Risk Assessment and Management

Risk Assessment and
Management
Corporate Training Materials
Module One: Getting A good rule of
thumb is to
Started assume that
‘everything
Risk assessment and management is matters’.
essential for the success of any

Richard Thaler
business. However, many companies
do not always take the necessary
precautions, which leads to disaster.
Successfully managing risks will
prevent mistakes, which leads to a
safer work environment, happier
employees, and increased
productivity.
Workshop Objectives
Update Disaster
Identify
control recovery
hazards
measures plan
Module Two: Identifying To win, you
have to risk loss.
Hazards and Risks
Jean-Claude
Every organization has both hazards Killy
and risks. Identifying hazards and

risks is necessary for risk
management. Hazards and risks are
often confused with each other.
Determining the difference between
a hazard and a risk will increase the
effectiveness of the risk management
program.
What Is a Hazard?
Sharp
Electricity
objects
Chemicals
What Is a Risk?
Not a hazard
Chance of harm
Harm from a hazard

Consult with Employees
Valuable resource
Unique understanding
Communicate clearly
Likelihood Scale
0 – Impossible
1 – Remote possibility
2 – Medium possibility
3 – Probable
Case Study
Sean is an outside hire to his new
management position
An employee tells him that one of the machines needs

to be replaced
Sean believes that asking for new equipment this soon

is not wise
Two months later, an employee thought the machine

was turned off and got her hand caught in it
Module Two: Review Questions
1. What is Not a potential hazard?
a) Energy sources
b) Substances
c) Practices
d) They are all hazards
2. A loss to an employee’s property is part of which of the follows?

a) Risk
b) Assessment
c) Hazard
d) Management
3. What places an employee’s hearing at risk?
a) Noise exposure
b) Chemical exposure
c) Elevated temperature
d) Electrical exposure
4. What is necessary to identify first in risk management?

a) Risks
b) Hazards
c) Communities at risk
d) Control measures
5. When should you consult employees?
a) About every change to the way a job is done
b) After implementing change
c) At meetings
d) Whenever you are legally obligated to consult employees
6. What feedback should you pay attention to from employees?

a) Supportive feedback
b) Critical feedback
c) Feedback from middle management
d) All of it
7. Which score would you give to an impossible event?
a) 1
b) 0
c) 3
d) 2
8. Which score would you give to a risk that has a greater than 25%
chance of happening?
a) 1
b) 0
c) 3
d) 4
9. What is the complaint about the machine?
a) Takes too long to warm up
b) Does not shut off properly
c) It is old
d) It is dirty
10.Why does Sean ignore the complaint about the equipment?

a) There are no incident reports
b) He does not trust the employee
c) He has already inspected the machine
d) He used the machine himself
1. What is Not a potential hazard?
a) Energy sources
b) Substances
c) Practices
d) They are all hazards
Hazards are any potential harm. They include materials, substances, sources of
energy, processes, practices, and conditions.
2. A loss to an employee’s property is part of which of the follows?
a) Risk
b) Assessment
c) Hazard
d) Management
Hazards can cause any harm. This includes harm to the employee’s property.
3. What places an employee’s hearing at risk?
a) Noise exposure
b) Chemical exposure
c) Elevated temperature
d) Electrical exposure
All of the answers are examples of risks. Noise exposure is a risk that affects
hearing.
4. What is necessary to identify first in risk management?
a) Risks
b) Hazards
c) Communities at risk
d) Control measures
Hazards need to be identified before risks are identified. The first step
to the risk management process is identifying the hazards.
5. When should you consult employees?
a) About every change to the way a job is done
b) After implementing change
c) At meetings
d) Whenever you are legally obligated to consult employees
It is important to consult employees about every change. They are a valuable
resource that should be utilized.
6. What feedback should you pay attention to from employees?
a) Supportive feedback
b) Critical feedback
c) Feedback from middle management
d) All of it
It is tempting to only acknowledge feedback that is agreeable. It is important,
however, to pay attention to all feedback.
7. Which score would you give to an impossible event?
a) 1
b) 0
c) 3
d) 2
All of the answers are scores on the likelihood scale. An impossible risk is 0. It is
rarely used.
8. Which score would you give to a risk that has a greater than 25% chance of
happening?
a) 1
b) 0
c) 3
d) 4
All of the answers are scores on the likelihood scale. An event that has over a 25%
chance of happening is probable. It is a 3 on the likelihood scale.
9. What is the complaint about the machine?
a) Takes too long to warm up
b) Does not shut off properly
c) It is old
d) It is dirty
The employee tells Sean that the machine does not shut off properly. This
increases the risk for an injury.
10. Why does Sean ignore the complaint about the equipment?
a) There are no incident reports
b) He does not trust the employee
c) He has already inspected the machine
d) He used the machine himself
Sean ignores the complaint. He points out that the piece of equipment had no
recent incident reports.
Module Three: Seeking Out Problems Take calculated
risks. This is
Before They Happen (I) quite different
from being rash.
The purpose of a risk assessment is
General
to seek out problems before they George Patton
happen. This allows you to prevent
accidents and emergencies, or you
can at least be better prepared when
emergency situations do occur. This
requires and understanding of the
business and vigilance.
Unique to Your Business
Physical Location
Risks Risks
Human Technology
Risks Risks
Walk Around
How tools are used
Different methods used to

complete tasks
Materials used
Long Term and Short Term
Immediate consequences
Long term can be easy to miss
Develop over time

Common Issues
Slip and fall areas

Clutter
Extension cords
Falling objects
Case Study
The QRT manufacturing company was
growing
The owner considered moving to a larger location but

cost stopped the move
Clutter soon developed and parts had to be stacked

higher and higher
An employee was injured after falling into a shelving

unit
Module Three: Review Questions
1. A business built on a fault line faces which type of risk?
a) Location
b) Physical
c) Human
d) Technology
2. Which of the following is an example of a physical risk?

a) Crime
b) Chemical leak
c) Intoxication
d) Hacking
3. Which area of the organization should be walked around?
a) Manufacturing areas
b) Sales area
c) All of it
d) Problem areas
4. When should you make a list of potential problems?

a) After the walk around
b) Before the walk around
c) At the end of the day
d) During the walk around
5. What is an example of a long term problem?
a) Loose wiring
b) Hearing loss to noise
c) Chemical leak
d) Broken equipment
6. What is an example of a short term problem?

a) Emphysema from asbestos exposure
c) Repetitive motion injury
d) Broken equipment
7. What will help prevent common problems?
a) A clean and neat environment
b) Inspections
c) A trained workforce
d) Nothing
8. A slip and fall area is an example of which of the following?

a) Unique issue
b) Hazard
c) Common issue
d) Technology risk
9. What developed after the company began to grow?
a) Clutter developed
b) The workspace expanded
c) The electricity went out
d) Nothing
10.How did the employee become injured?

a) Chemical spill
b) Electric shock
c) Tripped
d) Wet floor
1. A business built on a fault line faces which type of risk?
a) Location
b) Physical
c) Human
d) Technology
The location of a company plays a role in natural disasters. The placement over the
fault line is a problem that needs to be addressed.
2. Which of the following is an example of a physical risk?
a) Crime
b) Chemical leak
c) Intoxication
d) Hacking
Chemicals are part of the work environment. They are included under physical
risks.
3. Which area of the organization should be walked around?
a) Manufacturing areas
b) Sales area
c) All of it
d) Problem areas
Walking around the organization is necessary to identify problems. It is important
to walk around every part of the organization.
4. When should you make a list of potential problems?
a) After the walk around
b) Before the walk around
c) At the end of the day
d) During the walk around
Walking around is necessary for potential problems. Lists should be made during
the walk around.
5. What is an example of a long term problem?
a) Loose wiring
c) Chemical leak
d) Broken equipment
Hearing loss because of noise occurs over time. It is an example of a long term
problem.
6. What is an example of a short term problem?
a) Emphysema from asbestos exposure
c) Repetitive motion injury
d) Broken equipment
Broken equipment is a short term problem. The other answers are examples of
long term problems.
7. What will help prevent common problems?
a) A clean and neat environment
b) Inspections
c) A trained workforce
d) Nothing
Common issues involve falls and injuries. Keeping the environment clean and neat
will prevent many common issues.
8. A slip and fall area is an example of which of the following?
a) Unique issue
b) Hazard
c) Common issue
d) Technology risk
Common issues appear in every organization. Slip and fall areas are common
issues.
9. What developed after the company began to grow?
a) Clutter developed
b) The workspace expanded
c) The electricity went out
d) Nothing
The location became too small for the growing business. Clutter began to develop
in the workspace.
10. How did the employee become injured?
a) Chemical spill
b) Electric shock
c) Tripped
d) Wet floor
The employee tripped on debris. This caused him to fall into the shelves and knock
them over on him.
Module Four: Seeking Out Problems If you do not
actively attack
Before They Happen (II) risks, they will
actively attack
Problems can occur at any time. This you.
is why you must always be prepared Tom Gib

to address them. Seeking out
problems before they occur requires
you to ask questions. You must pay
attention to the risks of external
events and preparing for the worst
case scenario.
Ask “What would happen if … ?”
Low Medium High

Impact Impact Impact
External Events
Suppliers Customers Visitors
Traffic Parking Environment

Worst Case Scenarios
Be prepared
Unique to your business
Develop an appropriate back up

Consequence Scale
Insignificant
Minor
Moderate
Major
Catastrophic
Case Study
Jane carefully planned her risk assessment
for every internal aspect of the business
A supplier delivered an order and stacked it in the

hallway
Part of the order included cleaning supplies that broke

and spilled
They created a chemical reaction that produced

noxious fume
Module Four: Review Questions
1. Which level of impact would you place on something that requires
more information?
a) High Impact
b) Needs more information
c) Low Impact
d) No Impact
2. Which level of impact would you assign to a problem that can be

remedied easily?
a) Medium Impact
b) No Impact
c) High Impact
d) Low Impact
3. Which type of event is less predictable?
a) External
b) Internal
c) Critical
d) Noncritical
4. What is Not an example of an external event?

a) Customers
b) Visitors
c) Workflow
d) Traffic
5. What happens when everything goes wrong at once?
a) Worst case scenario
b) External event
c) Crisis
d) Internal crisis
6. What determines the worst case scenario?

a) Timing
b) Business
c) Schedule
d) Question
7. What would an event that results in hospitalization be considered?
a) Major
b) Minor
c) Moderate
d) Catastrophic
8. What event would result in multiple deaths?

a) Major
b) Minor
c) Moderate
d) Catastrophic
9. How long did it take Jane to address the problem?
a) Days
b) One day
c) 8 hours
d) 12 hours
10.What did Jane overlook?

a) Internal events
b) Worst case scenario
c) Consequences
d) External events
1. Which level of impact would you place on something that requires more
information?
a) High Impact
b) Needs more information
c) Low Impact
d) No Impact
Do not place levels of impact when you need more information. Designate it as
needs more information.
2. Which level of impact would you assign to a problem that can be remedied easily?
a) Medium Impact
b) No Impact
c) High Impact
d) Low Impact
Low impact problems do not cause a great impact. They are also easy to remedy.
3. Which type of event is less predictable?
a) External
b) Internal
c) Critical
d) Noncritical
External events are less predictable than internal events. Internal events
are easier to control.
4. What is Not an example of an external event?
a) Customers
b) Visitors
c) Workflow
d) Traffic
A workflow is not an external event. The other answers are external
events.
5. What happens when everything goes wrong at once?
a) Worst case scenario
b) External event
c) Crisis
d) Internal crisis
Everything going wrong at once is an example of the worst case scenario.
It is a specific type of crisis.
6. What determines the worst case scenario?
a) Timing
b) Business
c) Schedule
d) Question
The worst case scenario is different for every business. It is based on the
needs of the business.
7. What would an event that results in hospitalization be considered?
a) Major
b) Minor
c) Moderate
d) Catastrophic
All of the answers are on the consequence scale. A moderate event on the
consequence scale would result in a hospitalization.
8. What event would result in multiple deaths?
a) Major
b) Minor
c) Moderate
d) Catastrophic
All of the answers are on the consequence scale. An event with multiple deaths
would be considered catastrophic.
9. How long did it take Jane to address the problem?
a) Days
b) One day
c) 8 hours
d) 12 hours
The problem occurred one day. It took days for Jane to handle because she was
not prepared for what happened.
10. What did Jane overlook?
a) Internal events
b) Worst case scenario
c) Consequences
d) External events
The event was caused by a supplier. This is an example of an external event.
Module Five: Everyone’s You cannot
escape the
Responsibility responsibility of
tomorrow by
Managing risks does not stop with evading it
today.
the management team. Everyone is
responsible for the safety of the Abraham
Lincoln
business environment. The risks and
potential problems that an
organization faces must be clear to
employees at all levels.
See It, Report It!
Take responsibility
Create a system
Actively encourage
employees
If It’s Not Safe, Don’t Do It
Safety is Appropriate
primary equipment
Listen to Stop work

employees authority
Take Appropriate Precautions
Safety equipment
Safety training
Security
Communicating to the
Organization
Identify the information
Consider the audience
Create the communication
Choose communication methods
Case Study
Jake was in charge of implementing new
safety standards
Standards include wearing safety glasses and aprons
Jake completed a quick repair without following the

safety guidelines
Other employees soon followed his example

Module Five: Review Questions
1. How will employees know what to report?
a) Common sense
b) Employee manual
c) List
d) They will not
2. What should be posted in case problems are
identified?
a) Rules
b) Emergency contact information
c) Meeting places
d) Nothing
3. What message does it send when leaders ignore safety rules?
a) No one
b) The attendees
c) You
d) The rules are not important
4. What allows employees to choose if the workplace is safe?

a) Stop work authority
b) OSHA
c) Consequence scale
d) Nothing
5. Who determines the appropriate precautions?
a) General risk
b) Company risks
c) Employee handbook
d) Minute taker
6. What is Not a common safety precaution?

a) Fire alarm
b) Security
c) Clean room
d) Safety equipment
7. What is necessary for communicating risks and
precautions?
a) Create a plan
b) Talk with employees
c) Send memos
d) Nothing
8. What is necessary when considering the audience?

a) Timing
b) Location
c) Communication
d) Barriers to communication
9. Why did Jake ignore the safety standards?
a) He did not like them
b) He was in a hurry
c) They were not available
d) He did not ignore them
10.What safety precaution did the injured employee ignore?

a) Wear glasses
b) Wear an apron
c) Use proper ergonomics
d) Cover her hair
1. How will employees know what to report?
a) Common sense
b) Employee manual
c) List
d) They will not
A list should be created of risks that employees need to be aware of in the
workplace. This will help them know what to report.
2. What should be posted in case problems are identified?
a) Rules
b) Emergency contact information
c) Meeting places
d) Nothing
Emergency contact information should be posted. It is included in the list
of risks that employees need to report.
3. What message does it send when leaders ignore safety rules?
a) No one
b) The attendees
c) You
d) The rules are not important
Leaders who do not follow safety rules give the impression that the rules are not
important. They are not leading by example.
4. What allows employees to choose if the workplace is safe?
a) Stop work authority
b) OSHA
c) Consequence scale
d) Nothing
Stop work authority provides employees with the ability to determine if work is
safe. They are allowed to stop working when they determine it is not safe.
5. Who determines the appropriate precautions?
a) General risk
b) Company risks
c) Employee handbook
d) Minute taker
There are common risks and precautions. The unique risks of the company
will determine the appropriate precautions.
6. What is Not a common safety precaution?
a) Fire alarm
b) Security
c) Clean room
d) Safety equipment
Clean rooms are not common to most companies. The other answers are
common safety precautions.
7. What is necessary for communicating risks and precautions?
a) Create a plan
b) Talk with employees
c) Send memos
d) Nothing
Risks and precautions need to be communicated. This requires creating a plan of
communication.
8. What is necessary when considering the audience?
a) Timing
b) Location
c) Communication
d) Barriers to communication
The audience needs to be considered when planning communication.
Communication barriers for the audience should be considered.
9. Why did Jake ignore the safety standards?
a) He did not like them
b) He was in a hurry
c) They were not available
d) He did not ignore them
Jake ignored the safety standards. He did this because he was in a hurry.
10.What safety precaution did the injured employee ignore?
a) Wear glasses
b) Wear an apron
c) Use proper ergonomics
d) Cover her hair
The employee did not cover her hair. It was caught in the polish wheel.
Module Six: Tracking and In God we trust;
all others bring
Updating Control Measures data.
Control measures are essential to risk W. Edwards

management. The risk assessment allows Deming
you to effectively track control measures. By

tracking control measures, you will be able
to update them as necessary. Updated
control measures ensure that the work
environment is safe for everyone and that it
remains safe as changes occur within the
organization.
What Is a Control Measure?
Eliminate Substitute Isolate
Engineered Administrative Protective

controls controls equipment
Your Business Procedures
Every business has
different needs
Inspect equipment
Develop unique
measures
Are They Adequate?
Surveys and checklists
Changes in the number of incidents
Performance indicators
Updating and Maintaining
Evaluate
Changes can cause updating
Are they effective?

Case Study
The BCD Corporation established control
measures based on government regulations
The company saw massive growth due to increased

sales
There was an increase in missing inventory, and

employees began to report theft
The security measures remained in place, but they

were obviously ineffective
Module Six: Review Questions
1. What is the most desirable control measure?
a) Protective equipment
b) Eliminate
c) Substitute
d) Isolate
2. What determines which type of control measure is used?

a) Goals
b) Company objectives
c) Money
d) How easily a risk can be avoided
3. What determines the business procedures?
a) Business needs
b) Field of work
c) Personal preference
d) State laws
4. What type of organization would require inspections done more

frequently?
a) Large one
b) Small one
c) Busy one
d) Slow one
5. When is it Not necessary to evaluate control measures and
procedures?
a) Every month
b) Each year
c) After new procedures
d) After company changes
6. When do control measures change?

a) Each year
b) With the company
c) With evaluations
d) Before evaluations
7. What is necessary to determine if key activities are in
compliance?
a) Assurance
b) Evaluations
c) Checklist
d) Control measures
8. What external change would require an update?

a) Thought
b) Listening
c) Lack of interest
d) Government regulation
8. What changes in the company?
a) Loss
b) Growth
c) New leadership
d) Nothing
10.What risk increased?

a) Workplace violence
b) Hacking
c) Injury
d) Theft
1. What is the most desirable control measure?
a) Protective equipment
b) Eliminate
c) Substitute
d) Isolate
The most desirable control measure is at the top of the hierarchy. This is to
eliminate or remove the hazard or risk from the environment.
2. What determines which type of control measure is used?
a) Goals
b) Company objectives
c) Money
d) How easily a risk can be avoided
The control measures necessary for a hazard or risk will vary. It will depend on how
easily the risk can be avoided.
3. What determines the business procedures?
a) Business needs
b) Field of work
c) Personal preference
d) State laws
Business procedures are unique. They are based on the needs of each business.
4. What type of organization would require inspections done more frequently?
a) Large one
b) Small one
c) Busy one
d) Slow one
Busy organizations use their equipment frequently. They require inspections to be
done more frequently.
5. When is it Not necessary to evaluate control measures and procedures?
a) Every month
b) Each year
c) After new procedures
d) After company changes
Control measures should be evaluated every year at a minimum. It is not,
typically, necessary to evaluate them each month.
6. When do control measures change?
a) Each year
b) With the company
c) With evaluations
d) Before evaluations
Control measures need to change as the company does. Evaluations help
determine if change is necessary.
7. What is necessary to determine if key activities are in compliance?
a) Assurance
b) Evaluations
c) Checklist
d) Control measures
Key activities are established to create quality assurance. A checklist will
determine if the activities are met.
8. What external change would require an update?
a) Thought
b) Listening
c) Lack of interest
d) Government regulation
Government regulations can alter business. This would require an update
of control measures.
8. What changes in the company?
a) Loss
b) Growth
c) New leadership
d) Nothing
The company saw massive growth. This occurred months after
establishing control measures.
10. What risk increased?
a) Workplace violence
b) Hacking
c) Injury
d) Theft
Employee theft increased after the expansion. This occurred despite
security measures being established.
Module Seven: Risk It’s important to
take risks, but
Management Techniques it’s idiotic to
take them
Once the risks are assessed, they blindly.
must be managed carefully. There are Terry Levine

four basic risk management
techniques, and your company
probably uses all of them. The
management technique that you use
will vary according to the severity of
the risk and the current stability of
the organization.
Reduce the Risk
Training programs
Security system
Machine maintenance
Transfer the Risk
•Indemnification
•Certificates of insurance
•Additional insurance status

Avoid the Risk
Not always practical
Consider risk and reward
Do not overlook an opportunity

Accept the Risk
Active
Small risks
acceptance
Passive
acceptance
Case Study
Kara was known for her successful business
strategies
Karen was offered the chance to expand by buying out

her main competitor
She refused because of the financial risk
After six months, Kara was having trouble meeting her

projected goals
Module Seven: Review Questions
1. What limits the severity of a risk?
a) Reduce the risk
b) Transfer the risk
c) Avoid the risk
d) Accept the risk
2. What should be considered when choosing a way to reduce the

risk?
a) Severity of the risk
b) Diminished loss
c) Cost of implementation
d) Reason for reduction
3. What places the legal liability on a specific party?
a) Certificate of insurance
b) Indemnification
c) Additional insurance
d) Nothing
4. What does certificate of insurance offer?

a) Additional coverage
b) Limited liability
c) Removal of liability
d) Proof of coverage
5. What is the purpose of avoiding risk?
a) Examine it
b) Minimize it
c) Eliminate it
d) Transfer it
6. What should be considered before avoiding a risk?

a) Risks
b) Consequences
c) Rewards
d) Risk and reward
7. Which of the following has a plan of action?
a) Active acceptance
b) Passive acceptance
c) Avoidance
d) Acceptance
8. Which of the following is an example of acceptance?

a) Certificate of coverage
b) Refusing insurance
c) Indemnification
d) Additional insurance
9. What happened to Kara’s competition?
a) Closed
b) Grew
c) Loss
d) Low voice
10.Kara’s company was affected how long after the purchase?

a) Three months
b) One month
c) Six months
d) Immediately
1. What limits the severity of a risk?
a) Reduce the risk
b) Transfer the risk
c) Avoid the risk
d) Accept the risk
The severity of a risk may be limited if it cannot be avoided. This is a strategy to
reduce the risk.
2. What should be considered when choosing a way to reduce the risk?
a) Severity of the risk
b) Diminished loss
c) Cost of implementation
d) Reason for reduction
There is typically more than one way to reduce a risk. The cost of implementation
should be considered when establishing a strategy.
3. What places the legal liability on a specific party?
a) Certificate of insurance
b) Indemnification
c) Additional insurance
d) Nothing
Indemnification is contractual. It places the legal liability on a specific party.
4. What does certificate of insurance offer?
a) Additional coverage
b) Limited liability
c) Removal of liability
d) Proof of coverage
It is safe to demand a certificate of coverage. This is proof of specified coverage.
5. What is the purpose of avoiding risk?
a) Examine it
b) Minimize it
c) Eliminate it
d) Transfer it
Avoiding risk is a common strategy. The purpose is to eliminate the risk.
6. What should be considered before avoiding a risk?
a) Risks
b) Consequences
c) Rewards
d) Risk and reward
It is important to consider both risks and rewards. This will prevent you from
missing out on opportunities.
7. Which of the following has a plan of action?
a) Active acceptance
b) Passive acceptance
c) Avoidance
d) Acceptance
There are two types of acceptance. Active acceptance includes a plan in case
something goes wrong.
8. Which of the following is an example of acceptance?
a) Certificate of coverage
b) Refusing insurance
c) Indemnification
d) Additional insurance
Acceptance is not avoiding the risk. Refusing insurance is a common example of
accepting risk.
9. What happened to Kara’s competition?
a) Closed
b) Grew
c) Loss
d) Low voice
The competitor’s sales grew after being purchased. Kara’s company struggled.
10. Kara’s company was affected how long after the purchase?
a) Three months
b) One month
c) Six months
d) Immediately
Kara’s company was affected by the competition. This occurred six months after
the purchase.
Module Eight: General Office Safety doesn’t
happen by
Safety and Reporting accident.
It is important not to overlook the Anonymous

importance of safety in the office
setting. A large number of accidents
occur in the seemingly safe office
environment. While it is important to
try and prevent accidents in the office,
it is equally important to be prepared in
the event that accidents occur.
Accident Reports
All accidents
Follow local laws
Injury may show up later
Accident Response Plans
Chain of command
Minor to catastrophic
Collect evidence/information
Emergency Action Plan
Procedures to report emergency
Evacuation procedures
Rescue and medical procedures
Each employee must be trained

Training and Education
Risks change
Everyone = new Identify risks
training
Case Study
Sharon worked in a safe office environment
that was free of incidents and injuries
She was surprised when a box fell off of a shelf in the

supply closet and on her shoulder
Sharon decided that a report was not necessary
Two days later, Sharon woke up to discover that she

had trouble moving her shoulder and neck
Module Eight: Review Questions
1. Which section of the accident report may not be completed?
a) Employee
b) Medical provider
c) Supervisor
d) None
2. What should be provided along with the Medical Provider

information?
a) Report
b) Patient history
c) Doctor’s note
d) Incident plan
3. What should be done after analyzing evidence?
a) Draft a report
b) Make changes
c) Secure scene
d) Establish chain of command
4. What level of accident requires an accident response plan?

a) Minor accidents
b) Major accidents
c) Catastrophes
d) All of them
5. When may emergency action plans be verbally communicated?
a) With fewer than 10 people
b) With more than 10 people
c) Always
d) Never
6. When should employees first be exposed to the emergency action

plan?
a) When roles change
b) When plan changes
c) When hired
d) When risks appear
7. When does safety education begin?
a) With training
b) At hiring
c) After orientation
d) With new information
8. What should be done when new risks are identified?

a) Communicate consequences
b) Avoid them
c) Accept them
d) Create new training programs
9. How long did it take symptoms to appear?
a) Immediately
b) Two days
c) Never
d) One day
10.What did Sharon do immediately after the incident?

a) Sit down
b) File a report
c) See a doctor
d) Go back to work
1. Which section of the accident report may not be completed?
a) Employee
b) Medical provider
c) Supervisor
d) None
Employees may not require medical treatment after an accident. The
medical provider section may not be completed.
2. What should be provided along with the Medical Provider information?
a) Report
b) Patient history
c) Doctor’s note
d) Incident plan
The medical provider needs to fill out the accident report. A doctor’s note
also needs to be provided.
3. What should be done after analyzing evidence?
a) Draft a report
b) Make changes
c) Secure scene
d) Establish chain of command
After evidence is analyzed, a report needs to be written. The report will be
the basis for any change.
4. What level of accident requires an accident response plan?
a) Minor accidents
b) Major accidents
c) Catastrophes
d) All of them
Accident response plans are necessary for all accidents. This includes
minor accidents and catastrophes.
5. When may emergency action plans be verbally communicated?
a) With fewer than 10 people
b) With more than 10 people
c) Always
d) Never
Emergency plans should be written. They may be verbal when there are fewer
than 10 people.
6. When should employees first be exposed to the emergency action plan?
a) When roles change
b) When plan changes
c) When hired
d) When risks appear
Employers need to review the emergency action plan with employees when they
are first hired. They need to review the plans when there are changes to the plan
or employee roles.
7. When does safety education begin?
a) With training
b) At hiring
c) After orientation
d) With new information
Safety education is essential for all employees. It needs to begin at hiring.
8. What should be done when new risks are identified?
a) Communicate consequences
b) Avoid them
c) Accept them
d) Create new training programs
Employees need to be aware of all the risks that they face. New risks
require new training programs.
9. How long did it take symptoms to appear?
a) Immediately
b) Two days
c) Never
d) One day
The symptoms of whiplash appeared after two days. This was too late to
make a report.
10. What did Sharon do immediately after the incident?
a) Sit down
b) File a report
c) See a doctor
d) Go back to work
Sharon’s manager told her to sit down. This is what Sharon did after the
accident.
Module Nine: Business In the last
analysis, sound
Impact Analysis judgment will
prevail.
The business impact analysis is used to
calculate the consequences of potential Joseph Cannon
disruptions, and it determines what is
necessary for a company to recover. The
risk assessment identifies the potential
losses that the organization faces as
well as severe risks. Combining the
information of the risk assessment with
the business impact analysis will allow
you to prepare for risk and overcome
the impact that they have on the
organization.
Gather Information
Research Interviews
Conference
calls
Identify Vulnerabilities
Affect operations
Potential emergencies
List threats
Analyze Information
How would losing this
function affect the business?
What would losing this

function cost?
Do other systems rely on

this function?
Implement Recommendations
Identify the best

Review
venue for
recommendations
implementation
Confirm Schedule the

commitment from implementation
participants process
Case Study
Alec had a business in an area prone to
severe weather
He never established the ways that his business was

vulnerable
A large tornado swept through the city, but missed the

Alec’s business
Damage to city’s infrastructure led to flooding in his

building
Module Nine: Review Questions
1. Information gathered needs to be ________.
a) Specific
b) Important
c) Broad
d) New
2. Which method of research is typically used in the business impact

analysis?
a) Report
b) Research
c) Interview
d) Conference calls
3. What becomes a potential emergency?
a) Threat
b) Vulnerability
c) Risk
d) Hazard
4. Which threat is likely to cause the vulnerability of a power outage?

a) Hacking
b) Untrained employees
c) Economic change
d) Tornado
5. What is the first step to analyze information?
a) Ask questions
b) Verify
c) Set priorities
d) Gather data
6. What is the best method to verify data?

a) Group interview
b) Questionnaire
c) Face-to-face interview
d) Research
7.What do you need before implementation?
a) Support of superiors
b) Review
c) Schedule
d) Communication
8. What is necessary after implementation?

a) Schedule
b) Communication
c) Review
d) Communication and review
9. What damaged the infrastructure?
a) Mold
b) Tornado
c) Hurricane
d) Flooding
10.What did Alec never consider a threat to the business?

a) Mold
b) Tornado
c) Hurricane
d) Flooding
1. Information gathered needs to be ________.
a) Specific
b) Important
c) Broad
d) New
The information gathered for a business impact analysis needs to be specific. It
should focus on a specific critical function.
2. Which method of research is typically used in the business impact analysis?
a) Report
b) Research
c) Interview
d) Conference calls
Interviews and questionnaires are the main sources of research. They allow control
of the questions.
3. What becomes a potential emergency?
a) Threat
b) Vulnerability
c) Risk
d) Hazard
Threats become vulnerabilities when they are able to affect the processes
of the organization. They become potential emergencies.
4. Which threat is likely to cause the vulnerability of a power outage?
a) Hacking
b) Untrained employees
c) Economic change
d) Tornado
Tornados are threats. They cause vulnerability in power outages and
structural damage.
5. What is the first step to analyze information?
a) Ask questions
b) Verify
c) Set priorities
d) Gather data
The first step to analyzing information is verifying data. This ensures that
the information is accurate.
6. What is the best method to verify data?
a) Group interview
b) Questionnaire
c) Face-to-face interview
d) Research
Verifying data requires reviewing responses. The best way to do this is
with a face-to-face interview.
7. What do you need before implementation?
a) Support of superiors
b) Review
c) Schedule
d) Communication
The support of superiors is necessary for implementation. This should be obtained
before implementation.
8. What is necessary after implementation?
a) Schedule
b) Communication
c) Review
d) Communication and review
The schedule should be established with implementation. After implementation,
communication and review are necessary.
9. What damaged the infrastructure?
a) Mold
b) Tornado
c) Hurricane
d) Flooding
The tornado caused damage to the infrastructure. This resulted in
flooding.
10. What did Alec never consider a threat to the business?
a) Mold
b) Tornado
c) Hurricane
d) Flooding
Alec knew that weather was a threat. He did not, however, consider the
possibility of flooding.
Module Ten: Disaster I always tried to
turn every
Recovery Plan disaster into an
opportunity.
Every organization needs a disaster John D.
Rockefeller
recovery plan. The disaster recovery
plan outlines the procedures that
need to be followed in the event of a
disaster to protect it. By considering
the consequences of disasters ahead
of time, the recovery plan will
mitigate their effects.
Make It Before You Need It
10% of businesses do not recover

People
Facilities
Data
Suppliers
Test, Update, and Repeat
Determine objectives
Collect results
Evaluate results
Update the plan

Hot, Warm, and Cold Sites
Hot: coordinated with the
existing site and fully stocked
Warm: transition to the warm

site
Cold: minimal back up sites

Keep Documentation Simple and
Clear
Keep it simple
Roles and responsibilities
Contingency procedures
Case Study
Sean transferred the client lists, ordering
system, and inventory to the computer
He neglected to plan for potential disasters
Sean discovered that he was the victim of a hacker
The entire computer system was taken offline

Module Ten: Review Questions
1. When should disaster recovery plans be made?
a) Ahead of time
b) When convenient
c) When hazards are identified
d) When a disaster comes
2. What do the necessary factors help with?

a) Provide information.
b) Disaster strategies
c) Make the employee read the documents in front of you.
d) Inform that manager that the employee has the information
3. What are testing measurements?
a) Purpose
b) Evaluation
c) Objectives
d) Results
4. What should you do after testing the plan?

a) Nothing
b) Change it
c) Record it
d) Evaluate it
5. Which type of the site resembles the work site?
a) Warm
b) Hot
c) Cold
d) None
6. Which type of worksite is most popular?

a) They are equally popular
b) Cold
c) Hot
d) Warm
7. Documentation needs to be _____.
a) Simple and clear
b) Efficient
c) Clear
d) Basic
8. What needs to be documented first?

a) Objective
b) Assumption
c) Objective
d) Resource plan
9. How long was it before the cyber-attack?
a) One month
b) Three months
c) Two months
d) One week
10.What did Sean think would protect his information?

a) Risk assessment
b) Disaster recovery plan
c) Coding
d) Virus software
1. When should disaster recovery plans be made?
a) Ahead of time
b) When convenient
c) When hazards are identified
d) When a disaster comes
Disaster recovery plans determine what should be done in a disaster. They
need to be made ahead of time.
2. What do the necessary factors help with?
a) Provide information.
b) Disaster strategies
c) Make the employee read the documents in front of you.
d) Inform that manager that the employee has the information
Disaster strategies are necessary to create disaster plans. Necessary
factors help determine necessary disaster strategies.
3. What are testing measurements?
a) Purpose
b) Evaluation
c) Objectives
d) Results
The objectives are the measurements established for a test. The purpose
is what is being evaluated.
4. What should you do after testing the plan?
a) Nothing
b) Change it
c) Record it
d) Evaluate it
Testing the plan requires evaluation. After the tests are evaluated, record
the progress.
5. Which type of the site resembles the work site?
a) Warm
b) Hot
c) Cold
d) None
The hot site is similar to the original worksite. This allows a simple
transition in emergencies.
6. Which type of worksite is most popular?
a) They are equally popular
b) Cold
c) Hot
d) Warm
Warm site are popular because they are cost effective. They also offer
more than a cold site.
7. Documentation needs to be _____.
a) Simple and clear
b) Efficient
c) Clear
d) Basic
Documentation needs to be simple and clear. This includes format and
wording.
8. What needs to be documented first?
a) Objective
b) Assumption
c) Objective
d) Resource plan
All of the answers need to be documented in the plan. The objective
needs to be documented first.
9. How long was it before the cyber-attack?
a) One month
b) Three months
c) Two months
d) One week
The cyber-attack proved to be a disaster. It occurred one month after
transitioning to computers.
10. What did Sean think would protect his information?
a) Risk assessment
b) Disaster recovery plan
c) Coding
d) Virus software
Sean believed that the virus software would protect him. He also believed
passwords would protect him.
Module Eleven: Summary If you treat risk
management as
of Risk Assessment a part-time job,
you might soon
The risk assessment is essential to find yourself
looking for one.
risk management and many other
strategies. This requires an Deloitte
understanding of risk assessment and

risk assessment strategies. The ability
to apply risk assessment techniques
in the office will improve safety for
employees and the organization.
What are the Hazards?
Talk to
Walk around
employees
Long-term
Evaluate
and short-
operations
term
Who Might Be Harmed?
People
with
Customers Employees Vendors
increased
risk
Are Current Control Measures
Sufficient?
Depend on the hazard
Evaluate
Refer to local regulations

If Not, Change Control Measures
Communicate changes
Safest environment possible
Change and implement

Case Study
Jean took the time to identify hazards in the
department
She made a list of the hazards
Jean forgot to consider people who have a higher risk

of injury and members of the public
Eventually, an elderly customer with limited mobility

had difficulty navigating slippery floors
Module Eleven: Review Questions
1. What should be done while trying to identify hazards?
a) Keep a list
b) Summarize hazards
c) Identify risks
d) Schedule assessment
2. What should be done after you have established a list of

hazards?
a) Summarize the list
b) Review the list
c) Consider hazards
d) Identify risks
3. Who does Not need to be considered when determining who could
be harmed?
a) Customer
b) Employee
c) Everyone is considered
d) Vendor
4. An employee injured while handling chemicals experiences which

kind of harm?
a) Hazard
b) Indirect
c) Risk
d) Direct
5. What will have its own control measure?
a) Process
b) Hazard
c) Injury
d) Procedure
6. Control measures need to meet _____.

a) Procedures
b) Processes
c) Government regulations
d) Employee standards
7. You come up with new control measures. What do you need to do
first?
a) Communicate changes
b) Implement changes
c) Monitor them
d) Evaluate them
8. What would a piece of equipment with a hazard of flying debris

require?
a) Separation
b) Administrative controls
c) Isolation
d) PPE
9. Who was injured?
a) Employee
b) Customer
c) Vendor
d) No one
10.What caused the injury?

a) Nothing
b) Electricity
c) Falling items
d) Slippery floor
1. What should be done while trying to identify hazards?
a) Keep a list
b) Summarize hazards
c) Identify risks
d) Schedule assessment
It takes time to identify hazards. Keep a list while identifying hazards.
2. What should be done after you have established a list of hazards?
a) Summarize the list
b) Review the list
c) Consider hazards
d) Identify risks
After identifying hazards, it is necessary to review the list. Reviewing
allows you to identify the hazards.
3. Who does Not need to be considered when determining who could be harmed?
a) Customer
b) Employee
c) Everyone is considered
d) Vendor
It is important to consider everyone when determining who could be harmed. This
includes customers, employees, and vendors.
4. An employee injured while handling chemicals experiences which kind of harm?
a) Hazard
b) Indirect
c) Risk
d) Direct
Handling chemicals places the employee directly near the chemical. This is direct
harm.
5. What will have its own control measure?
a) Process
b) Hazard
c) Injury
d) Procedure
Control measures are used to control hazards. Each hazard will have its
own control measures.
6. Control measures need to meet _____.
a) Procedures
b) Processes
c) Government regulations
d) Employee standards
Control measures are necessary for hazards. They need to meet the
government regulations.
7. You come up with new control measures. What do you need to do first?
a) Communicate changes
b) Implement changes
c) Monitor them
d) Evaluate them
Once you establish changes, the first thing you need to do is communicate them.
Then, implement the changes.
8. What would a piece of equipment with a hazard of flying debris require?
a) Separation
b) Administrative controls
c) Isolation
d) PPE
Personal protective equipment (PPE) protects the body from hazards. This is
necessary for flying debris.
9. Who was injured?
a) Employee
b) Customer
c) Vendor
d) No one
The woman who was injured was a customer. She was elderly with
mobility problems.
10. What caused the injury?
a) Nothing
b) Electricity
c) Falling items
d) Slippery floor
A slippery floor caused the injury. The customer’s mobility issues made
navigating the floors difficult.
Module Twelve:
Wrapping Up
Although this workshop is coming to a
close, we hope that your journey to
improve your skills is just beginning.
Please take a moment to review and
update your action plan. This will be a
key tool to guide your progress in the
days, weeks, months, and years to
come.
We wish you the best of luck on the rest
of your travels!
Words from the Wise
• When our leaders accept the

Max
status quo, we run the risk of
Bazerman
disaster.
• To make a mistake is only

Cicero human; to persist in a mistake is
idiotic.

Risk Assessment and Management

Uploaded by

Copyright:

Available Formats

You might also like

Risk Assessment and Management

Uploaded by

Document Information

Original Description:

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Risk Assessment and Management

Uploaded by

Copyright:

Available Formats

Risk Assessment and

essential for the success of any

and risks. Identifying hazards and

Harm from a hazard

An employee tells him that one of the machines needs

Sean believes that asking for new equipment this soon

Two months later, an employee thought the machine

2. A loss to an employee’s property is part of which of the follows?

4. What is necessary to identify first in risk management?

6. What feedback should you pay attention to from employees?

10.Why does Sean ignore the complaint about the equipment?

How tools are used

Different methods used to

Long term can be easy to miss

Develop over time

Slip and fall areas

The owner considered moving to a larger location but

Clutter soon developed and parts had to be stacked

An employee was injured after falling into a shelving

2. Which of the following is an example of a physical risk?

4. When should you make a list of potential problems?

6. What is an example of a short term problem?

8. A slip and fall area is an example of which of the following?

10.How did the employee become injured?

is why you must always be prepared Tom Gib

Low Medium High

Suppliers Customers Visitors

Traffic Parking Environment

Unique to your business

Develop an appropriate back up

A supplier delivered an order and stacked it in the

Part of the order included cleaning supplies that broke

They created a chemical reaction that produced

2. Which level of impact would you assign to a problem that can be

4. What is Not an example of an external event?

6. What determines the worst case scenario?

8. What event would result in multiple deaths?

10.What did Jane overlook?

Listen to Stop work

Standards include wearing safety glasses and aprons

Jake completed a quick repair without following the

Other employees soon followed his example

4. What allows employees to choose if the workplace is safe?

6. What is Not a common safety precaution?

8. What is necessary when considering the audience?

10.What safety precaution did the injured employee ignore?

Control measures are essential to risk W. Edwards

you to effectively track control measures. By

Eliminate Substitute Isolate

Engineered Administrative Protective

Surveys and checklists

Changes in the number of incidents

Changes can cause updating

Are they effective?

The company saw massive growth due to increased

There was an increase in missing inventory, and

The security measures remained in place, but they

2. What determines which type of control measure is used?