Health and Safety Risk Assessment (England & Wales)

A Health and Safety Risk Assessment in the United Kingdom sets out the standards, responsibilities, and procedures the organisation expects everyone to follow, under the framework of the Employment Rights Act 1996.

The Management of Health and Safety at Work Regulations 1999 require every employer and self-employed person to make a 'suitable and sufficient' assessment of the risks to the health and safety of their employees arising from their work activities, and of the risks to persons not in their employment who may be affected. The assessment must identify the significant hazards, evaluate the likelihood and severity of harm, identify who is at risk, describe the controls in place, and — where five or more persons are employed — record the significant findings in writing. Regulation 3(3) requires the assessment to be reviewed and updated whenever there is reason to suspect it is no longer valid or there has been a significant change in the matters to which it relates.

The overarching duty underpinning the risk assessment obligation is found in sections 2 and 3 of the Health and Safety at Work etc. Act 1974. Section 2 requires every employer to confirm, so far as is reasonably practicable, the health, safety, and welfare at work of all their employees. Section 3 extends this duty to non-employees who may be affected by the employer's undertaking. The standard of 'so far as is reasonably practicable' involves weighing the degree of risk against the cost, time, and trouble required to avert it — but it is a high standard, not a low one.

The Workplace (Health, Safety and Welfare) Regulations 1992 (SI 1992/3004) set minimum standards for the physical workplace environment, covering matters such as temperature, lighting, ventilation, cleanliness, space, and condition of floors, passageways, and stairs. A risk assessment should take account of these regulatory requirements and identify any areas where the workplace falls short of the required standards.

A risk assessment is not a single administrative exercise — it is a living document that should reflect the actual conditions of the workplace and be updated whenever those conditions change. It is a central pillar of the health and safety management system described in the HSE's guidance document 'Managing for Health and Safety' (HSG65), which sets out the Plan-Do-Check-Act model for managing health and safety risks.

A Health and Safety Risk Assessment must be carried out before workers or others are exposed to a significant risk, and must be reviewed and updated whenever circumstances change. The legal obligation under regulation 3 of the Management of Health and Safety at Work Regulations 1999 applies from the moment an employer begins employing workers or a self-employed person begins an undertaking that poses risks to others.

A risk assessment is needed in a wide range of situations. It is needed whenever a new work activity is introduced — whether a new manufacturing process, a new type of machinery, a new substance, or a new service. It is needed when new workers join the organisation, particularly if they are young workers (under 18), new or expectant mothers, or workers returning from a period of ill health. Regulation 16 of the Management of Health and Safety at Work Regulations 1999 specifically requires an employer to carry out a risk assessment for new and expectant mothers where the work involves exposure to hazards that could cause harm to the mother or her unborn or newborn child.

A review of the risk assessment is required following any workplace accident, near miss, or dangerous occurrence, because the incident itself is evidence that the existing assessment may no longer be valid. The Management of Health and Safety at Work Regulations 1999 (reg. 3(3)) require the assessment to be reviewed if there is reason to suspect it is no longer valid — and an accident is strong evidence that the risk controls identified in the assessment were inadequate.

A review is also required whenever there is a significant change in the workplace or work activity — for example, when new machinery is introduced, when working patterns change (such as a shift to night working or lone working), when new chemicals or substances are used, when the layout of the workplace changes significantly, or when there is a change in the number of people working in a particular area.

Beyond legal compliance, a regularly reviewed risk assessment is a practical management tool. It demonstrates to employees that their health and safety is taken seriously, helps to reduce absence due to work-related ill health and injury, provides evidence of due diligence in the event of a personal injury claim or HSE investigation, and can reduce employers' liability insurance premiums.

A legally effective Health and Safety Risk Assessment for use in England and Wales must contain certain key elements to meet the 'suitable and sufficient' standard required by regulation 3 of the Management of Health and Safety at Work Regulations 1999.

The scope and business details section establishes which employer, premises, and activity the assessment covers. It should clearly identify the legal entity responsible for the assessment (the employer or self-employed person) and the specific area or activity being assessed. A single risk assessment document may cover an entire workplace if the risks are relatively uniform, but more complex workplaces or activities generally warrant separate assessments for different areas, processes, or tasks.

The assessor details section records who carried out the assessment. Under regulation 7 of the 1999 Regulations, the assessment must be carried out by a competent person — someone with sufficient training, experience, and knowledge to identify hazards and evaluate risks accurately. The assessor's credentials, qualifications, or experience may be relevant if the assessment is challenged by the HSE or relied upon in litigation.

The hazard identification section is the core of the assessment. A hazard is anything with the potential to cause harm. Common workplace hazards include manual handling and musculoskeletal risks (regulated by the Manual Handling Operations Regulations 1992, SI 1992/2793); hazardous substances including chemicals, dust, and biological agents (regulated by the Control of Substances Hazardous to Health Regulations 2002, COSHH, SI 2002/2677); working at height (Work at Height Regulations 2005, SI 2005/735); noise and vibration (Control of Noise at Work Regulations 2005; Control of Vibration at Work Regulations 2005); electricity (Electricity at Work Regulations 1989); slips, trips, and falls (Workplace (Health, Safety and Welfare) Regulations 1992); and fire (Regulatory Reform (Fire Safety) Order 2005).

The risk evaluation section assesses the level of risk posed by each hazard, taking into account the existing controls already in place. Risk is determined by considering both the likelihood of harm occurring and the severity of the potential harm. A simple low/medium/high rating system is commonly used, supplemented in more complex environments by a numerical risk matrix.

The control measures section identifies what additional actions are required to reduce risks to an acceptable level, following the hierarchy of control set out in Schedule 1 to the 1999 Regulations: elimination, substitution, engineering controls, administrative controls, and personal protective equipment.

The review schedule records when and how frequently the assessment will be reviewed. It identifies the responsible person — the manager or officer with authority and resources to confirm that control measures are implemented, maintained, and updated. The review date, review frequency, and responsible person should be clearly recorded so that the review obligation is not overlooked. The forms-legal.com Health and Safety Risk Assessment (England & Wales) template covers the mandatory elements under Employment Rights Act 1996.