A WHS Risk Register is not technically required under the WHS Legislation. Nor is this term discussed in ISO 45001 or ISO 31000. However, this document for capturing strategic and operational risks can be the most useful tool in the management system kit bag.

Broadly speaking, legislation requires that an organisation identifies their risks and then controls them. A WHS risk register is the simplest way to demonstrate this.

The How to manage work health and safety risks Code of Practice (2021), suggests on a couple of occasions that “You may prepare a risk register identifying the hazards, what action needs to be taken, who will be responsible for taking the action and by when“. Using a WHS Risk Register has a range of benefits, including:

  • It enables risks to be collated and prioritised for management.
  • It is a central repository that houses the organisation’s strategic and operational WHS risks.
  • It provides evidence of the application of risk assessments.
  • When shared with Senior Managers it provides evidence to support their fulfillment of their due diligence requirements.
  • The prioritisation of the risks in the Register can provide the starting point of all planned improvements and the associated resourcing requests.
  • It is the validation point from which assurance activities are initiated, targeting the weak or ineffective controls, with the aim of strengthening them.

QRMC advocates that it should be a centre-piece document of a Management System.

Obviously, a Risk Register does not equal Risk Management, as the Risk Register is simply a tool to aid the organisation to be more systematic in relation to their management of risks, be they focussed on a specific discipline like WHS, quality or the environment or enterprise wide.

The WHS Risk Register should reflect the organisation’s approach to the management of their identified WHS risks, linking the risks identified (such as those associated with working at height or dealing with difficult customers) with the controls and the need for specific procedures and processes to manage the risk.

Overarching this, there should be a critical assessment of the risk details and the controls in place to determine (a) if there have been any changes, (b) if the controls are effective, and (c) whether it is ‘reasonably practicable’ to implement controls higher up the ‘hierarchy of controls’.

Please contact QRMC for information or assistance.