Welcome to Risk Assessment in the Workplace!
To ensure you get the most accurate information,
select the region that best reflects your location, then we'll get started!
Risk Assessment in the Workplace
Risk Assessment in the Workplace
Risk Assessment in the Workplace
Risk Assessment in the Workplace: EU (download transcript)
Abi: Welcome to your audio compliance learning, and thanks for joining us today. Before we get started, here's a quick overview. You are in charge of how you learn. You can listen right through from start to finish, jump into the sections you want to refresh or head straight to the final assessment if you're already feeling up to speed. At the end, you'll need to score 80% in the assessment to complete the lesson. And if you don't get there first time, then that's completely fine. You can try again as many times as you need.
Welcome to our lesson on risk assessment in the workplace. I'm Abi, and I'm your host for this lesson. We're going to explore your responsibilities for workplace risk assessment, understand why these are important, and learn the concepts that underpin effective risk assessment.
We'll give you the knowledge to identify risks and hazards in the workplace and how to protect yourself and your team. I'm joined by Phil today, who is a health and safety consultant with over 30 years experience in advising organisations how to create safe workplaces. Hi Phil. Thanks for joining us.
Phil: Hi, Abi. It's nice to be here.
Abi: Could you talk us through how managers and how organisations are responsible for risk assessment in the workplace? So how does that work at an organisational level?
Phil: Yes. As a manager or employer, you have the responsibility to keep your team safe. Risk assessment is about identifying what could go wrong and taking the steps to prevent it.
It's not about following rules, it's about creating a safe working environment. When somebody gets hurt at work, it affects them, their family, and the whole team. Good risk assessment helps you be proactive rather than reactive, preventing accidents from happening in the first place.
Abi: I think one of the questions that people always ask, are always wondering, is, what is the difference between a hazard and a risk? Could you explain the difference to us?
Phil: Yeah. A hazard is anything that could potentially cause harm, like a wet floor, a heavy box, or excessive workload. Risk is the likelihood that the hazard will actually cause harm, combined with how serious that harm could be. This helps you focus your efforts on the biggest risks first, rather than trying to eliminate every possible hazard, which isn't practical or necessary.
Abi: It's really useful to think about it that way, isn't it? About identifying what are the biggest risks, essentially, and like focusing efforts in to prevent those hazards causing harm. How does risk assessment work on a day-to-day basis?
Phil: Risk assessment isn't a once-a-year paperwork exercise. It's about developing a mindset where you think about what could go wrong and take steps to prevent it. Risk assessment isn't just a manager's job. The people doing the jobs often spot risks that aren't obvious from the outside. Remember, it's impossible to eliminate all risks. You need to identify significant risks and take reasonable steps to manage them.
Abi: Thanks, Phil. That's really helpful to understand. Could you just give us a quick summary of risk assessment principles?
Phil: Yeah. Risk assessment is about being proactive, preventing problems rather than reacting to them. Understanding hazards versus risks helps you prioritise your efforts and risk assessment is an ongoing responsibility, not a one-time task.
Abi: That's really great. So that just gives us a real clear understanding of our responsibilities, gives us a foundation for effective risk management. And then next we can move on to how we can identify those hazards in the workplace so that we can then manage those risks.
Reflection: Think about your current role and responsibilities. Have you thought about how risk assessment fits into your everyday tasks? Take a moment to consider are there areas where you could be more proactive in identifying and managing risks?
Abi: So now we understand our responsibilities around risk management and risk assessment. Let's focus on the practical skill of hazard identification. So, Phil, in a workplace, what are the main types of hazards that we should look out for?
Phil: There are several categories of hazards. Physical hazards, including things like slippery floors, moving machinery, or working at height. Chemical hazards cover everything from cleaning products to industrial chemicals. Ergonomic hazards, including things like poor workstation setup, repetitive tasks, or heavy lifting. Environmental hazards include noise, lighting, and temperature extremes. It's also worth thinking about psychological hazards such as excessive workloads, bullying or lack of support and any people hazards, like aggressive customers or colleagues.
Abi: It's really broad, isn't it? The potential for hazards. It's really useful to think about it in different contexts and different workplaces and where those hazards might appear or arise. Could you give us an example of how the same hazard might affect people differently depending on their circumstances?
Phil: Yeah, let's think about something as simple as stairs in a workplace. For most people, they're a minor consideration other than being a slip risk if they're wet. But for somebody with mobility issues, stairs could be a major barrier. For someone carrying heavy loads, that could become a manual handling risk.
If somebody's recovering from an injury, stairs might be more challenging. And a visitor in an emergency who doesn't know the alternative routes could be at higher risk. Good risk assessment considers not just the hazard, but who encounters it and under what circumstances.
Abi: It's a really good example, isn't it? It's something that we all encounter every day-to-day, and just considering how different people would interact with something as simple as a staircase. It really brings it home as to how stairs could present a hazard for different people. So if we're assessing risks, I'm assuming that there's a process that we would need to go through to be able to identify them. Can you talk us through that?
Phil: Yeah. There's basically a five-step risk assessment process. I'll go through the steps now. Step one is identifying hazards. Step two is evaluating the risks by considering likelihood and severity. Step three is controlling the risks. Step four is recording your findings clearly so that others can understand and act on them. Step five is reviewing and updating because workplaces change over time.
Abi: So we've talked about identifying hazards, which is step one. So should we talk a little bit more around how we evaluate risks?
Phil: Yeah. We use a simple risk matrix approach. For each hazard, ask how likely is it somebody could be harmed? Ask yourself questions like, has this happened before? Or what might make this more likely to happen? Assign a likelihood rating from low, which might be one, to high, which might be three, based on your assessment. Then think about the potential impact of the hazard. Would it result in a mild inconvenience, a moderate injury, or something more severe?
Then rate the severity from low, which might be one, to high, which might be three. Multiply the likelihood by the severity to get your score. This score guides you on the level of action required. You can use this to prioritise the risk controls you need to put in place.
Abi: I think sometimes those risk matrix and those assessment processes, sometimes it's a little bit difficult to get your head round, isn't it? Could you maybe give us as like a worked example, could you try and bring that to life for us as to how that works in reality?
Phil: Yeah. Let's say you're managing an office and you've identified a loose carpet tile near the main entrance as a hazard, first evaluate the likelihood. Ask yourself, has this happened before? Maybe not in your office, but trip hazards are common. What might make this more likely? it's right by the entrance where lots of people walk, especially during busy periods when people might be rushing or carrying objects. You probably rate this as high likelihood, so that's a three. Next, consider severity. If someone tripped, what's the worst realistic outcome? They might stumble and recover, or they could fall and get bruised, or in the worst case, fall heavily and break an ankle or a wrist. You probably rate this as a medium severity, so that's a two. If you multiply them three times two, that equals six. That's a high risk score that needs active control measures. Maybe getting the carpet tile fixed immediately, putting up a warning sign until it's repaired.
Abi: Thanks for that, Phil. That actually makes so much more sense when you can talk it through in a practical example. You can see how that actually plays out in reality in the workplace. What would you say are the essential points that we need to remember about evaluating risks?
Phil: Following the five step process. And use likelihood and severity to prioritise tasks to focus your efforts.
Abi: Thanks for this, Phil, that again, it clears up the process, I think. It makes it much easier to manage. If we're evaluating risks using a risk matrix, then it means that we're moving away from what could be a potentially overwhelming list of hazards into manageable priorities because we can identify those hazards that are more likely to cause a problem.
Reflection: Think about a specific area of your workplace. Try applying the risk evaluation process. Identify a hazard, assess its likelihood and severity, and determine its priority level. Does it highlight any risks you hadn't considered before?
Abi: So now we've identified and evaluated our risks, we need to work out how we can control them. The hierarchy of control gives us a framework for choosing the most effective measures to protect our teams. Phil, could you talk us through what the hierarchy of control is and why is it structured in the way that it is?
Phil: The hierarchy starts with elimination, so completely removing the hazard that's the most effective because there's no hazard, there's no risk.
Next is substitution. Replacing something dangerous with something safer. Then isolation, separating people from the hazard. And then further down the hierarchy, we have engineering controls, which use physical systems to reduce exposure. And then at the bottom of the hierarchy, we have administrative controls, which are policies and training.
And then PPE, which is personal protective equipment. Ideally, we want to use the controls at the top of the hierarchy, like removing the hazard as these don't rely on people remembering to do the right thing every time, like wearing correct PPE.
Abi: Yeah, I guess if we think about it almost like a funnel, isn't it? We want to start at the top of the hierarchy and if we can, we want to use the controls that almost take the people out of the decision-making process much more. So could you give us a practical example of working through the hierarchy, just to illustrate how that works?
Phil: Yeah. Let's say you've got a noisy machine that could cause hearing damage with prolonged exposure. You need to start by considering whether you can eliminate the need for the machine entirely by changing your process. If not, look at whether you could substitute it with a quieter machine. Next, explore whether you could isolate it by putting it in a separate room or enclosure. Then consider engineering controls like sound-dampening materials or barriers. If none of those fully solve it, you might limit exposure time or provide training. And as a last resort, you'd use PPE to provide hearing protection.
Abi: So in that example, you've mentioned that we might need to combine approaches, so it might take more than one of those controls to be able to manage the risk of the noisy machine. Is that a common approach?
Phil: Yes. Yeah. Very common. In reality, we rarely get perfect protection from one control. You might reduce the noise through engineering control, but it still leaves some exposure. So you could layer in administrative controls, like limiting how long anyone works near it, and maybe PPE is a backup. This is where we get into collective safety controls, measures that protect everyone in an area rather than relying on individuals to protect themselves.
Abi: Could you explain that a little bit more? So, explain what collective safety controls means a little bit more.
Phil: Yeah. Collective safety controls protect groups of people rather than relying on individual safety measures. Let's say you work in a warehouse and you have a loading bay where delivery drivers need to unload heavy boxes. A collective safety approach might include installing proper lighting so everyone can see clearly, marking safe walkways with bright lines, providing mechanical lifting aids like trolleys or pallet jacks for everyone to use, ensuring the loading dock has safety barriers and implementing a traffic management system, so vehicles and pedestrians don't conflict.
Abi: That makes sense as well. So like how you join up lots of different measures so that you're not just thinking about it in the context of maybe one group of individuals or one action. Is there anything else that you think that you might do in that context?
Phil: You'd also provide manual handling training for all staff. Establish weight limits for boxes that everyone understands. Create clear procedures for busy periods. This is collective because it protects every delivery driver, warehouse worker, and visitor in that area through the combination of physical controls, equipment and procedures. No one person has to remember to stay safe. Safety is built into how the whole area operates. It's much more effective than just giving individuals lifting belts or telling them to be careful because it addresses the risks at the system level.
Abi: A really good example that one, isn't it? How you can see or how all these different measures work together and because they're integrated within the workspace, it's not reliant on an individual to remember to wear something or do something specifically, like you say. It's almost just the way that the area is set up that keeps people safe. What would you say are the key principles for applying the hierarchy of control effectively?
Phil: Yeah. Elimination and substitution are most effective and most often cost effective long term. Don't jump straight to PPE, work systematically through the options and use multiple control measures together for comprehensive protection.
Abi: Thanks, Phil. That example has been really helpful. It's really good to work through the hierarchy of controls with you and understand how those different measures can work together. And like you say, not jumping to PPE right at the very bottom of the hierarchy, and starting with elimination and working through those options. It means that you can implement controls that provide long-term protection for teams.
Reflection: Think about a specific risk in your workplace. Try working through the hierarchy of control. Could you eliminate the hazard entirely? If not, could you substitute it with something safer?
Abi: So we've been working through our risk assessment process and we've identified any hazards. We've evaluated the risks, and we've looked to control the risk where we can. The next thing that we need to do is to document, communicate our findings effectively. Phil, can you tell us why it's really important to document risk controls?
Phil: Yeah. Documentation is your way of communicating risk information to everyone who needs it. It's no good having great risk controls if people don't know about them or understand how to use them. It helps track what's working and what isn't, and it ensures that safety knowledge doesn't walk out the door when people leave.
Abi: It's no good is it just doing a risk assessment and then essentially not telling anybody all of the things that you found and the controls that you want to put in place? So, how do we make sure that everybody knows about these controls and uses them properly?
Phil: Communication and consultation should happen throughout the process, and training is an important part of making controls work effectively. Start by explaining what you found, why action is needed. If we use our noisy machinery example from earlier, we'd let people know that prolonged exposure could cause hearing loss. People are more likely to follow measures when they understand the reasoning. If you can, consult on the practical options, your team might say, “We tried those ear defenders before and they don't fit properly with our safety glasses,” or “Could we reschedule the noisy work for when fewer people are around?” Once you've decided on controls, proper training is essential. Don't just hand out equipment or post new procedures. Show people how to use controls correctly, explain why and when they need to use them.
Abi: I guess if you get buy-in, essentially if people understand the rationale behind any controls that you've put in place, then people are much more likely to adhere to them. And if they've been involved in the process and it feels as though their opinions have been sought, then again, it's only going to mean that people are much more likely to use all of those controls effectively and much more proactively. The other thing that kind of pops in my mind is that things change quite a lot within organisations and I'm assuming that if things change, then risk assessments need updating. They're not a static activity. They're not one-off.
Phil: Yeah, absolutely. Several things should prompt an immediate review. Any instant, accident or near miss suggests your assessment might need updating. Changes to equipment, processes, or workplace lay-out, all would warrant a review. New legislation or industry guidance might require updates. Staff changes, especially if new people bring different experience levels or needs. Even if nothing obvious has changed, you need to schedule regular reviews, which is typically annually, but higher risk activities might need more frequent reviews. You need to listen to people too. If people are raising safety concerns or reporting new problems, this should also prompt a review.
Abi: That's really good to hear, Phil, that people should be really proactive around risk assessment and make sure that the risk assessment is valid.
And like you say, if anything changes, if there's any near misses or if people are reporting problems, then that should all be taken into consideration and the risks should be reviewed again. What would you say are the key things we need to remember about documenting risks and reviewing them?
Phil: Using clear, practical language that focuses on what people need to do. Treat risk assessments as living documents that need regular attention, not one-time exercises. And review whenever there are significant changes, incidents or planned intervals.
Abi: Thanks, Phil. That's just been really helpful to talk through the whole risk assessment process with you. You've broken it down into really simple steps that are easy to understand, and we now know that by building regular review and continuous improvement into management practices, it means risk assessments remain relevant and effective, and ultimately that means that we can help keep people safe in the workplace. So thank you very much for your time today. Much appreciated, and thank you for your insights. It's been really valuable.
Phil: Thanks, Abi.
Reflection: Think about your current approach to documenting risk assessments. Would a new employee understand the key risks and control measures from reading them?
Legislation:
In this section, we're going to cover risk assessment legislation in the European Union.
The European Union's approach to workplace risk assessment is established through the Framework Directive 89/391/EEC on Safety and Health at Work.
Employers must evaluate all risks to workers' safety and health, including risks from work equipment, chemical substances, and workplace design. Employers must consult workers and their representatives on all questions relating to safety and health at work, recognising that workers often have the best understanding of day-to-day risks and practical solutions.
Employers must maintain appropriate documentation of their risk assessments and the protective measures implemented. Assessments must be reviewed regularly and updated when circumstances change or new risks emerge.
Protection is also required for workers who are particularly sensitive to certain risks, including young workers, pregnant workers, and those with disabilities.
Member states have transposed this directive into their national laws, and specific implementation varies by country. Enforcement mechanisms and penalties differ by member state, with each country maintaining its own regulatory authority responsible for workplace safety compliance.
As with all workplace safety requirements, employees must cooperate with risk assessments, follow safety procedures, and report any hazards or unsafe conditions.
Abi: That brings us to the end of our lesson on risk assessment in the workplace. We've covered the fundamental difference between hazards and risks. A hazard is something that could cause harm while risk is the likelihood and severity of that harm occurring. You now understand why risk assessment matters and how it forms the foundation for preventing workplace incidents.
Now complete your final assessment to show what you've learned about risk assessment principles. You need to achieve 80% to pass, but you can revisit the material and retry if you need to.
Risk Assessment in the Workplace: UK (download transcript)
Abi: Welcome to your audio compliance learning, and thanks for joining us today. Before we get started, here's a quick overview. You are in charge of how you learn. You can listen right through from start to finish, jump into the sections you want to refresh or head straight to the final assessment if you're already feeling up to speed. At the end, you'll need to score 80% in the assessment to complete the lesson. And if you don't get there first time, then that's completely fine. You can try again as many times as you need.
Welcome to our lesson on risk assessment in the workplace. I'm Abi, and I'm your host for this lesson. We're going to explore your responsibilities for workplace risk assessment, understand why these are important, and learn the concepts that underpin effective risk assessment.
We'll give you the knowledge to identify risks and hazards in the workplace and how to protect yourself and your team. I'm joined by Phil today, who is a health and safety consultant with over 30 years experience in advising organisations how to create safe workplaces. Hi Phil. Thanks for joining us.
Phil: Hi, Abi. It's nice to be here.
Abi: Could you talk us through how managers and how organisations are responsible for risk assessment in the workplace? So how does that work at an organisational level?
Phil: Yes. As a manager or employer, you have the responsibility to keep your team safe. Risk assessment is about identifying what could go wrong and taking the steps to prevent it.
It's not about following rules, it's about creating a safe working environment. When somebody gets hurt at work, it affects them, their family, and the whole team. Good risk assessment helps you be proactive rather than reactive, preventing accidents from happening in the first place.
Abi: I think one of the questions that people always ask, are always wondering, is, what is the difference between a hazard and a risk? Could you explain the difference to us?
Phil: Yeah. A hazard is anything that could potentially cause harm, like a wet floor, a heavy box, or excessive workload. Risk is the likelihood that the hazard will actually cause harm, combined with how serious that harm could be. This helps you focus your efforts on the biggest risks first, rather than trying to eliminate every possible hazard, which isn't practical or necessary.
Abi: It's really useful to think about it that way, isn't it? About identifying what are the biggest risks, essentially, and like focusing efforts in to prevent those hazards causing harm. How does risk assessment work on a day-to-day basis?
Phil: Risk assessment isn't a once-a-year paperwork exercise. It's about developing a mindset where you think about what could go wrong and take steps to prevent it. Risk assessment isn't just a manager's job. The people doing the jobs often spot risks that aren't obvious from the outside. Remember, it's impossible to eliminate all risks. You need to identify significant risks and take reasonable steps to manage them.
Abi: Thanks, Phil. That's really helpful to understand. Could you just give us a quick summary of risk assessment principles?
Phil: Yeah. Risk assessment is about being proactive, preventing problems rather than reacting to them. Understanding hazards versus risks helps you prioritise your efforts and risk assessment is an ongoing responsibility, not a one-time task.
Abi: That's really great. So that just gives us a real clear understanding of our responsibilities, gives us a foundation for effective risk management. And then next we can move on to how we can identify those hazards in the workplace so that we can then manage those risks.
Reflection: Think about your current role and responsibilities. Have you thought about how risk assessment fits into your everyday tasks? Take a moment to consider are there areas where you could be more proactive in identifying and managing risks?
Abi: So now we understand our responsibilities around risk management and risk assessment. Let's focus on the practical skill of hazard identification. So, Phil, in a workplace, what are the main types of hazards that we should look out for?
Phil: There are several categories of hazards. Physical hazards, including things like slippery floors, moving machinery, or working at height. Chemical hazards cover everything from cleaning products to industrial chemicals. Ergonomic hazards, including things like poor workstation setup, repetitive tasks, or heavy lifting. Environmental hazards include noise, lighting, and temperature extremes. It's also worth thinking about psychological hazards such as excessive workloads, bullying or lack of support and any people hazards, like aggressive customers or colleagues.
Abi: It's really broad, isn't it? The potential for hazards. It's really useful to think about it in different contexts and different workplaces and where those hazards might appear or arise. Could you give us an example of how the same hazard might affect people differently depending on their circumstances?
Phil: Yeah, let's think about something as simple as stairs in a workplace. For most people, they're a minor consideration other than being a slip risk if they're wet. But for somebody with mobility issues, stairs could be a major barrier. For someone carrying heavy loads, that could become a manual handling risk.
If somebody's recovering from an injury, stairs might be more challenging. And a visitor in an emergency who doesn't know the alternative routes could be at higher risk. Good risk assessment considers not just the hazard, but who encounters it and under what circumstances.
Abi: It's a really good example, isn't it? It's something that we all encounter every day-to-day, and just considering how different people would interact with something as simple as a staircase. It really brings it home as to how stairs could present a hazard for different people. So if we're assessing risks, I'm assuming that there's a process that we would need to go through to be able to identify them. Can you talk us through that?
Phil: Yeah. There's basically a five-step risk assessment process. I'll go through the steps now. Step one is identifying hazards. Step two is evaluating the risks by considering likelihood and severity. Step three is controlling the risks. Step four is recording your findings clearly so that others can understand and act on them. Step five is reviewing and updating because workplaces change over time.
Abi: So we've talked about identifying hazards, which is step one. So should we talk a little bit more around how we evaluate risks?
Phil: Yeah. We use a simple risk matrix approach. For each hazard, ask how likely is it somebody could be harmed? Ask yourself questions like, has this happened before? Or what might make this more likely to happen? Assign a likelihood rating from low, which might be one, to high, which might be three, based on your assessment. Then think about the potential impact of the hazard. Would it result in a mild inconvenience, a moderate injury, or something more severe?
Then rate the severity from low, which might be one, to high, which might be three. Multiply the likelihood by the severity to get your score. This score guides you on the level of action required. You can use this to prioritise the risk controls you need to put in place.
Abi: I think sometimes those risk matrix and those assessment processes, sometimes it's a little bit difficult to get your head round, isn't it? Could you maybe give us as like a worked example, could you try and bring that to life for us as to how that works in reality?
Phil: Yeah. Let's say you're managing an office and you've identified a loose carpet tile near the main entrance as a hazard, first evaluate the likelihood. Ask yourself, has this happened before? Maybe not in your office, but trip hazards are common. What might make this more likely? it's right by the entrance where lots of people walk, especially during busy periods when people might be rushing or carrying objects. You probably rate this as high likelihood, so that's a three. Next, consider severity. If someone tripped, what's the worst realistic outcome? They might stumble and recover, or they could fall and get bruised, or in the worst case, fall heavily and break an ankle or a wrist. You probably rate this as a medium severity, so that's a two. If you multiply them three times two, that equals six. That's a high risk score that needs active control measures. Maybe getting the carpet tile fixed immediately, putting up a warning sign until it's repaired.
Abi: Thanks for that, Phil. That actually makes so much more sense when you can talk it through in a practical example. You can see how that actually plays out in reality in the workplace. What would you say are the essential points that we need to remember about evaluating risks?
Phil: Following the five step process. And use likelihood and severity to prioritise tasks to focus your efforts.
Abi: Thanks for this, Phil, that again, it clears up the process, I think. It makes it much easier to manage. If we're evaluating risks using a risk matrix, then it means that we're moving away from what could be a potentially overwhelming list of hazards into manageable priorities because we can identify those hazards that are more likely to cause a problem.
Reflection: Think about a specific area of your workplace. Try applying the risk evaluation process. Identify a hazard, assess its likelihood and severity, and determine its priority level. Does it highlight any risks you hadn't considered before?
Abi: So now we've identified and evaluated our risks, we need to work out how we can control them. The hierarchy of control gives us a framework for choosing the most effective measures to protect our teams. Phil, could you talk us through what the hierarchy of control is and why is it structured in the way that it is?
Phil: The hierarchy starts with elimination, so completely removing the hazard that's the most effective because there's no hazard, there's no risk.
Next is substitution. Replacing something dangerous with something safer. Then isolation, separating people from the hazard. And then further down the hierarchy, we have engineering controls, which use physical systems to reduce exposure. And then at the bottom of the hierarchy, we have administrative controls, which are policies and training.
And then PPE, which is personal protective equipment. Ideally, we want to use the controls at the top of the hierarchy, like removing the hazard as these don't rely on people remembering to do the right thing every time, like wearing correct PPE.
Abi: Yeah, I guess if we think about it almost like a funnel, isn't it? We want to start at the top of the hierarchy and if we can, we want to use the controls that almost take the people out of the decision-making process much more. So could you give us a practical example of working through the hierarchy, just to illustrate how that works?
Phil: Yeah. Let's say you've got a noisy machine that could cause hearing damage with prolonged exposure. You need to start by considering whether you can eliminate the need for the machine entirely by changing your process. If not, look at whether you could substitute it with a quieter machine. Next, explore whether you could isolate it by putting it in a separate room or enclosure. Then consider engineering controls like sound-dampening materials or barriers. If none of those fully solve it, you might limit exposure time or provide training. And as a last resort, you'd use PPE to provide hearing protection.
Abi: So in that example, you've mentioned that we might need to combine approaches, so it might take more than one of those controls to be able to manage the risk of the noisy machine. Is that a common approach?
Phil: Yes. Yeah. Very common. In reality, we rarely get perfect protection from one control. You might reduce the noise through engineering control, but it still leaves some exposure. So you could layer in administrative controls, like limiting how long anyone works near it, and maybe PPE is a backup. This is where we get into collective safety controls, measures that protect everyone in an area rather than relying on individuals to protect themselves.
Abi: Could you explain that a little bit more? So, explain what collective safety controls means a little bit more.
Phil: Yeah. Collective safety controls protect groups of people rather than relying on individual safety measures. Let's say you work in a warehouse and you have a loading bay where delivery drivers need to unload heavy boxes. A collective safety approach might include installing proper lighting so everyone can see clearly, marking safe walkways with bright lines, providing mechanical lifting aids like trolleys or pallet jacks for everyone to use, ensuring the loading dock has safety barriers and implementing a traffic management system, so vehicles and pedestrians don't conflict.
Abi: That makes sense as well. So like how you join up lots of different measures so that you're not just thinking about it in the context of maybe one group of individuals or one action. Is there anything else that you think that you might do in that context?
Phil: You'd also provide manual handling training for all staff. Establish weight limits for boxes that everyone understands. Create clear procedures for busy periods. This is collective because it protects every delivery driver, warehouse worker, and visitor in that area through the combination of physical controls, equipment and procedures. No one person has to remember to stay safe. Safety is built into how the whole area operates. It's much more effective than just giving individuals lifting belts or telling them to be careful because it addresses the risks at the system level.
Abi: A really good example that one, isn't it? How you can see or how all these different measures work together and because they're integrated within the workspace, it's not reliant on an individual to remember to wear something or do something specifically, like you say. It's almost just the way that the area is set up that keeps people safe. What would you say are the key principles for applying the hierarchy of control effectively?
Phil: Yeah. Elimination and substitution are most effective and most often cost effective long term. Don't jump straight to PPE, work systematically through the options and use multiple control measures together for comprehensive protection.
Abi: Thanks, Phil. That example has been really helpful. It's really good to work through the hierarchy of controls with you and understand how those different measures can work together. And like you say, not jumping to PPE right at the very bottom of the hierarchy, and starting with elimination and working through those options. It means that you can implement controls that provide long-term protection for teams.
Reflection: Think about a specific risk in your workplace. Try working through the hierarchy of control. Could you eliminate the hazard entirely? If not, could you substitute it with something safer?
Abi: So we've been working through our risk assessment process and we've identified any hazards. We've evaluated the risks, and we've looked to control the risk where we can. The next thing that we need to do is to document, communicate our findings effectively. Phil, can you tell us why it's really important to document risk controls?
Phil: Yeah. Documentation is your way of communicating risk information to everyone who needs it. It's no good having great risk controls if people don't know about them or understand how to use them. It helps track what's working and what isn't, and it ensures that safety knowledge doesn't walk out the door when people leave.
Abi: It's no good is it just doing a risk assessment and then essentially not telling anybody all of the things that you found and the controls that you want to put in place? So, how do we make sure that everybody knows about these controls and uses them properly?
Phil: Communication and consultation should happen throughout the process, and training is an important part of making controls work effectively. Start by explaining what you found, why action is needed. If we use our noisy machinery example from earlier, we'd let people know that prolonged exposure could cause hearing loss. People are more likely to follow measures when they understand the reasoning. If you can, consult on the practical options, your team might say, “We tried those ear defenders before and they don't fit properly with our safety glasses,” or “Could we reschedule the noisy work for when fewer people are around?” Once you've decided on controls, proper training is essential. Don't just hand out equipment or post new procedures. Show people how to use controls correctly, explain why and when they need to use them.
Abi: I guess if you get buy-in, essentially if people understand the rationale behind any controls that you've put in place, then people are much more likely to adhere to them. And if they've been involved in the process and it feels as though their opinions have been sought, then again, it's only going to mean that people are much more likely to use all of those controls effectively and much more proactively. The other thing that kind of pops in my mind is that things change quite a lot within organisations and I'm assuming that if things change, then risk assessments need updating. They're not a static activity. They're not one-off.
Phil: Yeah, absolutely. Several things should prompt an immediate review. Any instant, accident or near miss suggests your assessment might need updating. Changes to equipment, processes, or workplace lay-out, all would warrant a review. New legislation or industry guidance might require updates. Staff changes, especially if new people bring different experience levels or needs. Even if nothing obvious has changed, you need to schedule regular reviews, which is typically annually, but higher risk activities might need more frequent reviews. You need to listen to people too. If people are raising safety concerns or reporting new problems, this should also prompt a review.
Abi: That's really good to hear, Phil, that people should be really proactive around risk assessment and make sure that the risk assessment is valid.
And like you say, if anything changes, if there's any near misses or if people are reporting problems, then that should all be taken into consideration and the risks should be reviewed again. What would you say are the key things we need to remember about documenting risks and reviewing them?
Phil: Using clear, practical language that focuses on what people need to do. Treat risk assessments as living documents that need regular attention, not one-time exercises. And review whenever there are significant changes, incidents or planned intervals.
Abi: Thanks, Phil. That's just been really helpful to talk through the whole risk assessment process with you. You've broken it down into really simple steps that are easy to understand, and we now know that by building regular review and continuous improvement into management practices, it means risk assessments remain relevant and effective, and ultimately that means that we can help keep people safe in the workplace. So thank you very much for your time today. Much appreciated, and thank you for your insights. It's been really valuable.
Phil: Thanks, Abi.
Reflection: Think about your current approach to documenting risk assessments. Would a new employee understand the key risks and control measures from reading them?
Legislation:
In this section, we're going to cover risk assessment legislation in the United Kingdom.
In the UK, workplace risk assessment is a legal requirement under the Management of Health and Safety at Work Regulations 1999. These regulations apply across England, Wales, Scotland, and Northern Ireland.
The regulations require every employer to make an assessment of the risks to the health and safety of their employees. This applies to all employers, regardless of size or industry sector.
Risk assessments must be suitable and sufficient. They don't need to be perfect, but they must be adequate and identify any measures needed to comply with health and safety law.
Employers with five or more employees must record the findings of their risk assessment and identify any groups of employees who are particularly at risk. This includes considerations for young workers, pregnant workers, and those with disabilities.
The Health and Safety Executive emphasizes that assessments should be living documents, reviewed when circumstances change, after incidents, or at regular intervals to ensure they remain current and effective.
Employers who fail to conduct adequate risk assessments can face prosecution and significant fines. Serious breaches can result in unlimited fines and, in cases involving fatalities or serious injuries, criminal prosecution.
While employers carry the primary legal responsibility, employees must cooperate with risk assessments, follow safety procedures, and report hazards or concerns they identify.
Abi: That brings us to the end of our lesson on risk assessment in the workplace. We've covered the fundamental difference between hazards and risks. A hazard is something that could cause harm while risk is the likelihood and severity of that harm occurring. You now understand why risk assessment matters and how it forms the foundation for preventing workplace incidents.
Now complete your final assessment to show what you've learned about risk assessment principles. You need to achieve 80% to pass, but you can revisit the material and retry if you need to.
Risk Assessment in the Workplace: US (download transcript)
Abi: Welcome to your audio compliance learning, and thanks for joining us today. Before we get started, here's a quick overview. You are in charge of how you learn. You can listen right through from start to finish, jump into the sections you want to refresh or head straight to the final assessment if you're already feeling up to speed. At the end, you'll need to score 80% in the assessment to complete the lesson. And if you don't get there first time, then that's completely fine. You can try again as many times as you need.
Welcome to our lesson on risk assessment in the workplace. I'm Abi, and I'm your host for this lesson. We're going to explore your responsibilities for workplace risk assessment, understand why these are important, and learn the concepts that underpin effective risk assessment.
We'll give you the knowledge to identify risks and hazards in the workplace and how to protect yourself and your team. I'm joined by Phil today, who is a health and safety consultant with over 30 years experience in advising organisations how to create safe workplaces. Hi Phil. Thanks for joining us.
Phil: Hi, Abi. It's nice to be here.
Abi: Could you talk us through how managers and how organisations are responsible for risk assessment in the workplace? So how does that work at an organisational level?
Phil: Yes. As a manager or employer, you have the responsibility to keep your team safe. Risk assessment is about identifying what could go wrong and taking the steps to prevent it.
It's not about following rules, it's about creating a safe working environment. When somebody gets hurt at work, it affects them, their family, and the whole team. Good risk assessment helps you be proactive rather than reactive, preventing accidents from happening in the first place.
Abi: I think one of the questions that people always ask, are always wondering, is, what is the difference between a hazard and a risk? Could you explain the difference to us?
Phil: Yeah. A hazard is anything that could potentially cause harm, like a wet floor, a heavy box, or excessive workload. Risk is the likelihood that the hazard will actually cause harm, combined with how serious that harm could be. This helps you focus your efforts on the biggest risks first, rather than trying to eliminate every possible hazard, which isn't practical or necessary.
Abi: It's really useful to think about it that way, isn't it? About identifying what are the biggest risks, essentially, and like focusing efforts in to prevent those hazards causing harm. How does risk assessment work on a day-to-day basis?
Phil: Risk assessment isn't a once-a-year paperwork exercise. It's about developing a mindset where you think about what could go wrong and take steps to prevent it. Risk assessment isn't just a manager's job. The people doing the jobs often spot risks that aren't obvious from the outside. Remember, it's impossible to eliminate all risks. You need to identify significant risks and take reasonable steps to manage them.
Abi: Thanks, Phil. That's really helpful to understand. Could you just give us a quick summary of risk assessment principles?
Phil: Yeah. Risk assessment is about being proactive, preventing problems rather than reacting to them. Understanding hazards versus risks helps you prioritise your efforts and risk assessment is an ongoing responsibility, not a one-time task.
Abi: That's really great. So that just gives us a real clear understanding of our responsibilities, gives us a foundation for effective risk management. And then next we can move on to how we can identify those hazards in the workplace so that we can then manage those risks.
Reflection: Think about your current role and responsibilities. Have you thought about how risk assessment fits into your everyday tasks? Take a moment to consider are there areas where you could be more proactive in identifying and managing risks?
Abi: So now we understand our responsibilities around risk management and risk assessment. Let's focus on the practical skill of hazard identification. So, Phil, in a workplace, what are the main types of hazards that we should look out for?
Phil: There are several categories of hazards. Physical hazards, including things like slippery floors, moving machinery, or working at height. Chemical hazards cover everything from cleaning products to industrial chemicals. Ergonomic hazards, including things like poor workstation setup, repetitive tasks, or heavy lifting. Environmental hazards include noise, lighting, and temperature extremes. It's also worth thinking about psychological hazards such as excessive workloads, bullying or lack of support and any people hazards, like aggressive customers or colleagues.
Abi: It's really broad, isn't it? The potential for hazards. It's really useful to think about it in different contexts and different workplaces and where those hazards might appear or arise. Could you give us an example of how the same hazard might affect people differently depending on their circumstances?
Phil: Yeah, let's think about something as simple as stairs in a workplace. For most people, they're a minor consideration other than being a slip risk if they're wet. But for somebody with mobility issues, stairs could be a major barrier. For someone carrying heavy loads, that could become a manual handling risk.
If somebody's recovering from an injury, stairs might be more challenging. And a visitor in an emergency who doesn't know the alternative routes could be at higher risk. Good risk assessment considers not just the hazard, but who encounters it and under what circumstances.
Abi: It's a really good example, isn't it? It's something that we all encounter every day-to-day, and just considering how different people would interact with something as simple as a staircase. It really brings it home as to how stairs could present a hazard for different people. So if we're assessing risks, I'm assuming that there's a process that we would need to go through to be able to identify them. Can you talk us through that?
Phil: Yeah. There's basically a five-step risk assessment process. I'll go through the steps now. Step one is identifying hazards. Step two is evaluating the risks by considering likelihood and severity. Step three is controlling the risks. Step four is recording your findings clearly so that others can understand and act on them. Step five is reviewing and updating because workplaces change over time.
Abi: So we've talked about identifying hazards, which is step one. So should we talk a little bit more around how we evaluate risks?
Phil: Yeah. We use a simple risk matrix approach. For each hazard, ask how likely is it somebody could be harmed? Ask yourself questions like, has this happened before? Or what might make this more likely to happen? Assign a likelihood rating from low, which might be one, to high, which might be three, based on your assessment. Then think about the potential impact of the hazard. Would it result in a mild inconvenience, a moderate injury, or something more severe?
Then rate the severity from low, which might be one, to high, which might be three. Multiply the likelihood by the severity to get your score. This score guides you on the level of action required. You can use this to prioritise the risk controls you need to put in place.
Abi: I think sometimes those risk matrix and those assessment processes, sometimes it's a little bit difficult to get your head round, isn't it? Could you maybe give us as like a worked example, could you try and bring that to life for us as to how that works in reality?
Phil: Yeah. Let's say you're managing an office and you've identified a loose carpet tile near the main entrance as a hazard, first evaluate the likelihood. Ask yourself, has this happened before? Maybe not in your office, but trip hazards are common. What might make this more likely? it's right by the entrance where lots of people walk, especially during busy periods when people might be rushing or carrying objects. You probably rate this as high likelihood, so that's a three. Next, consider severity. If someone tripped, what's the worst realistic outcome? They might stumble and recover, or they could fall and get bruised, or in the worst case, fall heavily and break an ankle or a wrist. You probably rate this as a medium severity, so that's a two. If you multiply them three times two, that equals six. That's a high risk score that needs active control measures. Maybe getting the carpet tile fixed immediately, putting up a warning sign until it's repaired.
Abi: Thanks for that, Phil. That actually makes so much more sense when you can talk it through in a practical example. You can see how that actually plays out in reality in the workplace. What would you say are the essential points that we need to remember about evaluating risks?
Phil: Following the five step process. And use likelihood and severity to prioritise tasks to focus your efforts.
Abi: Thanks for this, Phil, that again, it clears up the process, I think. It makes it much easier to manage. If we're evaluating risks using a risk matrix, then it means that we're moving away from what could be a potentially overwhelming list of hazards into manageable priorities because we can identify those hazards that are more likely to cause a problem.
Reflection: Think about a specific area of your workplace. Try applying the risk evaluation process. Identify a hazard, assess its likelihood and severity, and determine its priority level. Does it highlight any risks you hadn't considered before?
Abi: So now we've identified and evaluated our risks, we need to work out how we can control them. The hierarchy of control gives us a framework for choosing the most effective measures to protect our teams. Phil, could you talk us through what the hierarchy of control is and why is it structured in the way that it is?
Phil: The hierarchy starts with elimination, so completely removing the hazard that's the most effective because there's no hazard, there's no risk.
Next is substitution. Replacing something dangerous with something safer. Then isolation, separating people from the hazard. And then further down the hierarchy, we have engineering controls, which use physical systems to reduce exposure. And then at the bottom of the hierarchy, we have administrative controls, which are policies and training.
And then PPE, which is personal protective equipment. Ideally, we want to use the controls at the top of the hierarchy, like removing the hazard as these don't rely on people remembering to do the right thing every time, like wearing correct PPE.
Abi: Yeah, I guess if we think about it almost like a funnel, isn't it? We want to start at the top of the hierarchy and if we can, we want to use the controls that almost take the people out of the decision-making process much more. So could you give us a practical example of working through the hierarchy, just to illustrate how that works?
Phil: Yeah. Let's say you've got a noisy machine that could cause hearing damage with prolonged exposure. You need to start by considering whether you can eliminate the need for the machine entirely by changing your process. If not, look at whether you could substitute it with a quieter machine. Next, explore whether you could isolate it by putting it in a separate room or enclosure. Then consider engineering controls like sound-dampening materials or barriers. If none of those fully solve it, you might limit exposure time or provide training. And as a last resort, you'd use PPE to provide hearing protection.
Abi: So in that example, you've mentioned that we might need to combine approaches, so it might take more than one of those controls to be able to manage the risk of the noisy machine. Is that a common approach?
Phil: Yes. Yeah. Very common. In reality, we rarely get perfect protection from one control. You might reduce the noise through engineering control, but it still leaves some exposure. So you could layer in administrative controls, like limiting how long anyone works near it, and maybe PPE is a backup. This is where we get into collective safety controls, measures that protect everyone in an area rather than relying on individuals to protect themselves.
Abi: Could you explain that a little bit more? So, explain what collective safety controls means a little bit more.
Phil: Yeah. Collective safety controls protect groups of people rather than relying on individual safety measures. Let's say you work in a warehouse and you have a loading bay where delivery drivers need to unload heavy boxes. A collective safety approach might include installing proper lighting so everyone can see clearly, marking safe walkways with bright lines, providing mechanical lifting aids like trolleys or pallet jacks for everyone to use, ensuring the loading dock has safety barriers and implementing a traffic management system, so vehicles and pedestrians don't conflict.
Abi: That makes sense as well. So like how you join up lots of different measures so that you're not just thinking about it in the context of maybe one group of individuals or one action. Is there anything else that you think that you might do in that context?
Phil: You'd also provide manual handling training for all staff. Establish weight limits for boxes that everyone understands. Create clear procedures for busy periods. This is collective because it protects every delivery driver, warehouse worker, and visitor in that area through the combination of physical controls, equipment and procedures. No one person has to remember to stay safe. Safety is built into how the whole area operates. It's much more effective than just giving individuals lifting belts or telling them to be careful because it addresses the risks at the system level.
Abi: A really good example that one, isn't it? How you can see or how all these different measures work together and because they're integrated within the workspace, it's not reliant on an individual to remember to wear something or do something specifically, like you say. It's almost just the way that the area is set up that keeps people safe. What would you say are the key principles for applying the hierarchy of control effectively?
Phil: Yeah. Elimination and substitution are most effective and most often cost effective long term. Don't jump straight to PPE, work systematically through the options and use multiple control measures together for comprehensive protection.
Abi: Thanks, Phil. That example has been really helpful. It's really good to work through the hierarchy of controls with you and understand how those different measures can work together. And like you say, not jumping to PPE right at the very bottom of the hierarchy, and starting with elimination and working through those options. It means that you can implement controls that provide long-term protection for teams.
Reflection: Think about a specific risk in your workplace. Try working through the hierarchy of control. Could you eliminate the hazard entirely? If not, could you substitute it with something safer?
Abi: So we've been working through our risk assessment process and we've identified any hazards. We've evaluated the risks, and we've looked to control the risk where we can. The next thing that we need to do is to document, communicate our findings effectively. Phil, can you tell us why it's really important to document risk controls?
Phil: Yeah. Documentation is your way of communicating risk information to everyone who needs it. It's no good having great risk controls if people don't know about them or understand how to use them. It helps track what's working and what isn't, and it ensures that safety knowledge doesn't walk out the door when people leave.
Abi: It's no good is it just doing a risk assessment and then essentially not telling anybody all of the things that you found and the controls that you want to put in place? So, how do we make sure that everybody knows about these controls and uses them properly?
Phil: Communication and consultation should happen throughout the process, and training is an important part of making controls work effectively. Start by explaining what you found, why action is needed. If we use our noisy machinery example from earlier, we'd let people know that prolonged exposure could cause hearing loss. People are more likely to follow measures when they understand the reasoning. If you can, consult on the practical options, your team might say, “We tried those ear defenders before and they don't fit properly with our safety glasses,” or “Could we reschedule the noisy work for when fewer people are around?” Once you've decided on controls, proper training is essential. Don't just hand out equipment or post new procedures. Show people how to use controls correctly, explain why and when they need to use them.
Abi: I guess if you get buy-in, essentially if people understand the rationale behind any controls that you've put in place, then people are much more likely to adhere to them. And if they've been involved in the process and it feels as though their opinions have been sought, then again, it's only going to mean that people are much more likely to use all of those controls effectively and much more proactively. The other thing that kind of pops in my mind is that things change quite a lot within organisations and I'm assuming that if things change, then risk assessments need updating. They're not a static activity. They're not one-off.
Phil: Yeah, absolutely. Several things should prompt an immediate review. Any instant, accident or near miss suggests your assessment might need updating. Changes to equipment, processes, or workplace lay-out, all would warrant a review. New legislation or industry guidance might require updates. Staff changes, especially if new people bring different experience levels or needs. Even if nothing obvious has changed, you need to schedule regular reviews, which is typically annually, but higher risk activities might need more frequent reviews. You need to listen to people too. If people are raising safety concerns or reporting new problems, this should also prompt a review.
Abi: That's really good to hear, Phil, that people should be really proactive around risk assessment and make sure that the risk assessment is valid.
And like you say, if anything changes, if there's any near misses or if people are reporting problems, then that should all be taken into consideration and the risks should be reviewed again. What would you say are the key things we need to remember about documenting risks and reviewing them?
Phil: Using clear, practical language that focuses on what people need to do. Treat risk assessments as living documents that need regular attention, not one-time exercises. And review whenever there are significant changes, incidents or planned intervals.
Abi: Thanks, Phil. That's just been really helpful to talk through the whole risk assessment process with you. You've broken it down into really simple steps that are easy to understand, and we now know that by building regular review and continuous improvement into management practices, it means risk assessments remain relevant and effective, and ultimately that means that we can help keep people safe in the workplace. So thank you very much for your time today. Much appreciated, and thank you for your insights. It's been really valuable.
Phil: Thanks, Abi.
Reflection: Think about your current approach to documenting risk assessments. Would a new employee understand the key risks and control measures from reading them?
Legislation:
In this section, we're going to cover risk assessment regulations in the United States.
In the United States, workplace risk assessment requirements are primarily governed by the Occupational Safety and Health Administration, commonly known as OSHA. Under the Occupational Safety and Health Act of 1970, employers have a duty to provide a safe workplace for their employees.
The cornerstone of US workplace safety law is the General Duty Clause. This requires employers to provide a workplace that is free from recognized hazards that may cause death or serious physical harm.
Risk assessment is not a one-time activity. Employers must continuously evaluate workplace conditions as operations change, new equipment is introduced, or incidents occur.
OSHA expects employers to identify potential hazards, evaluate the likelihood and severity of harm, implement appropriate controls, and regularly review their assessments. For certain specific hazards, OSHA has detailed standards that include specific risk assessment requirements.
Failure to conduct adequate risk assessments can result in citations and penalties. OSHA violations can result in fines ranging from a few thousand dollars for less serious violations to tens of thousands of dollars for willful or repeated violations.
Employees have the right to participate in workplace inspections and report hazards without fear of retaliation. They must also follow established safety procedures and use provided protective equipment.
Abi: That brings us to the end of our lesson on risk assessment in the workplace. We've covered the fundamental difference between hazards and risks. A hazard is something that could cause harm while risk is the likelihood and severity of that harm occurring. You now understand why risk assessment matters and how it forms the foundation for preventing workplace incidents.
Now complete your final assessment to show what you've learned about risk assessment principles. You need to achieve 80% to pass, but you can revisit the material and retry if you need to.