Risk management

Risk management

Risk management refers to the identification of factors that can put employees in danger and the magnitude of the associated risks as well as, where necessary, measures to mitigate the risks. Risk management is a systematic process aimed at ensuring the safety of employees’ working conditions.

The risk management process consists of three phases:

  • identification of hazards and risks
  • evaluation of the impact of the risks associated with the identified hazards on employees’ health and safety, and
  • prevention or mitigation of the risks.

Graph: Phases of risk management process

Phases of the risk management process: risk management refers to systematic action to identify, evaluate and mitigate risks.

Classification indicates the severity of risks

Once the hazards in a workplace have been identified, the associated risks must be evaluated. Employers must seek to eliminate all hazards associated with their employees’ work, although, in practice, it is rarely possible to do this with all risks (such as the risk of violent customers). It is the employer’s duty to evaluate the significance (magnitude) of the residual risk to their employee’s health and safety.

There are a number of techniques for calculating a numerical value for the magnitude of risk. Employers should ideally use a method that enables the assessment to be repeated at regular intervals in order to monitor progress in respect of occupational safety.

The magnitude of each risk is determined on the basis of the seriousness and probability of the potential consequences. The more serious the consequence and the more probable the event, the greater is the risk. Risks can be classified using, for example, the matrix below into negligible, tolerable, moderate, significant and intolerable risks.


Minor consequences

Adverse consequences

Serious consequences

Unlikely 1 Negligible risk 2 Tolerable risk 3 Moderate risk
Possible 2 Tolerable risk 3 Moderate risk 4 Significant risk


3 Moderate risk 4 Significant risk 5 Intolerable risk

Table 1: Risk classification matrix

Risks must be mitigated proactively

The higher the risk, the more urgently action needs to be taken.

It is the employer’s duty to manage risks in the workplace. Risks need to be brought down to a level that complies with the minimum requirements of occupational safety and health laws and regulations and ensures that employees are as safe as possible.

No significant improvement in safety can be achieved by addressing low and negligible risks. Risks of higher severity must be dealt with in order to ensure employees’ safety and health. A slightly raised risk is often called a “tolerable” risk. Any hazards that pose a “tolerable” risk must be monitored and action taken to mitigate the risk if necessary.

The higher the risk, the more urgently action needs to be taken to prevent it. There are also risks of such magnitude that work must not be commenced or resumed until the risk has been dealt with.



• No particular action needs to be taken.
• However, working conditions must be continuously monitored.

Tolerable and moderate

• Action must be taken to ensure that employees are familiar with safe procedures.
• A monitoring system must be introduced to ensure that the risk remains under control.
• If necessary, action must be taken to lower the risk.

Considerations: Are there any simple ways to increase safety?

Significant and intolerable

• With higher risks comes the need to continuously monitor the conditions.
• Action must be taken to reduce the risk.
• A deadline must be set for implementing the corrective measures.
• In the case of intolerable risks, work must not be commenced or resumed until the risk has been dealt with.

Considerations: Is the employer’s safety management system adequate?

Table 2: Risk / Response

From risk management to safety management

Good risk management requires continuous monitoring and development efforts. The aim is to bring about a lasting improvement in the level of safety, in which case the term “safety management” can be used.

It is the employer’s duty to continuously monitor the work environment. Information about the hazards associated with employees’ work can be collected, for example, by means of regular inspections of the workplace and personnel surveys. Employers also need to factor in the results of their occupational health care provider’s workplace survey and any recommendations set out in the survey report. In addition, employers need to monitor their employees’ sickness absences and injury rates. All dangerous situations and the underlying factors must be investigated and any issues that threaten employees’ health must be rectified.

The corrective actions can be chosen, for example, on the basis of the following criteria:

  • Improvements in the level of safety: priority should be given to the most effective ways to reduce the greatest risks.
  • Scope of the impact: priority should be given to measures that address as many risks as possible or improve the safety of as many employees as possible.
  • Regulatory compliance: measures that help to eliminate non-compliances with the law or objectives set by stakeholders or internally are always worth implementing.
  • Improvements in efficiency: measures that make work more efficient are worth implementing even if their impact on safety is minimal.
  • Cost-effectiveness: the most effective measures are not always expensive to implement. It is often possible to bring about considerable improvements with minor tweaks and at practically no cost.

Successful occupational safety management reduces the number of occupational accidents and sickness absences and therefore increases the productivity of work.


Logo of the European Commission's Your Europe portal.


This website is part of the European Commission's Your Europe portal. Did you find what you were looking for?