Health and safety risk assessment is something most UK businesses know they’re supposed to have, but fewer feel confident they really understand. It’s often reduced to paperwork, templates, or something that gets done once and filed away.
In reality, a risk assessment is about stopping people getting hurt by understanding where things could go wrong and dealing with those risks properly. When it’s done well, it helps work run more safely and more smoothly. When it’s not, problems usually only surface when there’s an incident, a complaint, or an inspection.
Get the full Risk Assessment Toolbox Talk to clarify what UK law requires, how to carry out a proper risk assessment, and where most businesses go wrong. Download it here.
Key Takeaways:
- A health and safety risk assessment is a recorded process used to identify workplace risks and decide how they should be controlled.
- Risk assessments focus on real work activities, environments, and people, not assumptions or generic paperwork.
- Most UK businesses need more than one type of risk assessment to properly manage different risks.
- A general workplace risk assessment often sits alongside more specific assessments, such as fire, COSHH, manual handling, DSE, or task-specific assessments.
- Effective risk assessments clearly identify hazards, who may be harmed, existing controls, further actions, and when the assessment should be reviewed.
- Responsibility for risk assessments sits with the employer, but assessments must be carried out by someone with appropriate knowledge and understanding of the work.
- External health and safety specialists can add value where work is higher risk, spread across sites, or changing regularly.
- UK risk assessment requirements are shaped by key legislation, including the Health and Safety at Work etc. Act 1974 and the Management of Health and Safety at Work Regulations 1999.
What is a health and safety risk assessment?
A health and safety risk assessment is a recorded process used to identify risks at work and decide how they should be controlled. In most cases, it results in a written document that sets out the risks identified and the measures in place to manage them.
The assessment is built by looking at work activities, the environment, and the people involved, then considering what could cause harm and how that harm is being prevented. The written record matters because it captures those decisions clearly and provides something that can be shared, reviewed, and updated over time.
It is not a policy, a checklist, or a training record. Those things may sit alongside a risk assessment, but they do not replace it. A risk assessment exists to explain what the risks are and how they are being managed in practice.
Why health and safety risk assessments matter
Health and safety risk assessments matter because they help people understand and manage risk before harm occurs. In practical terms, they help by:
- Reducing the chance of injury or ill health by identifying risks early and putting sensible controls in place
- Making risks visible, especially those that are part of everyday or familiar work
- Supporting safer decisions by giving a clearer picture of where attention and effort are needed
- Helping work run more smoothly by reducing uncertainty and unexpected problems
Taken together, risk assessments encourage people to think ahead rather than react after something has gone wrong. That makes health and safety easier to manage and easier to build into day-to-day work.
What a health and safety risk assessment should cover
A health and safety risk assessment brings a few key things together in one place so risks can be understood and managed properly. While the detail will vary between workplaces, most assessments cover the same core areas.
| Area covered | What it means in practice |
| Hazards | Anything that could cause harm, such as work activities, equipment, substances, or features of the working environment. |
| Who may be harmed | The people who could be affected by the work, including employees, contractors, visitors, or others, and how they may be harmed. |
| Existing controls | The measures already in place to reduce risk, such as procedures, safeguards, training, or supervision. |
| Further actions | Any additional steps needed where existing controls are not enough to manage risk properly. |
| Review | A point at which the assessment should be checked and updated, especially when work changes or new risks appear. |
Together, these elements help create a clear picture of where risks sit and how they are being managed. This clarity supports safer working and helps health and safety remain practical rather than abstract.
5 steps to conducting a risk assessment
Health and safety risk assessments in the UK are often described using a five-step structure. This is the same broad approach promoted by the Health and Safety Executive and is widely used across different sectors and workplaces.
At a high level, the five steps are:
1.Identify hazards
Look at what could cause harm, including work activities, equipment, substances, and the working environment.
2. Decide who may be harmed
Consider who could be affected by those hazards, such as employees, contractors, visitors, or members of the public, and how they might be harmed.
3. Evaluate risks and controls
Think about how likely harm is to occur and whether existing controls are enough to manage the risk.
4. Record findings
Write down the significant risks identified and the measures in place to control them, so decisions are clear and can be shared.
5. Review and update
Check the assessment when work changes, new risks appear, or something goes wrong, and update it where needed.
These steps provide a simple framework for understanding how risk assessment works. Each step can be explored in more detail depending on the workplace, the level of risk involved, and the type of assessment being carried out.
Different types of health and safety risk assessment
There is no single risk assessment that covers every situation. Different types exist because workplace risks vary depending on the work being done, the environment, and who may be affected. Most businesses use a combination of assessments rather than relying on one general document.
Common types include general workplace risk assessments, fire risk assessments, COSHH assessments for hazardous substances, manual handling assessments, DSE assessments for screen use, and task-specific or site-specific assessments. Each one focuses on a different kind of risk and looks at it in more detail where needed.
Industry-specific risk assessments
While the basic principles of risk assessment are the same across all workplaces, the risks themselves can look very different depending on the industry. This means risk assessments often need to be shaped around how work is actually carried out in each setting.
Construction
Construction work is constantly changing. Tasks, locations, equipment, and people can all vary from one phase of a project to the next. Because of this, risk assessments often need regular review and should reflect current site conditions rather than relying on generic documentation.
Site visits play an important role in construction risk assessment. Seeing how work is actually being carried out on site helps identify risks linked to layout, access, equipment use, and contractor activity that may not be obvious from plans or paperwork alone. This makes assessments more accurate and better aligned with day-to-day site operations.
Farming and agriculture
Farming involves a wide range of risks, including machinery, vehicles, animals, chemicals, and outdoor working conditions. Work is often seasonal and carried out in changing environments, which means assessments need to account for both routine tasks and less predictable situations.
Healthcare and care settings
Healthcare and care environments involve risks linked to patient care, infection control, manual handling, and vulnerable people. Risk assessments often need to consider how staff interact with service users, how care is delivered, and how risks can change depending on individual needs and conditions.
Office-based work
Office work is often seen as low risk, but it still requires risk assessment. Common considerations include display screen equipment, fire safety, lone working, and mental wellbeing. Changes to layouts, hybrid working, or increased screen use can all affect risk and may require review.
Who is responsible for risk assessments?
Responsibility for risk assessments sits with the employer. That means making sure assessments are in place, kept up to date, and reflect how work is actually carried out. It does not mean one named person has to do everything, but someone does need to take ownership.
What matters most is competence, not job title. The person carrying out a risk assessment needs to understand the work, recognise where risks can arise, and know what sensible controls look like in practice. In some workplaces, that knowledge already exists in-house. In others, it may not.
Health and safety inspectors do not carry out risk assessments on behalf of businesses. Their role is to check whether suitable assessments are in place, not to create them.
Many organisations choose to bring in external health and safety specialists, particularly where work is higher risk, spread across multiple sites, or changing regularly. External support can add value by providing experience across different environments, carrying out site visits, and offering an independent view that helps identify risks that may be easy to overlook internally.
Which UK laws affect health and safety risk assessments?
Health and safety risk assessments are not just good practice in the UK. They are rooted in a small number of key laws that set out what employers are expected to do to manage risk at work. These laws focus on prevention, planning, and proportionality rather than paperwork for its own sake.
Health and Safety at Work etc. Act 1974
This is the main piece of health and safety legislation in the UK. It places a general duty on employers to protect the health, safety, and welfare of employees and others who may be affected by their work.
The Act does not spell out how risk assessments should be written, but it establishes the principle that risks must be identified and controlled. Risk assessments are one of the main ways employers show they are meeting this duty in practice.
Management of Health and Safety at Work Regulations 1999
These regulations are where risk assessments are explicitly required. They place a duty on employers to carry out suitable and sufficient assessments of risks arising from their work activities.
In simple terms, this means employers are expected to:
- Look at the risks created by their work
- Decide who may be harmed
- Put appropriate controls in place
- Record significant findings where required
- Review assessments when things change
The regulations also introduce the idea of competence, meaning employers should have access to people with the right knowledge and experience to assess risk properly.
Other regulations that require specific risk assessments
In addition to the core legislation above, other regulations require more focused assessments in certain situations. Examples include:
- Fire safety legislation, which requires fire risk assessments
- COSHH regulations, which cover hazardous substances
- Manual handling regulations, which focus on lifting and moving risks
- Construction regulations, which introduce additional duties for planning and managing risk on sites
These sit alongside general risk assessments and apply where the relevant risks are present.
UK health and safety law does not expect every workplace to manage risk in the same way. It expects employers to take a proportionate approach based on the work they do and the risks involved.
Getting clarity on workplace risk assessment
Health and safety risk assessment is about understanding where risks exist in real work and making sensible decisions about how they are managed. Most workplaces need more than one assessment, and what matters most is how well those assessments reflect what actually happens day to day.
Clarity comes from stepping back and looking at activities, people, and environments together, rather than relying on generic documents or assumptions. When risks are clearly understood, health and safety becomes easier to manage and easier to keep up to date.
Not sure whether your current risk assessments are doing what they need to do? Download the risk assessment guide to sense-check what you have and identify where gaps often appear. Or take our quick-and-easy health and safety business health check questionnaire.
—————————————-
Frequently Asked Questions About Health and Safety Risk Assessments
What is the purpose of a health and safety risk assessment?
The purpose of a health and safety risk assessment is to understand where harm could occur at work and decide how those risks should be managed. It helps make risks visible, supports safer decision-making, and provides a clear record of how risks are being controlled in practice.
Is a risk assessment a legal requirement in the UK?
Yes. UK employers are required to assess risks arising from their work activities. Risk assessments are the main way employers show they have identified risks and taken steps to manage them in a proportionate way.
What’s the difference between a risk assessment and a method statement?
A risk assessment identifies hazards and evaluates risk. A method statement explains how a specific task will be carried out safely. In simple terms, the risk assessment identifies what could go wrong, while the method statement sets out how the work will be done.
Do small businesses need health and safety risk assessments?
Yes. Risk assessment requirements apply regardless of business size. The level of detail needed depends on the work being carried out and the risks involved, not how many people a business employs.
Are risk assessments just paperwork?
No. While risk assessments are usually recorded in writing, their value comes from how accurately they reflect real work. A well-written assessment that matches day-to-day activities helps guide safer working. Paperwork that doesn’t reflect reality adds little value.
Can one risk assessment cover everything?
Rarely. A general workplace risk assessment often needs to be supported by more specific assessments, such as fire, COSHH, manual handling, or task-specific assessments. Different risks need different levels of focus.
Who checks whether risk assessments are good enough?
Health and safety inspectors do not create risk assessments for businesses. Their role is to check whether suitable assessments are in place and whether they reflect the work being done. Inspections often focus on whether risks have been properly identified and controlled.
When does it make sense to get external help with risk assessments?
External support is often helpful where work is higher risk, spread across multiple sites, involves contractors, or changes regularly. Independent specialists with pre-defined processes and industry expertise can bring experience from different settings and help identify risks that may be easy to overlook internally.