Understanding the risk assessment steps is essential to the success of every organisation. Risk assessment empowers organisations to anticipate harm before it occurs, allocate resources effectively, and demonstrate a firm commitment to the well-being of the workforce and others.

This guide explores the five risk assessment steps in depth, with practical examples, relevant legislation, and links to authoritative guidance from the Health and Safety Executive (HSE).

The risk assessment steps are a structured process recommended by the HSE. They help organisations identify hazards, evaluate risks, and implement controls to prevent harm. Each step builds on the last, creating a logical and defensible framework for managing workplace risks.

These steps are suitable for most low- to medium-risk environments and are legally mandated by the Management of Health and Safety at Work Regulations 1999.

Summary

A young person was seriously injured after falling from a forklift truck (FLT) that was being driven by an unauthorised and untrained individual. The young person had been riding on the side of the FLT when he fell and was run over, sustaining significant leg injuries.

Key failures

• No young person's risk assessment conducted
• FLT operated by an untrained and unauthorised driver
• Unsafe behaviour (riding on the side of a moving FLT) not challenged or prevented
• Lack of supervision and control measures for vulnerable workers

Legal action

The farming company was prosecuted, pleaded guilty in court, and was fined £7,000, plus an additional £4,000 in prosecution costs.

Learning points for risk assessment steps

This incident underscores the need for tailored risk assessments for young persons, whose inexperience and vulnerability demand extra safeguards. Effective training and close supervision are essential control measures to prevent foreseeable harm and uphold legal and moral responsibilities.Shape

The first of the risk assessment steps involves spotting anything that could cause harm. Hazards may be:

• Physical (e.g. machinery),
• Chemical (e.g. cleaning agents),
• Biological (e.g. bacteria),
• Ergonomic (e.g. poor workstation design), or
• Psychological (e.g. stress).

Methods of hazard identification

There are a few different methods you can use to identify hazards, such as:

• Walk-around inspections: To spot existing or new hazards and note any changes e.g. unsafe conditions or behaviours.
• Task analysis: Breaking down work activities to uncover hidden risks.
• Reviewing documentation: Incident reports, health surveillance data, absenteeism trends, and complaints.
• Consulting with workers: Workers can offer valuable insights into actual working conditions and the challenges they have faced in the past.
• Consulting external sources: HSE guidance, Approved Codes of Practice (ACOPs), manufacturer instructions, British Standards, and ISO benchmarks.

Identifying hazards thoroughly sets the foundation for all other risk assessment steps. Once you’ve done this, you can move on to step 2.

The second of the risk assessment steps focuses on recognising groups (not individuals) who may be exposed to hazards. The goal is to understand how different people might be affected and to tailor controls accordingly – before accidents happen.

Groups to consider include:

• Employees (including part-time and shift workers)
• Temporary and agency staff
• Contractors
• Visitors and members of the public
• Young persons (under 18)
• New or expectant mothers
• Lone workers
• Emergency responders
• People with disabilities or health conditions

Key considerations:

• Workers performing hazardous tasks are usually at the greatest risk.
• Vulnerable groups may require additional controls.
• Contractors, cleaners and visitors may be exposed to hazards despite not being present full-time.
• Avoid listing groups unlikely to be harmed (e.g. members of the public concerning work-related hazards, such as mental ill health, manual handling or vibration hazards).

A practical example

Look at the way the following sentence from a risk assessment is phrased:

“Slipping on spillages may cause cuts, bruises or fractures, particularly for lone workers or those unfamiliar with the site layout.”

Using “may” reflects potential harm and supports the legal principle of foreseeability—an essential concept in health and safety law.

This third of the risk assessment steps involves assessing the existing controls in the workplace, such as identifying:

• Training provided (who, when, how often)
• Equipment and facilities available
• Specific hazard risk assessments and review dates
• Supervision and compliance checks
• Management support and monitoring systems.

Compare controls against:

• Industry guidance and best practice
• Legal standards and enforcement notices
• Manufacturer recommendations and technical data.

The Hierarchy of Risk Control

The Hierarchy of Risk Control is a structured method for assessing existing controls and identifying new ones. It ranks control measures from most to least effective, encouraging assessors to start at the top and only move down if higher-level controls aren’t reasonably practicable.

The goal is to reduce risk to a level that is as low as reasonably practicable (ALARP), using multiple layers of control where needed. This layered approach ensures the hazard is managed effectively, not just deferred to PPE.

Hazard scenario: A cleaner mops the floor during business hours, leaving a wet surface that could cause slips.

Control measures using the hierarchy:

• Elimination: The cleaning operation could be stopped, but would leave a dirty floor.
• Substitution: Switch to fast-drying or low-moisture cleaning products.
• Engineering: Install anti-slip flooring or improve ventilation to encourage speed drying.
• Administrative: Mop during quiet periods, revise the cleaning process and train the cleaner to use dry-mopping methods, and place out “Wet floor” signage during operation.
• PPE: Issue slip-resistant shoes to staff working in affected areas.

Technological enhancements

Modern safety technologies—such as wearable sensors, automated alerts, and ergonomic tools—can enhance hazard control and reduce reliance on PPE. These innovations also improve morale, reduce insurance costs, and support continuous improvement.

This step is where risk becomes actionable—translating insight into intervention.

This fourth of the risk assessment steps ensures that significant findings are documented and acted upon. Risk assessments must be recorded in writing when an employer has five or more employees. However, recording the assessment is not just a legal requirement; it’s a useful communication tool and a foundation for accountability.

Recording matters because it:

• Communicates risks and controls to staff and allows for review
• Ensures implementation and follow-through
• Provides evidence for audits, inspections and legal proceedings
• Supports continuous improvement and transparency.

A common pitfall

Managers must avoid creating vague or overly complex documents. A good risk assessment should be practical, focused, and tailored—not a generic checklist copied from another site or department.

A well-recorded assessment is a sign of professionalism and preparedness.

The final of the five steps to risk assessment involves keeping your assessment current. Risk assessments must be reviewed regularly to reflect changes in the workplace and ensure controls remain effective. This step reinforces a culture of continuous improvement and legal compliance.

Review triggers

How do you know when a risk assessment should be reviewed? Here are some of the triggers:

• Introduction of new equipment or substances
• Changes in work processes or environments
• After incidents, near misses, or complaints
• Updates to legislation or industry standards.

What to do

The best practices when updating your risk assessment are:

• Document all changes and rationale
• Update action plans and responsibilities
• Communicate revisions across the organisation
• Reassess residual risks and control effectiveness.

So there you have it. As with anything with a specific number of steps – from the Spanish Steps in Rome to a twelve-step programme – you can’t miss any out. They have a defined number, in a defined order for a reason. When it comes to the five steps to risk assessment, they have been tried, tested and documented over many years – it's best not to attempt any shortcuts or quick fixes.

Stick to the five steps to risk assessment in this guide, and you’ll be sure to protect yourself and your colleagues in any hazardous workplace situation.