top of page

Risk Audit Guide

What is a hazard?  

A hazard is a source of harm, such as materials, substances, sources of energy, processes, practices, and conditions.  After a hazard is identified, the corresponding risk can be identified.

What is risk?

A risk is the chance of harm resulting from a hazard.  This applies to health, bodily safety, equipment, and property.  Examples include sharp objects, high temps, electricity, slippery surfaces, asbestos, and chemicals.

Why is risk assessment important?  

Risk Assessment identifies hazards, determines who & what may be at risk, evaluates the risk, and determines the best way to control the risks.  It includes a time horizon.

The overarching goal of a risk audit is to seek out problems before they occur to minimize loss of:  finances, human capital, property, information, customers, and vendors; plus, mitigate external threats.  The twenty-four (24) components of a Risk Audit include:

1. Risk assessment step:  identify, determine, evaluate, control

2. Likelihood scale:  from 0 (impossible) to 4 (>25%)

3. Risk categories:  physical, location, human, technology

4. Walk arounds:  what to consider & common issues

5. Levels of impact:  low, medium, high

6. Consequence scale:  from 1 (insignificant) to 5 (catastrophic)

7. Safety protocols:  common within my industries

8. Communication:  identify, consider, tailor, choose

9. Control measure hierarchy:  eliminate, substitute, isolate, engineering, administrative, PPE

10. Evaluations:  when to conduct, methods used

11. Managing risk:  avoid, reduce, transfer, accept

12. Accident reporting:  employee, supervisor, medical provider

13. Accident response plans:  establish, determine, collect, secure

14. Emergency action plans:  evacuation, critical procedures, responsible parties, and more

15. Training:  type topical (electrical safety, fire safety, and more)

16. Business impact analysis:  interviews, questionnaires, reports, research

17. Identifying vulnerabilities:  data validation, prioritization, findings

18. Disaster recovery plans:  people, facilities, technology, data, suppliers, policies & procedures

19. Disaster recovery plan documents:  from objectives & assumptions to procedures for returning  to space

20. Testing systems:  purpose, objectives & measurements, collection of results, evaluation of results, plan updates

21. Disaster recovery for IT:  threat modeling and cold, warm, hot sites

22. Enterprise Risk Management:  recommended ERM software

23. Standards:  ISO, ANSI, OSHA, and more

24. ISO 31000:  develop a risk management culture and awareness of the importance of managing and monitoring risk



Please contact us for more information or to schedule a Risk Audit for your company, today.

bottom of page