Conducting a Risk Assessment for the Workplace
© 2004
By Gerry Adams
(206) 601-1749
Gerry Adams is a security consultant with over thirty years’ experience providing specialized security services. He has conducted security assessments, vulnerability studies, audits, and surveys for Northwest firms since 1976. To that end, he completed the Department of Justice’s Threat and Risk Assessment Course so that he could apply his extensive experience conducting assessments that also meet the requirements of the Statewide Domestic Preparedness Strategy. He is familiar with Labor and Industry standards for effective workplace safety and accident prevention programs and has tailored several programs for Washington businesses.
A risk assessment is used to determine the extent of risks to a person or other target. Other targets can be any tangible thing whether a building, business, vehicle, utility, or vessel. Anything that can be damaged or destroyed can be a target. Assessments of this nature are conducted for various reasons.
Protective security details often use a simple matrix in order to assess the risk of their principal in day-to-day settings and activities. A simple matrix like the following is a useful tool when trying to determine immediate risks.
Risk
Factor
High
Mod.
Low Mod. High
Threat Level
In this example the “Risk Factor” is the combined elements of risks to (usually) a person (principal) that a protective security detail is charged with protecting. A number of discrete risk factors are taken into account. These risk factors are often the position the principal holds in the company, the history of the company including recent mergers and acquisitions, previous problems and threats, Potential Threat Elements (PTEs), and vulnerability.
The “Threat Level” is the current threat known, or suspected, at any given time. In this simple example the threat level is typically driven by the likelihood of action by a PTE.
After determining the risk factor of a principal (high, moderate, or low) use the simple matrix to mark one of the three (3) designated points. Then, after determining the threat level to the principal, follow the horizontal line to the one of the three (3) corresponding points that represents the assessed threat level. This produces an “Overall Risk Factor”. The overall risk factor is always the highest of any combination of risk factor and threat level.
This simple matrix has great value helping plan day-to-day needs for a protective detail after assessing the risk factor of the principal, assessing the threat level, and determining the overall risk factor.
The risk factor tends to remain constant for longer periods from months, to even years.
The threat level may change from day to day, place to place, or even time to time. Changes to threat levels need on-going assessment.
However, once a principal is assessed as a high risk factor the threat level can change without any effect on the overall risk factor. The changing threat level does allow better planning of resources, although those resources seldom fall below a determined threshold that assures the principal is afforded the needed level of protection.
Assessments can also be conducted in order to determine the financial, emergency services, and budgetary resources needed to prepare for weapons of mass destruction as a component of the Washington’s domestic preparedness strategy. In Washington the agency responsible for developing a Statewide Domestic Preparedness Strategy is Emergency Management Division (EMD) of the State Military Department. An essential component of EMD’s role is to allocate equipment funds to local jurisdiction and state agencies.
Threat and risk assessment for statewide domestic preparedness takes a similar look at a comparison of risk factors to threat levels as the simple example above has. Department of Justice (DOJ) criteria tends to focus more on individual targets of terrorist attacks within each jurisdiction. Each jurisdiction may have numerous potential targets. Each potential target will have varying vulnerability. In this matrix, the Jurisdiction Risk Assessment Matrix, the “jurisdictional threat rating” is compared to the “jurisdiction vulnerability rating”.
The jurisdictional threat rating is an assessment of threat to the entire jurisdiction based, in part, to the potential targets within the jurisdiction.
Information is gathered at individual sites throughout the jurisdiction in order to assess the vulnerability of the individual sites. This data is combined to develop the jurisdiction vulnerability rating.
Using the Jurisdiction Risk Assessment Matrix, a numerical factor is produced. Instead of the 3 X 3 simple matrix used above, a larger matrix using an approximate 12 X 10 comparison is used. The reason for this larger matrix is due to the need to break down the costs of emergency services so as to provide equitable distribution of those needed assets in the event of a terrorist attack.
Whether creating your first program or revising an existing program an assessment of risks to employees, executives, and other assets is an essential component to identify your specific needs.
Risks and needs are continuing to change as are the methods by which to address those needs. A comprehensive workplace safety and accident prevention program developed to your specific needs will save time, money, and lives.
Every plan should include a carefully considered and detailed description of the responsibilities of management, supervisors, and employees.
Appropriate instructions for each employee are needed for everything from the proper use of personal protective equipment to how to prepare for and act during emergencies and disasters. Emergencies today can include fire, earthquake, floods, unauthorized intrusions, violence, and acts of terrorism.
Accident prevention and workplace safety plans are required of every employer complying with Labor & Industry standards in Washington State. These plans should contain any needed emergency and disaster plans.
Assessments will help you identify vulnerability, risks, hazards, and needs for disaster and emergency response. Job hazard analysis, eliminating workplace hazards, and providing effective training are all part of an employer’s responsibility. Without a careful assessment of your risks, injuries and accidents may not be prevented.
A total safety program will include periodic safety inspections and on-going assessment of changes to facilities, activities, risks, and threats.
Risk, threat, and vulnerability assessments will include sufficient details so as to create a comprehensive workplace safety program, plan for emergencies and disasters, identify vulnerability, develop protective measures, participate in planning for statewide domestic preparedness, and save lives.