How to carry out a Risk Assessment

At EU-level there are not fixed rules about how risk assessments should be undertaken (you should check the specific legislation relating to risk assessment in your country). However, there are two principles which should always be borne in mind when approaching a risk assessment:

  • to structure the assessment to ensure that all relevant hazards and risks are addressed (e.g. not to overlook tasks, such as cleaning, that might take place out of normal working hours, or ancillary departments such as waste compacting);

  • when a risk is identified, to begin assessment from first principles by asking whether the risk can be eliminated.

A stepwise approach to risk assessment

The European Guidance on risk assessment at work proposes an approach based on a number of different steps. This is not the only method of carrying out a risk assessment, there are a variety of methodologies for achieving the same objective. There is no single "right" way to do a risk assessment and different approaches can work in different circumstances.

For most businesses, especially small and medium-sized enterprises, a straightforward five-step approach (incorporating elements of risk management) such as the one presented below should work well.

Step 1. Identifying hazards and those at risk

Looking for those things at work that have the potential to cause harm, and identifying workers who may be exposed to the hazards.

Step 2. Evaluating and prioritising risks

Estimating the existing risks (the severity and probability of possible harm...) and prioritising them in order of importance.

Step 3. Deciding on preventive action

Identifying the appropriate measures to eliminate or control the risks.

Step 4. Taking action

Putting in place the preventive and protective measures through a prioritisation plan.

Step 5. Monitoring and reviewing

The assessment should be reviewed at regular intervals to ensure that it remains up to date.

However, it is important to know that there are other methods that work equally well, particularly for more complex risks and circumstances. Which approach to assessment is applied will depend upon:

  • the nature of the workplace (e.g. a fixed establishment, or a transitory one);

  • the type of process (e.g. repeated operations, developing/changing processes, work on demand);

  • the task performed (e.g. repetitive, occasional or high risk);

  • technical complexity.

In some cases a single exercise covering all risks in a workplace or activity may be appropriate. In other cases, different approaches may be appropriate to different parts of a workplace.

Documenting the risk assessment

A record of the results of risk assessments at work should be kept. Such a record can be used as a basis for:

  • information to be passed to the persons concerned;

  • monitoring to assess whether necessary measures have been introduced;

  • evidence to be produced for supervisory authorities;

  • any revision if circumstances change.

A record of at least the following details is recommended:

  • name and function of the person(s) carrying out the examination;

  • the hazards and risks that were identified;

  • the groups of workers who face particular risks;

  • the necessary protection measures;

  • details of the introduction of the measures, such as the name of the person responsible and date;

  • details of subsequent monitoring and reviewing arrangements, including dates and the people involved;

  • details of the involvement of workers and their representatives in the risk assessment process.

The records of assessments should be drawn up with the consultation and participation of workers and/or their representatives and made available to them for information. The workers concerned should, in any case, be informed of the outcome of each assessment that relates to their work station, and the action to be taken as a result of the assessment.