HIRARC Guideline: Comprehensive Approach to Workplace Safety

Disclaimer: This article provides general guidance based on OSHA 1994 (Amendment 2022, Act A1648) and DOSH Guidelines on HIRARC 2008 (Second Revision). Regulations may be amended. Always verify current requirements with DOSH or qualified safety professionals before making compliance decisions.

Most HIRARC documents sitting in Malaysian factory offices right now would not survive a DOSH audit. They are templates copied from another company, dated three years ago, and listing PPE as the only control measure for every hazard.

That was a RM 50,000 problem before June 2024. Under OSHA 1994 (Amendment 2022), it is now a RM 500,000 problem. DOSH enforcement has shifted from advisory visits to prosecution-ready audits, and inadequate HIRARC documentation is one of the most common findings.

This guide walks you through HIRARC implementation the way DOSH expects it done. Not theory. Not definitions. The actual step-by-step process with templates, scoring criteria, worked examples, and the specific compliance gaps that trigger enforcement action.

What This Guide Covers

• The 7-step HIRARC implementation process with output requirements
• Risk matrix templates with likelihood and severity scoring criteria
• Hierarchy of controls with practical Malaysian industry examples
• Complete worked HIRARC examples for manufacturing and construction
• DOSH audit compliance checklist and common failure points
• How HIRARC documentation affects your insurance programme

The 7-Step HIRARC Implementation Process

DOSH structures HIRARC as a sequential process. Each step produces a specific output that feeds the next step. Skipping steps is the single most common reason HIRARC documents fail audit.

Step	Action	Output Required	Who Is Responsible
1	Classify all work activities	Activity inventory grouped by department and process	HIRARC team + department heads
2	Identify hazards for each activity	Hazard register with type, source, and consequences	HIRARC team + frontline workers
3	Assess risk (likelihood x severity)	Risk rating for each hazard using 5x5 matrix	HIRARC team led by SHO or competent person
4	Determine if risk is acceptable	Risk classification: intolerable, high, medium, or low	HIRARC team + management
5	Identify control measures using hierarchy	Control measures for each intolerable and high risk	HIRARC team + engineering/operations
6	Implement controls and reassess residual risk	Updated risk ratings showing residual risk after controls	Department heads + SHO
7	Review and update regularly	Dated review records with changes documented	SHO + Safety and Health Committee

Most companies skip Steps 1 through 4 and jump straight to Step 5 by listing controls without properly classifying activities or scoring risks. DOSH inspectors check for this pattern specifically.

Step 1: Classifying Work Activities

Before you can identify hazards, you need a complete inventory of what your workers actually do. This means walking through every area of your facility, observing actual operations, and documenting every activity.

DOSH expects coverage of three activity types: routine operations (daily work), non-routine tasks (maintenance, shutdowns, setup changes), and emergency situations (fire response, chemical spills, evacuation). Missing any category is an audit finding.

Department	Activity	Location	Equipment / Materials	Workers Exposed
Production	CNC machine operation	Production floor, Zone A	CNC lathe, coolant fluid, metal stock	12 operators, 2 supervisors
Production	Welding and fabrication	Fabrication shop	MIG/TIG welders, grinders, compressed gas	8 welders, 3 assistants
Warehouse	Forklift operations	Warehouse, loading bay	Counterbalance forklift, pallet racking	4 drivers, 6 warehouse staff
Maintenance	Electrical maintenance	Throughout facility	Electrical panels, LOTO equipment, hand tools	3 electricians
Maintenance	Working at height (roof, lighting)	Rooftop, elevated areas	Ladders, scaffolding, harnesses	2 technicians
Chemical store	Chemical handling and storage	Chemical store room	Solvents, acids, cleaning agents, SDS sheets	2 storekeepers
All departments	Emergency evacuation drill	Entire facility	Fire extinguishers, assembly points, alarm system	All staff

Do not rely on job descriptions or previous HIRARC documents. Walk the floor. Talk to workers. The activities people actually perform often differ from what is documented.

Step 2: Hazard Identification Methods

DOSH does not prescribe a single method for identifying hazards. The guideline lists several approaches, and effective HIRARC uses a combination. Relying on only one method will miss entire categories of risk.

Method	What It Involves	Best For	Limitations
Workplace inspection	Physical walkthrough using checklist	Visible hazards: housekeeping, guarding, signage	Misses intermittent and process-related risks
Job Safety Analysis (JSA)	Breaking each job into steps, identifying hazards at each step	Task-specific risks, high-risk activities	Time-intensive; impractical for all jobs
Incident and near-miss review	Analysing past incidents, first aid reports, near-miss records	Identifying recurring patterns and high-frequency risks	Only captures hazards that already caused incidents
Worker consultation	Interviews, surveys, safety committee feedback	Hazards known to operators but invisible to management	Workers may under-report normalised risks
Safety Data Sheet review	Reviewing SDS for all chemicals on site	Chemical hazards: exposure limits, incompatibilities, PPE	Only covers chemical hazards
What-if analysis	Brainstorming failure and upset scenarios	Process upsets, equipment failures, emergency scenarios	Quality depends on team experience

Hazard Categories Required by DOSH

DOSH identifies six hazard categories that must all be assessed. If your HIRARC only covers safety hazards (falls, machinery contact) and ignores chemical, ergonomic, or psychosocial hazards, it is incomplete.

Hazard Category	Factory / Construction Examples	Commonly Overlooked
Physical	Noise, vibration, heat stress, radiation, falling objects	Routine noise exposure from daily operations often ignored
Chemical	Solvents, acids, welding fumes, silica dust, cleaning agents	Cleaning chemicals and lubricants not included in assessments
Biological	Legionella in cooling towers, mould, pest contamination	Cooling tower and ventilation system maintenance rarely assessed
Ergonomic	Repetitive motion, manual handling, awkward postures, vibration	Production line ergonomics overlooked in favour of "bigger" hazards
Psychosocial	Shift work fatigue, excessive overtime, time pressure, workplace stress	Almost always missing from factory HIRARC documents
Safety	Slips, trips, falls, machinery contact, electrical, fire, confined spaces	Non-routine tasks (maintenance, shutdowns) not covered

The psychosocial category is where most Malaysian HIRARC documents have zero entries. DOSH has increased focus on this category, particularly for operations running 12-hour shifts or heavy overtime schedules.

Step 3: Risk Assessment Using the 5x5 Matrix

Risk is calculated as Likelihood multiplied by Severity. DOSH uses a 5x5 matrix that produces scores from 1 to 25. Both scales must have defined criteria so that different assessors rating the same hazard arrive at similar scores.

Likelihood Rating Scale

Rating	Likelihood	Description	Frequency Guide
1	Very Unlikely	Conceivable but only in extreme circumstances	Less than once in 10 years
2	Unlikely	Has not happened but is possible	Once in 5 to 10 years
3	Possible	Could occur at some time	Once in 1 to 5 years
4	Likely	Has happened before, will probably happen again	Once per year or more frequently
5	Almost Certain	Expected to occur in most circumstances	Monthly or more frequently

Severity Rating Scale

Rating	Severity	Injury / Health Impact	Property / Business Impact
1	Negligible	First aid only, no lost time	Minor damage below RM 5,000
2	Minor	Medical treatment, short absence below 4 days	Equipment damage RM 5,000 to RM 50,000
3	Moderate	Lost time injury above 4 days, temporary disability	Process disruption, damage RM 50,000 to RM 500,000
4	Major	Permanent disability, occupational disease	Major damage RM 500,000 to RM 5 million, extended shutdown
5	Catastrophic	Fatality or multiple fatalities	Total loss above RM 5 million, business closure

5x5 Risk Matrix

Multiply Likelihood by Severity to get the Risk Score. The matrix below shows the classification for every combination.

Likelihood / Severity	1 (Negligible)	2 (Minor)	3 (Moderate)	4 (Major)	5 (Catastrophic)
5 (Almost Certain)	5 Medium	10 High	15 Intolerable	20 Intolerable	25 Intolerable
4 (Likely)	4 Low	8 Medium	12 High	16 Intolerable	20 Intolerable
3 (Possible)	3 Low	6 Medium	9 High	12 High	15 Intolerable
2 (Unlikely)	2 Low	4 Low	6 Medium	8 Medium	10 High
1 (Very Unlikely)	1 Low	2 Low	3 Low	4 Low	5 Medium

Risk Level Action Requirements

Risk Level	Score Range	Required Action	Timeline
Intolerable	15 to 25	Work must not start or continue until risk is reduced. If reduction is not possible, work must remain prohibited.	Immediate
High	9 to 12	Risk reduction measures must be implemented within defined time period. Interim controls required immediately.	Within 1 to 3 months
Medium	5 to 8	Efforts should be made to reduce risk. Controls should be implemented within defined period.	Within 3 to 6 months
Low	1 to 4	Risk is acceptable. No additional controls required. Monitor during regular reviews.	Monitor at next review

A common DOSH audit finding is every hazard rated as "Low." No factory in Malaysia has zero medium or high risks. Assessors who rate conservatively and honestly produce more credible documents than those who minimise every score.

Steps 4 and 5: Hierarchy of Controls

Once risks are scored and classified, controls must follow the hierarchy of controls. DOSH requires that higher-level controls are considered before defaulting to PPE. If your HIRARC lists PPE as the primary control for a hazard that could be addressed through engineering controls, expect audit questions.

Control Level	Effectiveness	Manufacturing Example	Construction Example
1. Elimination	Most effective: removes hazard entirely	Replace solvent-based cleaning with water-based process	Prefabricate components at ground level
2. Substitution	Replaces hazard with less dangerous alternative	Use trivalent chromium plating instead of hexavalent	Mechanical lifting instead of manual handling
3. Engineering Controls	Isolates workers from hazard	Machine guarding, local exhaust ventilation, noise enclosures	Guardrails, safety nets, excavation shoring
4. Administrative Controls	Changes how people work	LOTO procedures, job rotation, permit-to-work systems	Hot work permits, traffic management plans, toolbox talks
5. PPE	Least effective: last line of defence	Safety glasses, hearing protection, chemical gloves	Safety harness, hard hat, high-visibility vest

DOSH inspectors know that most Malaysian HIRARC documents default to PPE for every hazard. If a hazard can be eliminated or controlled through engineering, your HIRARC must document why it was or was not feasible before listing PPE.

Need Help Aligning Your HIRARC with Insurance Requirements? Talk to Our Risk Specialists.

Complete HIRARC Example: CNC Lathe Operation (Manufacturing)

This worked example follows the full DOSH guideline structure from hazard identification through residual risk assessment. It demonstrates how a single activity should be documented in your HIRARC.

HIRARC Field	Entry
Activity	CNC lathe operation: loading and unloading workpieces
Hazard	Contact with rotating chuck and spindle during workpiece loading
Hazard Category	Safety (machinery contact)
Potential Consequence	Finger or hand amputation, entanglement injury
Existing Controls	Machine guard installed but currently bypassed by operators to speed production
Likelihood (existing controls)	4 (Likely: guard is regularly bypassed)
Severity	4 (Major: permanent disability)
Risk Score	16 (Intolerable)
Additional Controls	1. Engineering: Install interlocked guard preventing operation when guard is open 2. Administrative: Retrain operators, update SOP, disciplinary procedure for guard bypass 3. PPE: Cut-resistant gloves during loading
Residual Likelihood	1 (Very Unlikely: interlock physically prevents exposure)
Residual Severity	4 (Major: consequence unchanged if contact occurs)
Residual Risk Score	4 (Low)
Responsible Person	Production Manager + Maintenance Supervisor
Target Completion	Interlock installation: 30 days. Training: 14 days.

The risk dropped from 16 (Intolerable) to 4 (Low) because the interlock physically prevents the hazard exposure. The severity stays at 4 because the consequence of contact does not change. What changes is likelihood: from "guard bypassed regularly" to "interlock prevents machine operation when guard is open."

This is the level of detail DOSH expects for each hazard entry. A single-line "install machine guard" with no before-and-after risk scoring is not adequate.

Complete HIRARC Example: Working at Height (Construction)

HIRARC Field	Entry
Activity	Installation of formwork at 8 metres height
Hazard	Fall from height due to unprotected edge
Hazard Category	Safety (fall from height)
Potential Consequence	Fatality or multiple fractures, spinal injury
Existing Controls	Safety harness available on site but not always used; no guardrails at work platform edge
Likelihood (existing controls)	4 (Likely: harnesses not consistently used, no physical barrier)
Severity	5 (Catastrophic: fatality from 8m fall)
Risk Score	20 (Intolerable)
Additional Controls	1. Elimination: Prefabricate formwork sections at ground level where possible 2. Engineering: Install guardrails and toe boards at all open edges before work begins 3. Engineering: Deploy safety nets below work platform 4. Administrative: Permit-to-work for all work above 3 metres, toolbox talk before shift 5. PPE: Full body harness with double lanyard, mandatory anchorage point connection
Residual Likelihood	1 (Very Unlikely: physical barriers prevent falls, multiple backup systems)
Residual Severity	5 (Catastrophic: fall consequence unchanged)
Residual Risk Score	5 (Medium)
Responsible Person	Site Safety Supervisor + Project Manager
Target Completion	Guardrails: before work commences. Harness training: before worker access. Permit system: immediate.

Notice the residual risk is Medium (5), not Low. This is honest assessment. Working at height always carries residual risk even with all controls in place. DOSH expects realistic residual ratings, not artificially low scores. A HIRARC that rates fall-from-height residual risk as "1 Low" loses credibility.

DOSH Audit: What Inspectors Actually Check

Understanding what DOSH inspectors look for during audits helps you prepare documentation that will withstand scrutiny. These are the specific compliance points they verify.

DOSH Checks	What They Verify	Common Failure
Document is current and signed	Dated document with review dates, signed by competent person	Document dated 2019, never reviewed or updated
All activities covered	Cross-reference activities observed on site with HIRARC entries	Maintenance, contractor work, or new processes not included
Consistent methodology	Same rating criteria applied across all hazards	Similar hazards rated very differently by different assessors
Hierarchy of controls applied	Evidence that higher-level controls considered before PPE	Every hazard controlled only by PPE and training
Controls actually implemented	Physical verification that controls listed in HIRARC exist on site	HIRARC says "machine guarding" but guards are missing or removed
Worker awareness	Random interviews with workers about hazards in their area	Workers have never seen the HIRARC or been briefed on it
Regular reviews conducted	Review records with dates, attendees, and changes made	No review records, or reviews are rubber-stamping without changes
Updated after incidents	Evidence of HIRARC revision after incidents, new processes, or new equipment	Incident occurred but HIRARC was not updated

The gap between what your HIRARC document says and what is actually happening on your factory floor is the single biggest audit risk. DOSH inspectors verify by walking the floor and comparing what they see to what your document claims.

Under OSHA 1994 (Amendment 2022, Act A1648), effective 1 June 2024, penalties for inadequate risk assessments increased tenfold. Fines now reach up to RM 500,000 or imprisonment up to 2 years or both. DOSH can also issue improvement notices with daily penalties for non-compliance.

HIRARC Review Triggers and Timelines

HIRARC is not a one-time document. DOSH requires both scheduled reviews and triggered reviews when specific events occur. Missing a review trigger is a compliance gap.

Review Trigger	Action Required	Timeline
Scheduled annual review	Full review of all entries, confirm controls still in place	At least annually (quarterly for high-hazard operations)
Workplace accident or near-miss	Review the specific entry, update risk rating and controls	Within 7 days of incident
New equipment, process, or chemical	Add new HIRARC entries for new activities or hazards	Before new process or equipment is commissioned
Regulatory change	Review all affected entries against new requirements	Within 30 days of regulation taking effect
Organisational change	Review affected entries, update responsible persons	Before change is implemented
Insurance survey findings	Incorporate surveyor recommendations into HIRARC	Within timeframe specified by surveyor
DOSH audit findings	Address all non-conformances, update entries accordingly	Within timeframe specified in improvement notice

Common HIRARC Mistakes That Trigger DOSH Enforcement

These are the specific implementation failures that DOSH inspectors encounter most frequently in Malaysian factories and construction sites. Each one can result in an improvement notice or prosecution.

Mistake	Why It Fails Audit	How to Fix
Copy-paste template from another company	Does not reflect your actual workplace. DOSH verifies against floor observations.	Start fresh using your own activity inventory with input from workers who do the actual jobs.
Every hazard rated "Low"	No factory has zero medium or high risks. Shows assessment was not honest.	Use rating scales honestly. If in doubt, rate conservatively.
PPE as only control for every hazard	Violates hierarchy of controls. DOSH expects elimination and engineering first.	Document why higher-level controls are or are not feasible before listing PPE.
No residual risk assessment	Controls identified but no evidence they actually reduce risk.	Re-rate each hazard after controls. Residual risk must be lower than initial risk.
Completed by one person only	SHO cannot know every hazard in every department. Risks get missed.	Form a HIRARC team with department representatives and frontline workers.
Non-routine activities not covered	Maintenance, contractor work, and emergencies are often highest-risk activities.	Include sections for maintenance, shutdowns, contractor activities, emergency scenarios.
No link between HIRARC and SOPs	Controls in HIRARC do not appear in operating procedures.	Cross-reference HIRARC controls with SOPs. Update SOPs when HIRARC controls change.
Document not updated after incidents	DOSH checks incident records against HIRARC revision history.	Revise relevant HIRARC entries within 7 days of any incident or near-miss.

Want a HIRARC Review Before Your Next DOSH Audit? Get a Complimentary Insurance Risk Assessment.

HIRARC and Your Insurance Programme

Your HIRARC documentation directly affects four areas of your insurance programme. Insurers and loss adjusters review HIRARC at different stages, and the quality of your documentation influences outcomes at each stage.

Insurance Stage	How HIRARC Is Used	Impact of Poor HIRARC
Pre-inception risk survey	Surveyor reviews HIRARC as part of facility risk assessment	Higher premiums, coverage restrictions, or declined quotation
Claims investigation	Loss adjuster requests HIRARC to check if incident risk was identified and controlled	If risk was not in HIRARC, insurer may argue negligence and reduce or deny the claim
Workmen compensation claims	HIRARC reviewed to assess whether employer took reasonable steps to prevent injury	Absent or inadequate HIRARC strengthens employee negligence case
Public liability claims	HIRARC reviewed to assess duty of care toward visitors, contractors, public	Inadequate third-party risk identification increases liability exposure

A well-documented HIRARC showing identified risks, systematic assessment, and implemented controls actually protects you during claims. Even if an incident occurs, demonstrating a proper risk management process can be the difference between a paid claim and a denied one.

For industrial property insurance (IAR) and fire insurance, your HIRARC assessment of fire and explosion risks directly feeds into the underwriter's risk grading. Facilities with comprehensive HIRARC documentation consistently receive better terms than those with generic templates.

HIRARC Compliance Self-Assessment Checklist

Use this checklist before your next DOSH audit or insurance survey. Score yourself honestly. Each "No" answer represents a compliance gap that needs attention.

No.	Compliance Point	Yes / No
1	HIRARC document is site-specific (not a generic template from another company)
2	All work activities classified: routine, non-routine, and emergency
3	All six hazard categories assessed: physical, chemical, biological, ergonomic, psychosocial, safety
4	5x5 risk matrix used with defined likelihood and severity scales
5	Hierarchy of controls applied (not just PPE for every hazard)
6	Residual risk assessed after controls are implemented
7	Responsible persons assigned for each control measure with target dates
8	Review conducted within the last 12 months with dated records
9	Workers briefed on hazards and controls relevant to their work area
10	HIRARC updated after each workplace incident or near-miss
11	Non-routine activities included: maintenance, shutdowns, contractor work
12	Conducted by competent person (registered SHO or qualified safety professional)

Score of 10 or above: Your HIRARC likely satisfies DOSH requirements. Score of 8 or below: Significant gaps that need attention before your next audit or insurance survey.

HIRARC Documentation Structure

Your HIRARC document should follow a consistent structure that DOSH inspectors can review efficiently. This template covers all mandatory elements.

Section	Contents	Purpose
Cover page	Company name, facility address, document number, revision date, prepared by, approved by	Establishes document control and accountability
Scope and methodology	Activities covered, assessment methodology, team members, dates of assessment	Shows DOSH the assessment was systematic and inclusive
Rating criteria	Likelihood scale, severity scale, risk matrix, action level definitions	Ensures consistent scoring across all assessors
Activity inventory	Complete list of work activities by department, location, equipment, workers exposed	Demonstrates comprehensive coverage
HIRARC register	Full assessment entries: hazard, risk rating, controls, residual risk, responsible person, timeline	Core document: shows the risk management process
Risk summary	Summary table showing total hazards by risk level before and after controls	Quick overview for management and auditors
Review records	Dates, attendees, changes made, reasons for changes	Proves the document is a living system, not a shelf document

Related Compliance Requirements

HIRARC does not exist in isolation. It connects to several other compliance obligations that Malaysian employers must meet. Understanding these connections helps you build an integrated safety management system.

Related Requirement	Connection to HIRARC	Learn More
Safety and Health Officer (SHO)	SHO leads the HIRARC assessment team and signs off on the document	SHO requirements guide
Emergency Response Plan (ERP)	HIRARC identifies hazards that require emergency procedures in the ERP	ERP compliance guide
OSHA 1994 penalties	Inadequate HIRARC triggers penalties under Section 15 employer duties	OSHA penalties guide
PPE requirements	HIRARC determines which PPE is required for each activity and hazard	PPE requirements guide
Working at height	HIRARC must specifically assess fall hazards for all elevated work	Working at height guide
BOMBA fire certificate	Fire risk entries in HIRARC must align with BOMBA fire risk assessment	BOMBA FC guide
Lifting equipment inspection	HIRARC assessment of lifting operations must reference CF certification status	Lifting inspection guide
Forklift licence requirements	HIRARC for forklift operations must include operator competency verification	Forklift licence guide

Get Your Factory's Insurance Programme Aligned with DOSH Requirements. Contact Foundation Today.

Frequently Asked Questions

How often must HIRARC be reviewed under DOSH guidelines?

At minimum annually for all workplaces. High-hazard operations should review quarterly. Additionally, reviews must be triggered by workplace incidents, near-misses, new processes or equipment, regulatory changes, and organisational restructuring. DOSH expects evidence of both scheduled and triggered reviews with dated records showing what was reviewed and what changed.

Who is qualified to conduct a HIRARC assessment in Malaysia?

DOSH requires HIRARC to be conducted by a "competent person." In practice, this means your registered Safety and Health Officer (SHO) leads the assessment with a team that includes department supervisors and frontline workers. For complex operations involving specialised hazards such as chemical processes or confined spaces, you may need an external safety consultant with specific industry expertise.

What is the difference between HIRARC and JSA?

HIRARC is the overall framework for identifying and managing all workplace hazards across your entire operation. Job Safety Analysis (JSA) is one specific technique used within HIRARC that breaks individual tasks into steps and identifies hazards at each step. You use HIRARC for the complete picture and JSA for high-risk specific tasks. JSA is a tool within the HIRARC toolbox, not a separate system.

Can DOSH fine my company for an inadequate HIRARC?

Yes. Under OSHA 1994 (Amendment 2022, Act A1648), effective 1 June 2024, failure to conduct adequate risk assessments can attract fines up to RM 500,000 or imprisonment up to 2 years or both. DOSH can also issue improvement notices requiring you to redo your HIRARC within a specified timeframe, with daily penalties for non-compliance.

How does HIRARC relate to ISO 45001 certification?

ISO 45001 requires organisations to identify hazards and assess risks as part of their occupational health and safety management system. HIRARC conducted according to DOSH guidelines satisfies most of ISO 45001 Clause 6.1 requirements for hazard identification and risk assessment. The main additional requirement for ISO 45001 is documented evidence of worker participation in the process and consideration of opportunities alongside risks.

What is the difference between initial risk and residual risk?

Initial risk is the risk rating considering only existing controls that are already in place. Residual risk is the risk rating after all additional planned controls are implemented. Both must be documented in your HIRARC. The goal is to reduce residual risk to an acceptable level. If residual risk remains "High" or "Intolerable" after controls, you need additional measures or must prohibit the activity.

Do I need separate HIRARC documents for each department?

Not necessarily. Small factories with under 50 workers can use a single HIRARC covering all activities. Larger operations with multiple departments, buildings, or complex processes often find it practical to have department-specific documents that feed into a master register. The key DOSH requirement is completeness: every work activity must be covered regardless of how you organise the documents.

How do I handle contractor activities in my HIRARC?

You must include contractor activities in your HIRARC or require contractors to submit their own HIRARC for review before work begins. Under OSHA 1994, the principal employer retains duty of care for everyone on the premises, including contractors. Best practice is to review contractor HIRARC documents, conduct joint risk assessments for high-risk work, and include contractor supervision in your control measures.

What happens if DOSH finds my HIRARC does not match what is happening on site?

This is the most common and most serious audit finding. If your HIRARC says "machine guards installed" but the inspector sees guards removed, that is a non-conformance. DOSH can issue an improvement notice requiring compliance within a stated timeframe, or a prohibition notice requiring work to stop immediately until the gap is fixed. Repeated non-conformances lead to prosecution under OSHA 1994.

Does a good HIRARC reduce my insurance premiums?

Not as a direct line-item discount, but the effect is real. A comprehensive HIRARC improves your overall risk profile. When insurance surveyors assess your facility and find systematic risk management in place, it supports better risk grading. This leads to more favourable terms on industrial property, machinery breakdown, and liability insurance. More importantly, fewer incidents mean a clean claims history, which directly affects renewal pricing.

HIRARC is not a document you create once and file away. It is a system that identifies what can hurt your workers and your operations, measures how serious the consequences could be, and puts controls in place to prevent incidents. The companies that implement HIRARC properly do not just pass DOSH audits. They have fewer incidents, lower insurance claims, and better operational reliability.

If your HIRARC has not been reviewed in the past year, or if it is a generic template that does not reflect your actual operations, it is not protecting you. It is a compliance gap that exposes you to DOSH penalties, insurance claim complications, and preventable workplace injuries.