After hazards have been identified and added to a risk assessment, the next step is to evaluate the inherent and residual risk associated with each hazard. This process helps assessors determine which hazards pose the greatest threat, prioritize controls, and track risk reduction over time.
In Serenity, this analysis is performed within the Hazard Analysis tab of each assessment.
Understanding the Risk Assessment Process
For each identified hazard, the assessor will:
Review the hazard’s applicability to the job or process being assessed.
Select the job step (if applicable) where exposure occurs.
Describe how the hazard is present in the specific work context.
Quantify the inherent risk — the level of risk before any controls are applied.
Identify and evaluate the controls that mitigate the hazard.
Quantify the residual risk — the level of risk remaining after controls are in place.
This structured approach ensures consistent, defensible risk scoring across all assessments.
Step 1: Review Applicability
Each hazard includes an applicability question, which helps assessors determine whether the hazard is relevant for the current job, process, or equipment.
If Yes, proceed to assess the risk and apply controls.
If No, the hazard remains documented for completeness but is excluded from scoring.
This step helps focus attention on real, observed hazards rather than theoretical ones.
Step 2: Link Hazards to Job Steps (For Step-Based Assessments)
If the risk assessment is step-based, link each hazard to the specific job step where exposure occurs.
For example:
High Voltage may occur during “Process Initiation.”
Noise Exposure may occur during “Assemble Part.”
To assign a step:
Open the hazard in the Hazard Analysis tab.
In the Description of Hazard section, choose the correct Job Step from the dropdown list.
Optionally, add notes in the Describe the hazard present field for additional context.
Step 3: Quantify the Inherent Risk
The Inherent Risk represents the level of risk before any controls are applied. Assessors quantify this by assigning values for Severity, Likelihood, and—when required by the scoring formula—Exposure.
Inherent Severity: Indicates the potential consequence or magnitude of harm if the hazard results in an incident. Typical options include: Insignificant, Minor, Moderate, Major, Catastrophic.
Inherent Likelihood: Represents the probability that an incident could occur if no controls were in place. Common options include: Rare, Unlikely, Possible, Likely, Almost Certain.
Inherent Exposure (if applicable): Used when the risk formula includes an exposure term. It quantifies how often, how long, or how many people are exposed to the hazard. Examples include: Infrequent, Occasional, Frequent, Continuous.
Serenity automatically calculates the Inherent Risk Score based on the configured formula for the template (e.g.,
Severity × Likelihood,
Severity + Likelihood - 1, or
Severity × Likelihood × Exposure).
The result is displayed alongside the associated risk level label (e.g., Low, Medium, High, Very High).
Step 4: Identify and Assess Controls
Next, document the controls that are in place to reduce the risk.
Controls are preventive or mitigative measures that reduce either the likelihood or severity of an event.
To add controls:
In the Control Assessment section, click Add controls.
From the Add Controls window, you can:
Select from the Control Library, organized by category.
Use the search bar to find specific control names.
Click Create a new control to define one that doesn’t yet exist in the library.
Click Add to control assessment to apply selected controls to the hazard.
Once controls are added, each one appears under the Control Assessment section. For each control, assessors can rate effectiveness (e.g. Strong, Adequate, or Poor), add notes or attachments, and raise issues if gaps or weaknesses are observed.
As controls are assessed, Serenity displays a Control Effectiveness percentage, indicating the estimated reduction in risk.
Step 5: Quantifying Residual Risk
The Residual Risk represents the level of risk that remains after controls have been applied. This is a critical step in determining whether existing mitigation measures are sufficient or if further action is needed. Serenity supports two methods for determining residual risk, configured at the template level:
Manual Calculation
When the residual risk calculation is set to Manual, assessors must directly enter:
Residual Severity
Residual Likelihood
Residual Exposure (if applicable)
The system then applies the same risk formula and matrix used for inherent risk to calculate the Residual Risk Score and risk level (e.g., Low, Medium, High). This method gives assessors flexibility to apply expert judgment, especially useful for qualitative assessments such as Job Hazard Analyses (JHAs) or facility walkthroughs.
Calculated Residual Risk
When the calculation is set to Calculated, the user should enter the risk reduction factor (0-100%). Serenity automatically calculates and pre-populates this value using the sum of the risk reduction factors for all selected controls.
For example:
Inherent Risk Score = 8 (High)
Risk Reduction Factor = 50%
Residual Risk Score = 4 (Medium)
This approach standardizes risk scoring and is ideal for quantitative, data-driven assessments or programs focused on continuous risk performance tracking.
Best Practices
Be consistent. Apply rating criteria objectively and consistently across all hazards and assessments.
Focus on observable conditions. Base severity and likelihood ratings on real-world conditions, not hypothetical extremes.
Verify control effectiveness. Rate controls based on how well they are implemented in practice, not just on their existence in procedure documents.
Document rationale. Use notes or attachments to support scoring decisions — this strengthens traceability and auditability.
Review residual risk. If the residual risk remains High or Very High, create corrective actions or assign follow-up tasks in the Mitigation tab.
By following these steps, assessors can produce clear, consistent, and data-driven evaluations of risk within Serenity. Quantifying both inherent and residual risk enables EHS teams to prioritize improvements, validate control effectiveness, and drive continuous reduction in workplace hazards.