General Risk Assessments

Useful links

FAQs

FAQ
 
More FAQs on risk assessment are available on the Health & Safety Executive's web site that you can link to here. They include:
  • What is a hazard?
  • What is risk?
  • What are significant risks?
  • Who should my risk assessment cover?
  • What do I need to record?
  • What does 'reasonably practicable' mean?
  • What is the hierarchy of control?
  • When should I review my risk assessment?
  • What is the difference between a risk assessment and a method statement?
  • What responsibilities do my employees have?

Undertake a risk assessment

Where it has been identified there is a significant risk to a person's health, safety or wellbeing arising from a work activity then a risk assessment detailing what the risk is and how it is controlled should be readily available (this is a legal requirement). 

The following publication from the Health and Safety Executive (HSE) provides general guidance on how to undertake a risk assessment and is recognised as good practice.  Please refer to this guidance for advice when undertaking your own risk assessments. 

Managers and headteachers must follow the steps outlined in the above guidance when undertaking risk assessments i.e.:

  • Identify the hazards
  • Decide who might be harmed
  • Evaluate the risks 
  • Record your significant findings
  • Regularly review your risk assessment

Please also see our Forms, Templates and General Risk Assessments which are based on the HSE's guidance. These can be used to help document your own risk assessments.

Important notes for managers and headteachers:

  • New work activities must be risk assessed prior to commencement to ensure that any significant risk(s) is adequately controlled and that sufficient information has been communicated to all those affected.
  • Superseded risk assessments should be archived, as reference to them may be required in future years when systems change or for use in legal proceedings. Please see our retention of records procedure for further information.
  • Procedures must be in place for staff to report any problems with risk assessments and for progressing any remedial action required. 
  • Risk Assessments must be brought to the attention of anyone who may be affected by them. They should be discussed at staff meetings or in local staff training sessions and should be brought to the attention of new employees at induction.
  • Employees temporarily taking over responsibility for a particular task should be told to familiarise themselves with any associated risk assessments and control measures e.g. booking in & out systems when travelling away from base; wearing hard hats on a construction site.
REMEMBER: Your controls will only work if you inform, instruct and train employees in how to use them!
  • All risk assessments need to be reviewed regularly, the frequency should be based on the remaining level of risk and types of control measures in place.  Managers and headteachers should review their risk assessments, at least:
    • annually for the non-technical aspects of a fire risk assessment
    • every 3 years for task risk assessments and the technical aspects of a fire risk assessment
    • every 5 years for COSHH risk assessments
  • or review when they are no longer valid, or if there has been a significant change.
  • For further information on when to review your risk assessments please see the FAQs on the HSE web site here.
Important Notes for Services who are externally accredited to ISO 45001
If you are a service that is externally accredited to the ISO 45001 standard you must use the  ISO 45001 Accredited Risk Assessment Pro-forma (which includes risk ratings) to record your risk assessments. There is also a separate pro-forma available for 'Fire Risk Assessments' which includes risk ratings for externally accredited services to use. 
 
You must also record your process for considering the hierarchy of controls using the Hierarchy of Control ISO 45001 Accredited  pro-forma. (Always work down the hierarchy of control from the top to the bottom, with personal protective equipment being one of the last options). You must be able to clearly evidence that the hierarchy of controls has been applied and that the control measures have assisted in reducing the overall level of risk. If you cannot show this evidence your service may receive a 'non-conformance' at audit.
 
The best way to evidence that a control measure has assisted in reducing the level of risk is to use a risk rating matrix such as the one in the  ISO 45001 Accredited Risk Assessment Pro-forma.  Details of how to use this form is available in the Guidance on completing the ISO 45001 Accredited Pro-forma
 
Using Risk Ratings (Externally Accredited Services only)
Externally accredited services use risk ratings as part of their risk assessment process. It should be noted that even after all your control measures have been implemented some residual risk usually remains. You will need to categorise any remaining risk as being:
  • intolerable;
  • high;
  • medium;
  • low; or
  • insignificant.
It may be helpful to refer to accident and ill health records in this process. Also, consider whether everything the law requires has been done.

Any risk assessment that leaves you with a high or intolerable level of risk is not acceptable and requires further review before any activities commence. Assistance and advice may need to be sought from suitably qualified and experienced persons to decide on what methods would be acceptable in order to reduce the risk.

Any risk assessment with a medium level of risk is acceptable providing the assessment identifies whether further actions are required. This may be specific supervision on site or additional on-site reviews to assist in achieving a lower risk rating.

Risk assessments with low levels of risk are acceptable, however, these must be subject to regular review if risk levels are to be reduced still further or eliminated altogether.

Back to top

What is a risk assessment?

A risk assessment is nothing more than a careful examination of what, in your work, could cause harm to people, so that you can weigh-up whether you have taken enough precautions, taking into account what is "reasonably practicable", or  whether you should do more to prevent harm.

There are different types of risk assessment i.e.:
  • Task Risk Assessments –covering a single task or operation that may be undertaken regularly e.g. home visits, cleaning gutters at a school.
  • Specific Risk Assessment – usually produced for a single one-off operation or event e.g. school fete, moving office.
  • Workplace Risk Assessment – covering all the hazards present within a specific workplace or premises and any routine activities that take place there e.g. in a Day Centre. However, it should be borne in mind that any additional or new activities introduced to the workplace will need to have either task risk assessments completed for them, or the Workplace Risk Assessment will need to be updated to include them.
  • Dynamic or Mental Risk Assessment – conducted at the point of undertaking a particular activity.  Individual experience, training and skills are used to assess the level of risk and any controls required. This assessment is not formally recorded. e.g. Agile worker using different touch down facilities.

Back to top

When should I undertake a risk assessment?

When you or others e.g. employees have identified hazards and in your judgment there is a significant risk of an accident or incident if nothing is done to control it.

Managers must also assess risks that may arise during periods of significant change, and plan how those risks will be managed and controlled.  Examples may include: the major changes that arise from an office move, or a restructure, or a change to work processes, or a major change to practices and their impacts on operations, processes and activities.  LCC's risk assessment pro-forma can be used to identify risks and to document how they will be controlled. See our Forms, Templates and General Risk Assessments above.

Example: The types of risk that may be considered as part of an office move include manual handling of furniture & office supplies, overfilling storage boxes, stress, adequacy of design of the new office areas, storage facilities, adequacy of emergency escape routes, space, lighting, etc, for the work being undertaken, adequacy of IT network points and power points for the work equipment being used (this list is not exhaustive).

Back to top

What are control measures?

Any risk to health and safety should be either eliminated at source or adequately controlled to reduce the risk to a reasonable level.  The means by which we do this are often termed as ‘control measures’.  It can sometimes help by considering these as 3 different groups:-

1.  Technical Control Measures e.g. suitable design of work areas, machinery, equipment, suitable guards, fencing, emergency stop buttons, extractor fans, air con systems and emergency electrical cut-out systems.

2.  Procedural Control Measures e.g. demarcation of areas to keep clear, warning signage, permit-to-work systems for high risk operations, safe systems of work or local procedures to be followed such as booking in and out systems or wear specific personal protective equipment (PPE) when undertaking a specific task.

3.  Behavioural Control Measures e.g. the provision of adequate information, instruction, training and supervision.  Ensuring work tasks are within the capabilities of the staff chosen to do them.  Making staff aware of the risk and the potential consequences of not following safety procedures for the work they do.

A combination of the above will usually be required dependant on the risks involved and the practicality of applying such measures.

Services accredited to ISO 45001 must also record their process of considering the hierarchy of control using the Hierarchy of Control ISO 45001 Accredited pro-forma.

Back to top

Do I need to use Risk Ratings?

Risk ratings are not a legal requirement. Non-accredited services e.g. schools, libraries and day centres, do not need to use a risk rating in their risk assessments and are advised to use the LCC Basic Risk Assessment Pro-forma to record their risk assessments.

For externally accredited services risk ratings must be included in their risk assessments. They are a good way of evidencing the effectiveness of control measures e.g. if prior to any controls being implemented the risk rating is 'Intolerable' or 'High', and then after the controls have been considered the risk rating drops to 'Moderate', 'Low' or 'Insignificant', then you can demonstrate how well the controls are working in theory.  However, you must still ensure the controls are working in practice by observing staff using them and asking them for feedback on how easy they are to use.

Please see the associated Forms and Templates section of this page.
 

What are manager's / headteacher's responsibilities regarding risk assessment?

It is each manager's / headteacher's responsibility to ensure that risk assessments are:

  • Carried out for any tasks/activities undertaken by staff, or third parties e.g. contractors, for whom they are responsible (this can be done either by themselves or delegated to another competent person);
  • Reviewed regularly:
    • annually is recommended for the non-technical aspects of a fire risk assessment
    • 3 yearly for task risk assessments and the technical aspects of a fire risk assessment
    • 5 yearly for COSHH risk assessments
  • or review when they are no longer valid, or if there has been a significant change.