HSE Risk Assessment: How to Perform a Risk Assessment in HSE

How to perform a successful HSE risk assessment

Published February 24, 2021

8 minute read

A successful HSE risk assessment can help companies understand all of the hazards in the workplace and allow them to take critical steps to make the workplace safer. Understanding various risks is important as the orgsanisation can then review its safety policies and procedures and track their effectiveness.

Every company with employees has a lawful duty to have a risk assessment system in place that considers all potential hazards in the workplace: physical, chemical, biological and psychosocial risks, etc.

In this article we will simplify and outline the elements of a good risk assessment and how to conduct a risk assessment.


What is a Risk Assessment?


A risk assessment is the identification the evaluation and control of risk arising from hazards in the workplace and constitute the first step in controlling health & safety.

A risk assessment is a written document that records a three-step process:

  1. Identifying the hazards in the workplace(s) under your control.
  2. Assessing the risks presented by these hazards.
  3. Putting control measures in place to reduce the risk of these hazards causing harm.

Simply put, a risk assessment is a process used to identify and evaluate potential risks associated with an activity, project, or workplace. It is an important part of any safety program, as it helps ensure that the hazards are properly identified and addressed in order to mitigate any potential risk to workers, property, or the environment. 


Hazard Identification 


Hazard identification is required by section 19 of the 2005 Act it is a major part of a health & safety management system and the identification is an essential first step in controlling health &safety in the workplace.

A hazard is defined as a source of danger in the workplace. With the potential to cause harm. Anything with the potential to cause injury or ill health

Hazards can result from poor quality work materials, equipment, and work methods and typically fall under the following categories:

  • Physical Hazards such as manual handling, slips, trips, fire, driving for work, work at height, using poorly maintained equipment
  • Occupational Health Hazards such as, noise, vibration, dusts, stress.
  • Chemical Hazards such as cleaning agents, industrial solvents, pesticides.
  • Biological Hazards such as viruses, bacteria, allergens.
  • Human Factor/Psychosocial such as violence, bullying, harassment.

Risk is the chance that someone will be harmed by the hazard. It also evaluates how severe the harm or ill health could be and how many people could be affected.


The purpose of a risk assessment


Workers in any company and in any industry are exposed to risks associated with the work they carry out. The employer is by law responsible for their health and safety in relation to the work they carry out in the workplace.

There is a general requirement to carry out a written risk assessment under section 19 of the 2005 Act and many of the relevant statutory provisions (e.g. the General Application Regulations or the Chemical Agents Regulations).

The risk assessment is the employer’s tool to ensure that the company complies with this lawful duty by revealing risks and ensuring that necessary measures are taken to ensure the health and safety of workers.

The risk assessment must involve staff at all levels, it must be documented and communicated to both the management and employees as everyone must be aware of the risks and corresponding controls related to their work. A documented risk also demonstrates that all risks in the workplace have been considered and that protective measures are in place to keep workers’ safe.

Risk assessments should address specific activities that may require additional controls due to their higher level of risk. An example would be working at heights—anytime someone works more than 6 feet off the ground they need additional fall protection measures such as guardrails or safety nets installed before work begins.

In addition, certain tasks may require special training for workers who will be performing them—such as working with hazardous materials or operating heavy machinery—and this should be taken into consideration when assessing a task for risk. 

Who is responsible?


Employer: The company’s top management carries the ultimate responsibility for providing a safe and healthy work environment for workers and must ensure that risk assessments are carried out, are reviewed and are current.

Employers are required to do all that is reasonably practicable to minimize the risk of injury. Employers will have done all that is reasonably practicable if they have:

  • identified the hazards and risks relating to the place of work, and
  • put in place appropriate control measures to eliminate or reduce the hazard to a safe level.

Employees: In performing the risk assessment, management should consult all employees involved at the workplace as they have valuable insight into where workplace health and safety issues occur and will often have input on how to minimize risk. A risk assessment should be conducted by a multidisciplinary team where available.

The risk assessment process is used to assess and evaluate the risk of each identified hazard.

Workplace Ergonomics

Risk Assessment Process


1. Identify the Hazards

The first step is to identify the hazards in your workplace. This can be achieved by walking around and observing, reading manufacturers manuals and working with employees to report hazards and near misses.

The term “hazard” includes anything that could cause harm to people, property, or the environment. Once you have identified these hazards, you must assess the risks associated with them.

To do this, consider what factors can contribute to a hazard becoming a risk, such as lack of training or access to protective clothing. Additionally, it is helpful to assign each hazard and risk a rating on a scale from low to high in order to prioritize which risks should be addressed first. 

2. Assess the Risks and decide on precautions/controls

Risk means the likelihood of harm caused by a hazard, together with the likelihood of the harm occurring and the severity of the harm if it occurred.

When assessing and evaluating the risk from each identified hazard, the risk analysis should consider factors such as:

  • The likelihood of events and consequences/impact – the likelihood that a risk of harm may occur x the impact of the harm should it occur
  • The nature and magnitude of consequences/impact
  • The effectiveness of existing controls – for each hazard make a judgement on the effectiveness of existing controls - these include processes. Policies, engineering controls, training, preventive maintenance etc.
  • The people who might be exposed/harmed and the damage that may occur to plant, equipment, environment etc.

It is important to consider who may be exposed to a specific hazard. Apart from direct employees, think about the people who may not be in the workplace all the time, for example:

  • Cleaners
  • Visitors
  • Other employers’ workers such as outside contractors, and outside maintenance personnel

If the public has access to your premises as part of the services supplied, assess the hazards that they are exposed to. Hazards could vary from slips, trips, and falls, to unauthorised entry to dangerous areas. Consider also, vulnerable groups for which additional control measures may be required. These vulnerable groups may include:

  • Young people, who may be more at risk due to their inexperience and lack of training
  • Elderly people
  • Pregnant, post-natal and breastfeeding employees
  • Night and shift workers
  • People with language disabilities or for whom English is not a first language
  • People with different abilities or disabilities
  • People who are handling money or dealing with the public

Essentially, an employer is concerned with estimating the severity and likelihood of harm arising from identified hazards.

Other contributing factors to be considered when assessing risks are:

  • People (i.e., the things they do, or don’t do)
  • Equipment (i.e., unsafe, or improper for a task)
  • Materials (i.e., improper handling or type of material)
  • Environment (i.e., condition of work areas)
  • Process (i.e., whether how something is done, is hazardous)

Your team should consider all aspects of both current and anticipated operations when assessing potential hazards so that no detail is overlooked. In addition, you should consider any external factors such as weather or environmental conditions that could also contribute to risk. 

The simplest way to quantify the risk is low, medium, or high:

Low risk: This is where the likelihood of harm from an identified hazard is low and the severity is low. For example, intermittent work on a computer where the workstation is well laid out is unlikely to result in any harm to the user.

Medium risk: As the level of likelihood, the severity and the number of persons exposed increases, a hazard may be assessed as a medium risk. For example, manual handling of heavy loads without mechanical aids. Control measures are required to reduce these hazards to low risk.

High risk: A good risk assessment should focus on the more serious risks first, as there is a likelihood that an accident could occur and if it does there could be serious injuries, ill health, or death. For example, vehicles reversing where pedestrians / members of the public are walking without control or management.

A risk matrix is most often used to evaluate risk – plotting the likelihood of harm occurring from an identified hazard against the severity of the impact should it occur. The matrix can be as simplified or as complex as required by your business. The matrix below is based on the HSE UK approach.


Likelihood Table


Actual Frequency


Almost Certain (5)

Occurs every 5 years or more


Likely (4)

Occurs every 2-5 years


Possible (3)

Occurs every 1 – 2 years


Unlikely (2)

Occurs Bimonthly


Rare/Remote (1)

Occurs at least monthly




Severity/Impact Table

Negligible (1)

Adverse event leading to minor injury not requiring first aid

Minor (2)


Minor injury or illness, first aid treatment required

<3 days absence

<3 days extended hospital stay

Impaired psychosocial functioning >3 days < 1 moth.

Moderate (3)

Significant injury requiring medical treatment e.g., Fracture and/or counselling.

Agency reportable, e.g., HSA, Gardaí (violent and aggressive acts). >3 Days absence 3-8 Days extended hospital Stay

Impaired psychosocial functioning greater than one month less than six months

Major (4)

Major injuries/long term incapacity or disability (loss of limb) requiring medical treatment and/or counseling Impaired psychosocial functioning greater than six months

Extreme (5)

Incident leading to death or major permanent incapacity. Event which impacts on large number of patients or member of the public Permanent psychosocial functioning incapacity.



RISK MATRIX – To Determine the Risk Rating


5x5 risk matrix

By combining the severity/impact and the likelihood one establishes the Risk Rating.

For example:

  1. Likelihood 3 (Possible) x Severity 1 (Negligible) = 1x3 = 3 (Green)
  2. Likelihood of 2 (Unlikely) x Impact of 3 (Moderate) = 3 x 2 = 6 (Amber).

Once the risk rating has been established the risk must be evaluated i.e., which risks are acceptable and which risks require treatment/control and at what level.

  • Accept the risk
  • Treat the risk by:
  1. Avoiding the risk
  2. Transferring the risk
  3. Controlling the risk

3. Additional controls needed

Where the risk rating result in the requirement for treating the risk, the risk is unacceptable and must be mitigated.

When deciding on controls the hierarchy of control is typically used.

Hierarchy of controls


The order to follow when treating a risk:

Where practicable eliminate the risk – remove the risk of the hazard and/or remove the hazard.

If this is not possible, then reduce the risk through reduce through substitution e.g., substitute a hazardous chemical with a safer option (less hazardous).

Engineer controls e.g., isolate a noisy machine from individuals or vice versa.

Administrative controls such as training, safe systems of work, policies, procedures etc.

Finally, and as a last form of defense use protective equipment (PPE). PPE should be used in conjunction with other control measures such as training for example.

Document - Following a risk assessment, a documented record of the findings, controls, timelines, etc. must be available and communicated to all staff members. Typically recorded in a risk assessment template; this template has many formats, and each business will decide on the template that is best suited to their company.


Identify the Hazards

Assessing the Risks

Treating the Risk - control measures and further actions required

What are the hazards?

Who is at risk?

Current Controls

Level of risk?

Additional controls needed?

Action by whom and by when?

Date Completed



Review - Finally, risks must be reviewed regularly and as required. If there are any changes to equipment, processes, procedures, policies, legislation, or people etc, risk assessments must be reviewed, recorded and communicated.

In summary a good risk assessment demonstrates that;

  • a proper check was made
  • you asked all who might be affected
  • you dealt with all the obvious significant hazards, taking into account the number of people who could be involved
  • the precautions are reasonable, and the remaining risk is low
  • you involved your employees or their representatives in the process

The supervisor is responsible for ensuring safe methods are used and for intervening if a person seems overstrained. There cannot be too many discussions about health and safety. Supervisors should encourage subordinates to pay attention to health at work and to maintain their physical wellbeing outside of work.

You can also opt for engineering controls such as redesigning processes or installing physical barriers so that employees are not exposed directly to hazardous situations. Lastly, administrative controls involve changing policies and procedures such as instituting job rotation schedules or setting limits on exposure time in hazardous areas. 

If an employee is experiencing symptoms, the supervisor, possibly in conjunction with healthcare professionals or specialists, should have an individual discussion with the employee concerning work ability. The goal is to find a solution for reducing symptoms and for the person to continue working using modified means or to work temporarily on more suitable tasks.

Finally, it’s important not just to perform an initial HSE risk assessment but also regularly monitor your existing control measures for effectiveness over time. This means documenting when changes were made and if those changes resulted in significant improvements or reductions of risk levels. Additionally, continue identifying new hazards as they arise and assessing whether any existing control measures need updating based on changing conditions at work sites or updated regulations from authorities.  


An effective HSE risk assessment requires careful analysis of potential hazards in the workplace followed by implementation of control measures tailored specifically for those hazards. Additionally, ongoing monitoring of existing control measures is necessary both for maintaining safe working conditions and meeting legal requirements set out by authorities at all times. By following these steps correctly and consistently performing assessments over time, businesses can ensure their workers remain safe while adhering to regulatory standards.

Learn more on EcoOnline EHS by clicking below or simply Request a Demo


New call-to-action



Author Shane Irwin

Our related posts

| Health & Safety
Why choose EcoOnline's lone worker software, powered by StaySafe

When introducing a new product to the workplace, we understand your employees want something that's quick, that's easy...

| Health & Safety
Check calls vs. check-in technology

Manual check calls are one of the most common methods used to monitor the safety of employees who work alone. Check...

| Health & Safety
What happens when an employee doesn’t comply with health and safety regulations?

Just as employers have health and safety regulations to follow, employees must also take responsibility for their own...