A Complete ‘How-to Guide’ on Risk Assessment in the Workplace

Explore This Post

Evaluating or analysing risk in the workplace can become a bit of a black art, as some don’t feel comfortable with the subjectivity of it all.

In this guide, we explain how you can evaluate and control risk in the workplace confidently, for the benefit of your employees and business.

What is Risk Assessment?

Evaluation is the determination of whether the level of risk is acceptable or needing to be reduced.

Even with the best will in the world, you are only going to be able to assess the risks that are reasonably foreseeable, or in legal terms, “reasonable to attribute to a person”. The law covers this in management regulations, and further more in health and safety courses, where we use knowledge tests to assist with the determining of these terms:

Common – which any reasonable person could identify

Industry – well known in the industry you’re in

Expert – which is knowledge outside of most competencies and is very specific

In basic terms, we are being held to account for our decisions. These terms are used to determine if the risk identified could have been seen by anyone, known in the industry or could only be dealt with by an expert. Only then are we benchmarked accordingly.

Let me give you an example. When I was working in the steel industry, I was looking at the paints that we used to spray our steel-work. When evaluating the risk and what was reasonably foreseeable, I didn’t think that my common knowledge would provide me with a balanced view on how to control and work with the paint.

So, I went to the manufacturers (the Industry) and asked for their safety data sheets. Assessing those, I still didn’t feel that I could undertake a suitable and sufficient risk assessment, so I called an expert in the field who provided me with her knowledge and as a result, we produced a suitable risk assessment.

It is possible that your evaluation could be different to others. We all see things differently and to quote a fascinating author Jenalyn Albia:

“…. perceptions vary from person to person. Different people perceive different things about the same situation. But more than that, we assign different meanings to what we perceive. And the meanings might change for a certain person. One might change one’s perspective or simply make things mean something else”.

Don’t evaluate risk if you’re not qualified to do so

Let’s be candid, there is no point in attempting to evaluate risk if you are not competent to do so. In other words, you don’t have the experience or the qualifications to decide if the level of risk is acceptable or needing to be reduced.

Realistically, most of us are incompetent at a lot of things if we use this definition, or rather, either we have the knowledge but no experience, or the experience and no knowledge.

How to Evaluate & Assess Risk: The 5×5 matrix

Now we are comfortable with some of the major terms, we are able to look at a hazard (the thing that has the potential to cause harm) and start to evaluate whether or not it needs further control.

Most companies might do this by using a 5×5 matrix, that looks something like this:

Note above that every number on the side and the bottom has a meaning.

Going back to my paint risk assessment, for example; the likelihood of inhaling the paint when spraying is likely (4) and the severity of harm could over time be a disabling injury like kidney damage (5), as we don’t currently have Respiratory Protective Equipment (RPE), then the result is Red and Unacceptable. The sum looks like this:

Controlling & Justifying Risk: Hierarchy of Controls Risk Management

Now we have evaluated the risk with what’s currently in place, and found it to be red (unacceptable), we can put controls in place to attempt to bring the value down.

We can use the Hierarchy of Control to help us prioritise what controls we should consider and in what order:


Whatever control we decide to use, we need to be able to justify our choice. For example, if we decide on PPE (or RPE) in this case, which is the least effective, we have to be able to justify why we were unable to put administrative or engineering controls, substitution or even that we could not eliminate by not using the substance.

Once we have put the additional controls in place, we are able then to re-rate the risk and we should find that the rating decreases, like this:

You can see a worked example here of how this translates on to the risk assessment.

Image source: bsgltd.co.uk


In this article, we have discussed what risk is, explained the 5×5 matrix and what that looks like and how that translates on to the risk assessment. These are only examples to show how it could look, but it’s now over to you. If you need any help or support in evaluating and controlling risk in your workplace, get in touch with us.

Health and safety courses we offer:

Share This Article

Read Next...