ASSE Risk Assessment Certificate Program

Continue to grow your knowledge of risk assessment by earning ASSE’s Risk Assessment Certificate. This well-regarded program was created to enable safety professionals to proactively lead their organization in the mitigation of risk in advance of injuries or catastrophic events. Hear from attendees who participated in the program in this featured video.


OSH Risk Assessment Flow Chart and Tools

The flow chart below describes the OSH risk assessment process. Inspired by ISO 31000, the practitioner is encouraged to move through the steps using the provided tools.

For more information, please refer to ANSI-ASSE Z590.3-2011 – Addendum A – The Risk Assessment Process.


Process Step 1 – Gather data.

Complete an Inventory of Workplace Hazards and Risks.

    This includes collecting information on worksite:
  • Injury/Illness/Property damage history up to 10 years (loss runs, injury database, OSHA logs, property damage reports, chemical releases, etc.)
  • Near miss incidents
  • Process/task hazards
  • For example: Job Safety Analysis (JSA), Job Hazard Analysis (JHA), “What If” Analysis (WI), Standard Operating Procedure (SOP), Failure Mode Effects Analysis (FMEA), Process Hazard Analysis (PHA), etc.
  • Equipment hazards
  • Non-routine tasks
  • Facility siting considerations
  • Contractor/visitor operations
  • Highly hazardous chemical process data (safety data sheets, etc.)
  • Applicable codes, regulations, standards
  • Documented risk assessments
  • Worker complaints/concerns
  • Manufacturer instructions, manuals, data
  • Occupational hygiene survey results
  • Ergonomic workplace assessment results
  • Workplace audits and inspections
  • Others outlined in ANSI Z10-2012 – Appendix D – Page 39
    Some resources available to complete this step:
  • Internal records & documentation
  • External records & documentation
  • Worker interviews
  • Contractor Interviews
  • Websites - OSHA, DOT, MSHA, EPA, FDA, NRC, etc.
  • Insurance carrier
  • Medical Personnel
  • Product information
  • Equipment manufacturers
  • Vendors/suppliers
  • Benchmarking
  • Professional associations/organizations/societies
  • Trade organizations
  • Consultants/subject matter experts (SMEs)

Process Step 2 – Set scope and limits of the assessment.

Establish analysis parameters.

    This includes defining:
  • Manageable process, system, task, material or equipment to be selected and its boundaries
  • Operating phases, tasks and time within operations
  • Design, construction, standard operation, start-up, maintenance, abnormal conditions/situations, decommissioning
  • Interfaces with other systems or processes
  • Scope of analysis in terms of who or what is exposed and needs to be protected from harm or damage such as:
  • Workers, contractors, public, property, equipment, process, environment
    Some resources available to complete this step:
  • Process descriptions, logs & flow diagrams
  • Systems analysis information
  • Engineering resources
  • Operations resource personnel
  • Maintenance resource personnel
  • Process engineers/experts
  • Job descriptions
  • Product information

Process Step 3 – Charter and develop a risk reduction team

Site management will charter risk reduction team and provide necessary resources and support to ensure successful completion of assignment.

Management will designate personnel within organization who process necessary skills and knowledge to participate in risk reduction team activities. Outside SMEs or consultants may be retained to support risk reduction team efforts and assignments.

    Risk reduction team would include:
  • A multi-disciplinary risk assessment approach
  • Team members (stakeholders) would include operations personnel, maintenance personnel, occupational safety and health professionals, process and engineering personnel, consultants, supervision, and others as required.
  • Knowledge of:
  • Process and operational hazard information
  • Risk assessment reference standards and resources
  • Risk assessment tools or methodologies used for assessment
  • Risk matrices used to evaluate and assess risk
  • Risk reduction techniques – hierarchy of control decision making
  • Effectiveness of hazard/risk control measures
  • Impact controls have on severity and likelihood
  • Deployment of risk scoring system
  • Determination if residual risk has achieved Acceptable Level of Risk (ALOR)

Process Step 4 – Conduct risk assessment.

    The risk assessment process includes:
  • Identification of task/hazard pairs and/or process-related hazards
  • Identification of current controls
  • Assessment of initial risk – testing/verifying current controls
  • Determination of initial risk (i.e., score)
  •  If risk is not acceptable:
  • Reduce risk using hazard control hierarchy – identify new controls
  • Consider failure modes of safeguards
  • Determination of (scoring of) residual risk
  • Determination if residual risk is acceptable
  • If no, go to #7
  • Re-evaluation of tasks and hazards
  • Reduce risk using hazard control hierarchy – identify new controls
  • Proceed with risk assessment process until you verify residual risk is acceptable

Making a risk determination generally requires as much stakeholder agreement as possible.  No single person should make the final determination on risk level.  If a final risk determination cannot be established, management should be brought into the decision-making process with support from impartial outsiders to assist with moving the process forward.


Process Step 5 – Document results.

    Risk reduction team must:
  • Document risk assessment results*
  • Recommend risk control inspection, maintenance and measurement system
  • Conduct report-out of risk assessment findings and recommendations to the management who charted the team
    *Documentation of the results should include:
  • Names and job titles/qualifications of persons who completed the risk assessment
  • Risk assessment methods used
  • Risk deriving from hazards
  • Control measures taken to attain acceptable risk levels (i.e., avoidance, elimination, substitution, administrative, and other control measures)
  • Additional relevant information about use, effectiveness of controls, elimination, reduction techniques.

Process Step 6 – Follow up on actions taken.

Establish analysis parameters.

    The effectiveness of the risk avoidance, elimination and reduction, and control actions taken should be determined.  Follow-up activity should be established to determine that:
  • The hazard/risk problem has been resolved, only partially resolved or not resolved
  • The actions taken did or did not create new hazards
  • An acceptable level of risk has been achieved.

If risk level is not acceptable, or new hazards are introduced, steps shall be taken to re-evaluate the risk and other risk reduction measures shall be proposed and taken. Alert management if acceptable risk has not been achieved.

Establish a site “Risk Register” or “Log” that tracks risk prioritization and risk mitigation activities to track ongoing risk identification and risk reduction efforts at the worksite.


Process Step 7 – Sustain and continuously improve the risk reduction process.

    This may include:
  • Communicating and training the workforce on the risk assessment process
  • Driving the risk assessment process as part of safety metrics
  • Integrating the Management of Change (MOC) process
  • Integrating site’s Root Cause Incident Analysis (Investigation) Process
  • Risk mitigation action planning
  • Incorporating risk assessment into other safety processes
  • Integrating the Prevention through Design process into the risk assessment process
  • Periodically auditing the risk assessment process
  • Incorporating risk assessment into all leadership communication and decision-making