Show menu. Show menu.
Show menu. Show menu.

Discussion on
Risk Management and Analysis


There are many different types of risks for an organisation to consider: health and safety, environment, production, financial, etc.

Risk identification and control minimises the likelihood of events occurring that negatively impact your personnel and your operations.

Each identified risk is assessed to determine the potential severity of any negative outcomes and to rate the likelihood of occurrence.

Where required, you put "controls" in place - with the objective being to reduce the level of risk to "as low as reasonably practicable" (ALARP).

Different sectors of the organisation, and personnel at various levels, will want to see reports on the risks relevant to them.

You may want to be able to list identified risks (such as for a particular manager or work area) and easily see what their severity and likelihood is, and whether each has been reduced to ALARP.

Having set risk bands (high, medium, etc) to help you focus on the most critical issues, you may want to be able to list all those that are high for instance .. and, at a glance, you may wish to see how many risks you have in each risk band.

Using The Software

The risk management and analysis components of OSHatWork are based on the internationally recognised and respected ISO 31000 (AS/NZS 4360) Risk Management Standard.

Although the origins of OSHatWork are in occupational health and safety, the risk facilities can be used for risks of any type.

With OSHatWork you can:

  • define your own risk matrix (of likelihoods, severities and risk levels) - including specifying the colour for each risk band;
  • maintain a risk register and, for each risk, record:
    • a category (which allows you to generate a list, for viewing or reporting, of all risks of a particular type such as financial, health and safety, etc);
    • the risk owner (so each risk owner can see a list of the risks that they are responsible for controlling);
    • the severity and the inherent and residual likelihoods;
    • whether the level of risk is "as low as reasonably practicable" (ALARP);
    • the departments, work tasks and work areas affected by each risk (which allows you to generate a list, for viewing or reporting, of all risks that affect a particular department, or work task or work area);
    • the controls;
  • generate reports such as:
    • all details of one particular risk (which can be useful when you are meeting to discuss some specific risks);
    • a list of all the risks with something in common (e.g. they are all in the same category such as health and safety);
    • a list of risks that are not yet ALARP (not "as low as reasonably practicable");
    • risk counts, in each risk level band (i.e. high, medium, low, etc), for each department (or work area, or risk owner, or risk category, etc);
    • a risk count matrix which presents a count of the number of risks within each cell of the risk matrix (i.e. for each combination of the consequences and likelihoods that you defined);
  • undertake job hazard analysis;
  • get reminders for actions that you record and assign to someone;
  • save any report to a pdf file;
  • configure security options that determine what each user can do (what data they can view or edit).

When incidents occur, or hazards are identified, you will want to consider whether the related risks had already been identified and controlled and what additional action, if any, should be taken.


A complete list of all the OSHatWork Guides is available here.