IOSH
Understanding risk assessment: A beginner's guide
A simple guide to understanding and carrying out effective risk assessments.
This resource gives you a simple starting point for spotting hazards and deciding what action to take to keep people safe.
In this resource
- What is the difference between a hazard and a risk?
- What is an occupational safety and health (OSH) risk assessment?
- When is a risk assessment carried out?
- What are the five steps to a risk assessment?
- Making risk assessments work in practice
- Common challenges
- From risk assessments to safe working
- Related IOSH resources
- Further reading
- Checklist
- Key takeaways
What is the difference between hazard and risk?
A hazard is anything with the potential to cause harm. For example, a wet floor could cause someone to slip.
A risk is the likelihood that the hazard will cause harm, combined with how serious the harm could be. If a wet floor is blocked off, the likelihood of slipping is reduced. If the spill is cleaned up, the hazard is removed and the risk is eliminated.
What is an OSH risk assessment?
An occupational safety and health (OSH) risk assessment is the process of identifying hazards in the workplace and deciding what you can do to prevent or reduce harm.
The process includes:
- identifying hazards – recognising what could cause harm
- analysing risks – who might be harmed and how
- assessing risks – how serious the harm could be and how likely it is
- controlling risks – deciding what actions to take to reduce harm
- recording and reviewing the findings – documenting the risks, controls and planned review dates
Risk assessments aren’t just paperwork. They help you keep people safe and meet your legal responsibilities as an employer.
When is a risk assessment carried out?
Risk assessments are needed at several points, including:
- at the start of a project (baseline assessment)
- periodically, such as every two years
- when there are changes to the workplace or processes
- after an accident, to help prevent it happening again
- when the law requires a specific assessment, such as for display screen equipment (DSE)
Why do risk assessments matter?
Risk assessments are often required by law, but more importantly, they:
- help prevent accidents and ill health
- protect your organisation from liability
- show you care about workers’ wellbeing
- support informed decision-making
- form the foundation of good health and safety management
What does a risk assessment involve?
Step one: identify hazards
Walk around your workplace with fresh eyes. Look for anything that could cause harm. Talk to workers – they often notice hazards that management may miss.
Top tip
Don’t just look for obvious dangers. Consider what could go wrong during routine tasks, maintenance or emergencies.
Hazards are commonly grouped into six categories:
Mechanical hazards
Risks from machinery or equipment, including:
- being crushed between moving and fixed parts
- being struck by ejected machine parts
- harm from mechanical tools
Physical hazards
These involve sources of physical energy, such as:
- vibration (hand–arm vibration syndrome)
- electricity (electric shock)
- noise (hearing loss)
Ergonomic hazards
These include:
- repetitive movements
- manual handling
- poorly set-up workstations
Chemical hazards
Can cause harm to people or the environment, such as:
- chemical burns
- skin conditions (eczema, dermatitis)
- respiratory problems (asthma, legionnaires’ disease).
More about chemical hazards and risks can be found in our resource Chemical safety essentials: what everyone should know.
Biological hazards
Include:
- bacteria
- viruses
- fungi
Psychosocial hazards
Arise from how work is organised or experienced, such as:
- job demands
- bullying or harassment
- long shifts, overtime or lone working.
You can read more about them in our resource: What are psychosocial hazards and why should you care about them?
Step two: Analyse the risk – who might be harmed and how
Consider who could be harmed, including:
- workers
- customers and visitors
- contractors
- members of the public
- vulnerable workers (pregnant, disabled, migrant, young or older workers)
Think about how each group might be affected differently by the same hazard.
Step three: Assess the risk
Once you know who might be harmed, decide:
- how likely the harm is (from very unlikely to almost certain)
- how serious the consequences could be (from minor injury to fatality)
You will need to make a judgment on likelihood that the harm will arise and a realistic decision about the consequences. Your decision should be based on past experiences, accident reports, and how often workers are exposed to hazards.
The worst-case scenario is that death may occur but realistically this is unlikely. A matrix, such as the one below, can be used to rate risks. This helps with the next step: deciding what action to take to reduce the risk and how urgent it is.
Use past experience, accident reports and exposure levels to judge this. A simple risk matrix can help you prioritise which risks need attention first.
Remember: risk ratings help prioritise action – they’re not exact calculations.
Step four: Plan to control the risk
Based on your ratings, decide what controls you’ll put in place. Higher risks need more urgent action. Controls include:
- eliminating the hazard
- substituting with something less hazardous
- engineering controls (machine guards, local exhaust ventilation)
- administrative controls (training, job rotation)
- personal protective equipment (PPE).
Step five: Record and review
Risk assessments and action plans should be live documents. Recording your findings helps make sure workers understand the risks and the controls they must follow.
Who should be involved?
The people involved depend on the size of the organisation. Those to consider include:
- a competent person to lead the process
- managers, to explain work processes and identify hazards
- workers, to describe how tasks are carried out
- worker representatives or trade union representatives
- OSH specialists (safety, health, hygiene)
- external experts for high‑risk equipment or processes
- human resources
Note: A competent person is someone with the right mix of knowledge, skills, experience and behaviours.
The table is an example of a risk assessment that can be used in any workplace.
| What is the hazard | Who might be harmed? | How might they be harmed? | Existing controls | Risk Rating | Action required |
|---|---|---|---|---|---|
| Wet floor | Employees, Visitors | Slips and falls | Warning signs | Moderate | Clean up spill immediately and review cleaning procedures. |
Making risk assessments work in practice
- Keep them simple and practical.
- Avoid jargon.
- Involve workers – they understand their tasks best.
- Focus on significant risks, not trivial ones.
Common challenges and how to overcome them
- “I don’t know where to start.”
Begin with high‑risk activities or where problems have occurred. - “The risks seem too complex.”
Break processes into smaller steps and assess each one. - “Workers don’t follow the controls.”
Involve them in the process and ensure leaders support the controls. - “Management says we don’t have time.”
Explain that preventing accidents saves time, money and effort later.
From risk assessment to safe working
Risk assessments help shape:
- safe systems of work (step‑by‑step procedures)
- training needs
- equipment specifications
Note: A safe system of work shows workers how to carry out tasks safely by eliminating or controlling hazards.
Related IOSH resources
Recommended courses:
- IOSH Managing Safely – for managers
- IOSH Working Safely – for all workers
- Risk assessment and risk management courses – for deeper knowledge
Further reading
Professional development: consider IOSH membership to build competence and access additional resources.
Checklist
Use this quick checklist to make sure your risk assessment process is thorough and up to date.
- Identify hazards – walk the workplace and consult workers.
- Analyse who might be harmed and how.
- Assess the risk – likelihood and severity.
- Decide on controls – eliminate, substitute, engineer, administrate, PPE.
- Record findings.
- Review regularly.
- Involve workers and competent persons.
- Focus on significant risks.
Key takeaways
- Risk assessment is about preventing harm, not ticking boxes.
- Focus on what could realistically cause significant harm.
- Involve workers – they have valuable insights.
- Keep assessments simple and practical.
- Review and update regularly.
- Challenge poor assessments.
- Build your skills gradually with training and practice.
This guide aligns with IOSH's competency framework at the 'understand' level for risk assessment and analysis, risk identification and profiling, and risk prioritisation.
Ready to advance your health and safety career?
Join IOSH today to access exclusive resources, networking opportunities and support for your professional development journey.
Frequently asked questions
How do I know if I’ve identified all the hazards in my workplace?
Users often wonder whether they’ve overlooked something. It’s common to question if a walkthrough, worker feedback and category checks (mechanical, physical, ergonomic, chemical, biological, psychosocial) are enough to be thorough.
When should I update my risk assessment?
Even after learning the five steps, readers may still be unsure about the right time to review or repeat an assessment – such as after workplace changes, incidents or scheduled intervals.
What do I do if I’m unsure how to rate the severity or likelihood of a risk?
Beginners frequently struggle with using a risk matrix and making judgements based on likelihood and consequence, especially when considering “realistic vs worst‑case” scenarios.
How do I choose the most effective control measure?
Readers may wonder how to decide between elimination, substitution, engineering, administrative controls and PPE – particularly when more than one option seems possible.
Who should I involve if my organisation is small or doesn’t have OSH specialists?
The guide lists several people who can contribute, but users may still question who is essential for a meaningful assessment when resources are limited.