From EHSToday.com, a great article on Risk Assessments, why they may fail to deliver, and why they are important through the life of the process for MOC, etc. Including hierarchy of controls, and prioritizing risk.
Safety 2012: 10 Reasons Your Risk Assessments Are Inadequate
Two risk control experts who have performed thousands of risk assessments throughout their careers have concluded that "a number of those risk assessments are not performed very well." They shared their expertise with ASSE Safety 2012 attendees in a June 5 session in the Colorado Convention Center."Organizations face a wide range of risk every day that has the potential to impact their ability to stay in business," said Bruce Lyon, CSP, PE, ARM, CHMM. "Risk assessment is an important tool to help manage that process."
Lyon and Bruce Hollcroft, CSP, ARM, CHMM, both directors of risk control at Hays Companies, presented the top 10 reasons your risk assessments may be inadequate:
9. Failing to define the purpose and scope of the assessment. "When you fail to have a good purpose and scope, you lack direction, you lack focus," Hollcroft explained. "When you do have a good focus of scope, you get input from people who are going to be using that information."
8. Failing to understand organization's acceptable risk level. "A lot of organizations that I have dealt with have not thought of or defined what they are willing to accept in terms of risk," Lyon said. "Then you see a lot of organizations that promote the zero-injury goal. That's an impossible goal. There is a level where we have to accept the risk based on the fact that it's either impractical to reduce the risk further or the costs outweigh the gains that are achieved."
7. Failing to assemble the best team possible to perform the risk assessment. Without a trained, informed and competent team behind your efforts, the risk assessment will be weak.
6. Failing to use the best risk assessment technique. Organizations that are unaware or unskilled in risk assessment can fall into this trap.
5. Failing to be objective and unemotional during the assessment. Factors that may result in a biased or emotion-based assessment include influence from recent events/trends, personal experiences, personal areas of interest and strong personalities. The assessment team needs to be well balanced, objective and unemotional while assessing risk.
4. Failing to identify hazards and see combined whole-system risk. "Having a diverse team is important to address range of potential risks that exist," Lyon said. "If risk isn't identified, it doesn't get managed." Don't view risks as mutually exclusive; consider how individual risks could impact other risks.
3. Failing to consider the hierarchies of controls or prioritize by risk. "It's just not effective to rely on PPE," Hollcroft said. "If you don't have reliable controls, you might not want to consider them in the assessment."
2. Failing to perform risk assessment during the design/redesign stage. "Unfortunately, many organizations don't even consider doing risk assessments at this stage," Lyon said, but in reality, this is an imperative time for risk assessments. Conduct assessments at new facilities, during installations and when modifications and changes occur.
And the No. 1 reason your risk assessments may be inadequate is…
1. Failing to communicate before, during and after the assessment. Before an assessment, determine who needs to be involved and ensure they understand what's expected of them. During the assessment, make sure everyone understands the process and their responsibilities. And afterward, convey the information to others so they can put it to work for themselves. "Figure out what you can share and share it," Hollcroft said. "Failure to communicate is a huge shortcoming when we conduct risk assessments."