Skip to content

5 Common Reasons Risk Assessments Fall Short

Risk assessments can be a valuable tool to prevent injuries and environmental accidents — but only if they’re done properly.

Here are five of the most common reasons risk assessments fall short and how to fix them:

Reason #1: You didn’t conduct a formal risk assessment

There are many reasons an organization might fail to conduct a risk assessment. Sometimes, organizations don’t require formal risks assessments, or don’t have enough resources to perform them. In other cases, organizations simply aren’t aware that a particular hazard needs to be managed in the first place.

Be sure your organization has clearly outlined when risks assessments will be performed, who will be responsible for them, and how you will ensure they are completed. As a rule of thumb, risk assessments should be conducted:

  • Anytime a new process or activity is introduced
  • Before changes are made to existing processes or activities
  • When hazards are identified

Reason #2: You don’t have a standardized process for risk assessments

EHS risk management has evolved dramatically over the last few decades, and there are many different views on the “best” way to conduct risk assessments.

It’s important that everyone responsible for risk assessments in your organization agrees on how data will be collected and analyzed. Otherwise, if everyone is doing things differently, it will be nearly impossible to get useful data.

It's worth taking the time to outline how risk assessments should be conducted so that everyone's on the same page.

Reason #3: You can’t see the big picture

When your risk assessment information is spread out across various spreadsheets and paper files at different facilities and locations, it’s hard to get a clear picture of your organization’s risk profile.

This prevents teams from identifying and addressing serious risks before they cause an accident.

The best solution is to start using a risk register. A risk register, also known as a risk registry or risk matrix, is a central record of all the risks you've identified across your organization.

Here's an example of what a risk registry looks like in Perillon:



Reason #4: You don’t have a way to prioritize risks and controls

In order to allocate resources effectively, you must be able to determine which risks are the most critical. The most effective organizations make risk management decisions based on quantitative risk data, rather than guesswork or a “gut feeling”.

Risk scoring is the best way to determine which risks are the most serious and, as a result, which to control first. In risk scoring, each risk is assigned a numerical value depending on its severity and the likelihood that it will occur.


The benefit of being able to quantify risks in this way is that you don't have to take a "putting out fires" approach. You know which risks are most likely to occur and most significant, and can address them appropriately.

Reason #5: Failing to follow through on corrective and preventive actions

Knowing which risks are present in your organization is only the first step. In order to be effective, risks assessments must be linked to appropriate corrective and preventive actions.

The most successful organizations have a built-in process for ensuring follow up on risk assessment findings. When issues are identified, the appropriate parties must be notified in a timely manner and corrective actions assigned and tracked to closure.

Whether you accomplish this manually or through risk management software, it’s a critical step in accident prevention and ensuring your risk assessments don’t fall short.

New call-to-action