Health and Safety
Executive / Commission
Risk management
A hazard is anything with the potential to cause harm e.g. working at height on scaffolding.
A risk is the likelihood that a hazard will cause a specified harm to someone or something e.g. if there are no guard rails on the scaffolding it is likely that a construction worker will fall and break a bone.
Risk Management is a process that involves assessing the risks that arise in your workplace, putting sensible health and safety measures in place to control them and then making sure they work in practice.
A risk assessment is nothing more than a careful examination of what, in your work, could cause harm to people, so that you can weigh up whether you have taken enough precautions or should do more to prevent harm.
You may come across these abrieviations. ALARP stands for “as low as reasonably practicable” and SFAIRP stands for “so far as is reasonably practicable”. In essence, these are the same; however, SFAIRP is the term most often used in the Health and Safety at Work etc Act and in Regulations, and; ALARP is the term used by risk practitioners.
This means that you have to take action to control the health and safety risks in your workplace except where the cost (in terms of time and effort as well as money) of doing so is “grossly disproportionate” to the reduction in the risk. You can work this out for yourself, or you can simply apply accepted good practice.
Managing health and safety risks puts you in control since it leaves your business less open to chance. A risk assessment helps to prevent accidents and ill health to you, your workers and members of the public. Accidents and ill health can ruin lives and harm your business too if output is lost, equipment is damaged, insurance costs increase or you have to go to court. You are legally required to assess the risks in your workplace so that you can put in place a plan to control the risks.
Read our publication "Five Steps to Risk Assessment" This tells you how to do a risk assessment for occupational health and safety. This is not the only way to do a risk assessment, there are other methods that work well, particularly for more complex risks and circumstances. However we believe this method is the most straightforward for most organisations.
No. We believe “5 steps to risk assessment” provides a straightforward method, but it’s certainly not the only acceptable way.
A number of alternatives exist. Most follow the same format as that in "Five Steps to Risk Assessment":
Where other methods tend to differ is at the “evaluate the risks” stage. Here, we suggest comparing your control measures with good practice to assess whether more needs to be done. But, another common and very effective method involves working out a risk level by categorising the likelihood of the harm and the potential severity of harm and then plotting these two risk determining factors against each other in a risk matrix (see below). The risk level determines which risks should be tackled first. As with any other method of risk assessment you should not overcomplicate the process e.g. by having too many categories.
Using a matrix can be very helpful for prioritising actions. It is suitable for very many assessments but particularly lends itself to more complex situations. However, it does require a fair degree of expertise and experience to judge the likelihood of harm accurately. Getting this wrong could result in applying unnecessary controls or failing to take important ones. People working full-time in health and safety often use a version of this method. It provides a good alternative to the “good practice” approach in "Five Steps To Risk Assessment".
Make sure that you involve employees and safety representatives in carrying out the assessment - for ways on how to do this please visit HSE’s Worker Involvement web pages. Remember to speak to workers who may have particular requirements e.g. new and young workers, new or expectant mothers and people with disabilities.
In your risk assessment you need to be able to show that:
You should carry out an assessment before you do the work that gives rise to the risk, and review it as necessary.
Few workplaces stay the same. Sooner or later, you will bring in new equipment, substances and procedures, and that could lead to new hazards. Therefore, you will need to review where you are every year or so, to make sure you are still improving, or at least not sliding back.
During the year, if there is a significant change, don't wait: check your risk assessment and where necessary, amend it. If possible, it is best to think about the risk assessment when you're planning your change - that way you leave yourself more flexibility.
See Step 5 of "Five Steps to Risk Assessment"
Good practice refers to practices that have been acknowledged by HSE or local authorities as representing standards of compliance with the law. It doesn’t mean “custom and practice” necessarily – that can be poor practice. There are many sources of good practice and HSE works with industries to produce good practice guidance – HSE’s website, HSE Infoline and Workplace Health Connect can all help.
In most cases, this is not necessary. Risk assessment is a straightforward process that most people can do, given a little time and effort. You will probably need help if you have particularly hazardous or complex processes, but for the majority of organisations, you or a competent member of staff should be able to complete a satisfactory assessment. HSE’s "Five Steps to Risk Assessment" leaflet can help.
Just use your common sense: you don’t need an electrician to re-wire a plug, but most people would need one to re-wire their house. It’s the same with risk assessment.
Health and safety law requires that you keep a record of the significant findings of your assessment if you employ five or more people. It makes sense to keep a record of the assessment so that when you come to review it, you can check back to see if anything has changed. It is also useful to keep a record so that you can share the findings with your staff. Finally, it proves that you have carried out the process if a health and safety inspector asks about it.
No. However, there is a blank template with the “Five Steps to Risk Assessment [PDF]” leaflet that you can use, if you wish. You can record the assessment in any convenient way.
All workers are entitled to work in environments where risks to their health and safety are properly controlled. Under health and safety law, the primary responsibility for this is down to employers. Doing a risk assessment is the key to preventing accidents and ill-health in your workplace to you, your workers and members of the public. Accidents and ill health can ruin lives and harm your business too if output is lost, equipment is damaged, insurance costs increase or you have to go to court.
However, workers also have a duty to take care of their own health and safety and that of others who may be affected by their actions. Health and safety legislation, therefore, requires employers and workers to cooperate. Involving workers and their representatives in your risk assessment is one of the best ways of doing this. For more information please visit HSE’s Worker Involvement pages.
No. When done properly, it should identify the measures that are needed to reduce the risk as low as “reasonably practicable” and not further. It is important to remember that risk assessment can show that a process is safe enough with the measures you already have in place, and no more need be done.
We don’t think so. Our approach is to seek a balance between the unachieveable aim of absolute safety and the kind of poor management of risks that damages lives and the economy. In a nutshell: risk management, not risk elimination. For more information about this please read our Principles of Sensible Risk Management We consult widely on our proposals and we listen carefully to those who have views different from our own.
The precautionary principle should be applied only in very particular circumstances. It is highly unlikely to be relevant to your work.
The precautionary principle says that where you have good reason to believe that something might cause harm but there isn’t enough scientific knowledge to carry out a full risk assessment, this should not be used as an excuse to do nothing to prevent harm. The precautionary principle is therefore applied to a few new hazards until enough is learned about the risks they present. It should not be applied to well-known hazards where the broad level of risk has been established.
Myth of the month