General Risk Assessment Process

Our 5 steps to risk assessment process will ensure that your significant risks are assessed and appropriate controls put in place

There is a requirement that all activities that pose significant risks should have a risk assessment carried out.  There are certain types of activities that require specific assessments but these are covered elsewhere.  This methodology can be used to cover the majority of activities encountered in the workplace.

Get In Touch

Got a question? Get in touch for a free quote and 15 minute consultation

What are the 5 steps to risk assessment?

It is recommended that you adopt the 5 steps to risk assessment approach.  These steps are consistent with other types of risk assessments (fire risk assessment) that you might have carried out.  The importance of risk assessment will be seen as we go through the process.  The steps are:

  1. Identify the hazards.
  2. Identify people who might be harmed and how they might be harmed.
  3. Evaluate the risks and decide on appropriate, proportionate controls.
  4. Record finding and implement .
  5. Review the assessment and update where necessary.

Let’s take a closer look at each of these steps.

It is important to consider all relevant hazards. Where relevant, it is recommended that a walk-around of the workplace is undertaken so that hazards are not overlooked.  Ask your employees, colleagues and others involved in your work activities to help you identify the hazards.

You should consider both routine activities (normal business) as well as non routine activities such as maintenance or repair work.  In deciding what your hazards are in the workplace you might find it easier to first think of the effect of the hazard.

Key Point: A hazard is anything with the potential to cause harm

Hazards can be divided into the different categories and a few examples are listed below:

Physical: This includes noise, vibration, radiation, heat as well as temporary and permanent structures.
Chemical & Biological: This includes substances that persons are exposed to whilst at work.
Psychological: This includes occupational stress, aggression etc.
Ergonomic: This includes hazards which arise from the interaction of work activities and people, i.e. from repetitive tasks, poorly designed work layouts etc.
Electrical This includes arching, fire/overheating, shock
Mechanical This includes abrasion, entanglement/moving parts, crushing

Depending on your organisation and range of business activities, you might interact with many different ‘types’ of persons.  This could range from employees, contractors, members of the public and others who might be affected by your business activities.  Below is a selection of persons:

  • Employees;
  • Members of the public;
  • New and expectant mothers;
  • Young persons;
  • Visitors to your premises;
  • Contractors;
  • Maintenance contractors;
  • Volunteers;
  • Employees of people with whom you share a site, building or premises;
  • Occasional visitors, including persons making deliveries;
  • Persons with specific disabilities;
  • Remote workers – those working remotely away from an office.

How people can be harmed varies depending on the activity being undertaken.  It is helpful to group people into categories such as employees, visitors, and members of the public.  For each group of people, consider how they might be harmed, for example, visitors tripping over a poorly located cable.

Having now identified what hazards exist and who might be harmed by these hazards, one of the easiest ways of evaluating the risk is to compare what you currently do now with what is good practice.  Examples of good practice can be found on the HSE’s website or from specific industry guidance.

 How are risks evaluated?

A common method for evaluating risks is to consider with equal importance the impact (severity) of the risk occurring and the likelihood of it occurring, and then multiplying the impact score with the likelihood score to obtain an overall risk score (i.e. estimated risk).  This is called a risk matrix.  A 3×3 matrix or a 5×5 matrix are commonly used.  The key to using these methods is to be consistent in your approach.

It should be remembered that risk scoring often involves a degree of judgement or subjectivity. Where data or information on past events or patterns is available, it will be helpful in enabling more evidence-based judgements.

The likelihood and severity scores should be based on an agreed methodology.  An example of a methodology is shown below:

Severity Score
Score Description Severity
1 Negligible  No visible effects. Minor injury e.g. bruise, or ill health with no lost time
2 Minor  Injury or ill health requiring first aid or medical advice with no lost time
3 Moderate Injury or ill health leading to more than three days loss of work
4 Major Severe injury or ill health or possible loss of life
5 Catastrophic Loss of more than one life or multiple casualties


Likelihood score
1 Rare Extremely unlikely to occur i.e. may only occur in exceptional circumstances
2 Unlikely Expected to occur in a few circumstances
3 Possible Expected to occur in some circumstances
4 Likely Expected to occur in many circumstances
5 Almost Certain Extremely likely to occur i.e. expected to occur in most circumstances

A risk matrix chart can now be used to work out the risk.  An example chart is shown below which matches up with the likelihood and severity tables above.

5x5 risk matrix chart


How to decide what level of action to take?

If we based our outcome on the risk matrix chart above we would have 3 levels of risk.  Low, Medium and High.  No need to complicate the process

High risk: 15-25 High-risk activities should cease immediately.  Further effective control measures to mitigate risks must be introduced.
Medium risk: 8-12 Medium risks should only be tolerated for the short term and only whilst further control measures to mitigate the risks are being planned and introduced.
Low risk: 1-6 Low risks are largely acceptable. Where it is reasonable to do so, efforts should be made to reduce risks further.

How to decide which controls are suitable?

When deciding which controls are suitable and adequate to reduce the risk, you should consider the “hierarchy of control”. By using the top level controls, you are more likely to effectively control the risk of injury to staff and others affected by the activity. Reliance on lower level controls will mean that the risks of injury are greater.

The most effective controls are those which do not rely on human behaviour to implement, such as physical controls that prevent something happening. Controls that rely on people wearing personal protective equipment or following rules are therefore less effective.

A good acronym to remember when thinking of controls is ERIC PD

E – Eliminate the hazard
R – Reduce or substitute
I – Isolate the hazard from the person
C – Control, this could include engineering controls and administrative controls; eg safe system of work procedures, policies and procedures, training etc.
P – Personal Protective Equipment (PPE)
D – Discipline, ensuring that controls are monitored and employees are following the systems that have been setup.

There is no requirement to have your risk assessments written down if you have less than 5 employees.  We would however, recommend that in order to demonstrate that you have done all that is required (reasonably practicable) to control health and safety risks, it is documented.

Your documented format should follow the risk assessment steps as outlined above.

Few of our business activities and or workplaces remain the same, with the introduction of new ways of working, new equipment and methods of using it, but to name a few ways in which organisations change.  To maintain a preventative approach to managing risk, it is important that we regularly review our risk assessments as and when changes occur. Examples of when a review should take place are as follows:

  • When there are significant changes to:
    • the activities or task being undertaken;
    • the equipment or materials being used;
    • the people involved (particularly important for assessments relating to medical conditions etc.);
    • the processes or procedures being followed; or
    • the environment or location where activities takes place.
  • If there has been an accident, incident or near miss, a review should be carried out as part of the manager’s investigation so as to reduce the likelihood of the accident reoccurring.
  • If an employee is returning to work after suffering an injury or illness, that is associated with work or could be affected by a work activity, the Line Manager should review any risk assessments relating to their work activities to identify whether any amendments or additional controls are required to ensure their injury or illness is not made worse.

A review of a risk assessment may be as simple as checking that the hazards listed still reflect what happens in practice, and that the control measures are still sufficient to reduce the risk.  It is recommended that persons with responsibility for managing risk assessments plan to review them at least annually.

Where the risk assessment relates to a health related matter or a new and expectant mother, then a review of the assessment should take place more frequently, normally at a time set between the assessor and the person which the risk assessment is for.  For example a new and expectant mother may in certain circumstances need the assessment to be reviewed weekly etc.

5 rings showing what are the 5 steps to a risk assessment

How can we help?

Following our 5 steps to risk assessment will enable you to start the process of completing risk assessments.  We have provided a snapshot of the elements that are required and if this is new to you, additional information and support maybe required.  We have set out 3 options below where we can provide further help and support.

  • We provide an online risk assessment training course that provides much more information and detail on the risk assessment process.  This course is approved by the International Institute of Risk and Safety Management (IIRSM).  This course is £35 per person.
  • We can provide a bespoke risk assessment training course for your organisation  We will visit your site and gather all the information that is required to provide this service.  The training course will be tailored to your operations and delivered to those who would be involved in the risk assessment process.
  • Finally we can assist with completing your risk assessments.

If any of these options are of value please get in touch.

Howlett Health & Safety Services can assist with completing your general risk assessments in the workplace.

Get in touch today and see how we can help. Call

07875 535 558