Latest Briefings

Risk Assessments: what are they and how to complete one

By Joe Kerin

Posted on: 22 May 2025

You have probably heard of the phrase risk assessment (or RAMS! I’ll get onto this later), but do you know what a risk assessment is, or how to complete one?

This article will explain what a risk assessment, why it is important, who should create it, and most importantly, how to complete one.

Please use the links below to jump to each section:

What is a risk assessment?

So, what exactly is a risk assessment… in essence, a risk assessment is a systematic process used to identify potential hazards that exist within your workplace, categorise how risky that hazard is through a combination of likelihood of occurrence and consequence, and outline the measures (otherwise known as ‘controls’) which you need to implement, to reduce that risk to as low as is reasonably practicable.

Why is a risk assessment important

Not only is a risk assessment a legal requirement in certain circumstances (read below), but organisations also have a moral obligation to ensure that everyone goes home at the end of the day. The process of risk assessment ensures that organisations are fully aware of the risks associated with their operational undertakings and understand what controls they need to implement, to reduce those risks.

Additionally, once completed, the control measures are brought to the attention of those completing the activity to which the risk assessment relates, so they are aware of what they need to do, to keep themselves safe.

Is a risk assessment a legal requirement

In short… Yes!

Organisations have a legal duty to assess the risks to the health and safety of its employees (and risks to the health and safety of persons not in their employment) to which they are exposed while they are at work.

For those organisations who employ 5 or more people, any risk assessment must be formerly recorded.

Get A Free Consultation

Who should perform a risk assessment

There is no hard and fast rule as to who should complete a risk assessment. Of course, you will want to leverage the knowledge and expertise of someone who is experienced in health and safety, but it should not be completed by them alone. Often (if not always), those in health and safety related roles will not be undertaking general operational activities, as such, it is of vital importance that you consult with those members of staff who undertake the activity under assessment, as they will be able to impart instrumental pieces of information, which may not be taken into consideration by those who do not undertake the task on a day-to-day basis.

How do I complete a risk assessment

Now that we know what a risk assessment is and why there important, we will turn our attention to how exactly to complete one.

When completing a risk assessment, you should use the 5 step approach. These consist of:

Step 1: Identify hazards
Step 2: Assess the risks
Step 3: Control the risks
Step 4: Record the findings
Step 5: Review the controls

Step 1: Identify the hazards

To complete this step, look around your workplace and think about what may cause harm, as these will be your hazards. To ensure that your risk assessment captures all the relevant hazards, look at tasks initially in isolation and them bring them all together.

When thinking about hazards, consider:

Any substances being used
Is there any manual handling involved
Equipment being used (i.e., hand tools, power tools, large items of equipment, items of mobile plant, working at height equipment etc)
The working environment
Other activities taking place within the vicinity of the task under assessment

Also, consider the following when compiling your risk assessment for information on some less obvious hazards:

Accident and Ill-health data
Information provided by members of staff
Speak with other organisations within your industry
Any industry specific guidance (i.e., WISH)

Step 2: Assess the risk

One you have identified the hazards associated with an activity; you need to ascertain how risky that hazard is. In completing this section of the risk assessment process, you need to look at the hazard and identify how likely this hazard would come to fruition, as well as outlining the consequences should this hazard occur. Most organisations use a simple 5×5 risk matrix which identifies how risky the hazard is.

Step 3: Control the risks

In this step in the process, you want to look at the hazard and consider how you are going to control the risk. When doing so, it is important that controls are implemented in line with the hierarchy of risk control.

Step 4: record the findings

If you employ 5 or more people, you must record the findings (i.e., the risk assessment).

Step 5: review the controls

You must keep your risk assessment under review, to ensure that the controls highlighted are suitable and sufficient in controlling the risk. This step allows organisations to identify any gaps within their control measures and implement additional controls, to reduce the risks further.

When should I review a risk assessment

This step is hugely under-rated step in the risk assessment process. Once created, risk assessments need to be reviewed to ensure that both the risks and controls highlighted remain relevant. From my standpoint, risk assessments are always in ‘draft’, because organisations should continuously look at all of its tasks and the applicable risk assessments and be identifying and implementing additional controls to reduce the risks highlighted further.

From a general standpoint, risk assessments tend to be reviewed on an annual basis. This is a good starting point, but the riskier the activity, the more frequent the document and process must be reviewed.

Additionally, the risk assessment must be reviewed if:

You believe that they are no longer effective
There are changes in the workplace that could lead to new risks, such as changes to: staff, a process, a substance or equipment used
Accidents, Incidents or Near Misses
Issues reported by staff

Once the review has been completed, it is important that consultation takes place, prior to it being disseminated wider throughout the organisation.

What is ‘consultation’?

Consultation essentially means consulting relevant persons. As detailed earlier within this article, risk assessments must be completed by speaking (consulting) with various individuals. These individuals can include:

Those carrying out the task under assessment;
Health and safety representatives;
Other organisations; and
Wider members of staff within the organisation.

It is only when you consult with a plethora of individuals/groups will you create a risk assessment which has captured all of the relevant risks associated with the operational undertaking under assessment.

Get A Free Consultation

What are ‘RAMS’?

Chances are you have heard of the term RAMS before, but what does it mean? RAMS simply stands for Risk Assessment and Method Statement.

RAMS are a slight enhancement on a standard risk assessment, as it annexes a method statement, which is a detailed document which outlines the step by step process which must be completed for a certain activity.

Summary

In summary, risk assessments are vital to any organisation when ensuring the health and safety of those who may be affected by their operational activities (both employees and non-employees).

As an organisation, as long as you have a detailed process to completing risk assessment, which aligns with the above approach you cannot go too far wrong.

Should you need more information on the risk assessment process, or would like some help and support, please do get in contact.

How can USP help:

USP support a number of clients across the UK, providing the fundamental support and processes to ensure a safe and successful project.

If you want to speak with one of our consultants, please email us at info@universal-safety.co.uk or call us on 01903 942996.