RISK ASSESSMENT THE SANS/ISO 31000 STANDARD’s WAY
In 2009 South Africa adopted the SANS/ISO 31000 Risk Management principles& guidelines standard, where to date, most people have referred to HIRA (Hazard Identification & Risk Assessment ) as the risk assessment method which has been actually adopted from the ”employer to assess & respond to risk” clause prescribed in section 11 of the Mine Health & Safety Act (MHSAct). This section 11 gives a basic outline of the elements of a risk assessment & so has become the generally popular risk assessment method
SANS/ISO 31000 sets out the following Risk Management Process which includes the 3 risk assessment stages:
The Context selected could be related to assessing the risks for a whole company, a project, down to a specific job task& considering involving all possible risks down to just considering health & safety risks.
The risk identification can be by brainstorming using a risk identification acronym, like Benrisk Consulting’sPEPMELF approach, or selecting any of the 32 risk assessment methods listed in the SANS/ISO 31010:2010 Risk Assessment Techniques standard that would facilitate obtaining the desired risk assessment outcomes that are applicable for the nature & complexity of the risk being assessed.
The risk analysis involves using frequency, severity & similar consequence/impact descriptors to establish the magnitude of each risk identified & then these risks and their magnitudes are then risk evaluated against some business decided acceptable vs not acceptable risk criteria. This criteria could be considered as the 4T’s of Tolerate, Terminate, Transfer or Treat being applied to each risk assessed & then deciding how to treat the risk going forward in the Risk Treatment or Risk Control step. Recently, Exploit has been added to the 4T’s approach where one may wish to exploit the risk opportunity for some benefit or reward (a speculative risk), as a risk response rather than a treatment.
Any risk that has been treated or controlled needs to be monitored & reviewed to ensure the necessary risk controls are adequate to reduce the risk to an acceptable level of risk and this monitoring & review process applies to each step of the risk management process.
The successful management of risk involves communicating with all the stakeholders which includes the shareholders down to the employees who need to be involved in & informed of the risk identification, assessment & risk reduction processes for managing the risks faced by the business.
THE INSTITUTE OF SAFETY MANAGEMENT, THE PROFESSIONAL BODY OF CHOICE FOR THE
DISCERNING OCCUPATIONALSAFETY PRACTITIONER