Risk Assessments: What Colours Should I Use?

IT. DOESN’T. MATTER.

Every few months, I see the same debates pop up in safety forums and LinkedIn groups:

“Should I use red for high risk, amber for medium, green for low?”

“Should we go traffic light, or should we use shades of blue?”

Let me make it simple for you—when it comes to legal compliance, it does not matter what colours you use.

The Documentation Myth

We’ve all heard the mantra: “If it’s not documented, it didn’t happen.” Sounds catchy. Sounds safe. But it’s only partially true.

Here’s the actual position: under Australian WHS law, there’s no legal requirement to have a documented risk assessment. None. Zip. Zero.

The law requires you to:

• Identify hazards

• Assess the risk (likelihood and consequence)

• Implement controls so far as is reasonably practicable (SFARP)

• Review those controls

Whether you do that on a form, in a spreadsheet, or your head while walking the factory floor isn’t the legal test. The test is whether you’ve done it, and whether it’s effective.

Now, like all WHS legislation around the place, there are some “buts”... There are some areas where risk must be considered and documented, including in construction work under the regulations, where a documented Safe Work Method Statement (SWMS) is required. While not a traditional risk assessment, it does document identified hazards and means of controlling, or steps to take to minimise.

How are you supposed to know these things besides reading Safety Jon’s sick blog?

You guessed it! Engage or employ a suitably qualified health and safety professional.

And to the profession, I’m not paid a kicker for promoting the profession. I’m only interested in minimising risk and exposure to trauma in Australian workplaces. Still, in the words of Maui from Moana (I now know the lyrics to most of its classics thanks to becoming a dad) - “You’re welcome”.

When Documentation Does Matter

Now, if you’re in an accredited system—like ISO 45001—documentation is a core requirement. And yes, if you want to impress a regulator with how neatly you can show the process on paper, then by all means, document it in full colour, 3D charts, or even scented markers if that’s your thing.

But for most workplaces? The focus should be on doing the work, not decorating the page.

The Real Marker of Success

If you want to know whether your risk assessment process is working, forget about the forms for a minute.

Ask yourself:

• Have you been able to identify the hazards in your workplace?

• Do you understand how they could hurt someone, how likely that is, and how bad it could be?

• Have you put controls in place, SFARP?

• Have you been able to review those controls?

And the big one: Have you involved your team—the people exposed to the risk?

Because here’s the kicker: if I walked into your workplace tomorrow and asked one of your operators how they were involved in managing a hazard, and they could clearly explain:

• What is the hazard?

• How they were involved in finding solutions

• What controls are in place and why

…then BAM—you’ve nailed it. That’s a living, breathing, effective risk management process.

Stop Colouring In. Start Managing Risk.

Too many organisations spend more time arguing about shades of red than they do about actually fixing hazards.

Colour coding is a tool, not a compliance requirement. The law doesn’t care about your palette—it cares about whether you’ve taken all reasonably practicable steps to protect people from harm.

So, the next time someone asks you, “What colours should I use in my risk matrix?”, feel free to channel your inner Dwayne Johnson and say:

IT. DOESN’T. MATTER.