
Risk Audit Guide
What is a hazard?
A hazard is a source of harm, such as materials, substances, sources of energy, processes, practices, and conditions. After a hazard is identified, the corresponding risk can be identified.
What is risk?
A risk is the chance of harm resulting from a hazard. This applies to health, bodily safety, equipment, and property. Examples include sharp objects, high temps, electricity, slippery surfaces, asbestos, and chemicals.
Why is risk assessment important?
Risk Assessment identifies hazards, determines who & what may be at risk, evaluates the risk, and determines the best way to control the risks. It includes a time horizon.
The overarching goal of a risk audit is to seek out problems before they occur to minimize loss of: finances, human capital, property, information, customers, and vendors; plus, mitigate external threats. The twenty-four (24) components of a Risk Audit include:
1. Risk assessment step: identify, determine, evaluate, control
2. Likelihood scale: from 0 (impossible) to 4 (>25%)
3. Risk categories: physical, location, human, technology
4. Walk arounds: what to consider & common issues
5. Levels of impact: low, medium, high
6. Consequence scale: from 1 (insignificant) to 5 (catastrophic)
7. Safety protocols: common within my industries
8. Communication: identify, consider, tailor, choose
9. Control measure hierarchy: eliminate, substitute, isolate, engineering, administrative, PPE
10. Evaluations: when to conduct, methods used
11. Managing risk: avoid, reduce, transfer, accept
12. Accident reporting: employee, supervisor, medical provider
13. Accident response plans: establish, determine, collect, secure
14. Emergency action plans: evacuation, critical procedures, responsible parties, and more
15. Training: type topical (electrical safety, fire safety, and more)
16. Business impact analysis: interviews, questionnaires, reports, research
17. Identifying vulnerabilities: data validation, prioritization, findings
18. Disaster recovery plans: people, facilities, technology, data, suppliers, policies & procedures
19. Disaster recovery plan documents: from objectives & assumptions to procedures for returning to space
20. Testing systems: purpose, objectives & measurements, collection of results, evaluation of results, plan updates
21. Disaster recovery for IT: threat modeling and cold, warm, hot sites
22. Enterprise Risk Management: recommended ERM software
23. Standards: ISO, ANSI, OSHA, and more
24. ISO 31000: develop a risk management culture and awareness of the importance of managing and monitoring risk
Please contact us for more information or to schedule a Risk Audit for your company, today.