How to Write a Risk Assessment: UK Step-by-Step Guide
Risk assessments are the foundation of workplace health and safety in the UK. If you employ five or more people, you are legally required to record your risk assessments in writing. But even if you employ fewer, you still need to carry out assessments — you just do not have to write them down (though doing so is strongly recommended).
Despite being a fundamental legal requirement, many UK businesses still struggle with risk assessments. Some treat them as a tick-box exercise. Others write them once and file them away, never to be reviewed. And some avoid them entirely, unaware of the potential consequences.
This guide walks you through the HSE’s recommended 5-step process and provides practical advice for writing assessments that genuinely protect your people and your business.
What Is a Risk Assessment?
A risk assessment is a systematic process of identifying hazards in your workplace, evaluating the risks they present, and determining what control measures are needed to eliminate or reduce those risks to an acceptable level.
It is not a bureaucratic exercise. It is a practical tool for preventing harm.
The legal basis comes from the Management of Health and Safety at Work Regulations 1999, which require every employer to make a “suitable and sufficient” assessment of the risks to the health and safety of their employees and anyone else affected by their work.
The HSE’s 5-Step Process
The Health and Safety Executive recommends a straightforward 5-step approach.
Step 1: Identify the Hazards
A hazard is anything that has the potential to cause harm. To identify hazards in your workplace:
Walk around your workplace — Look at what could reasonably be expected to cause harm. Focus on significant hazards that could result in serious injury or illness, not trivial risks.
Ask your employees — The people who do the work every day often have the best insight into what could go wrong. Consult them directly.
Check manufacturers’ instructions — Equipment manuals, safety data sheets and product labels contain important hazard information.
Review accident and ill-health records — Past incidents reveal hazards that have already caused harm. Learn from them.
Think about long-term health hazards — Not all hazards cause immediate injury. Noise exposure, vibration, repetitive movements and chemical exposure can cause harm over months or years.
Common workplace hazards include:
- Slips, trips and falls — wet floors, trailing cables, uneven surfaces, poor lighting
- Manual handling — lifting, carrying, pushing, pulling heavy or awkward loads
- Working at height — ladders, scaffolding, rooftops, mezzanine floors
- Machinery and equipment — moving parts, sharp edges, hot surfaces
- Hazardous substances — chemicals, dusts, fumes, biological agents
- Electricity — faulty wiring, overloaded sockets, damaged equipment
- Fire — ignition sources, flammable materials, blocked escape routes
- Noise — prolonged exposure above 80 dB(A)
- Display screen equipment — workstation setup, posture, eye strain
- Stress and mental health — workload, bullying, lack of support
- Violence and aggression — from customers, patients or members of the public
- Lone working — isolated workers with limited access to help
Step 2: Decide Who Might Be Harmed and How
For each hazard, consider who could be affected:
- Employees — including those with particular vulnerabilities (new workers, young workers, pregnant workers, workers with disabilities)
- Contractors and visitors — people who may be unfamiliar with your workplace hazards
- Members of the public — customers, passers-by, delivery drivers
- Cleaners and maintenance workers — who may be in the workplace at unusual times
Think about how they could be harmed. A wet floor could cause a customer to slip and break a wrist. A noisy machine could cause hearing damage to an operator who works near it every day. Be specific.
Step 3: Evaluate the Risks and Decide on Precautions
For each hazard, evaluate:
- How likely is it that harm will occur?
- How severe would the harm be?
- What are you already doing to control the risk?
- Is what you are doing sufficient, or do you need to do more?
Apply the hierarchy of control:
- Eliminate — Remove the hazard entirely if possible
- Substitute — Replace with something less hazardous
- Engineering controls — Isolate people from the hazard (guards, barriers, ventilation)
- Administrative controls — Change the way people work (procedures, training, signage, job rotation)
- PPE — Personal protective equipment as a last resort
The Risk Matrix
A risk matrix helps you prioritise hazards by combining likelihood and severity:
| Low Severity | Medium Severity | High Severity | |
|---|---|---|---|
| High Likelihood | Medium Risk | High Risk | Very High Risk |
| Medium Likelihood | Low Risk | Medium Risk | High Risk |
| Low Likelihood | Very Low Risk | Low Risk | Medium Risk |
Hazards rated as high or very high risk should be addressed as a priority. Medium risks should be controlled as soon as reasonably practicable. Low and very low risks should be monitored.
Step 4: Record Your Findings and Implement Them
If you employ 5 or more people, you must record:
- The significant hazards you identified
- Who might be harmed and how
- What you are already doing to control the risks
- What further action is needed
- Who is responsible for implementing each action
- When the action will be completed
Your risk assessment does not need to be perfect or excessively long. It needs to be suitable and sufficient — showing that you have thought about the risks, identified the significant ones, and taken reasonable precautions.
Practical tips for recording:
- Use clear, plain language — not jargon
- Be specific about hazards and controls (not “ensure good housekeeping” but “clean spillages immediately using the mop and bucket stored in the kitchen corridor”)
- Assign named individuals to each action, not departments
- Set realistic deadlines and follow up
Step 5: Review Your Assessment and Update if Necessary
Risk assessments are living documents. Review them:
- At least annually as a matter of good practice
- When there has been a significant change (new equipment, new processes, new premises, new workers)
- After an accident, incident or near-miss
- When new information about a hazard becomes available
- If workers or safety representatives raise concerns
Industry-Specific Hazards
While the 5-step process applies universally, the specific hazards you need to assess vary by industry.
Office Environments
Display screen equipment, workstation ergonomics, stress, slips and trips, fire, electrical safety, lone working (especially out-of-hours)
Retail
Manual handling, slips and trips, violence and aggression from customers, lone working, working at height (stockrooms), fire, delivery vehicle movements
Hospitality and Food Service
Burns and scalds, sharp knives, slips on wet or greasy floors, manual handling, COSHH (cleaning chemicals), food safety, fire, working at height (changing light bulbs), stress from long hours. For detailed food safety requirements, see our guide to food safety compliance and HACCP.
Construction
Working at height, falling objects, moving vehicles and plant, excavations, confined spaces, noise, vibration, dust (silica, asbestos), manual handling, electricity, fire
Healthcare and Care
Manual handling (patient moving), sharps injuries, biological hazards, violence and aggression, stress, lone working, COSHH (cleaning and clinical substances), slips and trips
Manufacturing
Machinery hazards, noise, vibration, manual handling, hazardous substances, fire and explosion, working at height, confined spaces
Common Risk Assessment Mistakes
Copy-and-paste assessments: Downloading a generic template from the internet does not meet your legal obligation. Your assessment must be specific to your workplace, your activities and your people.
Being too vague: “Risk of injury from manual handling” is not a useful finding. “Risk of back injury to warehouse operatives from manually lifting boxes weighing up to 25kg from floor level to racking at head height” tells you what needs to be controlled.
Ignoring the assessment: The best risk assessment in the world is worthless if its findings are not implemented. Actions must be completed, controls must be maintained, and the assessment must be communicated to the people it affects.
Assessing once and forgetting: Workplaces change constantly. A risk assessment from two years ago may bear little resemblance to the current reality.
Not consulting employees: Your workers know their jobs better than anyone. Failing to involve them produces poorer assessments and misses significant hazards.
Digital Risk Assessment Management
Managing risk assessments on paper — especially across multiple sites or a growing workforce — quickly becomes chaotic. Assessments get lost, review dates are missed, actions are not followed up, and demonstrating compliance to inspectors becomes stressful.
Digital risk assessment tools allow you to create, assign, track and review assessments from any device. Automated reminders ensure reviews are never missed. Action tracking ensures findings are implemented. And when an inspector asks to see your assessments, everything is available instantly.
Learn more about how Assistant Manager can transform your approach to risk management with our Risk Assessments feature. For related compliance needs, see our Digital Checklists and Accident Reporting features.