View current

Health and Safety Risk Assessment Procedure

This is the current version of the approved document. You can provide feedback on this document to the Enquiries Contact - refer to the Status and Details tab from the menu bar above.

Section 1 - Purpose and Scope

(1) This Procedure outlines the approach for completing health and safety risks assessments at The University of Queensland (UQ). It applies to all UQ workers (including staff, Higher Degree by Research (HDR) students, contractors, volunteers) and others (coursework students, visitors) across all UQ operations and sites.

(2) This Procedure supports UQ’s Health, Safety and Wellness Policy, which outlines UQ’s commitment to continuous improvement in the prevention of harm by identifying hazards and assessing and mitigating risks from these hazards.


(3) Managing health and safety risk is a mandatory legislative requirement. This Procedure refers to relevant legislation associated with managing health and safety risks at UQ. This primarily means the Work Health and Safety Act 2011 (Qld; WHS Act) and associated Regulation, the How to Manage Work Health and Safety Risks - Code of Practice - 2021 and other legislative requirements that specify when risk assessments must be undertaken.

Top of Page

Section 2 - Process and Key Controls

(4) The following requirements apply to all UQ workers and others regarding the risk assessment process:

  1. UQSafe is UQ’s recording system for risk assessments that are required to be completed due to UQ’s operations and undertakings.
  2. There is a legislative duty for managing work health and safety risks.
  3. Management commitment is essential to demonstrate due diligence through understanding the risks in the person’s area of responsibility, allowing for sufficient resources to manage hazards and risks, leading by example and ensuring UQ workers and others are aware of their own responsibilities in relation to risk management.
  4. The risk assessment process involves:
    1. identifying hazards;
    2. assessing the risk posed by each hazard;
    3. controlling the risks; and
    4. monitoring and reviewing the control measures.
  5. The Hierarchy of Control must be used when establishing methods to control the risks.
  6. Consultation and communication throughout the risk assessment process is essential to ensure those with the best knowledge of the hazards and resulting risks are involved.
  7. Risk assessments must consider both physical and psychological work risks.
  8. Risk assessments should be reviewed regularly, and at least every five years.
Top of Page

Section 3 - Key Requirements

Part A - Duty for Managing Risks

(5) The Work Health and Safety Act 2011 requires persons in control of a business or undertaking (PCBU) to eliminate risks, or if that is not possible to minimise the risks so far as is reasonably practicable. Consultation must occur and workers have an obligation to cooperate. This obligation extends to where the PCBU directs, or influences work carried out for others.

(6) Risk management is a proactive process that responds to change, and management commitment is essential.

Part B - The Risk Assessment Process

(7) Health and safety risk identification is an ongoing activity and involves identifying and describing the health and safety risk factors associated with work. The task description should clarify the source of the risk, potential hazards and level of exposure to workers (time or quantity).

(8) The risk assessment process is a four-step continuing cycle of improvement.

Identifying Hazards

(9) Identification of hazards involves considering situations or items that have the potential to cause harm to a person. Hazards may be physical or psychological and can be identified through consultation with workers, through workplace inspections, observing a task or activity, through using equipment or plant, and being aware of how people work. 

(10) Not all hazards are obvious, for example, some may affect the health of a person over a period of time. Consideration must be given to both physical and psychological hazards, as well as those seen and unseen e.g., noise.

(11) All workers must participate in identifying the health and safety risk factors associated with the specific activities/tasks they perform. When required to formally document a risk assessment, workers must identify and describe the risk factors to determine what could go wrong when performing the work activity.

Assessing the Risks

(12) The assessment of risk involves considering what harm could occur if a person was exposed to the hazard, and the likelihood of this occurring. Consideration should be given to how severe the consequence may be, whether the existing controls are effective, what controls need to be implemented and if there are any urgent and immediate actions that are required. If a hazard can be immediately removed, this must be done.

Controlling the Risks

(13) Risks need to be eliminated wherever possible. If they cannot be eliminated, they must be minimised so far as reasonably practicable. In most circumstances, it would be a combination of different controls used together that provide the highest level of protection.

(14) The control options chosen should offer the highest level of protection for workers. Controls must be reliable, available, able to be implemented, and suitable for the circumstances of the work area.

The Hierarchy of Control

(15) The Hierarchy of Control ranks control measures from the highest level of protection and reliability to the lowest (see section 7 Appendix, ‘Hierarchy of Control Measures’). It is a legislative requirement to consider the hierarchy of control when determining controls to manage risk. Various controls may be considered, the most effective control to eliminate the hazard or reduce the risk must be chosen.

(16) When considering the ‘cost’ of eliminating or minimising a hazard, this would not usually be used as a reason for not implementing a known control. The greater the likelihood of harm occurring or the greater the extent of the harm, the less weight should be given to costs for controlling the hazard or the risk.

Monitoring and Reviewing Control Measures

(17) To verify that implemented control measures remain effective, there must be regular review of the work activities and/or tasks and consultation with workers on how the control measures are performing. Serious risks should be reviewed more frequently. Risk assessments and control measures require review in the following situations:

  1. when a control measure is not effectively controlling a risk;
  2. before a change that might give rise to a new risk;
  3. when a new hazard or risk is identified;
  4. when consultation with workers indicates a review is needed;
  5. after a Health and Safety Representative requests a review;
  6. after a Work Health and Safety Coordinator (WHSC) conducts an audit and provides feedback; and
  7. on a predetermined schedule based on the UQSafe current risk rating:
    1. Low = Five years
    2. Medium = One year
    3. High = Six months
    4. Extreme = Two days.

(18) In UQSafe, risk assessment reviews are completed using the formal review function. Refer to the Formal Review Guide

Part C - Consultation and Communication

(19) Risk assessments should be developed in consultation with the people designing the work or performing the tasks and may involve people with specialist knowledge in technical aspects of health and safety risks, e.g., an occupational hygienist. Consultation with workers (including Health and Safety Representatives) must occur for them to provide information and input into the issues they have encountered e.g., near misses and incidents that have not been reported, perceived bullying/harassment, as well as muscular pain that may signal potential hazards. 

(20) Workers must be aware of the hazards and risks they may be exposed to, and the completion of a risk assessment to minimise this exposure must be communicated. This can be done in several ways, including:

  1. Engaging HSW Committee members and Health and Safety Representatives;
  2. Toolbox talks, work group meetings, email, information on webpages;
  3. Online training modules and staff development courses;
  4. Contractual agreements i.e., student placement, contractor services; and
  5. New worker inductions, site inductions.

Part D - When to Complete or Review a Risk Assessment

(21) A risk assessment will assist in identifying the risk of exposure to people, and the sources and processes that may be causing the risk. Therefore, a risk assessment must be completed or reviewed when a hazard has been identified which may result in harm and when:

  1. there is uncertainty about a task or activity that may result in a risk of harm to a person or the environment; or
  2. there are a several hazards and there is lack of understanding on how they may interact with each other to produce other risks; or
  3. there are changes in the workplace, the task or the activity; or
  4. an incident or near miss has occurred; or
  5. when UQSafe requires a reassessment (refer to ‘Monitoring and Reviewing Control Measures’ provisions above).

(22) A detailed risk assessment may not be required in low-risk office environments if there are well-known and effective controls already in use that are suited to the circumstances of that environment and/or work group. For example, UQ has well documented and implemented safety and emergency procedures in place for work groups occupying offices in UQ managed buildings and sites.

Part E - Completing a Risk Assessment in UQSafe

(23) Health and safety risk assessments must be completed in UQSafe using the WHS Risk Register module. To ensure risk assessments are appropriately developed and reviewed, particular roles (as defined in definitions) are assigned to users, and the system has inbuilt workflows to automate the process. 

Details and Context

(24) To produce a high-quality risk assessment, the scope and context must be clearly defined. This includes:

  1. an appropriate name for the risk assessment, searchable in the risk register;
  2. a clear description of the task/activity that is being assessed;
  3. the list of those involved with assessing the risk (risk assessment team);
  4. the Organisational Unit that the risk assessment belongs to; and
  5. a list of relevant documents referenced in the development of the risk assessment.

Assessing the Risk Level

(25) The risk level is determined on how the tasks or activities are currently completed, not how they should be completed. This is the managed risk level (or current risk level).

(26) In UQSafe, the risk assessment module (WHS Risk Register) requires the risk owner to identify and describe the risk factors and controls, and then assess the effectiveness of existing controls to manage the risk (managed or current risk level). The next step is to consider whether additional controls can be implemented to further reduce the risk to an acceptable level (target or residual risk rating). An acceptable level of risk is one that, under the circumstances, is reasonably practicable to accept.

(27) The risk level is calculated using the risk matrix by assessing the likelihood of workers being exposed to the hazard, and the most likely consequence of this exposure – not the worst-case scenario – refer to the ‘UQSafe Risk Matrix’ in the Appendix. The intersection of the likelihood and consequence is the risk level.

Peer Review

(28) Prior to submission to the risk approver (Supervisor), the risk owner can invite others to peer review the risk assessment. Suitable reviewers include subject matter experts, other work group members, persons involved in implementing controls, Work Health and Safety Coordinator (WHSC), etc.

Approval of Risk Assessments

(29) Once completed, the risk owner ‘submits’ the risk assessment which automatically workflows to the risk approver (their Supervisor). The risk approver must review the risk assessment to ensure:

  1. The Risk Assessment Name is clear and follows correct nomenclature.
  2. Basic details are correct, including Location Category and Organisational Unit.
  3. Includes a clear description of the task/process/activity (this may be included as an attachment).
  4. Relevant documents have been referenced and attached.
  5. All foreseeable hazards and risk sources have been identified and clearly described.
  6. Controls have been adequately described and selected based on the Hierarchy of Controls.
  7. The calculated risk level is proportionate and acceptable.
  8. Complex and/or high inherent risk tasks have had input by a subject matter expert.
  9. Relevant regulations, Code of Practice, and standards have been considered.
  10. For further guidance refer to UQ Systems Training Hub.

Risk Assessment Verification

(30) Work Health and Safety Coordinators are required to review a percentage of the risk assessments in their area of responsibility for clarity of the task/activity, identification of the hazards, quality of the intended controls, whether the hierarchy of controls has been used, and then the appropriateness of the risk levels (both managed and target).

(31) For more detailed information, refer to the Risk Assessment Verification training guide on UQ Systems Training Hub.

Part F - Training, Instruction, Information and Supervision

(32) Workers must be trained in work procedures to ensure they are able to perform the task safely. Training must cover the nature of the work, the associated risks, and control measures to mitigate the risks.

(33) Training should require workers to demonstrate they are competent in performing the task according to the procedure. It is often insufficient to give a worker the procedure and ask them to acknowledge they understand and are able to perform the task.

(34) Training, instruction and information must be provided in a form that can be understood by all workers. Information and instruction may also need to be provided to others who enter the workplace, such as visitors.

(35) Appropriate supervision must be supplied depending on the level of risk and the experience of the workers involved. High levels of supervision are necessary where inexperienced workers are expected to follow new procedures or carry out difficult and critical tasks. Supervisors are required to ensure their workers are aware of any risk assessments available for the tasks or activities they are undertaking, they are read and understood prior to the activity and/or task commencing.

Top of Page

Section 4 - Roles, Responsibilities and Accountabilities

Head of Organisational Unit

(36) The Head of Organisational Unit is responsible for:

  1. ensuring the effective communication and implementation of this Procedure within their areas of responsibility;
  2. allocating sufficient resources to ensure health and safety risks are managed and monitored;
  3. ensuring the provision and maintenance of effective health and safety risk controls;
  4. ensuring appropriate records are formally documented; and
  5. reviewing the performance of health and safety risk management within their area of responsibility.

Managers and Supervisors

(37) Managers and Supervisors are responsible for:

  1. ensuring the risk management process is undertaken;
  2. ensuring the adequate provision of risk management information, training, support, guidance and supervision;
  3. ensuring provision and maintenance of effective health and safety risk controls;
  4. ensuring the provision, maintenance, training and proper use of personal protective equipment (PPE);
  5. consulting with workers, reviewing and approving health and safety risk assessments;
  6. providing workers with information on the controls required to be followed as per the risk assessment for the activity or task;
  7. ensuring post-incident corrective actions are implemented and reviewing health and safety risk assessments accordingly; and
  8. reviewing and updating health and safety risk management provisions in relation to changes in the work activities.

Work Health and Safety Coordinator (WHSC)

(38) Work Health and Safety Coordinators are responsible for:

  1. Reviewing the quality of a proportion of risk assessments within their area of responsibility. This may require liaising with the risk owner and their Supervisor. Refer to the Risk Assessment Verification guide.
  2. Reviewing the Hierarchy of Controls is used and controls measures address identified hazards. If required, liaising with the risk owner and/or Supervisor to improve the quality of the risk assessment.
  3. Assessing whether the risk level is proportionate to the controls in place.
  4. Assisting risk owners in completing risk assessments in UQSafe if required.

Health, Safety and Wellness Manager (HSW Manager)

(39) Health, Safety and Wellness Managers are responsible for:

  1. regularly reviewing risk assessments in their area of responsibility as oversight to verify that the risk assessments are being completed and are of a high standard;
  2. reviewing for effective controls measures and the appropriate use of the hierarchy of controls; and
  3. mentoring the WHSC and Supervisor, providing them with appropriate guidance and advice to effectively review risk assessments.

Risk Owners

(40) Risk owners are those who undertake tasks or activities that require a risk assessment. For example, this may include workers, group leaders and HDR students, or others who have identified a hazard/s that may pose a risk/s of harm to workers through undertaking the activity or task.

(41) They produce a risk assessment in consultation with workers and then submit it for approval. Risk assessments must be completed in UQSafe and be approved prior to the task or activity being undertaken.

(42) The risk assessment must be shared with the workers involved in the task or activity.

Risk Author

(43) The person that enters the risk assessment into the system is the risk author. The risk author defaults to be the risk owner, unless they are entering the risk assessment on behalf of another person, in which case they will need to update the risk owner field.

Risk Approver

(44) The risk approver is usually the Supervisor of the risk owner and is the person that approves the risk assessment. At times, the most appropriate risk approver may not be the risk owner’s direct Supervisor, in which case the risk approver field will require updating. The person directing the work and supervising the activity / task should be the risk approver.

(45) It is incumbent on the risk approver to ensure they understand the risks involved in the task or activity and that the controls are appropriate before they approve the risk assessment.

Health and Safety Representatives

(46) Health and Safety Representatives may be included in the development of risk assessments for their designated work group, provide advice and assistance by involving other workers and the communication of the controls.

Health, Safety and Wellness Division (HSW Division)

(47) The Health, Safety and Wellness Division provides advice, support, and liaises with Health, Safety and Wellness Manager, Senior Management of UQ, as well as Regulators. Responsibilities also include:

  1. providing advice on controls, including specialist advice;
  2. where appropriate, issuing safety alerts for dissemination to the safety network in the event of failed controls;
  3. providing reports to Senior Managers on performance and risks in the Organisational Units; and
  4. maintaining UQSafe.

UQ Workers and Others

(48) Responsibilities include:

  1. participate in inductions, training, and health and safety risk assessments as required by the Supervisor;
  2. identify health and safety risks and work with the Organisational Unit to implement controls;
  3. complete, document or update health and safety risk assessments in UQSafe as necessary;
  4. follow the controls as detailed in the risk assessment for a task or activity;
  5. wear PPE as provided by UQ and in accordance with the risk assessment if applicable;
  6. report any incident, injury, illness or near miss event to the Supervisor; and
  7. report all incidents and near misses via UQSafe.
Top of Page

Section 5 - Monitoring, Review and Assurance

(49) Health and safety risks are continuously monitored and reviewed through several different activities including workplace inspections, audits, health surveillance, exposure monitoring and through the reviewing of performance indicators to ensure they are working as planned.

(50) Results and actions arising from monitoring and review activities are communicated to and consulted with the Organisational Units.

(51) The Health, Safety and Wellness Division (HSW Division) will review this Procedure to ensure it remains up to date with operational practices and requirements.

Top of Page

Section 6 - Recording and Reporting

(52) The Health, Safety and Wellness Division maintains UQSafe:

  1. to meet legal obligations under the Work Health and Safety Act 2011 and Workers' Compensation and Rehabilitation Act 2003; and
  2. as an important component in hazard control, risk management and incident prevention.
Top of Page

Section 7 - Appendix


Term Definition
Hazard A condition or situation which has the potential to cause injury or illness but has not resulted in an injury or illness.
Incident Any occurrence that leads to, or might have led to, injury or illness to people, danger to health and/or damage to property or the environment. For the purpose of this Procedure, the term "incident" is used as an inclusive term for injuries/illnesses, accidents and near misses.
Persons conducting businesses or undertakings (PCBU) (from section 5, Work Health and Safety Act 2011)

1. For this Act, a person conducts a business or undertaking—

    (a) whether the person conducts the business or undertaking alone or with others; and
    (b) whether or not the business or undertaking is conducted for profit or gain.

2. A business or undertaking conducted by a person includes a business or undertaking conducted by a partnership or an unincorporated association.

3. If a business or undertaking is conducted by a partnership (other than an incorporated partnership), a reference in this Act to a person conducting the business or undertaking is to be read as a reference to each partner in the partnership.

4. A person does not conduct a business or undertaking to the extent that the person is engaged solely as a worker in, or as an officer of, that business or undertaking.

5. An elected member of a local government does not in that capacity conduct a business or undertaking.

6. A regulation may specify the circumstances in which a person may be taken not to be a person who conducts a business or undertaking for the purposes of this Act or any provision of this Act.

7. A volunteer association does not conduct a business or undertaking for the purposes of this Act.

8. In this section, volunteer association means a group of volunteers working together for 1 or more community purposes where none of the volunteers, whether alone or jointly with any other volunteers, employs any person to carry out work for the volunteer association.
Risk Approver The person who is responsible for approving the risk assessment.
Risk Assessment Team If multiple persons are undertaking the work and are involved in the development of the risk assessment, they are listed as part of the Risk Assessment Team.
Risk Author The person entering the risk assessment into UQSafe.
Risk levels - Managed Risk level - The risk level with the current controls in place.

- Target Risk Level - The anticipated risk level with additional controls in place.
Risk Owner The worker (staff/student) responsible for undertaking the risk assessment. 
Risk Reviewer The person invited by risk owner to provide feedback on their risk assessment prior to submission to the risk approver. The system refers to this process as ‘peer review’.
OHS Team  Work Health and Safety Coordinators are required to review a sample of approved risk assessments in UQSafe to monitor the quality of risk assessment processes within their Organisational Unit.
UQSafe UQ’s system for creating and monitoring risk assessments
UQ workers For the purposes of this Procedure includes:

- staff - continuing, fixed-term, research (contingent funded) and casual;
- contractors, subcontractors and consultants;
- visiting academics and researchers;
- academic title holders, Emeritus Professors, adjunct and honorary title holders, Industry Fellows and conjoint appointments; and
- Higher Degree by Research students.
Workplace For the purpose of this Procedure a workplace is any place where work is undertaken by UQ, including field sites and other off-campus locations.

The Risk Management Process

See linked Risk Management Process Diagram.

The Hierarchy of Control Measures

See linked Hierarchy of Control Measures Diagram.

  1. Elimination – the most effective control measure as it involves eliminating the hazard the therefore the associated risks.
  2. Substitution - substitute the hazard with something safer e.g., replacing lead-based paint with water based.
  3. Isolate - physically separating the source of harm from people by distance or barriers, e.g., place compressors outside the space where people work
  4. Engineering - a device that is physical in nature including a mechanical device or process, e.g., manual handling aides to move heavy loads or interlocked guarding on machinery.
  5. Administration - if after the above controls have been considered and/or implemented, they may be minimised further with administrative controls. These include safe work procedures, information, training and instruction to workers.
  6. Personal Protective Equipment (PPE) - any remaining risks may be minimised with suitable PPE. These include hearing protections, face respirators and protective eyewear. This method of control is only effective if the worker wears and uses the PPE effectively.

UQSafe Risk Matrix

(53) See linked UQSafe Risk Matrix diagram.