It's not just assessments!
Compiling a risk register and assessing each of those risks is a big job, but it is only the first step in the process. After you plan what to do about all those risks, you must follow through with the controls/mitigation strategies you decide on.
Part of implementing the controls is training workers to make sure they know what is required. You will also need to update any supporting documents – like Work Instructions and/or Safe Work Method Statements.
If you haven’t eliminated the risk (see Hierarchy of Controls), then the next part of the management process is monitoring – to make sure your controls are effective. Depending on the process, this may mean regular measurements to record and analyse, or checklists, inspections, and/or audits.
If you discover that the controls aren’t satisfactory, then you’ll need to take some action – either to reinforce the planned methods, or go back to the planning stage and look at putting more effective controls in place.
By now you’ve probably recognised that the risk management process follows the Plan – Do – Check – Act cycle!
An audit of the risk management process would look for evidence of follow through in all four stages.
PLAN: Risk Register is top level planning – thinking about risks and how to manage them.
DO: Updated documentation, training records – communicating the control methods we decided about
CHECK: Checklists, audit records – checking the controls are being followed and are effective.
ACT: Meeting minutes, task lists, improvement projects – taking action to remedy or improve the control measures.
Here’s some more details about identifying and assessing risks