Risk assessment is a fundamental process in occupational safety and health management that helps organizations identify potential hazards, evaluate their consequences, and implement effective control measures. The Health and Safety Executive (HSE) recommend a structured five-step approach to conducting thorough and comprehensive risk assessments in the workplace. This systematic methodology ensures that no potential hazard is overlooked, and that appropriate safeguards are put in place to protect employees, contractors, visitors, and organizational assets. 

Unveiling The 5 Steps of Risk Assessment 

Step 1: Identify Hazards 

The first and most critical step is to identify all potential hazards that could reasonably cause harm in the workplace. A hazard is any source of potential harm, including unsafe conditions, practices, or materials that workers may encounter during their daily activities. 

Types of workplace hazards to identify include: 

  • Physical hazards: slips, trips, falls, machinery injuries, or impact from falling objects 
  • Chemical hazards: exposure to toxic substances, solvents, or cleaning agents 
  • Biological hazards: exposure to infectious agents or disease-causing organisms 
  • Ergonomic hazards: poor posture, repetitive strain, or heavy lifting 
  • Psychosocial hazards: stress, bullying, or excessive workloads 

To effectively identify hazards, organizations should utilize multiple information gathering techniques. These include direct observation and walkthroughs of the workplace, interviews with workers and supervisors who perform the tasks, review of Safety Data Sheets (SDS) for chemicals used, analysis of previous accident and near-miss reports, and examination of manufacturer’s instructions for equipment and machinery. Breaking down jobs or processes into individual tasks also helps ensure that hazards associated with each step are comprehensively identified. 

 

Step 2: Decide Who May Be Harmed and How 

After identifying hazards, the next step involves determining who might be affected by these hazards and understanding the potential mechanisms of harm. This step requires careful consideration of different worker populations and the specific ways they could be injured or made ill. 

Key groups to consider when assessing who may be harmed: 

  • Permanent employees regularly performing workplace duties 
  • Contractors and subcontractors unfamiliar with the environment 
  • Visitors and members of the public 
  • Vulnerable workers such as pregnant employees, young workers, or individuals with disabilities 
  • Inexperienced or new employees requiring special attention 

Understanding how each group might be harmed is equally important as identifying who is at risk. For example, a chemical hazard might cause skin burns for workers in direct contact but respiratory issues for those working nearby. Documenting the specific mechanisms of harm—such as “acute chemical burns from dermal exposure” or “chronic respiratory effects from inhalation”—enables the development of targeted and effective control measures. This step forms the foundation for designing appropriate protective strategies tailored to each exposed population. 

 

Step 3: Evaluate the Risks and Decide on Control Measures 

Step 3 involves assessing the likelihood and severity of identified hazards to determine the overall risk level and establish suitable control measures. This is where organizations prioritize which hazards require the most immediate attention based on their potential impact. 

Key factors to evaluate during risk assessment: 

  • Likelihood: How probable is it that the hazard will cause harm? 
  • Severity: What is the potential impact if the hazard materializes? 
  • Frequency of exposure: How often are workers exposed to the hazard? 
  • Existing controls: What protective measures are already in place? 

Organizations often use a risk assessment matrix (also called a risk rating matrix) to systematically evaluate and prioritize risks. This tool combines severity and probability parameters into a visual format that helps standardize risk evaluation across different hazards. 

Risk Level — Classification, Action & Timeline
Risk Level Classification Action Required Timeline
Low Probability + Low Severity Low Risk Maintain current controls Routine review
Medium Probability or Severity Medium Risk Implement additional controls Within 3–6 months
High Probability or Severity High Risk Implement urgent controls Within 1–3 months
Critical Extreme Risk Halt activity; require immediate intervention Immediately

Once risks are evaluated, organizations must design measures to eliminate or reduce risks to acceptable levels following the ALARP principle (As Low as Reasonably Practicable). The hierarchy of control measures should prioritize elimination first, then substitution, engineering controls, administrative measures, and finally personal protective equipment (PPE) as a last resort. 

Step 4: Record Your Findings 

Documenting the risk assessment is a critical legal and operational requirement that ensures accountability and provides a reference for future reviews and audits. Proper documentation creates an organizational memory of identified hazards, assessed risks, and implemented controls. 

Essential information to include in risk assessment documentation: 

  • Detailed description of identified hazards 
  • Personnel and groups at risk 
  • Likelihood and severity ratings for each hazard 
  • Implemented control measures and their effectiveness 
  • Any further actions required 
  • Date of assessment and responsible personnel 
  • Timeline for implementation of controls 

Method statements should outline specifically how and when safety measures will be implemented, including responsible parties and completion dates. This documentation serves multiple purposes: it demonstrates compliance with legal requirements, facilitates communication among team members, enables training of new employees, and provides evidence for regulatory inspections or incident investigations. Organizations should maintain these records systematically and ensure they are easily accessible when needed. 

 

Step 5: Review and Update the Assessment 

The final step involves regularly reviewing and updating the risk assessment to ensure its continued relevance and effectiveness. Risk assessment is not a one-time event but an ongoing process requiring periodic evaluation and adjustment.  

When to review risk assessments: 

  • When work processes or procedures change significantly 
  • After workplace incidents, near-misses, or injuries occur 
  • When new equipment or chemicals are introduced 
  • When new hazards emerge in the industry 
  • Following regulatory changes or updated standards 
  • At predetermined intervals (annually or per organizational policy) 
  • Based on employee feedback or safety suggestions 

During reviews, organizations should assess whether current control measures are operating effectively and whether new risks have emerged in the workplace. This continuous improvement approach ensures that the organization maintains a proactive  stance rather than a reactive stance toward safety. Regular monitoring and review also demonstrate management commitment to workplace safety and foster a positive safety culture where employees understand that hazards are actively managed and their concerns are addressed. 

Conclusion 

The five-step risk assessment process provides a structured framework for organizations to systematically identify, evaluate, and control workplace hazards. Organizations create safer, healthier work environments that protect their most valuable assets: their employees; by following this methodology: 

  • Identifying hazards 
  • Determining who may be harmed 
  • Evaluating risks and implementing controls 
  • Recording findings, and 
  • Reviewing assessments regularly 

Implementing this rigorous approach not only fulfills legal obligations under OSHA and other regulatory frameworks but also reduces workplace incidents, minimizes operational downtime, and reinforces an organization’s reputation as a responsible and safety-conscious employer.