If you are an employer, manager or officer of a business, you have duties to manage workplace health and safety (WHS) risks. Risk management is an ongoing and integral process for new and existing business owners. In particular, you should focus on risk management when you are changing work practices or environments and responding to workplace incidents or concerns. The duties under the model WHS laws can be challenging to interpret. However, Safe Work Australia has developed a code of practice (Code) to provide practical guidance on achieving the required workplace health and safety standards. They have provided effective ways for you to identify and manage risks in your business to ensure WHS compliance.

This article outlines some practical tips to help you comply with your WHS duties.

Identify Your Duty Holders

As an employer, you have the primary duty of care to ensure the health and safety of your workers. Under the model WHS laws, duty holders include:

  1. persons conducting a business or undertaking;
  2. officers; and
  3. workers.

You should identify your duty holders (e.g. by reviewing your organisational structure) and ensure that they understand their obligations. A person can have multiple duties, and more than one person can have the same duty at the same time.

You can provide a workplace induction and implement a WHS policy to inform your duty holders of their responsibilities and the potential consequences for contravening the policy.

Undertake a Risk Management Process

The Code includes the following figure to illustrate the risk management process.


1. Identify Hazards

You should identify what could cause harm to people, including physical and mental injury or illness. For example, hazards may arise from the:

  • physical work environment;
  • use of equipment, material and substances; and
  • work process.

The Code provides the following examples of common hazards.



Potential harm

Manual tasks

Tasks involving sustained or awkward postures, high or sudden force, repetitive movements or vibration

Musculoskeletal disorders such as damage to joints, ligaments and muscles


Falling objects, falls, slips and trips of people

Fractures, bruises, lacerations, dislocations, concussion, permanent injuries or death


Excessive time pressure, bullying, violence and work-related fatigue

Psychological or physical injury or illness


Exposure to live electrical wires

Shock, burns, damage to organs and nerves leading to permanent injuries or death

Machinery and equipment

Being hit by moving vehicles, or being caught in moving parts of machinery

Fractures, bruises, lacerations, dislocations, permanent injuries or death

Hazardous chemicals

Acids, hydrocarbons, heavy metals, asbestos and silica

Respiratory illnesses, cancers or dermatitis

Extreme temperatures

Heat and cold

Heat can cause burns and heat stroke or injuries due to fatigue

Cold can cause hypothermia or frostbite


Exposure to loud noise

Permanent hearing damage


Ultraviolet, welding arc flashes, microwaves and lasers

Burns, cancer or blindness



Hepatitis, legionnaires' disease, Q fever, HIV/AIDS or allergies

How to Identify Hazards

Furthermore, the Code also includes tips to identify hazards. For example, you should:

  • inspect the workplace – you should regularly walk around and observe the workplace;
  • follow the good work design and safe design principles – you should incorporate effective risk control measures early in the design process to promote healthy and safe work tasks, systems, environment and structures;
  • consult your workers – for example, you can conduct a worker survey or ask your workers about health and safety issues they have encountered;
  • consult your supply chains and networks – for example, you should speak with your suppliers and service providers to identify hazards and risks; and
  • review available information – for example, you can seek information and advice from regulators, legal advisors, WHS advisors, unions, industry associations and technical specialists.

2. Assess Risks

A risk assessment involves determining, firstly, how hazards may cause harm. Secondly, you must assess how severe the harm could be. Finally, you should assess the likelihood of the harm occurring.

This step may not be necessary if the risks are known and you have measures to control the risks. However, expert or specialist advice can be helpful if you are conducting a risk assessment of a complex situation.

3. Control Risks

You should implement and maintain effective measures to control risks. To assist, the Code provides the following figure to illustrate the hierarchy of control measures.


To elaborate on this figure, the hierarchy of control measures includes:

  • elimination – for example, you can eliminate the risk of your worker falling from a height by instructing them to do the work at ground level;
  • substitution, isolation and engineering controls – for example, you can substitute solvent-based paints with water-based ones, isolate exposed edges and holes in floors from your workers by installing guardrails, or provide mechanical devices such as trolleys for jobs that require your workers to move heavy loads;
  • administrative controls – for example, you can develop safe work procedures, provide WHS training to your managers and workers, implement anti-discrimination, bullying and harassment policies and use signs to warn people of a hazard; and
  • personal protective equipment – for example, you can provide your workers with face masks, hard hats, protective eyewear, ear muffs and gloves.

The most effective control measure involves eliminating the risk. However, if this is not reasonably practicable, you should work through the alternatives in the hierarchy to minimise the risk.

4. Review Hazards and Control Measures

You should regularly review your control measures for effectiveness and improvements.

Keep Records

You should keep records of the risk management process, such as information about:

  • the identified hazards and assessed risks;
  • the control measures implemented;
  • consultations with officers, managers, workers and suppliers;
  • provision of training; and
  • plans for changes.

Key Takeaways

You should identify the duty holders in your business and ensure that they understand and comply with their obligations. Furthermore, you should also undertake and keep records of risk management processes. A risk management process involves identifying hazards, assessing risks, implementing measures to control risks and continually reviewing the control measures.