Skip to content

HSE inspections up 47% - HSE carried out over 13,200 workplace inspections in 2024/25.

Back to Blog
RISK ASSESSMENT

The 5 Steps of Risk Assessment: A Complete Guide for UK Workplaces

Arinite Health & Safety Consultants
February 24, 2026
11 min read
The 5 Steps of Risk Assessment: A Complete Guide for UK Workplaces

How to conduct effective risk assessments using the HSE's proven five-step process, with practical examples and expert guidance

Published by Arinite Health & Safety Consultants | February 2026 | 12 min read

Risk assessment is the foundation of effective health and safety management. It is a legal requirement under UK law and a fundamental principle recognised by safety regulators worldwide. Yet despite being a core requirement, many organisations struggle to conduct risk assessments that are genuinely useful rather than simply ticking a compliance box.

The latest HSE statistics show that 1.7 million workers suffered from work-related ill health in 2023/24, while 138 workers were killed in workplace accidents. The vast majority of these incidents were preventable. A well-conducted risk assessment identifies hazards before they cause harm, enabling organisations to take action that protects their people.

The Health and Safety Executive (HSE) recommends a simple, structured approach known as the five steps of risk assessment. This framework has been used successfully by organisations of all sizes and across every industry. Whether you are conducting your first risk assessment or looking to improve your existing approach, this guide explains each step in detail with practical examples and expert tips.

What Is a Risk Assessment?

A risk assessment is a systematic process of identifying hazards in your workplace, evaluating the risks they pose, and determining what measures are needed to prevent harm. In simple terms, it means looking at what could go wrong, understanding how serious it could be, and deciding what you will do to stop it happening.

The purpose is not to create paperwork but to protect people. A good risk assessment helps you understand the real risks in your workplace and take practical steps to control them. It should be a working document that informs day-to-day decisions, not something that sits in a filing cabinet gathering dust.

Legal Requirements in the UK

Under the Management of Health and Safety at Work Regulations 1999, every employer must carry out a suitable and sufficient assessment of the risks to the health and safety of employees and anyone else who may be affected by their work activities. This includes contractors, visitors, members of the public and others.

Key legal requirements include:

  • Risk assessments must be suitable and sufficient, meaning they must be thorough enough to identify significant risks and determine appropriate controls
  • Employers with five or more employees must record the significant findings of their risk assessments in writing
  • Risk assessments must be reviewed regularly and updated whenever there are significant changes to work activities, equipment or premises
  • Specific regulations require additional assessments for particular hazards, including COSHH assessments for hazardous substances, manual handling assessments, DSE assessments and fire risk assessments

International Requirements

Risk assessment is a fundamental requirement in virtually every jurisdiction worldwide. In the United States, OSHA requires employers to identify and control hazards under the General Duty Clause. The European Framework Directive 89/391/EEC mandates risk assessment across all EU member states. ISO 45001, the international standard for occupational health and safety management systems, places risk-based thinking at the heart of effective safety management.

While the specific requirements vary between countries, the principles are consistent: identify hazards, assess risks, implement controls, and review regularly. Organisations operating internationally should ensure their risk assessment processes meet the requirements of each jurisdiction while maintaining consistent standards across all locations.

The 5 Steps of Risk Assessment

The HSE's five-step approach provides a clear, practical framework that can be applied in any workplace. The steps are: identify the hazards, decide who might be harmed and how, evaluate the risks and decide on precautions, record your findings and implement them, and review your assessment and update if necessary. Let us examine each step in detail.

Step 1: Identify the Hazards

The first step is to identify anything in your workplace that could cause harm. A hazard is anything with the potential to cause injury, illness or damage. This includes physical hazards, chemical hazards, biological hazards, ergonomic hazards and psychosocial hazards.

How to Identify Hazards

  • Walk around your workplace and observe work activities, looking for anything that could cause harm
  • Talk to employees and supervisors, as they often have valuable knowledge about hazards in their work areas
  • Review accident records, incident reports and near-miss data to identify hazards that have already caused problems
  • Check manufacturers' instructions and safety data sheets for equipment and substances
  • Review industry guidance and HSE publications for common hazards in your sector
  • Consider non-routine activities such as maintenance, cleaning and emergencies

Types of Workplace Hazards

Physical hazards include slips, trips and falls, moving machinery, work at height, manual handling, noise, vibration, electricity and vehicles.

Chemical hazards include cleaning products, solvents, paints, adhesives, dusts, fumes and any substance that could cause harm through contact, inhalation or ingestion.

Biological hazards include bacteria, viruses, fungi, blood-borne pathogens and other infectious agents that could cause illness.

Ergonomic hazards include awkward postures, repetitive movements, poorly designed workstations and tasks that place excessive demands on the body.

Psychosocial hazards include excessive workload, tight deadlines, lack of control, poor relationships, bullying and harassment, and any factors affecting mental health and wellbeing.

Practical Example

In a warehouse environment, hazards might include forklift trucks operating near pedestrians, heavy items stored at height, manual handling of boxes, slip hazards from spillages, noise from machinery, and dust from packaging materials. In an office, hazards might include poorly set up workstations, trailing cables, heavy lifting of paper boxes, and work-related stress from demanding workloads.

Step 2: Decide Who Might Be Harmed and How

For each hazard you identify, think about who could be harmed and how the harm might occur. This helps you understand the full scope of the risk and ensures you consider everyone who might be affected, not just the workers directly involved in the activity.

People to Consider

  • Employees directly involved in the work activity
  • Other employees working nearby or passing through the area
  • Contractors and subcontractors on site
  • Visitors, customers and members of the public
  • Cleaners, maintenance staff and security personnel
  • Delivery drivers and other external workers

Vulnerable Groups

Some people may be at greater risk and require additional consideration:

  • Young workers and apprentices who may lack experience
  • New or temporary workers unfamiliar with the workplace
  • Pregnant workers and new mothers
  • Workers with disabilities or health conditions
  • Lone workers who cannot easily summon help
  • Workers whose first language is not English

Types of Harm

Consider both immediate injuries and long-term health effects. Immediate harm includes cuts, burns, fractures, sprains and strains. Long-term health effects include musculoskeletal disorders from repetitive strain, respiratory disease from dust or fume exposure, hearing loss from noise, skin conditions from chemical contact, and mental health problems from stress.

Step 3: Evaluate the Risks and Decide on Precautions

This is the heart of the risk assessment. Having identified hazards and who might be harmed, you now need to evaluate how likely it is that harm will occur and how serious it could be. Based on this evaluation, you decide what precautions are needed to reduce the risk to an acceptable level.

Evaluating Risk

Risk is typically expressed as a combination of likelihood (how probable is it that harm will occur) and severity (how serious would the consequences be). Many organisations use a risk matrix to help quantify this, rating both likelihood and severity on a scale and multiplying to give an overall risk score. However, the HSE emphasises that you do not need complex scoring systems. What matters is that you make sensible judgments about whether existing precautions are adequate or whether more needs to be done.

The Hierarchy of Controls

When deciding on precautions, follow the hierarchy of controls, which prioritises the most effective measures:

1. Elimination: Remove the hazard entirely. Can you avoid the activity altogether, or use a completely different approach that does not create the hazard?

2. Substitution: Replace the hazard with something less dangerous. Can you use a safer chemical, a quieter machine, or a lighter load?

3. Engineering controls: Isolate people from the hazard through physical means. This includes machine guards, local exhaust ventilation, acoustic enclosures and barriers.

4. Administrative controls: Change the way people work. This includes safe systems of work, permits, training, signage, job rotation and limiting exposure time.

5. Personal protective equipment (PPE): Protect individuals with equipment such as gloves, goggles, hearing protection and respiratory protection. PPE should be the last resort, used when risks cannot be adequately controlled by other means.

Reasonably Practicable

UK law requires employers to do what is reasonably practicable to protect people from harm. This means weighing the level of risk against the cost, time and effort of implementing controls. You are not expected to eliminate all risk, but you must take all reasonable steps to reduce risks to the lowest practicable level. Where the risk is high, significant investment in controls will be justified. Where the risk is low, simpler precautions may be sufficient.

Step 4: Record Your Findings and Implement Them

Recording your risk assessment creates a reference document that can be shared with employees, used to track implementation, and reviewed over time. More importantly, it demonstrates that you have thought systematically about safety and taken appropriate action.

What to Record

Your written risk assessment should include:

  • The hazards you have identified
  • Who might be harmed and how
  • What controls are already in place
  • What additional controls are needed
  • Who is responsible for implementing each action
  • Target dates for completion
  • The date of the assessment and when it will be reviewed

Keep It Simple

The HSE emphasises that risk assessments do not need to be complicated. For most workplaces, a simple record noting the main hazards and what you have done to control them is sufficient. For example: "Slipping on wet floors: non-slip flooring installed, spillages cleaned immediately, warning signs used when mopping." The important thing is that you have identified the significant risks and taken sensible precautions.

Implementation

A risk assessment is only valuable if you act on it. Ensure that the control measures you have identified are actually implemented. Assign clear responsibilities, set realistic deadlines, provide necessary resources, and follow up to confirm that actions have been completed. Communicate the findings to employees so they understand the risks and the precautions they need to follow.

Step 5: Review Your Assessment and Update If Necessary

Workplaces change over time. New equipment is introduced, processes are modified, staff change, and new hazards may emerge. Your risk assessment must be reviewed regularly to ensure it remains current and relevant.

When to Review

  • At regular intervals, typically annually, though more frequently for high-risk activities
  • When there are significant changes to work activities, equipment, substances or premises
  • Following an accident, incident or near miss
  • When new information about hazards becomes available
  • When employees raise concerns
  • When required by specific regulations

What to Check

When reviewing, ask whether there have been any changes that introduce new hazards, whether the existing controls are still working effectively, whether there have been any accidents or near misses suggesting the assessment needs updating, and whether there are any improvements you can make. Update the risk assessment to reflect any changes and communicate updates to affected employees.

Common Mistakes to Avoid

  • Treating risk assessment as a paperwork exercise rather than a practical tool for improving safety
  • Copying generic assessments from the internet without adapting them to your specific workplace
  • Focusing only on obvious physical hazards while overlooking health hazards, ergonomic issues or psychosocial risks
  • Failing to consult employees who often have the best knowledge of hazards in their work area
  • Identifying hazards but not implementing effective controls
  • Completing the assessment once and never reviewing it
  • Making the assessment overly complicated when a simpler approach would be more effective

Benefits of Effective Risk Assessment

When done well, risk assessment delivers significant benefits:

  • Prevents injuries, illnesses and fatalities by identifying and controlling hazards before they cause harm
  • Ensures legal compliance with the Management of Health and Safety at Work Regulations and other legislation
  • Reduces costs associated with accidents, including compensation claims, fines, lost productivity and reputational damage
  • Demonstrates due diligence to regulators, clients, insurers and other stakeholders
  • Improves employee confidence and morale by showing that their safety is taken seriously
  • Supports business continuity by preventing incidents that could disrupt operations
  • Provides a foundation for safety management systems such as ISO 45001

How Arinite Can Help

At Arinite, we have conducted thousands of risk assessments for organisations of all sizes across virtually every industry. Our team of Chartered (CMIOSH) health and safety consultants brings over 500 years of combined experience, ensuring that your risk assessments are thorough, practical and proportionate.

Our risk assessment services include:

  • General workplace risk assessments covering all activities and hazards
  • Specialist assessments including COSHH, manual handling, DSE, noise, vibration and work at height
  • Fire risk assessments compliant with the Regulatory Reform (Fire Safety) Order 2005
  • Risk assessment training to build in-house competence
  • Review and improvement of existing risk assessments
  • Support for international operations, ensuring consistent standards across multiple countries

With experience supporting over 1,500 UK businesses and operations in more than 50 countries, we understand that every workplace is different. Our approach is practical, proportionate and focused on what actually reduces risk. We call it "Keeping It Simple."

Share this article:
Tags:RISK ASSESSMENT

Written by

Arinite Health & Safety Consultants

Read More Articles
Free Resources

Health & Safety Factsheets

Download our comprehensive library of expert guides, checklists, and templates.

Browse Library
Get Professional Help

Need Expert H&S Advice?

Our qualified consultants are ready to support your specific business needs.

020 7947 9581Contact Us