By Andrew Hobbs

Key risk registers – documents recording information relating to the risks that exist in a workplace – are an important part of a business’s safety system.

A key risk register is the place where you can identify, assess and document all significant risks your workers are exposed to while at work.

While key risk registers are not regulated, they are a useful tool to keep track of all the areas of risk in your workplace and ensure that the controls you have in place are adequately managed and maintained.

For a key risk register to be effective, it should include the following information:

• a description of the risk and how it could impact the business;
• a list of the risk management systems currently in place;
• a list of supporting documents, photos or videos describing the risk and current controls;
• a description of the likelihood of an event happening and the likely severity of the outcome – often expressed as a code red, yellow or green-level risk;
• an assessment of whether the risk controls in place are adequate;
• a record of any additional corrective action taken;
• a position title for the person responsible for any additional corrective action;
• a record of the target date for that action, and the date the action is actually completed; and
• the assessed risk level once the listed additional corrective action is completed.

5 common key risk register mistakes

Safety Action CEO Gary Rowe says key risks registers should mature over time – being edited regularly, especially when incidents or accidents occur, or when new technology becomes available.

That said, they are not fool-proof. Rowe has identified five common errors in key risks registers that often mislead company officers. They are listed below:

1. The register is outdated

If the key risk register is not kept up to date, it does not describe the current risk profile of your business and is not an accurate indication of the level of risk your workers are exposed to or areas that need to be closely monitored.

1. Risks are rated based on incidents rather than risk level

It is important to consider the severity of the potential outcome when rating risks. For example, an incident where a person suffers a twisted ankle because of the uneven factory floor surface should not be rated higher than the working at height risk of an elevated platform with no safety rail simply because no one has fallen yet.

1. The risk control does not match the risk

Team members who are not educated on risks might think that a certain control measure is appropriate, but whether or not this is true will depend on the level of exposure to the risk.

For example, in a situation where there have been three near misses of an event that has the real risk of serious injury, a control suggesting the use of plastic bollards and line painting may not be sufficient.

1. The register does not adequately explain control implementation

Registers must offer insight into how the controls are functioning, of an issue’s expected resolution date and who is responsible.

1. There is no explanation about the safety system of which the register is part

A key risk register helps accurately record exactly where the business is in dealing with a risk, identifying hazards and instituting controls using the business’s resources in accordance with the level of risk.

Once officers understand exactly how the key risk register is expected to work, it becomes easier to understand why other control mechanisms such as training registers, monitoring and reporting systems are in place, and what they aim to achieve.

A guide for company officers

Gary Rowe says that when a key risk register is regularly reviewed and provided to new executives and directors, they and other company officers will have a great starting point to help them identify which risks should be the highest priority and a clear understanding of what controls are in place.

Here are eight questions he recommends any officer should ask after reviewing the key risk register:

• Do the highest-order risks still exist, and if so, what urgent action is being taken to address them?
• Do the same risks appear again and again? Are we making headway in fixing the issues, and if not, why not?
• What are our legal obligations in relation to any hazards that cannot be eliminated? Are we fulfilling those obligations?
• When can we have board and executive training around the hazards in our workplace?
• How do we measure risk and why have we allocated the higher risk ratings?
• How do we get meaningful and up-to-date reports around our safety system and how should we interpret them?
• What are similar businesses doing and how can we draw from their experience?
• What legal and operational health and safety knowledge do we need as officers and can we have a structured training program to obtain and maintain this knowledge?