Risk Management Meaning & Definition | EcoOnline
Health & Safety Glossary

Risk Management


What Is Risk Management?

In terms of Occupational Health & Safety (OSH), risk management refers to a formal process used by organizations to identify hazards, evaluate the likelihood and categorize the severity of those hazards, and outline the steps to be taken to eliminate them, or to reduce the risk to acceptable levels. 

The purpose of risk management is to mitigate the risk of physical or mental injury or illness. Risk management involves four key steps:

  • Identifying hazards 
  • Risk assessment
  • Controls to manage risks
  • Monitoring controls and regularly reviewing safety performance 

Employers are required by law to provide a safe environment that protects employees from harm. The Management of Health and Safety at Work Regulations 1999 state that employers must:

  • Identify hazards that could lead to injury or cause illness to employees
  • Determine the probability of how serious or harmful the hazards might prove to be
  • Outline the steps taken to eliminate or control the risks


Is incident reporting the key to culture change?  Get this 17-page guide discussing how reporting incidents, close calls  and observations can help transform your safety culture.


Steps Required to Manage Risk

Risk management is an ongoing, systematic process that is necessary for organizations to control health and safety issues in the workplace. Companies can assign a competent person to manage risk or seek external help. Here are the key steps needed to manage risk in the workplace. 

Identifying Hazards

The first step is to identify hazards in the work facility. A brief review of operational practices and machinery, and a look around the workplace is required to identify different things that can lead to harm. 

When identifying hazards, you need to determine:

  • The safety of substances or chemicals in use
  • How substances are handled, or machines are operated by employees
  • Look at different work practices to determine whether they’re safe or unsafe
  • The general condition of the work premises 

Another way to identify hazards is to look at any existing health or illness records. For instance, injuries caused during non-routine operations, such as during cleaning or maintenance, may provide insights into hazards that are not immediately prominent.

When identifying hazards, it’s important to think about how they might impact the health and safety of your employees, including stressors at work, manual handling of heavy machinery, or the way chemicals are handled. 

To identify hazards, it’s also important to talk to workers who regularly carry out different processes in the workplace. Interviews, surveys, and questionnaires are generally viable options to gather data.

Risk Assessment

This is perhaps the most important part of risk management and should be carried out in comprehensive detail.  Some common risk assessment examples include:

  • Risk assessment associated with manual handling: this is necessary in workplaces where employees are required to move, lift, or carry loads. 
  • Assessing fire risk: this is a serious risk common in all workplaces, and it’s important to establish fire safety procedures and to give employees regular training, including fire drills and evacuation, to better prepare them in case of a fire outbreak. 
  • COSHH risk evaluations: The Control of Substances Hazardous to Health Assessment (COSHH) must be completed in workplaces where hazardous substances are used, held in storage, or prepared.
  • DSE risk assessments: display screen equipment risks must be assessed in workplaces where employees spend most of their time before a display screen.
  • General risk assessment: This is a more generalized assessment that looks at different safety hazards in the workplace, primarily related to normal activities or tasks. This also includes evaluating environmental risks.

To assess the level of risk, organizations need to evaluate several key factors, such as:

  • Who might be harmed and how
  • The steps already taken by the organization to mitigate such risks 
  • Additional steps the organization can take to reduce such risks
  • Who is responsible for taking such steps?

It’s important to note that if you employ five or more individuals, you’re expected to record:

  • Any identified hazards
  • Those at an elevated risk of harm, including how that might happen
  • The steps taken by the organization to mitigate or control such risks

Controls to Manage Risks

After a risk assessment has been conducted, the next step is to look at the controls in place to manage such risks. Not all hazards can be effectively eliminated, which is why taking steps to control them is important. 

Controls generally vary depending upon the nature of the work. In some cases, you might want to consider redesigning the job itself to make it safer. Other common controls to manage or mitigate risks include:

  • Replacing certain processes, materials, or machines 
  • Organizing work processes in a way that exposure to harmful machines or materials is reduced
  • Taking practical steps to reduce risk in facilities such as providing PPE (personal protective equipment) to workers and ensuring they wear it, and wear it correctly.

It’s not always possible to bring the risk levels down to zero. But organizations are required to ensure that they take all “reasonably practicable” steps to protect employees from harm by implementing controls that are relevant to their business operations. 

Monitoring and Reviewing Controls

Once controls are in place, it’s also important to monitor them and review them to ensure they’re working properly. If controls are no longer effective, the review should be conducted to identify other steps that can be taken.

Similarly, reviewing controls is also necessary when there are significant changes to the workforce composition, internal processes, or if you start using other substances or different equipment. An annual review of the risk assessment process would also be required in the case of such changes.


Monitor And Assess EHS Risk with EcoOnline’s Risk Assessment Software

Creating risk assessments from scratch is often a tedious, repetitive process. With the EcoOnline Risk Assessment Module, you can adopt a standardized approach to managing both quantitative and qualitative risk. 

The platform is fully cloud-based, letting safety professionals quickly review risk compliance for the whole organization. It also lets managers identify trends and patterns, allowing them to visualize data and take action to make their workplace safer.