Why is risk identification and assessment important?

For any business, risk can be defined as an internal or external factor which may ultimately affect objectives by either lowering the projected profits or even causing a loss. Whether the risk is due to economic issues, financial rates, industry regulations, business costs, breaches in information or political influences, risks can cause a business to lose money or ultimately go under.

That’s where risk management comes in.

Risk management is important because it allows a business to control – and often times prevent – the financial, political, social and cultural ramifications associated with risks. Not only does risk management allow a business to identify potential risks ahead of time, it also allows a business to react accordingly and minimize or even prevent losses. Without identifying risks using risk management, a business cannot successfully define objectives. By minimizing or even eliminating risks, a business should see an increase in productivity by now wasting time and resources, as well as protection from any possible legal repercussions.

In order to enact risk management, a business must create a risk management plan. To create a plan, a business must first identify all external and internal risks, such as the examples noted above. Depending on if the risk is determined to be low, medium or high impact, the business can adjust its risk management plan accordingly and properly identify business objectives. Regardless of the risk level, the business must determine the potential impact the risk would have on its bottom line.

Next, the business needs to perform a risk analysis, which will determine how any potential risks would affect the business. By putting a numerical value on potential threats, the business can analyze the impact on costs, productions and other variables which may be deterred by risks.

After analyzing the potential risks, the business needs to figure out a course of action for how to control the risks. For the business, this will answer the questions of what it should do in the event of risks occurring, including how to prevent the risk and how to recover from it.

For the risk management plan to be useful for a business, the plan needs to clearly establish and define policies and procedures for staff members to easily follow and understand. This helps employees understand how their responsibilities and roles tie into the risk management plan. Having all employees on the same page also will ensure they respond adequately when necessary.

There is no guarantee which – or if any – risks will occur for a business, but the key is to be prepared for any possibilities and understand the importance of properly managing these potential risks. With the proper understanding of risk management and an effective risk management plan, a business can operate confidently in knowing that they are prepared for any and all potential circumstances that could negatively impact the bottom line.

What is a risk assessment?

The definition of a risk assessment is a systematic process of identifying hazards and evaluating any associated risks within a workplace, then implementing reasonable control measures to remove or reduce them.

When completing a risk assessment, it is important to clearly define some keywords:

• An accident is ‘an unplanned event that results in loss’
• A hazard is ‘something that has the potential to cause harm’
• A risk is ‘the likelihood and the severity of a negative occurrence (injury, ill-health, damage, loss) resulting from a hazard.’

Additional training may be required if you need to complete or re-assess your risk management procedures. Completing training such as our Level 2 Award in Principles of Risk Assessment course will help ensure a risk assessment is suitable and sufficiently detailed.

Different types of risk assessments

The types of risk assessment required within any workplace should be proportionate and relevant to the operational activities being undertaken. In many industries, there are specific legislative requirements that apply. For example, in environments where hazardous substances are used a Control of Substances Hazardous to Health Assessment (COSHH) should be completed (for more information see What is COSHH?).

Some common types of risk assessments include:

• Fire risk assessments: fire safety management procedures are required to be established in all workplaces including a suitable and sufficient fire risk assessment.
• Manual handling risk assessments: should be conducted in any workplace where an employee may be at risk from injury and/or ill-health through the need to lift, carry, move loads.
• Display screen equipment (DSE) risk assessments: are required to be completed in workplaces where employees (and others) are using computers, laptops, etc.
• COSHH risk assessments: are required within workplaces where hazardous substances are stored, used or manufactured.

A business may also choose to complete a Risk Assessment Method Statement (RAMS) dependent upon the nature of the operations being carried out. This process contains details of the hazard and a step-by-step procedure on how to complete work and suitably control the risks identified. This process is commonly used within the construction industry.

Why are risk assessments important?

As previously stated, carrying out suitable and sufficient risk assessments is the primary management tool in effective risk management. It is a legal requirement for any employer and must be documented wherever five or more people are employed.

Risk assessment is a straightforward and structured method of ensuring the risks to the health, safety and wellbeing of employees (and others) are suitably eliminated, reduced or controlled

The main purpose of risk assessments are:

• To identify health and safety hazards and evaluate the risks presented within the workplace
• To evaluate the effectiveness and suitability of existing control measures
• To ensure additional controls (including procedural) are implemented wherever the remaining risk is considered to be anything other than low.
• To prioritise further resources if needed to ensure the above.

It can be a costly lesson for a business if they fail to have necessary controls in place. They could face not only financial loss (through fines, civil actions, etc) but also loss in respect of production time, damage to equipment, time to train replacement employees and negative publicity amongst others.  

A recent article in BSC Safety Management magazine outlines an incident where a business was ‘fined £274,000 after two workers became trapped in moving machinery in two separate incidents’ (see 2 Sisters fined after finger and thumb severed at poultry factory.) In the report, Health and Safety Executive (HSE) inspector Saffron Turnell noted that “companies should be aware that HSE will not hesitate to take enforcement action against those that fall below the required standards.” It is cases like this one that should act as a warning for all business and highlight the importance of risk assessments.

Who is responsible for the completion of risk assessments?

It is the responsibility of the employer (or self-employed person) to carry out the risk assessment at work or to appoint someone with the relevant knowledge, experience and skills to do so.

The Management of Health and Safety at Work Regulations 1999 states that an employer must take reasonable steps ‘for the effective planning, organisation, control, monitoring and review of the preventive and protective measures.’ So even if the task of risk management is delegated, it is ultimately the responsibility of the management within any business to ensure it is effectively completed.

Once hazards have been identified, the associated risks evaluated and steps taken to minimise the potential effects, the next step for an employer is to clearly and effectively communicate the risk assessment process and content to relevant parties.

The process of communication is more effectively achieved if the relevant persons are involved with the risk assessment process at every stage. The person carrying out an activity or task is often best placed to provide details on the associated hazards and risks and should participate fully in the completion of the risk assessment.

Additional training may be required  - such as our Level 2 Award in Risk Assessment to ensure that a review is completed accurately and effectively.

When to carry out a risk assessment?

A suitable and sufficient risk assessment must be carried out prior to a particular activity or task being carried out in order to eliminate, reduce or suitably control any associated risk to the health, safety and wellbeing of persons involved with (or affected by) the task/activity in question.

Once completed a risk assessment should be reviewed periodically (proportionate to the level of risk involved) and in any case when either the current assessment is no longer valid and/or if at any stage there has been significant changes to the specific activity or task.

Relevant risk assessments should be reviewed following an accident, incident or ill-health event in order to verify if the control measures and level of evaluated risk where appropriate or require amendment.

How to carry out a risk assessment?

The HSE has recommended a five-step process for completing a risk assessment. This provides a useful checklist to follow to ensure that the assessment is suitably comprehensive. It involves:

1. Identifying potential hazards
2. Identifying who might be harmed by those hazards
3. Evaluating risk (severity and likelihood) and establishing suitable precautions
4. Implementing controls and recording your findings
5. Reviewing your assessment and re-assessing if necessary.

Step 1. Identify potential hazards

It is important to firstly identify any potential hazards within a workplace that may cause harm to anyone that comes into contact with them. They may not always be obvious so some simple steps you can take to identify hazards are:

• Observation: Walking around your workplace and looking at what activities, tasks, processes or substances used could harm your employees (or others)
• Looking back over past accidents and ill-health records as they may identify less obvious hazards
• Checking manufacturers’ data sheets, instructions, information and guidance
• Consulting with employees (and others) who are carrying out the activities, tasks or processes.

It may be useful to group hazards into five categories, namely physical, chemical, biological, ergonomic and psychological. 

Step 2. Identify who might be harmed by those hazards

Next, identify who might be harmed by those potential hazards. It should also be noted how they could be affected, be it through direct contact or indirect contact. It is not necessary to list people by name, rather by identifying groups including:

• Employees
• Contractors

Some hazards may present a higher risk to certain groups including children, young people, new or expectant mothers, new employees, home workers, and lone workers.

Step 3. Evaluate risk severity and establish precautions

After identifying any hazards and who might be affected, it is important to evaluate the severity the risk may present (should it occur) and establish suitable and effective controls to reduce this level of risk as far as is ‘reasonably practicable’.  This means that everything possible is done to ensure health and safety considering all relevant factors including:

• Likelihood that harm may occur
• Severity of harm that may occur
• Knowledge about eliminating, reducing or controlling hazards and risks
• Availability of control measures designed to eliminate, reduce or suitably control or the risk
• Costs associated with available control measures designed to eliminate, reduce or suitably control or the risk

Assessing the severity of a risk requires an evaluation of the likelihood of an occurrence and how substantial the consequences that it may cause. Some factors affecting this evaluation include the duration and frequency of exposure, number of persons affected, competence of those exposed, the type of equipment and its condition, and availability of first-aid provision and/or emergency support.

Step 4. Implement changes and record your findings
If a workplace has five or more individuals, significate findings of the risk assessments are required to be kept either electronically or in writing. Recording your findings on a risk assessment form is an easy way to keep track of the risks and control measures put in place to reduce the identified risk. The form includes:

• What hazards were found
• Person(s) or groups affected
• The controls put in place to manage risks and who is monitoring them
• Who carried out the assessment
• On what date the assessment was done.

It is sensible to ensure the risk assessment is proportionate to the activity or task being carried out and this can often be a straightforward process for generic tasks.

Step 5. Review your assessment and reassess if necessary

Employers should periodically review the assessment and if necessary, re-assess any controls in place.

A good guide as to when you may need to review your processes are:

• After any significant change within the workplace or process in question
• After an accident or ill-health incident has occurred
• After near-misses have been reported.

What documentation do you need?

It is a misconception that risk assessments inherently involve a vast amount of paperwork. It can be as straight forward as completing a basic risk assessment form for many generic tasks or activities.

However, employers should make sure they record significant findings including:

• Any hazards identified
• What controls are in currently in place, and information on any further control measures that may be required
• Any individuals that have been identified as being especially at risk.

There is no set amount of time that you are required to retain the risk assessment, but it is best practice to keep it as long as is considered relevant to a particular task or activity.

Risk assessments are an integral part of ensuring the health, safety and wellbeing of everyone within the workplace. The Level 2 Award in Risk Assessment course is a short course recommended for anyone who has to carry out risk assessments or wants to understand the process more fully.

What is the importance of risk identification to risk assessment?

What is risk identification and assessment?

Why is it important to identify risks in the workplace?

What is the purpose of risk identification?