Operational Risk Management

Purpose and Scope

This procedure outlines Hansen Yuncken’s framework for managing operational risks across the project lifecycle, from pre-construction through to post-delivery. This includes, but are not limited to:

  • Design and constructability
  • Environmental impacts
  • Quality of work and materials
  • High-risk construction work
  • Psychosocial impacts
  • Health and well-being effects

Hansen Yuncken uses a continuous risk management process to manage activities that may affect health and safety, the environment, or quality informed by work as done. This approach intends to protect people, property, and project outcomes while meeting legal and industry requirements.

This procedure applies to all Hansen Yuncken projects, activities, and operations involving employees, contractors, subcontractors, and stakeholders.

More detailed procedures relating to these specific risk areas are available on HYworkzone.

VIEW ON HYWAY (HY ONLY)
PRINT THIS PAGE
    CONTENTS

    Responsibilities

    Officer Roles under WHS Legislation

    The following roles are considered Officers under the WHS Act. They are legally required to exercise due diligence to ensure HY complies with its WHS obligations. This includes proactively understanding risks, ensuring adequate resources and processes, and verifying WHS performance.

    Officers (Board, Executives, GMs, National HSEQ & Sustainability Manager):

    • Provide oversight and strategic direction for risk and HSEQ performance.
    • Ensure systems, resources, and governance are in place.
    • Actively review performance and uphold WHS due diligence duties.

    Drive continuous improvement and alignment with legal and client requirements.

    Non-Officer Roles

    The following roles are not considered Officers but hold responsibilities to implement and maintain safe systems of work as part of HY’s duty as a PCBU.

    HSE Function (HSE Manager, Senior/General HSE BPs, Systems Coordinator):

    • Implement and monitor HY’s risk management framework across all phases of work.
    • Verify compliance with HYer Standards, SWMS, and planning tools.
    • Mentor teams and support capacity reporting, event learning, and system use.
    • Maintain visibility of project risk records and escalate issues where needed.
    • Manage national systems, tools, alerts, and legislative integration.

    Operational Teams (Project Teams, PMs, SMs, Design, Subcontractors):

    • Plan and deliver work in line with HY’s risk processes, HYer Standards, and SWMS.
    • Participate in proactive risk activities (e.g., PPMs, Check Ins, Task Risk Assessments).
    • Identify hazards, apply controls, and escalate issues if risk is intolerable.
    • Maintain current documentation and ensure systems reflect on-site reality.
    • Collaborate with HSE and other duty holders to manage shared risks.

    Risk Management Objectives

    At Hansen Yuncken, we define risk as the effect of uncertainty on our objectives, guided by ISO 31000. Uncertainty arises from incomplete information about an event, its consequences, or its likelihood.

    Our objective when determining risk tolerance is to achieve a level of certainty that allows us to proceed comfortably with work.

    In our operations, we apply the HIRACE method – Hazard Identification, Risk Assessment, Control, and Effectiveness.

    Step

    HSE (Health, Safety & Environment)

    Quality (QA/QC)

    Hazard Identification

    Identify known and unknown hazards using project management tools, considering the nature of work, site conditions, and input from relevant parties.

    Identify gaps, conflicts and compliance issues in requirements; pick up product/method risks; confirm logistics/locations.

    Risk Assessment

    Evaluate the level of uncertainty workers face if hazards remain unaddressed.

    Determine impact on acceptance criteria, sequence, cost/time; decide if work can proceed or must be held; set critical hold/witness points.

    Control

    Implement suitable controls so far as reasonably practicable, in line with the Hierarchy of Controls, while consulting workers on the chosen controls.

    Apply approvals and change control; set containment before non-conforming work occurs; define verification methods.

    Effectiveness

    Continuously monitor and challenge control effectiveness and adjust as necessary.

    Verify results meet acceptance criteria; address non-conforming work; investigate events; prevent recurrence.

    Risk Tolerance

    Risk tolerance refers to the level of risk HY is willing to accept in a situation before further action is required to reduce or control it.

    We assess risk tolerance by considering how well we understand the scenario and how confident we are in the controls to proceed with work. If there’s still discomfort due to uncertainty by any member of the group planning or completing the works, lack of information, or insufficient resources, we continue working toward a more effective solution until that collective level of comfort is achieved.

    Understanding Risks – What We Know (and Don’t Know)

    Determining our risk tolerance means working out what we know, what we don’t, and where we need to dig deeper.

    We group risks into:

    • Known and planned for – Risks or facts that are well understood and planned for.
    • Untapped Knowledge – Information that exists but isn’t currently visible or accessible to the team.
    • Missing Pieces – Risks that are known but not fully understood or defined.
    • Unforeseeable Risks – Risks that are unforeseen or unpredictable.

    Known and planned for

    Example:
    The team knows that a harness is required in the boom lift, and the control is documented in the SWMS and HYer Standard.

    Untapped knowledge

    Example:
    A challenge came up during last week’s boom lift setup, but it wasn’t recorded in a way that this week’s crew could access.

    Missing pieces

    Example:
    We know wind could affect safe operation of the boom lift today, but we’re not sure how strong the wind will be during the task.

    Unforeseeable Risks

    Example:
    An undetected fault in the lift’s hydraulic system causes an issue mid-task, even though the last service showed no signs.

    Consultation and Communication

    Initial steps in the risk management process involve identifying relevant internal and external stakeholders. Key considerations include:

    • Incorporating diverse expertise at each risk management stage.
    • Ensuring various perspectives are considered during risk identification and assessment.
    • Providing sufficient information to support decision-making.
    • Fostering inclusiveness and ownership among those impacted by risks.

    Further detail is included in the Consultation and Communication Procedure on HYworkzone.

    WHS Management Plan

    Each Hansen Yuncken project must have a WHS Management Plan that reflects the specific scope of works and identifies the personnel responsible for WHS on the project.

    The plan must describe how key WHS risks will be identified, controlled, and monitored during project delivery, including any high-risk construction work. The WHS Management Plan is to be reviewed at least every six months, or earlier if there is a significant change to the project including but not limited to:

    • Significant changes to site layout
    • The introduction of new scope or trades
    • following a significant incident

    The plan must be approved by the Area Manager (or the General Manager if an Area Manager is not available for the region) and the HSE Manager. If the HSE Manager is unavailable, the Senior HSE Business Partner may approve the plan on their behalf.

    Hazard Identification

    This process involves recognising and describing hazards that could impact safety, quality, environmental factors, and property. Relevant information includes, but is not limited to:

    • Significant incidents
    • Internal and external safety alerts
    • Defects, rework, and repairs
    • Non-conformance reports
    • Previous learnings
    • SafeWork Australia Construction Industry Profile
    • Local WorkSafe or WorkCover authority updates
    • State/local environmental regulator communications

    Baseline Hazard Identification

    Every project must begin with a clear, shared understanding of the hazards, challenges, and opportunities ahead. The Project Startup Risk Workshop brings the team together early to identify risks across safety, commercial, environmental, quality, and operational areas, and to plan accordingly.

    We document known project-wide risks and their controls through the Project Risk Register.

    HYer Standards

    Recognising and documenting common hazards related to high-risk work categories as defined by state WHS regulations allows us to implement appropriate controls and monitor their effectiveness.

    Hansen Yuncken’s HYer Standards establish the minimum controls necessary for high-risk construction activities, ensuring safety and quality in planning and execution. Subcontractors must reference applicable HYer Standards when developing Safe Work Method Statements (SWMS).

    Our Safety, Quality, and Environmental HYer Standards are accessible via this website’s top menu.

    Risk Assessment Tools

    Proactive Planning Meetings (PPMs)

    Proactive Planning Meetings are our primary tool for assessing operational HSE risks on site. They form part of the risk assessment process by bringing the right people together to plan and review active and upcoming high-risk work.

    During PPMs, teams:

    • Discuss known hazards and risks
    • Identify potential hazards and risks
    • Evaluate risks
    • Determine appropriate controls
    • Confirm resources and site readiness
    • Plan upcoming High Risk Work (HRW) Check Ins
    • Identify any outstanding actions or support required before work starts
    • Escalate any issues or concerns

    PPMs are held monthly and recorded using the Proactive Planning Meeting template in the Inspections module in HammerTech.

    If an issue is identified that requires further support or decision-making, it must be escalated in line with the process in the following section.

    Quality Risk Management Tools

    Quality and Design processes are documented in their respective sections of SharePoint. Hansen Yuncken uses platforms such as ACC and Aconex to plan, assess, and verify quality and design outcomes. Quality risks are managed through structured planning, document control, and verification processes that extend from preconstruction through to delivery.

    At the preconstruction stage, risks are identified and assessed through Tender Reviews, Design Consultant Appointments, Value Management and Buildability Reviews, and the Project Start-up Risk Workshop. These tools allow the team to test the design for buildability, compliance, cost, sequencing, and procurement gaps, so that risks are understood before commitments are made. All tender and design information is managed in controlled systems (Aconex, ACC, CDE libraries) to avoid errors caused by outdated or missing documents.

    Before delivery begins, a QA Compliance Schedule is prepared to capture requirements from specifications, design outputs, and other project records. During delivery, quality is assured through the QA Compliance Schedule, HYer Standards, and ITPs, which together establish the minimum control points for inspections, hold/witness requirements, and workmanship standards. Where requirements or criteria are unclear, RFIs and Change Control processes are used to resolve risks before they affect site works.

    Evidence of inspections, tests, and certificates is recorded in ACC, while NCRs and Event Learning provide the means to address non-conformances, drive corrective actions, and transfer lessons into future projects. This approach ensures that quality risks are identified early, managed through the right controls, and backed by clear records throughout the project.

    Workers Tools

    Workers Tools support risk conversations when opportunities arise during planning or delivery. These tools help teams collaborate, problem-solve, and learn from each other to improve how work is done.

    These tools are available at hymanyminds.com.au and include:

    • Workers Insight: A quick collaborative activity addressing immediate task-related challenges.
    • Workers Success: Capturing insights from successful tasks to replicate positive outcomes.
    • Workers Have-a-Go: A structured experiment for safely trialling new ideas or processes.
    • Workers Learning Team: A comprehensive activity for teams to delve into work complexities, enhancing planning and solution development.

    Risk Register Updates from Planning and Site Activities

    Any hazards, risks, or controls identified during planning or on-site activities that are not already captured in the Project Risk Register must be added. This includes:

    • New hazards: If a hazard is identified that is not already documented, it must be added in the relevant section of the register.
    • Higher-order or additional controls: If teams are applying controls that go beyond those outlined in the HYer Standards (e.g. design-specific controls, innovative solutions, or additional supervision), these must be added to ensure they are documented, visible, and repeatable.
    • Legal references: If a control is linked to a specific WHS Regulation, Code of Practice, or Australian Standard, this should be included in the register for traceability and to support compliance checks.

    These insights may come from Proactive Planning Meetings, Worker Tools activities, design reviews, quality planning sessions, High Risk Work Check Ins, or other discussions.

    Keeping the Project Risk Register up to date ensures important information is captured. It helps the team plan effectively and demonstrates that risks are being managed in line with our systems and accreditation standards.

    Risk Evaluation and Escalation

    The availability and reliability of information, along with the resources available, are discussed to build alignment between the people planning and performing the work.

    This includes factors such as equipment, work method statements, worker competencies, quality of planning, and the level of discussion and understanding about the task.

    When assessing uncontrolled risks, Hansen Yuncken applies a structured evaluation to support group decision-making and build a shared level of confidence before proceeding with work.

    The team must collectively determine one of the following positions:

    Uncomfortable

    Comfortable

    Confident

    • We don’t have enough information

    or

    • The information we have isn’t reliable

    or

    • We don’t have the resources required to control this hazard
    • We have the required information

    and

    • We are satisfied that the information we have is reliable

    and

    • We are able to implement suitable controls
    • We have the required information

    and

    • We have verified that it is correct

    and

    • We are able to implement suitable controls

    Example:

    A worker is to use a harness in a boom lift, but no one can confirm anchor inspection or rescue plan.

    Example:

    A boom lift is in use with harnesses, anchor points have been inspected in the last year, and a rescue plan briefed.

    Example:

    A boom lift is in use with harnesses. Anchor point inspection has been done with records on file, rescue drill done this week, crew trained and ready.

    The following table outlines the actions for escalation to be taken based on the outcome of the team’s evaluation:

    Stages

    Uncomfortable

    Comfortable

    Confident

    Initial Assessment

    Explore contributing factors and further controls.

    Implement identified controls as reasonably practicable, following the Hierarchy of Control.

    Verify that controls are implemented as agreed through site checks, worker discussions, and supervisor or technical review.

    Further Consultation

    Consult Subject Matter Experts (SMEs).

    Group may consult SMEs after controls have been implemented to confirm best practice.

    SMEs or technical leads have reviewed and confirmed the suitability and application of controls.

    Escalated Consultation

    Consult Area or General Manager.

    Further escalation can be directed to a governing body if required.

    Further external advice may be sought depending on factors and approval by the Area or General Manager. (e.g. legal counsel, SME).

    Control Implementation

    Controls are to be determined based on what the project can realistically achieve, implemented in accordance with the Hierarchy of Control, which prioritises the most effective measures.

    If better or extra controls are identified during risk reviews and aren’t in the HYer Standards, they must be added to the Risk Register.

    Hierarchy of Controls

    Control Effectiveness

    Control effectiveness is monitored through HRW Check-Ins, inspections, capacity reporting, and monthly/quarterly reviews, with records maintained in HammerTech, PMR Dashboard, and Proactive Planning documentation.

    High Risk Work Check Ins

    High Risk Work Check Ins (HRWCIs) are a collaborative activity used to confirm that controls are in place in accordance with the relevant HYer Standard and the task-specific SWMS. They also involve consulting with workers to challenge the effectiveness of controls in place, identifying ways to improve safety, make the task easier, or more efficient.

    HRW Check Ins are documented in the Inspections module in HammerTech and consider the following:

    • Identify the high-risk work being done today.
    • Consultation about what’s working, what’s not, and how safety or efficiency could improve.
    • Confirm which HYer Standards apply to the task.
    • Confirm SWMS controls, pre-start attendance, and valid plant checks/tickets

    Recording and Reporting

    Sharing Learnings

    The process for sharing learnings is documented in the HSE Performance Management procedure.

    Company Leadership and Reporting Structure

    Effective risk management at Hansen Yuncken relies on commitment from Corporate Management and State Management groups, who oversee operations, implement national strategies, and support company performance.
    Personnel involved in HY’s Core Operations form a tiered structure that includes:

    • Board
    • National Leadership Team
    • State Management Teams
    • Project Leaders and Project Teams

    These personnel contribute to HY’s operational meeting and reporting structure.

    Definitions and Abbreviations

    HIRACE – Hazard Identification, Risk Assessment, Control, and Effectiveness.

    HRWCI – High Risk Work Check In.

    HY – Hansen Yuncken.

    HYer Standards – Hansen Yuncken’s minimum control expectations for high-risk work categories.

    HSE – Health, Safety and Environment.

    PCBU – Person Conducting a Business or Undertaking (legal entity with primary WHS duties).

    PPM – Proactive Planning Meeting, HY’s primary tool for assessing and planning high-risk work.

    PMR Dashboard – Project Management Reporting Dashboard, used to track project performance and risk data.

    SME – Subject Matter Expert.

    SWMS – Safe Work Method Statement, documenting task-specific hazards and control measures.

    Workers Tools – Suite of collaborative tools (Workers Insight, Workers Success, Workers Have-a-Go, Workers Learning Team) to support planning, learning, and improving how work is done.

    Known and Planned For – Risks or facts that are well understood and accounted for.

    Untapped Knowledge – Information that exists but isn’t currently visible or accessible to the team.

    Missing Pieces – Risks that are known but not fully understood or defined.

    Unforeseeable Risks – Risks that are unforeseen or unpredictable.

    References

    • ISO 31000:2018 – Risk Management – Guidelines
    • Model Work Health and Safety Act 2011 (Cth)
    • Model Work Health and Safety Regulations 2011 (Cth)
    • Code of Practice: How to Manage Work Health and Safety Risks
    • Safe Work Australia – Construction Industry Profile
    • WorkSafe / WorkCover Authority Guidelines (by State)

    Documents and Useful Links

    Last Modified: December 15, 2025