Occupational Health and Safety Risk Management - Procedures

Printer-friendly version

1. Purpose and Objectives

These procedures have been developed to assist staff and students of The University of Queensland identify, assess, and manage occupational health and safety risks. These procedures are based on the How to Manage Work Health and Safety Risks Code of Practice 2011, issued by the Department of Justice and Attorney-General, Workplace Health and Safety Queensland.

 2. Definitions, Terms, Acronyms

Act - Work Health and Safety Act 2011 (Queensland)

Hazard - a situation or thing that has the potential to harm a person

PPE - Personal Protective Equipment

Regulation - Work Health and Safety Regulation 2011 (Queensland)

Risk - the possibility that harm (death, injury or illness) might occur when exposed to a hazard.

3. Procedures Scope/Coverage

These procedures apply to all workers at The University of Queensland, including staff and students.

4. Procedures Statement

All persons in the workplace have obligations under the Act. Section 17 of the Act imposes a legal duty to eliminate risks to health and safety, or if elimination is not possible, to minimise those risks so far as is reasonably practicable.

To help meet these obligations, regulations and codes of practice have been issued by Workplace Health and Safety Queensland. These documents provide information about how to identify a variety of workplace and occupational hazards and how to manage exposure to the risks associated with these hazards.

The UQ OHS Division provides special advice to UQ managers and workers on all aspects of occupational health and safety, including risk management. Information and advice is provided in the form of policies, procedures, guidelines,OHS communications and risk management programs, the details of which can be found at

Specialist staff from the OHS Division also deliver risk management training via the UQ Staff Development Program, and Safety Managers/Coordinators (PPL 2.10.06 / PPL 2.10.09) within organisational units are available to assist and advise managers and workers on the risk management process.

The responsibility for ensuring that risk assessments are completed, however, rests with the managers and supervisors at the workplace and must be performed by the person/s undertaking or performing the task. Supervisors are responsible for checking the risk assessment and signifying their approval of the risk assessment.

5. Overview and Responsibilities

5.1  Overview

Managing health and safety risks is an ongoing process. Working through the risk management process is required:

  • Now, if it has not been done before.
  • When any new work is planned.
  • When changing work practices, procedures or the work environment.
  • When new information about workplace hazards and risks becomes available.
  • After an incident.
  • At regular intervals, appropriate to the nature of the workplace and the hazards present.

5.2  Responsibilities

Staff at all levels within The University of Queensland have specific responsibilities for ensuring occupational health and safety, including risk management and assessment. These responsibilities are principally based on the Act and related legislation. The OHS responsibilities of staff are dependent on their role within the University and are outlined in PPL 2.10.04 Staff Responsibilities for Occupational Health and Safety

Specific responsibilities related to risk management and assessment are detailed below.  

5.2.1 Head of organisational unit

  • Ensure that adequate resources have been allocated for carrying out risk management in accordance with these procedures.
  • Ensure that effective systems are in place for the provision of risk management information, training and supervision.
  • Review the performance of supervisors, staff and students with regard to their occupational health and safety responsibilities for risk assessment and management.
  • Ensure that appropriate records are kept.

5.2.2 Supervisors

  • Provide appropriate supervision, support and guidance to ensure that all workers comply with these procedures.
  • Ensure that all staff have their OHS responsibilities included in their position description.
  • Supervise the development of risk assessments and oversee the risk management process.
  • Ensure the provision and maintenance of effective controls, including facilities such as fume cupboards, safety equipment and first aid supplies for staff under their supervision.
  • Ensure the provision, maintenance, training and proper use of personal protective equipment (PPE).
  • In consultation with workers, review and update risk assessments prior to changes in the work environment, including purchase and acquisition of new equipment.
  • Investigate incidents and ensure that effective and appropriate corrective action is implemented. Review risk management documentation accordingly.
  • Review and update risk management provisions in relation to change in the work activities. This should be done in consultation with the relevant workers.

5.2.3 Workers (including staff and postgraduate students)

  • Participate in safety induction and training, including risk assessment and management training, as instructed by the supervisor.
  • Ensure understanding of the risk management process. Discuss the need for the provision of safety facilities, first aid and other safety controls with supervisor.
  • Participate in the identification and control of work hazards, and the development and review of risk assessments.
  • Obtain approval from the supervisor prior to the commencement of work (e.g. at the planning stage of a project).
  • Ensure that emergency procedures and equipment are in place for high risk activities, as specified in the risk assessment.
  • Wear PPE as provided by the University in compliance with OHS training and workplace requirements.
  • Review and update risk assessment provisions in relation to change in the work activities. This should be done in consultation with the supervisor.
  • Comply with the OHS responsibilities included in their position description.
  • Report to the Supervisor, Head of organisational unit and/or the OHS Division, any incident, injury, illness or near miss event.
  • Report all work incidents via the online UQ Incident Reporting Database.

6.  Risk Management Process

6.1 Preparation - define the context

It is important to consider the context in which the risk management process takes place. Defining the context involves identifying and considering:

  • The work processes, practices, activities and tasks that will be analysed in the risk management process and the steps involved.
  • How risks may interact with one another - one activity may affect risks in another.
  • The people involved in carrying out those work processes and in what capacity.
  • Whether the people involved are sufficiently competent/skilled/experienced.
  • What items of plant or materials are used.

Consultation is essential in this process, and must involve all people, including the workers performing the task, supervisors and managers, Safety Managers/Coordinators (WHSC), and Health and Safety Representatives (HSR). It could also extend to suppliers or manufacturers of plant or materials used in your workplace, or other stakeholders likely to be affected by the operation.

6.2  Key steps

There are four key steps in the risk management process.

  1. Identify the hazards (find out what could cause harm to workers).
  2. Assess risks (understand the nature of the harm that could be caused by the hazard, how serious the harm could be, and the likelihood of it happening).
  3. Control risks (implement the most effective control measure that is reasonably practicable in the circumstances).
  4. Review the control measures (ensure controls are working as planned).

This process can be represented as follows:


Reference:   How to manage work health and safety risks. Code of Practice 2011.

6.3 Record keeping

Adequate record keeping of the risk management process will help demonstrate to the regulator (Workplace Health and Safety Queensland), or in litigation, that you have been actively working to ensure safety at the workplace. Records must show that the process has been conducted properly including information about the hazards, associated risks and that control measures have been implemented.

Information should include:

  • hazards identified
  • assessment of the risks associated with those hazards
  • decisions on control measures to manage exposure to the risks
  • how and when the control measures are implemented
  • evidence of monitoring and review of the effectiveness of the controls
  • any checklist used in the process

6.3.1 UQ Risk Management Database

The University of Queensland has an online UQ Risk Management Database that has been designed to assist in the risk assessment, management and recording process. Use of the Risk Management Database is the preferred way of conducting and performing risk assessment and management within the University.

The database maintains comprehensive records of the risk management process at the University. This,

  • Enables demonstration of how decisions about controlling risks were made.
  • Assists in targeting training at key hazards.
  • Provides a basis for preparing safe/standard operating procedures (SOPs).
  • Facilitates review of risks following any changes to legislation or business/research activities.
  • Demonstrates to others (regulators, managers, granting bodies) that work health and safety risks are being managed.

All University of Queensland staff and students have automatic access to the UQ Risk Management Database, which can be accessed via the below webpage,

7.  Step 1: Identify the Hazard

7.1 Identify hazards

Identifying hazards in the workplace involves finding things and situations that could potentially cause harm to people. What is/are the hazard(s)? Ask the question ‘does this task / activity / situation / event have the potential to harm a person?'.

Hazards can be identified by observing, inspecting, investigating, communicating and consulting with staff and students in the workplace and making a record of the hazards identified.

Hazards generally arise from the following aspects of work and their interaction:

  • physical work environment
  • equipment, materials and substances used
  • work tasks and how they are performed
  • work design and management

7.2  Understanding hazards and risks

Hazards and risks are not the same thing.

Hazard – a situation or thing that has the potential to harm a person e.g. hazards at work may include: noisy machinery, a moving forklift, chemicals, electricity, working at heights, a repetitive job, bullying at the workplace.

Risk – the possibility that harm (death, injury or illness) might occur when exposed to a hazard.

The relationship between hazard and risk is illustrated by the examples below.





The likelihood a researcher might contract cancer from the long term use of benzene being used as a solvent outside a fume cupboard.



The likelihood that a maintenance worker might be electrocuted because of exposure to a damaged electrical cord of a power tool and there is no earth leakage protection.

Manual Handling

The likelihood that a person might suffer back strain from manually lifting equipment that weighs 40kg.


Infected blood

The likelihood that a worker might sustain a needlestick injury and become infected whilst taking a blood sample from a person with infected blood.


Radioactive substance

The likelihood that a researcher might contaminate themselves or inject themselves with short-lived radioactive substance while injecting an animal.

Plant: circular saw bench

The likelihood that a worker might suffer a severe cut to the forearm while cutting timber for a project.

8. Step 2: Assess and Prioritise Risk

8.1 Analyse the risk

A risk assessment involves consideration of what could happen if someone is exposed to a hazard and the likelihood of it happening. Decide who might be harmed and how.

  • What is the harm?
  • How serious could the harm be?
  • What is the likelihood of it happening?

A risk assessment can help you determine:

  • How severe a risk is.
  • Whether existing control measures are effective.
  • What action you should take to control the risk.
  • How urgently the action needs to be taken.

Use of the UQ Risk Management Database is the preferred way of conducting and performing risk assessment at the University of Queensland. The UQ Risk Management Database uses a three level matrix to analyse the risk, which involves determination of the:

  • Consequence – outcome of an incident
  • Exposure – frequency of interaction with the hazard
  • Probability – likelihood that the consequences will occur once individual is exposed

8.1.1 Identify the consequences

Identify the most likely outcome of a potential incident, including injuries, property damage and/or environmental damage, and select the most appropriate consequence category from the Consequences Bar Line.


Human injury

Financial cost




Numerous fatalities

Extensive financial loss (greater than $5m)

Major disruption to operations

Extensive environmental damage


Multiple fatalities

Significant financial loss ($1-5m)

Major disruption to operations

Major environmental damage

Very serious


Significant financial loss ($500,000 to $1m)

Significant production disruption

Significant environmental damage


Serious injury (permanent disability, amputation)

Substantial financial loss ($50,000 to $500,000)

Notable production disruption

Serious environmental damage


Disabling injury requires medical treatment

Notable financial loss ($5000 to $50,000)

Slight production disruption

Minor environmental damage


First aid treatment – minor cuts, bruises or bumps

Negligible financial loss (up to $5000)

No effect on work

Negligible environmental damage

8.1.2 Estimate the exposure

Estimate how often an individual interacts with a hazard and select the most appropriate exposure category from the Exposure Bar Line.

Very Rare

Not known to have occurred


Occurs rarely, but has been known to occur


Occurs between once per month and once per year


Occurs approximately once per day


Occurs many times per day

8.1.3 Estimate the probability

Estimate the likelihood that the consequences will occur if the individual is exposed to the hazard and select the most appropriate probability category from the Probability Bar Line. Historical data from incident reports, workplace audits, and published industry information are all useful sources to assist to estimate the probability of an adverse event.

Almost certain

The most likely and expected result if the hazard or event takes place.

Quite possible

Quite possible, would not be unusual, even 50/50 chance

Unusual but possible

Unusual but possible sequence or coincidence

Remotely possible

Remotely possible coincidence

Conceivable but unlikely

Has never happened after many years of exposure, but is conceivably possible

Practically impossible

Practically impossible, has never happened before

8.1.4 Determine the risk score

Select or mark the values for consequence, exposure and probability on the risk score calculator.

Option 1: If using the risk score calculator within the electronic, online UQ Risk Management Database, then the risk level will be calculated automatically.

Option 2: To use the manual version of the risk score calculator (below), draw a line from probability through exposure to the tie-line. Mark this point. Draw a line from the marked point on the tie-line through consequence to the Risk Score line to determine the risk level.


8.1.5 Prioritise the risk

The following table is used to determine the priority for treatment of risks.



Very High or High

Do something about these risks immediately

Substantial or Moderate

Do something about these risks as soon as possible


These risks may not need immediate attention

9.  Step 3: Control the Risks

9.1  Decide on measures to control the risk

Use the Hierarchy of Control Measures: 

  • Eliminate the hazard is the first choice. The ideal solution is to get rid of the hazard completely. This is the most effective control measure and should always be considered first.

If the hazard cannot be eliminated completely there are a number of control options that can be used to prevent or minimise exposure to the risk:

  • Substituting a less hazardous material, process or equipment.
  • Redesigning the equipment or work process.
  • Isolating the hazard through engineering – separating the worker from the hazard.
  • Administrative controls involve minimising exposure to a risk through the use of procedures or instruction. This could involve limiting the exposure time to a particular hazard such as noise or radiation.
  • Personal Protective Equipment (PPE) is often used in combination with the above measures, where risk of exposure to the hazard cannot be minimised further by higher order controls. PPE is worn by people as a final barrier between themselves and the hazard. This measure does not control the hazard at the source but relies on behaviour modification for its success. The success of this control is dependent on the appropriate PPE being selected, worn correctly, used correctly and maintained in good condition.


 Reference:   How to manage work health and safety risks. Code of Practice 2011.

As per the above schematic, administration and the use of PPE are the lowest priority on the list of controls. These controls should not be relied on as the primary means of risk control until the options higher in the control priorities have been exhausted. These controls require management, enforcement, and commitment, together with behavioural modification.

In many cases, it will be necessary to use more than one control measure to manage exposure to risk. For example, to minimise exposure to a risk involving a hazardous chemical you could decide to replace the chemical with a less toxic one, carry out the task in a fume cupboard, implement safer work procedures, and wear PPE.

Some control measures that are lower control priorities may need to be put in place until a permanent solution can be achieved. For example, you may decide the best way to manage exposure to a risk is to purchase a safer type of machinery with better guarding. In the mean time it will be necessary to minimise exposure to the risk by increasing supervision, changing work procedures and erecting a temporary barrier.

Whatever control measures are being chosen, the “hierarchy of control measures” must be taken into account. Consider those at the top of the list first (elimination of the hazard), and work down to personal protective equipment as the least desirable choice.

9.2  Implement the appropriate control measures

The control measures should adequately control the risks, not create other risks and allow students and staff to do their work without undue discomfort or distress. The implemented controls should be regularly reviewed to ensure they are not creating new hazards e.g fatigue, heat stress. There may be a need to develop or modify work procedures in relation to the new control measures, including clearly defining the roles and responsibilities of management, supervisors and workers.

All relevant persons must be informed about the control measures being implemented, in particular, the reasons for the changes. Competency training should be provided, to ensure workers are able to perform their assigned tasks safely. Information and instruction may also need to be provided to others who enter the workplace, such as contractors and visiting researchers.

Provision of adequate supervision is essential to verify that the new control measures are being implemented and used correctly.

Any maintenance in relation to the control measures is an important part of the process (e.g. service of fume cupboards; replacement of respirator filters and cartridges). Work procedures should detail maintenance requirements and verification of the maintenance to ensure the ongoing effectiveness of the control measures.

10.  Step 4: Monitor and Review the Risk 

The final step in the process is to monitor and review the effectiveness of implemented cotnrol measures, to ensure they are working as planned. Set dates to review, and record those dates.


  • Chosen control measures have been implemented, as planned?
  • Workers are complying with requirements?
  • Control measures are working and are adequate?
  • Did the implementation of the control measures create other hazards?


  • Has anything changed over time since the process was implemented?
  • Is the control of risks still adequate?
  • Was the risk management process conducted effectively?
  • Have any relevant regulations, codes, standards or local protocols changed?
  • Have any incidents occurred?

The following actions can also assist to verify that the implemented controls are effective:

  • Consultation with workers;
  • Observation of work processes and worker behaviour;
  • Monitoring the workplace environment e.g. swabs, air samples;
  • Health surveillance programs e.g. blood samples, hearing tests; and
  • Regular workplace and hazard inspections to ensure all hazards have been identified, risk assessed and controlled.

If problems are found during the review process, repeat the risk management steps outlined above, review your information and make further decisions about risk control. Priority for review should be based on the seriousness of the risk. Control measures for serious risks should be reviewed more frequently.

11. References

Director, Occupational Health and Safety
Mr Jim Carmichael
Director, Occupational Health and Safety
Mr Jim Carmichael