Machinery Safety 101

Understanding Risk Assessment

This entry is part 10 of 9 in the series Risk Assess­ment

When people dis­cuss ‘Risk’ there are a lot of dif­fer­ent assump­tions made about what that means. For me, the study of risk and risk assess­ment tech­niques star­ted in 1995. As a tech­no­lo­gist and con­trols design­er, I had to some­how wrap my head around the whole concept in ways I’d nev­er considered.

If you’re try­ing to fig­ure out risk and risk assess­ment this is a good place to get started!

What is risk?

From a machinery per­spect­ive, ISO 12100:2010 {1] defines risk as:

com­bin­a­tion of the prob­ab­il­ity of occur­rence of harm and the sever­ity of that harm”

Risk can have pos­it­ive or neg­at­ive out­comes, but when con­sid­er­ing safety, we only con­sider neg­at­ive risk or events that res­ult in neg­at­ive health effects for the people exposed.

The risk rela­tion­ship is illus­trated in [1, Fig. 3]:


ISO 12100-2010 Figure 3
ISO 12100 – 2010 Fig­ure 3



R = Risk

S = Sever­ity of Harm

P = Prob­ab­il­ity of Occur­rence of Harm

The Prob­ab­il­ity of Occur­rence of Harm para­met­er is often fur­ther broken down into three sub-parameters:

  • Prob­ab­il­ity of Expos­ure to the hazard
  • Prob­ab­il­ity of Occur­rence of the Haz­ard­ous Event
  • Prob­ab­il­ity of Lim­it­ing or Avoid­ing the Harm

How is risk measured?

In order to estim­ate risk, a scor­ing tool is needed. There is no one ‘cor­rect’ scor­ing tool, and there are flaws in most scales that can res­ult in blind-spots where risks may be over or under-estimated.

At the simplest level are ‘screen­ing’ tools. These tools use very simple scales like ‘High, Medi­um, Low’, or ‘A, B, C’. These tools are often used when doing a shop-floor inspec­tion and are inten­ded to provide a quick meth­od of cap­tur­ing obser­va­tions and giv­ing a gut-feel assess­ment of the risk involved. These tools should be used as a way to identi­fy risks that need addi­tion­al, detailed assess­ment. To get an idea of what a good screen­ing tool can look like, have a look at the SOBANE Dépar­is sys­tem [2].

Every scor­ing tool requires a scale for each risk para­met­er included in the tool. For instance, con­sider the CSA tool described in CSA Z434-04 [3]:

CSA Z434-03 Table 1

Table 1 – Guard­ing Selec­tion parameters.

As you can see, each para­met­er (Sever­ity, Expos­ure, and Avoid­ance) has a scale, with two pos­sible selec­tions for each para­met­er. Note that the CSA Z434 safe­guard­ing selec­tion tool (now obsol­ete) is NOTRISK ASSESSMENT TOOL. It is a pur­pose built tool inten­ded to assist in the selec­tion of safe­guard­ing for a spe­cif­ic pur­pose. Its out­put is not in terms of risk but in terms of por­tions of the Hier­archy of Con­trols.

When con­sid­er­ing the selec­tion of a scor­ing tool, it’s import­ant to take some time to really exam­ine the scales for each factor. The scale shown above has a glar­ing hole in one scale. See if you can spot it and I’ll tell you what I think a bit later in this post.

There are more than 350 dif­fer­ent scales and meth­od­o­lo­gies avail­able for assess­ing risk. You can find a good review of some of them in Bruce Main’s text­book “Risk Assess­ment: Basics and Bench­marks” avail­able from DSE online [4].

A sim­il­ar, although dif­fer­ent, tool is found in Annex 1 of ISO 13849 – 1. Note that this tool is provided in an Inform­at­ive Annex. This means that it is not part of the body of the stand­ard and is NOT man­dat­ory. In fact, this tool was provided as an example of how a user could link the out­put of a risk assess­ment tool to the Per­form­ance Levels described in the norm­at­ive text (the man­dat­ory part) of the standard.

Con­sider cre­at­ing your own scales. There is noth­ing wrong with determ­in­ing what char­ac­ter­ist­ics (para­met­ers) you want to include in your risk assess­ment, and then assign­ing each para­met­er a numer­ic scale that you think is suit­able; 1 – 10, 0 – 5, etc. Some scales may be inver­ted to oth­ers, for example: If the Sever­ity scale runs from 0 – 10, the Avoid­ab­il­ity scale might run from 10 – 0 (Unavoid­able to Entirely Avoidable).

Once the scales in your tool have been defined, doc­u­ment the defin­i­tions as part of your assessment.

Who should conduct risk assessments?

Lake YogaIn many organ­iz­a­tions, I find that risk assess­ment has been del­eg­ated to one per­son. This is a major mis­take for a num­ber of reas­ons. Risk assess­ment is not a solo activ­ity for a ‘guru’ in a lonely office somewhere!

Risk assess­ment is not a lot of fun to do, and since risk assess­ments can get to be quite involved, it rep­res­ents a sig­ni­fic­ant amount of work to put on one per­son. Also, leav­ing it to one per­son means that the assess­ment will neces­sar­ily be biased to what that per­son knows, and may miss sig­ni­fic­ant haz­ards because the assessor does­n’t know enough about that haz­ard to spot it and assess it properly.

Risk assess­ment requires mul­tiple view­points from par­ti­cipants with var­ied expert­ise. This includes users, design­ers, engin­eers, law­yers and those who may have spe­cial­ized know­ledge of a par­tic­u­lar haz­ard, like a Laser Safety Officer or a Radi­ation Safety Officer. The var­ied expert­ise of the people involved will allow the com­mit­tee to bal­ance the opin­ion of each haz­ard, and devel­op a more reasoned assess­ment of the risk.

I recom­mend that risk assess­ment com­mit­tees nev­er be less than three mem­bers. Five is fre­quently a good num­ber. Once you get bey­ond five, it becomes increas­ingly dif­fi­cult to obtain con­sensus on each haz­ard. Also, con­sider the cost. As each com­mit­tee mem­ber is added to the team, the cost of the assess­ment can escal­ate exponentially.

Train­ing in risk assess­ment is cru­cial to suc­cess. Ensure that the indi­vidu­als involved are trained and that at least one has some pre­vi­ous exper­i­ence in the prac­tice so that they may guide the com­mit­tee as needed.

When should a risk assessment be conducted?


Risk Assessment Lifetime Flow Chart
Risk Assess­ment in the Life­time of a Product [5]

Risk assess­ment should begin at the begin­ning of a pro­ject, wheth­er it’s the design of a product, the devel­op­ment of a pro­cess or ser­vice, or the design of a new build­ing. Under­stand­ing risk is crit­ic­al to the design pro­cess. The costs for changes made at the begin­ning of a pro­ject is min­im­al com­pared to those that will be incurred to cor­rect prob­lems that might have been fore­seen at the start. Risk assess­ment should start at the concept stage and be included at each sub­sequent stage in the devel­op­ment pro­cess. The accom­pa­ny­ing graph­ic illus­trates this idea.

Essen­tially, risk assess­ment is nev­er fin­ished until the product, pro­cess or ser­vice ceases to exist.

What tools are available?

As men­tioned earli­er in this post, the book “Risk Assess­ment: Basics and Bench­marks” provides an over­view of roughly 350 dif­fer­ent scor­ing tools. You can search the Inter­net and turn up quite a few as well. The key thing with all of these sys­tems is that you will need to devel­op any soft­ware-based tools your­self. Depend­ing on your com­fort with soft­ware, this might be a spread­sheet format, a word pro­cessing doc­u­ment a data­base, or some oth­er format that works for your application.

There are a num­ber of risk assess­ment soft­ware tools avail­able as well, includ­ing DSE’s DesignSafe. As with the scor­ing tools, you need to be care­ful when eval­u­at­ing tools. Some have sig­ni­fic­ant blind spots that may trip you up if you are not aware of their limitations.

Remem­ber too that the out­put from the soft­ware can only be as good as the input data. The old saw “Garbage In, Garbage Out” holds true with risk assessment.

Where can you get training?

There are a few places to get train­ing. Com­pli­ance InSight Con­sult­ing provides face-to-face train­ing to cor­por­ate cli­ents and offers a self-dir­ec­ted web-based course for indi­vidu­al learners. Com­pli­ance inSight also offers reduced rates on the online courses for groups of 15 or more learners. Con­tact CIC Sales for more inform­a­tion on group discounts.

The IEEE Product Safety Engin­eer­ing Soci­ety (PSES) oper­ates a Risk Assess­ment Tech­nic­al Com­mit­tee that is open to the pub­lic as well. See the RATC web site.

The Answer to the Scale Question

The Expos­ure Scale in the CSA tool has a gap between E1 and E2. Look­ing at the defin­i­tions for each choice, notice that E1 is less than once per day or shift, while E2 is more than once per hour. Expos­ures that occur once per hour or less, but more than once per day can­not be scored effect­ively using this scale.

Also, notice the Sever­ity scale: S1 encom­passes injur­ies requir­ing not more than basic first aid. One com­mon ques­tion I get is “Does that include CPR*?”. This ques­tion comes up because most basic first aid courses taught in Canada include CPR as part of the course. There is no clear answer for this in the stand­ard. The S2 factor extends from injur­ies requir­ing more than basic first aid, like a broken fin­ger, for instance, all the way to a fatal­ity. Does it make sense to group this broad range of injur­ies togeth­er? This defin­i­tion does­n’t quite match with the Province of Ontari­o’s defin­i­tion of a Crit­ic­al Injury found in Reg­u­la­tion 834 [6] either.

All of this points to the need to care­fully assess the scales that you choose before you start the pro­cess. Choos­ing the wrong tool can skew your res­ults in ways that you may not be very happy about.

*Car­dio-Pul­mon­ary Resuscitation


[1]     Inter­na­tion­al Organ­iz­a­tion for Stand­ard­iz­a­tion (ISO). “Safety of machinery — Gen­er­al prin­ciples for design — Risk assess­ment and risk reduc­tion,” ISO 12100, 2010.

[2]     J. Mal­chaire, “Depar­is Eng­lish”,, 2018. [Online]. Avail­able: [Accessed: 09- Oct- 2018].

[3]     Cana­dian Stand­ards Asso­ci­ation. “Indus­tri­al Robots and Robot Sys­tems – Gen­er­al Safety Require­ments,” CSA Z434, 2004.

[4]     B. Main, Risk assess­ment: Basics and Bench­marks, 2nd ed. Ann Arbor, MI: Design Safety Engin­eer­ing, 2012.

[5]     Image: Com­pli­ance inSight Con­sult­ing Inc. 2011.

[6]     CRITICAL INJURY — DEFINED. Toronto: Queen’s Print­er for Ontario, 1991.

Series Nav­ig­a­tionThe Prob­ab­il­ity Problem

11 thoughts on “Understanding Risk Assessment

  1. Hi Doug,
    Very good art­icle on a sub­ject that is as far reach­ing as it is broad. It is also one that for a com­pany ini­tailly start­ing out on this task is very daunt­ing. Not only where does one start, but then where does one end. All of the stand­ards men­tioned help in this pro­cess, but at the end the answers tend to be sub­ject­ive in nature and are based on the know­ledge of the per­son or induvidu­als involved in the asse­ment itself.
    At the machinery man­u­fac­tur­ing com­pany I worked for as the Cor­por­ate Product Safety Man­ager for 25 years, I had the lead Mech­an­ic­al Engin­eer, lead Elec­tric­al Engin­eer, the lead Hydraulic/Pneumatic Engin­eer and the lead Tech­nic­al Writer involved with the risk assess­ments for each par­tic­u­lar job from the begin­ning. As each machine pro­gressed from the design phase to the assembly and test­ing phases, Ser­vice Tech­ni­cians and Oper­at­ors were also involved as now, what was designed and man­u­fac­tured, was actu­ally put to test. Machinery man­u­fac­tur­ers are not neces­sar­ily “Pro­cess people” and most times the machines, once in the field, are changed and oper­ated in dif­fer­ent fash­ions than what was ori­gin­ally designed or inten­ded. This in itself makes the risk assess­ment pro­cess more daunt­ing as one looks into the fore­see­ab­il­ity of some­thing adverse hap­pen­ing. There are simply times where an incid­ent “unfore­seen” to the man­u­fac­turer hap­pens. At that point it is time to ree­valu­ate your risk assess­ment for that par­tic­u­lar machine or at least that seg­ment of your par­tic­u­lar machine. That may point out that your machine is fine from a safety or risk stand­point, but that an oper­a­tion­al or main­ten­ance task needs to be addressed. Again, my feel­ing is that with most aspects of risk assess­ments being “sub­ject­ive” in nature’ it behooves the per­son­nel doing the assess­ments to be well trained and versed on the machines them­selves and the tasks required to oper­ate and main­tain them. And as with any­thing else, once you have a few risk assess­ments “under your belt” they become easi­er to do. I also agree with some of the com­ments you have received already and your responses to them. I can guar­an­tee you that to some people break­ing a fin­ger or los­ing a fin­ger­nail may not be very sig­ni­fic­ant, where­as to someone else it may be cata­stroph­ic. “Sub­jectiv­ity” lures its ugly head again.

    1. Mike, thanks for the kind words!

      You are abso­lutely right about how daunt­ing get­ting star­ted can be. I know that’s how I felt when I first heard about risk assess­ment. There are so many more resources avail­able now than there were when I got star­ted in the mid-90’s. 🙂

      I think that the key is in defin­ing the inten­ded use and the fore­see­able mis­uses of the product. This allows the man­u­fac­turer to deal with what they know, and pre­vents them from hav­ing to try to ‘blue sky’ every pos­sible crazy thing that someone might try to do. I think that products in the indus­tri­al mar­ket­place are much more sub­ject to unanti­cip­ated modi­fic­a­tions and mis­uses than in the con­sumer mar­ket. This is because most plants have people on staff that can make changes, some­times major changes, to machines in the work­place. These modi­fic­a­tions often hap­pen with a min­im­um of plan­ning, and some­times ‘on-the-fly’, bypassing the risk assess­ment and safety man­age­ment pro­cesses alto­geth­er. In the con­sumer mar­ket­place people some­times do odd things with products, but rarely do they make the major changes that you see in industry. The oth­er big issue is that machinery is often kept in ser­vice for long peri­ods of time. 20 – 30 years is not unheard of for heavy machinery. A few years ago I had a cli­ent ask me to do a safety review on an 1100 ton power press that was built in 1932 and was still in ser­vice in 2005! In the con­sumer mar­ket, few products last bey­ond 15 years, so hav­ing very old products still in ser­vice is much less likely to occur.

      Risk assess­ment is inher­ently sub­ject­ive. Even when there is hard data avail­able, the final decisions are usu­ally made with a degree of sub­jectiv­ity. A judge­ment must be made, and judge­ments are sub­ject­ive. The big chal­lenge is that most of the time we have no hard data. Under­stand­ing the level of uncer­tainty in each assess­ment is import­ant and dif­fi­cult. The less hard data we have, the great­er the uncer­tainty. Con­sequently, the out­come of much of the risk assess­ment work that is done is uncer­tain. When unfore­seen things go wrong, it’s really easy to point a fin­ger at the risk assess­ment team and assume that they weren’t com­pet­ent because they didn’t fore­see whatever it was. Some incid­ents can­not be eas­ily fore­seen because they are only pos­sible is cer­tain, very rare cir­cum­stances, but they will still occur.

      Risk assess­ment gives us a chance to head off the fore­see­able, and even some of the less-eas­ily-fore­seen injur­ies and incid­ents. That alone makes it worthwhile.

  2. Great sum­mary Doug, spe­cially the point about hav­ing a num­ber of affected parties involved to min­im­ise indi­vidu­al bias. I am always harp­ing on this top­ic in my train­ing courses. Most people are con­fused about risk assess­ment, any won­der! Anoth­er key point we have to get across i think, is that risk assess­ment is not just risk estim­a­tion, but also requires determ­in­ing wheth­er the risk has been con­trolled so far as is prac­tic­able or if oth­er con­trol meas­ures are required. This implies that the risk assessor knows what is pos­sible to min­im­ise risk (by design, not by human beha­viour) We are run­ning a series of half day work­shops on risk assess­ment around Oz this year with the IICA (our equi­val­ent of the US ISA)and i will ref­er­ence your mater­i­al if that is OK Doug, cheers Frank

    1. Thanks Frank! I’d be pleased to have you ref­er­ence my mater­i­al! Drop me an email off­line, or call me when it’s convenient!

  3. The met­ric shown from CSA Z434 is one that offers the greatest sim­pli­city as it is essen­tially “yes, no”, without offer­ing shades of gray. The issue of first aid was cla­ri­fied in ANSI RIA R15.06 to mean that the dis­tinc­tion is based on what our OSHA clas­si­fies as being first aid versus a report­able. This was done, again, for the pur­pose of clar­ity and ease. CSA Z434 is based on ANSI RIA R15.06, hence the similarity. 

    Once people become more famil­i­ar with risk assess­ment, they feel com­fort­able using mod­els with shades of gray. One can use any met­ric, so long as at the end, the stand­ard and leg­al require­ments are ful­filled. The grand-daddy of risk assess­ment is a MIL stand­ard, which is still used today. It uses a scale of 4 for sever­ity and a scale of 5 for prob­ab­il­ity (expos­ure and abil­ity to avoid com­bined), to come to risk scores which are then equated with actions required and man­age­ment author­ity require­ments. For sever­ity, the “injury” poten­tial lis­ted (4 grades) as well as prop­erty dam­age poten­tial, envir­on­ment­al dam­age, and repu­ta­tion dam­age. So that it is under­stood that there are mul­tiple reas­ons for risk to an employ­er: employ­ee injury, dam­ages costs, envir­on­ment­al dam­age, and repu­ta­tion dam­age. Any one of these trig­gers a cer­tain reac­tion depend­ing on the prob­ab­il­ity. There are a num­ber of very good books on the top­ic of risk assessment.

    Both the ANSI RIA R15.06 and CSA Z434 risk assess­ment mod­els are being updated to cor­rel­ate with ISO 13849 – 1.


    1. Thanks for your com­ments, Roberta! It’s always good to hear your thoughts, par­tic­u­larly with your deep involve­ment with the RIA 15.06 standard.

      While I can appre­ci­ate the idea that the scales were developed for sim­pli­city of use, the gap in the Expos­ure scale is one that many of my cli­ents have found to be a prob­lem. Haz­ards with expos­ure fre­quen­cies fall­ing in between the two factors in the scale can be very dif­fi­cult to score, and the gap in the scale tends to add more uncer­tainty scor­ing, lead­ing to a pos­sible loss of cred­ib­il­ity for the out­put of the tool. I believe that we need to elim­in­ate these gaps to make the tool use­ful, and to make the applic­a­tion of the tool more straight­for­ward for the novice.

      Regard­ing the inclu­sion of CPR in the sever­ity assess­ment, while RIA may have been able to cla­ri­fy the require­ment in the US based on OSHA’s defin­i­tion of what con­sti­tutes an report­able injury, this is not the case in Canada. Ontari­o’s defin­i­tion of a Crit­ic­al Injury is dif­fer­ent than many of the oth­er Provinces and Ter­rit­or­ies, and none of these deal spe­cific­ally with inclu­sion of CPR. In Ontario, a loss of con­scious­ness will res­ult in the acci­dent being report­able (fol­low the link in the post to Reg­u­la­tion 834), but this could occur with or without the per­son’s heart or breath­ing stop­ping. This would tend to show that cases that require CPR are NOT included in ‘Basic First Aid’ type injur­ies. Also, the loss of a single fin­ger or toe is NOT REPORTABLE in Ontario (!!) while it is in oth­er jur­is­dic­tions. That might indic­ate that this type of injury should be con­sidered to be a ‘Basic First Aid’ type of sever­ity!! I don’t know about you, but I f I lose a fin­ger or a toe at work you can bet that I’ll be head­ing to the ER, and that will make the injury report­able in any case. 

      I think the ques­tion of wheth­er an injury is report­able or not is primar­ily a bur­eau­crat­ic one, while the issues of how to clas­si­fy the sever­ity of injury are not. I believe that the two need to be kept sep­ar­ate and apart. While I would like it to be as clear cut as what you indic­ate it is in the USA, that is not the case here.

      Thanks again for your com­ments! I really appre­ci­ate hear­ing from my readers!

  4. Pingback: Sicurezzaonline
  5. Pingback: Peter Merguerian
  6. Pingback: Sicurezzaonline

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.