Workplace risk assessment: What UK employers should include

What a workplace risk assessment is and why it matters
How to assess safety risks step by step in your workplace
Why a workplace risk assessment template is never one-size-fits-all
Common gaps that undermine health and safety risk assessments
Keeping your risk assessment current and legally compliant
Frequently asked questions

This article explains what a workplace risk assessment should include, where employers often get caught out, and how to make the process practical, current and useful. If you are reviewing your current approach or starting from scratch, the aim is to identify real hazards, choose sensible controls and make sure those controls work in practice.

What a workplace risk assessment is and why it matters

A workplace risk assessment is the process an employer uses to identify hazards, consider the risks they create, decide who could be harmed, and put sensible controls in place. It turns broad health and safety legislation into actions people can follow in the real workplace.

If a risk assessment is generic, outdated or not followed in practice, it can leave gaps, weaken control measures and make it harder to show that risks are being managed properly.

The 5 key principles of a risk assessment explained

HSE guidance sets out a clear process for managing risk: identify hazards, decide who may be harmed and how, evaluate risks and controls, record significant findings, and review the assessment when needed.

The five steps are:

Identify hazards – Walk the workplace and look properly at the work being done. Check for physical, chemical, biological and psychological risks. Use accident records, safety data sheets, manufacturer information, staff feedback and Health and Safety Executive guidance to identify hazards thoroughly.
Decide who may be harmed and how – Consider employees, contractors, visitors and anyone else affected by the activity. Think carefully about people who may face increased risk, including young workers, pregnant workers, disabled people and those with limited experience.
Evaluate the hazard and risk and decide on controls – Consider what is already in place and whether it is enough. Follow the hierarchy of control where possible: eliminate the hazard, substitute it, use engineering controls, apply administrative controls, and use personal protective equipment as a last line of defence.
Record your significant findings – Set out what the hazards are, who may be harmed, what controls are in place, and any further action needed. Significant findings should be clear, specific and useful, not vague statements that nobody can act on.
Review and update – Revisit the workplace risk assessment when work changes, after incidents or near misses, when new equipment or substances are introduced, or when the assessment no longer reflects reality.

The challenge is applying them properly. Many weak assessments fail not because the form is wrong, but because the thinking behind it is too rushed, too generic or too detached from the workplace itself.

The legal duty behind workplace risk assessments

UK employers are required to make a suitable and sufficient assessment of risks to employees and others affected by their work.

That duty goes beyond completing a template. An employer must make sure the assessment is a suitable and sufficient risk assessment, act on the findings, allocate responsibility, and check that controls are working in practice. If the assessment sits in a folder and nothing changes on the ground, the legal duty has not really been met.

Where an organisation employs five or more people, the significant findings must be recorded. Smaller organisations may not always have the same recording threshold, but written records are still sensible. They help demonstrate thought, support consistency, and provide evidence if the Health and Safety Executive asks how risks have been assessed and controlled.

Who is responsible for completing the assessment

The person carrying out the workplace risk assessment should be competent. That means they need enough knowledge of the task, the environment, the people affected, and the risk assessment method to reach sensible conclusions. There is no single prescribed qualification for completing every workplace risk assessment, but the person must have enough knowledge, experience and understanding of the work to reach sensible conclusions. In many organisations, the assessment is completed by a manager, supervisor, facilities lead, HR professional or adviser with relevant knowledge. External support can also help where work activities are complex or internal capability is limited.

Delegating the task does not remove accountability for health and safety. The employer must still ensure the assessment is suitable, acted upon, and reviewed when circumstances change.

If you would like an independent review of your current approach, speak to Salusphere Global about workplace risk assessments, competent person support or a health and safety audit.

How to assess safety risks step by step in your workplace

Understanding how to assess risks in your workplace starts with a simple truth: every workplace is different. The same risk assessment process will not look identical in an office, warehouse, care setting or construction site. The steps are broadly consistent, but the workplace hazards, the people exposed and the right controls will vary.

Identifying workplace hazards and who may be harmed

If you want to know how to assess risks in your workplace, begin with a proper walkthrough. Go and look. Speak to people. Observe routine and non-routine tasks. A desk-based review on its own rarely picks up the full picture.

Use accident records, near-miss reports, manufacturers’ instructions, safety data sheets and HSE guidance to help identify potential hazards. Maintenance, cleaning, deliveries and other irregular activities are often where safety risks get missed, so they need to be part of the review.

Physical hazards: machinery, equipment, slips, trips, falls, manual handling, work at height and fire.
Chemical and biological hazards: substances hazardous to health, cleaning chemicals and biological agents, including situations where COSHH applies.
Psychological hazards: work-related stress, fatigue, lone working, aggression and exposure to traumatic situations.
Workers who may be at greater risk: including young workers, pregnant workers, disabled workers, night workers, lone workers and others whose circumstances may affect risk.

An employer must consider everyone who could be affected. That includes employees, contractors, visitors and, where relevant, members of the public. Too many assessments focus only on permanent staff. In shared or busy environments, that leaves obvious gaps in hazard and risk control.

Evaluating hazard and risk and choosing the right controls

Once hazards are identified, the next step is to judge the level of risk. That means looking at how likely harm is, how serious the harm could be and whether existing controls are strong enough.

A practical workplace risk assessment example is a warehouse with regular manual handling injuries. A poor response would be to hand out lifting belts and stop there. A better approach would ask whether the task can be removed, whether the load can be changed, whether mechanical handling aids can be introduced and whether the job can be organised differently before relying on training or PPE. That reflects the practical hierarchy of control expected in sensible risk management.

Elimination: remove the hazard completely where possible.
Substitution: replace a harmful substance, activity or item of equipment with a safer alternative.
Engineering controls: use guarding, ventilation, extraction or mechanical aids to reduce exposure.
Administrative controls: improve supervision, training, safe systems of work, permits and scheduling.

PPE still has a place, but it should not be the starting point. It depends on people using it properly every time. In practice, that makes it one of the weaker controls if used in isolation.

How to record findings clearly and usefully

When you record findings, make them specific. Vague wording such as “slips and trips” or “be careful” does not help anyone and would be hard to defend. The record should explain the hazard, who may be harmed, the existing controls, any further action required, who is responsible and the timescale for completion.

Clear records support better decisions, help managers follow through on actions and provide evidence that health and safety has been considered properly. For many organisations, clearer documentation also strengthens accountability across operations, HR and facilities teams.

It is also worth documenting factors that affect whether controls will work in practice. For example, environmental constraints such as narrow corridors, poor lighting, limited storage space or uneven flooring can change the level of risk. Staff capability, supervision levels and the need for refresher training should also be considered where they affect safe delivery of the task.

Why a risk assessment template is not enough

A workplace risk assessment template can be a useful starting point. It should not be the finished job. When a standard form is copied across sites or borrowed from another sector without proper review, important hazards are easily missed. That creates gaps in health and safety, weakens compliance, and leaves the employer exposed to avoidable harm and legal challenge.

The layout, people, equipment, tasks and pace of work all affect risk. A suitable and sufficient workplace risk assessment needs to reflect what actually happens on site, not what a generic document assumes should happen.

Specialist areas need their own level of detail

Some risks should not be squeezed into a few lines on a general form. They need their own focused assessment. Fall hazards are one example. COSHH, manual handling, fire safety and lone working often need the same approach if an organisation wants sensible control measures, stronger compliance and better protection for health.

COSHH assessments – If a workplace uses hazardous substances, the employer must assess the substance, how exposure may happen, who could be affected and what controls are needed to protect health. This is a clear legal requirement.
Manual handling – A useful risk assessment considers the actual load, distance, frequency, space constraints and individual capability. A general warning about lifting safely is not enough.
Fire safety – A fire risk assessment is a separate legal requirement under the Fire Safety Order 2005. It should work alongside the wider workplace risk assessment, not sit in isolation or be overlooked.

It may prompt the right headings, but it will not automatically show what is happening in your organisation, what is missing, or where controls are no longer effective.

At Salusphere Global, we help each employer build a workplace risk assessment process that reflects the site, the work and the people involved. That includes support with specialist assessments, practical reviews of existing documents and broader workplace risk assessment support to identify gaps, prioritise action and reduce risk.

For example, work at height may need a more detailed assessment covering location, equipment, competence, supervision and changing environmental conditions.

Common gaps that undermine health and safety risk assessments

Many organisations carry out a workplace risk assessment regularly and still miss important issues. The problem is rarely the document itself. It is usually the gap between the risk assessment process on paper and what actually happens in the workplace. That is where health and safety risks are missed, where compliance weakens, and where a legal requirement can quietly go unmet.

Outdated assessments and missing task-specific risks

One of the most common failings is allowing a safety risk assessment to stand unchanged while the workplace moves on. Equipment changes. People take on different tasks. Layouts are altered. Working hours shift. Contractors come and go. If the assessment does not keep pace, it stops reflecting real workplace hazards and starts giving false reassurance.

New equipment not assessed – when machinery, vehicles or technology are introduced without review, new safety risks may be left unidentified.
Changed working patterns – hybrid working, lone working, shift changes and greater contractor activity can all affect health and safety risks and should trigger review.
Missing COSHH coverage – introducing new substances, cleaning products or chemicals without carrying out the required COSHH assessment can leave gaps in compliance.
Contractor and visitor risks overlooked – generic documents often fail to address the specific workplace hazards that affect contractors, delivery drivers and visitors.

Under health and safety law, assessment requirements do not stop at completing the initial document. A review is needed when there is a significant change, and after an incident or near miss. Relying on an annual cycle alone is rarely enough. A sensible risk assessment process builds review points into day-to-day management, so changes are picked up when they happen.

Controls written down but not followed

A workplace risk assessment only works if the stated controls are actually being used. Procedures may be documented properly, yet not followed under time pressure, not understood by staff, or no longer practical in real working conditions.

This is why checking matters. Walk-rounds, supervision, short conversations with staff and observation of everyday tasks all help an employer test whether controls are working in practice.

The same applies to actions. If recommendations are recorded but never assigned, followed up or completed, the assessment adds very little value. Clear ownership, realistic timescales and evidence of completion are essential if health and safety is to improve in a measurable way.

Why employee consultation matters

Employers are expected to consult and involve employees, or their representatives, on health and safety matters, including risk assessments.

When consultation is missing, assumptions creep in. Managers may believe controls are suitable, while employees know they are difficult to follow in practice. That disconnect can weaken compliance, increase health and safety risks and leave the employer exposed.

Consultation does not need to be complicated. It can happen through toolbox talks, team briefings, informal conversations, walk-round discussions or anonymous reporting routes. What matters is that people are asked, their feedback is considered, and the workplace risk assessment is updated where necessary. A practical way to support the process is to use a health and safety checklist so consultation is built into routine review rather than left to chance.

If you want a clearer view of whether your current approach meets legal requirements and reflects real workplace conditions, Salusphere Global can help you review your systems, identify gaps and strengthen your health and safety arrangements through audits, competent person support and practical risk assessment advice.

Keeping your risk assessment current

Completing a workplace risk assessment is not the end of the job. A risk assessment should stay live, reflect real working conditions, and show clearly how risks are being managed in practice.

That matters for more than compliance. If conditions change, people move roles, or an incident happens, an outdated document will do little to protect the employer, the workforce, or the organisation’s position under health and safety law. A proper risk assessment supports safer decisions, clearer accountability, and stronger evidence that sensible control measures are in place.

When and how often a risk assessment should be reviewed

There is no single review date that fits every workplace risk assessment. A sensible approach is to set regular review points and review sooner whenever something changes, an incident or near miss occurs, new equipment or substances are introduced, or there is evidence that controls are not working. Risk assessment laws require assessments to stay suitable, sufficient, and aligned with the way work is actually carried out.

Several events should trigger an earlier review:

After any incident or near-miss – revisit the workplace risk assessment to understand what went wrong, whether existing control measures failed, and what needs to change.
Following significant workplace changes – new equipment, revised layouts, altered processes, new substances, or changes in how teams work all affect risk.
When new staff join or roles change – the assessment should reflect who may be harmed, especially where young workers, vulnerable workers, or people with existing health needs are involved.
When legislation or guidance changes – updates from the Health and Safety Executive or wider legislation may mean existing documents need to be updated to maintain compliance.

Review dates should be recorded clearly and assigned to a named person. Without ownership, reviews are often missed and gaps build up quietly over time. Using a health and safety checklist alongside the formal risk assessment process can help employers keep checks consistent between larger reviews.

Review trigger	Action required	Responsible person
Incident or near-miss	Immediate review and update of relevant assessment sections	Named manager or health and safety lead
New equipment or process introduced	Assess new hazards before activity begins	Operations or facilities manager
Staffing change affecting risk exposure	Review who may be harmed and whether controls remain adequate	Line manager, operations manager or competent person
Annual scheduled review	Full review of all assessments; update significant findings where needed	Named manager with competent health and safety support where needed

It is also important to check whether control measures are actually working. That means observing work as it happens, speaking to staff about what they understand, and testing whether day-to-day practice matches the documented significant findings.

Consequences of inadequate health and safety documentation

Weak documentation can have serious consequences. Poor documentation can make it harder to demonstrate that risks have been properly assessed, reviewed and controlled. In more serious cases, enforcement action may follow where legal duties have not been met. Poor records can also make it harder for an employer to show that a proper risk assessment was completed and reviewed when needed.

Insurance is another issue. Some policies expect evidence that sensible precautions, documented assessments, and suitable control measures are in place. If an incident occurs and the insurer finds obvious gaps in the workplace risk assessment or wider health and safety arrangements, claims can become more difficult and costly to resolve.

There is also the commercial impact. Poor workplace health and safety practice can affect recruitment, client confidence, and tender opportunities, especially where compliance and legislation form part of supplier selection. If you want a useful starting point, this health and safety checklist can help structure your review.

How Salusphere Global can support your risk assessment review

Salusphere Global supports organisations with practical risk assessment reviews, health and safety audits, competent person input, staff training and fractional health and safety support where internal capacity is limited.

Working with a range of organisations, from single sites to multi-site operations, Salusphere Global focuses on practical improvement: closing documentation gaps, strengthening review processes, and making sure control measures reflect how work is actually done. Whether you manage one site or several, the aim is to improve compliance, prioritise action, and reduce risk in a proportionate way. You can begin with our health safety compliance checklist.

If you want an external view of your current arrangements, Salusphere Global can help identify gaps, prioritise action and strengthen your risk assessment process in a proportionate way.

Frequently asked questions

What must a workplace risk assessment include?

A workplace risk assessment should be suitable and sufficient, based on the real workplace rather than a generic template. The employer needs to identify hazards, consider who could be harmed and how, assess the level of risk, and set out the control measures already in place.

It should also cover routine and non-routine activities, vulnerable workers, contractors, visitors, and any relevant health concerns linked to the work. Good assessments do more than describe controls on paper. They test whether control measures are working in practice and whether they genuinely control risk.

Where further action is needed, the assessment should assign responsibilities, set realistic timescales, and include a review date. Employers with five or more employees must record significant findings as a legal requirement under health and safety legislation.

What are the most common mistakes in risk assessments?

One of the most common mistakes is treating the exercise as paperwork. A workplace risk assessment that is copied from a template, not tailored to the site, or not updated after change is unlikely to meet assessment requirements or help control risks in a meaningful way.

Other common failures include missing task-specific issues such as manual handling, lone working, hazardous substances, equipment use, or fire safety, and failing to involve the people who actually do the work. This often leads to weak judgements about the level of risk and unrealistic control measures.

Another problem is poor follow-through. Some organisations record findings but never assign actions, check completion, or confirm that controls are being applied consistently. That creates gaps between documentation and day-to-day practice, which can affect health, compliance, and the employer’s position under legislation.

What are the 5 key principles of a risk assessment?

The five key principles broadly follow the standard process for carrying out risk assessments under health and safety legislation.

First, identify hazards by looking at the workplace, the tasks, the equipment, the people involved, and any previous incidents or concerns. Second, decide who might be harmed and how, including employees, contractors, visitors, and anyone who may be especially vulnerable.

Third, evaluate the level of risk and decide what control measures are needed to reduce harm so far as is reasonably practicable. Fourth, record findings clearly, including the significant findings, so the assessment can be understood and acted on, a legal duty for employers with five or more employees.

Fourth, record the significant findings where required, including the hazards, who may be harmed, the controls in place and any further action needed. Employers with five or more employees must record significant findings.

Share the Post:

Business professional reviewing charts on a laptop and documents, planning a workplace mental health strategy in a modern office.

Workplace mental health strategy guide for business success

Build a effective workplace mental health strategy to reduce stress, support mental health at work, and drive business success. Explore tools, policies & best practices.

Two professionals review a printed document about workplace mental health policy at a modern office desk, with a laptop displaying charts nearby.

Workplace Mental Health Policy: A Practical Guide for UK Employers

A practical guide to workplace mental health policies, legal duties, work-related stress, wellbeing support and implementation for UK employers.

About us

Most read news Articles

our services

training & wellbeing programmes

fractional support

popular courses

Resources & Insights

Resource hub

Client case Sudies

ARTICLE CATEGORIES

FEATURED HEALTH & SAFETY

TRAINING & SUPPORT