IOSH
Understanding risk assessment: a beginner's guide
A simple guide for assessing and managing work at height risks
A quick, practical overview of how to spot fall hazards, judge their risks and choose suitable controls. It supports confident decision‑making and helps keep work at height tasks safe and well managed.
In this resource
- Introduction to working at height
- Step‑by‑step risk assessment process
- Risk rating methodology
- Hierarchy of control measures
- Sample risk assessment
- Key takeaways
- Checklist
Introduction
Working at height introduces several hazards that can cause serious injuries or fatalities if not properly controlled.
A risk assessment must consider situations where workers could:
- fall from height, such as unprotected edges on a roof or scaffold
- fall through an opening, such as a skylight
- fall into a hazard, such as a tank or excavation
Note: There may be other hazards in the area (for example excessive noise). These should be included in the overall risk assessment, even if they are not shown in this example.
Step 1: Identify hazards
Look for any hazard that could cause a worker to fall. Examples include:
- working at height
- using a ladder
- using a mobile elevated work platform
- fragile surfaces
- edges without protection
- poor weather conditions
- debris or tools dropped from height
- falling into a space such as a storage tank
- equipment failure
Involve workers and supervisors in identifying hazards.
Step 2: Who might be harmed?
Include everyone who could be harmed, such as:
- workers (especially those with medical conditions)
- contractors and subcontractors
- visitors
- members of the public
Step 3: Evaluate the risks
Consider the likelihood of harm and how serious the consequences could be, using the risk matrix in Figure 1.
Risk scoring involves judgement. Different people may rate the same risk differently. Carrying out the assessment with someone else helps you agree on fair scores and identify anything you might miss on your own.
Risk ratings should be agreed by a competent person, such as an occupational safety and health (OSH) professional.
The matrix is a guide to help you think about how likely something is and how serious it could be. Use your knowledge and experience to make the best decision.
Risk rating examples:
Likelihood of harm (L)
You are assessing how likely it is that harm will occur. The less likely it is, the lower the score.
Low risk (1–2)
Tasks with a low likelihood of harm, such as:
- little exposure to hazards
- a stable environment
- simple tasks with few steps
- existing controls such as fixed handrails or barriers
Medium risk (3–12)
As the complexity of the task increases, so does the likelihood of harm. Medium scores apply when:
- existing controls need maintenance
- procedures are moderately complex
- equipment requires training to use safely
- safety measures depend on worker behaviour (PPE)
- workers are under pressure to finish the task
High risk (12–25)
These tasks involve hazards that are difficult to eliminate or control. Conditions may be unpredictable or change quickly, such as outdoor work in extreme weather or dynamic construction sites.
Characteristics include:
- complex work requiring detailed planning
- potential for life‑threatening injuries or long‑term health effects
- multiple layers of control needed (permits, PPE, specialist equipment)
- variable or extreme weather conditions
- other workers or the public having access to the area
Consequences of harm (C)
You are considering how serious the harm could be. Low scores apply to minor injuries; the highest scores apply to life‑changing harm.
Low risk (1-2)
Consequences are minor, such as:
- first aid injury (minor cut)
- a minor medical treatment case with no work restrictions
Medium risk (3-12)
Consequences are more serious and may result in time off work but no long‑term disability.
Examples include:
- a fall causing a laceration needing sutures
- prolonged time off due to injury (ligament damage)
- restricted duties (for example concussion)
High risk (12-15)
Consequences cause long‑term health or lifestyle impacts.
Examples include:
- death
- amputations
- life‑limiting disability (such as paralysis)
Risk rating = Likelihood (L) × Consequence (C)
Example of risk rating calculation
Risk rating = Likelihood (L) x Consequences (C)
If: L = 2 and C = 3
Then: L x C = 2 x 3 = 6
A score of 6 is a medium
Step 4: Control measures
Choose appropriate and practical controls based on the level of risk. Higher‑level controls are more effective than lower‑level controls such as signs or PPE.
Note: These examples follow the hierarchy of control. They are not exhaustive and may not suit every situation.
Eliminate
- avoid working at height
Substitution
- use scaffolds or mobile elevated work platforms instead of ladders
- use temporary roofing systems or sheeting instead of open scaffolds during outdoor work
Engineering controls
- install guard rails and edge protection on elevated areas, such as mezzanine floors
- erect safety nets to catch falling objects
- ensure access to welfare facilities (for example provide drinking water in hot conditions)
Administrative controls
- develop fall protection and fall arrest procedures
- provide training on safe work practices and PPE
- communicate risks to workers
- provide supervision; don’t allow lone working
- ensure workers are medically fit to work at height
Personal protective equipment
- non‑slip shoes and gloves
- protective headgear with secure straps
- fall arrest systems
Step 5: record and review
Document the findings and action plan using a risk assessment template, such as the example below. Communicate the results and controls to the workers carrying out the task.
Risk assessments should be reviewed at least once a year, or sooner if conditions change.
Example Risk Assessment
Task:
Cleaning external gutters (height: 2.5–3.5 m)
Description:
Workers use an extension ladder to access gutters and remove debris.
| What is the hazard? | Who might be harmed? | How might they be harmed? | Existing process/safety measures | L | C | RR | Action required |
|---|---|---|---|---|---|---|---|
| Slips and falls from ladder | Workers; people below | Sprains, fractures; person below struck by falling worker | Training on ladder use; non‑slip footwear and gloves | 2 | 4 | 8 | Secure ladder at top and bottom, avoid overstretching, use stabiliser, maintain three points of contact. |
| Falling debris or tools | Persons walking under the ladder | Struck by falling objects | Restricted access, warning signs, tools secured in tool bag | 1 | 3 | 3 | Establish exclusion zone, use tool lanyards, wear hard hats. |
| Poor weather conditions (wind/rain) | Workers on ladders | Fall from ladder | Procedures require stopping work in poor weather | 1 | 4 | 4 | Check forecast, postpone work in adverse weather, provide non‑slip footwear. |
| Ladder dislodged | Workers on ladder; people below | Overreaching; ladder not secured; wrong ladder | Correct ladder specified; training; ladder secured; inspections | 2 | 4 | 8 | Use ladder ties or stabilisers, inspect ladder before use, ensure ladder is correct height and load rating. |
Key takeaways
- Falls from height are a leading cause of workplace fatalities – risk assessment is essential.
- Use a structured approach: hazard identification → risk evaluation → control selection.
- Apply the hierarchy of controls: eliminate hazards before relying on PPE.
- Risk ratings help prioritise actions but require judgement and collaboration.
- Regular review and clear communication are essential for ongoing safety.
Checklist for working at height risk assessments
- Have all fall hazards been identified?
- Are all affected people considered (workers, contractors, public)?
- Has a risk matrix been used to score likelihood and consequence?
- Are control measures selected according to the hierarchy (eliminate → PPE)?
- Are ladders, scaffolds and equipment inspected and suitable?
- Have weather and environmental conditions been considered?
- Is adequate training and supervision in place?
- Have findings been documented and communicated?
- Is there a review schedule (annual or when conditions change)?
Summary
Working at height presents significant risks that require careful planning and robust control measures. A structured risk assessment helps identify hazards, evaluate risks and select effective controls.
By applying the hierarchy of controls, maintaining good communication and reviewing assessments regularly, organisations can reduce the likelihood of serious incidents and support a strong safety culture.
This guide aligns with IOSH's competency framework at the 'understand' level for risk assessment and analysis, risk identification and profiling, and risk prioritisation.
Ready to advance your health and safety career?
Join IOSH today to access exclusive resources, networking opportunities and support for your professional development journey.
Frequently asked questions
How do I know if I’ve identified all the hazards in my workplace?
Users often wonder whether they’ve overlooked something. It’s common to question if a walkthrough, worker feedback and category checks (mechanical, physical, ergonomic, chemical, biological, psychosocial) are enough to be thorough.
When should I update my risk assessment?
Even after learning the five steps, readers may still be unsure about the right time to review or repeat an assessment – such as after workplace changes, incidents or scheduled intervals.
What do I do if I’m unsure how to rate the severity or likelihood of a risk?
Beginners frequently struggle with using a risk matrix and making judgements based on likelihood and consequence, especially when considering “realistic vs worst‑case” scenarios.
How do I choose the most effective control measure?
Readers may wonder how to decide between elimination, substitution, engineering, administrative controls and PPE – particularly when more than one option seems possible.
Who should I involve if my organisation is small or doesn’t have OSH specialists?
The guide lists several people who can contribute, but users may still question who is essential for a meaningful assessment when resources are limited.