The Two Numbers That Drive the Whole Exercise
Every HIRA lives or dies on two values: Likelihood of Exposure and Consequence/Impact. If those two assessments are wrong — inflated by optimism, deflated by pressure from site management, or simply guessed because the assessor didn't have time to do a proper walkthrough — the Risk Rating that flows from them is fiction. The rest of the document, the control measures, the responsibility assignments, the review dates, all become administrative paperwork layered over an unresolved hazard.
The HIRA template in Memento structures these assessments as forced-choice fields, not free text. Likelihood runs from 1-2 Rare through 8-10 Definitely. Consequence runs from 1-2 Minor to 8-10 Fatality. Probability of Exposure is captured separately as a third axis, acknowledging that the frequency of contact with a hazard is distinct from the likelihood that any given contact results in harm. The final Risk Rating is a numeric integer field — the assessor calculates and enters it based on the matrix outputs. A second Risk Rating field toward the document close captures the residual risk category as LOW, MEDIUM, or HIGH after controls are applied.
That two-pass structure — pre-control rating, then post-control residual rating — is the actual compliance test. An uncontrolled HIGH that drops to LOW after engineering controls is a well-managed hazard. An uncontrolled HIGH that stays HIGH after PPE is assigned tells you the hierarchy of controls wasn't properly applied, and a regulator will see that immediately.
What Happens Between the Hazard and the Signature
The Unsafe Condition field is where the hazard gets named in plain language. Next to it sits a photo attachment field: Risk - Area of Non-Compliance. This is not a nice-to-have. An assessor who photographs the actual unsafe condition — an unmarked edge, a chemical storage arrangement, a scaffold tie spacing — creates an evidentiary record that can be reviewed by someone who wasn't present during the assessment. That photograph also anchors the remedial review: when the review date arrives, you go back to the same location, look at the photo, and verify the corrected state.
The Control Measures section follows the hierarchy that OHS practice requires: Eliminate, Substitute, Isolation/Isolation, Engineering/Redesign, Administrative, PPE — listed in that order. The template's multichoice field presents these options and allows multiple selection, which reflects real-world scenarios where layered controls apply. The Applied Technique field gives the assessor a narrative slot to document exactly what was done, not just which category the control falls into.
Responsible Person/Department covers the organizational chain: Owner through Supervisor through Employee. Two dates follow: Date Remedial Action Taken and Date to Review for Effectiveness. These aren't optional — they're the mechanism that converts a HIRA from a one-time observation into an active compliance loop. Without a review date, the document closes and nothing gets checked.
When the Document Needs to Stand Up Without You
The Document Control section collects the Risk Assessor's name, position, and signature, with a second signature block at the end for the close-out stage. The List of Employees field captures all personnel involved in the high-risk activity — not because it looks thorough, but because if something goes wrong, that list is the first thing any investigation will request.
An assessor who has completed 200 HIRAs in this template has a searchable archive. Filter by Risk Rating HIGH — you know which sites have unresolved elevated hazards. Filter by Review Date overdue — you know which assessments haven't been revisited. Filter by High Risk Activity type — you see patterns across worksites.
The Entities Involved field is subtle but important: Colleges, Public, Sub-Contractor, Building Property, Other Company Assets. A hazard that involves a sub-contractor triggers different notification obligations than one that involves only company employees. Logging this at the hazard identification stage, before the risk matrix runs, ensures that the downstream control selection accounts for third-party exposure, not just the site workforce.