Occupational Safety and Health (OSH Risk Management) Regulations 202x
Occupational Safety and Health (OSH Risk Management) Regulations 202x

Occupational Safety and Health (OSH Risk Management) Regulations 202x
Peraturan-Peraturan Keselamatan and Kesihatan Pekerjaan (Pengurusan Risiko KKP) 202x


The proposed new Regulations, which will come under the Occupational Safety and Health Act 1994 (OSHA), aim to outline the employer’s duty to carry out risk assessment in the workplace, and to establish a uniform manner for conducting risk assessment.

Employers shall conduct risk assessment, by competent risk assessor, for any activities in relation to the safety and health risk in all workplaces (also take into consideration during design stage when possible).  Employer shall implement risk control measures or safe work procedure – specify roles and responsibilities of persons involved in such implementation or he himself being responsible (for self-employed person).  Employer shall re-evaluate the risk to ensure the residual risks of hazard are at medium or low risk level, and not higher than the initial evaluation.  The employer shall communicate to the person in the workplace who may be expose to health and safety risk on the nature of risk involved and any risk control or safe work procedure implemented.

An Industry Code of Practice (ICOP) was drafted to be published along with the Regulations, to replace the existing Guidelines on Hazard Identification, Risk Assessment and Risk Control (HIRARC), 2008.  The ICOP is aimed to establish a uniform method/ process in conducting risk assessment and implementing risk management in the workplace, assisting employers in complying with OSH Risk Management Regulations.  Employer shall ensure the risk assessor conducts risk assessment in accordance with the manner specified in the ICOP.

Review/ Q&A

What are the impacts of new regulations on the risk assessment conducted prior to the promulgation of the Regulations?

Any risk assessment completed before the commencement of these Regulation will be reviewed in accordance with the manner in these Regulations within one (1) year from the date of the commencement of these Regulations.  Any requirement imposed by or under the OSHA relating to the need to carry out a risk assessment will be deemed to have complied with the requirements imposed under these Regulations.

Is there any review frequency of risk assessment specified in the new Regulations?

Risk assessment shall be reviewed when: i) any incident occurred to any person as a result of exposure to a hazard in the workplace, ii) there is a significant change in work process, practices or procedures, iii) new information on hazard is made known, or iv) directed by the Director General within time limit so specified.

What are the potential penalties under the Regulations?

Maximum fine of RM 40,000 and/or imprisonment not exceeding 2 years for violation related to the conduct of risk assessment and risk control. Maximum fine of RM 20,000 and/or imprisonment not exceeding 1 year for: i) risk assessment not conducted by competent risk assessor, ii) risk assessment not according to the manner under the relevant ICOP, iii) no review of risk assessment, iv) risk not communicated, or v) no record of rick assessment.  

What is the key information in the Industry Code of Practice (ICOP)?

The proposed ICOP consists of 12 parts and 4 appendices, as listed below: 

  • Part 1 – Objective and Scope of ICOP
  • Part 2 – General Requirement
  • Part 3 – OSH Risk Management
  • Part 4 – Preparation
  • Part 5 – Risk Assessment
  • Part 6 – Risk Control
  • Part 7 – Risk Re-evaluation
  • Part 8 – Implementation
  • Part 9 – Review
  • Part 10 – Communication
  • Part 11 – Record
  • Part 12 – Training for Risk Assessor
  • Appendix 1 – Risk Assessment Form
  • Appendix 2 – Serious Bodily Injury
  • Appendix 3 – Principles of Prevention
  • Appendix 4 – Safe Work Procedure

What are the key features of the risk assessment processes outlined in the ICOP?
  • OSH Risk Management Team to be appointed by the employer, which consists of the risk assessor (team leader) and team members with multi-disciplinary representation.
  • Suggested likelihood ratings (L): (5) Most Likely, (4) Possible, (3) Conceivable, (2) Remote, (1) Inconceivable.
  • Suggested severity ratings (S): (5) Catastrophic, (4) Major, (3) Moderate, (2) Minor, (1) Negligible
  • Risk Matrix Number (RMN) = L x S
  • Risk control must be implemented so that the risk levels are not in the red zone (“High Risk”, RMN 15-25) before work commences.
  • Risk assessor should alert employer if Likelihood is “inconceivable” or “remote” but severity is “catastrophic” or likelihood is “remote” or “conceivable” but the severity is “major”.
  • Sample risk assessment form is provided in Appendix 1.
  • Employer shall ensure appointed risk assessor attend training for conducting risk assessment. The scope should include – OSH legislation, OSH risk management system, hazard identification, risk evaluation and risk re-evaluation, risk control, and OSH risk management record.
Please Download the PDF HERE

Published : 13-Jun-2023

Switch To Desktop Version