Risk assessment is one of the most important foundations of occupational health and safety management. It is the primary tool used to identify hazards, evaluate risks, and determine appropriate control measures before work begins. Regardless of industry or job role, effective risk assessment plays a critical role in preventing accidents, occupational ill health, and unsafe working conditions.
However, in many workplaces, risk assessment is misunderstood and treated as a paperwork requirement rather than a practical safety process. To use it effectively, health and safety professionals must clearly understand what risk assessment is, why it is required, and how it should be performed systematically.
What Is Risk Assessment?
Risk assessment is a structured and systematic process of identifying hazards, evaluating the level of risk associated with those hazards, and deciding on suitable control measures to eliminate or reduce the risk.
In simple terms:
- A hazard is anything that has the potential to cause harm.
- Risk is the combination of the likelihood of that harm occurring and the severity of its consequences.
Risk assessment aims to answer three fundamental questions:
- What could go wrong?
- How serious could the consequences be?
- What can be done to prevent or control the risk?
The objective of risk assessment is not to eliminate all risks completely, as this is rarely possible, but to ensure that risks are reduced to a level that is as low as reasonably practicable (ALARP).
Why Is Risk Assessment Important?
Risk assessment is essential for several reasons. It helps organisations identify hazards before accidents occur, supports compliance with legal and regulatory requirements, and provides a structured approach to selecting control measures. It also improves communication by clearly informing workers about workplace hazards and required precautions.
A well-prepared risk assessment serves as a planning tool, a training aid, and a reference document for supervision and audits. When done correctly, it becomes an active part of daily work rather than a document created only for compliance purposes.
Key Components of a Risk Assessment
A typical risk assessment includes the following elements:
- Description of the activity or task
- Identification of hazards
- Identification of persons who may be harmed
- Evaluation of risk using likelihood and severity
- Existing control measures
- Additional control measures required
- Residual risk rating
- Responsibility and review details
Each component contributes to ensuring the assessment is complete, logical, and practical.
How Is Risk Assessment Performed?
Risk assessment should always follow a structured and logical process. Although formats may differ between organisations, the fundamental steps remain the same.
Step 1: Clearly Define the Activity
The first step in risk assessment is clearly defining the activity to be assessed. General descriptions such as “maintenance work” or “electrical work” are insufficient and often lead to generic risk assessments.
The activity should be broken down into specific tasks. For example:
- Cable pulling in ceiling void
- Live electrical testing
- Installation of gypsum partitions
- Manual handling of materials
A clearly defined activity allows accurate identification of hazards and selection of relevant control measures. Without this clarity, the risk assessment becomes ineffective.
Step 2: Identify the Hazards
Once the activity is clearly defined, all hazards associated with the task must be identified. Hazard identification should consider all aspects of the work, including the work environment, equipment used, materials involved, and human behaviour.
Hazards may include:
- Physical hazards such as falls, sharp edges, or moving machinery
- Chemical hazards such as dust, fumes, or solvents
- Ergonomic hazards such as manual handling and awkward postures
- Environmental hazards such as heat, noise, or poor lighting
- Human factors such as fatigue, stress, or time pressure
Hazards should be identified through site observation, consultation with workers, review of previous incidents, and examination of work methods.
Step 3: Identify Who May Be Harmed and How
Risk assessment must consider who may be affected by the identified hazards. This includes:
- Workers performing the task
- Other workers in the vicinity
- Supervisors and engineers
- Visitors and members of the public
- Vulnerable persons such as new workers or trainees
It is equally important to describe how these people could be harmed, such as falls from height, electric shock, exposure to dust, or musculoskeletal injuries.
Step 4: Evaluate the Risk Using a 5 × 5 Risk Matrix
After identifying hazards and affected persons, the next step is to evaluate the level of risk. This is commonly done using a 5 × 5 risk assessment matrix, which assesses risk based on two factors: likelihood and severity.
Likelihood Scale (1–5)
Likelihood refers to how probable it is that an incident will occur:
- Unlikely – Could occur but not expected
- Rare – Highly unlikely to occur
- Possible – Might occur at some time
- Likely – Will occur in many circumstances
- Almost Certain – Expected to occur frequently
Severity Scale (1–5)
Severity refers to the potential consequences of the hazard:
- Insignificant – No injury or negligible impact
- Minor – First aid injury
- Moderate – Medical treatment or lost time injury
- Major – Serious injury or permanent disability
- Catastrophic – Fatality or multiple fatalities
Risk Rating
The risk rating is calculated by multiplying likelihood and severity:
Risk = Likelihood × Severity
For example:
Likelihood 4 × Severity 5 = Risk Rating 20 (High Risk)
The risk matrix helps categorise risks as low, medium, high, or extreme, allowing organisations to prioritise actions. High and extreme risks require immediate control measures, while lower risks may be managed through routine controls.
Step 5: Identify Existing Control Measures
Before introducing new controls, existing control measures must be identified. These may include:
- Engineering controls already in place
- Safe work procedures
- Training and competence requirements
- Supervision arrangements
- Permit-to-work systems
- Personal protective equipment
Understanding existing controls helps determine whether the current risk level is acceptable or further action is required.
Step 6: Select Additional Control Measures Using the Hierarchy of Controls
If the risk level remains unacceptable, additional control measures must be implemented. Control selection should follow the hierarchy of controls, prioritising more effective measures over less effective ones:
- Elimination
- Substitution
- Engineering controls
- Administrative controls
- Personal protective equipment
Controls should be specific, practical, and suitable for the work environment. Vague statements such as “be careful” or “follow safety rules” do not effectively control risk.
Step 7: Record and Communicate the Risk Assessment
Once completed, the risk assessment must be documented and communicated to all relevant persons. Workers must understand:
- The hazards involved
- The risks associated with their tasks
- The control measures they are required to follow
A risk assessment that is not communicated or understood is ineffective, regardless of how well it is written.
Step 8: Review and Update the Risk Assessment
Risk assessment is a dynamic process and must be reviewed regularly. Reviews are required when:
- Work methods change
- New equipment or materials are introduced
- An incident or near miss occurs
- Periodic review dates are reached
Regular review ensures that the risk assessment remains relevant and effective.
Conclusion
Risk assessment is the foundation of effective health and safety management. When performed correctly, it provides a structured and logical approach to identifying hazards, evaluating risks using tools such as the 5 × 5 risk matrix, and implementing appropriate control measures.
For health and safety professionals, understanding both the principles and practical application of risk assessment is essential. A well-executed risk assessment goes beyond compliance—it actively protects people and supports a strong safety culture.
