Before making risk assessments, there are several important questions to ask about the issue in question. These questions are extremely significant, as they affect how you will rank the issue and how you will respond to it.
You will commonly perform risk assessments on reported safety issues, such as
Assessments are integral to helping you establish whether or not a given issue is within an Acceptable Level of Safety.
Most of your questions about an issue before assessing it revolves around trying to gather facts around:
Let’s look at the 5 questions that are essential to providing accurate, good risk assessments.
It’s important you first identify what kind of issue is being reported. Is the reported issue:
This is an important question because it will determine how you analyze the issue. If it is:
If it doesn’t seem to be either a hazard or a negative outcome, then it’s likely a concern that, by itself, will not lead to any negative outcomes (this would be the lowest assessment level). Such issues are still useful to report, as it likely indicates employees reporting root causes or other threats.
While we mentioned that a negative outcome requires you to analyze the actual outcome, you should not overlook the possibility that the outcome accurately represents the "most likely outcome." You may have been lucky in this instance. What will happen the next time this hazard manifests itself?
In these cases, you may analyze:
If you have done your work properly, you will have defined and documented the criteria for each level of severity. You need to be very familiar with your criteria, as you will be analyzing the negative outcome in question based on these criteria.
For example, you might define each level of severity based on the following criteria:
With these criteria, you will try an ascertain how the negative outcome corresponds to each level of criteria.
You also need to make sure you are very familiar with your criteria for each level of likelihood, such as:
You will use this criterion to understand the likelihood of a negative outcome.
Next, you need to understand what particular damages suffered from the issue. You should understand these damages in terms of:
You want to answer each criterion for severity in terms of concrete damages.
You should have specific answers for each criterion. This will help you match the actual severity with the appropriate level of severity.
If the hazard occurred again, what do you expect the likelihood of it leading to a negative outcome? You should factor in:
If you implement new risk controls, you would ideally see the likelihood and/or severity go down.
Safety managers are detail-oriented and expect their documented work to be reviewed by both upper management and SMS regulatory auditors. In short, they want their risk assessments to accurately depict the reported issue's risk. The expectation of always performing accurate risk assessments is unrealistic. New information comes into the SMS all the time.
New information may affect the initial risk assessment. If you were using a spreadsheet, you have no recourse but to delete the initial risk assessment and replace it with the re-assessed risk. This is not a good practice. There is no documentation trail remaining to communicate what actually happened during the risk management process. A better approach is to use a system that allows multiple risk assessments at predefined workflow stages, such as:
The best practice is that for each risk assessment, you capture:
Another best practice is to briefly document what the risk assessment team was considering when they performed the risk assessment. In SMS Pro, we call it an "Assessment Justification." The main purpose behind the assessment justification is to serve as a reminder regarding the factors that were reviewed when determining the risk index, i.e., the composite of the probability and severity.
These best practices are almost impossible to carry out effectively using spreadsheets. An SMS database is the recommended technology and will serve you well in documenting your risk assessments as they occur in real life. Auditors understand that information doesn't come in all at once but trickles in as the investigation progresses.
If you need help with an SMS database to perform risk assessments and monitor the effectiveness of your risk controls, we can help. Sign up for a live demo to see these processes in action.
Last updated April 2024.