June 20, 2019 4 min read

The Three Phases of Risk Assessment: Risk Management Basics


AECEngineering & DesignFacilities ManagementIndustrial


Risk ManagementSafetyVector EHS Management

Risk Management Basics Image

In this installment of our Risk Management Basics series, we’re going to take a closer look at risk assessment. In doing so, we’ll break risk assessment down into three separate steps: risk identification, risk analysis, and risk evaluation.

We hope this article and our entire Risk Management Basics series will help you gain a better understanding of risk management and help you begin to use risk management techniques at your workplace. Or, if you’re already using risk management at work, to perhaps improve what you’re doing now.

Drop us a note in the comments section below if you’d like us to address any particular risk-related topic in this ongoing risk series.

And if you’re involved in occupational safety and health, feel free to download the free Guide to Using Risk Management for Occupational Safety and Health at the bottom of this article (but note, this article addresses risk management and risk assessment in a general manner and can be applied to any aspect of enterprise risk management).

What Is Risk Assessment?

Vector EHS Management Software empowers organizations – from global leaders to local businesses – to improve workplace safety and comply with environmental, health, and safety regulations.

Learn more about how our software can save you valuable time and effort in recording, tracking, and analyzing your EHS activities.

Learn more about how we can help:

Download our EHS Management Software Buyer’s Guide.

Risk assessment is the name for the three-part process that includes:

  • Risk identification
  • Risk analysis
  • Risk evaluation

Your organization should conduct risk assessment in a systematic manner. Perform risk assessment collaboratively, as a team effort, involving different stakeholders and always taking into account their unique knowledge and views.

When performing your risk assessment, use the best information available to your organization, realizing this may mean you’ll have to look outside your organization and/or do additional research to gather more information and more knowledge.

Risk Management Guide for Safety

Learn to use risk-management approaches for safety and health management.

Download Now

What Is Risk Identification?

Risk identification is the first phase of risk assessment.

Risk identification is the process of finding and describing risks that might help or prevent an organization achieve its objectives.

Side note: Remember that risk can be thought of as the effect that uncertainty may have on your organization’s attempt to reach your objectives, and that effect may be positive/beneficial or negative/harmful.

During the risk identification process, your organization should identify risks that seek to identify risks that are both under your control and those that are not.

What Is Risk Analysis?

During risk analysis, it’s your goal to learn the nature of the risk(s). During risk analysis, be sure to consider:

  • Uncertainties, including those with possible negative and positive consequences
  • Sources of risk
  • Events
  • Likelihood of events
  • The consequence of those events
  • The effectiveness of current controls
  • The effectiveness of potential future controls

A risk analysis will be more accurate if you’re using high-quality, accurate, and complete information. Remember you may have to go outside your organization to get some of this information.

You should be aware of, document, and communicate to decision makers the opinions, biases, assumptions, exclusions, as well as any limitations of any techniques used, during the risk analysis process.

Risk Matrix Guide

Get the Guide

What Is Risk Evaluation?

During risk evaluation, you’ll compare the results you came up with during your risk analysis and compare those to your organization’s existing risk criteria to determine if you’ll need to do more to treat the risk(s) you’re assessing.

During risk evaluation, your organization may choose to:

  • Do nothing
  • Consider implementing other risk treatments
  • Reconsider your organization’s objectives
  • Return to the risk analysis phase to develop a more thorough understanding of the risk at hand

What’s Next: Risk Treatment

Once a risk assessment (including risk identification, analysis, and evaluation) has been conducted, it’s time to turn your attention to risk treatment. Risk treatment is the process of considering, selecting, and implementing one or more options for addressing the risk(s) you’ve been assessing.

We’ll address risk treatment in a future Risk Management Basics article. Look for it!

Where to Learn More About Risk Management

Of course, you can hang tight for the next article(s) in our Risk Management Basic Series, but here are some additional resources for you if you want to kickstart your risk management awareness.

Risk Standards and Organizations

Risk Management Basics Articles from Convergence Training

Occupational Safety & Risk Management Related Articles from Convergence Training

Other Risk-Related Articles from Convergence Training

BUYER'S GUIDE: Mobile Risk Intelligence Communications Platform

Download Now

Conclusion: Effective Risk Management Programs Are Built on Strong Foundations & Principles

Stay tune for more Risk Basics articles and let us know all your risk management questions.

Although risk management techniques can be used in any industry and for any subject matter, we DO create a lot of tools for safety, including online EHS training courses and an online incident management system, so we’ve got a free Guide to Using Risk Management for Occupational Safety and Health Management for you below–download it and getting started on your risk-based occupational safety efforts today.

Related Resources

Explore the Resource Center

Explore our software solutions designed to help your organization succeed

Request a Demo