Section

2.8 Risk Assessment Procedure

Second Version

June 15th 2016 OHSAS 4.3.1

Contents
1 PURPOSE ......................................................................................................................... 2
2 SCOPE .............................................................................................................................. 2
3 DEFINITIONS.................................................................................................................... 2
4 RESPONSIBILITY AND ACCOUNTABILITY .................................................................... 3
5 GENERAL REQUIREMENTS ........................................................................................... 5
6 RISK ASSESSMENT AND CONTROL PROCESS STEPS .............................................. 5
7 WORK FLOW .................................................................................................................. 10
8 RECORDS & DOCUMENT RETENTION ........................................................................ 11
9 ATTACHMENTS (RISK ASSESSMENT AND ANALYSIS TEMPLETE) ......................... 11
10 EXAMPLE (RISK ASSESSMENT AND ANALYSIS TEMPLETE) ................................... 12

2.8 Risk assessment procedure | Safety and Health Management System (5-Star) 1 - 12
 1 Purpose
Creating risk file for every position through specifying the needed procedures
for that starting with introducing the risks in the working environment and make adequate
assessment for them in addition to specifying adequate controlling methods. All that considered
as very necessary operation to eliminate risks that That could cause death, or lost of assets, or
stop of production in the Saudi Electrical Company

2 Scope
These instructions are applied upon all the activities in the Saudi Electrical Company and all the
companies that belong to it. These instructions concern with all the work places, duties, jobs,
equipment, devices and materials Specifying risks and develop methods to control them in order
to ensure health and safety of employees and assets to achieve the requirements of the safety
and occupational health administration system .

3 Definitions
o Acceptable Level of Risk

All risks shall be reduced As Low As Reasonably Practicable- *(ALARP).This is the

level of risk that all people involved in the risk assessment process consider to be
acceptable for people conducting the process to be exposed to; and the level that a
reasonable person would consider acceptable.
o Consequence

The consequence is the outcome of the event (Severity).

o Control Measures

Method used to reduce or control risks arising from identified hazards.

o Hazard

Anything (e.g. condition, situation, practice, behavior) that has the potential to cause harm,
including injury, disease, death, property and equipment damage, Fire .
o Likelihood

What is the possibility that something wrong might happen and this is can be evaluated
through different factors. Some of these factors are the duration of the intended job, the
repetition of the job, the probability of failure occurred, and the number of workers who
might be in danger.

2.8 Risk assessment procedure | Safety and Health Management System (5-Star) 2 - 12
 o Risk Assessment

Risk assessment is the evaluation of the likelihood of undesired events and the likelihood
of injury and damage which could be caused Risk Rating
A risk rating is the product of the likelihood and the consequence, and is a quantitative
assessment of the risk associated with workplace, a process or activity
o Risk Profile

Risk profile is a list of all risks identified in the sites/workplaces tasks/activities and
equipment/devices ranked based on their risk rating that help developing the objective and
targets for the business lines, sectors and departments.

4 Responsibility and Accountability

4.1 Vice Presidents, Executive Directors
Vice presidents and executive directors are accountable for :
4.1.1 Ensuring that the risk profile of the business line or sector is developed.
4.1.2 Ensuring the implementation of risk based approach of the safety management
system implementation consistent with the risk profile of the business line or
sector.
4.1.3 Ensuring the implementation of this procedure by every contractor work for them
or at their sites or equipment.
4.1.4 Ensuring that all the resources needed to implement the risk assessment
procedure is available to all departments and divisions.
4.1.5 Performing a periodic audit to the risk assessment to ensure the safe, consistent
and effective implementation.

2.8 Risk assessment procedure | Safety and Health Management System (5-Star) 3 - 12
 4.2 Managers, Supervisors and Contractors
Department managers, Division managers, Section supervisor and Contractors
responsible for:
4.2.1 Ensuring that their employees and contractors are trained to implement the risk
assessment procedure.
4.2.2 Ensuring the risk of every site/workplace, task/activity, equipment/device and
material was identified and assessed.
4.2.3 Ensuring the control measures & approved for every risk is in place and the risk
is reduced to reasonably acceptable level.
4.2.4 Ensuring safe, consistent and effective implementation of the risk assessment
procedure throughout their area of responsibility.
4.2.5 ensure that the findings of the risk assessments and the precautions to be taken
are effectively communicated to, understood and implemented by those persons
covered in the assessment
4.3 Industrial Security
Industrial Security Sector, Industrial Security Departments are responsible for :
4.3.1 Issuing and maintaining the risk assessment procedure.
4.3.2 Giving competent advice on the suitability and sufficiency of risk assessments
completed.
4.3.3 Provide training on risk assessment procedures as requested by managers.
4.3.4 Performing a periodic inspection on the risk assessment procedure to ensure the
safe, consistent and effective implementation throughout SEC.
4.3.5 Performing an annual audit to the risk assessment procedure to ensure the safe,
consistent and effective implementation throughout SEC.

2.8 Risk assessment procedure | Safety and Health Management System (5-Star) 4 - 12
 5 General Requirements
5.1 Risk Assessment must be undertaken when there is a reasonable
Occupational Health & Safety (OHS) risk associated with:
5.1.1 Sites/Workplaces
5.1.2 Tasks/Activities
5.1.3 Equipment / Devices
5.1.4 Materials
5.1.5 The introduction of new equipment, Materials, procedures, workplaces or
processes;
5.1.6 The modification of equipment, Materials, procedures, workplaces or processes;
5.1.7 Specific circumstances change that increase the risk .

5.2 Risk assessments must be completed by a team of persons who will be:
5.2.1 Undertaking the activity / process; or
5.2.2 Managing or supervising the workplace / activity / process.

5.3 planning and coordination of visits by the inspection team, There must
be consultation with:
5.3.1 Manager or supervisor of the area;
5.3.2 Personal undertaking the task;
5.3.3 ISD safety engineer/consultant and officer of the area;
5.3.4 Safety Coordinator;
5.3.5 External organization or subject matter expert (when appropriate).

6 Risk Assessment and Control Process Steps

6.1 Step 1:Hazard Identification
This is the most significant step in the risk management process and involves
two stages:

6.1.1 Identifying hazards;

6.1.2 Identifying potential hazards that can result from hazards

2.8 Risk assessment procedure | Safety and Health Management System (5-Star) 5 - 12
 6.2 Step 2: Assess Risk
Once the hazards have been identified, the level of risk that it possesses to the division,
department, and section has to be analyzed and determined. At this stage the adequacy of
present controls must also be considered.
Risk assessment is the overall judgment of the level of risk arising from the hazard, based
upon the likelihood of the hazard occurring and the potential severity of the account
existing risk control measures that are already established to be place to reduce / control
the risk. Using the RISK MATRIX illustrated below the level of risk will be assessed to
identify the risk rating.
With the extent of risk known, a decision has to be taken whether with the existing
controls, the risk is acceptable or whether something needs to be done about it. Should
the level of risk be found to be acceptable, it could be to related but measuring and
monitoring is required to detect any change in the level of risk.

Severity/Consequence (Impact/Hazard Effect)

(Where an event has more than one ' Loss Type ', choose the ' Consequence' with the highest rating)
Potential losses as a result 1 2 3 4 5
of the event type
Insignificant Minor Moderate Major Catastro
phic
(S/H ) Harm to People First Aid Medical Loss Time Single Multiple
Case/Exposure Treatment Injury/ Fatality Fatalities/
(Safety/Health) to Minor Health Case/ Reversible or Loss Impact on
Risk Exposure Impact on of health
to Major Health Quality Ultimately
Risk of Life / Fatal
Irreversi
ble
impact
on
Health
(BI MD) Business No Brief Partial Partial Substanti
Interruption/Material Disruption to Disruptio Shutdown/ Loss al or
Operation/ n to of Total
l/Fire Damage & Other Operatio 100k SR to Loss of
Consequential Loss 1000 SR to n/ 10k Less than Operat
Less than SR to 1M SR ion/ Operatio
10k SR Less 1M SR n/ 10M
than to SR and
100k SR Less more
than
10M
SR

2.8 Risk assessment procedure | Safety and Health Management System (5-Star) 6 - 12
 Determine the level of likelihood of danger

When there is more than one type of loss are choosing the most effect / rate Probability

Likelihood Classification

1 2 3 4 5
Rare Unlikely Possible Likely Almost Certain
Guideline for Risk Matrix Action

Risk Rating Risk Level Guidelines for Risk Matrix

Stop operation and review controls- Eliminate, avoid
16 to 25 (Ex) - Exterem
risk & , implement high priority action plans
Proactively manage & implement specific
12 to 15 (H) – High
controls/action plans-Review after 7 days
Actively manage & monitor – Additional controls is
8 to 10 (M) - Medium
advised & review after 30 days
Risk acceptable – Monitor & manage as appropriate
1 to 6 (L) - Low
with frequent review

Once the risk has been assessed against the defined tolerability criteria, a
decision can then be made to either:-

1) Tolerate the risk if it is ALARP; or

2) Consider treatment options if the risk does not fall within the tolerable range.
3) Note that if a risk is ‘tolerable’, it requires ongoing management and
monitoring, and management procedures shall be developed to ensure
that it remains in this risk category.
4) This decision making process should be consistent and repeatable. The
decision on risk tolerability is one made by management based upon risk
versus benefits. However, a risk that rates as ‘extreme’ using the risk
matrix falls into the 'intolerable' zone, hence, treatment options need to
be applied to these risks to bring them down to the ALARP range.

2.8 Risk assessment procedure | Safety and Health Management System (5-Star) 7 - 12
 6.3 Step 3: Risk Control
Suitable and sufficient risk control measures will be identified and implemented to ensure
that all risks are appropriately controlled and meet legal requirements as a minimum. All
risk control measures will follow the hierarchy of risk control stated in this illustrated in this
standard.
Risk control measures are methods used which reduce/control risks arising from the
hazard.
The Hierarchy of Controls (see diagram below) ranks control options from highest level of
protection and reliability to lowest. This should be used to determine the most effective
control/s.

2.8 Risk assessment procedure | Safety and Health Management System (5-Star) 8 - 12
 Hierarchy of Control

The hierarchy of control ranks risk control measures in decreasing order of desirability and
effectiveness. These are:

6.3.1 Elimination : Remove the hazard

6.3.2 Substitution :replace the hazard with a lesser one
6.3.3 Isolation : Separate people from the hazard
6.3.4 Engineering controls : Use physical barriers to control the hazard
6.3.5 Change process: change the way of doing the work.
6.3.6 Change work pattern: Job rotation, frequent breaks to reduce exposure.
6.3.7 Administrative controls: Include information, training, safe work procedures, work
permit system, warning signs and demarcation.
6.3.8 Personal Protective Equipment (PPE) : Last layer of defense to stop people from
being exposed to the hazard.
6.3.9 A number of these options may be considered and applied individually or in
combination.
6.3.10 When considering additional control measures it should be ensured that
they will not introduce any new hazards.
6.3.11 When the control measures have been identified and agreed they must be
prioritized, placed into an action plan and implemented. The action plan needs to
be clear about exactly what needs to be done, when and by whom with SMART
objectives (Specific, Measurable, Achievable, and Realistic and Timed).
6.3.12 Where full implementation of the control measures identified cannot be
achieved rapidly, adequate steps may need to be taken in the interim to minimize
the risk.
6.3.13 The implementation of the action plan must be monitored , subsequently
reviewed and re-evaluation of risk after the implementation of risk control to
ensure that the remedial actions identified have been, and continue to be,
adequate, appropriate and implemented.
6.4 Step 4: Communication:
Relevant information identified in the risk assessment regarding the hazards, their
associated risks to health and safety and the appropriate risk control measures must be
effectively communicated, and be readily accessible to, employees and others as
appropriate.
Managers need to ensure that the findings of the risk assessments and the precautions to
be taken are effectively communicated to, understood and implemented by those persons
covered in the assessment.

2.8 Risk assessment procedure | Safety and Health Management System (5-Star) 9 - 12
 6.5 Step 5: Monitor and Review
Monitoring and review needs to be undertaken at each step in the risk management
process. The process may need to be repeated if there are significant changes in the
original context (e.g., changes in the process, equipment, people, legislation, or
community expectations). The risk profile for a site, project or asset is dynamic and will
change, and hence, the risk management process and its outcome shall be reviewed at
regular intervals.
A significant and important component of monitoring risks is the development and
maintenance of a risk register. Application of the WRAC process described within this
standard will produce the necessary information to include in the register.

7 Work Flow

2.8 Risk assessment procedure | Safety and Health Management System (5-Star) 10 - 12
 8 Records & Document Retention
This document needs to be kept in the Safety and Health Management System (5-Star) files
and made available for auditing purposed.

8.1 Risk assessments and associated documents must be kept for a minimum
period of 2years.
8.2 Risk assessments must be documented and kept with the associated process
documentation.
8.3 The risk assessments must be accessible to staff and other parties that are
affected by the process.

9 Attachments (RISK ASSESSMENT AND ANALYSIS

Templete)

2.8 Risk assessment procedure | Safety and Health Management System (5-Star) 11 - 12
 10 Example (RISK ASSESSMENT AND ANALYSIS
Templete)

* You can get the form format (Excel) through the site (5-Star) on the internal company network

)ALARP( : As Low As Reasonably Practicable

2.8 Risk assessment procedure | Safety and Health Management System (5-Star) 12 - 12