Risk Assessment and Risk Matrices

Risk assessment turns hazards into priorities

Risk combines the severity of potential harm with the likelihood that the harm will occur, often influenced by exposure frequency, exposure duration, number of people exposed, control reliability, and uncertainty. Risk assessment does not make hazards disappear. It helps decide which hazards need immediate action, what level of control is justified, and what residual risk remains after controls.

A risk matrix is a common tool for comparing severity and likelihood. Severity may range from minor first aid to fatality or catastrophic loss. Likelihood may range from rare to frequent. Some organizations include exposure or control effectiveness as separate factors. The key is to define scoring criteria before ranking hazards so the assessment is not driven only by opinion or politics.

Risk matrices are useful but imperfect. A color-coded box can simplify uncertainty too much. Two teams may score the same hazard differently if terms are vague. A matrix can hide rare catastrophic risk if likelihood is underestimated. It can also make a moderate recurring exposure look less important than a dramatic but unrealistic scenario. The ASP answer should use the matrix as one input, then apply professional judgment and the hierarchy of controls.

Existing controls must be evaluated honestly. A written procedure that is not followed should not receive the same credit as an engineered interlock that is inspected and maintained. PPE that is unavailable, uncomfortable, or not used correctly may not reduce residual risk as assumed. Control verification is part of risk assessment because the rating depends on real performance.

Risk assessment should be updated when conditions change. Triggers include new equipment, new chemicals, layout changes, staffing changes, contractor work, incident findings, near misses, audit results, process upsets, or new information about hazards. A risk assessment from last year may no longer be valid after a production rate increase or maintenance redesign.

A practical risk matrix workflow is:

1. Define severity, likelihood, exposure, and scoring criteria.
2. Identify the hazard and credible loss scenarios.
3. Score risk with current controls in place.
4. Choose additional controls using the hierarchy of controls.
5. Estimate residual risk after proposed controls.
6. Implement and verify controls.
7. Reassess if work, equipment, people, or data change.

For exam scenarios, avoid answers that use the matrix to justify inaction without control review. A high-severity hazard with weak controls usually needs action even if the likelihood estimate is debated. The best answer often combines risk ranking, feasible higher-level controls, worker input, and follow-up verification.