Risk Assessment Guide – Does Your Business Conform?

This post is part of the “Focus on Health and Safety Audit Questions” series. A series which focuses on questions asked by our health and safety consultants when conducting a health and safety audit.


i. Is there evidence that there are risk assessments for all activities, are specific and signed by a competent person. Auditor to also check that that the risk assessments have been reviewed annually.

ii. Are there risk assessments specifically for maintenance activities. Are they sufficient to protect employees?

iii. Check that job specific manual handling assessments have been completed, where required, and kept under review. These are in addition to the generic assessments.

iv. Check that risk assessment are completed / available for work at height (e.g. high level cleans, changing light bulbs etc). Management must be able to demonstrate the process for identifying high level work where a risk assessment would be required.

v. Check that New or Expectant Mother risk assessments have been carried out and are kept under review.

vi. Check that risk assessment are completed / available for work at height (e.g. high level cleans, changing light bulbs etc). Management must be able to demonstrate the process for identifying high level work where a risk assessment would be required.

vii. Check that young persons risk assessments have been carried out and are kept under review for all staff under the age of 18 years.

Reason for These Tests

It is required by law, to carry out risk assessments of the work and activities that is carried out within a business.

Possible Answers

Red: Risk assessments not being carried out or followed or staff unaware of additional risks
Amber: Some evidence of risk assessments available, or risk assessments available but requires updating
Green: Risk assessments available and up to date

Common Issues

  • No risk assessments found
  • Risk assessments not reviewed
  • No risk assessments training
  • No evidence of site specific risk assessments

Fail Rate

64% of businesses failed this question based on our sample data.

How to Stay Compliant

Ensure you have risk assessments in place, they are reviewed and followed.


The below information is based on DDS International’s risk assessment methods, which are inline with the HSE’s guidelines and use of the PYRAMID™ Risk Management System

Introducing Risk Assessments

Risk assessment is the process of thinking about the activities that are carried out in the workplace and trying to decide upon how much of a risk any particular activity represents. Risk is part of everyone’s day to day life, and whilst everything we do is relatively low risk, some risks cannot be avoided but we can put things in place to manage them effectively!

This section of the articles gives explanation of key ideas in carrying out risk assessment and how this is applied in your workplace.

We are required, by law, to carry out risk assessments of the work and activities that is carried out. This has been made far simpler for many location and activities as we have prepared a complete set of “generic” risk assessments which have been created based on the known hazards and controls that are typical throughout the operation.

However, while the “generic” risk assessments cover the key areas of risk, they are not specific to individual locations or activities and without exception every location or activity that we operate will have varying levels of differences in relation to the building, its structure, its use, and the people who visit it and so on.

Therefore, generic risk assessments should be updated, so that they can be made location or activity specific.

The DDS International PYRAMID™ system and the health and safety management system manual are used as the main record of controls, or working instructions, that detail how team members should work to avoid injury or illness.

Every duty manager is responsible for ensuring that those working under his/her supervision are following the controls that are set out in the manual.

If a job or task is specific to a particular location, or requires a method of working that is different to the one set out in the manual, a location or task specific risk assessment is required.

For example,
The stockroom is located on the second floor. The delivery receipt area is on the ground floor. There is no lift in the location and therefore the only method of storing away deliveries and collecting stock is to carry the stock up and down the stairs. There are a number of additional controls that are required to make sure team members are not injured, or do not have an accident. Therefore, a location specific risk assessment is required to review manual handling issues.

For a one-off job, if the overall level of risk is low there is no need to record this providing that we can be sure that any necessary controls are being followed. If the job or task is likely to occur often and/or the level of risk is high, the assessment made should be recorded.

For example,
A special event was being held and some local professional footballers were attending the location. A large crowd of people was expected and so a location specific risk assessment was required.

A duty manager must never let a job or task continue if the level of risk is high and normal controls do not bring it down to an acceptable level.

An assessment must be carried out to identify what additional controls are necessary to reduce the risk to an acceptable level and these controls must then be implemented.

How to Carry Out a Risk Assessment

1. Consider Tasks

What tasks do you carry out in your location and where are they carried out?

2. Identify Hazards

What are the hazards present in your location, who might be harmed and how?

3. Evaluate

What is the probability the hazardous event will happen and what might the consequences be?

4. Control

What action do you need to take to deal with the risk?

5. Record

What should you record?

6. Review

How often do you need to revisit the risk assessment?

The vast majority of tasks that are carried out in locations are can already be listed in the generic risk assessments contained within the PYRAMID™ system. Where generic risk assessments are included within the PYRAMID™ system these will be clearly identified on the front page of each DDS International manual section.

Consider Tasks

What tasks or groups of tasks do you carry out in your location or workplace and where are they carried out?

For the vast majority of location tasks, we have already identified these and have created the generic risk assessments for your consideration. But the list of tasks is not comprehensive and you may be carrying out additional tasks in your location or workplace that require you to complete your own risk assessment.

The important point is that this stage in the risk assessment process shouldn’t be overlooked; otherwise the hazards associated with a work task won’t be assessed for risk.

There are four important questions:

  • Where are the tasks taking place? (location)
  • Who’s doing them? (persons involved)
  • What are they doing them with? (equipment)
  • What are they doing? (activities)

These questions provide a systematic way of carrying out this stage of the risk assessment. They also help to identify areas where duty managers’ responsibilities overlap.

Identify Hazards

The next stage of risk assessment is to try to spot all of the activities or things in the work area that could
possibly hurt team members, consumers including vulnerable people or any other person who could be affected
by the operation of our business. These are the hazards.

What is a hazard?

Is defined as anything which has the potential of causing harm in the form of injury or illness. For a hazard to cause harm a hazardous event must occur. A hazardous event takes place when someone or something interacts with the hazard, allowing it to cause harm.

Examples of things that are hazards are:

  • Anything that could cause a slip, trip or fall
  • Knives and scissors
  • Violence from Consumers
  • Cleaning chemicals

Examples of hazardous activities that could be harmful are:

  • Lifting and carrying
  • Using ladders
  • Receiving deliveries
  • Working outside in the delivery area

Examples of people who could cause harm are:

  • Vulnerable People
  • Contractors
  • Visitors/Guests
  • Injured

Vulnerable People

Vulnerable people can be classed as children, elderly, disabled, injured, mental health problems (i.e. they may have a leg in plaster), hearing or sight impairments or be pregnant. Even though they may be one of these you need to be aware and be considerate of their feelings. These people may be staff or customers and will need to be considered as part of the risk assessment if applicable.

If there are vulnerable people considered, then controls measures must be sufficient.


Contractors work on site on a regular basis for a number of reason including maintenance and repairs. Contractors can be in the working area and sometimes work alone so will always need to be considered in your risk assessment.


Visitors or guests may enter the back of house areas and may also be in the working areas.

Delivery Drivers

Delivery drivers often enter the premises and may not be aware of what hazards, or what the work processes are in this area, so become a hazard themselves.

Hazard Identification Information

Hazard identification can sometimes be obvious and common sense to see however on some risk assessments you will need to source alternative advice and guidance. For example, if it is a piece of machinery then the manufacturers’ safety guidance book should be read to identify any underlying hazards you may not be aware of. These should be kept on site for reference however if they are not available you may be able to retrieve the safety book online by entering the make and model number of the machine or contacting the supplier direct.

Other sources of information can be gained from a competent person who has had experience with the machine over several years or from the contractor who maintains the machine, from your health and safety manual within the relevant section, or by contacting DDS (International) Limited for advice and assistance.


Once we have spotted all of the hazards that already exist, or that could appear as the job is being carried out, we need to decide who is potentially at risk and how much of a risk they are exposed to i.e. what is the probability the hazardous event will happen and what might the consequences be?


Risk is defined as how likely it is that a hazard will actually cause injury or illness and the potential exposure to the business.

To get to a level of risk we look at how severe the injuries or illness could be we need to consider:


How serious any injury is likely to be, how many employees this could affect, how could it affect the business?


How likely is it for the thing that could result in injury, illness, or losses happening at all?

This gives us: Level of Risk = Impact x Probability

When carrying out risk assessments it is not possible to predict with 100% accuracy what might happen in the future but we should be able to show that the judgement we make when assessing the risk considered anything that would be generally known about the hazard and the experience of how and where hazards had occurred in the past.

Judging risk cannot be done exactly and so we group into high/medium/low risk categories. We can also use guideline groupings for probability and impact to try to give consistent results between different team members carrying out assessments.

Rating risks into high/medium/low categories can help in deciding how quickly action should be taken and how much effort/expense should be put into the controls.

We record the level of risk onto the risk assessment based on the theory that there are no controls to start with

Level of Risk

To estimate the risk, we need to consider two things. How likely something is to go wrong (probability) and how serious the outcome could be (impact). We can use the following risk ratings to help us consider the potential impact and probability and so help us decide the level of risk.

Risk Assessment Risk Ratings

Having estimated the risk, the next step is to decide what to do about it.

You can prioritise your actions depending on the comparative risk ratings of the activities that you’re assessing.

Low Risk


Take no further action but ensure controls are maintained

Medium Risk


Look for ways to improve the situation and reduce risk

High Risk

Not Acceptable

Take immediate action to reduce these risks


Controlling Risk

Risk control involves introducing changes in the way people work in order to minimise risk

To consider how implementing risk controls will affect the likelihood and/or consequence of the risk, we need to refer back to the risk evaluation and focus on the high risk priorities first.

High Risk

Example Issue

On the fixture part of the metal shelving has been damaged on the corner. There is a very sharp metal edge which could cause a very nasty leg injury to an adult or a facial injury to a child.

Example Action Required

Remove the damaged item of shelving immediately, report the problem to management.

If it is not possible to remove it, cover it with card and tape so that it cannot injure anyone, report the problem to Management. Then check it regularly to make sure it remains well covered.

Medium Risk

Example Issue

Part of the nosing on the stairs is starting to come away from the step. This poses a possible trip hazard as someone could catch their foot, trip and fall down the stairs.

Example Action Required

Tape the nosing down with hazard tape and report the problem to management. Then check it regularly to make sure it remains well covered.

Low Risk

Example Issue

We have a missing safety sign

Example Action Required

Order a new sign

When considering control measures to reduce or eliminate risk you must always consider control measures that:

  1. Reduce the probability that something may go wrong, or
  2. Reduces the impact i.e. the seriousness of the outcome, or
  3. Reduces both the probability and the impact.

To help decide on a risk control, the hierarchy of risk controls should always be used, this is:

1. Eliminate the hazard

  • The most effective method of risk control is to completely eliminate the hazard.
  • Hazard elimination aims to do something about the hazard itself rather than its possible impact.

2. Reduce the hazard

  • The next preferred option is to reduce the hazard.
  • Hazards can also be reduced by substituting it with a less hazardous solution.
  • Hazard reduction aims to do something about the hazard itself rather than its possible impact.

3. Prevent contact

  • Preventing people coming into contact with the hazard is the next option.
  • These control measures rely on preventing people from coming into contact with the hazard by:
    • putting distance between the people and the hazard
    • enclosing the hazard.

4. Safe system of work

  • Safe systems of work include PYRAMID™ policies, procedures and permits to work.
  • These all detail how activities should be carried out to minimise risk.
  • If everyone understands how important it is to work in a particular way, it’s more likely that they’ll follow procedures, permits and safety effectively and consistently.
  • When followed, safe systems of work can effectively minimise risk.

5. Personal protective equipment

  • Using personal protective clothing and equipment – such as protective footwear, gloves and even goggles – can prevent harm if the users come into contact with the hazard.
  • Personal protective equipment should not, however, be considered as a first-choice control measure.
  • Its success always relies on people to use it!

Even if the risk is already low, if extra controls can be put in place without any large effort or cost then they should normally be introduced.

For example, work areas should be kept clear and tidy as the cost and effort of doing so is very small even though the risk of injury in an untidy office area might only be classed as low.

We record the control measures onto the risk assessment to ideally eliminate the risk or reduce the risk.


Generic Risk Assessments

The vast majority of tasks that are carried out are already listed in the generic risk assessments contained within the PYRAMID™ system.

Where generic risk assessments are included in the manual these will be clearly identified on the front page of each manual section and will be included as a separate document at the end of that section.

All generic risk assessments are required to be reviewed at least annually. These reviews must be recorded on the review sheet included with the risk assessment.

In some cases, guidance has been provided on key area that should be included as part of the review.

Location/Activity Specific Risk Assessments

A location or activity specific risk assessment will need to be completed for events or task based activities which are not covered by the generic risk assessments.


Initial location review

The sections of this health and safety manual focus on the hazards likely to be found in the business, e.g. manual handling, slips and trips, etc., and contain generic risk assessments and standard safe working procedures.

These generic assessments must be reviewed on a regular basis to be sure that all hazards have been identified and effective controls put in place.

Generic assessments must be amended to show location-specific controls where these are required. The review might also show a need to complete training that has not already been given.

On-going Reviews

Duty managers should be continually monitoring whether or not team members are following controls and whether or not those controls are adequate to manage risk and allow everyone to work safely. Checking that procedures are being followed in this way is a form of on-going risk assessment.

Duty managers are responsible for ensuring that all generic risk assessments are formally reviewed on an annual basis. Rather than try to review all the generic risk assessment in one go, once a year we will be doing a few each month in order to make the process more manageable and current.

A schedule for reviewing the risk assessments and the procedure to be followed is set out as part of the weekly safety report.

Whenever there is a Change

Significant changes in working practices, the introduction of new equipment or machinery, or changes made to the way premises are used may require a new risk assessment to be carried out.

This will identify whether or not new hazards will be introduced or the risk from existing ones increased. If this is the case, and new or additional controls are required to minimise risk, then these controls must be in place before changes take place.

Whenever there is a change in legislation

DDS (International) Limited will update any relevant sections of the health & safety management system manual if there has been any change, amendments or introduction of legislation.

Whenever there is an accident, incident or near miss

A review of risk assessments is also required if an accident occurs, whether or not anyone was actually hurt.

If the controls identified for the task were followed but the accident still occurred this indicates that additional controls might be required.

If identified controls were not being followed this might indicate a need for retraining and/or disciplinary action.

If there is a repeat problem with team members not following instructions for a particular task, consideration will also be given to changes that would remove the hazard altogether if this is possible.

Alternatively, changing controls to ones that all team members are more likely to follow in practice. Accident reports will also indicate any action required to prevent a repeat incident.

Method Statements

What is a method Statement?

A method statement (sometimes called a safe system of work) is a document detailing how a particular task or activity will be carried out. It should detail (step by step), the possible dangers/risks associated with your particular part of the project and the methods of control to be established, to show how the work will be managed safely.

Method statements are not to be confused with risk assessments and they do not replace the risk assessment. A risk assessment must always be completed first and sit alongside the method statement for the job/task. These are therefore commonly known as risk assessment and method statement (RAMS).

How to Complete a Method Statement

The first task is to carry out a risk assessment. The next step is to complete your method statement. Below is a step by step guide:

This is an example only.

Disclaimer please read.
The details provided in this example method statement are intended as a guide only, the hazards and control procedures listed are not a comprehensive list. You must ensure that you carry out a risk assessment to determine and control the significant hazards that will be present in your particular circumstance. All information and advice is given in good faith. We cannot accept any responsibility for your subsequent acts or omissions. If you have any doubts queries or concerns, you should refer to the relevant regulations.

Use the following example to note the significant hazards your staff and others will be exposed to, also note the most important preventative/control measures that must be taken, HAZARDS and CONTROL MEASURES will be taken from your RISK ASSESSMENT. You can also note quality and environmental issues.

Staff Information Sheet (Example)

The following method statement has been developed to provide a safe system of work and must be adhered to at all times, any significant deviation from this system must first be authorised by your duty manager or safety representative. Please read the entire sheet before beginning the procedure, if you have any questions please contact your duty manager or safety representative.

The main hazards to your safety and health are; (Example)

a) Falling from height
b) Injury from incorrect manual handling.
c) Injury from slips trips and falls.
d) Contact dermatitis from exposure to wet concrete and dust.
e) Disease from standing/stagnant water.
f) Injury from the incorrect actions of other contractors on site.
g) Injury to members of the public during operations.
h) Injury from machine hazards

Preventative measures you must take; (Example)

a) You must be “competent” to carry out the task.
b) You must NOT carry out this task alone
c) Barriers erected at entrances and around the work area if deemed necessary by the foreman or safety officer to protect tenants.
d) You must not lift beyond your capabilities, get help if necessary.
e) Visitors and other members of staff are prohibited from entry unless accompanied by competent
person, all visitors issued with personal protective equipment.
f) You must read and be familiar with the safety data sheets for concrete which contains first aid, firefighting, and accidental release measures.

Personal Protective Equipment you must wear; (Example)

a) Safety glasses
b) Dust mask
c) Overalls
d) Gloves
e) Safety boots

Environmental Protection Measures you must take; (Example)

a) You must dispose of waste and spoil to the designated area or skip provided for waste.

Quality Control; (Example)

a) Adhere strictly to the following procedure to ensure quality of service
b) If in doubt contact your duty manager for clarification before proceeding.

Describe the task or process you are writing about;

Task Description (Example)

This method statement describes the work process for the removal of existing guttering, facia, soffit board and barge board, the inspection and making good of any damaged areas found during dismantling, and the replacement of same in new materials.

Then list all the different aspects of the task and under each heading explain how you will control the significant hazards, if you think about this part carefully you may be able to produce a generic document that will cover you for the majority of tasks you do, just changing the step by step procedure for each different task.

Staff & Training (Example)

The projects will be carried out by staff from ……………. All members of staff are experienced and hold the following qualifications; LIST QUALIFICATIONS. A site manager will be appointed to each contract who will be responsible for quality and safety. Apprentices and young workers will be supervised and are not allowed to carry out tasks for which they have not been trained.

PPE (Example)

All site workers will wear safety boots, hi-visibility vests, hard hats and protective clothing at all times. Other items of PPE such as eye protection, and gloves are available to be worn as and when necessary.

Preparation & Induction (Example)

A risk assessment will be carried out for all tasks which will be discussed with members of staff and subcontractors. Any queries or concerns will be raised with the contract manager who will ensure it is dealt with. Staff and sub-contractors will be inducted onto site by the principal contractor and will follow all site rules and safety procedures.

Welfare (Example)

The principal contractor is responsible for providing adequate washing, toilet, drying and refreshment facilities for staff and sub-contractors. Staff and contractors are responsible for ensuring that such welfare facilities are maintained in a clean and wholesome manner. This will be your responsibility when you are the principal contractor. It may be necessary occasionally for your company to identify suitable local amenities.

First Aid (Example)

It is the responsibility of all sub-contractors to ensure adequate first aid provision for its staff. Adequate means provision of a trained first aider, suitable first aid equipment and/or the provision of an appointed person at the minimum.

A trained first aider will be a suitable person who has attended an HSE approved course of at least four days’ duration and he/she will re-train at least every three years on a course of not less than two days.

An appointed person is a person provided by the employer to take charge of the situation (e.g. to call an ambulance) if a serious injury/illness occurs in the absence of a first aider. The appointed person can render emergency first aid if trained to do so. Often principal contractors will ensure sufficient first aid cover for sites under their control.

Other headings for the aspects of the task and your company may include;
  • Background and preparation
  • Inductions
  • PPE required
  • Permits to work
  • Machinery shutdown and lock off procedures
  • Site access and egress
  • Material handling
  • Manual handling
  • Scaffold and access to height
  • Welfare and first aid
  • Work at height
  • Working from ladders and steps
  • Safety of other contractors and members of the public

For all the above aspects, enter what control procedures you either have in place (or will put in place), to ensure the safety of workers, visitors and anyone else who is affected by your operations.

Describe in detail the step by step the tasks or process someone must follow in order to complete the task safely, the following is an example of a step by step process to remove and replace guttering and facia board.

Removal and replacement of Guttering, Soffit and Facia Boards (Example)

Step by step procedure

  1. Start of works. Site foreman will ensure site is safe to commence work, tenants have been warned and barriers erected to prevent unauthorised access.
  2. Staff and contractors will put on personal protective equipment.
  3. Ensure that scaffold and access is safe to work on.
  4. Unclip and remove guttering and fall pipe and take to waste area.
  5. Remove facia and soffit board and take to waste area.
  6. Strip back 3 rows of tiles to allow access to felt.
  7. Remove old felt and take to waste area.
  8. Inspect the eaves area for soundness and signs of damage.
  9. Equipment and materials will be passed up if safe to do so, a pulley wheel will be used for heavy items.
  10. Repair and make good any damage to eaves area.
  11. Replace felt to 1 metre above eaves level and fix in position.
  12. Fit new UPVC facia and soffit board.
  13. Fit new guttering and fall pipe. The task of fitting the guttering consists of drilling and screwing into the UPVC facia to allow the fitting of the support brackets; the guttering is then lifted into position by 2 persons and secured. Fitting the fall pipes consists of drilling into the brick to allow the pipe support brackets to be fitted, the fall pipes are then lifted into position by 2 persons and secured. All work is carried out from the scaffolding.
  14. Fit new eaves support trays.
  15. Replace tiling.
  16. Check for quality of finish and water tightness.

This post is part of the “Focus on Health and Safety Audit Questions” series. A series which focuses on questions asked by our health and safety consultants when conducting a health and safety audit.