BACHELOR OF OCCUPATIONAL SAFETY AND HEALTH MANAGEMENT

WITH HONOURS

SEMESTER MAY / 2023

XBRA 3103

OSH RISK MANAGEMENT

 TABLE OF CONTENTS
TASK I: Essay Writing .................................................................................................... 2
1 INTRODUCTION..................................................................................................... 2
1.1 Company Profile................................................................................................. 3
1.2 Company Organisation ...................................................................................... 4
1.3 Company Size ..................................................................................................... 7
1.4 Address and Location ........................................................................................ 7
2 HIRARC (Hazard Identification, Risk Assessment, and Risk Control) .............. 8
2.1 Hazard ................................................................................................................. 8
2.2 Danger ................................................................................................................. 8
2.3 Likelihood ........................................................................................................... 8
2.4 Risk Assessment.................................................................................................. 8
3 METHODOLOGY ................................................................................................... 9
3.1 Hazard Identification ......................................................................................... 9
3.2 Method for Risk Assessment ........................................................................... 11
3.3 Method for Risk Control ................................................................................. 13
4 CASE STUDY – HIRARC FORM ........................................................................ 15
4.1 Hazard Identification / Risk assessment ............................................................. 15
4.2 Summary................................................................................................................ 20
TASK 2: Replective Essay .............................................................................................. 21
REFERENCES................................................................................................................ 26

1
TASK I: Essay Writing

1 INTRODUCTION

HIRARC is the fundamental key element in managing occupational risk. This activity
must be supported with other elements to ensure the effectiveness of risk control, making
the workplace safer and more conducive. There is a lot of other approaches to managing
risk as discussed and this knowledge has expanded based on technology and approach
made by the industry and the government. Safety and Health professionals must have the
skill to materialize the paper practice (HIRARC) from idea to actual control.

While conducting HIRARC, it is essential to consider various factors, including the

number of workers and relevant demographics information, as well as the distinction
between permanent and contract workers. By incorporating these details, employers can
gain a more comprehensive understanding of the workforce and tailor their risk
management strategies accordingly. Therefore, in elaborating the implementation of OSH
risk management and performing the OSH risk assessment for this assignment a high-risk
industry is selected. The objective is:
• To identify types of hazards in area involve
• To make Risk Assessment
• To suggest Risk Control to organization
• To Implementing Risk Controls
• To review risk controls

2
1.1 Company Profile
Megapadu Sdn. Bhd. (Company No. 198069-V) is a certified with the prestigious ISO
9001:2008 company, was incorporated in Malaysia in May 1990. Their core business is
mainly manufacturing of Polyethylene Fittings for water and gas, Oil and Gas and Marine
industry. They fully confident to provide valuable service to the satisfaction of their
clients in these specialized fields and with many years of experience in manufacturing,
supplying and providing competent engineering services for the downstream and
upstream industries.

Megapadu Sdn. Bhd. believes in providing high level of services to its clients safely
without compromising on the required standard. It is our duty to ensure that all prices
offered are competitive and the products/projects are delivered within the stipulated
contract period. The staffs are professional and well trained to maintain the highest
standard required to all their clients. With their pool of experienced and skilled employee,
they believe all objectives are achievable under their capability. Not to mention they are
well managed, financially stable and knowledgeable in the products or contracts they deal
with.

Figure 1: Company Photo

3
1.2 Company Organisation

Figure 2: Organization Chart

MEGAPADU is committed to manufacture and deliver their products that meet the
highest standard that comply with customer requirement including regulatory and
statutory regulations at all times through continual improvement of quality management
system. In relation with their Quality Policy, therefore:
✓ To minimize product defect in every stage of product realization from receiving,
production until delivery
✓ To achieve customer satisfaction through minimization of customer complaint
✓ To provide high level of competent engineering services for the downstream and
upstream industries without compromising on the Health and Safety requirement.
✓ To provide product and services comply with statutory regulations and International
Standard.

4
✓ To maintain the highest standard of professional team, through continual
improvement of our management system at all level of our organization.

The purpose of HIRARC are as follows:

• To identify all the factors that may cause harm to employees
• To enable organization to plan, introduce and monitor preventive measure to ensure
that the risks are adequately controlled at all times.
• Law of requirement:
o The Occupational Safety and Health Act 1994
o Control of Industrial Major Accident Hazards
o Use and Standard of Exposure of Chemical Hazardous to Health Regulation

5
In this HIRARC process, the activities that planned and conducted for the organization
intending to continuously improve OSHA Management System and handle situation that
they face; where hazard appear to pose significant threat, uncertain whether existing
controls are adequate and before implementing corrective or preventive measures.

Figure 4: Flowchart of HIRARC Process

6
1.3 Company Size
With a total of 1-50 employees.

Demographics info
i. Director – 2
ii. Managerial – 6
iii. Executive - 15
iv. Non-Executive -8
v. General Worker - 4
vi. Contractor Worker allocated on project basis as per required by client.

1.4 Address and Location

Company Address:
No 38 Jalan Serendah 26/39,
iParc 2, Seksyen 26
40400 Shah Alam,
Selangor Darul Ehsan

Figure 5: Company Location

7
2 HIRARC (Hazard Identification, Risk Assessment, and Risk Control)
HIRARC is a tool to measure the risk and control the risk that come the hazard of any
workplace and its activities. The HIRARC framework is widely used in occupational
health and safety management. It consists of the following components:

2.1 Hazard
A hazard refers to any potential source of harm, damage, or adverse health effects. It can
include physical, chemical, biological, ergonomic, or psychosocial factors that may pose
a risk to workers. Hazards need to be identified and understood to effectively manage the
associated risks. Each hazard should be studied to determine its' level of risk. Workplace
hazards can come from a wide range of sources.

2.2 Danger
Danger is the potential consequences or harmful outcomes associated with a hazard. It
involves identifying the specific harms or injuries that can occur if the hazard is not
properly managed or controlled. Understanding the potential dangers helps in assessing
the severity of the risk.

2.3 Likelihood
Likelihood is an event likely to occur within the specific period or in circumstances
causing harm or injury. It involves assessing how often the hazard is likely to occur or
expose individuals to potential harm. The likelihood can be influenced by various factors
such as the frequency and duration of exposure, the effectiveness of control measures,
and the experience and behavior of individuals involved.

2.4 Risk Assessment

Risk assessment is the process of evaluating the potential risks associated with identified
hazards. It involves analyzing the combination of the hazard, the danger it poses, and the
likelihood of occurrence to determine the level of risk. Risk assessment aims to quantify
and prioritize risks to enable effective risk control measures to be implemented.

8
3 METHODOLOGY
In Malaysia, the Department of Occupational Safety and Health (2008) had published the
HIRARC guidelines. The guidelines explain a systematic approach to identify hazards
and assess their related risks to provide objective measures to control the hazards.
According to Occupational Safety and Health Act 1994 (Act 514), it is the duty of an
employer to provide a safe workplace for employees. HIRARC involves three
consecutive activities: Hazard Identification, Risk Assessment and Risk Control.

Figure 6: Hazard and Risk Management

3.1 Hazard Identification

Hazard identification is aimed at highlighting critical operations of tasks, or tasks
presenting huge risks to employee health and safety besides emphasizing those hazards
associated with specific, equipment due to energy sources, working conditions or
activities done. Hazards fall into three major areas of health, environmental and safety
hazards (Department of Occupational Safety and Health Malaysia, 2008).

Figure 7: Hazard Main Group

9
Hazard identification involves identifying activities that may cause injury or harm, it can
be identified by:
a) Workplace Inspections: Regular inspections of the workplace to identify potential
hazards. This involves visually examining the physical environment, equipment,
processes, and work practices to identify any existing or potential hazards.
b) Job Hazard Analysis (JHA): A systematic process of breaking down jobs into
specific tasks and analyzing each task to identify hazards. It involves observing and
documenting the steps involved in a job, determining potential hazards at each step, and
recommending control measures.
c) Incident Investigation: Investigating past incidents, accidents, near misses, or
occupational illnesses to identify underlying hazards that contributed to the event.
Lessons learned from incident investigations can help identify hazards and prevent
similar incidents from occurring in the future.
d) Safety Data Sheets (SDS): Reviewing safety data sheets provided by chemical
suppliers to identify potential hazards associated with the use, storage, and handling of
hazardous substances.

10
3.2 Method for Risk Assessment
Risk assessment is the process of understanding the risk and take control to minimizing
or eliminate the risk. Risk assessment use to determining the likelihood for a harm to
happen on an individual subjected to severity. In short, risk can be presented as statement
below: Risk = Likelihood x Severity

In Department of Occupational Safety and Health Malaysia, 2008 guidelines qualitative and
semi quantitative method uses as an example.
a. Qualitative analysis use methods such as risk matrices, risk rating scales, or risk
categorization to assess risks. This involves assigning subjective ratings or categories
to hazards based on their severity and likelihood, considering the potential
consequences and the probability of occurrence.
b. Semi-quantitative analysis, qualitative scales such as those described above are
given values. Therefore, to produce a more expanded ranking scale than is usually
achieved in qualitative analysis, not to suggest realistic values for risk such as is
attempted in quantitative analysis.
c. Quantitative Analysis utilizing techniques such as probabilistic analysis, fault tree
analysis, or event tree analysis to assess risks. This involves collecting and analyzing
data to estimate the probability and severity of potential hazards and their
consequences in numerical terms.

Here are some important tables to conduct HIRARC:

(Source: Department of Occupational Safety and Health Malaysia, 2008.)

Table A: Indicates Likelihood Level of Values

11
 Table B: Indicator Level of Severity

Table C: An Example Risk Matrix values

Table D: Risk Descriptions

12
3.3 Method for Risk Control
Risk control is introducing or suggesting control measures which will eliminate or reduce
the risk of a person being exposed to a hazard. Appropriate risk control should be
established and implemented according to the level of risks identified. The risk control
process starts by considering the highest ranked risks, working down to the least
significant. Each risk should be examined having regard to the “hierarchy of controls”.
The hierarchy of control is shown in Figure 8.

These are the following priority order:

i.) Elimination
Getting rid of a hazardous job, tools, process, machine or substances is perhaps the
best way of protecting workers. For example, a salvage firm might decide to stop
buying and cutting up scrapped bulk fuel tanks due to explosion hazards.
ii.) Substitution
Replace or change the hazard or harmful practices. For example, a hazardous
chemical can be replaced with a less hazardous one. Controls must protect workers
from any new hazards that are created.
iii.) Isolation
Isolate hazard or dangerous working practices and kept it away from workers. For
example, an insulated and air-conditioned control room can protect operators from a
toxic chemical.
iv.) Engineering Control
Modifying the physical environment or processes to eliminate or reduce the hazards.
This may involve redesigning equipment, implementing ventilation systems, or
installing safety guards and barriers as isolation from sources of danger.
v.) Administrative control
Implementing policies, procedures, and work practices to reduce exposure to hazards.
This includes training programs, job rotation, signage, work permits, and standard
operating procedures (SOPs).

13
vi.) Personal Protective Equipment (PPE)
An equipment which is intended to be worn or held by a person at work and which
protects him against one or more risks to his health or safety. PPE should be
considered for residual risk. Residual risk is the remaining risk after all other risk
controls are in place. Safety helmet, mask, safety shoe, apron, rubber mat, gloves, ear
muff etc.
(Source: Department of Occupational Safety and Health Malaysia, 2008.)

Figure 8: Hierarchy of Controls

14
4 CASE STUDY – HIRARC FORM
The employee assigned or involve (PIC) shall develop a hazard identification and
assessment methodology taking into account the following documents and information:
• Any hazardous occurrence investigation report
• First aid records and minor injury records
• Any user complaints and comments.
• Any report under the regulation of Occupational safety and Health Act, 1994

The HIRARC process requires four simple steps:

i.) classify work activities;
ii.) identify hazards;
iii.) conduct risk assessment (analyze and estimate the risk of each hazard), by
determining or estimating likelihood of occurrence, and the severity of the hazard;
iv.) decide whether the risk is acceptable and apply control measures (if necessary).
(Source: Department of Occupational Safety and Health Malaysia, 2008.)

4.1 Hazard Identification / Risk assessment

HIRARC FORM

Syahdizam (Project Engineer),

Conducted By:
Company Megapadu Sdn Bhd M Hafizul (Contractor PE),
(Names, Designations)
Nurol Hudah (WSHC)

Process / Location General System Installation Date Conducted 04-04-2023

Adi Marzrimi
Approved By Reviewed By: -
(Project Manager)
Mohd Asrin, Next Review
Acknowledged By Last Review Date - -
(HSE Manager) Date

15
There are five types of hazards that were identified during the HIRARC conducted
TABLE E Job / Task List in HIRARC Form

16
17
TABLE F Risk Assessment

18
 TABLE G: Occurrence Classification
NO IMPACT FREQUENCY

5 Frequent Daily Occurrence

4 Likely Weekly Occurrence

3 Occasionally Monthly Occurrence

2 Unlikely Yearly Occurence

1 Remote Less than once in three years

TABLE H: Risk Matrix

Risk Matrix SEVERITY

Insignificant (1) Minor (2) Serious (3) Major (4) Catastrophic (5)
LI Frequent (5) Medium (5) Medium (10) High (15) Extreme (20) Extreme (25)
KE
LI Likely (4) Medium (4) Medium (8) Medium (12) High (16) Extreme (20)
H
O Occasionally (3) Medium (3) Medium (6) Medium (9) Medium (12) High (15)
O
D Unlikely (2) Low (2) Medium (4) Medium (6) Medium (8) Medium (10)

Remote (1) Low (1) Low (2) Medium (3) Medium (4) Medium (5)

19
 TABLE I: Risk Level Recommended Action
RISK LEVEL ACCEPTABILITY OF RISK RECOMMENDED ACTION
LOW Acceptable No additional risk control measures required. Frequent review may be required to ensure that the
assigned risk level remains appropriate.
MEDIUM Moderately Acceptable Careful assessment of the hazards involved should be carried out to reduce the risk level as far as
practicable within a defined period of time (typically the time taken to perform a specific activity).
Additional interim risk control measures may be required.
HIGH Unacceptable Risk level shall be reduced to at least Medium Risk Level prior to commencement of work by
removing the risk factors (preferred) or implementation of additional control measures. Any such
measures shall not overly rely on PPE or appliances. Management intervention is required.
EXTREME Unacceptable Work may NOT proceed until risk level is reduced to Medium or lower. A detailed action plan and
management involvement is required.

4.2 Summary
The hazards that have assessed as high risk (Extreme) should take immediate actions to resolve the possible risks. Choosing a suitable
control is important to eliminate the hazard or reduce the risk. From the risk assessment matrix most of caused under the risk level
medium. Thus, careful assessment of the hazards involved should be carried out to reduce the risk level as far as practicable within a
defined period of time (typically the time taken to perform a specific activity). Additional interim risk control measures may be
required. Only involve internal solution and administrative control such as SOP is needed. Prior to that communication with staff on
training and reminder for redundant caused of accident. Monitoring must be conducted in 3-6 month as to review and follow up with
the previous incident,

20
TASK 2: Replective Essay
Risk management is a crucial aspect of any industry, regardless of its risk profile.
High-risk industries, such as oil and gas, mining, and construction, inherently face
numerous hazards, while low-risk industries, such as information technology and finance,
deal with risks related to data security and regulatory compliance. Effective risk
management is vital for both high and low-risk industries to ensure the safety, stability,
and sustainability of operations. Failure to manage risk in these industries might be one
of the reasons why industries experience difficulties to grow and be sustainable We will
view the key challenges in managing risk in both industries, examining aspects like
business, human resources, technology, finance, legal, and other factors that obstructing
the effectiveness of risk control implementation. Furthermore, provides solutions on the
issue address and enhance the effectiveness of risk control implementation.

Business Challenges
In high-risk industries, some organizations may not prioritize risk management,
underestimating potential risks due personal perception led to lack of preparedness for
unexpected events or disruptions can result in significant consequences. Market
conditions is uncertain and keep changing may make risk assessment and mitigation
difficult. Regulatory compliance also can be challenging due to stringent standards and
evolving regulations. Therefore, to overcome this, organizations should integrate risk
management practices into their overall business strategies and operations. By implement
a comprehensive risk management framework that includes continuous monitoring of
market conditions, regular risk assessments, and robust contingency plans. Will establish
strong organizations that proactively with irrespective of the industry's risk profile.

Human Resources Challenges

All risk industries face challenges related to the availability of skilled professionals with
adequate knowledge and expertise. Employee turnover can affect the continuity and
effectiveness of risk management efforts. Organization struggles to attract and retain
skilled professionals. Ensuring a safety culture and promoting risk awareness among
employees can be demanding. Hence, organizations should provide comprehensive
training programs to enhance risk awareness and build employees' risk management

21
competencies. This includes conducting regular workshops, seminars, and certifications
to educate employees about various risks specific to their industry. By fostering a culture
of continuous learning, organizations can empower employees to identify and manage
risks effectively.

Technology Challenges
Cybersecurity Threats against Low-risk industries is very high as they heavily rely on
technology, making them vulnerable to cybersecurity threats like data breaches,
ransomware attacks, and hacking attempts. High-risk industries often use complex and
advanced technologies that may introduce additional risks. Implementing and
maintaining robust cybersecurity measures can be demanding. Integrating new
technologies into existing systems and processes may pose compatibility and reliability
challenges. Therefore, organizations should leverage advanced technologies such as
artificial intelligence, machine learning, and predictive analytics. By implementing risk
monitoring tools that provide real-time insights, organizations can detect emerging risks
and take proactive measures. Furthermore, data analytics can help in identifying patterns,
trends, and correlations, enabling organizations to make informed decisions and prioritize
risk mitigation efforts.

Financial Challenges
Inadequate allocation of financial resources for risk management activities can hamper
the effectiveness of risk control measures, especially in low-risk industries where risk
awareness may be lower. While high-risk industries may involve substantial upfront costs
for risk control measures and insurance premiums. Insufficient insurance coverage may
leave organizations exposed to financial risks. Economic fluctuations and market
uncertainties can impact financial stability and risk management budgets. Assessing the
financial impact of potential risks accurately can be challenging. But, with developing
robust financial risk management strategies, including setting aside contingency funds to
address unexpected risks. Conduct comprehensive cost-benefit analyses to justify risk
control investments. Regularly review and adjust risk management budgets based on
changing economic conditions. This will strengthen their ability to identify and manage
risks effectively.

22
Legal Challenges
Both high and low-risk industries must navigate complex regulatory frameworks, which
can lead to compliance challenges and legal ramifications. Complying with these
regulations and adapting to legal changes can be challenging and impact risk control
effectiveness, but still necessitate adherence to applicable laws and regulations
requirement. Without legal expertise within organizations may result in overlooking
compliance obligations and failure to address legal risks may lead to reputational damage
or legal consequences. By establish a dedicated legal team or collaborate with legal
experts to ensure proactive compliance with applicable laws and regulations. Maintain
comprehensive documentation and records to mitigate contractual dispute Conduct
regular compliance audits and implement robust compliance management systems to
ensure adherence to legal requirements.

Figure 9: Conceptual Risk Management Framework

23
Poor communication channels and practices hinder the timely identification and
mitigation of risks in these industries. So, establish a strong communication framework,
including regular meetings, reporting mechanisms, and collaboration platforms, to
facilitate effective communication among all stakeholders. Encourage employees to
report potential risks promptly and provide channels for anonymous reporting.

In conclusion, managing risk in high-risk and low-risk industries requires tailored

approaches and strategies. Overall implementing robust risk assessment frameworks in
Figure 9 will help in the organization management, prioritizing safety and security
measures, cultivating risk-aware cultures, and diversifying revenue streams,
organizations can effectively manage risks and enhance their resilience in the face of
uncertainty. Recognizing the unique challenges and implementing appropriate solutions
will pave the way for a safer, more secure, and sustainable business environment across
industries.

24
TASK 3: Online Participation

25
 REFERENCES
Department of Occupational Safety and Health. ISBN:978-983-2014-62-1, (2008).

Guidelines for Hazard Identification, Risk Assessment and Risk Control

(HIRARC).

G. Tjalvin (n.d). Differences Between Work-Related and Occupational Diseases,

University of Bergen, https://www.futurelearn.com/info/courses/occupational-
health-developing-countries/0/steps/13078

Kauselya Muniandy (2015). HIRARC Study for occupational safety and Health
Evaluation of Clinical Waste Handlers at a Hospital and an Incineration Plant,
Institute Of Biological Sciences Faculty Of Science University Of Malaya Kuala
Lumpur

Lizaroziyanti Yusri (2018). Hazards Identification and Evaluation In Solar Photovoltaic

Installation Process of a Selected Energy Solution Provider Company, Faculty of
Engineering University of Malaya

Megapadu Sdn Bhd (2023). Megapadu Sdn Bhd, https://www.megapadu.com/

Mohd Taufik Husain, Moganasundram Balasundram, Mohamad Aliasman Morshidi and

Ir. Hussein Rahmat (2016). XBRA103 OSH Risk Management, Faculty of

Science and Technology Open University Malaysia.

YBhg. Dato’ Ir. Shaffi Mohamad (September, 2018). Hazard Identification at Workplace,

Occupational Safety, Health and Built Environment Department (OSHBE).

26