top of page

What is a risk assessment? Our step-by-step guide to mitigating risks at your operation

“Risk assessment” – it’s a buzz word you’ve probably heard many times in discussions around safety and security.

But what does it involve? Does your organisation need one? And what exactly do you need to do to ensure your people, assets and equipment are protected?

Risk assessments are a systematic process of evaluating potential risks that may be involved in a projected activity or undertaking. The purpose is to help you work out what you need to do to mitigate risks and potential hazards on site.

As Safe Work Australia puts it, “risk management involves thinking about what could happen if someone is exposed to a hazard and how likely it is to happen.

Risk management and assessments are our bread-and-butter services here at Goldfields Security Services.

Everything we do begins with a risk assessment – a deep dive into your unique organisational risks and challenges to be able to come up with a water-tight strategy that alleviates any potential security risks raised and ensures best practice to protect your business and team.

The truth is every business will have an element of risk – the level of risk will vary – but we cannot stress enough the importance of completing a risk assessment in-house or enlisting the help of a specialist (like us).

As an employer or manager, you have a duty of care to your employees, contractors and customers/patrons, not just ethically but from a legal standpoint also.

In the Work Health and Safety Act 2020, duty of care is a key area of focus. It states a person conducting a business or undertaking must ensure “the provision and maintenance of a work environment without risks to health and safety, the provision of adequate facilities for the welfare at work of workers in carrying out work for the business or undertaking, and the provision of any information, training, instruction or supervision that is necessary to protect all persons from risks to their health and safety arising from work carried out as part of the conduct of the business or undertaking”.

By taking the time to assess your operational risks and put the correct documentation, policies and procedures in place and subsequent measures to mitigate them i.e security cameras, drone patrols, physical guards etc, you’re honouring your duty of care to your business and team.

A risk assessment involves:

1. Identifying hazards and risk factors

A hazard is something that has the potential of causing harm to people, property or the environment, while the risk is the likelihood of a hazard to cause harm or damage under defined circumstances. A job hazard analysis document (JHA) tells employees and contractors what the risks are associated with the job.

2. Analysing and evaluating the likelihood of their occurrence

This is where you will need to consider how long your personnel are typically exposed to a potential hazard.

3. Determining ways to controls them

There are five hierarchies of controls:

· Elimination - physically removing the hazard

· Substitution - replacing the hazard to safer available alternatives

· Engineering controls - physically isolating people from the hazard

· Administrative controls - changing the way people work (policies, procedures)

· Personal protective equipment (PPE)

4. Documenting your findings

All risk assessments should be stored for future review and updates.

Steps to ensuring ‘effective’ risk management

Conducting a thorough risk assessment involves embedding risk management into the daily operational life of your organisation.

The steps to effective risk management include:

1. Identifying your ‘controls’ (high to low consequences)

Controls are things that are currently in place to reduce the risk on site. Typically, they are measures that have been introduced/implemented following a previous incident. And interestingly, if you go back to the incidents that have occurred in the past, we’d suspect a large proportion of these probably happened not because of a lack of controls but because of the failure of existing controls.

Examples of controls include physical security and drone patrols which lower the risk on site as they are a visible deterrent

In addition to identifying your controls, you also need to understand how effective they are. If your control is effective, the majority of things you're worrying about are less likely to happen.

To establish effective controls, the best way is to link this back to risk and causes. For every cause that you identified there should be a control in place.

For example, let’s just say the risk on your site is a worker falling from heights.

Causes for a potential incident would include things such as no safety equipment provided, failure of safety equipment, employees failing to wear safety equipment, lack of ineffective training/induction or lack or ineffective supervision.

By linking them together, we can see control coverage. When we link them together, we can see a pattern of being over controlled / gaps. We also need to understand there is a criticality to our control. It needs to be recognised that not all controls will have the same impact pertaining to reducing or maintaining the level of risk.

If we treat all of the controls associated with high consequence risks the same, we may commit more resources than are necessary. This is why assigning criticality to each of the controls will assist in prioritising your audit program.

2. Developing measures of effectiveness

The next step is developing measures of ‘control’ effectiveness. You shouldn’t ever assume your controls are effective because they're in place.

Just because there hasn’t been an incident doesn’t indicate control ‘effectiveness’, it instead might mean you’ve just been very lucky. But we all know luck can be short-lived and run out one day.

The way to measure the effectiveness of your controls is to establish a set of key performance indicators (KPI) against your controls.

How often should Kalgoorlie risk assessments be completed?

So how often should you be completing risk assessments at your organisation?

Risk assessments need to be undertaken by any organisation that has a team of staff, particularly Goldfields construction, industrial and mining operations, and premises where there are assets to protect, or events or businesses where there are large numbers of people assembling or passing through.

How often you revisit this will, of course, depend on your business and industry and the level of risks involved, however as a general rule, we recommend a risk assessment review at the start of every year.

In addition to this, you will also need to undertake an incident registry every few months assessing risks and assessing any incidents on site.

Safe Work Australia also echoed our views and states on its website “Risk management should be ongoing. You may need to think about risk management again when changes occur within your workplace.”

Changes that may influence the need to conduct a risk assessment review include:

· starting a new business

· expanding or purchasing an existing business

· designing products, processes, or places for work

· changing your work practices, procedures, or environment

· changing your organisational structure or job roles

· introducing new or returning workers to the workplace

· purchasing new or used equipment

· using new substances

· working with a new supplier

· working with a new commissioner of your services

· planning to improve productivity or reduce costs

· new information about workplace risks becomes available

· responding to workplace incidents (even if they have caused no injury)

· responding to concerns raised by workers, health and safety representatives or others at the workplace

· required by the WHS regulations for specific hazards.

Goldfields Security Services risk assessments

At Goldfields Security Services, we offer risk assessments in a consultancy capacity or all of our security clients receive a free risk assessment as part of their service.

If you have some questions, we’d love to hear from you. We invite you to call us on 0404 449 326 or email

37 views0 comments


Security Blog


bottom of page