Everything you need to know about Risk Assessments

Miguel Seca
blog-publish-date 07 March 2024

As an employer, it's your responsibility to ensure that your employees are safe while they are at work. You can do this by carrying out risk assessments to ensure that your current procedures are still effective.

If you need immediate support in creating a risk assessment template, get in touch with one of our team of experts here.

Two people completing a risk assessment

What is a risk assessment?

Risk assessments are an integral part of the risk management process. Your workplace must follow risk assessment laws and regulations. You need to find and assess health and safety risks in your workplace. These hazards are likely to cause harm to your employees if control measures aren't put in place to prevent or mitigate them.

If you have less than five employees you aren't required by law to write a physical risk assessment or health and safety policy. That said, it's best to keep a written record so you can refer back to it later on if you need to.

Why do we have risk assessments in the workplace?

You have a legal duty of care to protect your worker's health, safety and well-being.

Some work practices require specialist training, such as the handling of dangerous substances or operating machinery. These practices throw up a plethora of potential health & safety issues that you need to address.

The main purpose of a health & safety risk assessment is to identify and raise awareness of these hazards and risks. This serves as the first step in developing an occupational health & safety management plan.

Risk assessments also help in:

  • Identifying individuals at risk.
  • Determining if existing precautions are adequate.
  • Preventing illness or injury (ensure you review a risk assessment following an incident).
  • Prioritising high-risk hazards over low-risk ones.
  • Meeting legal requirements and maintaining compliance.
  • Continual improvement and improving safety.

Are risk assessments required by law?

Health & Safety legislation does require you to have a risk assessment by law. However, if you employ less than five people you don’t need to provide a written assessment.

Even if you employ less than five staff, you must provide risk analysis and be able to provide evidence of this if investigated. So, it’s safe to still document it, even if in a more simplified format.

The Management of Health and Safety at Work Regulations 1999 outlines an employer’s legal duties with regard to health & safety. More specifically, it requires employers to put control measures in place to manage health & safety risks.

Employers are required to:

  • Have a written health & safety policy (if you have more than 5 staff)
  • Assess the risks to staff and other individuals who could be affected by your activities.
  • Provide ‘suitable and sufficient’ assessments in line with legislation in the UK
  • Arrange for preventative and protective measures that come from risk assessments
  • Give access to competent health & safety advice
  • Provide information to employees about workplace risks
  • Arrange training for staff on dealing with workplace risk
  • Ensure adequate and appropriate supervision

While there is other legislation relating to risk assessments, this is one of the most relevant ones for employers.

Benefits of a risk assessment

Aside from risk assessments being a legal requirement in many instances, they can offer a host of benefits that will both help train your employees and help understand where potential risks are within your business.

Greater awareness of risks in the workplace

Risk assessments can help raise and identify areas of the business that can pose a risk to employees or anyone visiting the premises.


By carrying out a risk assessment you are able to better identify potential risks and inform your employees of the risks and control measures you've put in place to mitigate the risks. The fact the risks are recorded helps you train your staff in the proper procedures they should be following for particular roles or situations.

Identification of likelihood and scale of potential hazards

A risk assessment isn't just a list of potential risks you have in your workplace. It's also a way of measuring how severe the risks are and measuring the likelihood of a critical incident happening.

By identifying the severity of the risk you are able to ensure that the appropriate control measures are put in place.

Determine what control measures should be in place

Your risk assessment will provide you with useful information that can be used to identify which areas of your workplace need to be adapted and where the most control measures need to be placed.

A risk assessment and someone checking off each riskA risk assessment and someone checking off each risk


You need to have the proper documents in place. This will help you create a repository of the hazard findings in your workplace. This makes it easier to keep track of the hazards and what control measures you've put in place to mitigate them. You can use this to go back to adjust or check the control measures to ensure they are still effective.

Not only this but keeping risk assessment templates and documents helps ensure that you remain compliant with health and safety policies and laws.

Help with budget allocation

When you are able to fully understand the health and safety needs of your business you can then start to work out what budget you can allocate to ensure the control measures are effective.

Reduce incidents in the workplace

Last, but not least, risk assessments are effective in reducing incidents at work. You are able to mitigate the risks or remove them altogether, meaning you are able to create a safer and more productive workplace.

Having a lower incident rate helps to show your organisation's dedication to making the workplace safe for employees and can benefit your unique selling points to clients.

How often should you carry out and review risk assessments?

So how often should you carry out these assessments?

Although the responsibility remains yours, either you or an appointed delegate can carry out these assessments. You must carry them out before you do any work that may present a physical or mental risk to those doing the work.

It’s worth noting, that while the legislation regarding health & safety does not necessarily impose duties on anyone who’s not an employer, employee or self-employed, there are still regulations you must follow to ensure you comply with the law.

There’s still more to do after the initial risk assessment. You’re also required to monitor the control measures you’ve put in place and review your risk assessment to account for changes to the work or work process.

While the HSE doesn’t specify how often you should review your risk assessment, they do inform us under what circumstances you should do it.

According to HSE, you must review them ‘regularly’ but especially where:

  1. It’s no longer valid.
  2. After an injury or near-miss,
  3. Where there has been a significant process or equipment change.

What happens if I don't carry out a risk assessment?

One of the obvious answers to this is more incidents in your workplace. More of your employees may need to take time off work due to injury and be less productive. This, in turn, can lead to a civil legal claim being raised by your employee, and be a costly payout for your business.

Depending on the severity of the incident, it might attract the attention of the Health and Safety Executive (HSE). They are capable of performing spot checks on workplaces, forcing a business closure, and handing out heavy fines.

This can cause reputational damage to your business, so it's best to ensure that you are fully compliant.

a man sat at a desk going through a risk assessment with an employee

Steps to carry out a risk assessment

There are five steps in the risk assessment template process:

Identifying hazards.

The first stage of a risk assessment is to look around your workplace and identify any hazards that could cause employees or visitors harm. At this stage, you should also be looking at the process of carrying out a particular task. For example, if your employee is carrying hot substances, or handling chemicals, they should be wearing the correct personal protective equipment (PPE) and using the correct tools.


  • Unsafe and safe working practices.
  • How plant equipment is being used (including the employees operating it).
  • Is there exposure to chemicals and substances?
  • The current work environment.

Deciding who these hazards might affect and how.

Once you've identified the hazards in your risk assessment, you then should look at who is exposed to the hazards. At this stage, you should take into consideration:

  • Who's at risk of harm, and how are they at risk?
  • Are there any existing control measures in place?
  • Put in place further action to control risks.
  • Who is responsible for carrying out the task?
  • When do the control measures need to be implemented?
  • Take into consideration those who aren't actively using the equipment or substances on site, but who could still be at risk of exposure, such as cleaners, contractors, visitors, and maintenance.

Consider control measures

As per the law (Health and Safety at Work Act 1974), employers need to take reasonable steps to keep their employees safe. You can ask yourself two questions:

  1. Can I eliminate the hazard altogether?
  2. How can I control the hazard to minimise risks?

You aren't expected to take away all the risks that might take place in your workplace, but you need to do everything you can to mitigate the risks and keep your employees safe.

A worker filling out a risk assessment form, and identifying where they need additional control measures

Recording the findings from the risk assessment

If you have more than five employees working for your business, you need to physically record your findings from the risk assessment. This can be used as proof that you carried out a risk assessment later on, and what steps you took to reduce or eliminate risks in the workplace.

Your records should reflect the:

  • Hazards identified.
  • Who's at risk of harm and how?
  • The steps that you've taken to control the hazards.

Sharing the assessment with employees.

You must share risk assessments with all relevant employees, and obtain confirmation that they have read and understood the assessment; this should be documented.

Reviewing the assessment to keep it up to date.

At the final stage, you should make sure that you are reviewing your risk assessment and ensuring that it's kept up to date.

You should perform a review at reasonable intervals if the control measure has become ineffective, if there is a change in the work process that could lead to new risks, or if one of your employees identifies an issue. You may also need to review a risk assessment if there has been a change in legislation.

How to calculate your risk assessment score

The first step to calculating your risk assessment score is to organise each risk in order of importance.

The scoring system is essential to help you prioritise the level of importance of each risk identified in the assessment procedure. It also helps to determine if it’s safe for your staff to continue the work or not.

The overall score depends on the probability of an incident occurring and the potential impact it can have on your staff or the work process.

So, for example, although the possibility of group exposure to hazardous substances may be rare, it can have a severe impact on them.

You’ll need to compare the probability versus the impact it may have to rank and prioritise the risks identified in the assessment. To do this, you’ll need to know how to quantify the risks in a risk assessment.

Ideally, you’ll carry out the quantification process after the assessment but before you put control measures in place. The process evaluates the risks identified in earlier steps to create data used to prioritise the implementation of control measures.

Because of the variety of scoring systems available online, it’s important to consider all options to decide on the one best suited for your organisation.

However, the most popular approach is the risk assessment matrix. With it, you can assign scores to each risk by organising them according to the likelihood of it causing harm and the potential severity of said harm.

It ranks the severity (low, medium and high) by the probability (rare, possible, unlikely) of it causing an accident.

By quantifying the risks identified, you can make considerations relating to costs, timeframe, resources, etc. Using the scores provided, you can then determine which risks to address first.

Implementing control measures

One of the purposes of risk analysis is to identify new control measures and assess the effectiveness of existing ones. To make sure you are controlling hazards correctly, you need to create strict safety plans.

For example, let’s say an employee works with heavy machinery in a factory. You likely already have safeguards in place, such as screens and barriers to separate the worker from the machinery. However, one of the potential hazards identified in your assessment is a space where the machinery is unguarded. This poses a higher risk of injury and may cause harm to anyone operating it.

To solve this, you could provide an additional barrier to prevent anyone who might be harmed by it. Make sure that staff are aware of any new processes so that they can work to help ensure their own safety.

Different industries and different equipment will require separate approaches. Depending on the equipment you are using there may be a legal requirement you need to fulfil. This means you should never adopt a blanket approach when managing hazards. There may be other factors that you haven’t considered.


Who completes a risk assessment?

Risk assessments should be assigned to a competent person within your business. This is done to ensure you meet the requirements of health & safety law.

Ultimately, the responsibility for the health and well-being of staff falls to you, the employer. However, the competent person can manage health & safety in your stead—this includes risk assessments.

Selecting a competent person

When selecting a competent person to manage health & safety you can consider staff within your organisation. This can include you, the employer. If no obvious candidate is available, you can outsource this responsibility, or consult with external health & safety representatives.

A competent person is someone with sufficient training, experience, or knowledge to manage the health & safety of your business. The level of competence will depend on how complex the risks in your workplace are.

This doesn’t necessarily mean that the individual needs specific health & safety qualifications. Although these should undoubtedly be taken into account when selecting candidates.

a worker completing a risk assessment.

Click below to download your sample basic risk assessment template

Conducting a risk assessment in the workplace is vital for ensuring the safety of your employees and is a legal requirement under the Management of Health Safety Regulation 1999, Regulation 3.

However, putting together a risk assessment template and ensuring that it is fit for the purpose of your workplace can be time-consuming. That's why we have put together a general, sample template that you can adapt to fit your workplace, including all the key areas you need to cover, definitions, and a risk severity rating key.

If you need any further support managing health & safety in your workplace, contact a Croner expert at 0800 470 2776.



About the Author

Miguel is one of our Health and Safety Team leader