You are on page 1of 14


Risk Assessments

The Official BIFM Information Service Partner


Current Position
Understanding Risk Assessments
Any task will be performed more efficiently and effectively if some forethought is given to where
it is to be performed, how it will be implemented, and what the expected outcome will be. Risk
assessment is an essential part of that planning process. Most work carries a risk of potential
harm and injury and therefore employers must consider what should be actively done to control
it. It is not possible to control all the risks completely - work would not be possible under these
conditions. However, the risk of injury and damage should be controlled to reasonable and
acceptable levels and it is the aim of risk assessment to achieve this.
Risk assessment is not an end in itself, but is rather a means of managing risk. Many managers fail
to appreciate this and invest far too much time in developing pristine documents to keep on a shelf
in the hopes of impressing a visiting Inspector, auditor or Director!

assessment is not
an end in itself

Risk assessments should review all of the activities

of the business and the places of work and identify
the hazards arising. The people at risk should be
identified along with existing risk control measures.
Then following an evaluation against the standards
to be met, any required improvements should be
identified along with timescales and responsibilities
for implementation. Where the employer is required
to document the assessment ie they have five or
more employees, the requirement is to write down
only the significant findings.
Risk assessments should be reviewed periodically
and where there are changes in the matters to
which they relate or other reasons to believe they
are no longer valid. This cycle of frequent review
and implementation of findings creates a process of
continuous improvement one of the basic principles
of effective management.


The types of risk control measures to be implemented

as a result of the assessment might include
elimination of the hazard, engineering controls, safe
systems of work, permit to work procedures, safety
training or use of personal protective equipment.
Staff should be made aware of the findings of the
risk assessments. Where the documents are written
in a way which staff will easily understand them, this
can be achieved by simply asking staff to read them,
and sign to say that they have read and understood.
In most cases however, it will be necessary for
their manager to check that key points have been
understood. Risk assessments can be particularly
useful at induction of new starters, to explain to
them the risks of activities with which they may be
unfamiliar. Staff should be asked to raise with their
manager any issues they feel should be included
in risk assessments, or to query inaccuracies. By
performing risk assessment, valuable information

Risk Assessments
> 01

can be obtained to assist planning and the formation of

procedures, policies and strategies for:

yy the risk to the health and safety of persons not in his

employment arising out of or in connection with the
conduct of his undertaking.

yy changing or modifying unsafe working practices

yy assessing current and future training needs
yy identifying groups at risk (members of staff, contractors,
visitors, etc)
yy identifying specific hazards that need assistance from
consultants or specialist engineers (pressure systems,
lifts, lead, asbestos, radiation, etc)
yy identifying where a specific risk assessment may be
required to look at an issue in detail, in accordance with
other legal requirements eg display screen assessments,
fire safety risk assessment, COSHH assessment, manual
handling assessment
yy evaluating the effectiveness of current control
measures (supervision, machinery guarding, personal
protective equipment, etc). Recommendations for
control measures should be on the basis that they
are reasonably practicable or are an absolute legal
In the context of this guide, general risk assessment refers
to a relatively subjective process which for most businesses
will be sufficient to meet the legal requirements. For those
in hazardous industries and involved in engineering risk
assessments a more complex process may be required such
as those known as hazard and operability studies, HAZOP,
hazard analysis, HAZAN, quantified risk assessment, QRA,
and a host of other complex-sounding terms. The method
described here is not intended to address these detailed risk
assessment requirements.
Whilst not being the only method, the method of risk
assessment described in this guide is useful in most general
work situations.

Legal Requirements
The general requirement to carry out a risk assessment
arises arguably from the duty on employers to ensure
the health and safety of employees and those affected
by the work activities given in Sections 2 and 3 of the
Health and Safety at Work etc Act 1974. However, the
explicit requirement is in Regulation 3 of the Management
of Health and Safety at Work Regulations 1999, which
requires employers to undertake a suitable and sufficient
assessment of:
yy the risks to health and safety of their employees whilst
at work


A similar duty rests with the self-employed to assess the

risks to themselves and others affected by their work. It
should be noted however, that there are currently proposals
in the Deregulation Bill which are likely to remove many
self-employed unless they are conducting a prescribed
undertaking. A prescribed undertaking will be defined
in Regulations which, at the time of writing, are subject to
The statutory purpose of the assessment is to identify the
measures needed to comply with the requirements and
prohibitions imposed by or under the relevant statutory
provision. In other words, the purpose of the assessment
is to identify all of the things which have to be done to
comply with health and safety legislation. This is often
forgotten by those who set out to portray risk assessment
as simplistic and easy to do. Whilst risk assessment can
be carried out by those without specialist health and
safety knowledge, they will inevitably need to carry out
a great deal of research in order to ensure that they have
covered all that they should have. The assessor should look
at appropriate sources of information including relevant
legislation, guidance, trade press, supplier manuals etc. In
addition, by seeking advice from competent sources.
The assessment must be reviewed if there are reasons
to suspect the assessment is no longer valid or there
are changes in the mattes to which it relates. It is worth
noting that the requirement to undertake risk assessment
applies to every employer. Some people are misled by the
requirement in Regulation 3(6), which permits employers of
less than 5 people not to record the assessment - although
it must still be undertaken. Whilst recording the result is
not mandatory in these small organisations, it is advisable
in many circumstances e.g. to prove that the assessment
was carried out, so that the assessments can be shown to
prospective clients or used to join contractor assessment
schemes, to enable the assessment to be more easily
reviewed in future and to check that everything has been
considered as it ought to.
There are a number of other regulations that deal with
specific hazards, which require specialist risk assessments.
These include fire, asbestos, lead, hazardous and dangerous
substances pathogens, noise, display screens, manual
handling, ionising radiation, construction design, etc. It
must be ensured that where a specific format and set of
requirements applies, that this is followed, rather than
attempting to cover a specific assessment using the
general risk assessment process. Instead, the general risk
assessment should be used to flag where these more
detailed assessments are required ie the need for specific
assessment can be listed as a required risk control measure
within the general assessment.

Risk Assessments
> 01

the purpose
of the assessment
is to identify all of
the things which
have to be done
to comply with
health and safety

Risk assessments are often the first piece of written

evidence sought by regulators in the event of an accident
investigation or a prosecution being brought. They are
also discoverable as part of the pre-action protocol in
civil cases - usually two of the key documents requested
by any claimants solicitor are pre- and post-accident risk

yy if model risk assessments are used, it should be

ensured that they are properly adapted to the specific


yy the level of detail should be proportionate to the level

of risk, insignificant risks can be ignored, risks arising
from life in general need not be covered

What Risk Assessment Involves

The principles of risk assessment (based on HSEs 5 Steps
to Risk Assessment) really only embody common sense.
They are:
yy identify the hazards

yy if the job changes, or new activities are introduced,

the assessment needs to be reviewed or additional
assessments undertaken

yy reasonable steps should be taken to identify risks by

carrying out research, seeking competent advice,
involving the workforce and including input from
yy the risk assessment should identify the period of time
for which it is likely to remain valid.

yy identify the people affected by the hazards

yy evaluate the risks posed by the hazards, taking into
account existing controls and any further action
yy record your findings, implement actions and tell your
staff about it
yy review the assessment as and when necessary.
For the risk assessment process to be effective:
yy a structured approach should be taken to ensure that
all hazards are identified
yy it should identify all those who will be affected by
the work; this includes staff and also maintenance
and cleaning staff, post staff, the public and visitors,
including any person at particular risk eg disabled,
visitor, young, children, pregnant staff
yy both normal and abnormal conditions need to be
considered; eg what would happen if the photocopier
jammed, or what happens if equipment must be
cleaned during use?

Undertaking the Risk Assessment

Any task will be performedmore efficiently and effectively
if some forethought is given to where it is to be performed,
how it will be implemented, and what the expected
outcome will be. When embarking on a risk assessment,
a good starting point will be to decide what areas will be
assessed and in what order and who the members of the
assessment team will be. In order to demonstrate that
reasonable care was taken in undertaking the assessments,
it should be ensured that the assessors are competent
whether by experience, training, qualification or a
combination of these. It is usual to provide managers with a
training session of a half to one day, covering the principles
of risk assessment and including an opportunity to practice
those skills.
Sufficient resources must be made available to ensure that
the process of risk assessment is performed adequately and
The choice of what will be assessed depends on the size
and type of the assessors area of responsibility. Generally,
there are two types of assessment - by task, or by location.

yy it should consider the risks to people, not to things (the

reason being that the risk assessment process described
here is for the purpose of meeting health and safety
requirements as opposed to business continuity or
property protection purposes)

In practical terms, assessments tend to fall into the

following categories:

yy group similar tasks where possible to minimise

repetition, but having regard to the need to adequately
cover all the tasks without compromise

yy sectional assessment - this could be where several

people are performing different roles in the same area
or room - this may not be sufficiently detailed if their
activities are numerous or complex


yy an overall assessment of the workplace (only feasible if

the area is very small and has few hazards and low risks)

Risk Assessments
> 01

yy job or activity assessment - identified by role performed

by staff or by task

Generic Workplace Hazards

General hazards include the following:

yy process or method assessment - this is the most specific

as it is identified specifically by function or task.
Before beginning a risk assessment it is worthwhile to
establish some boundaries ie what is and is not included. A
good place to start is to make a Task List and a list of work
areas. At this stage the list needs to be at a reasonably high
level, for example job groups rather than individual parts
of the task. Having done this, the assessor is in a position to
move forward to the actual assessment process.
If there are a large number of tasks or locations to cover,
they should be prioritised according to perceived risk i.e.
undertake risk assessments for those which seem the most
hazardous first.

Identifying the Hazards

Overview to Identifying the Hazards
The first step of the assessment is to identify the hazards.
This can be the most difficult part of the whole exercise and
it is crucial that hazards are not missed.
It is important that assessors are able to identify hazards
that have become accepted ie which have become part
of the furniture. A team approach involving a person who
is unfamiliar with the work activity can assist in identifying
these hazards.
The process of identifying hazards will involve consideration
of the activities, machines, equipment, processes, etc that
have the potential to cause harm. Some hazards will be
obvious, such as damaged electrical appliance cables,
exposed hot surfaces, etc.
Other hazards may not be so obvious, such as unsafe
working practices or a dangerous substance stored in a
cupboard. It is good practice to talk to staff about their
methods of working and the equipment they use. Hazards,
which are adequately controlled, should also be included,
as it will be necessary to evaluate the adequacy of the
control measures. It must be ensured that hazards which
occur in non-routine situations are also included eg during
cleaning, maintenance, out of hours and during extreme
weather conditions.
Hazard lists should be used with caution as they can close
the mind to alternatives which are not included on the
list. However, they do have a place, if used with care. The
following lists may assist but are not exhaustive.


yy access and egress - blocked fire escapes, access

restricted by materials, slippery ground surfaces in
winter, etc
yy adverse weather conditions - rain, wind, cold, and hot
or arid conditions. This includes prolonged exposure to
sunlight during the summer months, involving risk of
sunburn and skin cancer, and ice and snow in winter
yy animals/insects - infections, kicks, bites, scratches,
excretions, crushing, pulling or knocking people over
yy collision with people, vehicles, and property
yy compressed air - burst pipes, noise of operation, misuse
yy contact with hot or cold surfaces or liquids - burns
and scalds can occur from contact with both of these,
especially where there is prolonged contact - for
example, radiator surface temperatures and water
temperatures above 43C have a greater risk of burning
or scalding for vulnerable persons
yy ergonomics - poor design, sharp edges, too low, too
high, too heavy, badly positioned, etc
yy falling objects - inside and outside the premises.
Includes goods falling from high shelves, objects
dropped by maintenance workers on those below,
materials and tools dropped by construction workers
from scaffolds, demolition work, structural instability etc
yy food hygiene - pests, storage of foodstuffs, temperature
of refrigerators, hot and cold holding temperatures,
segregation of raw and cooked foods, contamination,
foreign bodies
yy lighting natural and artificial - insufficient or excessive
levels, poorly positioned, reflections, glare
yy lone working - ability to raise alarm, medical
emergencies, stress, etc
yy work related violence verbal and physical abuse
yy slips, trips and falls - falls down staircases, into
unmarked holes, changes of level. Consider spillages
and temporary obstructions as well as routine

Risk Assessments
> 01

assessments are
often the first
piece of written
evidence sought
by regulators
in the event
of an accident
investigation or a
prosecution being

yy storage and movement of materials such as files falling, collapsing, slipping, etc
yy storage and use of flammable liquids and gases - gases,
solvents, solids, flammable and explosive atmospheres
etc posing risk of fire and explosion

Ionising and Non-ionising Radiation

Risk assessments must be carried out to determine if
there is any exposure of employees, and if so, whether the
exposure is significant, from:
yy microwave and radio frequencies

yy use of tools - repetitive strain injury, eye injury, cuts,

strains and sprains

yy ultra-violet light

yy electrical hazards

yy lasers

yy stress - work pressure

yy radioactive sources and contaminated materials.

yy sharps - knives, blades, broken glass/ crockery, needles,


A specific risk assessment will normally be required with

cross-referencing of the specific assessment, within the
general risk assessment.

yy vehicles - driving on work related business, workplace

transport (internal and external)
yy waste materials - sharps, flammable, dusts, liquids,
solids, recyclables (storage and disposal)
yy working at heights - work on fragile surfaces, ladders,
steps, scaffolds, suspended access platforms, work near
unguarded edges etc

Work Equipment
Work equipment covers all types of machinery, and
presents a wide range of hazards; these must be assessed
separately or within the general risk assessment.
Lifting Operations

yy work in confined spaces - drains, pits, basements,

vessels etc

Lifting equipment covers all types of mechanical lifting. If

any mechanical lifting is carried out the activities must be
assessed, separately or within the general assessment.

yy work in excavations

Display Screen Equipment

yy working in extremes of temperature - working inside

and outside; lengthy exposure to air or surface
temperature at, or above blood temperature (36C),
or room temperature regularly below 15C should be
considered a potential cause of harm.

The special hazards posed by working at display screen

equipment (DSE), such as computers, CCTV monitoring
stations, microfiche readers and so on, must be assessed
separately within DSE Assessments for each user. Specific
assessments should be cross-referenced within the general
risk assessment/s as appropriate.

Chemical and Biological Hazards

Substances that will cause harm both chemical and
biological will include:
yy hazardous substances, including waste materials, dusts,
fume, gases, vapour, liquids. And including carcinogenic
substances, if any are used, or exposure is created eg

Pressure Vessels
A specific type of risk assessment is necessary for the risks
posed by pressure systems. These systems are a rigid system
of pressure vessels and pipes carrying a relevant fluid. A
relevant fluid can be considered as steam, gas, vapour or
a gas dissolved in a liquid, at 0.5 bar above atmospheric
pressure. Specific assessments should be cross-referenced
within the general risk assessment/s as appropriate.

yy biological agents including hazards from needles and

other sharps.

Manual Handling

A specific risk assessment will normally be required with

cross-referencing of the specific assessment, within the
general risk assessment.

Any work involving physical (human) effort to move or

support an object, which involves a risk of injury, must
be subject to a specific manual handling risk assessment.
Specific assessments should be cross referenced within the


Risk Assessments
> 01

general risk assessment/s as appropriate. Manual handling

operations can include:
yy lifting
yy pushing
yy pulling

yy shared workplace staff - common areas shared with

workers from other organisations, such as catering
providers, must be considered and the findings
conveyed to their employers
yy visitors - this covers all persons visiting the area subject
to assessment including sales representatives, cleaning
contractors, emergency and rescue services, inspectors,

yy manoeuvring

yy carrying

yy members of the public - consideration must be given

to invited and uninvited members of the public in and
around the location or activity including those within
neighbouring properties.

yy transporting: with sack trucks, trolleys, etc.

Evaluating the Level of Risk

Noise and Vibration

Risk (R) is the combination of the likelihood of the

hazardous event occurring (L) and the severity or degree of
harm (S). ie L x S = R.

yy steadying

Significant risks posed by noise and vibration in the

workplace or caused by work activities must be assessed,
separately but with a cross reference within the general risk
Fire Safety
This requires a separate assessment under the Regulatory
Reform (Fire Safety) Order 2005 and equivalent national
legislation in Scotland, Northern Ireland and Eire.
[See Barbour Guides Fire Risk Management and Fire
Precautions and Fire Protection]. Specific assessments
should be cross referenced within the general risk
assessment/s as appropriate.

Deciding Who May be Harmed and How

The risk assessment should identify all persons who could
be at risk from the activities in question, including those
at particular risk eg young persons, children, new and
expectant mothers, the disabled or those with language
or learning difficulties. Non-employees should be
considered in addition to staff, eg members of the public,
visitors, patients, residents, students, contractors such as
cleaners and maintenance technicians, delivery personnel,
maintenance contractors.
The typical categories of people that could be harmed are
likely to include:
yy staff - all types of directly or indirectly employed staff
must be considered; permanent, part time, temporary
or contract, and trainees. Particular attention must be
given to young people, expectant women and new
mothers. If there are children (anyone below schoolleaving age) on work experience or at work, the key
findings of the risk assessment have to be passed to
their parent or guardian

Determining the level of risk therefore requires the assessor

to estimate the likelihood of the event taking place and the
nature of the harm taking into account risk factors and past
experience. The risk rating can be used at several points
during the risk assessment. Some companies choose to
assess the level of risk arising from the hazard imagining
that there are no risk control measures in place, and to then
reassess after proscribing risk control measures. Others only
assess the degree of risk after all risk control measures have
been considered including new ones not yet implemented.
Either approach is acceptable.
The benefits of evaluating risk are mainly in helping to
prioritise the improvements identified. The technique can
also be used to evaluate whether sufficient risk control
measures have been identified to reduce the risk to an
acceptable level. However, the difficulty with this is that
the process is usually very subjective and the assessor can
almost feel forced to fake the outcome to show a significant
reduction in risk as a result of the recommendations
included. This should be avoided.
There are a large number of means of evaluating risk
numerically, but in general, the end result should enable
a person to understand priorities easily, so a three level
or five level system is usually the maximum required in
the majority of workplaces. Eg, the outcome might give a
measure of Low, Medium or High risk. Here is an example
three by three matrix i.e. three levels of likelihood and three
levels of severity:
1. low: the event is unlikely to happen or certainly
would occur very infrequently
2. medium: the event is expected to occur on a less


Risk Assessments
> 01

should identify
all persons who
could be at risk
from the activities
in question

regular basis, but is still recognised as a problem by the team

3. high: an event is expected to occur on a regular basis, for example once a month or so regularly that it is perceived to
be a problem

Estimates of Consequences or Harm

Harm can range from death, major or minor physical injuries, disease, genetic defects, mental injuries, to social trauma.
Possible definitions for consequence being low, medium or high are illustrated below.
Nature of Harm to People
1. low: outcome up to (and including) administration of first aid
2. medium: hospital visit and/or absence for up to three days
3. high: death, or major injury/accident resulting in over three days absence from work
Using a Risk Matrix to Prioritise Action
The assessor uses the 3x3 grid of nature of harm versus likelihood of harm to provide an estimate of the degree of risk see
Figure 1.
Figure 1 risk evaluation matrix




Moderate risk




Moderate risk

Substantial risk



Moderate risk

Substantial risk

Unacceptable risk







Another way of looking at this is to simply multiply the numbers:













In this approach scores of 1-2 = low risk, 3-4 = moderate and 6-9 = High
If the risk is low, (non-existent, trivial or acceptable), then it may not be necessary to do anything to control the risk. However
care should be taken to comply with any legal requirements which may place an absolute duty on the employer. If the risk
is Moderate then there is an area of uncertainty - the risks should be reduced as low as is reasonably practicable. Prioritising
would include cost-benefit analysis. If the risks are high, (substantial or unacceptable), then action needs to be taken to
control the risk as a high or immediate priority - as far as is reasonably practicable - ie in proportion to the magnitude of the
risk when balanced against cost. Again care should be taken to comply with any legal requirements which place an absolute
duty on the employer, regardless of whether there appears to be a benefit when considered against cost.
This process is based on the judgement of the assessor using their knowledge, any information (including accident data) and
observations of the workplace. Part of the consideration must also include the exposure factor, which reflects the number of
people exposed, and the length of time they may be exposed.


Risk Assessments
> 01

Determining Priorities
At this stage in the risk assessment process, the risk
assessors should make decisions on the most appropriate
management strategies for the risks they have evaluated.
The evaluation assists in prioritising any control strategies
by considering what the acceptable or tolerable levels of
risk are. These values will be based on:

risk reduction, but require more management attention to

ensure effectiveness.
The following hierarchy should be applied by attempting
to apply the first method of risk control, and then, if risk
remains, apply the next level and so on until the risk has
been controlled so far as is reasonably practicable. Note that
there are several versions of this hierarchy in circulation and
this is simply an example:

yy acceptance criteria within the organisation

yy cost-benefit analysis - costs of implementing controls
against the reduction of risks which may accrue
yy humanitarian issues - injuries cause real pain and

yy elimination - the risk can sometimes be removed

altogether by stopping the hazardous activity or
avoiding the technique, equipment or substance that
poses the risk
yy substitution - if possible the risk can be reduced by
substituting a less hazardous substance or process

yy legislative constraints (or opportunities).

The end result of a risk assessment could be a number of
action priority levels. One approach is based on the three
risk ratings:
yy high risk - immediate action - this activity may be too
risky to continue until effective means are taken to
control the risk (but bear in mind that some activities
may be high risk and acceptable even after applying
risk controls)
yy medium risk - area of uncertainty - managers need to
ensure the risks are reduced as low as is reasonably
practicable. Prioritising would include cost-benefit
yy low risk action may not be required at all, or may be a
low priority.

Controlling the Risks

At this point in the risk assessment process, assessors must
make a decision on additional risk control measures, which
are needed to control the risks to an acceptable level.
There are many ways of controlling risks but some are more
effective than others. These can therefore be expressed in a
hierarchy from the most effective to the least effective.
The most effective risk control strategy is to eliminate the
hazard. This is achieved by changing what is done or how
it is done, or by stopping an activity or removing a physical
hazard. However, in the majority of cases it is not possible
to do this and therefore other methods are required to
reduce the risk. The next stage is to protect the person from
the risk by physical means. If this has not been possible or
risk still remains, procedural risk control can contribute to


yy engineering means - in some cases it is possible to

segregate the people from the hazard by some kind
of engineering means. Examples of this would be:
enclosures, barriers, interlocks
yy separation from the hazard or reduced exposure where the risk is increased by proximity or the time of
exposure, means can be used to separate the person
or reduce this, for example working late or early, or the
time for which they are exposed can be reduced
yy using personal protective equipment - if all else fails,
as a last resort, personal protective equipment can be
used; it is a last resort because it is the least easy to
guarantee in terms of effectiveness, it can be difficult
to select correctly, not always worn or worn as it should
be, difficult to maintain correctly and only protects
the wearer. Ordinarily PPE should be used in addition
to other risk controls, or in circumstances where it is a
specific legal requirement eg hard hats on construction
sites where theres a risk from falling objects
yy safe systems of work - which minimise the risks through
a safe sequence of work are usually drawn up by the
manager or supervisor responsible for the area in which
they are to be used, although there can be common
practices across more than one area. Training and
supervision are required to reinforce the use of the safe
system of work.
The control measures will be quite diverse and very
dependent on the situation, however some examples will
yy access restriction - this may be by physical barriers,
signs, markings on the floor or by informing personnel,
written or verbally, where access is permitted and

Risk Assessments
> 01

The most
effective risk
control strategy
is to eliminate the

yy emergency procedures - this covers all forms of

emergency and evacuation procedures for fire, flood
warning, bomb alert, gas escape, processes going
critical, etc. Localised procedures should also be
considered covering, for example, electrical shock
treatment, first aid for minor accidents, etc

The Adequacy of the Control Measures

The control measures should be assessed for their adequacy
and suitability for the level of protection they are intended
to provide.

yy housekeeping - not only is it important to keep the

workplace clean and tidy, but procedures should be in
place to ensure that coats and other clothing do not
obscure gangways, etc
yy inspection and maintenance - regular inspections
and maintenance can identify potential hazards and
remove failing parts before they become dangerous; for
example, loose covers, etc
yy personal protective equipment (PPE) - gloves, safety
shoes, safety glasses, hi visibility clothing, hard hats,
respiratory protection, overalls etc. PPE should always
be viewed as a last resort and employed where or when
other protective measures cannot be used, or to deal
with residual risk left after other methods of risk control
have been applied
yy physical barriers - this is any physical method of keeping
persons away from danger, total enclosure, partitions,
barriers, fences, etc
yy safe access and egress - this covers not only normal
routes of access and egress, but must include
emergency escape routes, places of refuge in
emergency situations and muster points
yy safety devices - there are a wide range of safety devices
that can be employed, including safety interlocks, safety
trips, etc
yy supervision - required so far as is reasonably practicable
yy training, information and consultation - staff to be made
fully aware of hazards, risks, any emergency procedures
and the safe working procedures
yy ventilation or extraction - this is to aid the dispersal or
removal of dusts, fumes, gases, vapours and mists by
general ventilation (windows, doors, fans, etc) or local
exhaust ventilation warning signs and devices - danger
do not enter, etc; these may be used in conjunction
with warning beacons and audible alarms. Signs
and signals should be used where the risk cannot be
controlled by other more effective means.

yy are they effective - do special provisions need to be

made for; ethnic minorities (language, culture and
religion), young people, expectant mothers, disabled,
visually impaired, aurally impaired, those with reading
yy are they realistic?
yy have personnel received adequate training in order
for them to use, perform or respond to the measures
yy is refresher or update training required?
yy are training records held, and are they relevant and up
to date?
yy has everyone been informed of the measures and do
they understand them?
yy are inspections required, and if they are, are the reports
accurate and up to date?
yy are the control measures clearly documented?
yy are measures regularly monitored to ensure that they
continue to apply on an ongoing basis, and continue to
provide effective protection?
yy who is responsible for them?

Recording Monitoring and Review

Recording the Assessments
Reasons for maintaining written records of risk assessments
yy that for employers of five or more people, there is
a legal requirement to record significant findings
including the details of any groups of persons or
individuals identified as being at particular risk
yy to enable the risk assessment to be more easily
yy to show that a hazard was identified and risk was
considered, especially if no control was deemed
necessary. This could be useful if there is a later need


Risk Assessments
> 01

to justify the decisions made, eg to an Enforcement

Authority, as part of a defence of civil proceedings or
in court
yy to use in staff training, particularly induction of new
yy to use as evidence in the event of enforcement action
or a civil claim.
The records can be stored in whatever medium is
convenient, as long as it is easily retrievable. However, it is
good practice for a master copy of the assessments to be
The risk assessment record should include as best practice:
yy significant hazards identified in the assessment
yy existing control measures and the extent to which they
control the risks
yy who may be affected by these risks and any identifiable
groups of employees that are at particular risk
yy the evaluated risk rating
yy the expected means of control
yy a signature and date.
The results of these findings must be conveyed to staff in a
comprehensible and relevant way. An action plan should be
developed and kept up to date, allocating any outstanding
actions to named persons with target completion dates.
There is no mandatory format for the recording of risk
assessments. However it is important that they are available
to all people that need to see them - including staff and
enforcement agencies - and that the information they show
is clear and understandable to all who need to interpret
it. As a result it is advisable to have a common form that
will be used throughout the organisation. Example risk
assessment forms are available under the Forms and
Checklists tab above, which can be used or modified to
suit the needs of the assessor, the organisation or the users,
Review of the Assessments
Because changes occur within staffing, methods, activities,
technology and current knowledge , it is necessary to
review risk assessments periodically. A side-effect of
improving knowledge is that what is considered low risk
today may not be so tomorrow. An example of this is hard
wood dust; once considered to be little more than nuisance
dust. It is now recognised as a carcinogen (a substance


which causes cancer). Developments in technology may

also make technological risk controls more readily available
and cost effective, ie making them reasonably practicable
when at one time they may have been excessively costly eg
vehicle tracking systems.
The review of the assessments needs to be regular but does
not have to be onerous. The legal requirement is that the
assessments should be reviewed when there is a reason to
believe that they are no longer valid (eg time has elapsed,
or an accident has occurred) or where there are changes
in the matters to which they relate. The ACoP to the
Management Regulations says that it is prudent to plan to
review the assessment at regular intervals and that the time
between these reviews depends on the nature of the risks
and the likely degree of change. In most cases, assessors
assign an annual review date to assessments but there will
be occasions when a much longer or shorter review period
is appropriate. Reviewing can be a straightforward task,
which checks that the assessment is still valid, documents
any amendments and includes a signature and date. Where
there are significant changes the assessment may need to
be re-written entirely.
Auditing the Assessments
This is different from review or assessment - the aim
is to check that agreed controls are in place, training
completed, and that hazards are being managed (or have
been eliminated) in the way identified by the original risk
How often an audit is carried out is a matter of judgement,
but the timing should be proportional to the significance
of the hazards involved and the number of outstanding
actions arising from the assessments.
An audit may involve:
yy examination of documented safety policies and
yy checking training records
yy interviewing managers and staff to check that things
are working in practice.
Trade-union safety representatives have a right to carry out
health and safety inspections, and managers may wish to
make this a joint exercise. The issues for inspection will be
those highlighted in the risk assessment, and (no doubt)
new problems will be highlighted that can be fed into
the risk-assessment process. Any shortcomings requiring
immediate action should of course be dealt with.

Risk Assessments
> 01

There is
no mandatory
format for the
recording of risk

Key Actions
1. prepare a task list and a list of premises for which risk
assessments are required include unusual situations,
maintenance, preparation and disposal of items

who also has training in undertaking risk assessments. If

the working environment poses greater hazards with more
substantial associated risks, the assessor should possess a
higher level of competence. In certain cases, where specific
hazards are involved (asbestos, ionising radiation etc), it
may be necessary to call on the services an appropriately
experienced and qualified consultant.

2. identify competent risk assessors (and provide

additional training if needed), encourage assessors
not to work in isolation

Control Measures: also termed preventive or protective

measures, this covers all aspects of the management of
health and safety. These can be viewed in terms of:

3. undertake the risk assessments ie:

yy procedural measures such as supervision, instruction,

information and training

Undertaking a Risk Assessment:

1. identify the hazards to which people will be

2. decide who may be exposed to the risk and how
3. evaluate the risk ratings and record them
4. check whether current risk controls are adequate
or else introduce suitable and sufficient risk
5. record the assessment and provide it to all who
need to use it; allowing for regular reviews or
6. regularly review the assessments and also audit
7. continue to be aware of changing people,
conditions and hazards and monitor that risk
controls continue to work effectively
4. except where the employer has less than five
employees, all risk assessments must be recorded
5. on an ongoing basis update and undertake new risk
assessments as needed
6. consult with staff on the findings of risk assessments.
Provide information, instruction and training as
necessary, including instruction for managers and
7. maintain an action plan of outstanding actions
arising from risk assessments, allocate them to
named persons with target completion dates and
follow up to ensure they are undertaken.

Key Terms
Competent Person: the requirements for competency
levels of a person making an assessment will vary,
depending on the hazards and the levels of risk involved.
For general risk assessments in most work environments,
this could be a person with sufficient practical and
theoretical experience of working in that environment,


yy engineering or physical measures such as guarding,

fencing, protective clothing, etc.
Hazard: a hazard is something with the potential to cause
harm or damage to persons or property.
Reasonably Practicable: this phrase means a balance
of the risk on the one hand against the time trouble or
effort involved in reducing the risk. Where the costs far
outweigh the benefit the risk control may not be needed
unless there is an absolute legal requirement to do so.
For example, employers are required to ensure that floors
are free from holes, unevenness or slipperiness which
would expose any person to a risk to their health or safety.
Therefore, it is not open for the employer to decide that
repairing a hole in a floor is not reasonably practicable.
Risk: is a measure of how likely it is that harm will occur and
the severity of the likely harm. Risk is sometimes assigned a
numerical value or rating (high, medium or low).
Suitable and Sufficient: in terms of risk assessment, this
means that the level of detail is proportionate to the risk.
Trivial risk can be ignored, as can the risks arising from life in
general unless the work activity compounds or significantly
alters those risks.
New and Expectant Mothers: there is an explicit
requirement to assess the risk to new or expectant mothers
at work and they are defined as:
yy an employee who is pregnant
yy an employee who has given birth within the previous
six months (live or stillborn)
yy an employee who is breastfeeding.
Young Persons and Children: a young person is someone
below 18 and a child is a person below the minimum
school leaving age.

Risk Assessments
> 01

Related Documents
The following Barbour documents may be of assistance:
yy Risk Assessment Model Policy
yy On-Site Risk Assessment
yy General Risk Assessment Location

Further Information
and References
Information relating to risk assessment is available from a
number of sources, including the following:
yy HSE

yy Risk Assessment Toolbox Talk

yy European Agency for Safety and Health at Work

(Including links to European legislation relevant to
risk assessment, such as Framework Directive 89/391,
guidance, and risk assessment tools).

The following key documents are available on Barbour:

Other sources of information include:

yy Five Steps to Risk Assessment (HSE; INDG163)

yy TUC

yy Management of Health and Safety at Work Regulations

1999 (as amended)

yy Business Link

yy General Risk Assessment Activity

yy Key to Healthy Workplaces: Risk Assessment (European

Agency for Safety and Health at Work; Facts 81)
yy Roles and Responsibilities: Risk Assessment (European
Agency for Safety and Health at Work; Facts 80)
yy Various example risk assessments from HSE
yy Land Use Planning and Control of Societal Risk
Around Major Hazard Sites (Buncefield Major Incident
Investigation Board)

yy Unison
yy Health and Safety Authority (Ireland)
yy Royal Society for the Prevention of Accidents (RoSPA)
yy World Health Organisation (WHO)
Date of Review: August 2014

yy Evidence Based Evaluation of Scale of Disproportionate

Decisions on Risk Assessment and Management.
Prepared by
Greenstreet Berman Ltd RR536 HSE
yy Suitability of HSEs Risk Assessment Process and
Management Standards for use in SMEs. Produced by
Vectra Group Ltd RR537 HSE
yy Good Practice and Pitfalls in Risk Assessment. Prepared
by Health and Safety Laboratory RR151.


Risk Assessments
> 01

Barbour is a trading division and trading name of UBM
Information Limited (UBMi). It has published this Guide in
order to help the promotion of good practice amongst
knowledgeable and competent specialists in the subject
covered by this Guide. By using this Guide, the user
acknowledges, accepts and agrees to the following:
UBMi does not give any condition, warranty or other
term, or accept any duty of care or liability, in connection
with the quality or fitness for purpose of this Guide, or
any loss or damage resulting from reliance on it, and it
excludes all these.
When deciding whether or how to act, the user should
always obtain appropriate professional advice and should
not rely on any information, advice or recommendation
in this Guide, however it has been expressed. The user
is responsible for obtaining professional advice, and
acknowledges that any defects in this Guide would be
detected by a knowledgeable and competent specialist
providing that advice.
Any use of this Guide by any person is subject to UBMis
user terms for Barbour services, and by using it the user
is accepting those terms, and agreeing to be bound by
them, on behalf of the user and all other persons for
whom the user undertakes any work.
The user waives (and agrees to waive) all claims for loss or
damage which it might otherwise have against UBMi in
connection with this Guide other than those arising out
of a liability which UBMi has for personal injury (whether
fatal or otherwise) resulting from negligence.


Risk Assessments
> 01