You write a good risk assessment by identifying hazards, evaluating who could be harmed, deciding on control measures, recording findings, and reviewing regularly.
How do you write an effective risk assessment?
An effective risk assessment follows five clear steps: identify hazards, determine who might be harmed and how, evaluate risks and decide on precautions, record your findings and implement controls, and review and update regularly.
Right now, the Health and Safety Executive’s “Five steps to risk assessment” (and OSHA’s matching guidance in the U.S.) remains the gold standard. Start by actually walking through your workspace or reviewing how things get done—look for anything that could cause trouble, like unguarded machines, slick floors, or overloaded circuits. Next, figure out who might get hurt: employees, contractors, visitors, even passersby. Then weigh each risk—how bad could it get, and how likely is it? Add controls where you can, whether that’s machine guards, non-slip mats, or circuit breakers. Write it all down and make sure everyone knows the plan. Don’t forget to schedule a review at least once a year—or sooner if anything changes.
What should a good risk assessment include?
A good risk assessment should include a list of hazards, who could be harmed and how, severity and likelihood ratings, control measures, responsible persons, and a review date.
Jot down each hazard in plain language—“unguarded rotating blades on a table saw” or “wet floor near the break room” work just fine. Then spell out who’s at risk: full-time machine operators, part-time cleaners, visiting salespeople. A simple 1-to-5 scale for severity and likelihood helps you rank what needs attention first. Document the controls you pick—maybe it’s a blade guard or a wet-floor sign—and name the person responsible and the deadline. Finally, set a review date, usually within a year, unless regulations, equipment, or staff change sooner.
Can I write my own risk assessment?
Yes, you can write your own risk assessment, but the process is only 20% writing—the rest is hazard identification, evaluation, control, and review.
In the U.S., OSHA rules apply to employers and the self-employed; in the UK, the Health and Safety at Work etc. Act 1974 does the same. If you’ve got the know-how, time, and tools to spot risks and put controls in place, you don’t need a consultant. But if your workplace has complex machinery, chemicals, or high-risk tasks, grab a template from OSHA or the HSE and consider calling in a certified safety pro. Keep a dated copy of your assessment and any training records handy.
What are the 5 elements to be considered in a risk assessment?
The five key elements are: identify the hazards, decide who might be harmed and how, evaluate the risks and decide on precautions, record your findings and implement controls, and review and update regularly.
The HSE’s “Five steps” still rule in 2026. Begin by listing every hazard you can think of—electrical, mechanical, chemical, environmental, or ergonomic. Next, identify who could be affected: your own staff, contractors, visitors, or even the public. Evaluate each risk with a simple matrix—pair severity (minor scrape vs. life-changing injury) with likelihood (rare to almost certain). Pick controls using the hierarchy: eliminate first, then substitute, isolate, engineer, administrate, and finally PPE. Record everything and keep those records for five years.
What are the 4 elements of a risk assessment?
The four core elements are: planning and scoping, hazard identification, risk evaluation, and risk characterization with control recommendations.
This four-step approach shows up everywhere—EPA, WHO, you name it. Start by defining the scope: which process, product, or site are you analyzing, and who’s involved? Then list the stressors: contaminants, noise, extreme heat. Move on to risk evaluation, estimating dose-response and exposure to calculate risk levels. Finally, characterize the risk and recommend controls—maybe cut emissions, install silencers, or set exposure limits.
What is a risk assessment example of a risk?
A typical risk example is a power failure during a night shift that could injure night-shift workers operating machinery without backup lighting or emergency stop controls.
Other everyday examples include cyberattacks on customer databases, chemical spills in a factory, or extreme weather shutting down an outdoor job site. For each one, document the hazard (“power outage”), who could be harmed (night-shift operators), the potential harm (cuts, crush injuries), and the controls you’ll add (uninterruptible power supply, emergency lighting, training).
What is a risk assessment template?
A risk assessment template is a reusable form that guides you through identifying hazards, rating risks, choosing controls, assigning owners, and setting review dates.
Most templates have columns for hazard description, affected persons, severity and likelihood scores, existing controls, additional controls, responsible person, target date, and review date. Grab free ones from OSHA (OSHA), the HSE (HSE), or industry groups. Tweak the template to fit your workplace—office, factory, lab, or construction site.
How do you start a risk assessment?
Start by walking through your workplace with a checklist or template, noting every hazard you see and asking staff where things usually go wrong.
Call a quick team huddle—operators often catch risks managers miss. Use a simple hazard-spotting sheet with spots for location, hazard type, who’s at risk, and a first control idea. Rank the hazards by urgency and tackle the worst first. Write it down on the spot or within 24 hours before the details slip away. Keep your first pass simple; you can always refine it later with more data or expert help.
How do you evaluate risk?
Evaluate risk by combining severity and likelihood into a simple matrix—high severity/high likelihood risks need immediate action, while low/low risks can be monitored.
You can use a quick 1-to-5 scale or, if you’ve got the data, crunch the numbers to estimate lost time or cost. OSHA’s Risk Assessment Matrix (OSHA) is a solid tool for prioritizing next steps. Write down your ratings so you can explain your choices during an inspection. Revisit the evaluation whenever processes, staff, or rules change.
What are the methods of risk assessment?
The main methods are qualitative (using severity and likelihood ratings), semi-quantitative (scoring systems), and quantitative (using numerical exposure data and dose-response models).
Qualitative methods are fast and work for most workplaces. Semi-quantitative scoring gives you more precision without heavy math. Quantitative methods rely on hard data—exposure measurements, injury rates, financial losses—which you’ll see in finance, insurance, and environmental health. Pick the method that matches your resources and how much risk you’re willing to tolerate.
Who carries out a risk assessment?
The employer or self-employed person is responsible for carrying out the risk assessment, but they can appoint a competent person to do it for them.
OSHA says U.S. employers must provide a workplace free of recognized hazards; the UK’s Health and Safety at Work etc. Act 1974 says the same. If you’re not confident in your own skills, hire a certified safety pro or ask a professional association for a referral. Just make sure whoever you pick has the right experience and training for your industry.
What are the key stages of a risk assessment?
The key stages mirror the five-step model: hazard identification, harm evaluation, risk control, recording findings, and periodic review.
Each stage feeds into the next. Once you list the hazards, you figure out who could be harmed and how bad it could get. Then you choose controls using the hierarchy—eliminate, substitute, isolate, engineer, administrate, then PPE. Record your findings clearly and roll out the controls quickly. Schedule a formal review at least once a year—or sooner if new gear, processes, or regulations arrive.
What is the main objective of risk assessment?
The main objective is to evaluate hazards and then either remove them or reduce their risk to the lowest reasonably practicable level so people remain safe and healthy.
In practice, that means using controls that bring risk down to “as low as reasonably practicable” (ALARP). Swap out a noisy machine for a quieter one or add a guard to a conveyor belt. The goal isn’t zero risk—it’s risk that’s managed and acceptable under the circumstances.
What are the basic principles of risk assessment?
The basic principles are: avoid risk where possible; assess unavoidable risks; reduce risks to ALARP; and reduce risks at source first.
Start by eliminating hazards entirely—move a cable to remove a trip hazard. If you can’t get rid of it, assess the risk and add controls. Favor engineering fixes over PPE: install a machine guard instead of just handing out gloves. Write down your reasoning so you can defend it during audits or inspections.
What are the three types of risk assessments?
The three main types are baseline (covering all activities in a workplace), issue-based (focusing on a specific project or hazard), and continuous (ongoing monitoring of high-risk processes).
Baseline assessments give you a broad picture and repeat every few years. Issue-based assessments zoom in on specific problems—a new chemical, a machine change, or a pandemic plan. Continuous assessments live in daily routines, like pre-use equipment checks or safety audits. By 2026, many teams run all three together, using software dashboards to track risk scores and trigger automatic reviews when thresholds are crossed.
