Workplace Risk Assessments: Essential Australian Employer’s Guide

Keeping people safe at work isn’t a tick-the-box exercise in Australia - it’s central to how every business should operate. Whether you run a small team or manage a multi-site operation, taking a structured approach to workplace risks helps protect your people, reduce downtime, and safeguard your business.

In this guide, we explain what a workplace risk assessment is, how it fits within Australian work health and safety law, a practical process you can follow, and the key policies and documents that support ongoing compliance. By the end, you’ll have a clear roadmap you can apply in your business with confidence.

What Is a Workplace Risk Assessment?

A workplace risk assessment is a structured process to identify things that could cause harm (hazards), evaluate how likely and severe the harm could be (risk), and decide on practical steps to eliminate or minimise the risk.

In practice, this means looking closely at your tasks, equipment, work environment, and how work is organised. It also includes less visible but increasingly important hazards, such as stress, fatigue and other psychosocial risks.

The aim is simple: find the risks that matter most and control them so far as is reasonably practicable. Done well, risk assessment turns into a living system that underpins everyday decisions, training, procurement and incident response.

How Risk Assessments Fit Into Australian WHS and OHS Laws

Australia’s work health and safety framework sets out clear duties - but the details vary slightly by jurisdiction. Understanding the big picture will help you set up the right processes.

PCBU duty (harmonised WHS jurisdictions)

In jurisdictions that have adopted the model Work Health and Safety (WHS) laws, the primary duty rests with a Person Conducting a Business or Undertaking (PCBU). In most cases, that’s your company or partnership, not an individual “employer.” The PCBU must ensure, so far as is reasonably practicable, the health and safety of workers and others affected by the work.

Risk management - including identifying hazards and implementing controls - is a core part of meeting this duty. While the law doesn’t prescribe a single “formal” assessment method in every scenario, regulators expect PCBUs to take a systematic approach to risks that’s proportionate to the hazards in your workplace.

Victoria’s OHS framework

Victoria regulates under the Occupational Health and Safety Act 2004 (Vic) and OHS Regulations 2017 (Vic), rather than the model WHS laws. The duty landscape is similar in effect: duty holders must, so far as reasonably practicable, provide and maintain a working environment that is safe and without risks to health. A structured risk assessment and control process is a recognised way to meet that obligation.

Officers and workers also have roles

Company officers have a separate “due diligence” duty to ensure the business meets its WHS/OHS obligations (for example, by ensuring appropriate resources, systems and verification). Workers must take reasonable care for their own health and safety and follow reasonable instructions and policies.

Enforcement and penalties

Regulators can take compliance action for breaches of WHS/OHS duties whether or not someone was injured. Prosecution does not hinge on actual harm occurring - it turns on whether duties were breached. A well-documented risk management approach can be critical evidence of compliance if something goes wrong.

If you’re clarifying internal responsibilities, it’s wise to embed safety obligations into your Workplace Policy suite and make sure leaders understand their due diligence role. Our overview of an employer’s duty of care explains this in plain English.

A Practical, Step-By-Step Risk Assessment Process

Every business is different, but a five-step method works across most industries. Keep it proportionate: the higher the risk, the deeper your assessment and the stronger your controls should be.

1) Identify hazards

• Walk the work area, talk with workers, and review incident/near-miss data.
• Consider physical, chemical, biological, ergonomic and psychosocial hazards.
• Think about routine and non-routine tasks (maintenance, cleaning, deliveries).
• Include remote or after-hours work, contractors and visitors.

2) Assess the risks

• For each hazard, consider the likelihood of an incident and the potential consequences.
• Use a simple risk matrix to prioritise - focus first on high-consequence, higher-likelihood scenarios.
• Account for who might be harmed (workers, contractors, customers, the public).

3) Control the risks

Apply the hierarchy of control, prioritising measures that remove the hazard or reduce risk at the source:

• Eliminate: remove the hazard entirely (e.g. stop using a hazardous substance).
• Substitute: replace with something safer (e.g. lower-toxicity chemical).
• Engineer: isolate people from the hazard (guards, ventilation, redesign workspace).
• Administrative: procedures, training, job rotation, signage, safe work method statements.
• PPE: personal protective equipment as a last line of defence.

Often you’ll implement a combination. Make sure controls are practical, resourced and verified in the real world - not just on paper.

4) Record your approach

• Keep a risk register that captures the hazard, risk rating, chosen controls and a responsible person.
• Record training, inductions and equipment maintenance relevant to each control.
• Store incident and near-miss reports in an accessible system and analyse trends.

5) Review and improve

• Reassess risks at regular intervals and when work changes (new equipment, premises, processes or staff).
• Review after incidents/near misses and when new legal or industry guidance emerges.
• Engage workers in reviews - they often see issues first.

As you embed this cycle, align your documentation with your people processes. For example, capture safety obligations and reporting channels in your Staff Handbook so expectations are clear from day one.

Common Hazards To Consider (Including Psychosocial Risks)

Your list will depend on your industry, but most workplaces share recurring risk themes. Use these prompts as a starting point for your assessment.

Physical and ergonomic hazards

• Slips, trips and falls (poor housekeeping, uneven surfaces, wet areas).
• Manual handling and posture (lifting, repetitive tasks, workstation setup).
• Machinery and tools (unguarded moving parts, pinch points, noise, vibration).
• Electrical risks (damaged cords, overloading, maintenance practices).
• Vehicles and mobile plant (traffic management, reversing, loading docks).

Chemical and biological hazards

• Cleaning agents and solvents (storage, labelling, ventilation, exposure controls).
• Dusts and fumes (welding, woodworking, fabrication).
• Waste handling and sharps (hospitality, healthcare, laboratory settings).

Environmental and emergency risks

• Fire and evacuation readiness (alarms, exits, drills, extinguishers).
• Extreme weather and heat stress (outdoor work, warehouses, kitchens).
• Remote or isolated work (lone workers, communication plans, first aid access).

Psychosocial hazards

Australian regulators increasingly focus on psychosocial risks - factors in the design or management of work that may cause psychological harm. Examples include:

• High or sustained workload without support or control over priorities.
• Exposure to traumatic events, aggression or occupational violence.
• Poor role clarity, organisational change, or lack of recognition.
• Bullying, harassment, discrimination or sexual harassment.

Controls here may include workload planning, supervisor training, safe reporting pathways, and clear behavioural standards embedded in your mental health obligations approach and broader Workplace Policy framework.

Documents, Policies and Records To Support Your Risk Management

Risk assessments are most effective when supported by clear policies, practical procedures and reliable records. These documents help you embed safety into day-to-day work and demonstrate compliance if a regulator asks for evidence.

• WHS/OHS Policy: Sets your safety expectations, reporting responsibilities and commitment to consultation. This is often part of a broader Workplace Policy suite.
• Risk Register and Safe Work Procedures: A live record of hazards, risk ratings and control measures, with step-by-step procedures for higher-risk tasks.
• Training and Induction Records: Evidence that workers, contractors and supervisors are trained in relevant controls.
• Incident and Near-Miss Reporting: A simple, accessible process and form to capture what happened and follow-up actions. If an incident involves personal information, keep your Data Breach Response Plan in mind too.
• Emergency Management Plan: Evacuation procedures, warden roles, first aid arrangements and contact details.
• Employment Agreements and Role Descriptions: Reflect safety obligations and authority where relevant - your Employment Contract is a practical place to reinforce expectations about following policies and reporting hazards.
• Privacy and Records Management: If you collect worker or visitor information, a compliant Privacy Policy and collection practices are essential.

Not every workplace needs the same level of documentation, but most will need several of the above. The key is to tailor them to your industry, risks and size, and keep them current.

Keeping It Current: When To Review and Improve

Risk management is a cycle, not a one-off project. Set a review cadence and define the triggers that will prompt a fresh look.

Suggested review cadence

• At least annually for your overall risk register and key procedures.
• After any incident, injury, near miss or enforcement notice.
• When work changes (new premises, equipment, substances, technology or processes).
• When workforce changes occur (growth, new roles, significant turnover or new contractors).
• When legal or industry guidance changes, especially around psychosocial risks.

Consultation and verification

Consult with workers about hazards and controls - it’s a legal expectation and a practical way to uncover real-world issues. Verify that controls are in place and effective through inspections, maintenance logs, training refreshers and, where relevant, testing or monitoring.

Link safety to everyday operations

Embed risk thinking into procurement, rostering, budgeting and leadership KPIs. For example, when buying new equipment, include risk controls in your specification and induction plan. When planning rosters, factor in fatigue management alongside customer demand.

Finally, make your system easy to access and understand. Clear, concise documents in your Staff Handbook or intranet, quick-reference procedures at point of use, and straightforward reporting channels will do more for safety than any amount of complex paperwork.

Key Takeaways

• Under Australian WHS/OHS laws, the duty to manage risks sits with the business (PCBU in harmonised jurisdictions) and requires a systematic, “reasonably practicable” approach.
• A practical risk assessment follows five steps: identify hazards, assess risks, implement controls, record your approach, and review regularly.
• Consider both visible hazards (machinery, manual handling, slips) and psychosocial risks (workload, role clarity, bullying and harassment).
• Support your assessments with tailored documents and records, including a WHS policy, risk register, training logs, incident reporting, an incident response plan for data breaches where relevant, and clear Employment Contracts that reference safety duties.
• Proactive reviews, worker consultation and verification of controls are essential - compliance is about effective risk management in practice, not just paperwork.
• Embedding safety expectations in your Workplace Policy framework and Staff Handbook helps turn assessments into everyday action.
• If you’re unsure how the legal duties apply to your operations or need tailored documents, getting advice early will save time and reduce risk.

If you’d like a consultation or tailored support to set up risk assessments and workplace safety documents for your business, you can reach us at team@sprintlaw.com.au or 1800 730 617 for a free, no-obligations chat.