top of page
Risk Audit Guide

Risk Audit Guide

What is a hazard?  

A hazard is a source of harm, such as materials, substances, sources of energy, processes, practices, and conditions.  After a hazard is identified, the corresponding risk can be identified.

What is risk?

A risk is the chance of harm resulting from a hazard.  This applies to health, bodily safety, equipment, and property.  Examples include sharp objects, high temps, electricity, slippery surfaces, asbestos, and chemicals.

Why is risk assessment important?  

Risk Assessment identifies hazards, determines who & what may be at risk, evaluates the risk, and determines the best way to control the risks.  It includes a time horizon.

The overarching goal of a risk audit is to seek out problems before they occur to minimize loss of:  finances, human capital, property, information, customers, and vendors; plus, mitigate external threats.  The twenty-five (25) components of a Risk Audit include:

1. Risk assessment step:  identify, determine, evaluate, control

2. Likelihood scale:  from 0 (impossible) to 4 (>25%)

3. Risk categories:  physical, location, human, technology

4. Walk arounds:  what to consider & common issues

5. Levels of impact:  low, medium, high

6. Consequence scale:  from 1 (insignificant) to 5 (catastrophic)

7. Prevention vs Recovery: Determine cost, resources, & time of prevention vs recovery

8. Safety protocols:  common within my industries

9. Communication:  identify, consider, tailor, choose

10. Control measure hierarchy:  eliminate, substitute, isolate, engineering, administrative, PPE

11. Evaluations:  when to conduct, methods used

12. Managing risk:  avoid, reduce, transfer, accept

13. Accident reporting:  employee, supervisor, medical provider

14. Accident response plans:  establish, determine, collect, secure

15. Emergency action plans:  evacuation, critical procedures, responsible parties, and more

16. Training:  type topical (electrical safety, fire safety, and more)

17. Business impact analysis:  interviews, questionnaires, reports, research

18. Identifying vulnerabilities:  data validation, prioritization, findings

19. Disaster recovery plans:  people, facilities, technology, data, suppliers, policies & procedures

20. Disaster recovery plan documents:  from objectives & assumptions to procedures for returning  to space

21. Testing systems:  purpose, objectives & measurements, collection of results, evaluation of results, plan updates

22. Disaster recovery for IT:  threat modeling and cold, warm, hot sites

23. Enterprise Risk Management:  recommended ERM software

24. Standards:  ISO, ANSI, OSHA, and more

25. ISO 31000:  develop a risk management culture and awareness of the importance of managing and monitoring risk



Please contact us for more information or to schedule a Risk Audit for your company, today.

bottom of page