1. What are risk matrices?

Most businesses will not need to use risk matrices. However, they can be used to help you work out the level of risk associated with a particular issue. They do this by categorizing the likelihood of harm and the potential severity of the harm. This is then plotted in a matrix. The risk level determines which risks should be tackled first.

Using a matrix can be helpful for prioritizing your actions to control a risk. It is suitable for many assessments but in particular to more complex situations. However, it does require expertise and experience to judge the likelihood of harm accurately. Getting this wrong could result in applying unnecessary control measures or failing to take important ones.

2. What is a hazard?

A hazard is anything that may cause harm e.g. chemicals, electricity, working from ladders, noise etc.

3. What do we need to record?

You only need to record your risk assessment if you employee 5 or more people.

You need to record:

the significant findings - what the risks are, what you are already doing to control them and what further action is needed;
details of any particular groups of employees who you have identified as being especially at risk.

4. Who should my risk assessment cover?

Your risk assessment should cover all groups of people who might be harmed by your business.

Think about workers affected because of risks associated with the particular jobs they do, such as setting, production and breakdown/ repair and maintenance. Contractors and shift-workers may not be familiar with what you do and the controls you have in place.

5. When do we need to do a risk assessment?

You should carry out an assessment before you do work which presents a risk of injury or ill-health.

You only need to do a risk assessment if you are an employer or a self employed person.

6. What should I include in my risk assessment?

Your risk assessment should include consideration of what in your business might cause harm and how and, the people who might be affected. It should take into account any controls which are already in place and identify what, if any, further controls are required.

You should be able to show from your assessment that:

a proper check was made;
all people who might be affected were considered;
all significant risks have been assessed;
the precautions are reasonable, and
the remaining risk is low.

7. How do I do a risk assessment?

To do a risk assessment, you need to understand what, in your business, might cause harm to people and decide whether you are doing enough to prevent that harm. Once you have decided that, you need to identify and priorities putting in place, appropriate and sensible control measures.

Start by:

identifying what can harm people in your workplace;
identifying who might be harmed and how;
evaluating the risks and deciding on the appropriate controls, taking into account the controls you already have in place;
recording your risk assessment;
reviewing and updating your assessment.

8. Which part of the SDLC includes Risk analysis?

SDLC Process
System Concept Development
Requirement analysis
operation & maintainence

This is the whole process of SDLC in that System Concept
Development includes the risk analysis