top of page
Risk Audit Guide

Risk Audit Guide

What is a hazard?  

A hazard is a source of harm, such as materials, substances, sources of energy, processes, practices, and conditions.  After a hazard is identified, the corresponding risk can be identified.

​

What is risk?

A risk is the chance of harm resulting from a hazard.  This applies to health, bodily safety, equipment, and property.  Examples include sharp objects, high temps, electricity, slippery surfaces, asbestos, and chemicals.

​

Why is risk assessment important?  

Risk Assessment identifies hazards, determines who & what may be at risk, evaluates the risk, and determines the best way to control the risks.  It includes a time horizon.

​

The overarching goal of a risk audit is to seek out problems before they occur to minimize loss of:  finances, human capital, property, information, customers, and vendors; plus, mitigate external threats.  The twenty-five (25) components of a Risk Audit include:

1. Risk assessment step:  identify, determine, evaluate, control

2. Likelihood scale:  from 0 (impossible) to 4 (>25%)

3. Risk categories:  physical, location, human, technology

4. Walk arounds:  what to consider & common issues

5. Levels of impact:  low, medium, high

6. Consequence scale:  from 1 (insignificant) to 5 (catastrophic)

7. Prevention vs Recovery: Determine cost, resources, & time of prevention vs recovery

8. Safety protocols:  common within my industries

9. Communication:  identify, consider, tailor, choose

10. Control measure hierarchy:  eliminate, substitute, isolate, engineering, administrative, PPE

11. Evaluations:  when to conduct, methods used

12. Managing risk:  avoid, reduce, transfer, accept

13. Accident reporting:  employee, supervisor, medical provider

14. Accident response plans:  establish, determine, collect, secure

15. Emergency action plans:  evacuation, critical procedures, responsible parties, and more

16. Training:  type topical (electrical safety, fire safety, and more)

17. Business impact analysis:  interviews, questionnaires, reports, research

18. Identifying vulnerabilities:  data validation, prioritization, findings

19. Disaster recovery plans:  people, facilities, technology, data, suppliers, policies & procedures

20. Disaster recovery plan documents:  from objectives & assumptions to procedures for returning  to space

21. Testing systems:  purpose, objectives & measurements, collection of results, evaluation of results, plan updates

22. Disaster recovery for IT:  threat modeling and cold, warm, hot sites

23. Enterprise Risk Management:  recommended ERM software

24. Standards:  ISO, ANSI, OSHA, and more

25. ISO 31000:  develop a risk management culture and awareness of the importance of managing and monitoring risk

 

 

Please contact us for more information or to schedule a Risk Audit for your company, today.

bottom of page