Every business is required to make an assessment of the risks that are likely to arise from their business processes. This requirement is generally referred to as risk assessment.
This Guidance Note gives only general advice on the risk assessment process.
A risk assessment is simply a careful sensible examination of what, in your work, could cause harm to people, so that you can weigh up whether you have taken enough precautions or should do more to prevent harm to your workforce or other people who might be affected by your work activities. It is in effect risk management.
Health and safety at work legislation places key requirements and responsibilities on employers to ensure that their business is properly managed. It requires a competent risk assessment of work activities, processes and tasks so that Managers are aware of workplace hazards and risks and have the opportunity to properly manage them.
Where a risk assessment identifies the presence of significant hazards and more than 5 people are employed the risk assessment must be recorded.
Employers must make arrangements for suitable and sufficient risk assessments to be made for all of their business activities. The process can be delegated to trained and competent managerial staff but Directors, sole traders and Senior Managers still retain the responsibility for ensuring that they are suitable and sufficient.
Employees should always be consulted and involved in the risk assessment process. They often understand the process and the day to day risks in greater detail than their Managers. Workforce engagement in completing the risk assessment and developing control measures is likely to result in better compliance and use of the control measures than would otherwise be the case. Sometimes it is also appropriate to involve clients, contractors and others in the risk assessment of a process or activity where they might directly be affected.
Where there are less than 5 employees (3 in Ireland) there is no need for risk assessments to be written down or recorded. However if the risks are significant it is advisable to keep a record of the assessment.
Risk assessment should not be a bureaucratic process; don’t overcomplicate it. In many organisations, the risks are well known and the necessary control measures are easy to apply. You probably already know whether, for example, you have employees who move heavy loads and so could harm their backs, or where people are most likely to slip or trip. If so, check that you have taken reasonable precautions to avoid injury. If the task is straightforward, if the risk assessment is straightforward and can easily be repeated, with the same outcome each time, there is no need to record it.
The purpose of risk assessment is to promote the sensible management of workplace risk. Bear this in mind when completing risk assessments and remember that sensible risk management is about:
- Ensuring that workers and the public are properly protected;
- Providing overall benefit to society by balancing benefits and risks, with a focus on reducing real risks – both those which frequently arise and those with serious consequences;
- Enabling innovation and learning - not stifling them;
- Ensuring that those who create risks manage them responsibly and understand that failure to manage real risks responsibly is likely to lead to robust action;
- Enabling individuals to understand that as well as the right to protection, they also have to exercise responsibility.
Risk assessment is not about:
- Creating a totally risk free society;
- Generating useless paperwork mountains;
- Scaring people by exaggerating or publicising trivial risks;
- Stopping important recreational and learning activities for individuals where the risks are managed;
- Reducing protection of people from risks that cause real harm and suffering.