Risk assessments are a vital part of health and safety and risk management.
At its most basic, a risk assessment is simply a process that identifies potential risks and allows you to take effective action to mitigate those risks. The Management of Health and Safety at Work Regs state that, at minimum, a legally mandated risk assessment should contain the following:
- Identification of hazards that could cause injury or illness at your business or on your site
- An estimation of how likely the risk is to cause harm (H.M.L)
- The action that should be taken to mitigate these risks
Without risk assessments, it would be difficult or even impossible to identify all the potential hazards lurking in modern workplaces, leaving workers and visitors at risk of injury or worse.
However, while it is crucial that your risk assessment covers all the necessary bases, there is potential for risk assessments to become bloated and too complex. Though it might be well-intentioned, managers and those carrying out risk assessments can often inadvertently make them too comprehensive.
Although this doesn’t sound like a bad thing, it can, in fact, have a negative effect. If risk assessments become bloated, it is possible for them to become a burden, with recommended control measures becoming lost in the noise and putting workers at risk.
A good risk assessment is a balancing act. You need to ensure that the important bases are covered, and the most relevant risks are mitigated, without the risk assessment itself becoming a burdensome, complex, and useless process.
What’s in a risk assessment?
The Health and Safety Executive have plenty of risk assessment templates available on their website.
The standard template for a basic risk assessment is as follows:
- Identify the risks
- Who might be harmed and how
- What you’re already doing to control risks
- What further action is needed to control the risks
- Who needs to perform these actions
- When action is needed by
Although risk assessments are a legal requirement, legislation states that they should be carried out as far as they are ‘reasonably practicable. Although there is some leeway in what each individual feels is ‘reasonable’, this can generally be taken to mean standard due diligence.
Remember, health and safety legislation is designed to keep people safe, not prevent work from being carried out, despite what some might say. As long as your risk assessment shows a reasonable attempt to identify and control relevant hazards, you have done your job and can carry on. No one is expecting you to spend hours identifying every potential tiny, trivial danger.
According to the BBC, you have a one-in-a-million chance of being struck and killed by an asteroid. Obviously, you would not need to account for this in your risk assessment unless you were heading into outer space.
However, if work is being undertaken beneath a cliff-face or somewhere else where falling rocks are a reasonably likely risk to life and limb, then this should be identified and controlled.
Let’s break down the fundamental parts of a risk assessment and discuss how you can carry out risk assessments that are useful and effective without being excessive.
Identify the risks
Hazards are situational and will vary from site to site. However, generally, hazards will fall into one of the following categories:
- Physical, such as machinery, falls, and potential slips and trips
- Ergonomic, such as repetitive work or manual handling
- Chemical, such as asbestos or other potentially toxic substances
- Biological, such as mould growth or legionella
Not all hazards will fit into these categories. Nonetheless, you can generally identify most hazards by using this general guide.
You can identify hazards in various ways, from standard inspections and observations to reading manufacturers’ instructions/datasheets, consulting with employees, and referring to previous near-miss or incident reports.
It’s unreasonable to expect assessors to identify and control every single potential risk. The most important thing is that reasonable effort is put into identifying the likely, predictable, and preventable risks.
Who might be harmed and how
Sites and offices are busy places, with plenty of employees and visitors coming and going.
Legislation requires all risks to employees and non-employees to be considered, and this includes members of the public who might enter the work area. You can get a general idea of who might be affected from employee data, sign-in sheets, and other records. You do not need to list everyone by name, of course, but again simply need to show that due care and attention has been paid.
Evaluate the risk, implement actions
You can evaluate risks using a simple equation: likelihood x severity = risk.
Essentially, the probability of the risk x the likely severity of any potential injury gives you the general level of danger posed by that risk. For example, although falls from height can cause severe injury, it’s not particularly likely if the work is taking place on the ground.
Therefore the likelihood (and subsequent danger) of the risk is relatively low. The severity and likelihood of risks will be affected by relevant factors, such as the number of people likely to be affected, concentration of toxic substances, duration/regularity of exposure, and more.
There are plenty of scoring schemes available to evaluate risk. Still, as it’s generally impossible to evaluate these risks entirely accurately, for most standard risks, these number schemes are of little benefit. The informed opinion of a skilled assessor using High, Medium or low is usually more than enough to prioritise risks and actions to the required level.
Once the risks have been evaluated, you then need to identify what measures are already in place and what else – if anything – should be done. This is easily done by following the hierarchy of control. In a nutshell, the hierarchy says that risks should first be eliminated and avoided where possible, then controlled, with the right equipment, training, and use of competent staff.
Don’t overthink solutions. If the risk can be avoided, recommend that it is avoided. If not, suggest the best equipment and training requirements for the job. Make it clear what needs to be done.
Recording and reviewing findings
There’s no legally prescribed way to record risk assessments. However, there are standard templates to follow – such as the ones on the HSE site – and these are generally very similar: a list of risks and their location, the severity, and what needs to be done.
Risk assessments should be reviewed regularly, particularly following events that may have seriously impacted existing controls (such as falls, crashes, and the like), as new measures might be required.
Keep It Simple, Stupid
Remember, risk assessments are meant to communicate information to those who need it clearly. This is why risk assessments mustn’t be overcomplicated and needlessly complex.
Though the need to list every potential danger and a myriad of solutions is understandable, you’re often better just keeping things simple. Identify and evaluate relevant risks, then decide on a solution.
The K.I.S.S. principle, first coined by the U.S. military, applies to risk management too. The principle (‘keep it simple, stupid’) states that most systems work best when kept simple. It applies to B2 bombers and site risk assessments too.
Unnecessary complexity should be avoided wherever possible, so those who need the information presented in your risk assessments can get it quickly and easily when needed.
Risk assessments should be a useful, beneficial process to improve safety, not exercises in paperwork or long lists of trivial observations.
Now is a great time to review your risk assessment procedures. One of the best ways to do that is to have an experienced third party take a look at your processes and recommend ways to improve risk evaluation to ensure they’re effective. This will save plenty of time and maximise the safety of workers and help prevent accidents.
At Veritas Consulting, we’ve got over two decades of experience in health and safety and risk management. We’ve worked closely with clients of all sizes to optimise their risk assessment procedures. Can we help you? Call us on 0800 1488 677, or use the contact form above.