RosterElf Logo
Start trial
HOW-TO GUIDE

How to conduct a WHS risk assessment in Australia

A complete guide to identifying hazards, assessing risks, and implementing controls that comply with Australian WHS laws. Covers the 4-step process, risk matrix, hierarchy of controls, and documentation to support your WHS policy obligations.

12 min read
Georgia Morgan

Written by

Georgia Morgan

General information only – not legal advice

This guide provides general information about WHS risk assessments in Australia. For your specific situation, consult Safe Work Australia, your state WHS regulator, or a qualified WHS professional. It does not constitute legal, HR, or professional advice and should not be relied on as a substitute for advice specific to your business, workforce, or circumstances.

HR Hub disclaimer Modern Awards Fair Work

What is a WHS risk assessment?

A WHS risk assessment is a systematic process of identifying hazards in your workplace, evaluating the risks they pose, and implementing controls to eliminate or minimise those risks. It is the foundation of any WHS management system.

Under Australian WHS laws, persons conducting a business or undertaking (PCBUs) must ensure the health and safety of workers and others so far as is reasonably practicable. Risk assessment is the primary mechanism for meeting this duty and demonstrating compliance to a regulator.

4 steps

Identify → Assess → Control → Review

6 hazard types

Physical, chemical, biological, ergonomic, psychosocial, environmental

6 controls

Hierarchy from elimination down to PPE

Key principle: The WHS Act requires you to eliminate risks so far as is reasonably practicable, and where elimination is not possible, to minimise risks. A documented risk assessment is how you demonstrate compliance. See how to conduct an HR audit to review your broader compliance picture.

When to conduct a risk assessment

According to Safe Work Australia, risk assessments are required in the following situations:

When fixing a specific hazard or incident

After any near-miss, injury, or hazard report — reassess the area or task involved.

When changing work practices, processes, or machinery

Any new equipment, chemical, or procedure may introduce hazards not previously present.

Periodically, as part of regular workplace maintenance

Schedule routine reviews at least annually for ongoing risks, or more frequently for high-risk tasks.

When new staff are hired or new hazard information is available

New workers may face unfamiliar hazards; new safety data may change your risk picture.

Don't wait for an incident: A proactive assessment is always preferable. If a regulator investigates an incident and you have no documented risk assessment, you may face significant penalties under the WHS Act.

6 steps to conducting a WHS risk assessment

Follow this process to identify and control all workplace hazards. Consult workers at every step — they experience hazards firsthand and WHS law requires their involvement.

1

Prepare for the assessment

Gather relevant information, assemble your team, and plan the scope of the assessment.

Key actions:

  • Review previous incident reports, hazard registers, and past assessments
  • Involve workers and health and safety representatives (HSRs) in the process
  • Define assessment scope: full workplace, specific area, or particular task
  • Gather relevant Safe Work Australia codes of practice for your industry
2

Identify hazards

Systematically identify all hazards that could cause harm to workers or others in the workplace.

Key actions:

  • Walk through the workplace observing work practices and conditions
  • Talk to workers about hazards they've noticed or experienced
  • Review safety data sheets (SDS) for hazardous chemicals
  • Consider all hazard types: physical, chemical, biological, ergonomic, psychosocial
3

Assess the risks

Evaluate each hazard to determine the level of risk based on likelihood and potential consequence.

Key actions:

  • Consider how likely it is that harm will occur
  • Consider how severe the harm could be (minor injury to fatality)
  • Factor in who might be harmed and how many people are exposed
  • Use a risk matrix to categorise risks as low, medium, high, or extreme
4

Control the risks

Implement control measures using the hierarchy of controls, starting with elimination where possible.

Key actions:

  • Elimination: Remove the hazard completely (most effective)
  • Substitution: Replace with something less hazardous
  • Isolation: Separate people from the hazard
  • Engineering controls: Physical changes to the workplace
  • Administrative controls: Safe work procedures, training, signage
  • PPE: Last resort when other controls aren't reasonably practicable
5

Document the assessment

Record hazards, risk ratings, control measures, and responsible persons in a risk register.

Key actions:

  • Use a standardised risk assessment template
  • Record the date, assessor names, and area/task assessed
  • Document both existing and additional controls required
  • Assign responsibility and due dates for implementing new controls
6

Review and monitor

Schedule regular reviews and monitor the effectiveness of control measures over time.

Key actions:

  • Review after incidents, near-misses, or worker concerns
  • Review when work processes, equipment, or chemicals change
  • Review if control measures don't seem to be working
  • Schedule routine reviews at least annually for ongoing risks

How to use a risk matrix

A risk matrix combines likelihood (how probable is harm?) with consequence (how severe could it be?) to give a risk rating. Use it to prioritise which hazards need immediate action versus routine management.

Likelihood ↓ / Consequence → CatastrophicMajorModerateMinorNegligible
Almost certain ExtremeExtremeExtremeHighHigh
Likely ExtremeExtremeHighHighMedium
Possible ExtremeHighHighMediumLow
Unlikely HighHighMediumLowLow
Rare HighMediumMediumLowLow

Risk rating actions

Extreme

Immediate action — stop work if necessary

High

Senior management attention required urgently

Medium

Manage and monitor with specific controls

Low

Manage with routine procedures

Free templates: SafeWork NSW provides a free risk assessment tool with a built-in risk matrix. Safe Work Australia also publishes a model code of practice with example matrices for various industries.

Common workplace hazard categories

Consider all six categories when conducting your assessment. Psychosocial hazards are now explicitly regulated in most Australian states — don't overlook them. Read our workplace complaint guide for how to respond when a worker raises a concern.

Physical hazards

  • Slips, trips, falls
  • Moving machinery
  • Electrical hazards
  • Working at heights
  • Noise
  • Manual handling

Common in: All industries, especially construction, manufacturing, hospitality

Chemical hazards

  • Cleaning chemicals
  • Fumes and gases
  • Dust and particles
  • Flammable substances

Common in: Cleaning, manufacturing, agriculture, healthcare

Biological hazards

  • Infectious diseases
  • Blood and bodily fluids
  • Mould and bacteria
  • Animal bites/stings

Common in: Healthcare, aged care, childcare, hospitality

Ergonomic hazards

  • Repetitive movements
  • Poor workstation setup
  • Heavy lifting
  • Prolonged standing

Common in: Retail, office work, manufacturing, hospitality

Psychosocial hazards

  • Work overload
  • Bullying and harassment
  • Violence and aggression
  • Fatigue from shift work

Common in: All industries — now regulated in most states

Environmental hazards

  • Extreme temperatures
  • UV radiation
  • Poor lighting
  • Weather conditions

Common in: Construction, agriculture, outdoor work, transport

Hierarchy of controls

Always work through the hierarchy from top (most effective) to bottom (least effective). Higher-level controls provide more reliable protection because they don't rely on consistent worker behaviour.

1

Elimination

Most effective

Physically remove the hazard from the workplace

Example: Remove a trip hazard by fixing uneven flooring permanently

2

Substitution

Highly effective

Replace the hazard with a less dangerous option

Example: Use a less toxic cleaning chemical

3

Isolation

Very effective

Separate people from the hazard

Example: Install guards around machinery

4

Engineering controls

Effective

Design the hazard out of the process

Example: Install ventilation to remove fumes

5

Administrative controls

Moderate

Change the way people work

Example: Implement safe work procedures and training

6

PPE

Least effective

Provide personal protective equipment

Example: Provide safety glasses, gloves, hearing protection

PPE is a last resort — not a first response. It relies on correct selection, fit, maintenance, and consistent use. Only use it when higher-level controls aren't reasonably practicable, or as an interim measure while better controls are implemented.

Your workplace policies should document the controls you've selected. For industry-specific guidance, see the Safe Work Australia Code of Practice: How to Manage WHS Risks.

Common risk assessment mistakes

These errors can leave workers at risk and expose your business to regulatory liability:

Not involving workers

Risk: Missing hazards that workers experience daily. May breach WHS consultation requirements.

Solution: Include workers and HSRs in hazard identification and risk assessment discussions.

Only assessing after incidents

Risk: Reactive rather than preventive approach. Injuries occur before action is taken.

Solution: Conduct proactive assessments for all work activities, not just after something goes wrong.

Jumping straight to PPE

Risk: Relying on the least effective control. Higher risk of harm if PPE fails or isn't worn.

Solution: Always work through the hierarchy of controls. Use PPE as a last resort only.

Not documenting the assessment

Risk: No evidence of due diligence. Harder to demonstrate compliance if investigated.

Solution: Keep written records of all assessments, including hazards, risks, and controls.

Set and forget

Risk: Controls may become ineffective over time. New hazards may emerge undetected.

Solution: Schedule regular reviews and update assessments whenever circumstances change.

Regulatory sources & templates

This guide is aligned with official Australian WHS regulations. Reference these sources for your specific industry or state:

Safe Work Australia — Managing WHS risks

Model code of practice and hazard identification guidance

SafeWork NSW — Risk assessment tool

Free template with built-in risk matrix for general workplaces

Model WHS Regulations

The legislative framework underpinning WHS obligations in Australia

Related guides on this site

WHS policy template How to conduct an HR audit Handle a workplace complaint Return to work support guide

Track WHS compliance

RosterElf HR Hub helps you document safety assessments, training records, and compliance requirements. Built for Australian small businesses.

Start trial Book a demo
4.8 stars by 1,570 users
100+ countries 30,000+ users

Related guides

More resources for workplace health and safety compliance.

Write a workplace policy

Create clear, compliant WHS and HR policies for your team.

Learn more

Handle a workplace complaint

Respond to safety and HR complaints correctly and fairly.

Learn more

Return to work guide

Support injured workers back into the workplace safely.

Learn more
FAQ

Frequently asked questions

  • A WHS risk assessment follows four key steps: (1) Identify hazards by walking through the workplace, consulting workers, and reviewing incident records; (2) Assess risk by considering likelihood and consequence using a risk matrix; (3) Control risks using the hierarchy of controls — eliminate, substitute, isolate, engineer, administer, then PPE as a last resort; (4) Review controls regularly to ensure they remain effective. Document each step in a risk register. Refer to the Safe Work Australia Code of Practice: How to Manage WHS Risks for detailed guidance.
  • The 5 steps are: (1) Prepare — gather records, involve workers and HSRs, define the scope; (2) Identify hazards — inspect the workplace and consult workers about what could cause harm; (3) Assess risks — evaluate likelihood and severity using a risk matrix to prioritise action; (4) Control risks — implement controls using the hierarchy of controls (elimination first, PPE last); (5) Review — monitor controls and update the assessment after any incident or change in circumstances.
  • Common examples include: (1) A hospitality business assessing slip and fall risks in a wet kitchen; (2) A construction site assessing working-at-heights hazards before scaffolding is erected; (3) A healthcare facility assessing manual handling risks during patient transfers; (4) An office assessing ergonomic hazards at workstations; (5) A retail store assessing customer aggression and lone-working risks for staff on late shifts.
  • Start by involving workers and health and safety representatives (HSRs) — they know the daily hazards best. Walk through the workplace systematically, inspect equipment, review safety data sheets, and check incident logs. For each hazard, use a risk matrix to rate likelihood and consequence. Then apply controls starting from the top of the hierarchy of controls. Record everything in a risk register and schedule regular reviews. See our WHS policy template to document your obligations.
VERIFIED RATINGS

Trusted by 30,000+ workplaces

4.7+ average

Rated on Xero · Google · G2 · Capterra

Reduce compliance risk

Join thousands of Australian businesses using RosterElf to support your compliance efforts with workplace laws.

Start trial Book a demo
4.8 stars by 1,570 users
100+ countries 30,000+ users