How to perform a successful HSE risk assessment

Every company with employees has a lawful duty to have a risk assessment system in place that considers all potential hazards in the workplace: physical, chemical, biological and psychosocial risks, etc. In this article we will simplify...

Published February 24, 2021

7 minute read

Every company with employees has a lawful duty to have a risk assessment system in place that considers all potential hazards in the workplace: physical, chemical, biological and psychosocial risks, etc.

In this article we will simplify and outline the elements of a good risk assessment and how to conduct a risk assessment.


What is a Risk Assessment?


A risk assessment is the identification the evaluation and control of risk arising from hazards in the workplace and constitute the first step in controlling health & safety.

A risk assessment is a written document that records a three-step process:

  1. Identifying the hazards in the workplace(s) under your control.
  2. Assessing the risks presented by these hazards.
  3. Putting control measures in place to reduce the risk of these hazards causing harm.


Hazard Identification 


Hazard identification is required by section 19 of the 2005 Act it is a major part of a health & safety management system and the identification is an essential first step in controlling health &safety in the workplace.

A hazard is defined as a source of danger in the workplace. With the potential to cause harm. Anything with the potential to cause injury or ill health

Hazards can result from poor quality work materials, equipment, and work methods and typically fall under the following categories:

  • Physical Hazards such as manual handling, slips, trips, fire, driving for work, work at height, using poorly maintained equipment…
  • Occupational Health Hazards such as, noise, vibration, dusts, stress.
  • Chemical Hazards such as cleaning agents, industrial solvents, pesticides.
  • Biological Hazards such as viruses, bacteria, allergens.
  • Human Factor/Psychosocial such as violence, bullying, harassment.

Risk is the chance that someone will be harmed by the hazard. It also evaluates how severe the harm or ill health could be and how many people could be affected.

Risk is a combination of chance/likelihood and severity.


The purpose of a risk assessment


Workers in any company, in any industry are exposed to risks associated with the work they carry out. The employer is by law responsible for their health and safety in relation to the work they carry out in the workplace.

There is a general requirement to carry out a written risk assessment under section 19 of the 2005 Act and many of the relevant statutory provisions (e.g. the General Application Regulations or the Chemical Agents Regulations).

The risk assessment is the employer’s tool to ensure that the company complies with this lawful duty by revealing risks and ensuring that necessary measures are taken to ensure the health and safety of workers.

The risk assessment must involve staff at all levels, it must be documented and communicated to both the management and employees as everyone must be aware of the risks and corresponding controls related to their work. A documented risk also demonstrates that all risks in the workplace have been considered and that protective measures are in place to keep workers’ safe.


Who is responsible?


Employer: The company’s top management carries the ultimate responsibility for providing a safe and healthy work environment for workers and must ensure that risk assessments are carried out, are reviewed and are current.

Employers are required to do all that is reasonably practicable to minimize the risk of injury. Employers will have done all that is reasonably practicable if they have:

  • identified the hazards and risks relating to the place of work, and
  • put in place appropriate control measures to eliminate or reduce the hazard to a safe level.

Employees: In performing the risk assessment, management should consult all employees involved at the workplace as they have valuable insight into where workplace health and safety issues occur and will often have input on how to minimize risk. A risk assessment should be conducted by a multidisciplinary team where available.

The risk assessment process is used to assess and evaluate the risk of each identified hazard.

Workplace Ergonomics

Risk Assessment Process


1. Identify the Hazards

The first step is to identify the hazards in your workplace. This can be achieved by walking around and observing, reading manufacturers manuals and working with employees to report hazards and near misses.

There will be many different types of hazards in every workplace.

Once you have identified the hazards you assess the risks


2. Assess the Risks and decide on precautions/controls

Risk means the likelihood of harm caused by a hazard, together with the likelihood of the harm occurring and the severity of the harm if it occurred.

When assessing and evaluating the risk from each identified hazard, the risk analysis should consider factors such as:

  • The likelihood of events and consequences/impact – the likelihood that a risk of harm may occur x the impact of the harm should it occur
  • The nature and magnitude of consequences/impact
  • The effectiveness of existing controls – for each hazard make a judgement on the effectiveness of existing controls - these include processes. Policies, engineering controls, training, preventive maintenance etc.
  • The people who might be exposed/harmed and the damage that may occur to plant, equipment, environment etc.

It is important to consider who may be exposed to a specific hazard. Apart from direct employees, think about the people who may not be in the workplace all the time, for example:

  • Cleaners
  • Visitors
  • Other employers’ workers such as outside contractors, and outside maintenance personnel

Where the public access your premises as part of the services supplied, assess the hazards that they are exposed to. Hazards could vary from slips, trips, and falls, to unauthorised entry to dangerous areas. Consider also, vulnerable groups for which additional control measures may be required. These vulnerable groups may include:

  • Young people, who may be more at risk due to their inexperience and lack of training
  • Elderly people
  • Pregnant, post-natal and breastfeeding employees
  • Night and shift workers
  • People with language disabilities or for whom English is not a first language
  • People with different abilities or disabilities
  • People who are handling money or dealing with the public

Essentially an employer is concerned with estimating the severity and likelihood of harm arising from identified hazards.

Other contributing factors to be considered when assessing risk are:

  • People (i.e., the things they do, or don’t do)
  • Equipment (i.e., unsafe, or improper for a task)
  • Materials (i.e., improper handling or type of material)
  • Environment (i.e., condition of work areas)
  • Process (i.e., whether how something is done, is hazardous)

The simplest way to quantify the risk is low, medium, or high:

Low risk: This is where the likelihood of harm from an identified hazard is low and the severity is low. For example, intermittent work on a computer where the workstation is well laid out is unlikely to result in any harm to the user.

Medium risk: As the level of likelihood, the severity and the number of persons exposed increases, a hazard may be assessed as a medium risk. For example, manual handling of heavy loads without mechanical aids. Control measures are required to reduce these hazards to low risk.

High risk: A good risk assessment should focus on the more serious risks first, as there is a likelihood that an accident could occur and if it does there could be serious injuries, ill health, or death. For example, vehicles reversing where pedestrians / members of the public are walking without control or management.

A risk matrix is most often used to evaluate risk – plotting the likelihood of harm occurring from an identified hazard against the severity of the impact should it occur. The matrix can be as simplified or as complex as required by your business. The matrix below is based on the HSE UK approach.


Likelihood Table


Actual Frequency


Almost Certain (5)

Occurs every 5 years or more


Likely (4)

Occurs every 2-5 years


Possible (3)

Occurs every 1 – 2 years


Unlikely (2)

Occurs Bimonthly


Rare/Remote (1)

Occurs at least monthly




Severity/Impact Table

Negligible (1)

Adverse event leading to minor injury not requiring first aid

Minor (2)


Minor injury or illness, first aid treatment required

<3 days absence

<3 days extended hospital stay

Impaired psychosocial functioning >3 days < 1 moth.

Moderate (3)

Significant injury requiring medical treatment e.g., Fracture and/or counselling.

Agency reportable, e.g., HSA, Gardaí (violent and aggressive acts). >3 Days absence 3-8 Days extended hospital Stay

Impaired psychosocial functioning greater than one month less than six months

Major (4)

Major injuries/long term incapacity or disability (loss of limb) requiring medical treatment and/or counseling Impaired psychosocial functioning greater than six months

Extreme (5)

Incident leading to death or major permanent incapacity. Event which impacts on large number of patients or member of the public Permanent psychosocial functioning incapacity.



RISK MATRIX – To Determine the Risk Rating


5x5 risk matrix

By combining the severity/impact and the likelihood one establishes the Risk Rating.

For example:

  1. Likelihood 3 (Possible) x Severity 1 (Negligible) = 1x3 = 3 (Green)
  2. Likelihood of 2 (Unlikely) x Impact of 3 (Moderate) = 3 x 2 = 6 (Amber).

Once the risk rating has been established the risk must be evaluated i.e., which risks are acceptable and which risks require treatment/control and at what level.

  • Accept the risk
  • Treat the risk by:
  1. Avoiding the risk
  2. Transferring the risk
  3. Controlling the risk


3. Additional Controls needed

Where the risk rating result in the requirement for treating the risk, the risk is unacceptable and must be mitigated.

When deciding on controls the hierarchy of control is typically used.

Hierarchy of controls


The order to follow when treating a risk:

Where practicable eliminate the risk – remove the risk of the hazard and/or remove the hazard.

If this is not possible, then reduce the risk through reduce through substitution e.g., substitute a hazardous chemical with a safer option (less hazardous).

Engineer controls e.g., isolate a noisy machine from individuals or vice versa.

Administrative controls such as training, safe systems of work, policies, procedures etc.

Finally, and as a last form of defense use protective equipment (PPE). PPE should be used in conjunction with other control measures such as training for example.

Document - Following a risk assessment, a documented record of the findings, controls, timelines etc must be available and communicated to all staff members. Typically recorded in a risk assessment template; this template has many formats, and each business will decide on the template that is best suited to their company.


Identify the Hazards

Assessing the Risks

Treating the Risk - control measures and further actions required

What are the hazards?

Who is at risk?

Current Controls

Level of risk?

Additional controls needed?

Action by whom and by when?

Date Completed



Review - Finally, risks must be reviewed regularly and as required. If there are any changes to equipment, processes, procedures, policies, legislation, or people etc, risk assessments must be reviewed, recorded and communicated.

In summary a good risk assessment demonstrates that;

  • a proper check was made
  • you asked all who might be affected
  • you dealt with all the obvious significant hazards, taking into account the number of people who could be involved
  • the precautions are reasonable, and the remaining risk is low
  • you involved your employees or their representatives in the process

The supervisor is responsible for ensuring safe methods are used and intervening if a person seems overstrained. There cannot be too many discussions about health and safety. Supervisors should encourage subordinates to pay attention to health at work and to maintain their physical wellbeing outside of work.

If an employee is experiencing symptoms, the supervisor, possibly in conjunction with healthcare professionals or specialists, should have an individual discussion with the employee concerning work ability. The goal is to find a solution for reducing symptoms and for the person to continue working using modified means or to work temporarily on more suitable tasks.

Learn more on EcoOnline EHS by clicking below or simply Request a Demo


New call-to-action



Author Shane Irwin

Our related posts

| occupational safety
4 Chemical/EHS legislation updates you need to know about

2023 is already shaping up to be a busy year for chemical and EHS legislation in Europe. Several initiatives stemming...

| occupational safety
COP27 – Three Key Takeaways for Business

Commentators have offered mixed reactions now that the dust has settled on COP27. Where the Loss and Damage (L&D)...

| occupational safety
How to Write an Incident Report

“If you can’t measure it, you can’t improve it.” (Peter Drucker). That’s the adage that lies behind the policy of...