Everything You Need to Know about Risk Assessments

What is a Risk Assessment?

It is essentially just that, the assessment of risk in terms of carrying out a ‘task’ where a hazard has the potential to cause harm or damage to people of things. Even with the best will in the world, you are only going to be able to assess the risks that are reasonably foreseeable, or in legal terms, “reasonable to attribute to a person”. The law covers this in management regulations, and further more in health and safety courses, you maybe familiar with the term ‘as low as reasonably practicable or ALARP’.

So what are the fundamentals when preparing a good risk assessment?

Common – which any reasonable person could identify

Industry – well known in the industry you’re in

Expert– which is knowledge outside of most competencies and is very specific

In basic terms, we are being held to account for our decisions. These terms are used to determine if the risk identified could have been seen by anyone, known in the industry or could only be dealt with by an expert. Only then are we benchmarked accordingly.

It is possible that your evaluation could be different to others. We all see things differently and to quote a fascinating author Jenalyn Albia:

“…. perceptions vary from person to person. Different people perceive different things about the same situation. But more than that, we assign different meanings to what we perceive. And the meanings might change for a certain person. One might change one’s perspective or simply make things mean something else”.

Don’t evaluate risk if you’re not qualified to do so

Let’s be candid, there is no point in attempting to evaluate risk if you are not competent to do so. In other words, you don’t have the experience or the qualifications to decide if the level of risk is acceptable or needs to be reduced.

Realistically, most of us are incompetent at a lot of things if we use this definition, or rather, either we have the knowledge but no experience, or the experience and no knowledge.

Evaluating and assessing the risk

Now we are comfortable with some of the major terms, we are able to look at a hazard (the thing that has the potential to cause harm) and start to evaluate whether or not it needs further control.

Each business and individual will have a different view on Risk Assessments. Some prefer quantitative over qualitative. It’s also a good idea to see what ‘type’ of risk assessment fits with the company size, complexity and tasks undertaken.

For example a small office with minimal significant risks to personnel wouldn’t benefit from a 5×5 matrix, but a simple and easy to read qualitative assessment may be more appropriate.

There is no hard and fast rule with RA’s. It’s down solely to interpretation.

Having said that, there’s a few crucial elements that must be considered;

  • Date of the assessment
  • Name/signature of risk assessor
  • Acknowledgement ‘box’ for those who read it
  • Identification of foreseeable risks
  • Control measures suitable for the risk mitigation
  • Who might be harmed and how

These are some of the questions I ask myself when reviewing risk assessments. It’s also important to note they must be specific to a task. Not a generic risk assessment picked up off the shelf that no one actually reads!

Make sure to utilise ‘likelihood’ of risk occurring and ‘severity’ of risk towards individuals.

In some way, shape or form you should attribute an initial score to the task- this is the score pre-control measure.

It’s always a good idea to ensure the risk assessor understands the difference between a risk and a hazard.

Risk Management

We can use the Hierarchy of Control to help us prioritise what controls we should consider and in what order. Not sure what the hierarchy of control is? Google it- there’s tonnes of images explaining the system that’s used.

Whatever control we decide to use, we need to be able to justify our choice. For example, if we decide on PPE, which is the least effective control measure, we have to be able to justify why we were unable to put administrative or engineering controls, substitution or even that we could not eliminate the risk altogether.

Remember to follow the hierarchy of control from top to bottom. We want to start with the most effective control measures first and only if they cannot be implemented should we consider a less effective control measure.

Once we have put the additional controls in place, we are able then to re-rate/score the risk and we should find that the rating decreases. Again this can be qualitative or quantitative.

Remember once the risk assessment is complete, it’s always a good idea to get an extra pair of eyes on it. Ideally risk assessments should be prepared with or by the person doing the job. But I live in the real world, and know this isn’t always the case.

**Just keep in mind the 3x points at the start of this- **

Common – which any reasonable person could identify

Industry – well known in the industry you’re in

Expert – which is knowledge outside of most competencies and is very specific

If you need any help with preparing your risk assessment, feel free to book a quick slot in my calendar (below) to see if we can help.

As always, your safety is my priority,


Want to take your Health & Safety to the next level? Book a FREE audit with us now https://bit.ly/freeauditnow