Risk assessment in SteadyOn
Risk assessment is the process of judging how bad a hazard is. The output of a risk assessment is a risk level — a label like Low, Medium, High, or Very High that lets you compare hazards and decide which to address first.
SteadyOn uses a 5×5 matrix that turns a (likelihood, severity) pair into a level, and captures it twice per hazard: once for inherent risk, once for residual risk.
Likelihood and severity
Section titled “Likelihood and severity”The two dimensions:
- Likelihood — how likely is harm to occur? Five steps from Rare to Almost certain.
- Severity — how bad is the harm if it does? Five steps from Insignificant to Severe.
The default definitions of each step are in Default risk matrix.
The matrix
Section titled “The matrix”The matrix turns each pair into one of four risk levels: Low, Medium, High, Very High. Higher likelihood and higher severity push the level up the scale.
Note that severity matters more than likelihood at the extremes. A Rare × Severe event (a fatal one-in-a-million accident) still warrants High risk treatment — because the consequence is too bad to accept even at low probability. A Almost certain × Insignificant event (someone trips and bruises a knee every week) is “only” Medium — because no individual event is serious.
This non-symmetry is deliberate. It pushes you to focus on high-severity hazards even when they feel rare.
Inherent vs residual risk
Section titled “Inherent vs residual risk”The trickiest concept in risk assessment is the difference between inherent and residual risk.
- Inherent risk — the risk this hazard would pose with no controls in place. A worst-case description of the underlying problem.
- Residual risk — the risk that actually exists right now, given the controls you have in place.
You assess both because:
- Inherent tells you the underlying nastiness of the hazard. It doesn’t change when you add a mat or write a procedure.
- Residual tells you how well your controls are working. If inherent is High and residual is Low, you’ve done a great job. If they’re equal, your controls aren’t really doing anything.
The gap between the two is the value your H&S programme is adding.
Doing it honestly
Section titled “Doing it honestly”The single most common failure mode in risk assessment is being too generous on the residual risk. The control feels like it should help, so the residual gets lowered, even though the control is paper-thin.
Ways to keep yourself honest:
- Imagine the audit. If a regulator stood next to you, would they buy your residual rating? If the answer involves hand-waving, raise it.
- Test the control. A wet-floor sign that’s never deployed at the actual time of mopping isn’t a control; it’s an aspiration.
- Listen to workers. They know the gap between the procedure and what actually happens on the floor better than managers.
The legal context (NZ)
Section titled “The legal context (NZ)”Under HSWA 2015, you must manage risks “so far as is reasonably practicable” (SFAIRP). Reasonably practicable weighs:
- Likelihood and severity of harm.
- Knowledge available to you (or that you ought to have).
- Availability and suitability of controls.
- Cost of controls relative to the risk.
The SteadyOn matrix captures the first factor. Your control text captures the rest. Together they build the documented case that you’ve genuinely thought about the risk and acted reasonably.
For the regulatory framework see HSWA 2015.
See also
Section titled “See also”- The hierarchy of controls — which kinds of controls reduce risk most reliably.
- Default risk matrix
- Customise the risk matrix
- Tutorial 2