Risk Assessments

What is a risk assessment?

A Risk Assessment is an examination of the what, in your work, could cause harm to people. A risk assessment is not about creating huge amounts of paperwork, but rather about identifying sensible measures to control the risks in your workplace.

Risk assessment is not an end in itself, but is rather a means of managing risk. Many managers fail to appreciate this and invest far too much time in developing pristine documents to keep on a shelf in the hopes of impressing a visiting Inspector, auditor or Director!

The assessment must be reviewed if there are reasons to suspect the assessment is no longer valid or there are changes in the work it relates to. Although there is a legal requirement to write down a risk assessment if there are 5 or more employees it is advisable in many circumstances to record the assessments. For example:

  • to prove that the assessment was carried out
  • to show the assessment  to prospective clients
  • to join contractor assessment schemes
  • to enable the assessment to be more easily reviewed in future
  • to check that everything has been considered.

Risk assessments are often the first piece of written evidence sought by regulators in the event of an accident investigation or a prosecution being brought. They are also discoverable as part of the pre-action protocol in civil cases – usually two of the key documents requested by a claimant’s solicitor are pre- and post-accident risk assessments.

Why do I need to do a risk assessment? 

Under the Management of Health and Safety at Work Regulations 1999 there is a specific requirement for all employers and self -employed persons to carry out suitable and sufficient risk assessments of the workplace and individual activities, to identify the risks to workers and any others who may be affected. 

Companies employing five or more must have documented risk assessments for all the hazards identified in the workplace or for their work activity. 

If you have less than five employees, you still have a duty to carry out risk assessments, but you do not have to write anything down. However, we strongly recommend you have either a written or electronic copy to help protect you and your employees safety & health. 

The explicit legal requirement is shown in Regulation 3 of the Management of Health and Safety at Work Regulations 1999, which requires employers to undertake a ‘suitable and sufficient’ assessment of:

  • the risks to health and safety of their employees whilst at work
  • the risk to the health and safety of persons not in his employment arising out of or in connection with the conduct of his undertaking.

What do I need to do to complete a Risk Assessment

The principles of risk assessment (based on HSE’s ‘5 Steps to Risk Assessment’) really only embody common sense. They are:

  • identify the hazards
  • identify the people affected by the hazards
  • evaluate the risks posed by the hazards, taking into account existing controls and any further action
  • record your findings, implement actions and tell your staff about it
  • review the assessment as and when necessary.

For the risk assessment process to be effective:

  • a structured approach should be taken to ensure that all hazards are identified
  • it should identify all those who will be affected by the work – this includes staff and maintenance and cleaning staff, he public and visitors, including any person at particular risk e.g. disabled, visitor, young children, pregnant staff
  • both normal and abnormal conditions need to be considered; eg what would happen if the photocopier jammed, or what happens if equipment must be cleaned during use?
  • it should consider the risks to people, not to things (the reason being that the risk assessment process described here is for the purpose of meeting health and safety requirements as opposed to business continuity or property protection purposes)
  • group similar tasks where possible to minimise repetition, but having regard to the need to adequately cover all the tasks without compromise
  • if generic risk assessments are used  they should be properly adapted to the specific workplace
  • have a level of detail proportionate to the level of risk
  • if the job changes, or new activities are introduced, the assessment needs to be reviewed or additional assessments undertaken
  • reasonable steps should be taken to identify risks by carrying out research, seeking competent advice, involving the workforce and including input from management
  • the risk assessment should identify the period of time for which it is likely to remain valid

Identifying the Hazards

The first step of the assessment is to identify the hazards. It is important that assessors are able to identify hazards that have become accepted i.e. which have become part of the way of working. A team approach involving a person who is unfamiliar with the work activity can assist in this.

Some hazards may not be obvious, such as unsafe working practices or a dangerous substance stored in a cupboard. It is good practice to talk to staff about their methods of working and the equipment they use.

Evaluating the Level of Risk

‘Risk’ (R) is the combination of the likelihood of the hazardous event occurring (L) and the severity or degree of harm (S). ie L x S = R.

Determining the level of risk requires the assessor to estimate the likelihood of the event taking place and the nature of the harm taking into account risk factors and past experience. The risk rating can be used at several points during the risk assessment. Some companies choose to assess the level of risk arising from the hazard imagining that there are no risk control measures in place, and to then reassess after proscribing risk control measures. Others only assess the degree of risk after all risk control measures have been considered including new ones not yet implemented. Either approach is acceptable.

Key Terms

What is a competent person?

Competent Person: the requirements for competency levels of a person making an assessment will vary, depending on the hazards and the levels of risk involved. For general risk assessments in most work environments, this could be a person with sufficient practical and theoretical experience of working in that environment, who also has training in undertaking risk assessments. If the working environment poses greater hazards with more substantial associated risks, the assessor should possess a higher level of competence. In certain cases, where specific hazards are involved (asbestos, ionising radiation etc.), it may be necessary to call on the services an appropriately experienced and qualified consultant.

What are control measures?

Control Measures: also termed preventive or protective measures, this covers all aspects of the management of health and safety. These can be viewed in terms of:

  • procedural measures such as supervision, instruction, information and training
  • engineering or physical measures such as guarding, fencing, protective clothing, etc.

What is the definition of a Hazard

Hazard: a hazard is something with the potential to cause harm or damage to persons or property.

What is the definition of a Risk?

Risk: is a measure of how likely it is that harm will occur and the severity of the likely harm. Risk is sometimes assigned a numerical value or rating (high, medium or low).

What does the Reasonably Practicable mean?

Reasonably Practicable: this phrase means a balance of the risk on the one hand against the time trouble or effort involved in reducing the risk. Where the costs far outweigh the benefit the risk control may not be needed – unless there is an absolute legal requirement to do so. For example, employers are required to ensure that floors are free from holes, unevenness or slipperiness which would expose any person to a risk to their health or safety. Therefore, it is not open for the employer to decide that repairing a hole in a floor is ‘not reasonably practicable’.