Risk Assessment and Management: A Complete Guide | British Safety Council (2024)

What is a risk assessment?

The definition of a risk assessment is a systematic process of identifying hazards and evaluating any associated risks within a workplace, then implementing reasonable control measures to remove or reduce them.

When completing a risk assessment, it is important to clearly define some keywords:

• Anaccidentis ‘an unplanned event that results in loss’
• Ahazardis ‘something that has the potential to cause harm’
• Ariskis ‘the likelihood and the severity of a negative occurrence (injury, ill-health, damage, loss) resulting from a hazard.’

Additional training may be required if you need to complete or re-assess your risk management procedures. Completing training such as ourBritish Safety Council Certificate in Risk Assessmentwill help ensure a risk assessment is suitable and sufficiently detailed.

Different types of risk assessments

The types of risk assessment required within any workplace should be proportionate and relevant to the operational activities being undertaken.In many industries, there are specific legislative requirements that apply. For example, in environments where hazardous substances are used a Control of Substances Hazardous to Health Assessment (COSHH) should be completed (for more information seeWhat is COSHH?).

Some common types of risk assessments include:

• Fire risk assessments: fire safety management procedures are required to be established in all workplaces including a suitable and sufficient fire risk assessment.
• Manual handling risk assessments: should be conducted in any workplace where an employee may be at risk from injury and/or ill-health through the need to lift, carry, move loads.
• Display screen equipment (DSE) risk assessments: are required to be completed in workplaces where employees (and others) are using computers, laptops, etc.
• COSHH risk assessments: are required within workplaces where hazardous substances are stored, used or manufactured.

A business may also choose to complete a Risk Assessment Method Statement (RAMS) dependent upon the nature of the operations being carried out. This process contains details of the hazard and a step-by-step procedure on how to complete work and suitably control the risks identified. This process is commonly used within the construction industry.

Why are risk assessments important?

As previously stated, carrying out suitable and sufficient risk assessments is the primary management tool in effective risk management. It is a legal requirement for any employer and must be documented wherever five or more people are employed.

Risk assessment is a straightforward and structured method of ensuring the risks to the health, safety and wellbeing of employees (and others) are suitably eliminated, reduced or controlled

The main purpose of risk assessments are:

• To identify health and safety hazards and evaluate the risks presented within the workplace
• To evaluate the effectiveness and suitability of existing control measures
• To ensure additional controls (including procedural) are implemented wherever the remaining risk is considered to be anything other than low.
• To prioritise further resources if needed to ensure the above.

It can be a costly lesson for a business if they fail to have necessary controls in place. They could face not only financial loss (through fines, civil actions, etc) but also loss in respect of production time, damage to equipment, time to train replacement employees and negative publicity amongst others.

A recent article in British Safety Council Safety Management magazine outlines an incident where a business was ‘fined £274,000 after two workers became trapped in moving machinery in two separate incidents’.In the report, Health and Safety Executive (HSE) inspector Saffron Turnell noted that “companies should be aware that HSE will not hesitate to take enforcement action against those that fall below the required standards.” It is cases like this one that should act as a warning for all business and highlight the importance of risk assessments.

Risk assessment in the workplace

There are a number of reasons why risk assessments are important in the workplace, not to mention the fact that they are a legal requirement. We've outlined some of the main reasons below.

1. Risk assessments are crucial to preventing accidents in the workplace: not only can risk assessments reduce the likelihood of accidents, they also help raise awareness of hazards and minimise risk.

2. They reduce injuries and save lives: risk assessments don't just identify hazards that create short-term risks. Without an effective risk assessment, long-term risks such as exposure to asbestos wouldn't be identified or mitigated, potentially leading to fatal health problems.

3. They help generate awareness about hazards in the workplace: organisations and employers being aware of hazards means injury is less likely to occur. Not only does this keep everyone safe and well but it will additionally save the company money. Injured employees may require sick pay, time off and compensation and Health and Safety Executive (HSE) could issue fines if they find you in breach of the law.

4. They help managers make decisions about risk, including identifying who is most at risk and making appropriate adjustments: having an effective and formal risk assessment in place will demonstrate that you have taken appropriate measures to ensure the health and safety of your employees.

Who is responsible for carrying out risk assessments?

It is the responsibility of the employer (or self-employed person) to carry out the risk assessment at work or to appoint someone with the relevant knowledge, experience and skills to do so.

TheManagement of Health and Safety at Work Regulations 1999states that an employer must take reasonable steps ‘for the effective planning, organisation, control, monitoring and review of the preventive and protective measures.’ So even if the task of risk management is delegated, it is ultimately the responsibility of the management within any business to ensure it is effectively completed.

Once hazards have been identified, the associated risks evaluated and steps taken to minimise the potential effects, the next step for an employer is to clearly and effectively communicate the risk assessment process and content to relevant parties.

The process of communication is more effectively achieved if the relevant persons are involved with the risk assessment process at every stage. The person carrying out an activity or task is often best placed to provide details on the associated hazards and risks and should participate fully in the completion of the risk assessment.

Additional training may be required - such as our British Safety Council Certificate in Risk Assessmentto ensure that a review is completed accurately and effectively.

When to carry out a risk assessment?

A suitable and sufficient risk assessment must be carried out prior to a particular activity or task being carried out in order to eliminate, reduce or suitably control any associated risk to the health, safety and wellbeing of persons involved with (or affected by) the task/activity in question.

Once completed a risk assessment should be reviewed periodically (proportionate to the level of risk involved) and in any case when either the current assessment is no longer valid and/or if at any stage there has been significant changes to the specific activity or task.

Relevant risk assessments should be reviewed following an accident, incident or ill-health event in order to verify if the control measures and level of evaluated risk where appropriate or require amendment.

How to do a risk assessment?

The HSE has recommended a five-step process for completing a risk assessment. This provides a useful checklist to follow to ensure that the assessment is suitably comprehensive. It involves:

1. Identifying potential hazards
2. Identifying who might be harmed by those hazards
3. Evaluating risk (severity and likelihood) and establishing suitable precautions
4. Implementing controls and recording your findings
5. Reviewing your assessment and re-assessing if necessary.

Step 1. Identify potential hazards

It is important to firstly identify any potential hazards within a workplace that may cause harm to anyone that comes into contact with them. They may not always be obvious so some simple steps you can take to identify hazards are:

• Observation: Walking around your workplace and looking at what activities, tasks, processes or substances used could harm your employees (or others)
• Looking back over past accidents and ill-health records as they may identify less obvious hazards
• Checking manufacturers’ data sheets, instructions, information and guidance
• Consulting with employees (and others) who are carrying out the activities, tasks or processes.

It may be useful to group hazards into five categories, namely physical, chemical, biological, ergonomic and psychological.

Step 2. Identify who might be harmed by those hazards

Next, identify who might be harmed by those potential hazards. It should also be noted how they could be affected, be it through direct contact or indirect contact. It is not necessary to list people by name, rather by identifying groups including:

• Employees
• Contractors

Some hazards may present a higher risk to certain groups including children, young people, new or expectant mothers, new employees, home workers, and lone workers.

Step 3. Evaluate risk severity and establish precautions

After identifying any hazards and who might be affected, it is important to evaluate the severity the risk may present (should it occur) and establish suitable and effective controls to reduce this level of risk as far as is ‘reasonably practicable’. This means that everything possible is done to ensure health and safety considering all relevant factors including:

• Likelihood that harm may occur
• Severity of harm that may occur
• Knowledge about eliminating, reducing or controlling hazards and risks
• Availability of control measures designed to eliminate, reduce or suitably control or the risk
• Costs associated with available control measures designed to eliminate, reduce or suitably control or the risk

Assessing the severity of a risk requires an evaluation of the likelihood of an occurrence and how substantial the consequences that it may cause. Some factors affecting this evaluation include the duration and frequency of exposure, number of persons affected, competence of those exposed, the type of equipment and its condition, and availability of first-aid provision and/or emergency support.

Step 4. Implement changes and record your findings

If a workplace has five or more individuals, significate findings of the risk assessments are required to be kept either electronically or in writing. Recording your findings on arisk assessment formis an easy way to keep track of the risks and control measures put in place to reduce the identified risk. The form includes:

• What hazards were found
• Person(s) or groups affected
• The controls put in place to manage risks and who is monitoring them
• Who carried out the assessment
• On what date the assessment was done.

It is sensible to ensure the risk assessment is proportionate to the activity or task being carried out and this can often be a straightforward process for generic tasks.

Step 5. Review your assessment and reassess if necessary

Employers should periodically review the assessment and if necessary, re-assess any controls in place.

A good guide as to when you may need to review your processes are:

• After any significant change within the workplace or process in question
• After an accident or ill-health incident has occurred
• After near-misses have been reported.

Forgetting to review your risk assessment is easy, especially when trying to run a business. Don't wait until it's too late, set a date to review your risk assessment when you're conducting it and don't forget to add the date to your diary.

Significant changes can happen in businesses and when they do, make sure to review your risk assessment and amend it if you need to. If you or your organisation are planning changes that will happen in the future, ensure a risk assessment review is included.

What documentation do you need?

It is a misconception that risk assessments inherently involve a vast amount of paperwork. It can be as straight forward as completing a basicrisk assessment formfor many generic tasks or activities.

However, employers should make sure they record significant findings including:

• Any hazards identified
• What controls are in currently in place, and information on any further control measures that may be required
• Any individuals that have been identified as being especially at risk.

There is no set amount of time that you are required to retain the risk assessment, but it is best practice to keep it as long as is considered relevant to a particular task or activity.

Risk assessments are an integral part of ensuring the health, safety and wellbeing of everyone within the workplace. The British Safety Council Certificate in Risk Assessmentis a short course recommended for anyone who has to carry out risk assessments or wants to understand the process more fully.

Informal vs formal risk assessment

A formal risk assessment involves recording everything associated with the risks of a workplace or environment. Formal risk assessments are likely to be carried out by organisations who have a duty of care to their employees and associates.

An informal risk assessment is the opposite and we complete these subconsciously in every day life. Whenever we take an action, we consider and understand the hazards and risks involved but we don't document the process. For example, before jumping over a wall, we would consider how likely we are to be injured, how that would impact us and what the negative results may be.

Formal and informal risk assessments do have something in common, whether its you as an individual or an organisation, we are analysing the potential risks of a situation and using that to inform our decisions.

How to carry out a risk assessment

Find out more

British Safety Council Certificate in DSE Risk Assessment

Find out more

British Safety Council Certificate in COSHH Risk Assessment

Find out more

British Safety Council Certificate in Risk Assessment

Find out more