Information on this page is not current law. It details new laws intended to commence on 1 July 2021 under the amended Environment Protection Act 2017.

Use this four-step process to manage any potential risks your business activities may pose to the environment and human health. 

You can apply these steps to a business of any size. Or you can use a different risk management approach if it’s better suited to your business. 

Four-step risk management process

Steps in controlling hazards and risks infographic

Step one: Identify hazards

Identify all hazards on your site that could harm human health or the environment. Chemical spills, stormwater contamination, dust, odour and hazardous waste are common examples of hazards.

Think about how your business activities may be hazardous. For example, detergent use and material storage and handling are common activities that can present hazards.

Step two: Assess risks

Once you identify your hazards, you need to assess the risks they could pose. This involves looking at how hazards might cause harm.  

Base your assessment on how likely they are to happen and how severe that harm could be.  

Step three: Implement controls

Put in place the most appropriate controls to manage the risks you assessed at step two. These should reflect the likelihood and consequence of a hazard occurring.  

The most effective control is to eliminate the hazard and its potential risk.  

Step four: Check controls

Regularly check the controls you put in place are working as planned. Improve them if they’re not. Your check might also identify more hazards. If it does, you must return to step one for these hazards.  

Your actions shouldn’t stop at step four. You should repeat this process often to make sure your risk management is working.

EPA’s compliance approach can also help your business meet its environmental duties and obligations.  

How to increase your knowledge

Under the general environmental duty (GED), you must understand the risks from your businesses activities and how to address them as far as reasonably practicable.  

State of knowledge is what is known about the risks from your business activities. It’s also what’s known or ought to be known about the controls you can put in place to manage the risks.

Getting this knowledge means using trusted sources. Existing knowledge may include:

  • business and industry knowledge 
  • regulatory and government agency knowledge 
  • knowledge that independent organisations hold. 

Find out about common hazards and find guidance for your industry.

Assessing and controlling risk: a guide for business (publication 1695) provides more information for businesses who want to follow a risk management process. It’s also available in languages other than English. 

Reviewed 30 July 2020