Wish you could get advice from a workplace investigations expert? Register for Meric Bloch’s webinar series where he’ll address common questions and concerns from investigators like you.


10 Simple Steps to Conduct a Risk Assessment

10 Simple Steps to Conduct a Risk Assessment

Workplace safety risk assessments are conducted in a unique way at each company. However, there are some general, basic steps that should be part of every company’s workplace risk assessment.

Workplace safety risk assessments may be conducted differently at different companies. However, there are some basic steps that should be part of every company's workplace risk assessment.

These steps can be tailored easily to company and industry needs in order to make sure companies comply with laws and regulations that govern different industries. Many of the risks employees face in the workplace are easy to spot and don't require a complex solution.

Not sure how to conduct a risk assessment?

Use our free risk matrix template to get started.

Get My Template

10 Basic Steps for a Risk Assessment

The Health and Safety Executive (HSE) website outlines and explains five tips for conducting a risk assessment:

1. Identify the Hazards:

Take a walk through your workplace to identify hazards. Some hazards may be easy to identify and others may require some assistance from other professionals outside of your business (ie. health and safety experts, machinists, etc.).

You will want to observe employees completing their daily tasks in order to identify additional risks and to see if there could be an easier way for them to complete tasks.

It’s important to talk to your employees while conducting your assessment because they are the ones who will have the best feedback regarding issues that may not be as obvious to you.

Consulting lists developed by safety groups can also help you to look for specific hazards in the workplace. OSHA has provided a great graphic outlining six categories of hazards and their risks. Review past incident reports and complaints in order to ensure that the corrective action actually managed to reduce as much risk as possible.

Past reports are a great place to look to for less obvious hazards. The website also recommends considering the long term effects of the work environment on employees. Loud noises and other factors may not seem harmful to your employees, but what happens is they are exposed to these every day for many years?

But first, risks and hazards are not the same thing. Specifically,

  • A risk is the likelihood that damage, loss or injury will be caused by a hazard and how severe it may be.
  • A hazard is anything with the potential to cause harm (electricity, hazardous substances and noise).

2. Decide Who Could be Harmed and In What Way:

Establish groups that are affected by the risks and hazards you identified in your search. To see the bigger picture, understand that there are groups outside of your workplace that might be harmed if corrective action is not taken.

Record the ways that they could be harmed if the hazard or risk is not corrected and review the list with your employees to see if there is anything else they have to add.

The HSE provides some examples of groups that could be harmed:

  • Members of the public - consumers, people in nearby neighborhoods, etc.
  • People who are not in the workplace every day - contractors, cleaners, visitors, etc.
  • Various types of employees - new employees, expectant mothers, those with disabilities all face different types of risks in the workplace.

RELATED: How to Use a Risk Assessment Matrix [with Template]

3. Establish Control Measures:

Identify how you manage the risks at present and what further steps might be required to reduce the risks further as noted by law.

Tools such as benchmarking and looking for advice from best practice leaders in similar industries are a great source for gathering solutions. Take note of the differences between you and the best practice leader to see what changes need to be made.

The HSE suggests asking yourself these two questions and recording the steps you will need to take to answer them:

  • Can I get rid of the hazard altogether?
  • If not, how can I control the risks so that harm is unlikely?

4. Record the Findings of Your Assessment and Inform Those at Risk of the Controls:

Report your findings and proposed solutions to all employees.

It might also be a good time to provide some additional training regarding any changes to procedures, updates to your health and safety policy and to provide a “refresher” session to employees to remind them that they have their responsibilities in ensuring a safe workplace.

The HSE suggests including a timeline in your course of action, as some hazards can be easily fixed immediately, whereas some require more time to correct.

A timeline is also useful to help establish temporary solutions for dealing with the hazards that will take longer to correct in full. Identify, assign and put a date on the responsibilities of those involved carrying out any of the changes.

Managing health and safety incidents in the workplace can be complex and time-consuming. Learn how to do it effectively with our free eBook.

5. Review the Risk Assessment on a Regular Basis

Changes are always occurring in the workplace in order to remain current with policies and procedures. As these changes take place, it is important assess these areas when implemented into your workplace to reduce risk.

Remain up to date on incidents that take place at work. Handle incidents immediately and record the actions taken to reduce the risk from occurring again - this allows you to remember to check up on this area during your formal risk assessment. Make your risk assessment an annual event.

If you conduct your assessment around the same time each year, it’s easier to place the assessment as a priority and demonstrates your commitment to workplace safety.

RELATED: Using Case Management Software to Manage Inherent Risk

6. Evaluate ALL Areas of Misconduct

To conduct a proper ethics and compliance risk assessment, address all potential areas of risk- not just the most common or obvious ones. To ensure that all of the bases have been covered, evaluate risks that are specific to both the company and the industry that it operates in. As a starting point, go through previous files or cases relating to complaints or problems that occurred within the company and then focus on risks that are a bit harder to identify.  It's important to examine the factors causing these risks to occur, as well as the ability company's have to plan for and reduce the impact of risks. This analysis will helps with policy creation, aiding in the development of effective policies fostering an ethical corporate culture.

7. The More The Merrier

During the ethics risk assessment, gather opinions from as many employees as possible. Also, make sure they come from different levels within the company. There are different risks present at different levels and faced by different employees. Including a number of employees allows for a more complete picture of the company's "risk landscape," as these employees can identify and communicate risks they encounter on a day-to-day basis. Depending on company size and the number of people included in this step, use methods such as distributing surveys, holding focus groups or other forms of meetings or individual interviews, to gather information.

8.  Benchmarking and Comparison

A useful resource for identifying risks and evaluating ethics and compliance program is to benchmark against competitors or industry leaders. This helps to ensure policies keep companies "in check" with industry laws and standards. When observing the ethics program of an industry leader, look at their code of ethics, corporate culture and corporate social responsibility statements that can be easily accessed on corporate websites. Pay attention to the areas of risk they focus on and see if the policies they have put in place actually work as intended.

For example, Johnson and Johnson is an industry leader in the consumer health care field. If a company is one of their competitors or are looking for a superior quality ethics and compliance program, look at their corporate governance guidelines, annual reports and code of ethics to get an idea of issues that are important to them and how they handle them. Benchmarking is similar to leading by example. Industry leaders and companies known for their commitment to ethics and compliance want to lead the way for other companies to follow and incorporate best practices into their workplace.

9. Training and Awareness

BAE Systems credits increased employee awareness of compliance and reporting systems as a contributing factor in the increased use of internal reporting systems to help detect and uncover workplace misconduct. Employees must be aware of all policies and procedures that govern employee actions in order to create an ethical corporate culture.

When evaluating and developing training programs, consider the interests of the audience and make training interactive. Taking those two factors into consideration will lead to increased employee engagement and retention of information communicated- take a page out of the books at Cisco Systems, their "Ethics Idol" training program really got employees talking!

10. Set a Re-Evaluation Date

Select a time or times each year where to re-evaluate corporate risk assessments. This allows companies to keep policies and procedures up to date and remain inline with updated laws and regulations. As the workplace evolves, adapt policies to these changes to help mitigate risk.

To provide an idea of the frequency required for re-evaluation, the authors of the article "Maintaining a Robust Ethics and Compliance Program in Today’s Business Climate: A Necessity to Minimize Your Organization’s Risks" recommend that:

The frequency with which an organization chooses to conduct ethics and compliance risk assessments depends on the nature of the organization’s industry, but if the methodology and process is adequately defined, it can reasonably be conducted on an annual basis where year-over-year results can be appropriately compared. Since operating environments, regulations and government enforcement priorities routinely change, it is inadvisable to conduct compliance risk assessments on a less frequent basis than every two years."


Why conduct a risk assessment?

Conducting a risk assessment is essential to identify hazards, assess potential harm to individuals, and implement measures to mitigate risks, ensuring a safe and compliant workplace environment.

What is the correct process when conducting a risk assessment?

The correct process when conducting a risk assessment involves identifying hazards, determining who could be harmed and how, establishing control measures, recording findings and informing those at risk, reviewing the assessment regularly, evaluating all areas of misconduct, involving multiple employees, benchmarking against industry standards, providing training and awareness, and setting a re-evaluation date to ensure ongoing compliance and risk mitigation.

What are 5 examples of conducting risk assessments?

Five examples of conducting risk assessments include identifying hazards through workplace walkthroughs, consulting with employees to gather feedback on potential risks, establishing control measures to mitigate identified risks, recording findings and informing all relevant parties, and regularly reviewing and updating the risk assessment to ensure ongoing effectiveness and compliance.