Search this website
| Options Options
Search Type
Document Actions

Risk management at work

— filed under:


This position statement sets out how we expect duty holders (you) to manage risks to the health and safety of all people affected by the conduct of your work. Our expectations are based on the requirements of the Health and Safety at Work Act 2015 (HSWA).


What is our health and safety focus?

New Zealand has a high rate of workplace illnesses, injuries and fatalities. We’re focused on setting, supporting and enforcing excellent workplace health and safety standards. And we’re focused on promoting positive personal attitudes toward health and safety.


What should you as a duty holder focus on when managing risk?

We want you to better manage risk by thinking more broadly about risk, not just spotting work-related hazards. This means thinking about the root cause of any harmful event, the likelihood it will occur and the consequences if it does. You should think about anything that may help you manage risk, including improved business practices and training, and adequate communication with workers.


A Person Conducting a Business or Undertaking (PCBU) is responsible for managing work health and safety risks. Sometimes several PCBUs may be responsible, such as when PCBUs are involved in the same work activity or share a workplace. Managing risks where multiple PCBUs are working together on the same site is covered in the WorkSafe position on overlapping duties.

A PCBU must make sure that relevant workers and their health and safety representatives take part in the risk management process. More information on effective worker engagement, representation and participation is noted in the WorkSafe position on worker engagement, participation andrepresentation.

A PCBU should encourage workers to report any hazards and health and safety problems immediately. Then the PCBU can  manage the hazards and problems before an incident occurs. By drawing on the experience, knowledge and ideas of its workers, a PCBU is more likely to identify all hazards and  choose control measures that are  effective.

A PCBU must also make sure that the person carrying out any step in the risk management process has the necessary skills and experience to do so. That person must also understand when to contact a specialist for help.


How do you decide what is ‘reasonably practicable’?

To decide what is ‘reasonably practicable’

to protect people from harm, you must weigh up all relevant matters. Those matters include, but are not limited to:

  • how likely the hazard or risk is to happen
  • what degree of harm the hazard or the risk might cause
  • how much is known about the hazard or risk
  • what ways are available to eliminate or minimise the risk
  • what ways are suitable to eliminate or minimise the risk.

It is only after assessing the extent of  the risk and the available ways of eliminating or minimising the risk that consideration may be given to whether the cost associated with available ways of eliminating or minimising the risk is grossly disproportionate to the risk.


How should you manage risk as a duty holder?

More complex risks may require more detailed risk management. The greater the possible harm to health or safety, the more a PCBU may need to do to manage the risk that could lead to the harm.

One effective way to manage a risk when a solution is clear may be to act quickly by using acceptable industry standards and guidance. You can usually use common controls for common risks.

In managing a risk, you must assess what might go wrong when the work is being done. This includes any risks or combination of risks. So you must understand the seen and unseen causes of risk that lead uncontrolled risks to health and safety (such as business systems or attitudes) to remain or go unnoticed.

You also need to think about whether or not the types of controls used (such as administrative controls or personal protective equipment) are enough to manage risks effectively.

Managing risks at work doesn’t need to be a burden, or complex or costly to implement or document. But you must take positive action to make a situation safer, and apply the most appropriate and reasonable solution.


When should you do a risk assessment?

A risk assessment is mandatory for certain high-risk activities prescribed in regulations 5 to 8 of the Health and Safety at Work (General Workplace and risk Management) regulations 2016.

A risk assessment is needed when:

  • how a hazard may cause injury or illness is uncertain
  • the work activity involves different hazards, and the workers involved don’t know how those hazards interact to produce new or greater risks
  • workplace changes may impact on the effectiveness  of  control measures
  • new or different risks are associated with a change in work systems or work location.


A risk assessment isn’t needed when:

  • laws already set out how to control the relevant hazards or risks, and require the organisation or person to comply with such control methods
  • a code of practice or other guidance sets out a relevant way of controlling a hazard or risk that applies to the relevant situation, and that guidance must be followed
  • well-known and effective controls used in a particular industry are suited to the relevant circumstances of a particular workplace, and these controls may be implemented.


What is WorkSafe’s  approach?

We expect a PCBU to understand risk management in their business. We expect officers to comply with their due diligence duty to make sure the PCBU is meeting its primary duty of care. More information on the due diligence of officers is in the WorkSafe position on officers’ due diligence.


What checks about risk do we make when visiting a workplace?

When visiting a workplace or carrying out an investigation we will:

  • check whether the PCBU is thinking about eliminating a risk before looking at minimising it (if reasonably practicable to do so)
  • check whether the PCBU is applying appropriate control measures
  • check whether the measures the PCBU has in place are working as planned
  • assess your understanding and management of risks (including an understanding of health and safety systems management).

In deciding whether a PCBU has controlled a risk so far as is reasonably practicable in the circumstances, we will compare the controls in place against good practice in the relevant industry.


Last updated 1 August 2016