Key Takeaways
- Every UK employer must carry out risk assessments under the Management of Health and Safety at Work Regulations 1999
- Employers with 5+ employees must record significant findings in writing
- Follow the HSE 5-step process: identify hazards, decide who is at risk, evaluate and control, record findings, review regularly
- Use the hierarchy of controls -- eliminate first, PPE as last resort
- Risk assessments are living documents that must be reviewed after incidents, changes, or at least annually
In This Guide
- 1Fire Safety in the Workplace: UK Employer Checklist [2026]
- 2DSE Assessment Guide: Display Screen Equipment Regulations UK
- 3COSHH Assessment: Control of Substances Hazardous to Health Guide
- 4Lone Working Policy UK: Legal Requirements & Best Practices
- 5Manual Handling at Work: UK Regulations & Training Guide
- 6RIDDOR Reporting: When & How to Report Workplace Incidents UK
- 7Workplace First Aid Requirements UK: HSE Guidelines [2026]
- 8Working at Height Regulations UK: Employer Guide [2026]
- 9Health & Safety Policy Template UK: Free Download [2026]
Quick Answer: What Is a Risk Assessment?
A risk assessment is a legal requirement for UK employers to identify workplace hazards, evaluate the risks they pose, and put control measures in place. Under the Management of Health and Safety at Work Regulations 1999, every employer must carry out suitable and sufficient risk assessments. If you employ five or more people, you must record your significant findings in writing.
The Health and Safety Executive (HSE) recommends a straightforward 5-step process that any business can follow -- you do not need to be a health and safety professional to complete a risk assessment.
Why Risk Assessments Matter
Risk assessments are not just a legal obligation -- they are the foundation of workplace safety. The HSE investigates around 80,000 workplace injuries reported under RIDDOR each year, and a significant proportion stem from failures in the risk assessment process.
Legal Duties
The Health and Safety at Work etc. Act 1974 (HASAWA) places a general duty on employers to ensure, so far as is reasonably practicable, the health, safety, and welfare of all employees. The Management of Health and Safety at Work Regulations 1999 (MHSWR) make risk assessment the mechanism through which this duty is fulfilled.
Key legal requirements:
- Assess risks to employees, contractors, visitors, and members of the public
- Record significant findings if you have five or more employees
- Review and update assessments regularly, or when circumstances change
- Appoint one or more competent persons to assist with health and safety measures
- Provide employees with information about the risks identified and the control measures in place
Penalties for non-compliance can include improvement notices, prohibition notices, and prosecution. Under the Health and Safety (Offences) Act 2008, penalties for health and safety offences range from unlimited fines to imprisonment for up to two years.
The HSE 5-Step Risk Assessment Process
Step 1: Identify the Hazards
Walk around your workplace and look for anything that could cause harm. Consider:
- Physical hazards: slips, trips, falls, moving machinery, vehicles, working at height
- Chemical hazards: cleaning products, solvents, dust, fumes (covered by COSHH)
- Biological hazards: bacteria, viruses, mould
- Ergonomic hazards: manual handling, repetitive tasks, DSE use
- Psychosocial hazards: stress, workload, lone working, violence
Practical methods for identifying hazards:
- Walk the workplace and observe what people actually do (not just what they should do)
- Check manufacturer instructions and safety data sheets
- Review accident and near-miss records
- Consult employees -- they know their work best
- Check HSE guidance for your industry sector
Step 2: Decide Who Might Be Harmed and How
For each hazard, identify who is at risk. This is not limited to employees:
| Group | Examples |
|---|---|
| Employees | Office workers, warehouse staff, drivers |
| Contractors | Cleaners, maintenance workers, IT engineers |
| Visitors | Clients, delivery drivers, inspectors |
| Vulnerable groups | New/expectant mothers, young workers, disabled employees |
| Members of the public | Passers-by, customers, neighbours |
Consider how each group could be harmed: injury type, severity, and likelihood.
Step 3: Evaluate the Risks and Decide on Precautions
For each hazard, decide:
- What are you already doing? List existing control measures.
- Is it enough? Compare your controls against legal requirements, HSE guidance, and industry best practice.
- What more do you need to do? Identify additional controls needed.
Use the hierarchy of controls (most effective first):
- Eliminate the hazard entirely
- Substitute with something less hazardous
- Engineering controls (physical barriers, ventilation, guards)
- Administrative controls (procedures, training, supervision, signage)
- Personal protective equipment (PPE) as a last resort
Step 4: Record Your Findings and Implement Them
If you have five or more employees, you must write down:
- The significant hazards identified
- Who might be harmed
- What controls are in place and what further action is needed
- Who is responsible for implementing each action
- Target dates for completion
Your record should be:
- Simple and focused on controls
- Accessible to employees
- Proportionate to the risks (a small office does not need the same documentation as a construction site)
Step 5: Review and Update Regularly
Risk assessments are living documents. Review them:
- At least annually as standard good practice
- After any accident, incident, or near miss
- When you introduce new equipment, substances, or processes
- When there are changes to legislation or HSE guidance
- When the workforce changes (new starters, changes in working patterns)
- Following employee feedback or concerns
Risk Assessment Template
Use this structure to document your assessments:
| Column | Description |
|---|---|
| Hazard | What could cause harm? |
| Who is at risk? | Employees, visitors, contractors, public |
| Current controls | What measures are already in place? |
| Risk level | High / Medium / Low (likelihood x severity) |
| Additional controls needed | What else should be done? |
| Action by whom | Person responsible |
| Target date | When must it be completed? |
| Date completed | When was the action finished? |
| Review date | When will this be reviewed? |
Risk Rating Matrix
| Low severity | Medium severity | High severity | |
|---|---|---|---|
| High likelihood | Medium | High | High |
| Medium likelihood | Low | Medium | High |
| Low likelihood | Low | Low | Medium |
Types of Risk Assessment
General Workplace Risk Assessment
Covers the overall workplace environment -- office layout, corridors, lighting, temperature, welfare facilities. Required for all employers.
Fire Risk Assessment
A specific legal requirement under the Regulatory Reform (Fire Safety) Order 2005. Must be carried out by a competent person and reviewed regularly. Covers escape routes, fire detection, fire-fighting equipment, and emergency procedures.
DSE Assessment
Required under the Health and Safety (Display Screen Equipment) Regulations 1992 for employees who regularly use computers or other display screen equipment. Covers workstation setup, screen positioning, seating, lighting, and breaks.
COSHH Assessment
Required under the Control of Substances Hazardous to Health Regulations 2002 for any workplace using or producing hazardous substances. Covers chemicals, dust, fumes, biological agents, and nanotechnology.
Manual Handling Assessment
Required under the Manual Handling Operations Regulations 1992 where employees lift, carry, push, or pull loads. Uses the TILE framework (Task, Individual, Load, Environment).
New and Expectant Mothers
Regulation 16 of the Management Regulations requires a specific risk assessment for new and expectant mothers once the employer has been notified of the pregnancy.
Young Workers
Regulation 19 of the Management Regulations requires a specific assessment for employees under 18, considering their inexperience, lack of awareness of risks, and physical and psychological immaturity.
Common Mistakes to Avoid
- Treating it as a one-off exercise -- risk assessments must be reviewed and updated regularly
- Making it too complicated -- focus on significant risks, not every conceivable hazard
- Not involving employees -- workers closest to the hazard often have the best insight
- Copying a generic template without adapting it -- your assessment must reflect your actual workplace
- Failing to implement the controls identified -- an assessment is worthless if the actions are not followed through
- Not recording the assessment -- if you have five or more employees, the law requires written records
- Ignoring mental health risks -- stress, bullying, and psychosocial hazards must be included
Industry-Specific Considerations
Office-Based Businesses
Focus on DSE, slips/trips, fire safety, stress, and lone working. Often underestimate risks because the environment feels safe.
Construction
High-risk sector requiring detailed method statements and risk assessments for each task. CDM Regulations 2015 add specific duties. Falls from height remain the leading cause of fatal injuries.
Manufacturing and Warehousing
Machinery guarding, manual handling, noise, hazardous substances, and transport risks dominate. PUWER 1998 governs work equipment safety.
Care Homes and Healthcare
Manual handling of patients, infection control, violence/aggression, sharps injuries, and COSHH for cleaning chemicals. CQC expects robust risk assessment documentation.
Hospitality and Retail
Slips and trips (wet floors, trailing cables), manual handling (deliveries), burns and scalds, violence from the public, and working alone at night.
How Grove HR Helps with Risk Assessments
Grove HR helps UK employers manage the people side of health and safety:
- Document storage -- attach risk assessments to employee records for audit trails
- Training tracking -- log health and safety training completion and renewal dates
- Onboarding checklists -- include risk assessment briefings in new starter workflows
- Absence monitoring -- track work-related injuries and illness patterns using Bradford Factor
- Compliance reminders -- set review dates for risk assessments and get automatic notifications
Key Legislation Reference
| Legislation | What it covers |
|---|---|
| Health and Safety at Work etc. Act 1974 | General duties on employers and employees |
| Management of Health and Safety at Work Regulations 1999 | Risk assessment requirements, competent persons |
| Workplace (Health, Safety and Welfare) Regulations 1992 | Workplace conditions, facilities |
| Health and Safety (Display Screen Equipment) Regulations 1992 | DSE assessments |
| Manual Handling Operations Regulations 1992 | Manual handling assessments |
| Control of Substances Hazardous to Health Regulations 2002 | COSHH assessments |
| Regulatory Reform (Fire Safety) Order 2005 | Fire risk assessments |
| Reporting of Injuries, Diseases and Dangerous Occurrences Regulations 2013 | RIDDOR reporting |
Tags:
Rachel Richardson
Head of Growth & Marketing, Grove HR
Rachel leads growth and marketing at Grove HR, with over a decade of experience in UK HR technology. She writes practical guides to help small businesses navigate employment law and build better workplaces.
Frequently Asked Questions
Do I need a risk assessment if I have fewer than 5 employees?
Yes. All employers must carry out risk assessments regardless of size. However, you only need to record your findings in writing if you employ five or more people.
How often should risk assessments be reviewed?
At least annually, or sooner if there is an accident, near miss, change in work practices, new equipment, or new legislation. The HSE does not specify a fixed interval but expects assessments to remain current.
Can I do my own risk assessment or do I need a consultant?
Most small businesses can carry out their own risk assessments. The HSE provides free templates and guidance. You must appoint a competent person -- this can be an employee with sufficient training and knowledge, or an external adviser if needed.
What happens if the HSE finds my risk assessment is inadequate?
The HSE can issue an improvement notice requiring you to bring your assessment up to standard within a set period, or a prohibition notice stopping the activity immediately. Serious failures can lead to prosecution with unlimited fines.
Do I need separate risk assessments for each type of hazard?
Not necessarily. You can include multiple hazards in one assessment. However, specific regulations (COSHH, DSE, manual handling, fire) require dedicated assessments for those particular risks.
![Health & Safety Policy Template UK: Free Download [2026]](/_next/image?url=%2Fimages%2Fblog%2Fhealth-safety-policy-template.jpg&w=1920&q=75)
![Working at Height Regulations UK: Employer Guide [2026]](/_next/image?url=%2Fimages%2Fblog%2Fworking-at-height-guide.jpg&w=1920&q=75)
![Workplace First Aid Requirements UK: HSE Guidelines [2026]](/_next/image?url=%2Fimages%2Fblog%2Fworkplace-first-aid.jpg&w=1920&q=75)