Risk management

Risk management

The aim of risk management is to prevent incidents from arising.

Risk management is an organised and systematic activity to make working conditions safe.

There are three steps to risk management:

  1. identifying hazards and harms
  2. assessing the significance of risks to the health and safety of employees
  3. preventing, eliminating or reducing risks.

Graph: Phases of risk management process

Aspects of risk management. Risk management refers to systematic activities that identify, assess and reduce risks.

Classification indicates the severity of the risks

The employer must try to eliminate all risks related to working. However, not all risks can be completely removed in practice (e.g. customers who behave violently). In these cases, the significance of the remaining risk to the health and safety of the employee or the extent of the risk must be assessed.

There are different methods for calculating a numerical value for the risk. It is advisable to introduce such a method at the workplace, as it can be used to verify the development of occupational safety between assessments. 

The extent of the risk is determined based on the severity and probability of the consequences from the event. The more serious the consequence and the more likely the event, the greater the risk. Risks can be categorised, for example, by using the table below and the following scale: 
1 insignificant, 2 tolerable, 3 moderate, 4 significant and 5 unbearable.


Minor consequences

Adverse consequences

Serious consequences

Unlikely 1 Negligible risk 2 Tolerable risk 3 Moderate risk
Possible 2 Tolerable risk 3 Moderate risk 4 Significant risk


3 Moderate risk 4 Significant risk 5 Intolerable risk

Table 1: Risk classification matrix

Risks must be mitigated proactively

The higher the risk, the more urgently action needs to be taken.

The employer must take control of the risks and reduce them to a level that fulfils the minimum requirements of laws and regulations, so that the employee encounters as few risks as possible.

In the case of low, insignificant risks, it is considered that reducing the risk does not achieve a significant increase in safety levels. When the risk is slightly increased, it is considered a tolerable risk. In this case, hazards shall be specifically monitored and, where appropriate, measures taken to reduce the risk. However, reducing the risks is always worthwhile if it increases the smoothness of the work.

The more significant the assessed risk level is, the faster the preventive measures must be started. The risk may also be so high or intolerable that work must not be started or continued until the risk has been reduced.



• No particular action needs to be taken.
• However, working conditions must be continuously monitored.

Tolerable and moderate

• Action must be taken to ensure that employees are familiar with safe procedures.
• A monitoring system must be introduced to ensure that the risk remains under control.
• If necessary, action must be taken to lower the risk.

Considerations: Are there any simple ways to increase safety?

Significant and intolerable

• With higher risks comes the need to continuously monitor the conditions.
• Action must be taken to reduce the risk.
• A deadline must be set for implementing the corrective measures.
• In the case of intolerable risks, work must not be commenced or resumed until the risk has been dealt with.

Considerations: Is the employer’s safety management system adequate?

Table 2: Considerations for planning actions

Principles and criteria for risk reduction

When reducing risks, the employer must strive to comply with the principles stated in the Occupational Safety and Health Act:

  • Primarily, hazards must be prevented from arising.
  • If prevention is not possible, the hazards shall be eliminated.
  • If it is not possible to remove the hazards, they will be replaced by a less dangerous option.
  • Generally effective occupational safety and health measures are carried out before individual ones (e.g. the priority is to encapsulate a noisy machine, and only the secondary option is to obtain hearing protection for employees if the noise is still above the allowed level).
  • The development of technology and other methods must be considered. 

The corrective actions can be chosen, for example, on the basis of the following criteria:

  • Improvements in the level of safety: priority should be given to the most effective ways to reduce the greatest risks.
  • Scope of the impact: priority should be given to measures that address as many risks as possible or improve the safety of as many employees as possible.
  • Regulatory compliance: measures that help to eliminate non-compliances with the law or objectives set by stakeholders or internally are always worth implementing.
  • Improvements in efficiency: measures that make work more efficient are worth implementing even if their impact on safety is minimal.
  • Cost-effectiveness: the most effective measures are not always expensive to implement. It is often possible to bring about considerable improvements with minor tweaks and at practically no cost.

From risk management to safety management

Successful risk management requires continuous monitoring and development of operations. The working environment must be monitored and information collected about hazards, for example through workplace tours and personnel surveys. Development proposals from the occupational healthcare survey must also be taken into account. In addition, the employer must monitor sick leaves and accident statistics. Dangerous situations and the factors that led to them must be investigated and health-endangering conditions corrected.

The aim of continuous monitoring and development is to permanently improve the level of safety. It is proper safety management when safety and health measures are taken into account in the operations of all parts of the organisation. The objectives of safety management are derived from the occupational safety and health action programme. This again is based on the development needs identified in the risk assessment and the impact of factors related to work and the working environment. 

When occupational safety is under control, accidents at work, illnesses and absences are reduced. At the same time, workplace productivity is improved.


Logo of the European Commission's Your Europe portal.


This website is part of the European Commission's Your Europe portal. Did you find what you were looking for?