Author Bio ▼

Safety and Health Practitioner (SHP) is first for independent health and safety news.
April 24, 2014

Get the SHP newsletter

Daily health and safety news, job alerts and resources

Five common risk assessment mistakes (and how to avoid them)

Phil Chambers CMIOSH, Strategic Safety Systems

As risk assessment has been the central concept of our approach to health and safety for several decades, it makes sense to make sure that they are done right. Considering that risk assessment has been around for so long, it is alarming how even large operations and specialist consultancies can make mistakes about the constructive approach to it. Here are some of the more common mistakes that I have come across regularly, with some steps to take to avoid them.

Mistake 1: Done only for legal reasons

Of course, for all but the smallest of operations, there is a legal requirement. But the prime reason for carrying out risk assessments is that they are a key tool in how you manage safety; without assessments, you cannot adequately manage the risks.

Mistake 2: Done from the desktop

I’ve seen advertisements for software that say risk assessments can be done from the desktop.  No, you have to view the operations and discuss what actually happens (not just what should happen) with the people involved.  Be warned: some things that turn up will alarm you.

Mistake 3: Covering only control measures in place

Of course, you need to know these, but far more important is what controls should be in place, but aren’t.

What you should get out of your risk assessments should include:

·       What actions do we need to take to get in control?

·       What actions do we need to take to stay in control?

The first one is obvious, but people often miss the second.  For example, if a hazard is avoided by having guards interlocked to the control system so that the equipment is prevented for running when a guard is open, then you need to periodically check that these interlocks still work.  This is even more important when you have trips or alarms which only come into effect when a fault occurs, for example when there is excessive temperature or an item (like a finger) is drawn into an in-running nip.

Mistake 4: No management plan

What tends to happen is that you just have individual risk assessments, with no view of the big picture.  What you really need as an output of your risk assessments is a list of actions, in descending order of risk so that you can tackle the big issues first.  The software I use has this as an integral output, but you can always cut and paste actions manually.  So, your management plan should be to address the highest scores first and work on moving the risks towards the green and white end of the spectrum shown below.

Mistake 5: No ranking

Because you need an overview of all your risks, you need to rank them so that the serious risks are at the top of your list.  I use a non-linear scoring system because it emphasises the more serious outcomes and I’m also a fan of colour-coding. Both of these are shown in the chart below:


Things to remember when carrying out a risk assessment:

There is no set way to carry out a risk assessment.  Whichever method you use, include the following:

  • Identify the operations and who might be at risk, how often and for how long.
  • Include all who might be “within range” of the hazard
  • For each aspect of the operation (eg physical contact, noise, chemicals, etc.,) identify the control measures in place and the risk score that remains with the controls in place.
  • Identify any steps required to verify that the control measures continue to work.
  • Where the risk is high, identify actions that can be taken to reduce the risk.
  • Where a risk cannot be eliminated, identify how the risk can be reduced to a reasonably practical level. For example, with forklift trucks, you cannot eliminate the risk but you can reduce it by vehicle-pedestrian segregation, using only trained and competent drivers, etc.
  • Transpose actions into a prioritised list and update the risk scores as you implement the actions.
  • Periodically (every year or so) review assessments to verify that nothing has changed.

If you follow these steps and avoid those common mistakes, it will lead to an improvement in the assurance of safety at your site.



Download: October 2020 Legislation Update

COVID-19 continues to bring unprecedented challenges for people, businesses and societies. To help you navigate the confusing and fast-changing regulations, guidance and legislation – covering not just the coronavirus pandemic, but fire and building safety and the environment – get your free copy of the October 2020 Legislation Update.

    • Latest COVID-19 measures and legislation;
    • Fire safety and post-Grenfell safety regime;
    • Brexit;
    • Environment legislation updates;
    • Latest health and safety fines and prosecutions;
    • And much more...
April 2020 Legislation eBook

Related Topics

Notify of
Newest Most Voted
Inline Feedbacks
View all comments
freddie gower
freddie gower
6 years ago

I have trawled through a mulitude of risk assessment formats and the more complicated the less effective. I like the colour coding and rating system, however this system was disliked by the HSE (strange). The risk assessment will always have a residual of risk remaining and I agree the assessment must be carried out “on the job” otherwise potentially serious hazards will be missed.

john divall
john divall
6 years ago

The colour coding is to my mind an invaluable tool to simplify a risk assesment strategy. A risk assesment should be simplistic for the benefit of all users. Again all governing bodies should recognise the same structure for all risk assesments so as not to complicate this vital tool in business and Industry

Mark Farrell
Mark Farrell
6 years ago

Personally, never been a fan of Risk Assessments, Phil is right that many companies use them to validate existing controls, rather than evaluating the whole picture.

I know of a large company that continues to have accidents and very rarely identifies faults with the risk assessment or risk reduction strategy.

I also think a robust tool that continually evaluates incidents, ill health and other information such as hazards , behaviours and management attitude serves a better purpose.

Martin Welburn
Martin Welburn
6 years ago

I agree with the comments. Regarding the scoring system and anything that produces an answer of zero being redundant – you would normally assess processes with significant risks but you need to identify what are or are not significant risks. Using a scoring/rating system allows you to identify what is or is not significant. In a previous role I used to conduct surveys of processes in order to identify significant risks and rate the risks. After this I would conduct the risk assessments. Using one system that allows you to rate the whole process saves time. I now use a… Read more »

Steve Skarratt
Steve Skarratt
6 years ago

I would agree with the comments but regarding the scoring system – isn’t anything that produces an answer of zero redundant?

How can it be a significant finding?

Just shaking the tree…

6 years ago

You mention a software package! I woudl like to understand more of the package as a tool that can be used on a daily basis by our teams? The package also has to be educational not just input and output based?

Richard Stokes
Richard Stokes
6 years ago

You left out one other very common mistake – communication. I audit lots of companies every year and even where good risk assessments have been produced the control measures identified remain on the risk assessments and these are then used to communicate to the affected individuals. 99% of the affected individuals do not need to see the list of hazards and risk ranking – all they need to see is the control measures that they should be implementing. If the control measures have already been implemented i.e. guarding to machinery then this does not need to be communicated. They only… Read more »

Christine Ilesley
Christine Ilesley
6 years ago

I’m in favour of colour coding but I really hate risk ranking matrices – people argue endlessly about the rating without actually putting in place controls and there is an awful lot of pseudo science assumed. Basically it’s opinion – hopefully based on experience, knowledge and competence but often its guess work. Also there is the temptation to seriously under or over estimate potential harmful consequences. If I see another risk assessment for an office that states the severity of harm for picking up a file from the floor is death I’ll spit and as for slips trips and falls… Read more »

Mark Simmonite
Mark Simmonite
5 years ago

Very well said Christine. I wish that so called Health and Safety Consultants would recognise the difference between significant and trivial risk.