Risk management policy template
A free, ready-to-edit risk management policy template for Australian businesses. Set out your risk appetite, a clear assessment methodology, the hierarchy of controls and who is accountable — so you can manage workplace risk systematically and meet your WHS duties. No signup required.
Risk management policy
PDF format • Ready to download
By downloading, you agree to our template disclaimer
This risk management policy template reflects Australian work health and safety standards at the time of publication and is provided as a general guide to adapt for your business and specific workplace hazards. It does not constitute legal, HR, or professional advice and should not be relied on as a substitute for advice specific to your business, workforce, or circumstances.
Why your business needs a risk management policy
A risk management policy is the official document that sets out how your organisation identifies, analyses and controls the risks that could affect your objectives — from financial and operational risks to the work health and safety hazards your people face every day. It defines your appetite for risk, the methodology you use to assess it, and who is accountable at every level from frontline staff to the owners or board.
Under Australian WHS law, every PCBU (person conducting a business or undertaking) must manage risks to health and safety so far as is reasonably practicable. A documented policy demonstrates that systematic approach to regulators, insurers and your team — and it pairs naturally with your WHS policy and hazard & risk policy.
Good risk management is more than compliance: it prevents incidents before they disrupt operations, protects your people, and supports better decisions. Store the policy and capture employee acknowledgements in your HR software so you can show every worker has read and understood it.
What a risk management policy should cover
The essentials of a systematic risk framework
Purpose & scope
Why you manage risk and which activities, sites and people the policy applies to.
Risk appetite & tolerance
How much risk the business is willing to accept in pursuit of its objectives.
Risk identification
How risks and hazards are identified systematically across the business.
Assessment methodology
Rating likelihood and consequence to prioritise the risks that matter most.
Hierarchy of controls
The preferred order for eliminating or minimising each identified risk.
Roles & responsibilities
Who is accountable for managing risk, from workers to leadership.
What's included in this template
A complete framework for identifying, assessing and controlling risk
Purpose & scope
Why risk management matters and the activities and people it covers.
Risk management framework
The overarching structure aligned with WHS duties and good practice.
Risk appetite & tolerance
The level of risk the business is prepared to accept.
Risk identification process
How hazards and risks are identified across the workplace.
Assessment methodology
Likelihood, consequence and a risk matrix to set priorities.
Hierarchy of controls
Elimination through to PPE as the order for treating risk.
Risk register
Recording, owning and tracking identified risks and their controls.
Monitoring & review
Schedules and triggers for reviewing risk assessments.
Roles & responsibilities
Accountability from frontline workers to owners or board.
Review & acknowledgement
Policy maintenance, consultation and employee sign-off.
Assessing and controlling risk
A consistent method keeps decisions defensible
Define your risk appetite
A good policy states how much risk the business is willing to accept in pursuit of its objectives. Setting risk appetite and tolerance up front gives managers a consistent benchmark — so similar risks are treated the same way across teams and sites, and you focus effort where it matters most.
Consultation is a legal duty
Under WHS law you must consult workers on matters that affect their health and safety. Involve the people who do the tasks, plus supervisors and health and safety representatives — they understand the real risks. Document who you consulted as part of a WHS assessment.
The risk management process
Identify
Systematically find the hazards and risks across tasks, sites and activities.
Assess
Rate likelihood and consequence to prioritise each risk.
Control
Apply the hierarchy of controls, starting with elimination.
Review
Monitor controls and reassess when work or conditions change.
Record every risk, its rating, owner and controls in a risk register so nothing is lost between reviews — and keep it alongside your incident reporting policy so lessons from incidents feed back into your assessments.
When you assess a risk, combine likelihood (how probable it is) with consequence (how severe the outcome would be) to produce a risk rating, then treat high-likelihood, high-consequence risks first. Always work down the hierarchy of controls — eliminate the hazard if you can, then substitute, isolate, apply engineering and administrative controls, and use PPE only as a last resort. Safe Work Australia’s model WHS laws and codes of practice set out how to manage risk so far as is reasonably practicable.
Who should use this template?
Every Australian business with employees has a duty to manage risk
Especially valuable in higher-risk sectors like construction, manufacturing and healthcare, where a documented framework supports due diligence.
Compliance resources
Official guidance on managing work health and safety risk.
Manage your policies the easy way
RosterElf helps Australian businesses store policies, capture employee acknowledgements at onboarding and keep an audit trail — all in one place.
Related guides
Build out your safety and compliance process
Related templates
Build a complete safety management system
Risk management policy FAQ
-
A risk management policy is an official document that sets out an organisation’s overarching strategy for identifying, analysing and controlling risk. It defines the purpose and scope, the business’s risk appetite and tolerance, the methodology used to assess risks, the controls applied, and the roles and responsibilities for managing risk — from frontline staff through to the owners or board.
-
A complete policy should include its purpose and scope, the risk management framework, your risk appetite and tolerance, a process for identifying risks, an assessment methodology (likelihood and consequence), the hierarchy of controls, a risk register, monitoring and review arrangements, clear roles and responsibilities, and an employee acknowledgement.
Before you download
General information only — not legal advice
This document is a general HR template provided for informational purposes only. It is not legal advice and may not reflect the latest changes in legislation or apply to every workplace situation. RosterElf Pty Ltd and the template provider accept no liability for any loss arising from reliance on this document. Users should seek independent legal advice and customise the template to ensure it complies with all relevant laws, awards and workplace requirements.