Risk Assessment Template Guide: Complete UK Compliance Framework

Risk assessments are the single most important document in UK health and safety law. They're not just paperwork—they're your legal proof that you've thought about how people could get hurt and what you're doing to prevent it.

But most risk assessments are useless. They sit in folders, never updated, full of generic copy-paste text that wouldn't help anyone stay safe.

This guide teaches you how to create risk assessments that actually work—organized in four layers, from the basics to advanced implementation.

The 4-Layer Framework

Layer 1

Foundations

Legal requirements, why assessments matter, basic definitions

Layer 2

Methodology

The HSE 5-step process, risk scoring, hazard identification

Layer 3

Templates

Practical templates, industry-specific examples, customization

Layer 4

Systems

Management systems, automation, continuous improvement

Each layer builds on the previous one.

Layer 1 gets you legal compliance. Layer 4 gets you a safety culture that prevents accidents before they happen.

Layer 1: The Foundations

Understanding why risk assessments exist and what the law actually requires.

What Is a Risk Assessment?

A risk assessment is a careful examination of what could cause harm to people in your workplace, so you can decide whether you've taken enough precautions or need to do more to prevent harm.

It's not about creating perfect safety (impossible). It's about reducing risks to a level that's "as low as reasonably practicable" (ALARP)—the exact wording used in UK law.

Key Legal Principle: ALARP

Risks must be reduced "as low as reasonably practicable." This means:

If there's a control measure that's reasonably practicable, you must implement it
Cost can be considered, but only if grossly disproportionate to the risk reduction
Serious risks require more expensive controls than minor risks
You can't argue cost alone when risks are high

The Legal Requirements

The main law is the Management of Health and Safety at Work Regulations 1999, Regulation 3. It requires every employer to:

Make a suitable and sufficient assessment of risks to employees and others
Identify measures needed to comply with health and safety law
Record significant findings if employing 5+ people
Review assessments when there's reason to suspect they're no longer valid

What "Suitable and Sufficient" Means

HSE says a suitable and sufficient risk assessment should:

Identify the significant risks arising from or in connection with work
Enable you to identify and prioritize measures to comply with relevant laws
Be appropriate to the nature of the work and remain valid for a reasonable period

What Happens If You Don't Do It?

Penalties for failing to conduct risk assessments:

Improvement notice: Requiring you to complete assessments within a deadline
Prohibition notice: Stopping work immediately until hazards are controlled
Prosecution: Unlimited fines in Crown Court, up to £20,000 in Magistrates' Court
Imprisonment: Up to 2 years for serious breaches
Director disqualification: Under Corporate Manslaughter Act

Who Should Conduct Risk Assessments?

As an employer, you are responsible for ensuring risk assessments are done. You can delegate the task, but not the responsibility.

The person conducting the assessment should be:

Competent: Having sufficient training, experience, knowledge, and other qualities
Familiar with the work: Understanding the tasks, processes, and equipment involved
Impartial: Able to identify hazards objectively without production pressure

For complex or high-risk work, you may need an external consultant or occupational hygienist.

Common Misconceptions

❌ "We're too small to need risk assessments"

Wrong. Even one-person businesses must assess risks. You don't have to write them down if under 5 employees, but you still must do the assessment.

❌ "The template I downloaded is enough"

Generic templates are a starting point, not a finished product. Every workplace is different—your assessment must reflect YOUR actual hazards and controls.

❌ "Once written, it's done"

Risk assessments are living documents. They must be reviewed regularly and whenever there's significant change.

❌ "We can eliminate all risks"

Impossible. The goal is to reduce risks to as low as reasonably practicable, not zero. Some residual risk always remains.

Layer 2: The Methodology

The practical process of identifying hazards, assessing risks, and determining controls.

The HSE 5-Step Process

HSE recommends a 5-step approach to risk assessment. This is not legally mandated, but it's what inspectors expect to see:

Step 1: Identify the Hazards

Walk around your workplace and look for things that could reasonably cause harm. Consider:

Slips, trips, and falls
Moving machinery and vehicles
Electricity
Chemicals and hazardous substances
Manual handling
Work at height
Noise and vibration
Poor lighting or ventilation
Fire and explosions

Sources of information: Manufacturer instructions, accident records, near-miss reports, worker feedback, HSE guidance, industry standards.

Step 2: Decide Who Might Be Harmed and How

For each hazard, identify:

Who: Employees, contractors, visitors, members of the public, cleaners, maintenance staff
How: Specific injury types (cuts, burns, broken bones, lung disease, hearing loss)
Special groups: Young workers, new/expectant mothers, disabled workers, lone workers, shift workers

Step 3: Evaluate the Risks and Decide on Precautions

This is where you score the risk and determine what to do about it.

Risk Scoring: The 5x5 Matrix

Most UK businesses use a 5x5 risk matrix. You score two factors:

Likelihood (1-5):

1 - Rare: May occur only in exceptional circumstances
2 - Unlikely: Could occur sometime
3 - Possible: Might occur at some time
4 - Likely: Will probably occur in most circumstances
5 - Almost Certain: Expected to occur in most circumstances

Severity (1-5):

1 - Negligible: Very minor injury (scratch, bruise)
2 - Minor: First aid treatment required (small cut, minor sprain)
3 - Moderate: Medical treatment required (broken finger, minor burn)
4 - Major: Major injury (broken limb, serious burn, occupational disease)
5 - Catastrophic: Death or permanent disability

Risk Score = Likelihood × Severity

Risk Ratings:

1-4: Low risk (monitor, no additional controls needed)
5-9: Medium risk (implement controls within 3-6 months)
10-15: High risk (implement controls within 1-3 months)
16-25: Very high risk (stop work, implement controls immediately)

💡 Pro Tip:

Score the risk BEFORE controls (inherent risk) and AFTER controls (residual risk). This shows your controls are actually reducing risk.

Hierarchy of Controls

When selecting controls, use the hierarchy (most effective to least effective):

Elimination: Remove the hazard entirely
Substitution: Replace with something safer
Engineering controls: Isolate people from the hazard (guards, barriers, ventilation)
Administrative controls: Change how people work (training, procedures, signage)
PPE: Protect the individual (last resort, least effective)

Step 4: Record Your Findings

If you employ 5+ people, you must write down:

The significant hazards
Who might be harmed
What you're already doing
What further action is needed
Who needs to carry out the action
When the action will be completed

Step 5: Review and Update

Review your assessment:

At least annually
After any incident or near miss
When work activities change
When new equipment or substances are introduced
When new information about risks becomes available

Layer 3: The Templates

Practical templates you can use, customized for different industries and hazards.

Generic Risk Assessment Template Structure

Every risk assessment template should include these core sections:

Section 1: Assessment Information

Activity/task being assessed
Location
Date of assessment
Assessor name and signature
Review date
Reference number

Section 2: People at Risk

Number of people exposed
Job roles affected
Any particularly vulnerable groups

Section 3: Hazard Identification and Risk Evaluation

Usually presented as a table with columns:

Hazard description
Who is at risk
Existing control measures
Likelihood score (1-5)
Severity score (1-5)
Initial risk rating
Additional controls required
Residual risk rating

Section 4: Action Plan

Action required
Person responsible
Target completion date
Actual completion date
Verification/sign-off

Section 5: Communication and Training

Who needs to be informed
Training requirements
Supervision requirements

Industry-Specific Templates

Different industries have different standard hazards. Here are template variations:

Construction Risk Assessment Template

Additional sections needed:

Site location and access arrangements
Plant and equipment register
Permit to work requirements (confined spaces, hot work, etc.)
Interface with other contractors
Weather considerations
Emergency procedures and first aid provision

Office Risk Assessment Template

Focused on:

DSE (Display Screen Equipment) assessments
Workstation setup and ergonomics
Slips, trips on stairs and walkways
Manual handling (filing, deliveries)
Fire evacuation from multi-story buildings
Lone working and out-of-hours access

Manufacturing Risk Assessment Template

Additional considerations:

Machinery guarding and lockout/tagout
Noise and vibration exposure levels
Chemical exposure and COSHH assessments
Repetitive tasks and ergonomic risks
Fork lift truck operations
Waste and scrap handling

Template Customization Is Critical

A template from the internet is a starting point, not a finished product. You must customize it for your specific workplace, equipment, people, and processes. Otherwise, it's legally worthless.

Layer 4: The Systems

Moving from individual assessments to a complete risk management system.

Building a Risk Assessment Management System

Individual assessments are important, but a systematic approach prevents them from becoming outdated filing cabinet fodder.

1. Assessment Register

Maintain a master register of all risk assessments:

Reference number
Assessment title
Department/location
Date completed
Review date
Status (current/overdue/in progress)
Person responsible

2. Review Schedule

Set up automatic reminders for:

Annual reviews (minimum)
Post-incident reviews
New starter assessments (young workers, new/expectant mothers)
Equipment-specific reviews (after maintenance, modification)

3. Competency Framework

Ensure people conducting assessments are competent:

Level 1: Supervisors can assess routine, well-understood tasks
Level 2: Managers can assess more complex activities in their area
Level 3: Health and safety specialists assess high-risk or complex operations
External: Bring in consultants for specialized assessments (occupational hygiene, ergonomics)

4. Integration with Other Systems

Link risk assessments to:

Method statements: Each RAMS combines RA with safe working method
Training matrix: Identify training needs from control measures
Inspection schedules: Equipment checks flow from identified risks
Incident investigations: Update assessments after accidents
Procurement: New equipment triggers assessment review

The Digital Transformation

Modern risk assessment is moving from Word documents to digital platforms. Benefits include:

Automated Workflows

Assessments auto-assigned to responsible persons
Review reminders sent automatically
Approval workflows prevent incomplete assessments going live
Version control tracks all changes

AI-Powered Hazard Libraries

Pre-populated hazards based on task type
Industry-standard control measures suggested
Risk scores calculated automatically
Compliance checks against HSE guidance

Mobile Access

Supervisors access assessments on-site via phone/tablet
Workers acknowledge they've read and understood assessments
Photos of hazards uploaded directly
Real-time updates when conditions change

Analytics and Reporting

Dashboard showing overdue reviews
Risk heatmaps by department/location
Trend analysis of risk scores over time
Action completion rates

How RiskGen Implements Layer 4

RiskGen isn't just a template generator—it's a complete risk assessment management system:

AI-powered hazard identification: Suggests hazards based on your industry and task
Automatic risk scoring: Calculates both inherent and residual risk
Control measure library: 10,000+ industry-standard controls
Automatic review reminders: Never miss a review date
Integration with RAMS: Risk assessments link directly to method statements
Version control: Full audit trail of all changes
Mobile access: Site teams can view assessments on any device

Try RiskGen Free for 14 Days

Continuous Improvement Cycle

Layer 4 thinking means treating risk assessment as a continuous improvement process, not a compliance checkbox:

Plan

Identify activities needing assessment. Schedule assessments. Assign competent assessors.

Do

Conduct assessments following 5-step process. Implement control measures. Train workers on controls.

Check

Monitor control effectiveness. Review incidents and near-misses. Conduct audits and inspections.

Act

Update assessments based on findings. Improve controls where needed. Share lessons learned.

Bringing It All Together

Each layer builds on the previous:

Layer 1 gives you the legal foundation and understanding of why assessments matter
Layer 2 provides the methodology to identify hazards and evaluate risks properly
Layer 3 offers practical templates you can customize for your specific needs
Layer 4 transforms assessments from documents into a living safety management system

Most businesses operate at Layer 1 or 2—meeting legal requirements but not leveraging risk assessment as a genuine safety tool.

Layer 4 organizations treat risk assessment as a continuous process that drives decisions, prevents accidents, and creates a culture where safety is genuinely valued.

Related Resources: