Notify Technology | Jun 17, 2022 | Blog

How much risk is in your organisation?

Risk factor

There have been many recent prosecutions where employers have not been able to demonstrate that they have a robust (suitable and sufficient) risk assessment procedure in place – a couple of examples, can be found on the Crown Office & Procurator Fiscal Service website and the Safety & Health Practitioner website. In this blog, we will explore how easy it is to create and implement a risk assessment process within your organisation, so you don’t get caught out.

It is a legal requirement in the Health & Safety at Work etc. Act 1974 to ensure as far as “reasonably practicable” the health, safety and welfare of those at work.  The Management of Health and Safety at Work Regulations 1999 call for the use of risk assessments to manage this process, so it’s vital you have one and it does not need to be complicated.

For most, a risk assessment is a simple documented record of what safety controls you have implemented to ensure you are protecting your workforce from harm. This is an important process as it is designed to ensure you have considered all hazards and possible risks relating to the works being carried out, also it justifies that you have put suitable and sufficient safety control measures in place and in accordance with an employer’s statutory duty.

What is a risk assessment?

To carry out the risk assessment process correctly, it is important to note the difference between hazards and risks: A hazard is something that has the potential to harm you. A risk, on the other hand, is the likelihood of a hazard causing harm. The HSE guidance for carrying out a risk assessment is detailed within INDG 163 – A brief guide to controlling risks in the workplace, but here is our breakdown:

What does a risk assessment need to include?

When conducting your risk assessment, it is important you follow these recommended steps:

1. Identify the hazards: The first step to creating any risk assessment is analysing what hazards your employees, on-site visitors and overall, your business could face. These may include:

You must look around your workplace and see what processes or activities could potentially harm your business or people. Include all aspects of work, including remote workers and non-routine activities such as repair and maintenance. You should also consider looking at accident/incident reports to determine what hazards have impacted your business in the past.

2. Determine who might be harmed and how
As you look around your business, think about how your employees could be harmed by business activities or external factors. For every hazard that you’ve identified in step one, think about who will be harmed.  You will need to consider:

3. Evaluate the risks and take precautions
Now that you have gathered a list of potential hazards and who could be hurt, you need to consider what is the likelihood that the hazard will occur and how severe the consequences will be. This evaluation matrix will help you determine where you should reduce the level of risk, and which hazards you should prioritise first.

Some businesses create a risk assessment matrix (pictured below) when evaluating their risk, this will include the likelihood and severity of the risk. This could be a numbered (1-5) or categorised (high/medium/low) matrix:

Sometimes these risk assessment matrixes are determined by a qualitative or quantitative approach:

Qualitative risk assessments utilise knowledge and experience to determine risk probability – Example Low/Med/High.

Quantitative risk assessments rely on objective, measurable data to provide insights into your risk management process.

Whichever risk assessment matrix is used by your business, it’s important to understand the fundamental aim of the risk assessment process, which is to eliminate or reduce the risk to as low as reasonably practical (ALARP).  For example, the numbered matrix- ALARP = 5, and the worded matrix- ALARP = Low, as seen above.

4. Record your findings
If you have more than five employees, you are required by law to write down your risk assessment process. Your risk assessment should include the hazards you’ve found, the people they affect and how you plan to mitigate (eliminate/reduce) the risk.  There are many templates available that guide you through the risk assessment process, ensuring legal and best practice compliance. If the template follows these simple steps, they are compliant, but I need to bring to your attention that more and more businesses are starting to move across to an electronic risk management process.

5. Review assessment and update if necessary
Your workplace is always changing, so the risks to your business change as well. As new equipment, processes and people are introduced, each brings the risk of a new hazard. It is recommended that you continually review and update your risk assessment process.

How can Notify help?

Notify RA is a risk assessment management tool that I would recommend, as it follows the steps listed above to ensure that your business assessments are completed correctly and in line with the current guidelines.

There are many advantages of using an electronic platform for your risk assessments process:


As an employer, you are required by law to protect your employees and others from harm. Under the Management of Health and Safety at Work Regulations 1999, the minimum you must do is:
Identify what could cause injury or illness in your business (hazards)
Decide how likely it is that someone could be harmed and how seriously (the risk)
Take action to eliminate the hazard, or if this isn’t possible, control the risk (control measures)

The risk assessment process is the most important safety control measure undertaken by the business, to ensure that it is operating legally and morally, and to protect its workers and those who might be affected by its activities.

Further reading