Effective risk assessments are at the core of demonstrating legal compliance. In fact, most successful prosecutions are often successful because a business did not have a risk assessment, or the risk assessment that was in place was not suitable and sufficient!
In this guide, we’ll walk you through the process of conducting a risk assessment in line with the Management of Health and Safety at Work Regulations 1999.
What is a Risk Assessment?
The Health and Safety Executive (HSE) defines a risk assessment as:
“….a careful examination of what, in your work, could cause harm to people, so that you can weigh up whether you have taken enough precautions or should do more to prevent harm….”
The Law on Risk Assessments!
Whilst a general definition of risk assessments is helpful, it’s also useful to look at the specific origin, as defined in legislation. Principally, this is derived from the Management of Health and Safety at Work Regulations 1999 which says:
3. – (1) Every employer shall make a suitable and sufficient assessment of –
(a) the risks to the health and safety of his employees to which they are exposed whilst they are at work; and;
(b) the risks to the health and safety of persons not in his employment arising out of or in connection with the conduct by him of his undertaking
for the purpose of identifying the measures he needs to take to comply with the requirements and prohibitions imposed upon him by or under the relevant statutory provisions
Translated, the law requires employers to ensure they undertake a risk assessment which considers employees and others who may be affected (harmed) by their business activities. But “just” doing a risk assessment is not enough. The assessment itself, must be suitable and sufficient!
What does Suitable and Sufficient Mean?
A suitable risk assessment is one that appropriately addresses the specific risks inherent in the work being conducted, taking into account the nature of the tasks, the environment, and the individuals involved. It must be relevant to the activities being undertaken and proportionate to the level of risk identified (with greater risks requiring a more detailed evaluation).
A sufficient risk assessment must identify all significant risks that have the potential to cause harm, while avoiding undue focus on trivial hazards. It should consider all individuals who may be affected by the work, including employees, contractors, and visitors. The level of detail provided should be enough for someone unfamiliar with the specifics to understand both the risks and the measures in place to manage them.
What are the Five Steps to a Risk Assessment?
There are 5 essential steps to a risk assessment as follows:
- Identify the hazard
- Identify who may be harmed
- Evaluate the risks
- Record the findings
- Review
Step 1: Identify the Hazards
The first step in any risk assessment is to identify potential hazards. A hazard is anything with the potential to cause harm. This could range from physical objects like machinery to less obvious risks like poor ergonomic setups or mental health stressors.
Common workplace hazards may include:
| Working at Height | COSHH | Electrical Safety | Fire Safety | Personal Safety |
| Manual Handling | Excavations | HAVS | BBV’s | Confined Spaces |
| Machinery | Noise | Asbestos | Transport | Sharps |
To identify hazards, consider the following methods:
Walkthroughs: Physically inspect the workplace, looking for anything that could cause harm.
Employee Feedback: Engage with employees to learn about hazards they have encountered.
Accident Reports: Review previous accident reports or near-miss incidents for recurring hazards.
Manufacturer Information: Check equipment manuals and safety sheets for specific risks.
Step 2: Decide Who Might Be Harmed and How
Once hazards are identified, the next step is to establish who could be harmed and how. This will help you understand the potential impact of each hazard and target control measures effectively. Consider the following groups:
Step 3: Evaluate the Risks and Decide on Precautions
After identifying hazards and those at risk, you need to evaluate the likelihood and severity of the hazard occurring. This is called risk evaluation.
For each hazard, consider:
Likelihood: How likely is it that the hazard will materialise and cause harm?
Severity: How serious would the injury?
Next, decide on the appropriate control measures. The hierarchy of control is a useful framework to guide your decision-making:
Eliminate the Hazard: Remove the hazard entirely if possible.
Substitute: Replace the hazard with a less risky option.
Engineering Controls: Isolate people from the hazard through barriers or redesign.
Administrative Controls: Implement procedures or training to minimise risk.
Personal Protective Equipment (PPE): Use PPE to protect workers as a last resort.
Step 4: Record Your Findings
It’s essential to document the results of your risk assessment, especially if you have five or more employees. This documentation acts as evidence that your organisation has fulfilled its legal duty to manage workplace risks.
Your risk assessment should include:
The risk assessment should be accessible to all employees and regularly reviewed to ensure it remains up to date.
Step 5: Review and Update the Assessment Regularly
A risk assessment is not a one time activity. Workplaces and work activities evolve, new equipment gets introduced, and employees change roles, all of which can introduce new hazards. Therefore, it’s crucial to review and update your risk assessments regularly.
When to review:
SafetyRAC can help your organisation by providing expert guidance and support on risk assessment development and reviews. Contact us, to learn more.