Your Ultimate Guide to Workplace Risk Assessment

Explore This Post

The Health and Safety Executive (HSE) is getting tougher on businesses without sufficient risk assessment processes in place.

In 2023, the national regulator for occupational safety and health (OSH) handed out £35.8 million in corporate fines. Representing a 28% uplift in financial sanctions from 2020/21.

So, maintaining a high standard of risk assessment in the workplace has never been more important. You can safeguard those levels and educate your team by passing a NEBOSH National General Certificate with TSW Training.

But what does a robust risk assessment look like?

Evaluating or analysing risk in the workplace can become tricky to navigate, with so many factors to take into consideration. 

In this guide, we explain how you can evaluate and control risk in the workplace confidently, for the benefit of your employees and business.

Key Points:

  • Risk assessment is the determination of whether the level of risk is acceptable or needs to be reduced
  • As well as keeping your employees health a priority, risk assessments also show external parties you’re doing everything possible to comply with health and safety laws
  • There a five steps developed by the Health and Safety Executive (HSE) that give a clear outline when it comes to risk assessment; Identify any hazard, Assess the risks, Control the hazards, Record what you find, Review your processes
New call-to-action

What is Risk Assessment?

Risk assessment is the determination of whether the level of risk is acceptable or needs to be reduced.

Even with the best will in the world, you are only going to be able to assess the risks that are reasonably foreseeable, or in legal terms, “reasonable to attribute to a person”. The law covers this in management regulations, and in health and safety courses, where we use knowledge tests to assist with the determining of these terms:

  • Common – which any reasonable person could identify
  • Industry – well known in the industry you’re in
  • Expert – which is knowledge outside of most competencies and is very specific

In basic terms, we are being held to account for our decisions. These terms are used to determine if the risk identified could have been seen by anyone, known in the industry or could only be dealt with by an expert. Only then are we benchmarked accordingly.

Example. When I was working in the steel industry, I was looking at the paints that we used to spray our steel-work. As I was evaluating the risk and what was reasonably foreseeable, I didn’t think that my common knowledge would provide me with a balanced view on how to control and work with the paint.

So, I went to the manufacturers (the industry) and asked for their safety data sheets. Assessing those, I still didn’t feel that I could undertake a suitable and sufficient risk assessment, so I called an expert in the field who provided me with her knowledge and as a result, we produced a suitable risk assessment.

Importance of Risk Assessment in Various Fields

Every workplace is different. Some can be more dangerous than others, which is why each benefits from more tailored reviews. This is also where having competent employees who know your site implemented as assessors can help.

Manufacturing or construction sites will require checks that are different from office-based roles. But that doesn’t mean that the checks on a site should be any less thorough than those in an office.

For example, the three leading industries with higher-than-average rates of work-related musculoskeletal disorders are:

  • Admin and support services
  • Construction
  • Health and social work

However, the type of work conducted on your premises is not the only defining factor for when and which type of risk assessment should be carried out.

For example, the Control of Asbestos Regulations outlines that an asbestos risk assessment is necessary on buildings built before 2000 – regardless of what activities take place in the space.

Is a Risk Assessment a Legal Requirement?

Yes, under Regulation 3 of The Management of Health and Safety at Work Regulations 1999 (MHSW), employers should make a suitable assessment of the risks facing employees while at work.

A man holding a pen and writing on a clipboard.

Why is Risk Assessment Important?

Risk assessments show that you’re putting your team’s wellbeing at the heart of everything you do by minimising the risk to them. 

As well as keeping your employees health a priority, risk assessments also show external parties you’re doing everything possible to comply with health and safety laws. 

They also help you to spot any potential problems before those issues become bigger than you can handle. 

8 Benefits of Risk Assessment

There are many benefits to understanding how to do a risk assessment beyond just avoiding punitive measures from the HSE. Let’s dive into those benefits in more detail.

  1. Greater risk awareness: Regular assessments give your team a better understanding of hazards and risks – and the differences between them. Plus, they pass on vital knowledge of hazard perception in the workplace to prevent incidents at their root.
  2. Identification of incident patterns: In addition to improving hazard perception, regular risk assessments can highlight problem areas on your site where more robust safety measures may be required.
  3. Incident reduction: A more obvious one, but having a clearer sight of hazards around your business (and their relative prevention measures) will help reduce incident numbers.
  4. Reduction in lost work days: There were 35.2 million working days lost to work-related ill health in 2022/23. By driving down incident rates, risk assessments can also help reduce absenteeism from work-related illness.
  5. Enhanced employee OSH knowledge: By educating staff on how to complete the risk assessment element of a NEBOSH National General Certificate, you can give them more autonomy over the safety standards in your business.
  6. Improved safety culture: Including employees in OSH matters can also have a reducing effect on incident numbers. Plus, enhancing that feeling of ownership can help foster a positive safety culture in your business.
  7. Better documentation: Creating a schedule of risk assessments means you can implement sufficient documentation processes. From an Accident Book for logging incidents to the report from your assessment outlining the findings. It all helps when an incident does occur to prove that the business has done everything possible to avoid such issues.
  8. Budget allocation: Understanding where and when incidents occur in your space can allow for more educated applications for increased funding.

Foreman in reflective vest writing reports in front of building under construction.

How Often Should You Do Risk Assessments? 

Carrying out a risk assessment once a year is a good idea, but you should also be carrying out risk assessments when: 

  • There are complaints within the company of unsafe practices or continuous illness among staff 
  • There are any changes to the level of risk to your team 
  • There are any new jobs introduced that pose a level of risk 
  • Any of your employees become pregnant and are in an environment where there are risks to the health of the team member and their unborn child 

Paramedics fastening the safety straps around the shoes of an injured person on a stretcher.

Who Is Responsible For Managing Risk? 

Only qualified and experienced people should attempt to carry out risk assessments.

You may appoint someone internally, or hire an external candidate to carry out the assessment.  

Whoever is responsible for managing risk should be fully trained and able to make an accurate judgment call to protect your team and your business. 

Risk Assessment Training

Now we know why you need risk assessments and how often they should be scheduled, we should probably cover who can complete them.

Under Regulation 7 of the MHSW, a ‘competent person’ should only carry out risk assessments. In this scenario, a competent person could be the employer, a Line Manager, or a third-party specialist. But they should be trained to a reasonable level.

You can become a ‘competent’ person in the eyes of the legislation by passing a recognised accreditation like the NEBOSH National General Certificate.

A laptop displaying a First Aid guide during a CPR training session with a dummy.

What Are The Five Steps Of Risk Assessment? 

The five steps were developed by the Health and Safety Executive (HSE) to give a clear outline when it comes to risk assessment. They are: 

  1. Identify any hazards – this could be anything that poses a hazard to health, including handling substances  
  2. Assess the risks – who could be harmed by the hazards you’ve discovered, and how? 
  3. Control the hazards – can you eliminate it altogether or take steps to contain it? 
  4. Record what you find – write down your findings so you can look back and reflect
  5. Review your processes –  you’ll need to assess whether the controls you’ve put in place are working or not, and adjust them accordingly

*A good place to start is with the 5×5 matrix. 

A man in suit writing in a clipboard.

Types of Risk Assessment

As mentioned earlier, different environments and tasks require different checks for asbestos risk assessments. Let’s outline a few other assessment types now.

Qualitative vs. Quantitative Risk Assessment

Qualitative and quantitative risk assessments are two different ways of evaluating risk. 

It helps to think of one as being more personal in its approach, while the latter operates in response to empirical evidence. But let’s break them down in more detail.

What is a Qualitative Risk Assessment?

Qualitative risk assessments classify risks depending on their severity and likelihood of causing harm. This method of evaluating risk allows employers to act on risks outlined in a priority order.

What is a Quantitative Risk Assessment?

On the other hand, Quantitative risk assessments take a more black-and-white view of risk. These checks leverage data to define how much of a financial impact each risk would have on the business.

Dynamic vs. Formal Risk Assessments

Defining dynamic vs. formal risk assessments is more predicated on when the checks happen.

Dynamic risk assessments are more flexible and designed to be conducted on the spot. One example of when a dynamic risk assessment would be required is when a tradesperson conducts home calls. Each callout would be sent to a new, unknown environment. So, they would need to complete quick checks before starting any work on the premises.

Conversely, formal risk assessments are scheduled regularly and carried out beforehand. Their findings are reported to be used to measure business-centric OSH statistics.

Fire Risk Assessment

Fire risk assessments are mandatory for all businesses. They help keep your premises and occupants safe from the risk of fire. The checks also recommend the appointment of a fire warden in your business to upkeep fire maintenance between checks.

COSHH Risk Assessment

COSHH risk assessments are specialist reviews for businesses to ensure they remain aligned with the Control of Substances Hazardous to Health Regulations 2002.

The COSHH guidelines set out multiple requirements for companies using or storing hazardous substances.

Manual Handling Risk Assessment

Specially adapted to evaluate hazardous manual handling tasks. A manual handling risk assessment aims to minimise the amount of manual handling required by highlighting alternatives or implementing strict controls.

Office Risk Assessment

27% of the 1.8 million new and long-standing cases of work-related ill health in 2022/23 were musculoskeletal disorders.

Office risk assessments are primarily designed to tackle these damning statistics by outlining guidelines around workstations, including ergonomics, computers, cabling, kitchen equipment and uneven flooring.

Construction Risk Assessment

According to the latest HSE numbers, 45 of the 135 work-related fatalities reported under RIDDOR in 2023 came in the construction industry.

Construction risk assessments are being constantly adapted to be as robust as possible in these high-risk environments.

These checks identify hazards around the site, assess ways to mitigate the risks, and evaluate who is at risk. Because many construction projects occur outside, dynamic risk assessments are also used for further incident mitigation.

Industrial workers in a huddle over logistics planning in a storeroom.

What Does a Risk Assessment Audit Entail?

Risk assessments are incredibly important for safeguarding the well-being of your employees. 

But, to be as effective as possible, they must also be subjected to regular reviews.

Just like with a health and safety audit, risk assessment audits overview the effectiveness of your assessments.

A robust risk assessment audit will review elements of your checks like:

  • Efficacy in reducing incidents
  • Compliance with current legislation
  • Analysis of health and safety procedural adequacy
  • Overview of relevance of documentation
  • Review previous findings
  • Remove or reduce any existing hazards or risks.

It helps to think of risk assessment audits as the quality control process for your OSH processes.

What Is A Risk Assessment Matrix

Most companies might start evaluating whether the hazard needs further control by using a 5×5 matrix, that looks something like this:

Risk assessment matrix

A comparison table of likelihood and severity.



*Note above that every number on the side and the bottom has a meaning.

If we take it back to the paint risk assessment, for example; the likelihood of inhaling the paint when spraying is likely (4) and the severity of harm could over time be a disabling injury like kidney damage (5), and as we don’t currently have Respiratory Protective Equipment (RPE), then the result is Red and Unacceptable.

The sum looks like this:


Controlling & Justifying Risk: Hierarchy of Controls Risk Management

Now we have evaluated the risk with what’s currently in place, and found it to be red (unacceptable), we can put controls in place to attempt to bring the value down.

We can use the Hierarchy of Control to help us prioritise what controls we should consider and in what order:

The hierarchy of controls management

Whatever control we decide to use, we need to be able to justify our choice. For example, if we decide on PPE (or RPE) in this case, which is the least effective, we have to be able to justify why we were unable to eliminate the substance altogether, or use substitutions instead.

Once we have put the additional controls in place, we are then able to re-rate the risk and we should find that the rating decreases, like this:


You can see a worked example here of how this translates on to the risk assessment.

A screen shot of a dashboard showing different types of data.


Image source:

Risk Assessment Hazards

As we’ve mentioned, there are different risk assessments for specialist environments. However, more generalist checks should cover these common hazards:

  • Physical hazards: Covers incidents of unseen risk where workers can be injured without being touched. This could refer to elements such as noisy work environments. HSE statistics state there were 85 cases of work-related noise-induced hearing loss in the UK in 2023.
  • Safety hazards: These are hazards that could cause physical injury, such as damaged handrails, slippery floors, uneven floors or operating dangerous machinery.
  • Biological hazards: As this covers elements like bacteria, viruses and bugs, biological hazards are common in healthcare. However, asbestos is one of the biggest causes of work-related fatalities worldwide, so knowing who’s responsible who is responsible for preventing your asbestos exposure is super important.
  • Chemical hazards: As these hazards cover substances like paints, pesticides, carbon monoxide and various acids, they are generally covered under the COSHH regulations.
  • Ergonomic hazards: Commonly found in office spaces, ergonomic hazards are related to postural issues brought on by substandard workplace set-ups and other issues.
  • Psychological hazards: On average, people suffering from stress, depression or anxiety took 19.6 days off work in 2022/23. These are examples of psychological hazards in the workplace.

Risk Assessment vs. Risk Management

When defining risk assessments vs. risk management, risk assessments form part of a wider risk management strategy.

To define that further, risk assessments focus more directly on risk identification. Meanwhile, risk management is more about your business’s overall strategy for tackling the risks and hazards throughout your business.

In fact, a risk assessment is a great place to start when attempting to define your risk management strategy. Leverage the findings from your assessment to outline how your company will operate safely going forward.

Over to you

These are only a few examples to show how it could look, but it’s now over to you. If you need any help or support in evaluating and controlling risk in your workplace, get in touch with us.

New call-to-action
Picture of Matthew Channell
Matthew Channell
Matthew is TSW Training’s Commercial Director. He writes about performance focussed learning, leadership, and management approaches that have real-world, sustainable impact.
Share This Article

Develop Yourself

Schedule a call to discuss our courses

Subscribe to Our Blog

Similar Articles...