The Ultimate Guide to Risk Assessment | Managing Risk at Work

Ensuring a safe work environment for all employees is not only a moral obligation but also a legal requirement for employers. Conducting a risk assessment is the first step to successfully managing the risk factors in the workplace, therefore it is extremely important to understand the concept of risk assessment and learn how to do it effectively. 


What is a risk assessment?

Risk assessment encompasses all actions taken to identify, analyse, control and manage any foreseeable health and safety risks in the workplace. The goal of risk assessment is to identify and tackle potential hazards that can cause harm to anyone at work. As part of the risk assessment, you are likely to come across risks that cannot be removed completely but that can be considered acceptable with the correct management controls in place. 


Who is responsible for risk assessment?

Ensuring the safety of employees in the workplace falls under the legal responsibilities of the employer. This includes carrying out regular risk assessments to minimise the potential risk of harm (as per the Management of Health and Safety at Work Regulations (MHSWR) 1999). 

There are three points that the employer must consider as part of the risk assessment to ensure that their employees are sufficiently protected from avoidable workplace accidents: 

  • Identify hazards that could result in injury or sickness
  • Evaluate the likelihood of harm and how serious the risk is (low, medium, high)
  • Take steps to remove the hazard where possible or control it when not

While it is the employer’s responsibility to make certain that the risk assessment has been carried out, they don’t necessarily have to carry it out themselves.  The employer can appoint the people who are to complete the assessment. In fact, a risk assessment is best done when several co-workers collaborate and communicating the risk to all employees is integral to successful risk management.  


Risk assessment regulations

The main legislation that addresses risk assessment regulations is the Management of Health and Safety at Work Regulations (MHSWR) 1999. To be compliant with MHSWR, the employer must ensure that the carried out risk assessment is ‘suitable and sufficient’. For that to be true, the employer must verify that all of the following actions have taken place: 

  • A check has been carried out as required and in line with the legal standards
  • It has been taken into consideration who might be at risk
  • All significant risks that have been identified have been adequately addressed
  • The measures put in place are suitable and any remaining risks are low
  • The workers involved (or their representatives) have been informed about the risk and the precautions in place

How much detail is included in a risk assessment will vary depending on the type of risk and its severity. A minor risk with little to no probability of harm may be accepted as tolerable, whereas serious risks will have to be addressed and reduced to an acceptable level. In more complicated cases, a more detailed explanation will be needed and there may be several controls that could be put in place and documented to ensure that the hazard has been adequately managed. 

The risk assessment regulations are designed to predict and prevent foreseeable risks. The employer cannot be held accountable for harm done as a result of unforeseeable risks. 



When should a risk assessment be carried out?

Every time a new machine, procedure or substance that could potentially be dangerous is introduced to the workplace, it should be risk assessed to identify any significant hazards that could affect the health and wellbeing of the people involved in these work activities.  

Once the initial suitable and sufficient risk assessment has been completed and all risks have been managed accordingly, regular risk assessments should follow. How often the risk assessment is reviewed if there has been no significant change in processes or modification of technology depends on the type and level of hazards identified in the initial check. At the end of a risk assessment, the date for the following risk assessment should be noted.  

If an accident or injury at work occurs, the employer has to carry out a risk assessment to understand what caused it, how to prevent it from happening again in the future and to uncover any serious defects that must be removed. 


Common types of risk assessments

Some industries are more prone to risk than others simply due to the nature of the work involved, those include jobs that entail working with hazardous substances, explosives and fire. High-risk industries are often regulated by their own specific legislation, such as Control of Substances Hazardous to Health (COSHH), and require a special type of risk assessment to be completed. 

On the list of specialised types of risk assessments you will find:

  • Manual Handling Risk Assessment: required when a person’s job requires manual handling tasks which could potentially have a negative impact on their health. Those include lifting, moving and carrying heavy loads 
  • COSHH Risk Assessment: this apply to work sites  where hazardous substances are produced, handled, or stored

Common risk assessment types that apply to health and safety regulations in most work environments, including low-risk jobs, include: 

  • Display Screen Equipment (DSE) Assessment: this applies to all workplaces where computers or laptops are used
  • Fire Risk Assessment: this should be carried out in all workplaces to ensure fire safety measures and protocols are in place

How to do a risk assessment? 

Risk assessment is a key part of managing risk in the workplace and any employer who has five or more employees is legally required to have an adequate risk assessment carried out. Luckily, the risk assessment process is straightforward and follows a set, 5-step structure. 

The 5 steps of risk assessment are:

  • Hazard identification
  • Risk analysis
  • Risk mitigation 
  • Documenting your findings
  • Reviewing the controls

Now, let’s look at each one in a little more detail. 


1. Hazard identification

Anything that could potentially cause harm in the workplace is considered a hazard and should be listed in your risk assessment. This includes risks associated with how equipment is used, whether any of the current work practices and procedures are unsafe and if there are factors in the work environment that can cause harm, as well as if hazardous substances are handled.

This process should be carried out for all locations, users and equipment individually. In this stage of the risk assessment, you should try to identify hazards in both routine and non-routine operations, including production cycles and maintenance.  

For each hazard identified, you should detail all people who could be at risk of harm. This includes the permanent staff on the premises, as well as visitors, contractors and members of the public (if public access is available). 

You should also note who those people are and if some of them may be at a higher risk. For example, expectant mothers, young workers and people with disabilities could be more likely to be affected by certain hazards. 

The key to identifying hazards, especially the not-so-obvious ones, is to talk to the employees who work there day and day out. They usually have a good idea of the risks and hazards involved in their daily operations. 


2. Risk analysis

Once you have identified the potential hazards and who could be affected, it’s time to assess each risk and evaluate the probability of harm being done. To do that, you have to take into account all the information you have found previously, as well as any measures that are already in place to control those risks and then decide how serious the risk is.A common tool in risk analysis is the risk assessment matrix. It helps you identify the risk level (low, medium or high) based on the likelihood and the severity of the potential harm. Here’s an example of what a risk assessment matrix looks like:

Risk Assessment Matrix example


3. Risk mitigation

Once you know how serious the risks that you have identified are, you have to find ways to mitigate them. This is done by listing controls or control measures that can be put in place to prevent harm. You have to decide what protective actions need to be taken, when and by whom.

The controls are a direct response to the hazards. For example, if the operational process is the cause of risk, then you can restructure the way the job is done. Better organisation of the work environment could reduce the risk of harm due to falling objects or exposure to dangerous materials. Replacing a piece of machinery or introducing mandatory Personal Protective Equipment (PPE) are also examples of control measures. 

At this stage of the risk assessment, you will be looking for ways to completely remove as many risks as possible. Those that cannot be negated completely, must be controlled/managed to achieve an acceptable level of health and safety. In the end, all controls that have been identified should be in place. 


4. Documenting your findings

Everything you have identified during the risk assessment has to be detailed and documented. You should keep a record of all your findings, including:

  • What hazards were identified
  • Who was at risk  
  • What controls were put in place
  • Who is responsible for implementing the controls
  • Who carried out the assessment
  • When was the assessment done 
  • When should the next assessment be

A good example of documenting all risk assessment findings is by filling in a Risk Assessment Method Statement (RAMS), a document commonly used in the construction industry.


5. Reviewing the controls

The controls put in place to mitigate the risks should be reviewed periodically to ensure that they are still viable. They should also be reviewed if there have been any significant changes in the workplace, which would render them ineffective, as well as if there have been any near misses or accidents. Health and safety concerns raised by employees can also be a basis for having the controls reviewed. 

The risk assessment documentation must always be kept up-to-date with any changes identified, so make sure you keep a thorough record of any revisions. 


Why risk assessment is important

Besides the fact that it is a legal requirement, a workplace risk assessment has some major benefits for the business itself, from reducing incidents at work to saving money. The top four reasons why a risk assessment is important to a company can be outlined as:

      • A suitable and sufficient risk assessment ensures compliance with the legal requirements
      • Identifying and managing risks at the workplace helps you keep employees safe
      • The findings of a risk assessment can be used as a health and safety training tool within the business
      • Reducing the risk of incidents at work is an active measure towards reducing any costs that the business would have to pay in the occurrence of a workplace accident


Why it is important to use risk assessment tools

The five-step risk assessment procedure may be straightforward but it requires being able to keep track of, organise and analyse large amounts of information related to the places, people, equipment and procedures in the workplace, including the identified hazards and measures for each, plus any additional comments. Using tools, such as RiskMach, helps you keep all of the relevant information in one place and share it with all people within the organisation. There also are some handy functions to help you with the risk analysis, such as an in-built digital matrix. Using risk assessment tools not only makes the process easier but it also ensures that it’s done according to the relevant standards. 




Who is responsible for the completion of risk assessments?
The employer is responsible for ensuring that a risk assessment has been carried out and they can appoint the appropriate people to complete the assessment. 

How often does a risk assessment need to be reviewed?
Once the initial risk assessment has been completed, regular assessments must be carried out. The frequency depends on the nature of the business and the risk associated with the specific workplace. As a rough guide, a risk assessment should be reviewed annually.

In case of an accident or injury, the existing risk assessment has to be reviewed immediately as the measures in place may no longer be sufficient. A review of the risk assessment is also required before a new piece of equipment or a new process is implemented, as significant changes in the workplace could be associated with new hazards. 

How many steps should be taken when carrying out a risk assessment?
There are 5 steps to risk assessment: (1) hazard identification, (2) risk analysis, (3) risk mitigation, (4) documenting your findings and (5) reviewing the control measures when needed. 

What is risk assessment training?
Risk assessment training is available for employers who need a better understanding of what is required of them by law and how to properly carry out a risk assessment to ensure compliance with health and safety regulations. 

How do risk-taking and risk assessment relate to rights and responsibilities?
Everyone has the right to make their own choice whether to take a risk or not and completing a risk assessment helps employees make an informed decision. It also helps the employer fulfil their responsibility of care for the wellbeing of their staff. 

How does risk assessment help address dilemmas between rights and health and safety concerns?
Conducting a risk assessment minimises the health and safety concerns in the workplace while ensuring that employees can execute their right to free choice in an informed and safe way.