How to Perform a Health and Safety Risk Assessment

How much is your team exposed to risk on the job? Not only does a safety risk assessment identify potential issues affecting the staff, but this assessment is important to help you see how safety risks impact your business. 

The goal of this systematic procedure is to identify anything that might result in danger to any people involved, including employees, contractors, visitors, customers, or the general public. Risk could also result in an otherwise undesirable outcome, with examples including bodily harm, legal or regulatory liability, or loss of property or productivity. 

What is Risk Assessment? 

Risk assessment is an important part of your occupational health and safety (OSH) management plan. When you implement a proper assessment, you uncover hazards and risks, identify the people who might be at risk, and discover where control measures are needed to prevent illness and injury. 

While many industries need to meet regulatory requirements, the overall purpose of risk assessment is also to focus on providing your workers with a safe, healthy environment. Improving safety for your team also reduces the potential liability issues faced by your company.

This process includes a thorough inspection of the work environment, equipment, and systems to determine potential hazards and implement safety systems to prevent injury. Since each workplace is unique, your safety team should always customize the safety risk assessment based on unique conditions on-site. 

When should you complete a risk assessment?

The timing of a risk assessment often coincides with changes or processes that are happening in the workplace:

  • Prior to the implementation of new activities or processes
  • Before current activities or processes are changed 
  • When hazards are identified in the workplace
  • When required by federal or state legal regulations
  • Regularly scheduled timelines for risk assessments

The most effective solution to be proactive in managing hazards is to have a consistent schedule for risk assessment. For example, you might choose a specific time each year for risk assessment, with additional assessments added on an as-needed basis (depending on the criteria listed above). 

Framing the scope of a safety risk assessment

For a safety risk assessment to be effective, you need to be deliberate in creating a thorough scope for the assessment. Is there a specific point of risk that you are assessing? Or, is the goal to complete a general assessment for the workplace? Identifying the goal of this assessment is a necessary step to ensure that you stay on track with the design and implementation.

The type of risk assessment in your workplace needs to be relevant and proportionate to the activities. Common categories of risk assessment include:

  • Generic risk assessments: An overall evaluation to look at any factors that might be affecting safety in the workplace – focusing on common hazards relating to any task or activity performed. 
  • Substance risk assessments: Used in workplaces where hazardous substances are present. This assessment is required for determining the risk associated with substances that are used, stored, or manufactured on-site.
  • Digital and equipment risk assessments: Designed to measure the risk to employees and the company from using digital tools such as laptops, computers, screens, tablets, and smartphones. 
  • Manual handling risk assessments: When employees need to carry, lift, or move loads, then this assessment determines potential injury or health risks from the activities. 
  • Fire risk assessments: An evaluation of fire exposure sources to ensure that the workplace has sufficient fire prevention and mitigation systems in place.

As you are preparing the scope of this assessment, make sure you have access to the specific resources needed: information sources, industry regulations, and a team of trained individuals to complete the assessment. Often, the people involved are those impacted by the outcome of the assessment: managers, supervisors, representatives, risk auditors, and more. Using parties, who do not have a stake in the assessment findings, lead the assessment can help ensure that it is objective and accurate. 

During this process, you need to develop criteria for identifying and defining varying levels and types of risk:

  • Risk levels: How are you comparing and measuring risks to prioritize the most important things to address in the workplace?
  • Probability: Is it likely that this risk could cause harm to the business, people, or property? Consider the possibility and frequency of potential risks.
  • Consequences: If something happens, what will be consequences on health and safety? Also, look at the potential consequences of business interruption, the environment, company reputation, and legal requirements.
  • Acceptable risk: All risk is eliminated in an ideal world. But your business is functioning in the real world, which means there will likely be a level of remaining risk that needs to be acknowledged. Based on company objectives and culture, what are you willing to accept?
  • Combined risks: While you should use this risk assessment to identify single risks, it’s also necessary to see the potential hazards due to a combination of risks. Multiple risks can combine, resulting in a situation of increased consequence. 

As you are evaluating risk identification, look at the type of business, activities, and equipment used. Risk identification might include (but is not limited to) these questions and categories:

Are the activities hazardous? 

A risk assessment will be different in an industrial workplace compared to the potential risk in an office setting. If hazardous activities happen regularly, then you need to be proactive in identifying those specific hazards. Hazardous activities can include issues such as:

  • Physical hazards: Anything in the workplace that could cause physical harm to personnel, customers, or other people. Physical issues are the most common hazards to address in the workplace and might include trips and falls, slips, noise, or vibration.
  • Ergonomic hazards: How is the musculoskeletal system affected by work activities? Repetitive movement is one of the most common causes of ergonomic hazards. These repetitive motions are common in office settings, factory environments, and any workplace that requires manual handling. You can evaluate the body position of personnel to determine the long-term consequences.  
  • Biological hazards: The spread of disease can pose a threat to the health and safety of personnel. Do you have a good sanitation and health program in place to avoid exposure to bacteria and viruses?
  • Chemical hazards: Substances in or near the workplace could potentially cause harm to employees. These chemical substances need to be identified and managed.

You should use a few different methods for identifying the hazards. While observation is an important piece of this process, also talk to other people about their safety concerns. Combining experience and knowledge with observation skills can be effective in identifying and removing these potential risks. 

Look at history and records

Historical workplace information can shed light on common, repetitive risk issues. Documentation needs to be kept about accidents and incidents, and this information can provide valuable insights to identify weak points in the system. While the reports can be helpful, it is also beneficial to talk to the people involved in the incident.

In addition to studying the recorded incidents, look at near-miss records to find potential ways to prevent near-misses from turning into accidents.  Accidents and incidents should not happen in general, which is why every report should have a goal of preventing these incidents from happening again in the future. If it is found that this is not happening, then it would be a relevant aspect that needs to be included in the risk assessment.

A study done by ConocoPhillips Marine found that for every fatality in the workplace, at least 300,000 at-risk behaviors occurred. These behaviors encompass all activities that fall outside of safety program guidelines, such as eliminating a safety step to speed up completion or bypassing safety components built into a machine. An effective risk assessment should address these at-risk behaviors since they set the foundation for more serious hazards and injuries. Implementing controls that reduce at-risk behaviors, in turn, reduces the frequency of severe injury or life-threatening circumstances. 

When looking at accident and incident reports, are you designing and implementing corrective actions? Not only do these corrective actions need to be an integral part of the report, but you also need a system to evaluate the effectiveness of the actions – so changes can be implemented if needed. The goal is to not only identify potential problems but also get to the root cause so effective corrective action can be taken. 

Is the work more intellectual or practical? 

When your workforce primarily engages in intellectual or virtual activities, it means there is a lower risk of physical harm. But the risk of legal liability is still present, so you should adjust the focus of a risk assessment to match. 

For example, engineering design involves a lot of work on the computer. Even though the engineers usually aren’t facing serious injury on the job, there is a potential risk for legal liability based on the engineer’s intellectual competence. In comparison, a tradesman installation could result in the crew facing hazardous risks on site, so the safety risk assessment is focused on direct exposure that might harm people or property. 

Some companies offer both of these types of services, which means that different risk assessments need to be used for various in-house departments. 

Labor vs. automation

Labor-intensive work leans heavily on the activities of employees, which inherently increases the risk of potential injury. On the other hand, equipment driven processes (automation) minimize the interaction of employees with the equipment. 

While industrial production has transformed in recent years to shift production from human workers to machines, the assumption is that increased automation is beneficial for both safety and productivity. But it’s been found that relying on automation can change human behavior. 

The Occupational Safety and Health Administration (OSHA) provided Guidelines for Robotics Safety. This report communicated a clear message: risk is always present with automation. Safety factors that should be evaluated include the lagging safety standards that don’t keep up with technological advances and the complacency when workers are monitoring these automated systems. 

Complexity of work

How much complexity is required to complete ongoing work tasks? This inherent complexity can increase potential risk. Uncertainty is a challenge and a reality in complex projects, and this uncertainty often brings risk. 

Not only do you need to look at daily activities, but also consider how all component parts are affected. Complexity arises in the many factors that could impact a successful outcome: everything from market timing, technical feasibility, employee performance, management communication, and more. Keep in mind that communication issues could add to the risk level of a complex project, which is why communication needs to be part of the assessment.

When complex situations are present, the most effective way to implement a safety risk assessment program is to have a team of personnel who are familiar and knowledgeable about the industry. 

Age of equipment and preventative maintenance programs

It’s no surprise that aging equipment can increase potential risks. Equipment malfunctions or breakdowns interrupts productivity and can result in potential danger to the safety of workers. Risk assessment is important for all equipment, but more essential in a workplace using older equipment.

This assessment needs to evaluate reliability concerns, as well as ongoing practices for maintenance and repair. The maintenance schedule should always include regular inspection and evaluations to check equipment systems, such as electrical performance. 

Read through the literature from the manufacturers, as well as other industry-specific information from reputable sources. This health and safety information can show the best practices for managing risk when using the equipment. 

Specific federal, state, and local regulations for business activities

Also look at specific regulations relating to your industry, based on the business activities performed. Federal, state, and local governance can vary. So, it’s important to stay current with the most recent recommendations. 

For example, the Occupational Safety and Health Administration (OSHA) oversees workplace safety in the United States. OSHA regulations vary depending on whether your business is in construction or general industry. The Department of Transportation (DOT) has safety assessment regulations that change depending on the route of travel (air, road, or water). The Environmental Protection Agency (EPA) implements regulations to govern activities that impact the environment. 

Specific environmental concerns for safety risk assessments

The actual work environment is another important consideration for a safety risk assessment. Here is a list of common factors that you should evaluate to determine potential risk in a work environment:

  • Does this business deal with hazardous or non-hazardous materials? It is possible that your company uses both types of materials, resulting in different risk assessments within the workplace.
  • Is work conducted indoors or outdoors? Health concerns and risks change depending on the location. Workers are exposed to different conditions outdoors and indoors. 
  • Are there varying locations and situations that could increase risk? Sometimes, employees work in different locations and conditions. Make sure the risk assessment accounts for personal safety when employees travel to various locations, such as in-home care in the medical industry or varying commercial conditions for industrial repairs and maintenance.
  • How does the time of day affect risk? You need to consider the time of day when activities are usually performed. For example, there are many situations when the risk is higher at night than during the day, due to the alertness of personnel or the risk of violence from customers or intruders.
  • What is the level of direct exposure of personnel to the point of operation of equipment? Even if your business uses automation for much of the workload, employees are still necessary for equipment management and more. The risk assessment needs to look at the interactions between personnel and equipment to identify possible injury. 
  • What are the other exposure stressors that personnel may be exposed to? Other exposures will depend on the environment and business activities. Common exposure stressors might include noise, intense light, dust, temperature extremes, or hazardous atmospheres. 
  • What is the duration and frequency of the task? Look at how often personnel needs to perform the task, as well as the amount of time required for successful completion. 
  • What are the types of equipment being worked on or with? The risk assessment should look at the specific functions of the equipment to determine the level of risk in the workplace.
  • Are the activities hazardous? As mentioned above, an engineering designer faces different risks than the risks faced by personnel in tradesman type professions. Risk assessment of the legal liability of the engineer, as well as the safety of any designs and equipment they certify for use, can be just as important as risk assessment of the tradesman’s direct exposure which could harm people or property. 
  • What are the possible interactions with other people? When the activities are in motion, is there a risk of interactions with others – such as visitors or office support staff? 

You must consider normal operational situations and also consider how unusual events could impact risk. For example, shutdowns, maintenance, emergencies, or extreme weather could increase the hazardous conditions. Part of a good risk analysis program is creating back-up plans to use when the risks are increased due to non-standard events.

When evaluating potential risks, it can be helpful to have a team that consists of a variety of people. For example, team members can include those who are familiar with the work area, as well as people who aren’t familiar with the environment. This team gives you the perspective of experienced workers as well as others with a fresh perspective. 

Risk analysis, evaluation, and communication

A safety risk assessment is only effective if you analyze the information correctly, then communicate with appropriate team members to implement the changes that you need to make. As you are designing your risk assessment program, you should always build in a plan for implementation. It comes down to three steps: analysis, evaluation, and communication. 

Risk Analysis

Not only do you need to gather information through the assessment, but these details need to be analyzed to identify actionable safety steps. A good risk analysis works to eliminate, where possible, the highest severity and frequency of risks. These potential risks are the issues that could damage the business, its resources, people, and the environment.

Through the risk analysis process, prioritize the highest risks first. As solutions are implemented, then you can work your way down the remainder of the list to address lower risk concerns. This ranking and prioritizing offer a systematic approach to determine the risks that are most serious. Then you can implement risk controls strategically as you are designing the action list. 

Keep in mind that there isn’t a one-size-fits-all solution for determining the level of risk and priorities for your business. Through the risk assessment process, you need to identify the technique that works best for your unique situation. This process can create best-practice guidelines to use on future risk assessments. 

Risk Matrix Template

Risk analysis is where you can use a risk matrix to break down the categories of frequency and severity. This matrix creates a tool that highlights the visibility of risks, giving management information to use in decision making.

Most risk matrices are laid out in a 3×3, 4×4, or 5×5 grid, with the probability or likelihood listed on the side (x-axis) and the severity or consequences listed at the top (y-axis). You can view example layouts for a risk matrix and edit the free risk assessment matrix according to your needs. 

For example, the likelihood ratings can include a range:

  • Almost Certain
  • Likely
  • Possible
  • Unlikely
  • Rare

Then, the severity ratings might use this rating range:

  • Insignificant 
  • Minor
  • Moderate
  • Major
  • Catastrophic

When the information is viewed in the grid format, it can show the results using a green light system – green, yellow, orange, and red based on the level of risk. Severity ratings that fall into the high-risk categories include serious hazards, such as head injuries, fatalities, major fractures, poisoning, or significant loss of blood. The medium-risk category might encompass less-serious injuries, such as a localized burn, strain, sprain, asthma, or any other injuries that result in a need to take days off from work. Finally, the low-risk category can encompass anything that can be treated using basic first aid, such as minor pain, dizziness, or irritation.

A risk assessment tool can be used to simplify the application of a risk matrix. For example, consider using an online form or mobile app, such as Safesite.  Another option is to hire a third-party risk assessment provider. 

Risk Evaluation

Risk evaluation is where safety professionals’ certifications and experience contribute to an accurate assessment and development of subsequent controls. These controls are always customized based on your specific work activities and levels of risk. Generally, your safety team will examine the following:

  1. Elimination or substitution of the risk causing materials, equipment, or job task where possible. Is it necessary for the job to continue in the same systems? Look at the processes to identify areas of opportunity where hazardous steps can be removed or changed to reduce risk. Another possibility is to substitute hazardous chemicals with low-risk, non-hazardous chemicals when possible.
  2. Design of engineering controls. When you can’t remove hazards from the workplace, then look for options to isolate the hazardous process, substance, or item. Minimizing the contact between the hazard and personnel reduces the likelihood of injury. For example, design equipment and machines using built-in controls that minimize dangerous personnel interactions. Examples include machine guards, guard rails, mechanical ventilation, safety barriers, and sound-absorbing panels. 
  3. Implementation of administrative controls. Administration can implement procedures or systems that keep personnel working at optimal levels. Signage can be placed to warn individuals of potential hazards. Additionally, job rotation is another strategy that can reduce potential injury. Housekeeping, ergonomics, and hygiene all fall within the category of administrative controls. 
  4. Personal Protective Equipment (PPE). When personnel come in contact with potentially dangerous substances, then PPE is essential. If the above steps aren’t feasible to eliminate potential hazards, then various types of PPE can be used to protect staff members: gloves, personal fall arrest systems, safety glasses, and hard hats help offer protection when the above is not enough or not feasible for the specific type of work. 

When you identify the controls for the tasks, you might still have remaining risk – known as residual risk. You need to evaluate this remaining risk to ensure that it is maintained at an acceptable level.

Also, keep in mind that the above risk controls should be prioritized in the order listed. In many situations, elimination or substitution is most often the most effective means of dealing with a risk — so those options should always be addressed first. On the other hand, PPE is typically the least effective, which is why it falls at the bottom of the list. 

Risk assessment templates and risk inspections are commonly used when identifying risk and developing solutions for each item. 

Risk communication

Now that you’ve identified potential risks, evaluated the risks, and selected controls, the next step is to communicate this information to your team. Even though communication might seem like a simple step, thought must be given regarding how these various controls will be implemented to manage ongoing risk. 

Not only do you need to have good systems in place for communicating the risks, but employees need to know how to use these controls for safety in their work areas. When the risks are communicated and employees have the right tools to minimize risk, it reduces the chances of accidents and injury. Another important element of communication is proper training for employees in order to manage liability. 

Ultimately, senior management carries the responsibility of communicating this information and implementing the identified controls. Usually, they will delegate these tasks and responsibilities to the applicable frontline management and middle management – who carries the ongoing responsibilities of ensuring that the plan is in place and implemented correctly.

This risk communication should share detailed information about the plan of attack, as well as a specific timeline of execution. Risk management should be a high priority in every workplace, which is why you shouldn’t leave the managers to decide if or when they will implement the changes.

Getting your risk plan off the ground

Just because the risk assessment is complete doesn’t mean that your company is successful in controlling the risk. Your company needs to address several important points as you are getting this program off the ground:

  • Design a plan: Failure to plan means that risks on the job will continue to pose a threat to your company, people, and property. This plan needs to be detailed and easy to implement, with clear communication flowing down to those responsible for implementation. 
  • Allocate needed resources: What resources are required to ensure the risk controls are in place? Resources might include time, money, tools, or supplies that provide safety to everyone involved.
  • Accountability for implementation: Finally, how will you hold managers and employees accountable for following the designated plan? Good intentions won’t keep the program going. You need to be clear in your expectations and communicate the follow-up accountability check-ins to evaluate the team’s progress. 
  • Monitoring and adjustments: Ongoing monitoring is needed to determine whether you successfully eliminated the hazard. If the risk can’t be removed, then this monitoring ensures that the risk is controlled appropriately. Implement a consistent schedule for follow-ups so that nothing is overlooked in the future.

Employee education and training play a critical role in the success of a risk management program. This training should be an integral part when onboarding new employees. Additionally, regular training for current staff ensures that the information is fresh and up-to-date for everyone involved. 

Documentation for risk assessment and management

One important aspect of risk communication is having documentation for the guidelines and controls. Managers and employees need to know where they can look for additional information. Documentation varies depending on the unique needs of your business but might include the processes and assessments used to identify the risk, evaluations and assessments, and conclusions determined through the risk assessment.

Then, it is helpful to have a system for ongoing documentation. For example, accountability and monitoring plans should be recorded. The level of documentation needed depends on the risk involved, management system requirements, or legislated requirements.

These records should document applicable information, such as the completion of the risk assessment, identified hazards, implemented control measures, and monitoring systems for those hazards. 

Risk management is a core value of the company

Changing operational and production priorities can often result in risk management falling to the backburner. When your team focuses on productivity and immediate deadlines, it is common for people to relax safety practices. It is important to place risk management as a core value of the company, ensuring that it maintains a high priority as things change in the work environment.

Identifying risk management as a core value of the company helps frontline management and supervisors see that these tasks must be included in regular work duties. Too often, management thinks that they don’t have extra time to implement certain aspects of the risk management plan. When the risks come to pass in the future, the team finds that they need to deal with the immediate issues while also managing ongoing operations. The result is that fewer resources are available to deal with the risk event, which cascades into the productivity of daily tasks. 

Thinking ahead is the first step to being proactive with risk management. A little bit of effort right now will go a long way to ensuring ongoing safety in the workplace.


A safety risk assessment is the foundation for creating a safe, healthy workplace for employees. The first step is to identify potential hazards and risks, then you can design and implement systems and controls to reduce risk. 

The intentional creation of a safe working environment starts with awareness of all potential hazards that could occur. It is a team effort that requires partnerships of upper management, front line management, employees, risk assessment auditors, vendors, and anyone else involved. 

Putting time and money towards these safety initiatives is a good investment – your business benefits by managing the liability, and your personnel benefits by having a safe work environment. When employees are safe and healthy, it contributes to the bottom line in the form of improved productivity, lower overall costs, and job satisfaction.

Hear the Latest from Safesite
Subscribe to our newsletter to receive the latest updates.

Team Safesite

By Team Safesite

We're a group of safety and tech professionals united in our desire to make every workplace safer. We keep a pulse on the latest regulations, standards, and industry trends in safety and write about them here on our blog.

This article covers:

Copy to clipboard
Hear the Latest from Safesite
Subscribe to our newsletter to receive the latest updates.