Procedure overview
1 Purpose
To establish a systematic approach to identifying, assessing, controlling, and monitoring safety Risks at the University of Southern Queensland (UniSQ).
2 Scope
This Procedure applies to all Employees, Students, Contractors, and Visitors engaged in university-related activities. It covers all University of Southern Queensland (UniSQ) sites and locations, including campuses, remote workspaces, fieldwork, and virtual environments, both within Australia and overseas. It applies to all activities managed or influenced by the University.
3 Procedure Overview
This procedure outlines the University's approach to managing Work Health and Safety (WHS) Risks. It provides a structured process for identifying Hazards including psychosocial Hazards, assessing Risks, implementing controls, and reviewing their effectiveness to support the safety and wellbeing of Employees, Students, Contractors, and Visitors.
WHS Risk Management is a core part of the University's broader enterprise Risk framework and aligns with the University's legal obligations under the Work Health and Safety Act 2011 (Qld) and the How to Manage Work Health and Safety Risks Code of Practice 2021 (Qld). It should also be read in conjunction with the Enterprise Risk Management Policy and Procedure to ensure consistent and integrated Risk practices across the University.
4 Procedures
4.1 Risk Management Roles and Responsibilities
At the University, everyone involved in university-related activities shares responsibility for managing WHS Risk. Risk Management is a shared responsibility that must be embedded into planning, decision-making, and daily operations to ensure Risks are managed as far as is reasonably practicable.
Each person has a role in contributing to a proactive Risk Management culture, whether by conducting or contributing to Risk Assessments, implementing Control Measures, or monitoring their effectiveness. Specific responsibilities vary by role and are outlined in the Work Health and Safety Governance Procedure, which provides detailed guidance on WHS accountabilities across the University.
4.2 Risk Management Process
The University adopts a continuous improvement approach to managing Risks across all areas. WHS Risk Management is a structured, proactive, and ongoing process designed to identify, assess, and control Risks to ensure the health and safety of all members of the University Community.
Figure 1: WHS Risk Management Process
Risk Assessment
A Risk Assessment is a structured process used to identify potential Hazards associated with a workplace or activity, evaluate the likelihood and impact of harm, and implement Control Measures to reduce or eliminate Risks.
At the University, conducting a Risk Assessment is a critical step in protecting the health, safety, and wellbeing of Employees, Students, Contractors, and Visitors. It must be completed before any work or activity begins. This proactive approach helps prevent incidents by identifying and managing Risks in advance, rather than responding after harm has occurred.
Consultation
Consultation is a vital part of the Risk Assessment process. Engaging with workers and their health and safety representatives at each stage helps ensure all potential Hazards are identified and that Control Measures are practical and effective. The experience and insights of those involved in the work leads to better safety outcomes.
When to Complete a Risk Assessment
A WHS Risk Assessment must be conducted in situations such as, but not limited to:
- New or modified tasks, processes, or equipment
- Non-routine or infrequent tasks
- Use of hazardous substances or environments
- High-risk activities
- Work in unfamiliar or off-site locations
- Activities involving Students, Contractors, or Visitors
- In accordance with legislative, standards, or UniSQ procedural requirements
- After incidents or near-misses.
- Psychosocial factors (e.g., job insecurity, workload changes, role ambiguity)
- Organisational change (e.g., restructures, system upgrades, major process changes)
Non-Routine Tasks
These are tasks performed infrequently, without a documented procedure, or for the first time. Examples include:
- Lab Research with new chemicals/equipment
- Research projects with novel Risks or collaborators
- Fieldwork in remote/unfamiliar areas
- Travel for study, Research, or conferences
- Supervising off-campus activities
- Hosting large events or public engagements
- Installing/testing new technology or infrastructure
- Emergency or crisis response drills.
Managing Risk in Urgent or Non-Routine Situations
When time is limited, follow these steps:
- Conduct a quick “Take 5” Risk assessment
- Develop a basic task procedure
- Hold a pre-task discussion
- Clearly communicate Hazards and controls.
How to do a Risk Assessment
Conducting a Risk assessment involves four key steps: Identify, Assess, Control, and Review. Each step is essential to ensure Risks are effectively managed before any work or activity begins.
Step 1 - Hazard identification
Hazards may be identified during routine activities across the University's campuses or off-site locations. Common sources include:
- Inspections and audits
- Team meetings and safety discussions
- Incident investigations and follow-up actions
- Formal Risk Assessments and reviews
- Monitoring and evaluation processes
- General observations
- Local knowledge and experience.
Unaddressed Hazards can pose ongoing Risks to the University Community. For details on reporting Hazards, refer to the Incident Management Procedure.
Step 2 - Assess Risk
Once Hazards are identified, assess the level of Risk using the University Safety Risk Matrix. This helps determine the severity, likelihood, and required controls.
To assess the Risk:
- Determine the potential consequence (e.g., minor injury, serious injury, fatality)
- Estimate the likelihood of that consequence occurring
- Use the Risk Matrix to assign a Risk rating (Very Low to Extreme)
- Document the rating and controls in SafeTrak (the University WHS Risk Management system)
Higher Risk ratings require more urgent and robust controls and may need higher-level approval. For complex or high-risk scenarios, consult the HSW team or a qualified specialist.
Step 3 - Risk Control
Control Measures must reduce Risks to as low as reasonably practicable, following the Hierarchy of Controls:
- Elimination - Remove the Hazard entirely
- Substitution - Replace with a safer alternative
- Engineering Controls - Isolate people from the Hazard
- Administrative Controls - Change how the task is performed
- Personal Protective Equipment (PPE) - Use as a last resort
Key principles:
- Prioritise higher-level controls (elimination, substitution, engineering)
- Use lower-level controls (administrative, PPE) only when higher level options aren't feasible or as interim/supplementary measures
- Document reasons for choosing lower-level controls
- Refer to relevant Australian Standards or Codes of Practice where applicable
Figure 2: Hierarchy of Control
Implementing Controls
Once Risk Control Measures are identified, they must be implemented through a clear and structured action plan. This includes:
- Assigning responsibilities for each Control Measure
- Setting timelines for implementation based on Risk priority
- Allocating resources to support effective execution
- Training and communicating changes to all affected personnel
- Documenting actions and justifications in SafeTrak
- Verifying completion before work begins, with supervisor sign-off
Tools such as an Implementation Action Plan, Safe Operating Procedure (SOP), or Safe Work Procedure (SWP) provide step-by-step guidance, highlight potential Risks, and outline methods to eliminate or minimise those Risks. They also serve as valuable resources for training, supervision, and compliance with WHS legislation. Refer to WHS Training Procedure for further guidance.
Step 4 - Monitoring and Review of Risk Controls
To ensure Risk controls remain effective, they must be regularly monitored and reviewed. This includes:
- Routine inspections and audits to verify controls and identify new Risks
- Scheduled reviews - annually for routine tasks and immediate reassessment after incidents, near misses, or significant changes
- Updates to procedures and controls based on review findings, Employees or HSR feedback, and changes in legislation, standards, or University policies.
Approval and Authorisation
The overall Risk rating, which determines who must approve the Risk Assessment before work can begin, is based on the Residual Risk rating—the level of Risk remaining after Control Measures are applied. This means the required approval level may change depending on how effectively Risks are mitigated.
| Risk Rating | Approval Required |
| Extreme | Not permitted - must be re-evaluated |
| High | Vice-Chancellor's Executive (VCE) member* |
| Medium | Executive Director / Director / Head of School* |
| Low / Very Low | Supervisor* |
Key Requirements:
- The HSW team and HSRs may provide advice but cannot approve Risk Assessments.
- Approvers must acknowledge accountability for the Decision to proceed, confirming that:
- All Control Measures are in place and effective
- The level of Risk is acceptable
- The assessment meets the University Safety Management System and legislative requirements
- Work must not commence until:
- The Risk Assessment is formally approved
- Controls are implemented and verified
- Documentation is current, accessible, and communicated to all stakeholders
*Non-compliance with this process may trigger a formal review.
4.3 Documentation and Record Keeping
All Risk Assessments and related consultation activities must be documented and stored within the University's WHS Risk Management system, SafeTrak. This ensures records are accessible for reference, audits, and compliance, while also supporting transparency and continuous improvement in health and safety performance across the University.
4.4 Integration with Enterprise Risk Management (ERM)
WHS Risks are part of the University's broader Enterprise Risk Management (ERM) framework. Integration is achieved by:
- Applying consistent Risk criteria across WHS and ERM systems
- Recording significant WHS Risks in the enterprise Risk register
- Escalating Risks that fall outside the University's Risk Appetite and tolerance to the Executive Risk Committee, Vice-Chancellor, or University Council.
This alignment ensures that WHS Risks are managed in accordance with the University's strategic objectives and accepted levels of Risk. Refer to the Enterprise Risk Management Policy and Procedure for full details.
5 References
How to manage work health and safety risks Code of Practice 2011.
6 Schedules
This procedure must be read in conjunction with its subordinate schedules as provided in the table below.
7 Procedure Information
| Accountable Officer | Chief People Officer |
| Responsible Officer | Director (Health, Safety and Wellbeing) |
| Policy Type | University Procedure |
| Policy Suite | |
| Subordinate Schedules | |
| Approved Date | 16/2/2026 |
| Effective Date | 16/2/2026 |
| Review Date | 16/2/2031 |
| Relevant Legislation | |
| Policy Exceptions | |
| Related Policies | |
| Related Procedures | |
| Related forms, publications and websites | |
| Definitions | Terms defined in the Definitions Dictionary |
| Council means the governing body, the University of Southern Queensland Council....moreCouncil means the governing body, the University of Southern Queensland Council. A determination made by an Employee, contractor or other authorised delegate in the course of their duties on behalf of the University....moreA determination made by an Employee, contractor or other authorised delegate in the course of their duties on behalf of the University. A high level strategic directive that establishes a principle based approach on a subject. Policy is operationalised through Procedures that give instructions and set out processes to implement a Policy....moreA high level strategic directive that establishes a principle based approach on a subject. Policy is operationalised through Procedures that give instructions and set out processes to implement a Policy. An operational instruction that sets out the process to operationalise a Policy....moreAn operational instruction that sets out the process to operationalise a Policy. Research is the creation of new knowledge and/or the use of existing knowledge in a new and creative way to generate new concepts, methodologies, inventions and understandings. This could include the synthesis and analysis of previous research to the extent that it is new and creative....moreResearch is the creation of new knowledge and/or the use of existing knowledge in a new and creative way to generate new concepts, methodologies, inventions and understandings. This could include the synthesis and analysis of previous research to the extent that it is new and creative. The level of Risk the University is willing to accept or take in pursuit of its objectives....moreThe level of Risk the University is willing to accept or take in pursuit of its objectives. The term 'University' or 'UniSQ' means the University of Southern Queensland....moreThe term 'University' or 'UniSQ' means the University of Southern Queensland. Means all Students and Employees of the University, persons officially associated with the University, former Students and alumni at the University, as well as invitees, visitors and guests....moreMeans all Students and Employees of the University, persons officially associated with the University, former Students and alumni at the University, as well as invitees, visitors and guests. The person bearing the title of Vice-Chancellor and President, or as otherwise defined in the University of Southern Queensland Act 1998 , including a person acting in that position....moreThe person bearing the title of Vice-Chancellor and President, or as otherwise defined in the University of Southern Queensland Act 1998 , including a person acting in that position. | |
| Definitions that relate to this procedure only | |
| Control Measure An action taken to eliminate or minimise health and safety risks so far as is reasonably practicable. Hazard A situation or thing that has the potential to harm a person. Hazards at work may include noisy machinery, a moving forklift, chemicals, electricity, working at heights, a repetitive job, bullying and violence. Hierarchy of Control The priority order for the types of measures to be used to control risks Plant Any machinery, equipment, appliance, container, implement and tool, and Any component or anything fitted or connected to any of those things. Does not include equipment that is both hand held and hand powered. Residual Risk The risk rating, based on the risk matrix, after recommended control measures have been implemented. Risk The possibility harm (death, injury or illness) might occur when exposed to a hazard. Risk Management The process of hazard identification, risk assessment, implementation of appropriate risk control measures and monitoring and review of their effectiveness. Risk Assessment The process of evaluating the likelihood and consequences (or severity) of injury, illness or disease arising from exposure to an identified hazard(s). | |
| Keywords | Risk Management, obligations, Hazard identification, Risk Assessment, WH&S, OH&S |
| Record No | 13/468PL |