In today’s blog post, we’ll explain exactly how to make a risk assessment- helping you to identify the hazards within your workplace, and put in effective controls to mitigate them.
Everyday Risk
Most days, throughout our usual activities, we carry out mental risk assessments. Whether that’s simply crossing a road, or deciding how strictly to discipline our children (is it worth the tears?) we’re assessing the potential causes of harm, and how severe they might be- and how to minimise the risk.
A mental note is fine for low-risk day-to-day activities, and indeed legally, if you have a small number of employees- however what do you do when you have a potentially serious risk within your workplace, or your company size mandates a recorded assessment? Where do you start and what should you include?
The first things you need to know when considering how to make a risk assessment are the key constituent parts, followed by the general methodical flow.
Breakdown of a risk assessment
Your risk assessment should follow the following steps. We’ll go into more detail about these in a moment:
- Create a RA template/form
- Identify the hazards
- Determine the severity of harm
- Determine likelihood of harm
- Calculate the risk rating
- Determine controls
- Communicate & implement (and communicate again!)
How to make a risk assessment- step-by-step
Here’s how to make a risk assessment, from start to finish.
1. Create A Robust Record
The HSE provides a freely available template that you can download and use, and there are endless other providers to choose from. Ultimately though, you’ll want to record initial information such as:
- The date of assessment,
- Name of assessor,
- Site,
- Area and appropriate sub-area being assessed,
- The activity or equipment being assessed,
- Affected individuals,
- Version number,
- Related documents,
- Risk assessment reference number.
Following on from this initial information, you will need a table which you can enter information into, with columns for:
- Hazard reference number
- Hazard
- Who/what is affected and how
- Severity
- Likelihood of harm
- Risk score (pre-control)
- Controls
- Residual risk score
After this table, it’s a good idea to have an additional area or table to record any actions required in order to implement the controls, plus responsible people and target dates. It’s unlikely that you’ll use the risk assessment for action tracking purposes (i.e. whether they’re completed/overdue etc) so it’s probably not worth adding space to record this information.
The final stage of your risk assessment should be a sign-off area, where the assessor and any stakeholders can authorise the risk assessment.
2. Identify the Hazards
This is how to make a risk assessment in earnest. You need to identify the hazards, i.e. the sources of harm.
Very rarely are two hazards the same, so copy and pasting a risk assessment, or simply using a template, will rarely capture all of the information required and will be unlikely to be considered suitable and sufficient when scrutinised by the HSE.
It’s critical therefore that you completely understand the following before attempting to complete the risk assessment:
- The task or activity being carried out
- The individuals involved
- The environment
Let’s unpack this.
The task: factors to consider are what the task involves. Does it include work at height, manual handling, working with chemicals, mobile plant, tools and equipment, etc? Sometimes it is easier to record the task as a process in order to uncover all the elements required to complete it.
Individuals: You need to account for how individuals may vary. For example, their physical ability, (strength and endurance), height and weight, age, (are they physically less able…but also are they lacking in maturity and risk awareness), as well as general competence.
Also consider members of the public, bystanders, assistants, contractors, visitors, users of shared workspaces…and how they can all be affected by the hazard.
You should always consult with the individuals who are carrying out the task that you are assessing, or are otherwise affected by it, or the controls you will have to implement. They will have valuable insider expertise and knowledge that may not occur to you.
The environment: consider where the task is being carried out, for example- is it outdoors and subject to bad weather, cold, wind, etc? Is it close to roads, water bodies, overhead power lines? Is it a confined space? If indoors, what’s the lighting like, and are there hazardous transitions from light to dark? What’s the floor like, is it uneven, slippery, or covered in trip hazards? What’s the air like? Is there adequate ventilation and temperature control?
If you’re wondering how to make a risk assessment, it’s crucial that you consider these factors as a minimum.
3. Determine Severity of Harm
This should be recorded at the same time as the hazard identification. You need to determine whether you have a storm in a teacup or a hurricane on your doorstep, as this will define the type of control you implement, and how you prioritise it among all the other controls.
Use a simple 1-5 scoring system to quantify your severity, where 1= little to no harm, and 5= catastrophic.
4. Determine Likelihood of Harm
Similar to severity, you need to understand the likelihood of the hazard causing harm- for the same reason. Again, use a 1-5 scoring system to determine this, where 1= is highly unlikely and 5= almost certain.
It’s important to be pragmatic at this point- don’t just go with the worst-case scenario- but also be realistic (not optimistic). This is why safety management is so nuanced and is often best left to the professionals!
5. Calculate the Risk Rating
Using your severity and likelihood ratings, you can calculate the risk rating. Simply multiply the two, for example medium severity (3) and high likelihood (4) would be 3×4, and a risk rating of 12.
You can then determine the action level for the particular hazard- A good tool to use here is a 5×5 matrix; this is an industry standard and helps quantify severity and likelihood of harm. There are various permutations of these matrices, however all perform a similar task and allocate action levels according to scoring thresholds. A quick search on google will help you to find one to use.
6. Determine the Controls
Once you’ve identified the hazards, determined who may be harmed and how, and calculated the risk rating, you’re finally in a position to derive educated and measured controls to mitigate said risks.
At this point, you need to consider the hierarchy of control, which you’ve probably come across in one form or another: ERICPD (or ERICSP). The crucial steps here are to aim to eliminate the hazard first and foremost, then reduce the severity or likelihood of harm. If this isn’t possible, consider isolating the hazard or otherwise controlling it using engineered solutions and systems. If all else fails, try PPE.
PPE is often the first thing people reach for; however it should always be a last resort after every other control has failed or is unsuitable. The HSE will always prefer collective controls rather than individual ones- as PPE will only protect the wearer, not others in the vicinity.
When considering how to make a risk assessment, it’s worth taking some time to understand the hierarchy of control; the HSE will look at the quality of your risk assessment, not simply whether it exists or not.
After defining controls, you can calculate a residual risk rating based on the hazard severity and likelihood after they have been mitigated; this is a good way to determine the efficacy of your risk assessment controls.
7. Communicate and Implement
You may have uncovered some show-stopping hazards while carrying out your risk assessment. If you find an imminent threat, don’t wait until the RAMS have been published or the next safety meeting- make sure anyone affected by the potential threat is aware straightaway and pause or abort operations until it can be made safe. Ensure any management or other stakeholders are aware of this action.
Hopefully there won’t be any great clangers that you’ve uncovered though, and you’ll simply be able to finalise your risk assessment and crack on with implementing your controls.
Once this is underway, it’s crucial that you communicate any new procedures or protocols to all who are affected by them, or must enforce them. How you do this will vary according to the nature of the control and you should have existing systems in place to do this such as toolbox talks, daily briefings or monthly meetings.
Expert help when you need it
There you have it- how to make a risk assessment in a nutshell. This may seem like a lot to take in and that’s fine- because it is, for most people! What’s more, even if you have the time and general knowledge to carry out a risk assessment, it takes experience to be confident in determining the genuine risk rating and allocate truly pragmatic and sensible controls.
For this reason, it’s ok to ask for help. Here at Knox Thomas we’re happy and ready to attend your site, assess the tasks, people and environment- whether existing or planned- and determine appropriate controls to make your workplace safer.
So, if you’re wondering how to make a risk assessment, perhaps the answer is don’t… simply let us do it for you.