Risk assessment: Self Assessment Process

Risk should be managed as an integrated part of the HSE’s overall approach to quality improvement. The risk management process intertwines with the quality cycle in terms of risk assessment.

Key to both the quality improvement and risk management processes, are:

  • the identification of risks; 
  • agreeing improvement programmes to treat risks; 
  • On-going monitoring and evaluation to manage risks.

Where a self assessment team has assigned a red rating (not achieved), it must consider the possibility of related risks posed to the service user, staff or the service.

Where a self assessment team has identified a level of achievement at amber, the team may consider the possibility of related risks. To help identify and prioritise risks, the self assessment team carries out a risk rating.

Stage one of the risk rating process involves considering the impact of failing to meet the indicator/s. In scoring impact, the anticipated outcome of the risk is graded on a scale of 1-5, 1 being negligible impact, 5 indicating a more serious Impact.

The only area for self assessment teams to consider within the risk impact table below is ‘Compliance with Standards, statutory, clinical, professional and management).

Stage two of the risk rating process is to determine the likelihood of an event arising as a result of failing to meet the indicator/s. The higher the likelihood score, the more urgent is the requirement for immediate action to be taken.


Figure  8: HSE Risk Likelihood Table.

Stage three involves plotting both the likelihood and impact scores on the Risk Matrix grid – this assigns a colour and numerical score rating. For example, a ‘moderate impact’ 3 and a ‘possible likelihood’ 3 will result in a rating of an amber 9).

  • High risks are scored between 15 and 25 and are coloured red.
  • Medium risk are scored between 6 and 12 and are coloured amber.
  • Low risks are scored between 1 and 5 and are coloured green.


Figure 9: HSE Risk Impact and Likelihood Table.

Stage four requires the self assessment team to make decisions based on the outcome of the risk analysis, regarding which risks require treatment and the priorities of that treatment. Depending on the risk rating, and the adequacy of the current controls in place, an evaluation is made whether to accept the risk (A risk is called acceptable if it is not going to be treated) or treat the risk by:

  1. Avoiding the risk,
  2. Transferring the risk or
  3. Controlling the risk.

Criteria used to make decisions to accept or treat a risk should be consistent with the defined internal, external and risk management contexts, and take into account the service objectives and goals.

The treatment of risks through a structured quality improvement process is a very powerful mechanism, capable of targeting the quality improvement programmes to areas of need in a prioritised way.

The self-assessment team must enter the risk rating only into the GAIT.