Risk Assessment

What is a Risk Assessment?

A Risk Assessment is a systemic process to identify, analyze and control hazards or risks that could impact an organization’s business or ability to achieve its goals and objectives. This decision-making tool aims to determine which measures should be put in place in order to eliminate or control those risks, as well as specify which risks should be prioritized according to the level of likeliness and impact they have on the organization.

Risk assessment is one of the major components of a risk analysis. Risk analysis is a process with multiple steps that intends to identify and analyze all of the potential risks and issues that are detrimental to the organization. This is an ongoing process that gets updated when necessary. These concepts are interconnected and can be used individually.

Risk communication is the process of exchanging information and opinion on risk with concerned parties. Risk management is the proactive control and evaluation of threats and risks to prevent accidents, uncertainties, and errors. Together with risk assessment, these are all vital elements that help make informed decisions such as mitigating risks.

5 Steps of the Risk Assessment Process

  1. Identify - Identify risks that the organization is exposed to in its operating environment.

  2. Analyze - Analyze and determine the scope of the identified risk and understand the link between the risk and different factors within the organization.

  3. Evaluate - Evaluate and rank the risks to allow the organization to gain a holistic view of the risk exposure landscape.

  4. Treat - Treat risks by implementing risk mitigation strategies, prevention plans, and contingency steps to minimize the probability of negative risks and/or enhance opportunities.

  5. Monitor - Monitor and track the effectiveness of various risk treatment programs and strategies and modify accordingly.

Why are Risk Assessments Important?

The identification, assessment and mitigation of risks are essential in preventing injury and ensuring the safety of visitors, students, staff and faculty. Risk assessment documentation can be the critical proof of good faith efforts to prevent and respond to any injuries or damages resulting from University activities/events; thereby possibly reducing the University’s liability and minimizing significant financial impact from litigation.

When Do You Perform a Risk Assessment?

The purpose of risk assessments are to eliminate or reduce operational risks and improve the overall safety of the event, activity, project, or field trip, etc. The person who is organizing and running the event, activity, project, or field trip is responsible for completing the Risk Assessment when:

  • New processes or steps are introduced in a workflow;
  • Changes are made to existing processes;
  • New hazards or risks arise.

The person who is organizing and running the event, activity, project, or field trip works with Risk Management to verify compliance with University policies. At least 30 days before your planned activity, the Program Manager should complete and email a copy of the Risk Assessment Tool to riskmanagement@calpoly.edu for review. Risk Management will work with Program Managers to ensure maximum safety.

What is the Risk Assessment Tool?

The first step in planning an event, project, field trip, and/or activity is a comprehensive review of the risks involved. The Risk Assessment Tool will assist in the identification of potential hazards and risks, risk analysis, and risk treatment. Once you identify the risks, you will then evaluate/rate the likelihood and impact of each risk. Finally, you will identify what actions or risk control measures can be implemented to mitigate or eliminate risk; especially for those in the medium or high-risk categories.

How to use the Risk Assessment Tool

Risk Assessment Tool

STEP ONE: Complete the input fields at the top of the form with detail about your event

STEP TWO: Complete the Risk Identification section

  • In the “Risk/Hazard Identified” column identify risks related to your event activities.
  • For each risk identified in the “Who/What is Affected” column list who or what may be impacted by the risk (for examples: participants/attendees, the public, university property, etc.).

STEP THREE: Complete the Risk Analysis section

  • In the “Existing Controls” column list any controls you have in place, or are in the process of implementing, for each risk.
  • Controls should be focused on reducing the probability/likelihood of the risk occurring, the impact/severity if the risk were to occur, or both.

Degree of Existing Risk Section

  • Use the drop-down selection options in the “Likelihood” column to score the likelihood of the risk occurring with the present controls.
  • Use the drop-down selection options in the “Impact” column to score the severity of the risk with the present controls.
  • The “Risk Rating” column will auto populate with the risks position on the Risk Matrix at the top right of the tool. Any risks rated as “Low” (dark green) or “Low Med” (light green) have sufficient controls to make the risk within tolerable level and no further action is needed.

STEP FOUR: Complete the Risk Treatment section

  • Any risks that were originally rated as “Medium” (yellow), “Med Hi” (orange), or “High” (red) require additional controls to bring them within tolerable levels.
  • In the “Additional Controls” column list additional controls (beyond the existing controls previously listed) that are intended to reduce likelihood, severity or both.
  • Degree of Residual Risk
    • For each risk requiring additional controls rescore the likelihood and impact if the additional controls were implemented. (The “Risk Rating” column will auto populate).
    • Any risks that have a residual risk rating within the green sections (Low and Low Med) now will have sufficient controls to proceed with the additional controls implemented.
    • Any risks that are still in the yellow, orange, or red sections of the risk matrix would still need additional controls. Please contact Risk Management to discuss any residual risk scores that remain in these colors.
    • Risks with residual risk scores in the red section should be avoided.
  • The “Status of Residual Risk” column will auto populate to show whether the risk is tolerable, additional controls are needed, or the risk should be avoided.

STEP FIVE: Complete the Post Activity Survey and Debrief where Applicable

  • The risk assessment will identify the level of risks associated with the event, activity, project, program, field trip, etc. being analyzed.
  • If there are residual risks in the Medium (yellow) or Medium-High (orange) sections of the Risk Matrix, it will be necessary to fill out the Risk Assessment Post Activity survey and have a post event/activity debrief to discuss any incidents or near misses.
  • Once the event, activity, project, or field trip is complete, fill out the Risk Assessment Post Activity survey.
  • Risk Management will contact you to schedule a debrief meeting with the relevant campus stakeholders.

If you need assistance, please do not hesitate to contact Risk Management

Email: riskmanagement@calpoly.edu

Phone: (805) 756-6755