What is risk assessment?

Risk assessment began as a discipline in the late 1960s, with some of the earliest formal papers published in the early 1970s. The early researchers were part of the US military and were interested in finding ways to reduce the risks for military personnel carrying out their duties.

Since then, risk assessment has become a key part of reducing risk to manufacturers, employers, and workers. Today, extensive risk assessment research is being done by organizations and universities around the world.

You may not realize it, but you already do risk assessments every day, in every task and activity you do. The moment when you pause to consider what might go wrong and what you can do to avoid that – that’s a risk assessment. You just aren’t writing it down or using any defined scoring tools to do it.


Risk assessment is an incredibly wide topic. Since this website is focused on industrial machinery safety, this discussion is limited to machinery. Risk assessment is essentially an orderly, methodical process where things that can do harm to people, animals or the environment, called hazards, are identified, the severity of injury posed by each hazard is estimated, and the probability of occurrence of the injury is estimated.

For risks that are considered to be “intolerable” or “unacceptable” based on applicable laws, regulations, standards and public opinion, control measures are applied to reduce the risk.


Risk controls are applied based on the ‘Hierarchy of Controls“. In North America, the Hierarchy is considered to have five levels, while in the International Standards only the first three levels are recognized. This discrepancy exists because ISO and IEC standards are written from the perspective of the product designer, and the last two levels are only available to workplaces. There are distinct linkages between the first three levels and the last two, so none of these control measures exists in a vacuum.

The five-level hierarchy includes:

  1. Inherently Safe Design;
  2. Engineering Controls:
    • Barriers (Fences)
    • Enclosing Guards
    • Fixed Guards
    • Movable Guards including Adjustable and Self Adjusting Guards and Interlocking Guards with or without Guard Locking
    • Safeguarding Devices including Light Curtains, Fences and Beams, Safety Mats, Area Scanners, 3D vision-based systems and two-Hand Controls
    • Awareness Devices including lights, horns, buzzers, markings, etc.
  3. Information for Use including Operator Screens (HMI screens), Manuals, and Hazard Warnings
  4. Administrative Controls
    • Training
    • Safe Working Procedures including HECP, Permit to Work, Confined Space Entry, etc.
    • Supervision
    • etc.
  5. Personal Protective Equipment (PPE)

The control measures can be applied in the order given in the hierarchy, or you can simply apply all of the control measures that apply to the design, depending on the school of safety thinking you follow. Control measures are generally most effective at the top of the hierarchy and least effective at the bottom. All may be necessary to reduce risk to acceptable levels.

Residual risk

The process is repeated until all of the control measures in the hierarchy have been exhausted. The risk that remains is called the residual risk. Often the residual risk will be within “tolerable” or “acceptable” levels, but in some cases, it may not.

Tolerable or acceptable risk

The level of risk that is considered tolerable or acceptable is a moving target, unfortunately. It can vary by the activity, the people involved, the level of benefit the participants receive from the activity, and many other factors. Generally, most jurisdictions around the world have legislation that regulates the maximum risk that citizens can be exposed to. Examples are the limits set by the US Consumer Product Safety Commission, Health Canada, and the EU’s General Product Safety Directive and the RAPEX system.


The risk that has been reduced to levels that are at least tolerable is sometimes referred to as “ALARP” for “As Low As Reasonably Practicable” or “ALARA” for “As Low As Reasonably Achievable.” This concept arose in UK law and is recognized in some other jurisdictions globally.

Many labour organizations have significant problems with the ALARP concept. The concern is that risk reduction will stop once the risk is deemed to have been reduced ALARP. The problem is that the worker who is actually exposed to the risk may not realize the risk or agree to accept the exposure.

How far do you have to go in reducing risk?

Risk control is never complete unless the hazard has been eliminated or the risk reduced to the point where it is considered broadly acceptable. New technologies and control methods will be developed as time passes and must be implemented to maintain the lowest possible risk.

There are always financial considerations in controlling risk. If you are dealing with a risk that involves a significant severity of injury and the controls seem too expensive, you should consider not proceeding with the project/product/machine. It is never acceptable to leave an uncontrolled risk when there are risk control measures available, and the severity of injury is anything more than a minor cut or bruise.

Types of assessments

Risk assessments can be Hazard Based, meaning that hazards are assessed without specific reference to tasks that workers are expected to carry out, or they can be Task Based, where hazards are assessed based on the specific tasks that workers must carry out. This type is also called a Job Hazard Analysis or a Task Hazard Analysis.

Risk assessments can be objective when there is sufficient data available to allow the severity and probability factors to be quantified, but often this is impossible. Subjective risk assessments are based on the combined knowledge and skill of the risk assessment team that is assigned to the task.

At the simplest level, “What-if?” analysis can be used to get a quick reading on risk. Most of us do this daily as we get ready for our commute to work, when crossing the street, and when considering large purchases. What-if analysis consists of asking as many what-if questions as necessary to exhaust the potential scenarios that can be imagined. For machinery, this may be a place to start, but it is seldom detailed or comprehensive enough to be effective. Additional tools are required.

For more information, request a FREE Consultation, or Request a Quotation!

Risk assessment standards

There are a number of risk assessment standards published, and there are an even larger number of product family standards that have risk assessment methodologies built into them.

Until 2010, ISO 14121-1 was the de-facto preferred standard for machinery risk assessment. When ISO 12100:2010 was published, it included the combined text from ISO 12100-1, ISO 12100-2 and ISO 14121-1. The second part of ISO 14121, ISO/TR 14121-2 – Safety of machinery — Risk assessment — Part 2: Practical guidance and examples of methods, was not included in the new document and is still published and valid as of May 2021. If you are looking for a guidance document that includes an example of a risk matrix and a decision tree, this document will be helpful for you.

ISO 12100 deals primarily with the Preliminary Hazard Analysis (PHA) method, and provides guidance on using FMEA, MFMEA, FTA, HazOPS and other systems to analyze the risks.

CSA has embedded the ANSI RIA R15.06 risk analysis scoring system in one key Canadian machinery standards, CSA Z434 – Industrial Robots and Robot Systems – General Safety Requirements. This standard combines ISO 10218-1 and ISO 10218-2 into a single document. Note that because CSA Z434 is based on ISO 10218, you can still use ISO 12100 as the basis for your robot system risk assessments.

Internationally, ISO and IEC preparing to published ISO/IEC 31010, Risk Management – Risk Assessment Techniques. This standard is part of the new ISO 31000 series on Risk Management. This standard is focused on business or organizational risk rather than machinery risk, although the basic principles used are the same.

ISO has also published a new OHS Risk Assessment standard, ISO 45001:2018, Occupational health and safety management systems — Requirements with guidance for use. This standard has also been adopted as a Canadian standard as CSA Z45001:2019.

CSA published its own OHS risk assessment standard, CSA Z1002:2012 – Occupational Injury and Illness Risk Assessment and Management. This standard is part of the CSA Z1000 series of standards dealing with Occupational Health and Safety Management. Compliance InSight Consulting is contributing to the development of CSA Z1002 directly with the involvement of Doug Nix on the CSA s362 Technical Committee.

Risk assessment software

A few software vendors have developed risk assessment software packages to assist in the risk assessment process by handling the scoring calculations automatically, and in some cases allowing for revision control and many other features.

For many applications, it is possible to develop risk assessment scoring sheets using standard spreadsheet applications like MS Excel™, Apple™ Numbers™, Google Sheets™ and many others. These can be very flexible but usually can be cumbersome to maintain over time. This shortcoming can be overcome with document revision control software that can manage any kind of file.

There are other software packages available to assist you with risk assessment. We don’t currently have a package that we recommend.

Risk assessment facilitation and training

For those new to risk assessment, we can provide training and facilitation services, as well as conducting risk assessments on your products. We have both public and private training available.

For more information, request a FREE Consultation, or Request a Quotation!


For more information, check out these resources:

List Servers


The RISKANAL Internet mailing list is operated by the Pacific Northwest Laboratory and Society for Risk Analysis’ Columbia-Cascades Chapter. Anyone with an Internet account/address may subscribe to RISKANAL.

In order to sign up for RISKANAL, simply send the following message, replacing YourFirstName YourLastName with your own details:

subscribe riskanal YourFirstName YourLastName

to the email address:

[email protected]

The listserver will respond to you to let you know if you’ve been successful.


ASSE: American Society of Safety Engineers

SAR: Society for Risk Analysis

IEEE Product Safety Engineering Society


Risk Assessment: Basics and Benchmarks, Bruce Main. See the IEEE Xplore Review

Innovations in Safety Management, Fred Manuele, Sept 2001

On the Practice of Safety, Fred Manuele, 3rd edition, 2003.


PreAccident Investigation Podcast (USA) – Dr. Todd Conklin

The Safety of Work (Australia) – Dr. Drew Rae and Dr. David Provan

Web Sites

CCOHS: Canadian Centre for Occupational Health and Safety

Risk Analysis – risk analyst social network


Risk World

Wikipedia: Risk Assessment

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.