The risk management approach to health and safety

This guidance provides employers with general information about taking a risk management approach to health and safety in their business.

The risk management approach

The aim of occupational health and safety (OHS) risk management is to eliminate the risk of injuries and illness associated with work, so far as reasonably practicable. If it is not possible to eliminate risks, the risks must be reduced so far as reasonably practicable. Managing health and safety requires a process of hazard identification, risk assessment, risk control and ongoing evaluation of control measures.

Effective management of health and safety hazards also involves training, consultation, documentation of health and safety activities and regular review of the management system.

Risk management is a continuous process as technology changes and further options for the control of risks become available. Risk management requires ongoing consultation between employers, employees and any health and safety representatives (HSRs) when determining the approach and methods to use.

Employers must provide information, instruction, training and supervision so employees can perform their work in a safe manner.

Training should provide employees and their supervisors with an understanding of:

  • health and safety legal responsibilities
  • the nature of the hazards in the workplace
  • the process of hazard identification, risk assessment and risk control
  • the arrangements for reporting
  • circumstances likely to cause hazards
  • the reasons for the risk control measures in place in the workplace
  • safe use of the risk control measures in place
  • safe work practices

Employers also have to keep information and records relating to the health and safety of employees. This information includes records for legal requirements, for example, injury reports, as well as records of hazard identification, risk assessment and risk control. A review of health and safety enables an organisation to determine whether its health and safety risk management is effective.

Businesses must review policies, procedures and control measures over time to ensure they are achieving their objectives.

Risk management is good for business

Employers have a legal obligation to provide a healthy and safe workplace. Managing health and safety hazards also makes good business sense. It can reduce costs, increase productivity, boost morale and improve employee relations.

Who is responsible for health and safety

The Occupational Health and Safety Act 2004 (OHS Act) provides a broad framework for improving standards of workplace health and safety to reduce work-related injury and illness. Employers, employees and others have responsibilities under the OHS Act.


The OHS Act regulates OHS by making employers work proactively and take every reasonable action to ensure health and safety in their business activities.

Employers must, so far as reasonably practicable, provide and maintain a working environment that is safe and without risks to health. They must, so far as reasonably practicable, eliminate risks to employees and ensure their business activities do not put the health and safety of others at risk. If employers cannot eliminate the risks, they must reduce the risks so far as reasonably practicable.

Employers also have duties to consult with employees, duties relating to incidents and duties not to discriminate.


Employees have obligations to take reasonable care of the health and safety of themselves and others their work may affect. Employees must also cooperate with the employer's actions to comply with the OHS Act or Occupational Health and Safety Regulations 2017 (OHS Regulations).

Employers should make sure all managers, supervisors and employees are aware of their OHS responsibilities. Employers should achieve awareness through consultation, documenting responsibilities and ensuring there are processes in place to hold people accountable for OHS performance.

Others with responsibilities

Designers of plant, buildings or structures also have responsibilities under OHS legislation, as do manufacturers and suppliers of plant and substances and people installing, erecting or commissioning plant. More guidance and information about duties under the OHS Act and OHS Regulations is available on the WorkSafe website.

Make health and safety management part of the business

Systems and processes to manage health and safety hazards should be part of the day-to-day running of any business.

Businesses should have plans and systems to manage OHS. The best system will depend on the nature and size of the business, however, there are a number of elements to consider as a basis for any sound OHS management system.

Consultation between employers and employees

Employers must consult with their employees, independent contractors the employer has engaged and employees of the independent contractors, so far as reasonably practicable, when:

  • identifying or assessing hazards or risks
  • making decisions about how to control risks
  • making decisions about the adequacy of facilities for employee welfare
  • making decisions about procedures to:
    • resolve health and safety issues
    • consult with employees on health and safety
    • monitor employees' health and workplace conditions
    • provide information and training
  • determining the membership of any health and safety committee in the workplace
  • proposing changes that may affect employees' health and safety, such as changes to:
    • the workplace
    • plant, substances or other things used in the workplace
    • the work performed at the workplace
  • doing any other thing prescribed by regulations

Consultative arrangements should be in place so the employer, employees and any HSRs can work together developing and promoting measures to ensure employees' health, safety and welfare at work.

Consultation should involve:

  • managers and supervisors representing the employer
  • employees and any elected HSRs or other parties representing employees

A health and safety committee is a good way to develop and promote employee health, safety and welfare measures. Consultation about specific issues and hazards should include direct discussion with relevant employees.

Further information about health and safety committees and HSRs is available in the OHS Act and OHS Regulations.

Hazard identification

Hazard means the potential to cause harm, such as injury or illness.

Hazard identification is the process of identifying all situations or events that could give rise to injury or illness. Hazard identification generally involves considering:

  • the type of injury or illness possible, for example, musculoskeletal disorders (MSDs)
  • the situations and events that could create potential for the injury or illness

Risk assessment

Risk means the likelihood of harm arising from exposure to any hazards and the consequences of that harm.

The risk assessment process determines whether there are any risks associated with the identified hazards. Risk assessment generally involves considering the:

  • nature of exposure to the hazards, including the frequency and level of exposure
  • pattern of exposure and whether it is continuous or intermittent
  • adequacy of any existing risk control measures

Risk control

The risk control process determines and implements appropriate measures to control risk. Legislation requires factors assessed as posing an increased risk be controlled so far as 'reasonably practicable'. 'Reasonably practicable' in this case means you need to consider:

  • the likelihood of the hazard or risk eventuating
  • the degree of harm that would result if the hazard or risk eventuated
  • what the person concerned knows, or ought reasonably know, about the hazard or risk and any ways of eliminating or reducing the hazard or risk
  • the availability and suitability of ways to eliminate or reduce the hazard or risk
  • the cost of eliminating or reducing the hazard or risk

The WorkSafe website has guidance that explains WorkSafe's position on 'reasonably practicable' in respect to duty holders meeting their obligations under Part 3 of the OHS Act.

Elimination of risks

The objective of the OHS Act is the elimination at the source of risks to the health, safety and welfare of persons at work.

If risks cannot be eliminated, OHS legislation requires that the risks be reduced so far as reasonably practicable. You could use one or more of the following methods to reduce risks:

  • substitution of the hazard with something posing a lower risk
  • isolation, for example, enclosing the hazard
  • engineering controls, for example, a mechanical aid

If a risk to health and safety remains, administrative controls should be applied, for example, work procedures and training, and, if relevant, personal protective equipment (PPE) should be worn.

Evaluation of control measures

Evaluation of control measures means checking to see whether the introduced changes reduce the risk previously assessed. Evaluation may involve repeating the process of hazard identification, risk assessment and risk control to ensure all risks to health and safety from a particular hazard have been controlled as far as practicable. This depends on the hazard, the nature of the assessed risks and on the control measures used. Where the evaluation of risk control measures reveals some remaining risk, the process continues until risk is minimised as far as reasonably practicable.