Risk Assessment Examples: What a Good One Looks Like

If you've been told you need a risk assessment but aren't sure what one actually looks like in practice, you're not alone. It's one of the most common questions we get asked. Most guidance out there explains the theory, the five steps, the legal duties, the hierarchy of controls, but very few show you what a finished risk assessment actually contains and how to tell a good one from a bad one.

This guide walks you through what a solid risk assessment looks like with practical examples, highlights the mistakes we see most often and answers common questions.

If you're new to risk assessments altogether, our complete guide to risk assessments in the UK covers the legal requirements and five-step process in detail.

What Should a Risk Assessment Actually Include?

A good risk assessment doesn't need to be 50 pages long or full of technical jargon. It needs to be suitable and sufficient, a legal term from the Management of Health and Safety at Work Regulations 1999 that essentially means it should be proportionate to the risks involved and thorough enough to identify the significant hazards.

At a minimum, a risk assessment should cover:

• The hazard — what could cause harm (e.g. wet floors, hazardous substances, working at height).

• Who might be harmed and how — employees, visitors, contractors, members of the public.

• The current risk level — typically scored using a risk matrix combining likelihood and severity.

• Existing control measures — what's already in place to manage the risk.

• Further actions needed — any additional controls required to reduce risk further,

• The residual risk — the remaining risk level after all controls are applied,

  
  

That's it. The HSE's own guidance makes it clear that risk assessments should be straightforward and proportionate. You don't need a degree in health and safety to write one but you do need to be competent, meaning you understand the work being assessed and know how to identify and control the risks.

Risk Assessment Example: Construction Site

Construction is one of the highest-risk industries in the UK, and the risk assessments need to reflect that. On a typical construction site, the hazards assessed would include working at height, excavations, moving plant and vehicles, manual handling, noise, vibration, dust and hazardous substances (cement, silica, solvents), electricity, falling objects and fire.

For each hazard, the assessment identifies who could be harmed (e.g. operatives, subcontractors, site visitors, delivery drivers and members of the public near the site boundary) and describes how. For example, under working at height, the assessment might note that roofers and scaffolders could suffer fatal or life-changing injuries from falls due to unprotected edges, fragile surfaces or poorly erected scaffolding.

A 5×5 risk matrix would score working at height as high risk before controls (say, Likelihood 4 × Severity 5 = 20). With controls in place, scaffold erected and inspected to current standards, edge protection fitted, harness systems used where scaffolding isn't practicable, toolbox talks delivered and a permit-to-work system for fragile roof access, the residual risk would drop significantly (say, 2 × 5 = 10, medium risk).

The assessment would also flag further actions where needed, such as confirming scaffold inspection records are up to date, verifying operative CSCS competence cards or scheduling a review before the next phase of work begins. On construction sites, risk assessments typically sit alongside method statements as part of your RAMS, something most principal contractors will ask for before you start work.

Risk Assessment Example: Office Environment

At the other end of the spectrum, an office might seem low-risk, but it still needs a risk assessment. The hazards are different, but they're real: display screen equipment (DSE), slips and trips, fire, electrical safety, manual handling (even shifting boxes of paper or rearranging furniture), stress and wellbeing and lone working.

Take DSE as an example. The assessment would note that office workers using computers for prolonged periods could develop musculoskeletal problems (back pain, neck strain, repetitive strain injuries) or eye strain. Before controls, this might score Likelihood 4 × Severity 2 = 8 (medium risk).

Existing controls might include adjustable chairs and desks, monitor risers, DSE self-assessment forms completed by all staff and regular breaks encouraged. Recommended further controls could include providing DSE training for new starters, offering workstation assessments for anyone reporting discomfort and reviewing the setup for home workers, who are often overlooked but have the same legal protections.

With those controls applied, the residual risk drops to something like 2 × 2 = 4 (low risk).

The key point is that even in a low-risk office, the process is the same: identify the hazard, score it, record what you're doing about it and show the risk has been reduced to an acceptable level.

Understanding the Risk Matrix

The risk matrix is one of the most searched-for elements of a risk assessment and for good reason, it's where the actual risk rating comes from.

A standard 5×5 matrix works by scoring two things: likelihood (how probable it is that something will go wrong, from 1 — very unlikely to 5 — very likely) and severity (how serious the outcome could be, from 1 — negligible to 5 — severe/fatal). Multiply the two scores together and you get a risk rating between 1 and 25.

The point of the matrix is to prioritise action. You deal with the high-scoring risks first and work your way down. It also helps you demonstrate that you've applied controls proportionately, which is exactly what an HSE inspector would want to see.

It's worth noting that the matrix should be applied twice: once for the inherent risk (before controls) and once for the residual risk (after controls). This shows the value of the control measures you've put in place.

You'll sometimes see the cell where likelihood is 1 and severity is 5 shaded differently, often grey. This represents a 'black swan' event: something extremely unlikely but catastrophic if it does happen. It scores low on the matrix, but it shouldn't be dismissed.

Common Risk Assessment Mistakes

Having reviewed hundreds of risk assessments across different industries, these are the mistakes that come up time and again:

Generic, off-the-shelf assessments. Downloading a template from the internet and sticking your company name on it doesn't meet the legal standard.

No review date or process. A risk assessment is a living document. If it sits in a folder gathering dust, it's not doing its job. There's no fixed legal frequency for reviews, but at least once a year is widely accepted as good practice and you should review sooner following any significant change, incident or near miss.

Confusing hazards with risks. A wet floor is a hazard. The risk is someone slipping and breaking a bone. Getting this distinction right matters because it affects how you score and control each item.

Ignoring non-routine activities. The day-to-day stuff gets assessed, but what about the annual deep clean, the Christmas party setup or the contractor who comes in to service the boiler? Non-routine work is where a lot of incidents happen precisely because it hasn't been thought through.

Not involving the people doing the work. The best risk assessments are informed by the people who actually carry out the tasks. They know where the real hazards are, the dodgy step everyone avoids, the shortcut people take when they're busy.

Frequently Asked Questions

How often should a risk assessment be reviewed? There's no single legal requirement for a specific timeframe, but most guidance recommends at least annually. You should also review whenever there's a change to equipment, processes, substances, staffing or premises, after an accident or near miss or when new legislation comes into force.

Who is responsible for carrying out a risk assessment? The employer holds the legal duty, but the actual assessment can be completed by a competent person, either someone in-house with the right training and experience or an external health and safety consultant. What matters is that the person doing it understands both the work activities and the risk assessment process. We covered this in more detail in our risk assessment guide.

Do I need a risk assessment if I'm a small business? Yes. All employers must carry out risk assessments regardless of size. If you employ five or more people, you must also record the significant findings in writing. Even if you have fewer than five employees, it's still strongly recommended to document your assessments,, it demonstrates due diligence and gives you an audit trail if anything goes wrong.

What's the difference between a risk assessment and a method statement? A risk assessment identifies hazards and evaluates the level of risk. A method statement (or safe system of work) sets out how the work will actually be done safely, step by step. Together, they form what's commonly called RAMS — Risk Assessment and Method Statement. Both are particularly common in construction and higher-risk industries.

Free Risk Assessment Template

We've put together a free, blank risk assessment template. It includes a cover page with assessment details, a 5×5 risk matrix and a structured table for recording hazards, risk scores, controls and residual risk ratings.

It's a starting point , not a substitute for a competent assessment of your specific workplace. But it gives you a professional framework to work from and shows you what a properly structured risk assessment should look like.

How DuoDynamic Safety Solutions Can Help

If you'd rather have a professional handle your risk assessments or if you want someone to review what you've already got in place, that's what we do. We carry out risk assessments for businesses across the UK, from social clubs and offices to manufacturing sites and construction projects.

We also help with fire risk assessments, COSHH assessments, health and safety audits, RAMS and ongoing health and safety retainer packages for businesses that want regular, hands-on support.

Get in touch for a no-obligation chat, contact us here or call us on 07944 172858.