ESKOM has adopted a value of zero harm. This requires all business to be conducted with respect and care for people and the environment. Safety, health, environment, and quality (sheq) management is an important part of all operations within ESKOM and exists to prevent harm to both people and the environment. OHS risk assessment process ensures that ESKOM can proactively identify, predict, evaluate, and control the actual and potential impact ESKOM may have on the health, safety, environment, socio- economic conditions, and cultural heritage of the country. The risk assessment process allows for the hazards, risks, causes, and consequences to be identified and controlled. In turn, this will minimise the negative impact and maximise the benefits of its activities. This promotes compliance with legal requirements and principles of occupational health and safety. 2. Supporting clauses 2.1 Scope 2.1.1 Purpose this document describes the mandatory processes, requirements, and advisory guidance for managing occupational health and safety hazards and risks. The aim of this procedure is to ensure and facilitate the effective management of hazards and risks. Compliance with this procedure is mandatory in its area of applicability. 2.1.2 Applicability this document shall apply throughout ESKOM holdings soc limited, its divisions, subsidiaries, and entities in which ESKOM has a controlling interest. In cases where ESKOM does not have a controlling interest, this procedure shall apply if NO such similar document exists. 2.2 Normative/informative references parties using this document shall apply the most recent edition of the documents listed in the following paragraphs. 2.2.1 Normative [1] 240-49308149: process control manual for occupational health and safety management [2] 240-114036246: occupational hygiene health risk assessment work instruction [3] 240-84733329: medical surveillance procedure [4] 32-477: she training and development procedure [5] 32-6: document and records management procedure [6] 32-136: contractor health and safety requirements [7] 32-726: she requirements for the ESKOM commercial process controlled disclosure when downloaded from the document management system, this document is uncontrolled and the responsibility rests with the user to ensure IT is in line with the authoriszed version on the system. NO part of this document may be reproduced without the expressed consent of the copyright holder, ESKOM holdings soc ltd, reg NO 2002/015527/30. occupational health and safety risk assessment unique identifier: 32-520 procedure revision: 5 page: [8] 240-62582234: OHS roles and responsibilities and statutory appointments [9] 32-391: ESKOM integrated risk management standard [10] 32-124: ESKOM fire risk management [11] 32-86: enterprise risk and resilience policy [12] 32-727: safety, health, environment, and quality (sheq) policy [13] 32-86: enterprise risk and resilience policy [14] iso 9001: quality management systems [15] iso 31000:2009: international risk management standard [16] iso/iec guide 73:2009: vocabulary for risk management [17] mhs act: mine health and safety act [18] OHS act: occupational health and safety act [19] iso 45001: occupational health and safety management systems, requirements. 2.3 Definitions 2.3.1 Assurance assurance is a process that provides confidence that objectives will be achieved with a tolerable level of residual risk. 2.3.2 Communication and consultation continual or iterative process that an organisation conducts to provide, share and/or obtain information, and to engage in dialogue with stakeholders regarding the management of risk. 2.3.3 Consequence outcome of an event/exposure affecting objectives. 2.3.4 Contractor external organisation providing services and/or goods to the organisation in accordance with agreed specifications, terms, and conditions. Note 1: services may include construction activities, among others. 2.3.5 Control measure that is modifying risk. Note 1: controls include any process, policy, device, practice, or other actions that modify risk. Note 2: controls may not always exert the intended or assumed modifying effect. Controlled disclosure when downloaded from the document management system, this document is uncontrolled and the responsibility rests with the user to ensure IT is in line with the authoriszed version on the system. NO part of this document may be reproduced without the expressed consent of the copyright holder, ESKOM holdings soc ltd, reg NO 2002/015527/30. occupational health and safety risk assessment unique identifier: 32-520 procedure revision: 5 page: 2.3.6 Control owner person nominated as accountable for the assurance of the control to ensure that both the design and the operation of the control are effective. The names of control owners are recorded in risk registers. 2.3.7 Employee a person who has entered into, or works under, a contract of service, apprenticeship, or learnership with an employer, whether the contract is express or implied, oral, or in writing, whether the remuneration is calculated by time or work done, and paid for in cash or in kind, or tacitly (by tacit agreement), and includes cases where such a person is under the control, instruction, and supervision of his/her employer, namely: a permanent employee, which includes: a full-time employee; a part-time employee; a shift worker; and a person referred to as a learner (18.1) Or an apprentice in the conditions of service for bargaining unit employees; a non-permanent employee, which includes: a person placed through a tes (includes a labour broker/personnel agency); a temporary employee; a casual employee employed for the purpose of the employer’s business; an occasional employee; a vacation student; any person employed in terms of a fixed-term contract, and a person under a learnership contract (18.2); And a bursary holder while under the supervision and/or direction of an employer. 2.3.8 Employer any person who employs or provides work for any person and remunerates that person or expressly or tacitly undertakes to remunerate him/her. The employer is ESKOM holdings soc limited and not the section 16(1) or section 16(2) appointee. The act stipulates that a section 16(1) appointee is required to ensure that the duties of the employer (ESKOM, in this instance) are properly discharged. The section 16(1) appointee accordingly assigns his/her duties (that is, to ensure that the duties of an employer are properly discharged) to the section 16(2) appointee (s). Business unit responsible managers assist with ensuring that the duties of the OHS act are carried out. Controlled disclosure when downloaded from the document management system, this document is uncontrolled and the responsibility rests with the user to ensure IT is in line with the authoriszed version on the system. NO part of this document may be reproduced without the expressed consent of the copyright holder, ESKOM holdings soc ltd, reg NO 2002/015527/30. occupational health and safety risk assessment unique identifier: 32-520 procedure revision: 5 page: 2.3.9 Event occurrence of, or change in, a particular set of circumstances. 2.3.10 Exposure extent to which an organisation is subjected to an event. 2.3.11 External context external environment in which the organisation seeks to achieve its objectives. 2.3.12 Frequency measure of the likelihood of an event, expressed as a number of events or outcomes per defined unit of time. 2.3.13 Hazard potential source of harm. 2.3.14 Hazard identification process of finding, recognising, and describing hazards. 2.3.15 Incident occurrence arising out of, or in the course of, work that could or does result in injury and ill health. 2.3.16 Injury and ill health adverse effect on the physical, mental, or cognitive condition of a person. Note 1: these adverse effects include occupational disease, illness, and death. 2.3.17 Internal context internal environment in which the organisation seeks to achieve its objectives. 2.3.18 Level of risk magnitude of a risk expressed in terms of the combination of consequences and their likelihood. 2.3.19 Likelihood chance of something happening. 2.3.20 Line management means any employee in a leadership position from executive to supervisory level. This includes appointed responsible managers. Controlled disclosure when downloaded from the document management system, this document is uncontrolled and the responsibility rests with the user to ensure IT is in line with the authoriszed version on the system. NO part of this document may be reproduced without the expressed consent of the copyright holder, ESKOM holdings soc ltd, reg NO 2002/015527/30. occupational health and safety risk assessment unique identifier: 32-520 procedure revision: 5 page: 2.3.21 Monitoring continuous checking, supervising, critically observing, or determining the status in order to identify change from the required or expected level of performance. 2.3.22 Occupational health and safety opportunity circumstance or set of circumstances that can lead to improvement of oh&s performance. 2.3.23 Occupational health and safety performance performance related to the effectiveness of the prevention of injury and ill health to workers and the provision of safe and healthy workplaces. 2.3.24 Occupational health and safety risk combination of the likelihood of occurrence of a work-related hazardous event(s) or exposure(s) and the severity of injury and ill health that can be caused by the event(s) or exposure(s). 2.3.25 Occupational health risk assessment IT is a systematic procedure to identify potential health hazards, evaluate the extent of exposure (for example, occupational hygiene surveys) and establish the need for and methods of control (for example, engineering at the source, administrative control and provision of proper personal protective equipment [PPE]). 2.3.26 Oel (occupational exposure limits) limit value set by minister of labour for a stress factor in the workplace as stipulated in the government gazette. 2.3.21 Occupational health assessments are risk-based examinations (which may include clinical examinations, biological monitoring, or medical tests) of employees by an occupational health nurse or in prescribed cases, by an occupational medicine practitioner. The objectives: • to evaluate whether the hazards that the employees is/was exposed to is/has caused an occupational disease or not. • To evaluate whether the employee is fit, fit with restrictions, or unfit to perform the inherent requirements of the job. Controlled disclosure when downloaded from the document management system, this document is uncontrolled and the responsibility rests with the user to ensure IT is in line with the authoriszed version on the system. NO part of this document may be reproduced without the expressed consent of the copyright holder, ESKOM holdings soc ltd, reg NO 2002/015527/30. occupational health and safety risk assessment unique identifier: 32-520 procedure revision: 5 page: 2.3.27 OHS steering committee functions as a governance body responsible for, and playing a significant role in, making recommendations to sustainability systems, exco subcommittees, and the organisation of OHS management matters. 2.3.28 Operating unit (ou)/business unit (bu): in the context of this document, any reference to an ou/bu includes a defined unit within any ESKOM division and its subsidiaries. 2.3.29 Probability measure of the chance of occurrence expressed as a number between 0 and 1, where 0 is impossibility and 1 is absolute certainty. 2.3.30 Residual risk risk remaining after risk treatment. 2.3.31 Responsible manager a manager of a department, section, or ou/bu who has been appointed as part of the ESKOM delegation of authority process with the aim to assist the applicable 16(2) appointee in executing his/her duties in terms of the occupational health and safety act. 2.3.32 Review activity undertaken to determine the suitability, adequacy, and effectiveness of the subject matter to achieve established objectives. 2.3.33 Risk a chance that injury, ill health, or damage could occur as a result of an uncontrolled hazard. Effect of uncertainty on objectives. A risk with a negative consequence can be the result of human interaction with a hazard. Note 1: an effect is a deviation from the expected – positive and/or negative. Note 2: objectives can have different aspects, such as financial, health and safety, and environmental goals and can apply at different levels such as strategic, organisation-wide, project, and product and process levels. Note 3: risk is often characterised by reference to potential events, a consequence or a combination of these and how they can affect the achievement of objectives. Note 4: risk is often expressed in terms of a combination of the consequences of an event or a change in circumstances and the associated likelihood of an occurrence of the risk. Controlled disclosure when downloaded from the document management system, this document is uncontrolled and the responsibility rests with the user to ensure IT is in line with the authoriszed version on the system. NO part of this document may be reproduced without the expressed consent of the copyright holder, ESKOM holdings soc ltd, reg NO 2002/015527/30. occupational health and safety risk assessment unique identifier: 32-520 procedure revision: 5 page: 2.3.34 Risk acceptance informed decision to take a particular risk. 2.3.35 Risk analysis process to comprehend the nature of risk and to determine the level of risk. 2.3.36 Risk assessment overall process of hazard and identification, risk analysis, and risk evaluation. 2.3.37 Risk evaluation process of comparing the results of the risk analysis to risk criteria to determine whether the level of risk is acceptable or tolerable. 2.3.38 Risk management co-ordinated activities to direct and control an organisation with regard to risk. 2.3.39 Risk management framework set of components that provide the foundations and organisational arrangements for designing, implementing, monitoring, reviewing, and continuously improving the risk management processes throughout the organisation. 2.3.40 Risk management information system the database operated by ESKOM that holds all risk management information, including all risk registers, risk treatment plans, and risk management plans. 2.3.41 Risk management plan document in the risk management framework, specifying the approach to, the management elements of, and resources to be applied to the management of risk. 2.3.42 Risk management process systematic application of management policies, procedures, and practices to the tasks of communicating, consulting, establishing the context, identifying, analysing, evaluating, treating, monitoring, and reviewing risk. 2.3.43 Risk matrix tool for ranking and displaying risks by defining ranges for the consequences and likelihood. Controlled disclosure when downloaded from the document management system, this document is uncontrolled and the responsibility rests with the user to ensure IT is in line with the authoriszed version on the system. NO part of this document may be reproduced without the expressed consent of the copyright holder, ESKOM holdings soc ltd, reg NO 2002/015527/30. occupational health and safety risk assessment unique identifier: 32-520 procedure revision: 5 page: 2.3.44 Risk owner person with the accountability and authority for managing the risk and any associated risk treatment. With regard to occupational health and safety, and in line with the OHS act, designated 16(1) and 16(2) appointees have this accountability. This includes the responsible manager as defined in 240- 62582234: OHS roles and responsibilities and statutory appointments standard. 2.3.45 Risk profile description of a set of risks. 2.3.46 Risk register record of information about identified risks. 2.3.47 Risk reporting form of communication intended for particular internal or external stakeholders to provide information about the current state of risk and its management. 2.3.48 Risk sharing form of risk treatment involving the agreed distribution of risk with other parties. 2.3.49 Risk tolerance organisation’s readiness to bear the risk after risk treatment in order to achieve its objectives. 2.3.50 Risk treatment process of developing, selecting, and implementing measures to modify risk. 2.3.51 Safety/ohs professional any appropriately qualified person who is employed to perform ohs-related activities as his/her primary role and job function. (This would exclude statutory health and safety representatives.) 2.3.52 Sheq committee a sheq committee is a governance structure that is established and governed by a terms of reference to address and decide on all OHS, environmental, and quality issues presented to IT for a particular defined area of the business and includes subcommittees, where applicable. To accommodate the variations of names across the organisation, this committee includes committees at divisional, operating, and bu level that address OHS, environmental, and quality issues, for example, health and safety committees, OHS committees, she committees, etc. 2.3.53 Stakeholders the people and organisations that may affect, be affected by, or perceive themselves to be affected by, a decision or activity. Controlled disclosure when downloaded from the document management system, this document is uncontrolled and the responsibility rests with the user to ensure IT is in line with the authoriszed version on the system. NO part of this document may be reproduced without the expressed consent of the copyright holder, ESKOM holdings soc ltd, reg NO 2002/015527/30. occupational health and safety risk assessment unique identifier: 32-520 procedure revision: 5 page: 2.3.54 Task owner the person nominated as accountable for the completion of a risk treatment action. 2.3.55 Workplace any premises or place where a person performs work in the course of his/her employment, including a private home or portion of IT in the case of telework, a vehicle, aircraft, boat, or vessel. 2.4 Abbreviations abbreviation explanation aia approved inspection authority bu business unit cbra contractor baseline risk assessment coid act compensation for occupational injuries and diseases act, 1993 (act NO. ) hazop hazards of operations hira hazards identification and risk assessment irm integrated risk management iso international standards organisation ltir lost-time injury rate oel occupational exposure limits oh occupational hygiene OHS occupational health and safety OHS act occupational health and safety act OHS sc occupational health and safety steering committee ou operating unit raci responsible, accountable, consulted, and informed she safety, health, and environment sheq safety, health, environmental, and quality smat safety management audit technique soc state owned company sops safe operating procedures ss sustainability systems swps safe work procedures controlled disclosure when downloaded from the document management system, this document is uncontrolled and the responsibility rests with the user to ensure IT is in line with the authoriszed version on the system. NO part of this document may be reproduced without the expressed consent of the copyright holder, ESKOM holdings soc ltd, reg NO 2002/015527/30. occupational health and safety risk assessment unique identifier: 32-520 procedure revision: 5 page: 2.5 Roles and responsibilities ESKOM and its subsidiaries shall take all reasonably practicable steps to manage risks to an acceptable level. 2.5.1. Risk and sustainability division risk and sustainability division’s sustainability is responsible for providing support to divisions in terms of the interpretation and understanding of the legal and procedural requirements of this procedure. The division is responsible for the maintenance and review of this procedure and to ensure that there is a standard and common understanding of the OHS risk assessment process. Risk and sustainability division shall ensure that this procedure is complied with through conducting inspections and reviews to measure compliance. 2.5.2. General manager (risk and sustainability) the general manager (risk and sustainability) is accountable for the overall direction and function of eskom’s risk management programme and reports back directly to the holdings board, through the board risk management committee. The risk and resilience strategic function has developed a common ESKOM enterprise risk and resilience framework, supported by appropriate methodologies, one common language, and an executive sponsor (ge – risk and sustainability). 2.5.3. Line managers - responsible managers the responsible managers of the various ous, service functions, and strategic functions in ESKOM are responsible for, and committed to, the implementation of the OHS risk management standards, including the occupational health and safety risk assessment procedure. These aspects include co-ordinating the risk management strategy, ensuring compliance with these standards, and the planning and implementation of the procedure in their ous, service functions, and strategic functions, as well as projects. Responsible managers are responsible for the development of baseline OHS risk assessments and all other associated risk assessments for all activities and processes in their ous, the implementation of risk treatment plans, and for ensuring that risk registers are kept up to date. Responsible managers are responsible for ensuring that all OHS risks that need intervention from senior and executive management are logged on the integrated risk management system, with appropriate actions uploaded to mitigate those risks. In addition, all OHS risks that have an impact on the department, ou/bu, divisional or business achieving its objectives shall be assessed and tracked through the integrated risk management system. The responsible managers are responsible for the monitoring and review of OHS risks, the assurance of controls, and the completion of risk treatment tasks. ▪ Risk owners (16(1) and 16(2) appointees and those delegated with authority, for example, ou/bu responsible managers) are responsible for ensuring that the assessment of that risk is up to date and is properly recorded in risk registers. ▪ Control owners should ensure that appropriate and periodic assurance takes place to check that the controls on which the organisation relies are in place, are effective, and cannot be cost-effectively improved. ▪ Task owners will have treatment actions to complete by an agreed date. Of course, these tasks can be delegated, but the accountable manager will remain fully responsible for their completion. Controlled disclosure when downloaded from the document management system, this document is uncontrolled and the responsibility rests with the user to ensure IT is in line with the authoriszed version on the system. NO part of this document may be reproduced without the expressed consent of the copyright holder, ESKOM holdings soc ltd, reg NO 2002/015527/30. occupational health and safety risk assessment unique identifier: 32-520 procedure revision: 5 page: 2.5.4. Line managers – supervisors supervisors including direct supervisors, senior, middle and “junior” managers are responsible for, and committed to, the implementation of the OHS risk management standards; including the occupational health and safety risk assessment procedure. They shall assist responsible managers by implementing the requirements of this document through facilitation of risks assessment development sessions and implementing the treatment plans and actions. They shall ensure that subordinates are trained on the risk assessment and participate where possible in the risk assessment process. Supervisors shall ensure that all work activities and tasks and subjected to a risk assessment process and that issue-based and continuous risk assessments are conducted, documented, and reviewed when necessary. Supervisors are responsible for ensuring that all employees under their supervision are included in an active medical surveillance programme depending on the occupational stressors or hazards they are exposed to. 2.5.5. Employees employees are responsible for their own health and safety and the safety of their colleagues in accordance with the requirements of section 14 of the OHS act . They are responsible for complying with the requirements of this document and the outcome of any risk assessment process. Employees are responsible for assisting the employer with identification of hazards and risks in the workplace. They shall report all health and safety hazards and risks to the employer and/or health and safety representatives. 2.5.6. Project and contract managers project managers and contract managers are responsible for ensuring that OHS risk assessments are conducted during the design phases of the project and for ensuring that baseline risk assessments are conducted for all projects including non-construction work and construction activities in their ous. Project managers should ensure that all contractors working on the projects are informed of, and comply with, eskom’s risk assessment requirements prior to the commencement of construction as well as during construction and prior commencement of work and during performance of the work for non-construction activities. 2.5.7. Safety/ohs professionals OHS personnel on site are responsible for providing support within their ous/bus, service functions, and strategic functions in terms of the interpretation and understanding of the requirements of this procedure for their specific processes and activities. They will have to ensure assurance through the periodic verification of control measures and their effectiveness. OHS personnel are also responsible for assisting and supporting responsible managers in fulfilling their duties by providing necessary advice, expertise, and administrative support where required and agreed to by both parties. 2.5.8. Joint ventures there may be occasions when ESKOM and other organisations combine resources to carry out a joint venture. Unless otherwise stipulated, where the work is to be managed jointly with a joint venture partner, the requirements imposed on the responsible manager in this procedure will also apply to the joint venture and will also be indicated in the memorandum of understanding as such, unless the joint venture contractual agreement specifies, in writing, the health and safety arrangements as required in terms of section 37.2 (If applicable) of the OHS act. Controlled disclosure when downloaded from the document management system, this document is uncontrolled and the responsibility rests with the user to ensure IT is in line with the authoriszed version on the system. NO part of this document may be reproduced without the expressed consent of the copyright holder, ESKOM holdings soc ltd, reg NO 2002/015527/30. occupational health and safety risk assessment unique identifier: 32-520 procedure revision: 5 page: 2.6 Process for monitoring the ss OHS department and safety professionals are responsible for providing guidance on the risk management process. Line management with assistance from safety/ohs professionals is responsible for the day-to-day co-ordination of risk management activities and information sharing between ou, service, and strategic functions. Compliance with the requirements of this procedure has to be reviewed internally by the ou, service function, and/or strategic function at least annually as part of an internal review process. Records shall be audited internally and externally by any authorised entity, which include ESKOM assurance and forensic and external certification bodies. The focus areas of this monitoring process will include training in OHS risk assessment, previous risk assessment reviews, general adherence to the OHS risk assessment process, and determining the adequacy of risk assessment. 2.7 Related/supporting documents [1] 240-70044602 occupational health and safety risk assessment template [2] 240-114036246 occupational hygiene health risk assessment (hra) work instruction (issue- based/task-specific assessment) [3] 240-129709629 fire risk assessment template [4] 240-106061693 public safety risk assessment template 3. Occupational health and safety risk assessment 3.1 Risk management in ESKOM risk management in ESKOM is governed by the ESKOM enterprise risk and resilience policy 32-86. this policy sets out the principles, rules, and associated responsibilities for managing risk and resilience across all the groups, divisions, and subsidiaries of ESKOM holdings soc ltd and calls for one standard to be used when managing all types of risks in ESKOM. IT is aligned with the governance requirements of in king iv. The integrated risk management framework and standard 32-391 is a document that describes the process for managing risk in ESKOM and is based on the iso 31001 management system. Section 8 of the OHS act and related regulations require an employer to provide a work environment that is free from health and safety hazards and risks. Thus, the need exists for a proper OHS risk assessment process for identification, assessment, and control of occupational hazards and risks. The OHS risk assessment process shall follow the framework set out in the ESKOM integrated risk management framework and standard. Controlled disclosure when downloaded from the document management system, this document is uncontrolled and the responsibility rests with the user to ensure IT is in line with the authoriszed version on the system. NO part of this document may be reproduced without the expressed consent of the copyright holder, ESKOM holdings soc ltd, reg NO 2002/015527/30. occupational health and safety risk assessment unique identifier: 32-520 procedure revision: 5 page: 3.2 Types of occupational health and safety risk assessments 3.2.1 Baseline risk assessment ▪ baseline risk assessment refers to the OHS hazards and risks that are identified and assessed before the inception of a new project and commencement of operations. The baseline risk assessment shall include both routine and non-routine tasks. ▪ The output of baseline risk assessments is a set of OHS risk profiles per operation and/or process and/or activity, which is used to prioritise action programmes. ▪ The OHS baseline risk assessments template 240-70044602 shall be the tool used to perform baseline risk assessments within ESKOM holdings. A) project baseline risk assessments i. Client risk assessment - the OHS act, construction regulations 5.1(a), (B), (c), (d), (e), (f), (g), and (h) require the client to prepare a baseline risk assessment and site-specific health and safety specifications based on the baseline risk assessment for consideration by the designer during the project design phase. IT also requires the client and the designer to provide the principal contractor or his or her agent with any information that might affect their health and safety while performing work on behalf of the client. - The baseline risk assessment and health and safety specifications should be submitted as part of the tender documents and during negotiations, so that the potential contractor can make provision for the cost of health and safety measures during construction. - A multidisciplinary risk assessment needs to be performed during the planning or design phase of the project, so as to eliminate hazards and implement OHS engineering controls before the project is executed among other controls that will enhance our ability to achieve the desired objectives. - Baseline risk assessments should take into consideration hazards and risks that could have an impact beyond the site borders as well as external factors that could affect the health and well-being of persons on site and employees off site (for example, roads). - The baseline risk assessment should include occupational/environmental stressors and hazards, or any other factors that have the potential for affecting employees or contractors health so that an occupational hygiene and medical surveillance programme can be developed and implemented. - The baseline risk assessment shall be used to develop project health and safety specifications. Where a construction work permit is required, the baseline risk assessment and health and safety specifications shall be attached as part of the application. - The baseline risk assessment must be periodically reviewed based on, for example, project life-cycle changes, incident trend analysis or changes to the scope of work, and newly introduced risks due to residual risks. Controlled disclosure when downloaded from the document management system, this document is uncontrolled and the responsibility rests with the user to ensure IT is in line with the authoriszed version on the system. NO part of this document may be reproduced without the expressed consent of the copyright holder, ESKOM holdings soc ltd, reg NO 2002/015527/30. occupational health and safety risk assessment unique identifier: 32-520 procedure revision: 5 page: ii. Contractor baseline risk assessment (cbra) - the contractor shall, based on the client risk assessment, develop a baseline risk assessment for all planned activities, which shall form part of the OHS plan submitted to the client. - The cbra will be an essential consideration during the tender evaluation/adjudication/negotiation and/or clarification processes before the contract is awarded. - A cbra must be carried out for all planned project elements/activities/tasks regardless of the frequency and duration with which those tasks are expected to be carried out. - The cbra must be periodically reviewed based on, for example, changes to the scope of work, changes to work methods/procedures/equipment, organisational changes (including personnel), incident trend analysis, or new/revised technology. - The cbra should include occupational/environmental stressors and hazards or any other factors that have the potential for affecting employees’ health. An occupational hygiene and medical surveillance programme should be included in the she plan. - The cbra shall be submitted to the client at the agreed times. B) baseline risk assessments for routine tasks - baseline risk assessments need to be developed for routine activities that the business performs on a daily basis. These will assist the business in developing treatment measures, such as standard operating procedures or work instructions to reduce the hazards and risk attached to these activities. - Occupational exposures with potential health effects must be identified, assessed, documented, controlled, and communicated. - The hazards and control measures from this baseline risk assessment shall be communicated to all affected employees, so as to inform them of hazards attached to the work they are to perform. - The hazards identified from this baseline shall be incorporated in employee person-job specifications, so that they can be conducted along with occupational medical assessments. - This baseline risk assessment shall be reviewed periodically based on, for example, changes in the scope of work, new technology, etc. 3.2.2 Issue-based risk assessments ▪ although most standard activities should already be covered by a baseline risk assessment, the circumstances surrounding the activities may vary from day to day. Therefore, each task or activity needs to be assessed and analysed before work starts. ▪ Issue-based risk assessment can also be conducted for a specific hazard, for example, fire risk assessment. Controlled disclosure when downloaded from the document management system, this document is uncontrolled and the responsibility rests with the user to ensure IT is in line with the authoriszed version on the system. NO part of this document may be reproduced without the expressed consent of the copyright holder, ESKOM holdings soc ltd, reg NO 2002/015527/30. occupational health and safety risk assessment unique identifier: 32-520 procedure revision: 5 page: ▪ all relevant stakeholders need to be involved when an issue-based risk assessment is conducted. ▪ Issue-based risk assessment looks at assessing the risks attached to each activity and hazard; for instance, if chemicals were identified as part of the baseline risk assessment, the task-specific risk assessment needs to assess and analyse each chemical individually. ▪ If there is NO baseline risk assessment, the issue-based risk assessment must cover all aspects of the job, the core activity, as well as the circumstances. ▪ Issue-based risk assessment needs to be performed before every activity or task and IT shall be informed by the baseline risk assessment. ▪ The issue-based risk assessment is essential for the development/review of sops/swps, method statements, critical task manuals, emergency plans, and so forth, as IT addresses work- specific hazards and risks. ▪ On construction projects, the contractor shall conduct the issue-based risk assessments and submit them to the client before the commencement of work. ▪ The client shall sign an acknowledgement that risk assessments have been reviewed. However, this does not absolve the contractor of his/her duties in terms of the OHS act. A) pre-task (daily) risk assessment - as part of the issue-based risk assessment, there is a requirement that a pre-task risk assessment be conducted before any task, as circumstances may change, for example, the weather and site location. - The pre-task risk assessment is also required as part of the work permit, required by the life-saving rules, operating procedures for high voltage systems (orhvs), and plant safety regulations (psr). - The pre-task risk assessment shall be completed as part of the pre-job planning processes by the responsible and authorised person(s), together with all the people who will perform the task. - The pre-task risk assessment shall be conducted at the location where the activity takes place to ensure that all circumstances can be evaluated properly. - All people who participate in the activity must be trained on the contents of the risk assessment to ensure that they understand the hazards associated with the task. - A qualitative, simple checklist method is advisable for a pre-task risk assessment, as staff at all levels in the organisation should be able to perform this task with quality. As a minimum, the checklist should consider the following areas: • work area • unsafe conditions • environmental conditions • condition of PPE, tools, and equipment controlled disclosure when downloaded from the document management system, this document is uncontrolled and the responsibility rests with the user to ensure IT is in line with the authoriszed version on the system. NO part of this document may be reproduced without the expressed consent of the copyright holder, ESKOM holdings soc ltd, reg NO 2002/015527/30. occupational health and safety risk assessment unique identifier: 32-520 procedure revision: 5 page: • ergonomic risks • personal risks, health conditions • emergency response risks • work permit (orhvs, psr) - when circumstances change during the course of the activity, activities must be stopped and risk assessments must be updated and discussed with all involved in the task. 3.2.3 Continuous risk assessment occupational health and safety risk assessments should take place continuously, as an integral part of day-to-day health and safety management. This form of risk assessment is an important tool for ensuring the reduction of OHS hazards and risks in the workplace, as IT addresses day-to-day changes in the activity. IT is the duty of employees and supervisors to ensure that effective continuous risk assessment actually takes place in the workplace. Continuous risk assessment includes tool box talks, behavioural observation, task observations, supervisor, inspections, etc, which are an integral part of the OHS risk management process. The employer must ensure that all employees are competent to perform continuous risk assessments. 3.2.4 Occupational hygiene hazard identification and risk assessment (oh hira) the oh hira shall be conducted for all activities and processes, by a person who in respect of conducting hira for occupational hygiene stress factors, has: a) at least two years’ experience in conducting risk assessments; b) have successfully completed ESKOM training for oh hira through the ESKOM academy of learning (eal); c) required knowledge in accordance with the osh act and the relevant regulations; and d) comprehensive knowledge of the occupational hygiene hazard identification and risk assessment work instruction (240-114036246). the oh hira shall consider, but not be limited to: a) the hazardous chemical agent (hca) to which an employee may be exposed; b) what effects the hca can have on an employee; c) where the hca may be present and in what physical form IT is likely to be; d) the route of intake by which and the extent to which an employee can be exposed; and e) the nature of the work, process, and any reasonable deterioration in, or failure of, any control measures. Occupational health risk assessments shall be developed according to the 240-114036246: oh hra work instruction (issue-based/task-specific assessment) guideline. The outcome of the oh hira shall inform the implementation requirements for oh monitoring programme and medical surveillance programme, and to also recommend exposure control measures such as elimination/substitution, engineering, administrative, and PPE control measures. Controlled disclosure when downloaded from the document management system, this document is uncontrolled and the responsibility rests with the user to ensure IT is in line with the authoriszed version on the system. NO part of this document may be reproduced without the expressed consent of the copyright holder, ESKOM holdings soc ltd, reg NO 2002/015527/30. occupational health and safety risk assessment unique identifier: 32-520 procedure revision: 5 page: where exposure is anticipated to exceed the maximum limit (control limit), the control of the exposure shall be regarded as adequate if the exposure is at a level as low as is reasonably practicable below that maximum limit (control limit); provided that in the case of temporary excursions above the maximum limit (control limit), measures shall be put in place to ensure i. That the excursion is without a significant risk from exposure; and ii. That the excursion is not indicative of a failure to maintain adequate control. 3.3 Occupational health and safety risk assessment process note: before conducting risk assessments, proper planning and preparation shall be done. 3.3.1 Communication and consultation ▪ conduct a stakeholder analysis to define the relevant stakeholders, their roles, and communication needs. ▪ Stakeholder analysis shall include internal and external stakeholders relevant issues that can have an impact on the health and safety of employees, including risks and opportunities presented by those issues. ▪ Identify who is exposed to risks, who is responsible and accountable for the management of risk (risk owner), who needs to be included in the risk analysis process, and who needs to be consulted and informed. ▪ Communicate information on OHS risks and opportunities to management, the employees, and other affected stakeholders. 3.3.2 Hazard identification ▪ determine the scope, purpose, or objective of risk assessment, which can include walk- through inspections, incident analyses, etc. ▪ List all the activities that are to be performed by the business, taking into account routine and non-routine activities, potential emergency situations, third-party stakeholders, such as the community, and other social factors. ▪ Identify hazards or stress factors that have an impact on the health and safety of employees, the environment, and third-party stakeholders. Note: hazards are generally tangible and can be seen, heard, felt, measured, smelt, or determined through the use of one’s senses. ▪ The hazard identification process shall take into account, but not be limited to: o how work is organised, social factors (including workload, work hours, victimisation, harassment, and bullying), leadership, and the culture of the organisation; o how the work is performed; controlled disclosure when downloaded from the document management system, this document is uncontrolled and the responsibility rests with the user to ensure IT is in line with the authoriszed version on the system. NO part of this document may be reproduced without the expressed consent of the copyright holder, ESKOM holdings soc ltd, reg NO 2002/015527/30. occupational health and safety risk assessment unique identifier: 32-520 procedure revision: 5 page: o past relevant incidents, internal or external to the organisation, including emergencies, and their causes; and o situations occurring in the vicinity of the workplace caused by work-related activities under the control of the organisation and situations not controlled by the organisation and occurring in the vicinity of the workplace that can cause injury and ill health to persons in the workplace. ▪ Classify the OHS hazards into one of these broad areas (but not limited to them): o physical, for example, light, heat and cold, or vibration o chemical, for example, hazardous substances, poisons, vapours, or dust o biological, for example, plants, bacteria, parasites, or viruses o mechanical/electrical, for example, working at height, or plant and equipment o ergonomic, for example, posture, weight, or repetition o psychological, for example, stress, boring/repetitive work, or violence/aggression 3.3.3 Risk identification ▪ identify risks attached to listed hazards, and list the implications and causes of such risks. ▪ Describe the risks in terms of an event, changes in a situation, circumstances, and how these lead to consequences, for example, when you identify a risk of fire, IT should also describe the source of the fire instead of only identifying the fire (fire caused by flammable liquid). ▪ Record the identified risks in the risk registers, with the following information: o a description of the risk, its possible cause, and consequence o the risk owner (typically a responsible manager) o the risk category (safety or health) 3.3.4 Assess and analyse (quantifying) risk ▪ this is a step where risks are analysed in order to determine the effectiveness of existing control measures and implement further control measures to minimise the consequences of those risks for the health and safety of employees and the environment. ▪ Both qualitative and quantitative techniques can be used to assess and analyse risks, for example, qualitative incident investigation reports or quantitative data/measurements. ▪ Assessing and analysing the risk will be using these steps, a) determine existing controls (rce), b) determine consequence rating, and c) determine likelihood rating. Controlled disclosure when downloaded from the document management system, this document is uncontrolled and the responsibility rests with the user to ensure IT is in line with the authoriszed version on the system. NO part of this document may be reproduced without the expressed consent of the copyright holder, ESKOM holdings soc ltd, reg NO 2002/015527/30. occupational health and safety risk assessment unique identifier: 32-520 procedure revision: 5 page: 3.3.5 Determine existing controls - determining existing controls is done to assess oh&s opportunities to enhance oh&s performance, while taking into account planned changes to the organisation, its policies, its processes, or its activities and opportunities to adapt work, work organisation, and work environment to workers, opportunities to eliminate hazards, and reduce oh&s risks. - Oh&s risks and oh&s opportunities can result in other risks and other opportunities for the organisation. - Existing controls are recorded through walk-throughs, inspections, records, interviews, and observations. - Controls will include systematic controls and elimination, engineering, administrative, or PPE controls. - Risk control effectiveness (rce) will be estimated during risk analysis, taking into account both the adequacy and effectiveness of controls. Rce will be a measure of the completeness, relevance, and efficacy of the existing controls when compared with that which is reasonably achievable. - Rce will be rated using the guide in the table below. Rce will be estimated for each control taking into account both the adequacy and effectiveness of each control in light of the objectives of that particular control. - Elaborating on existing controls and measuring the effectiveness of these controls, treatment tasks will be created in an endeavour to enhance controls for controls that were not fully effective and others that included control tasks to enhance the ineffective controls. Rce guide nothing more to be done except review and monitor the existing fully effective controls. Controls are well designed for the risk, are largely preventive and address the root causes. Management believes that they are effective and reliable at all times. Reactive controls only support preventive controls. Mostly effective most controls are designed correctly and are in place and effective. Some more work to be done to improve operating effectiveness or management has doubts about operational effectiveness and reliability of the controls. Mostly while the design of controls may be largely correct in that they treat ineffective most of the root causes of the risk, they are not currently operationally very effective. There may be an over-reliance on reactive controls, or some of the controls do not seem correctly designed in that they do not treat root causes. None virtually NO credible control. Management has NO confidence that any degree of control is being achieved. Controlled disclosure when downloaded from the document management system, this document is uncontrolled and the responsibility rests with the user to ensure IT is in line with the authoriszed version on the system. NO part of this document may be reproduced without the expressed consent of the copyright holder, ESKOM holdings soc ltd, reg NO 2002/015527/30. occupational health and safety risk assessment unique identifier: 32-520 procedure revision: 5 page: 3.3.6 Determine consequence rating when determining the consequences of the risk, take into account existing controls and their adequacy and effectiveness. Consequence description rating health and safety 6 multiple fatalities 5 fatality or life-threatening health effects 4 lost-time injury; irreversible health effects/occupational disease with permanent consequence 3 medical treatment case; occupational disease with reversible/non- permanent effect 2 first-aid treatment case and temporary discomfort case 1 NO injuries or health effects (near misses) 3.3.7 Determine likelihood rating of risk the likelihood considers the probability that the consequences will be experienced as well as the frequency of exposure to the hazard. This is determined by using the likelihood table below: score descriptor safety occupational hygiene exposure probability of exceeding oel a highly ▪ more than a “100 year rare (once a year) NO exposure (or unlikely event” exposure < 10% of oel) ▪ exceptionally unlikely, even in the long-term future ▪ < 5% probability. B unlikely ▪ could occur in “years to short periods of low exposure (< 50% of decades” time, a few times per oel) day/ intermittent ▪ may occur but not (once in six months, anticipated three months, or a ▪ ≥ 5% and < 20% month) probability. Controlled disclosure when downloaded from the document management system, this document is uncontrolled and the responsibility rests with the user to ensure IT is in line with the authoriszed version on the system. NO part of this document may be reproduced without the expressed consent of the copyright holder, ESKOM holdings soc ltd, reg NO 2002/015527/30. occupational health and safety risk assessment unique identifier: 32-520 procedure revision: 5 page: c possible ▪ could occur within continuous for moderate exposure “months to years” between one and (chronic exposure > two hours (often/ 50% of oel or acute ▪ may occur shortly but a weekly) exposure ≥ oel) distinct probability IT will not, or ≥ 20% and < 70% probability. D likely ▪ could occur within continuous for high exposure (chronic “weeks to months” between two and exposure > oel, or four hours exposure exceeding ▪ balance of probability will (frequent/daily) oel-stel) occur ▪ ≥ 70% and < 90% probability. E unavoidable ▪ could occur within “days continuous for very high exposure to weeks” eight-hour shift (chronic exposure > 2 x oel or exposure ▪ impact is imminent exceeding oel-c) ▪ ≥ 90% probability. 3.3.8 Determine risk rating plot the consequence and the likelihood on the risk matrix below to determine the risk priority level. 6 i i i i i 5 ii ii ii i i 4 iii iii ii i i 3 iv iii ii ii i 2 iv iv iii ii ii 1 iv iv iii iii iii consequences a b c d e likelihood 3.3.9 Evaluate risk ▪ rank the risks in different categories based on the level of risk that has been determined as well as the effectiveness of the current risk controls, that is, very high, high, medium, or low, using the qualitative method below: controlled disclosure when downloaded from the document management system, this document is uncontrolled and the responsibility rests with the user to ensure IT is in line with the authoriszed version on the system. NO part of this document may be reproduced without the expressed consent of the copyright holder, ESKOM holdings soc ltd, reg NO 2002/015527/30. occupational health and safety risk assessment unique identifier: 32-520 procedure revision: 5 page: priority risk action required ranking i very high immediate action required. Ii high strong mandatory action required iii medium action required, possibly at administrative level. Iv low minor or NO action required. ▪ Test the identified risk against safe limits, internal requirements, and external requirements, including legislation and other requirements, limits, and conditions of authorisations issued for that activity, and any other possible requirements to ascertain whether the risk exists or not. ▪ Depending on the risk ranking, determine the degree of control and tolerance against the defined limits. ▪ Determine whether the risk is acceptable; if acceptable, NO further assessment is required. 3.3.10 Eliminate and reduce risk ▪ develop a risk management strategy to treat the impact, consequence, and/or likelihood/exposure of assessed risks. ▪ Establish the actions to be taken (controls), where the highest-order type of preventive measure will be the most effective and sustainable. ▪ Different approaches can be taken that are aligned with the agreed risk-tolerance level. Consider treatment/hierarchy of control measures in terms of the following priorities when developing controls: controlled disclosure when downloaded from the document management system, this document is uncontrolled and the responsibility rests with the user to ensure IT is in line with the authoriszed version on the system. NO part of this document may be reproduced without the expressed consent of the copyright holder, ESKOM holdings soc ltd, reg NO 2002/015527/30. occupational health and safety risk assessment unique identifier: 32-520 procedure revision: 5 page: most effective elimination – physically remove the hazard substitution – replace the hazard engineering controls – isolate people from the hazard administrative controls – change the way people work personal protective equipment– protect the worker with PPE least effective o risk elimination or avoidance: totally removing the risk. O risk reduction: involves methods that minimise either the impact or the likelihood of a risk, or a combination of both. O risk sharing/transfer: means causing another party to accept the risk fully, for example, by transferring the risk to a contractor who is better equipped to deal with the risk. O risk tolerance or risk retention: involves accepting the risk as IT occurs. This is a viable option for minor risks where the total “cost” of treatment exceeds the expected benefits in terms of loss reduction. ▪ A risk assessment shall form basis for the development and maintenance of the following: ▪ occupational hygiene programme ▪ medical surveillance programme ▪ persons job specifications ▪ training ▪ PPE ▪ project baseline risk assessment ▪ sops, swps, method statements, task manuals, etc. ▪ Treatment plans ▪ audit schedule or protocols ▪ responsible managers shall discuss the outcome of the risk assessment and develop plans and make decisions on the residual risk. ▪ The residual risk shall be reduced to the lowest level of rating where possible. Controlled disclosure when downloaded from the document management system, this document is uncontrolled and the responsibility rests with the user to ensure IT is in line with the authoriszed version on the system. NO part of this document may be reproduced without the expressed consent of the copyright holder, ESKOM holdings soc ltd, reg NO 2002/015527/30. occupational health and safety risk assessment unique identifier: 32-520 procedure revision: 5 page: 3.3.11 Monitor risk ▪ on a continuous basis, review/reanalyse the identified risks and control measures at intervals determined by the applicable legislative requirements or if there is a change in the risk. ▪ During the review of the risk assessment incident statistics, behaviour observations, and inspection reports shall be reviewed to measure the effectiveness of controls. ▪ Treatment actions from risks shall be monitored, tracked, and reported on during management review meetings, she committee meetings. ▪ Where a frequency of review is not prescribed by specific regulations or standards, the risk assessment shall be reviewed every two years. 3.4 Report risk ▪ document all assessment results irrespective of the risk rating. ▪ Risk assessments shall be discussed with all employees, and implementation of control measures is to be supervised. ▪ The risk assessment shall be reported to all affected stakeholders to ensure that corrective measures are implemented. ▪ The outcome of a risk assessment can be communicated through but not limited to the following: ▪ OHS induction ▪ tool box talks ▪ emergency plans ▪ signage ▪ formal training ▪ procedures, guidelines, and standards 3.5 Training and support a major component of implementation is the awareness and training of all staff members in the OHS risk management processes in ESKOM. divisions and projects should have a training plan that covers the following: ▪ awareness briefings for all staff members ▪ training for OHS personnel, line managers, project managers, and contractor managers in the principles of OHS risk management, line management responsibilities, and the use of risk assessment tools controlled disclosure when downloaded from the document management system, this document is uncontrolled and the responsibility rests with the user to ensure IT is in line with the authoriszed version on the system. NO part of this document may be reproduced without the expressed consent of the copyright holder, ESKOM holdings soc ltd, reg NO 2002/015527/30. occupational health and safety risk assessment unique identifier: 32-520 procedure revision: 5 page: 4. Acceptance this document has been seen and accepted by: • risk and sustainability mancom • OHS steering committee 5. Revisions date rev. Compiler remarks september 2009 0 s seme new procedure august 2011 1 pulane raophala this document was compiled to address the pcm in line with the objectives of the back to basics project. Changes to the document include alignment with the mapped business process. June 2014 2 ntokozo ngubane the document was due for revision and was developed to standardise the OHS risk assessment processes in ESKOM and to align them with irm. March 2019 3 ntokozo ngubane the document was reviewed to include the changes made to the ESKOM integrated risk management standard and to incorporate occupational hygiene health risk assessment work instruction requirements. Changes also include requirements from the iso 45001 standard. February 2021 4 ntokozo ngubane the review was prompted by the requirement to log level 1 and 2 OHS risks on the irm system under roles and responsibilities. In the current review the requirement was reviewed to logging of risks that requirement management intervention and/or have an impact on objectives. May 2022 5 ntokozo ngubane the review done to remove requirement for logging 1 and 2 OHS risks on the irm system which was left out during in some of the sections during revision 4 review. Controlled disclosure when downloaded from the document management system, this document is uncontrolled and the responsibility rests with the user to ensure IT is in line with the authoriszed version on the system. NO part of this document may be reproduced without the expressed consent of the copyright holder, ESKOM holdings soc ltd, reg NO 2002/015527/30. occupational health and safety risk assessment unique identifier: 32-520 procedure revision: 5 page: 6. Development team the following people were involved in the development of this document: • nompilo dlamini • thandi buthelezi • kgosi modiole • mpapadi monyela • njabulo khumalo • nankuse nkomo • basi jonas • itumeleng motlhamme • brenda njotini • andile ngidi • buyelwa stuurman • nompumelelo kaule • nondumiso ingrid khumalo • ntombifuthi loni • duke lebethe • sibusiso skosana • pilasande qika • ntokozo ngubane • ntswaki ngatane 7. Acknowledgements • ndiape maphanga • gunther rhode • mahlatse thlapane • avhapfani luvhengo controlled disclosure when downloaded from the document management system, this document is uncontrolled and the responsibility rests with the user to ensure IT is in line with the authoriszed version on the system. NO part of this document may be reproduced without the expressed consent of the copyright holder, ESKOM holdings soc ltd, reg NO 2002/015527/30.