.

Pre- and post-assessment

This is an important part of the risk/hazard management process. As you set the controls in place it is important to ensure that they are effective. To do this, I suggest that you set up an alerting process, especially for high-risk hazards, and revaluate these to see if their implementation has been effective. This can also be undertaken at your tailgate meetings with your employees’ involvement.

Communication of the risk register and the management controls

The key action point when developing your risk/hazard register is what do you do with it? While it’s important to address and manage the identified risks, how do you communicate the management of the risks/hazards to your employees who will be affected? Simply develop your safe operating procedures (SOPs), incorporate the actual or potential risks/hazards in the SOPs and then train your employees.


Many businesses now have a pre-work safety briefing and this is the place to review the registers and to identify any others. I cannot stress enough the need to regularly review the effectiveness of your H&S risk management processes.

Finally, don’t treat your risk register as just something you have to do because the 2015 Health and Safety at Work Act requires it or to satisfy a WorkSafe New Zealand inspector.  It should be a key part of your business risk management processes.

Treat risk/hazard management as a plan that is designed to be used as a document to improve your safety management, the protection of yourself and your employees, for the continuous improvement of your business, your investment, and for the protection of your families.

Gordon Anderson is the managing director of Hasmate Ltd, which offers web-based compliance and risk management programmes across New Zealand.