View Current

WHS P004 Risk Management Protocol

This is the current version of this document. To view historic versions, click the link in the document's navigation bar.

Section 1 - Overview

(1) The purpose of adhering to a risk management approach is to provide the University with a structured and proactive program to facilitate the early identification of hazards, assessment of risk, and implementation of control measures to enable a safe place of work for staff.

(2) UNE WHS Risk Management framework: (Click here for Risk Management Framework).

Top of Page

Section 2 - Scope

(3) This document has been developed in accordance with:

  1. Work Health and Safety Act 2011 and Work Health and Safety Regulation 2017;
  2. AS/NZS 4801:2001 Work health and safety management systems — Specification with guidance for use;
  3. AS/NZS 4804:2001 Occupational health and safety management systems — general guidelines on principles, systems and supporting techniques;
  4. AS/NZS ISO 31000:2009 Risk Management - Principles and Guidelines; and
  5. Model Code of Practise (Safe Work Australia) How to Manage Work Health and Safety Risks 2011.

(4) This Protocol applies to UNE Representatives, Students and visitors. Workers such as contractors may comply with the risk management practices of their employer, with cooperation between both the University and the contracted entity.

(5) Corporate risk management is not included in this protocol or associated procedures and tools. For guidance on corporate risk management refer to the Risk Management Policy or email the Audit and Risk Directorate at

Top of Page

Section 3 - Protocol

Risk Management Responsibilities

(6) All Officers and Workers (as defined by the WHS Act) with management or supervisory roles have a responsibility to ensure risk management is operationalised in their area of control. Tasks associated with risk management can be delegated to Competent Persons.

(7) WHS P002 Organisational WHS Responsibilities Protocol specifies the level of responsibility that all University Representatives have in regard to WHS risk management.

Risk Management Consultation

(8) Consultation at specific intervals during the risk management process is vitally important. The University has a responsibility to consult with persons that could be affected by its work about the hazards and how they could be affected by them.

(9) In the risk management process consultation shall occur, where reasonably practicable, during the:

  1. identification of foreseeable hazards — staff shall be asked about things in the workplace that have potential to harm anyone in their work environment;
  2. assessment of the risk from the hazard — staff opinion shall be considered on how significant the risk is and how likely is this to occur;
  3. control of the hazard — staff shall assist in the identification and implementation (where applicable) of strategies to eliminate or control the hazard; and
  4. review of the risk assessment — to monitor and improve control measures, staff shall be given the opportunity to provide feedback on the effectiveness of implemented controls.

(10) The specific vehicles for formal and informal consultation throughout the risk management process are:

  1. WHS Work Groups with elected Health and Safety Representatives (HSRs) and Deputies;
  2. WHS Committee;
  3. 'Health and Safety Talk' meetings;
  4. scheduled workplace inspections;
  5. development of Job Safety Analysis' (JSAs);
  6. risk assessment teams;
  7. WHS Management System development; and
  8. investigation teams.

(11) Consultation is regarded as two way communication facilitating input to decision making, not joint decision making.

Risk Management Processes

(12) There are many components that contribute to the fundamental risk management process of identification, assessment, control and review. These components are defined herein.

Hazard Identification

(13) The University shall ensure that there are processes in place to facilitate the planned and ad hoc identification of hazards and their subsequent management in order to mitigate risk.

(14) When identifying hazards consideration should be given to:

  1. the environment - noise, extreme temperatures, working at height, moving vehicles;
  2. equipment, materials, substances used - moving parts, sharps, chemicals, biological agents, radiation;
  3. the tasks and how they are performed — repetitive, twisting, lifting etc;
  4. the organisation and management of the work — stress, fatigue, violence;
  5. available literature — legislation, codes of practice, standards, manufacturers literature, Safety Data Sheets, statistics on incidents and trends; and
  6. potential emergencies — ie. what could go wrong.

Scheduled Workplace Inspections

(15) As part of the University's risk management approach, scheduled/planned inspections are carried out in all areas of the University campuses.

(16) Workplace inspections allow for identification of hazards as well as review of implemented to controls to ensure they remain effective.

(17) As per clause 49 of the WHS Act 2011 and WHS P003 Consultation Protocol, consultation is required, as is reasonably practicable, when identifying hazards and assessing risks. As such, relevant HSRs or their delegate are invited to accompany management (or their delegate) and/or University safety personnel on scheduled inspections.

(18) The University highly values the input that HSRs contribute to scheduled inspections as their familiarity of the workplace and operational experience in the work environment is critical to conducting effective workplace inspections and helping to ensure all foreseeable hazards are identified.

Ad Hoc Identification

(19) All University Representatives have a responsibility to report any hazard they identify in their immediate work area and in the common areas and grounds of the University.


(20) Through the completion of incident investigations it is possible that hazards may be identified by the investigation team that are additional to the root cause of the incident.

(21) The University acknowledges the inherent advantages of including staff representatives in the incident investigation process to ensure all factors are considered, such as contributing factors, past occurrences, perspectives of other staff, familiarity with the workplace and operational experience in the work environment. This aids in the thorough identification of hazards.

Hazard Reporting

(22) The University shall ensure that all University Representatives are aware of how to report and are able to report any identified hazard at any time.

(23) All hazards that cannot be immediately eliminated by permanent controls must be documented and reported.

Hazard Register

(24) Hazard registers are maintained for the University which identify activities and services (and may include those of contractors and suppliers) over which the University has control or influence. The hazard registers are periodically reviewed and enable logging of corrective actions to ensure effective controls are identified and actioned.

Assessment of Risk

(25) Assessment of risk associated to any identified hazard is necessary when:

  1. the hazard can not immediately be eliminated by permanent controls;
  2. there is not already a risk assessment by manufacturer, Code or Standard that stipulates effective controls;
  3. legislation stipulates it;
  4. new equipment or substances have been introduced to the work area;
  5. there is a change to existing work practices;
  6. there is a change to the location of the work environment;
  7. responding to concerns raised by any University Representative regarding an identified hazard or failed control measure requiring review; and/or
  8. an incident has occurred.

(26) Assessment of risk by Competent Persons is necessary in order to:

  1. Determine appropriate controls;
  2. Compare risk; and
  3. Prioritise controls that are reasonably practicable.

(27) Consultation is required, where reasonably practicable, when making decisions about ways to eliminate or minimise risks (clause 49 WHS Act 2011).

(28) In all circumstances where a hazard is assessed for risk and a risk score is determined, relevant HSRs or their delegate shall have the opportunity to review and have input in to the risk score as well as the identified corrective actions.

(29) The review of risk scores and corrective actions occurs at WHS Work Group meetings via information and reports provided by People and Culture. In the event where the risk score or corrective actions appears, to the HSR or members of their work group, to be inappropriate, a new risk assessment may be completed with involvement from relevant stakeholders.

(30) At any time, relevant HSRs or their delegate may be invited to participate in risk assessments relating to health and safety matters at the University.

(31) University procedures require that at least two stakeholders, considered as Competent Persons, participate in the calculation of risk scores for any identified hazard and the subsequent identification of corrective actions.

Risk Score Calculator

(32) Assessment of risk is based upon a determination of the likelihood of the hazard causing harm along with a determination of the severity of the harm. Consideration should be given to the potential chain of events that could be triggered that may result in harm.

(33) The establishment of a single methodology for assessing WHS risk ensures uniformity across all tools used for the management of risk and allows for meaningful comparison of WHS risk across all University campuses.

(34) The WHS Risk Score Calculator applied to the assessment of any identified hazard and associated risk is illustrated below.

Risk Control/Elimination and Response

Hierarchy of Controls

(35) It is preferable that all hazards are eliminated. Where this is not possible the Hierarchy of Control is applied when managing the University's identified WHS risks. This requires adopting the highest ranked control measure that is reasonably practicable from the following order:

  1. elimination;
  2. substitution;
  3. isolation;
  4. engineering;
  5. administrative; then
  6. personal protective equipment (PPE); or
  7. a combination of measures.

(36) Administrative controls and use of PPE should only be used:

  1. as a last resort;
  2. as an interim measure; or
  3. as supplementary to a higher order control.

(37) The WHS Regulation requires PPE used to be:

  1. suitable for the nature of work and identified hazards;
  2. a suitable size and reasonably comfortable;
  3. maintained, repaired or replaced as required; and
  4. worn by workers in accordance with any reasonable instruction by a University Representative.

Corrective Actions

(38) When considering the appropriate controls to mitigate risk:

  1. check if there is legislation that has specific requirements for a control measure;
  2. check if a Code of Practice has any guidance on controlling the hazard;
  3. check if there is a relevant Australian Standard on the topic;
  4. check the manufacturers guidance and/or any industry standards;
  5. check with other faculties and/or businesses if they have a similar hazard and how they have successfully controlled it;
  6. consult with workers to see if they have any solutions to the hazards they face; and/or
  7. seek advice from People and Culture.

(39) The risk score shall assist in prioritising the implementation of risk control measures. The higher the level of risk, the more urgent the action to be taken.

(40) In some cases the legislation specifically requires a control measure so it must be implemented regardless of the cost. Similarly, if a Code of Practice or Australian Standard specifies a control measure then it must be implemented, unless you choose something of equal or better effectiveness.

(41) In all other cases the cost, in terms of: time; effort; and money; of implementing a control may be taken into account when deciding whether it's reasonably practicable. However, cost alone cannot be used as a reason for doing nothing.

(42) Corrective actions shall be recorded with accountability specified and with appropriate time frames for completion set.

(43) Workers shall be provided with information and relevant training to ensure controls are implemented properly.

(44) Workers have a responsibility to comply, so far as the Worker is reasonably able, with any reasonable instruction that is given by a University Representative to allow the University to comply with the WHS Act and other relevant requirements.

(45) Additionally, Workers have a responsibility to cooperate with any reasonable policy or procedure of the University relating to health or safety at the workplace that has been notified to Workers.

Job Safety Analysis (JSAs)

(46) A JSA is a form of safe work procedure, which details step by step how a given task is to be carried out safely.

(47) JSAs may include reference to other JSAs within, particularly where the task involves operation of plant and equipment.

Permit to Work Systems

(48) The University shall ensure that permit to work systems are in place for high risk work, where it is not possible to eliminate the task. A permit to Work is required for any task involving:

  1. hot work;
  2. excavation;
  3. surface penetration;
  4. work at heights;
  5. confined spaces;
  6. asbestos removal; and/or
  7. live electrical work.

(49) A permit to work can be obtained from Estate and Built Environment and must be completed 24 hours prior to work commencing except with explicit approval.

'Health and Safety Talk' Meetings

(50) Health and Safety Talk meetings may be convened by management or supervisors to discuss particular safety issues that are relevant to the work area and allow an opportunity for structured consultation for the control of risk.

(51) Health and Safety Talk fact sheets are available for use by all University Representatives.

(52) The meetings are recorded using a template form available via Safety Hub. The form records attendance information, the resources used and allows for staff feedback, discussion and follow up.

Review of Risk

(53) A summary of identified hazards shall be reviewed by University management at regular intervals to assist Officers execute their Duty of Care and manage risk in a manner that is Reasonably Practicable.

(54) The WHS Management Group is the top tier of the UNE consultation framework and convenes at regular periods to facilitate the review of hazards and controls.

(55) Implemented control measures are subject to review, where appropriate, and logged in the hazard registers maintained by University Representatives.

(56) The risk management process and the University safety management system is subject to reviews on a three yearly basis, or sooner if required, as per WHS OP001 Document Control Procedure.

Training in Risk Management

(57) Any University Representative that participates in the process of planned WHS risk management and/or other WHS related duties are adequately trained in these functions and/or regarded as a Competent Person.

(58) University staff are given the opportunity to consult on job specific training requirements as well as WHS training needs via their WHS work group and Health and Safety Representative (HSR).

Recording the Risk Management Processes

(59) Any associated documentation that records the process of WHS risk management at UNE shall be retained for the specified period stipulated in relevant legislation.

(60) Records pertaining to the risk management process at the University shall be kept regarding:

  1. identified hazards;
  2. risk assessments;
  3. control measures (implementation, monitor and review);
  4. consultation participants throughout the process; and
  5. training records.

Authority and Compliance

(61) The Director People and Culture as Rule Administrator, pursuant to the University's Work Health and Safety Rule, is authorised to make procedures and guidelines for the operation of this University Protocol. The procedures and guidelines must be compatible with the provisions of this Protocol.

(62) University Representatives and Students must observe this Protocol in relation to University matters.

(63) This Protocol operates as and from the Effective Dates.

(64) Previous Protocols relating to WHS risk management are replaced and have no further operation from the Effective Date of this new Protocol.

(65) Notwithstanding the other provisions of this University Protocol, the Vice-Chancellor and Chief Executive Officer may approve an exception to this Protocol where the Vice-Chancellor and Chief Executive Officer determines the application of the Protocol would otherwise lead to an unfair, unreasonable or absurd outcome. Approvals by the Vice-Chancellor and Chief Executive Officer under this clause must be documented in writing and must state the reason for the exception.

Top of Page

Section 4 - Definitions Specific to this Protocol

(66) Competent Person means a person who has acquired through training, qualification or experience the knowledge and skills to carry out the task.

(67) Hazard means a situation or thing that has the potential to harm a person, property or the environment.

(68) Officer (of public authority) as defined by the WHS Act, means a person who makes, or participates in making, decisions that affect the whole, or a substantial part, of the business or undertaking of a public authority. At UNE, this includes the UNE Council, Chancellor, Vice-Chancellor and Chief Executive Officer, Senior Executive, Directors and Heads of School.

(69) Reasonably Practicable means to ensure health and safety that is, or was at a particular time, reasonably able to be done, taking into account and weighing up all relevant matters including:

  1. the likelihood of the hazard or the risk concerned occurring, and
  2. the degree of harm that might result from the hazard or the risk, and
  3. what the person concerned knows, or ought reasonably to know, about:
    1. the hazard or the risk, and
    2. ways of eliminating or minimising the risk, and
  4. the availability and suitability of ways to eliminate or minimise the risk, and
  5. after assessing the extent of the risk and the available ways of eliminating or minimising the risk, the cost associated with available ways of eliminating or minimising the risk, including whether the cost is grossly disproportionate to the risk.

(70) Risk means the consequence and likelihood of harm occurring when exposed to the hazard.

(71) Risk Management means the coordination of activities to direct and control processes with regard to risk.

(72) A Worker, as defined by the WHS Act, is a person that carries out work in any capacity for a person conducting a business or undertaking, including work as:

  1. an employee, or
  2. a contractor or subcontractor, or
  3. an employee of a contractor or subcontractor, or
  4. an employee of a labour hire company who has been assigned to work in the person's business or undertaking, or
  5. an outworker, or
  6. an apprentice or trainee, or
  7. a student gaining work experience, or
  8. a volunteer, or
  9. person of a prescribed class.