Introducing Marketplace: Fast-track your ERM system implementation
Learn More

In this blog, David Tattam summarised his insights of the second live session "A Risk Management Framework for WHS" in the webinar series "A Deep Dive into Workplace Health and Safety".

In our previous webinar, we looked at WHS Treatment Methods & Controls. We explored: 

  • Types & Nature of Controls
  • ISO 3100 & WHS Legislation
  • Proactive & Reactive Risk Management
  • Optimal Treatment Methods
  • The importance of incorporating WHS Risk Management into the ERM Framework.

Michael Martin from C-Suite Safety Solutions joined me for the third webinar of the series focusing on a Risk Management Framework for WHS.

ERM Framework

“I love portraits. I've always been fascinated by the fact that when you put a frame on
something you create limits for it. It makes it look dead. The same works with labels,
which is a popular hobby most people have nowadays, labeling.”

Nuno Roque

A Framework is only as good as the practices that come out of it. We have to be careful that the framework is flexible enough to work outside of itself because sometimes it can restrict us. Risk Management, particularly WHS, needs to be flexible to cater for changing situations very, very quickly. It is also important to consider labels and wording. Keep it real, keep it relevant. In WHS use plain English that your front-line staff will understand.

What is the value of a Framework?

Frameworks provide context, alignment, and a 'skeleton' on which we can add the meat of Risk Management. However, just because we have a framework doesn't mean we are managing our risks and WHS effectively.

In the webinar, we discussed the benefits of aligning your ERM and WHS frameworks to the ISO 3100 Risk Management standard and principles:

  • Communication & Consultation
  • Scope, Context & Criteria- this includes our Risk Appetite, Strategy/Objectives & Critical Processes/Projects 
  • Risk Assessment
  • Risk Analysis
  • Risk Treatment (including Controls)
  • Monitoring & Review
  • Recording & Reporting

ISO 3100 covers all risks an organisation faces, including WHS. Organisation strategy and objectives are key. Given that risk is the effect of uncertainty on objectives, an organisations mission and objective includes keeping people safe.

WHS is an integral part of the management model. in our first poll, we asked participants 'To what degree do you believe your WHS risk management is linked to your strategic and operational objectives?'  Here are the results:


WHS Webinar 3 Poll 1


  • 10% have no linkage at all
  • 75% partially linked
  • 15% fully linked.

We should be aspiring to align WHS Risk Management to our strategic and operational objectives. Risk Management is outcome management. This alignment will ensure that you will have the buy in of management and employees. 

WHS Risk Framework

In the webinar, Michael explored how the ERM Framework has commonality with the WHS Framework and the new International OHS ISO 45001 Standard and the crucial importance of a positive and inclusive safety culture. We asked the participants 'what risk management framework does their organisation have in place?' Here are the results:

WHS Webinar 3 Poll 2


  • 11% of participants had no formal frameworks in place
  • 67% about 2/3 of participants have a separate ERM & WHS Framework
  • 22% have an integrated framework

Michael and I believe that with integration, the more prominence WHS will have. It is an integral part of the ERM framework.

Risk Appetite for WHS Risks

Risk Appetite is defined as “The degree of risk that the organisation is prepared to accept in pursuit of its objectives and business plan.”

Risk Appetite provides the organisation with the freedom to make decisions, operate, take risks and to fail within boundaries. From a governance perspective it enables executive management to exercise appropriate oversight and governance by setting the allowable boundaries and enabling risk reporting based on where the business risk are with respect to the boundaries.

In determining risk appetite for WHS risks we need to fully incorporate the regulatory requirements to mitigate WHS risk "As Low As Reasonably Practicable (ALARP)". Does risk appetite needs to reflect our guidance on what is ALARP?  

The primary obligation in applying ALARP is:

"…that which is, or was at a particular time, reasonably able to be done to ensure health and safety, taking into account and weighing up all relevant matters…"

We need to balance the risk and the cost of reducing the risk. "The cure must not be worse than the problem."

Risk Appetite can then be applied in decision making using the Can I?, Should I? tests. 

1. Can I? Is it within the organisation’s Risk Appetite?
2. Should I? Are the rewards to the organisation and its Stakeholders worth it for the
level of risk?

Risk Appetite also gives us the terminology to articulate our:

  • Risk Capacity
  • Risk Tolerance
  • Triggers 

Michael discussed in the webinar how an organisation needs to ask themselves, how much are they prepared to loose? Or how much are they prepared to accept? and does this appetite align to their risk management point of view:

1. Has impact changed?
2. When was your last review?
3. Is there alignment?
4. Does the value need to be adjusted?

in our final poll, we asked our participants 'How long has it been since your organization evaluated its WHS risk matrix descriptors?' Here are the results:

WHS Webinar 3 Poll 3

  • 53% less than 2 years
  • 24% between 2 & 5 years
  • 20% of participants do not know

If you do not know the answer to this question, I encourage you ask your organisation how often does this evaluation occur? Do these risk matrix descriptors need to be reviewed?

Process & Systems Framework

As we have highlighted in this and the previous two webinars it is important to integrate your Risk Management Processes, Framework, and WHS. Having central libraries of risks, risks taxonomy, controls, and control taxonomy ensures an integrated view and reporting of risks and WHS. 

However, as we have discussed in this webinar, having a framework is not enough, we need to 'live' this by this framework, understand what our boundaries are, respect and follow the processes and empower our people to work within those boundaries by weighing up the Risk Vs Reward. 

In our next webinar we will continue the conversation, by looking at Risk & Hazard Assessment.

To access the recording of the previous webinars and to save your spot for the upcoming webinars click the image below.

WHS webinar CTA

Related Articles

feature image
Risk Appetite, Webinars

Risk Appetite Development and Operationalisation - Q&A

Protecht recently conducted a webinar on “Risk Appetite: Development and Operationalisation” covering our North American, EMEA and APAC markets. A...
Read more
feature image
Risk Management, ERM, Protecht.ERM

Risk Appetite Driven Decision Making

"Would you rather?" is a party game that poses dilemmas by asking questions starting with "would you rather?". As an example: Would you rather be...
Read more
feature image
Webinars, Protecht.ERM

Operational Resilience Leadership Webinar Wrap Up

The drivers of operational resilience are creating a perfect storm. On one hand, the financial services regulators are demanding action while on the...
Read more