How to Write an Effective Risk Assessment: A Step-by-Step Guide

Practical guidance on creating risk assessments that protect your people, meet legal requirements, and actually get used in your workplace

Published by Arinite Health & Safety Consultants | February 2026 | 12 min read

Risk assessment is the foundation of effective health and safety management. It is a legal requirement under UK law and a fundamental practice recognised by safety regulators worldwide. Yet despite being a core requirement, many organisations struggle to create risk assessments that are genuinely useful rather than just documents that gather dust in a filing cabinet.

The challenge is not understanding that risk assessments are important. Most organisations know they need them. The challenge is writing risk assessments that are practical, proportionate, and actually help protect people. Too often, risk assessments are either so generic they add no value, or so complex they become unusable.

This guide provides practical, step-by-step guidance on how to write effective risk assessments. Whether you are creating your first risk assessment or looking to improve your existing approach, we explain what the law requires, how to structure your assessments, what to include, and how to avoid common mistakes.

What Is a Risk Assessment?

A risk assessment is a systematic process of identifying hazards in your workplace, evaluating the risks they pose, and determining what measures are needed to control those risks. In practical terms, it means looking at what could go wrong, understanding how serious it could be, and deciding what you will do to prevent harm.

The purpose of a risk assessment is not to create paperwork. It is to protect people. A good risk assessment helps you understand the real risks in your workplace and take practical steps to control them. It should be a working document that informs day-to-day decisions, not something that gets completed once and never looked at again.

Legal Requirements in the UK

Under the Management of Health and Safety at Work Regulations 1999, every employer must carry out a suitable and sufficient assessment of the risks to the health and safety of employees and anyone else who may be affected by their work activities. This is not optional. It is a legal requirement that applies to all employers regardless of size or industry.

Key legal requirements include:

• Risk assessments must be suitable and sufficient, meaning they must be thorough enough to identify significant risks and determine appropriate controls
• Employers with five or more employees must record the significant findings of their risk assessments in writing
• Risk assessments must be reviewed regularly and updated whenever there are significant changes
• Specific regulations require additional assessments for particular hazards, including COSHH assessments for hazardous substances, manual handling assessments, DSE assessments, fire risk assessments, and noise assessments

The HSE emphasises that risk assessments do not need to be complicated. For most organisations, the risks are well known and the necessary control measures are straightforward. What matters is that you have thought systematically about the hazards, identified who might be harmed, and taken sensible precautions.

Why Risk Assessments Matter

Beyond legal compliance, effective risk assessments deliver real benefits:

Preventing harm: The primary purpose is to protect people from injury and ill health. Every year, thousands of workers are injured or made ill by workplace hazards that could have been identified and controlled through proper risk assessment.

Reducing costs: Accidents and ill health are expensive. They result in lost productivity, sick pay, compensation claims, increased insurance premiums, and potential fines. Investing time in risk assessment prevents these costs.

Demonstrating compliance: Written risk assessments provide evidence that you have met your legal obligations. If the HSE inspects your workplace or investigates an incident, they will want to see your risk assessments.

Building safety culture: Involving employees in risk assessment helps build awareness of hazards and ownership of safety. It sends a clear message that safety matters.

Meeting client requirements: Many clients, particularly in construction and contracting, require suppliers to provide risk assessments before work can begin. Quality risk assessments help you win and retain business.

How to Write a Risk Assessment: Step by Step

The HSE recommends a five-step approach to risk assessment. This framework is simple, logical, and works for any workplace or activity. Here is how to apply each step:

Step 1: Identify the Hazards

Start by identifying everything in your workplace that could cause harm. A hazard is anything with the potential to cause injury, illness, or damage. Walk around your workplace, observe activities, and think about what could go wrong.

Practical tips for identifying hazards:

• Walk through the workplace and observe work activities, looking at each task and process
• Talk to employees, as they often know about hazards that are not immediately obvious to others
• Review accident records, incident reports, and near-miss data to identify hazards that have already caused problems
• Check manufacturers' instructions and safety data sheets for equipment and substances
• Consider non-routine activities such as maintenance, cleaning, breakdowns, and emergencies
• Think about different types of hazards: physical, chemical, biological, ergonomic, and psychosocial

Focus on significant hazards that could cause serious harm or affect multiple people. You do not need to list every minor hazard, but you should capture anything that could realistically cause injury or ill health.

Step 2: Decide Who Might Be Harmed and How

For each hazard, think about who could be harmed and how the harm might occur. This helps you understand the full scope of the risk and ensures you consider everyone who might be affected, not just the workers directly involved.

Consider:

• Employees directly involved in the work activity
• Other employees working nearby or passing through the area
• Contractors and subcontractors
• Visitors, customers, and members of the public
• Cleaners, maintenance staff, and security personnel
• People who may be more vulnerable, such as young workers, pregnant workers, workers with disabilities, and those new to the job

Be specific about how harm might occur. For example, rather than just stating "manual handling", specify "back injury from lifting heavy boxes from floor level".

Step 3: Evaluate the Risks and Decide on Precautions

This is the heart of the risk assessment. Having identified hazards and who might be harmed, evaluate how likely it is that harm will occur and how serious it could be. Then decide what precautions are needed.

First, consider what you are already doing to control the risk. Many hazards will already have some controls in place. Ask whether these existing controls are adequate or whether more needs to be done. Compare what you are doing against good practice in your industry and the standards required by law.

When deciding on additional precautions, follow the hierarchy of controls:

1. Elimination: Can you remove the hazard entirely? This is always the most effective option.

2. Substitution: Can you replace the hazard with something less dangerous?

3. Engineering controls: Can you isolate people from the hazard through guards, enclosures, ventilation, or barriers?

4. Administrative controls: Can you change the way work is done through procedures, training, signage, or supervision?

5. Personal protective equipment: As a last resort, can you protect individuals with PPE such as gloves, goggles, or hearing protection?

Step 4: Record Your Findings and Implement Them

Write down the significant findings of your risk assessment. If you have five or more employees, this is a legal requirement. Even for smaller organisations, a written record is valuable as it provides evidence of what you have done and helps ensure that actions are implemented.

Your written risk assessment should include:

• The hazards you have identified
• Who might be harmed and how
• What controls are already in place
• What additional controls are needed
• Who is responsible for implementing each action
• Target dates for completion
• The date of the assessment and when it will be reviewed

Keep the document simple and clear. You do not need complicated formats or lengthy narratives. A straightforward table listing hazards, who is at risk, existing controls, additional controls needed, and responsibilities is often the most effective approach.

Step 5: Review Your Assessment and Update as Necessary

Risk assessments are not one-off documents. Workplaces change, new equipment is introduced, processes are modified, and new hazards may emerge. You must review your risk assessments regularly to ensure they remain current and relevant.

Review your risk assessments:

• At regular intervals, typically annually as a minimum
• When there are significant changes to work activities, equipment, or premises
• Following an accident, incident, or near miss
• When new information about hazards becomes available
• When employees raise concerns

Common Mistakes to Avoid

• Using generic templates without adapting them to your specific workplace and activities
• Treating risk assessment as a paperwork exercise rather than a practical tool for improving safety
• Identifying hazards but failing to implement effective controls
• Focusing only on obvious physical hazards while overlooking health hazards such as noise, dust, chemicals, and stress
• Failing to consult employees who often have valuable knowledge of workplace hazards
• Writing assessments that are too long and complex to be usable
• Completing the assessment once and never reviewing or updating it
• Copying risk assessments from other organisations without understanding whether they are appropriate

International Considerations

Risk assessment is a fundamental requirement in virtually every jurisdiction worldwide. While the specific legal requirements vary between countries, the principles are consistent. In the European Union, the Framework Directive 89/391/EEC requires member states to implement risk assessment obligations. In the United States, OSHA's General Duty Clause requires employers to identify and control workplace hazards. ISO 45001, the international standard for occupational health and safety management systems, places risk-based thinking at the core of effective safety management.

Organisations operating internationally should develop risk assessment processes that meet the highest applicable requirements and apply them consistently across all locations. This provides a coherent approach to safety management while ensuring compliance with local regulations in each jurisdiction.

How Arinite Can Help

At Arinite, we have conducted thousands of risk assessments for organisations of all sizes across virtually every industry. Our team of Chartered (CMIOSH) health and safety consultants brings over 500 years of combined experience, ensuring that your risk assessments are thorough, practical, and proportionate.

Our risk assessment services include:

• General workplace risk assessments covering all activities and hazards
• Specialist assessments including COSHH, manual handling, DSE, noise, vibration, and work at height
• Fire risk assessments compliant with the Regulatory Reform (Fire Safety) Order 2005
• Risk assessment training to build in-house capability
• Review and improvement of existing risk assessments
• Support for international operations, ensuring consistent standards across multiple countries

With experience supporting over 1,500 UK businesses and operations in more than 50 countries, we understand that every workplace is different. Our approach is practical, proportionate, and focused on what actually reduces risk. We call it "Keeping It Simple."