Your organisation’s risk register is where all of your identified work-related hazards are contained. It is a key means of communicating risks with your governance, your management team, your workers, organisations you interact with, and us.

For each hazard there will be a number of identifying details, which will determine the risk and show both the actions taken and actions required to ensure this risk is being managed appropriately.

Risk registers are most often created in Excel, with each identified hazard listed beneath one another in the first column. As you progress across the row for each hazard, the columns will dictate the information required (which will come from your identification and assessment procedures, and your risk matrix).

Risk register example

Download an example of a risk register (that uses the above risk matrix) [PDF, 87 KB]

Risk register sample [PDF, 87 KB]

Note: Ensure your ‘Risk description’ for each risk allows you to differentiate between vastly different consequences (eg a carriage fire while on open track vs. in a long tunnel) or activities (eg a collision with a person – a scheduled service colliding with a member of public on track is different to a shunt colliding with a worker).

 Some of the columns we recommend include:

  • Ref no.: A reference number for the hazard (useful for related action plans)
  • Risk description: A summary of the hazard and what may cause it
  • Date raised/reviewed: The date the hazard was identified or reviewed
  • Potential consequences: A list of the things that could go wrong
  • Likelihood: A ranking given to the hazard based on how often an accident or incident may occur due to the hazard
  • Inherent risk rating: The overall rating given to the hazard based on the likelihood and consequence of an accident or incident before safety controls are in place (using the risk matrix)
  • Safety controls: A list of the safety controls in place to mitigate the risk
  • Assurance: The methods of tracking the effectiveness of the safety control
  • Residual risk rating: The overall rating given to the hazard based on the likelihood and consequence after safety controls have been put in place
  • Risk owner: The name of the position responsible for the hazard and safety control

Monitoring procedures

Once your organisation’s safety controls have been implemented, you need to have procedures in place to ensure they are effective, and that they are being used appropriately by workers. Some of these monitoring procedures and mechanisms include:

  • inspections, observations and walk-throughs
  • meetings and worker feedback
  • checklists and audits
  • independent reviews
  • technology (eg monitoring alarms on machinery, or gas alarms)
  • health surveillance records, and
  • environmental monitoring activity (eg air quality and noise testing).

Some of the other organisational aspects that need to be monitored in regards to risk management (outside of safety controls) include:

  • staff competencies – keep them up to date
  • staff training – ensure it’s still fit for purpose, and
  • accident and incident trends – do they identify areas which need attention to prevent recurrences?