risk assessment writing service

Home / Resources / News and Trends / Newsletters / AtIsaca / 2021 / Volume 31 / How to Write Strong Risk Scenarios and Statements

How to write strong risk scenarios and statements.

Risk management is both art and science. There is no better example of risk as an art form than risk scenario building and statement writing. Scenario building is the process of identifying the critical factors that contribute to an adverse event and crafting a narrative that succinctly describes the circumstances and consequences if it were to happen. The narrative is then further distilled into a single sentence, called a risk statement , that communicates the essential elements from the scenario. 

Think of this whole process as a set-up for a risk assessment as it defines the elements needed for the next steps: risk measurements, analysis, response and communication. Scenario building is a crucial step in the risk management process because it clearly communicates to decision-makers how, where and why adverse events can occur.  

Risk scenarios and statements are written after risks are identified, as shown in figure 1 .

Figure 1—Risk Identification, Risk Scenarios and Risk Statements

What is a risk scenario? The concept of risk scenario building is present in one form or another in all major risk frameworks, including NIST Risk Management Framework (RMF) , ISACA’s Risk IT and COSO ERM . The above frameworks have one thing in common: the purpose of risk scenarios is to help decision-makers understand how adverse events can affect organizational strategy and objectives. The secondary function of risk scenario building, according to the above frameworks, is to set up the next stage of the risk assessment process: risk analysis. Scenarios set up risk analysis by clearly defining and decomposing the factors contributing to the frequency and the magnitude of adverse events.

See figure 1 above for the components of a risk scenario. Risk scenarios are most often written as narratives, describing in detail the asset at risk, who or what can act against the asset, their intent or motivation (if applicable), the circumstances and threat actor methods associated with the threat event, the effect on the company if/when it happens, and when or how often the event might occur.

A well-crafted narrative helps the risk analyst scope and perform an analysis, ensuring that the critical elements are included and irrelevant details are not. Additionally, it provides leadership with the information they need to understand, analyze and interpret risk analysis results. For example, suppose a risk analysis reveals that the average annualized risk of a data center outage is US$40M. The risk scenario will define an “outage,” which data centers are in scope, the duration required to be considered business-impacting, what the financial impacts are and all relevant threat actors. The risk analysis results combined with the risk scenario start to paint a complete picture of the event and guide the audience down the path to well-informed decisions.

For more information on risk scenarios and examples, read ISACA’s Risk IT Practitioner’s Guide and Risk IT Framework .

What is a risk statement? It might not always be appropriate to use 4-6 sentence narrative-style risk scenarios, such as in board reports or an organizational risk register. The core elements of the forecasted adverse event are often distilled even further into a risk statement. 

Risk statements are a bite-sized description of risk that everyone from the C-suite to developers can read and get a clear idea of how an event can affect the organization if it were to occur.

Several different frameworks set a format for risk scenarios. For example, a previous ISACA article uses this format:

[Event that has an effect on objectives] caused by [cause/s] resulting in [consequence/s].

The OpenFAIR standard uses a similar format:

[Threat actor] impacts the [effect] of [asset] via (optional) [method]. 

The OpenFAIR standard has a distinct advantage of using terms and concepts that are easily identifiable and measurable. Additionally, the risk scenario format from ISACA’s Risk IT was purpose-built to be compatible with OpenFAIR (along with other risk frameworks). The same terms and definitions used in OpenFAIR are also utilized in Risk IT.

The following factors are present in an OpenFAIR compatible risk statement:

• Threat actor: Describes the individual or group that can act against an asset. A threat actor can be an individual internal to the organization, like an employee. It can also be external, such as a cybercriminal organization. The intent is usually defined here, for example, malicious, unintentional, or accidental actions. Force majeure events are also considered threat actors.
• Asset: An asset is anything of value to the organization, tangible or intangible. For example, people, money, physical equipment, intellectual property, data and reputation.
• Effect: Typically, in technology risk, an adverse event can affect the confidentiality, integrity, availability, or privacy of an asset. The effect could extend beyond these into enterprise risk, operational risk and other areas.
• Method : If appropriate to the risk scenario, a method can also be defined. For example, if the risk analysis is specifically scoped to malicious hacking via SQL injection, SQL injection can be included as the method.

Risk statement examples

• Privileged insider shares confidential customer data with competitors, resulting in losses in competitive advantage.
• Cybercriminals infect endpoints with ransomware encrypting files and locking workstations, resulting in disruption of operations.
• Cybercriminals copy confidential customer data and threaten to make it public unless a ransom is paid, resulting in response costs, reputation damage and potential litigation.

Scenario building is a skill Scenario building is one of the most critical components of the risk assessment process as it defines the scope, depth and breadth of the analysis. It also helps the analyst define and decompose various risk factors for the next phase: risk measurement. More importantly, it helps paint a clear picture of organizational risk for leadership and other key stakeholders. It is a critical step in the risk assessment process in both quantitative and qualitative risk methodologies.

Good risk scenario building is a skill and can take some time to truly master. Luckily, there are plenty of resources available to help both new entrants to the field and seasoned risk managers hone and improve their scenario-building skills. Additional resources on risk identification and scenario building include:

• ISACA’s Risk IT Practitioner’s Guide , 2 nd edition
• ISACA’s Risk IT Framework , 2 nd edition
• Risk Scenarios: Using COBIT 5 for Risk

About the author: Tony Martin-Vegue, CISM, CISSP, OpenFAIR, is a writer, speaker and risk expert with a passion for data-driven decision making. He uses his expertise in economics, cyberrisk quantification and information security to advise senior operational and security leaders on how to integrate evidence-based risk analysis into business strategy. Martin-Vegue serves on the board of the Society of Information Risk Analysts and is the co-chair of the San Francisco chapter of the FAIR Institute—2 professional organizations dedicated to advancing risk quantification. He can be contacted at  www.tonym-v.com.

Do you have a British Safety Council website account?

Log in or register below

Basket adjustments detected!

Your basket has been adjusted. This may be due to an event becoming unavailable or you logging into the site and your active roles changing.

Risk assessments: what they are, why they're important and how to complete them

Risk assessment is a primary management tool in ensuring the health and safety of workers (and others). What many people perhaps are not aware of, however, is that they are actually a legal requirement for employers and certain self-employed people.

Risk assessment is a primary management tool in ensuring the health and safety of workers (and others). What many people perhaps are not aware of, however, is that they are actually a legal requirement for employers and self-employed people.

Whether you're wondering how to complete a risk assessment or are unsure of their relevance within your industry, read on to discover everything you need to know.

What is a risk assessment?

The definition of a risk assessment is a systematic process of identifying hazards and evaluating any associated risks within a workplace, then implementing reasonable control measures to remove or reduce them.

When completing a risk assessment, it is important to clearly define some keywords:

• An  accident  is ‘ an unplanned event that results in loss ’
• A  hazard  is ‘ something that has the potential to cause harm’
• A  risk  is ‘ the likelihood and the severity of a negative occurrence (injury, ill-health, damage, loss) resulting from a hazard. ’

Additional training may be required if you need to complete or re-assess your risk management procedures. Completing training such as our  British Safety Council Certificate in Risk Assessment  will help ensure a risk assessment is suitable and sufficiently detailed.

Different types of risk assessments

The types of risk assessment required within any workplace should be proportionate and relevant to the operational activities being undertaken. In many industries, there are specific legislative requirements that apply. For example, in environments where hazardous substances are used a Control of Substances Hazardous to Health Assessment (COSHH) should be completed (for more information see  What is COSHH? ).

Some common types of risk assessments include:

• Fire risk assessments : fire safety management procedures are required to be established in all workplaces including a suitable and sufficient fire risk assessment.
• Manual handling risk assessments : should be conducted in any workplace where an employee may be at risk from injury and/or ill-health through the need to lift, carry, move loads.
• Display screen equipment (DSE) risk assessments : are required to be completed in workplaces where employees (and others) are using computers, laptops, etc.
• COSHH risk assessments : are required within workplaces where hazardous substances are stored, used or manufactured.

A business may also choose to complete a Risk Assessment Method Statement (RAMS) dependent upon the nature of the operations being carried out. This process contains details of the hazard and a step-by-step procedure on how to complete work and suitably control the risks identified. This process is commonly used within the construction industry.

Why are risk assessments important?

As previously stated, carrying out suitable and sufficient risk assessments is the primary management tool in effective risk management. It is a legal requirement for any employer and must be documented wherever five or more people are employed.

Risk assessment is a straightforward and structured method of ensuring the risks to the health, safety and wellbeing of employees (and others) are suitably eliminated, reduced or controlled.

The main purpose of risk assessments are:

• To identify health and safety hazards and evaluate the risks presented within the workplace
• To evaluate the effectiveness and suitability of existing control measures
• To ensure additional controls (including procedural) are implemented wherever the remaining risk is considered to be anything other than low.
• To prioritise further resources if needed to ensure the above.

It can be a costly lesson for a business if they fail to have necessary controls in place. They could face not only financial loss (through fines, civil actions, etc) but also loss in respect of production time, damage to equipment, time to train replacement employees and negative publicity amongst others.  

A recent article in British Safety Council Safety Management magazine outlines an incident where a business was ‘fined £274,000 after two workers became trapped in moving machinery in two separate incidents’. In the report, Health and Safety Executive (HSE) inspector Saffron Turnell noted that “companies should be aware that HSE will not hesitate to take enforcement action against those that fall below the required standards.” It is cases like this one that should act as a warning for all business and highlight the importance of risk assessments.

Risk assessment in the workplace

There are a number of reasons why risk assessments are important in the workplace, not to mention the fact that they are a legal requirement. We've outlined some of the main reasons below.

1. Risk assessments are crucial to preventing accidents in the workplace: not only can risk assessments reduce the likelihood of accidents, they also help raise awareness of hazards and minimise risk.

2. They reduce injuries and save lives: risk assessments don't just identify hazards that create short-term risks. Without an effective risk assessment, long-term risks such as exposure to asbestos wouldn't be identified or mitigated, potentially leading to fatal health problems. 

3. They help generate awareness about hazards in the workplace: organisations and employers being aware of hazards means injury is less likely to occur. Not only does this keep everyone safe and well but it will additionally save the company money. Injured employees may require sick pay, time off and compensation and Health and Safety Executive (HSE) could issue fines if they find you in breach of the law.

4. They help managers make decisions about risk, including identifying who is most at risk and making appropriate adjustments: having an effective and formal risk assessment in place will demonstrate that you have taken appropriate measures to ensure the health and safety of your employees.

Who is responsible for carrying out risk assessments?

It is the responsibility of the employer (or self-employed person) to carry out the risk assessment at work or to appoint someone with the relevant knowledge, experience and skills to do so.

The  Management of Health and Safety at Work Regulations 1999  states that an employer must take reasonable steps ‘for the effective planning, organisation, control, monitoring and review of the preventive and protective measures.’ So even if the task of risk management is delegated, it is ultimately the responsibility of the management within any business to ensure it is effectively completed .

Once hazards have been identified, the associated risks evaluated and steps taken to minimise the potential effects, the next step for an employer is to clearly and effectively communicate the risk assessment process and content to relevant parties.

The process of communication is more effectively achieved if the relevant persons are involved with the risk assessment process at every stage. The person carrying out an activity or task is often best placed to provide details on the associated hazards and risks and should participate fully in the completion of the risk assessment.

Additional training may be required  - such as our British Safety Council Certificate in Risk Assessment  to ensure that a review is completed accurately and effectively.

When to carry out a risk assessment?

A suitable and sufficient risk assessment must be carried out prior to a particular activity or task being carried out in order to eliminate, reduce or suitably control any associated risk to the health, safety and wellbeing of persons involved with (or affected by) the task/activity in question.

Once completed a risk assessment should be reviewed periodically (proportionate to the level of risk involved) and in any case when either the current assessment is no longer valid and/or if at any stage there has been significant changes to the specific activity or task.

Relevant risk assessments should be reviewed following an accident, incident or ill-health event in order to verify if the control measures and level of evaluated risk where appropriate or require amendment.

How to do a risk assessment?

The HSE has recommended a five-step process for completing a risk assessment. This provides a useful checklist to follow to ensure that the assessment is suitably comprehensive. It involves:

• Identifying potential hazards
• Identifying who might be harmed by those hazards
• Evaluating risk (severity and likelihood) and establishing suitable precautions
• Implementing controls and recording your findings
• Reviewing your assessment and re-assessing if necessary.

Step 1. Identify potential hazards

It is important to firstly identify any potential hazards within a workplace that may cause harm to anyone that comes into contact with them. They may not always be obvious so some simple steps you can take to identify hazards are:

• Observation: Walking around your workplace and looking at what activities, tasks, processes or substances used could harm your employees (or others)
• Looking back over past accidents and ill-health records as they may identify less obvious hazards
• Checking manufacturers’ data sheets, instructions, information and guidance
• Consulting with employees (and others) who are carrying out the activities, tasks or processes.

It may be useful to group hazards into five categories, namely physical, chemical, biological, ergonomic and psychological.  

Step 2. Identify who might be harmed by those hazards

Next, identify who might be harmed by those potential hazards. It should also be noted how they could be affected, be it through direct contact or indirect contact. It is not necessary to list people by name, rather by identifying groups including:

• Contractors

Some hazards may present a higher risk to certain groups including children, young people, new or expectant mothers, new employees, home workers, and lone workers.

Step 3. Evaluate risk severity and establish precautions

After identifying any hazards and who might be affected, it is important to evaluate the severity the risk may present (should it occur) and establish suitable and effective controls to reduce this level of risk as far as is ‘reasonably practicable’.  This means that everything possible is done to ensure health and safety considering all relevant factors including:

• Likelihood that harm may occur
• Severity of harm that may occur
• Knowledge about eliminating, reducing or controlling hazards and risks
• Availability of control measures designed to eliminate, reduce or suitably control or the risk
• Costs associated with available control measures designed to eliminate, reduce or suitably control or the risk

Assessing the severity of a risk requires an evaluation of the likelihood of an occurrence and how substantial the consequences that it may cause. Some factors affecting this evaluation include the duration and frequency of exposure, number of persons affected, competence of those exposed, the type of equipment and its condition, and availability of first-aid provision and/or emergency support.

Step 4. Implement changes and record your findings

If a workplace has five or more individuals, significate findings of the risk assessments are required to be kept either electronically or in writing. Recording your findings on a  risk assessment form  is an easy way to keep track of the risks and control measures put in place to reduce the identified risk. The form includes:

• What hazards were found
• Person(s) or groups affected
• The controls put in place to manage risks and who is monitoring them
• Who carried out the assessment
• On what date the assessment was done.

It is sensible to ensure the risk assessment is proportionate to the activity or task being carried out and this can often be a straightforward process for generic tasks.

Step 5. Review your assessment and reassess if necessary

Employers should periodically review the assessment and if necessary, re-assess any controls in place.

A good guide as to when you may need to review your processes are:

• After any significant change within the workplace or process in question
• After an accident or ill-health incident has occurred
• After near-misses have been reported.

Forgetting to review your risk assessment is easy, especially when trying to run a business. Don't wait until it's too late, set a date to review your risk assessment when you're conducting it and don't forget to add the date to your diary.

Significant changes can happen in businesses and when they do, make sure to review your risk assessment and amend it if you need to. If you or your organisation are planning changes that will happen in the future, ensure a risk assessment review is included.

What documentation do you need?

It is a misconception that risk assessments inherently involve a vast amount of paperwork. It can be as straight forward as completing a basic  risk assessment form  for many generic tasks or activities.

However, employers should make sure they record significant findings including:

• Any hazards identified
• What controls are in currently in place, and information on any further control measures that may be required
• Any individuals that have been identified as being especially at risk.

There is no set amount of time that you are required to retain the risk assessment, but it is best practice to keep it as long as is considered relevant to a particular task or activity.

Risk assessments are an integral part of ensuring the health, safety and wellbeing of everyone within the workplace. The British Safety Council Certificate in Risk Assessment   is a short course recommended for anyone who has to carry out risk assessments or wants to understand the process more fully.

Dynamic vs formal risk assessment

A formal risk assessment involves recording everything associated with the risks of a workplace or environment. Formal risk assessments are likely to be carried out by organisations who have a duty of care to their employees and associates. 

A dynamic risk assessment is the opposite and we complete these subconsciously in every day life. Whenever we take an action, we consider and understand the hazards and risks involved but we don't document the process. For example, before jumping over a wall, we would consider how likely we are to be injured, how that would impact us and what the negative results may be.

Formal and dynamic risk assessments do have something in common, whether its you as an individual or an organisation, we are analysing the potential risks of a situation and using that to inform our decisions.

How to carry out a risk assessment

It is a misconception that risk assessments inherently involve a vast amount of paperwork. It can be as straight forward as completing a basic risk assessment form  for many generic tasks or activities.

Risk assessments are an integral part of ensuring the health, safety and wellbeing of everyone within the workplace. British Safety Council Certificate in Risk Assessment course  is a short course recommended for anyone who has to carry out risk assessments or wants to understand the process more fully.

Find out more

British Safety Council Certificate in DSE Risk Assessment

British Safety Council Certificate in COSHH Risk Assessment

British Safety Council Certificate in Risk Assessment

• Special Offers
• Training Course Login
• Latest News/Blog
• London: 020 8064 2275
• Bristol: 0117 442 0185
• [email protected]

Risk Assessment Writing Service

• Bespoke Health And Safety Documents

£ 55.00

Our Risk Assessment writing service is for the preparation of a single Risk Assessment for a single task/activity.  We prepare the risk assessment for you based on the information provided and then email the completed risk assessment to you as a secure PDF document.  Discounts are available for the preparation of multiple risk assessments – please contact us for more information.

Categories:

• Description

Risk Assessments are a fundamental element of health and safety management in the workplace and our Risk Assessment writing service has been designed to help ease the burden on companies by providing a cost effective health and safety consultancy service to enable companies to comply with the requirement associated with the need for undertaking Risk Assessments of their hazardous activities.

The requirement for carrying out Risk Assessments has been around for many years, although the actual legal requirement to carry out risk assessments is covered by the Health and Safety at Work etc Act 1974,  the  Management of Health and Safety at Work Regulations 1999  and the  Construction (Design and Management) Regulations 2015  ( CDM Regulations ), plus other more specific regulations.

Furthermore the law requires that all potentially hazardous works must be risk assessed and where the company employs 5 or more persons (and this includes directors and labour only sub-contractors),  these assessments MUST be recorded in writing .

Health and Safety Law also requires Risk Assessments to be ‘suitable and sufficient’, so recycling an old document and just changing the title, or purchasing a £5 document online is not just not going to be sufficient and could have major consequences in the event of an accident or if a health and safety inspector decides to review your Health and Safety Arrangements.

Your Safety Advisor Ltd understands the administrative nightmare that this can place onto businesses, particularly small businesses and self employed tradesmen.  We have therefore developed our Risk Assessment writing service specifically to cater for these organisations to help put them on a level playing field with their larger competitors, who already have access to dedicated internal health and safety staff who undertake this work for them.

Your Safety Advisor Ltd can therefore prepare and write your Risk Assessments specifically for you taking into account the site you are working on and the task that you are undertaking.  Furthermore, you can be assured that all of our risk assessments are written by experienced and competent construction safety specialists, this means you can be assured of the quality and content of the documents that you are working to and providing to your clients.  All to often we speak to clients who have downloaded ‘cheap’ risk assessments and other documents from the internet that that they have perhaps paid a few pounds for.  Unfortunately these Risk Assessments never stand up to scrutiny and can in fact do more harm than good to the image and standing of your company.

If a client is asking you for a risk assessment, its likely that they are looking at ensuring that they protecting themselves, they have a legal duty to ensure that they only use ‘Competent Contractors’.  So presenting your new client with a copy of someone else’s Risk Assessment or a cheap £5.00 risk assessment that you’ve bought and downloaded from website really is not going to give your client the confidence that you know what you are doing and are a competent contractor!  So don’t risk your reputation make sure you demonstrate to your clients how professional you are, it could well open up further contracts for you as well.

Implementing good Health and Safety is an investment in your company and your staff, it will not only help to keep your staff safe and protect your valuable plant, equipment and other assets, but it will also help you to grow your company.  So talk to our Construction Safety Advisors, we’re here to help and support you and whilst we may not be the cheapest, we do offer incredible value for money!

• Brick Paving
• Painting and Decorating
• Data Cable Installation
• Roof Trusses
• Cut Timber Roof
• Plastering and Dry Lining
• MF Ceilings
• Suspended Ceilings
• Intruder Security Systems
• CCTV Systems
• Kitchen Installation
• Bathroom Fitting
• Brickwork and Block Work
• Steel Erection
• Electrical Installations
• Lighting Installation
• Security Systems
• CCTV Installation
• Independent Scaffolding
• Temporary Roofs
• Birdcage Scaffolds
• Under floor Heating
• Electric Vehicle Charging Points
• Boiler Replacement
• Drainage Installation
• Storm water tanks
• Retaining walls
• Drain Cleaning
• Ground Works
• Roofing (Tiles/Slates)
• Roofing (Sheets)
• Builders Clean
• Close Board Fencing
• Fire Stopping
• Fire Detection and Alarm Systems

Your Safety Advisor Ltd is your number one choice for straight talking and practical health and safety advice.  Don’t settle for second best,  contact us today  and see the difference we can make.

Did you know that you can also appoint us as your Retained Health and Safety Advisors…….. this gives you access to competent health and safety advice and support when you need it and all at an affordable low price.  Click here for more information.

Related Products

CDM Construction Phase Plan (Non-Notifiable)

Principal Designer (CDM)

Manual Handling Assessment

Let's work together.

Terms & Conditions | Privacy Policy | Cookie Policy

Your Safety Advisor Ltd is Registered in England and Wales. Company No.: 12161199  VAT No.: GB 332096910

Registered Address: 8 Mariners Way, Appledore, Bideford, Devon, EX39 1RA © Your Safety Advisor Ltd 2019 All Rights Reserved

Hit enter to search or ESC to close

• UK Construction Health and Safety Specialists
• Meet the Team
• Construction Health and Safety Consultants in Devon and Cornwall
• Time for a new Health and Safety Consultant
• Online Health and Safety Training Courses
• Retained Health and Safety Advisor Service
• RAMS – Risk Assessment and Method Statement Writing Service
• Health and Safety Policy & Procedures Manual
• H&S Documents – RAMS, H&S Policy, COSHH, Risk Assessments, CDM Safety Plans etc
• H&S Competent Person Service
• Contractor H&S Assessment Schemes (SSIP, CHAS, SafeContractor, SMAS etc)
• H&S Consultancy Services
• Your London Safety Advisor
• Downloadable Health and Safety Templates
• Online Safety Training Courses
• Safety Services for Designers
• CDM Advisor for Contractors
• Contractors Health and Safety Assessment Scheme (CHAS)
• Latest News & Blog

The Essentials of Effective Project Risk Assessments

By Kate Eby | September 19, 2022

• Share on Facebook
• Share on LinkedIn

Link copied

Performing risk assessments is vital to a project’s success. We’ve gathered tips from experts on doing effective risk assessments and compiled a free, downloadable risk assessment starter kit. 

Included on this page, you’ll find details on the five primary elements of risk , a comprehensive step-by-step process for assessing risk , tips on creating a risk assessment report , and editable templates and checklists to help you perform your own risk assessments.

What Is a Project Risk Assessment?

A project risk assessment is a formal effort to identify and analyze risks that a project faces. First, teams identify all possible project risks. Next, they determine the likelihood and potential impact of each risk.

During a project risk assessment, teams analyze both positive and negative risks. Negative risks are events that can derail a project or significantly hurt its chances of success. Negative risks become more dangerous when teams haven’t identified them or created a plan to deal with them.

A project risk assessment also looks at positive risks. Also called opportunities, positive risks are events that stand to benefit the project or organization. Your project team should assess those risks so they can seize on opportunities when they arise.

Your team will want to perform a project risk assessment before the project begins. They should also continually monitor for risks and update the assessment throughout the life of the project.

Some experts use the term project risk analysis to describe a project risk assessment. However, a risk analysis typically refers to the more detailed analysis of a single risk within your broader risk assessment. For expert tips and information, see this comprehensive guide to performing a project risk analysis. 

Project risk assessments are an important part of project risk management. Learn more from experts about best practices in this article on project risk management . For even more tips and resources, see this guide to creating a project risk management plan .

How Do You Assess Risk in a Project?

Teams begin project risk assessments by brainstorming possible project risks. Avoid missing important risks by reviewing events from similar past projects. Finally, analyze each risk to understand its time frame, probability, factors, and impact.  

Your team should also gather input from stakeholders and others who might have thoughts on possible risks. 

In general terms, consider these five important elements when analyzing risks:

• Risk Event: Identify circumstances or events that might have an impact on your project. 
• Risk Time Frame: Determine when these events are most likely to happen. This might mean when they happen in the lifecycle of a project or during a sales season or calendar year. 
• Probability: Estimate the likelihood of an event happening. 
• Impact: Determine the impact on the project and your organization if the event happens. 
• Factors: Determine the events that might happen before a risk event or that might trigger the event.

Project Risk Assessment Tools

Project leaders can use various tools and methodologies to help measure risks. One option is a failure mode and effects analysis. Other options include a finite element analysis or a factor analysis and information risk.

These are some common risk assessment tools:

• Process Steps: Identify all steps in a process.
• Potential Problems: Identify what could go wrong with each step.
• Problem Sources: Identify the causes of the problem.
• Potential Consequences: Identify the consequences of the problem or failure.
• Solutions: Identify ways to prevent the problem from happening.
• Finite Element Analysis (FEA): This is a computerized method for simulating and analyzing the forces on a structure and the ways that a structure could break. The method can account for many, sometimes thousands, of elements. Computer analysis then determines how each of those elements works and how often the elements won’t work. The analysis for each element is then added together to determine all possible failures and the rate of failure for the entire product.
• Factor Analysis of Information Risk (FAIR): This framework helps teams analyze risks to information data or cybersecurity risk.

How to Conduct a Project Risk Assessment

The project manager and team members will want to continually perform risk assessments for a project. Doing good risk assessments involves a number of steps. These steps include identifying all possible risks and assessing the probability of each.

Most importantly, team members must fully explore and assess all possible risks, including risks that at first might not be obvious.

“The best thing that a risk assessment process can do for any project, over time, is to be a way of bringing unrecognized assumptions to light,” says Mike Wills , a certified mentor and coach and an assistant professor at Embry-Riddle Aeronautical University’s College of Business. “We carry so many assumptions without realizing how they constrain our thinking.”

Steps in a Project Risk Assessment

Experts recommend several important steps in an effective project risk assessment. These steps include identifying potential risks, assessing their possible impact, and formulating a plan to prevent or respond to those risks.

Here are 10 important steps in a project risk assessment:

Step 1: Identify Potential Risks

Bring your team together to identify all potential risks to your project. Here are some common ways to help identify risks, with tips from experts:

• Review Documents: Review all documents associated with the project.
• Consider Industry-Specific Risks: Use risk prompt lists for your industry. Risk prompt lists are broad categories of risks, such as environmental or legal, that can occur in a project.
• Revisit Previous Projects: Use checklists from similar projects your organization has done in the past. 

• “What I like to do for specific types of projects is put together a checklist, a taxonomy of old risks that you've identified in other projects from lessons learned,” says Wendy Romeu, President and CEO of Alluvionic . “Say you have a software development program. You would pull up your template that includes all the risks that you realized in other projects and go through that list of questions. Then you would ask: ‘Do these risks apply to our project?’ That's kind of a starting point.” “You do that with your core project team,” Romeu says, “and it gets their juices flowing.” Learn more about properly assessing lessons learned at the end of a project in this comprehensive guide to project management lessons learned .
• Consult Experts: Conduct interviews with experts within and, in some cases, outside your organization.
• Brainstorm: Brainstorm ideas with your team. “The best scenario, which doesn't usually happen, is the whole team comes together and identifies the risks,” says Romeu.
• Stick to Major Risks: Don’t try to identify an unrealistic or unwieldy number of risks. “You want to identify possible risks, but you want to keep the numbers manageable,” says Wills. “The more risks you identify, the longer you spend analyzing them. And the longer you’re in analysis, the fewer decisions you make.”
• Look for Positive Risks: Identify both positive risks and negative ones. It’s easy to forget that risks aren’t all negative. There can be unexpected positive events as well. Some people call these opportunities , but in a risk assessment, experts call them positive risks. 

• “A risk is a future event that has a likelihood of occurrence and an impact,” says Alan Zucker, founding principal of Project Management Essentials , who has more than two decades of experience managing projects in Fortune 100 companies. “Risks can both be opportunities — good things — and threats. Most people, when they think about risk assessment, they always think about the negatives. I really try to stress on people to think about the opportunities as well.” Opportunities, or positive risks, might include your team doing great work on a project and a client wanting the team to do more work. Positive risks might include a project moving forward more quickly than planned or costing less money than planned. You’ll want to know how to respond in those situations, Zucker says. Learn more about project risk identification and find more tips from experts in this guide to project risk identification .

Step 2: Determine the Probability of Each Risk

After your team has identified possible risks, you will want to determine the probability of each risk happening. Your team can make educated guesses using some of the same methods it used to identify those risks.

Determine the probability of each identified risk with these tactics:

• Brainstorm with your team.
• Interview experts.
• Review similar past projects.
• Review other projects in the same industry.

Step 3: Determine the Impact of Each Risk

Your team will then determine the impact of each risk should it occur. Would the risk stop the project entirely or stop the development of a product? Or would the risk occurring have a relatively minor impact?

Assessing impact is important because if it’s a positive risk, Romeu says, “You want to make sure you’re doing the things to make it happen. Whereas if it's a high risk and a negative situation, you want to do the things to make sure it doesn't happen.”

There are two ways to measure impact: qualitative and quantitative. “Are we going to do just a qualitative risk assessment, where we're talking about the likelihood and the probability or the urgency of that risk?” asks Zucker. “Or are we going to do a quantitative risk assessment, where we're putting a dollar figure or a time figure to those risks?”

Most often, a team will analyze and measure risk based on qualitative impact. The team will analyze risk based on a qualitative description of what could happen, such as a project being delayed or failing. The team may judge that impact as significant but won’t put a dollar figure on it.

A quantitative risk assessment, on the other hand, estimates the impact in numbers, often measured in dollars or profits lost, should a risk happen. “Typically, for most projects, we don’t do a quantitative risk assessment,” Zucker says. “It’s usually when we’re doing engineering projects  or big, federal projects. That’s where we're doing the quantitative.”

Step 4: Determine the Risk Score of Each Event

Once your team assesses possible risks, along with the risk probability and impact, it’s time to determine a risk score for each potential event. This score allows your organization to understand the risks that need the most attention.

Often, teams will use a simple risk matrix to determine that risk score. Your team will assign a score based on the probability of each risk event. It will then assign a second score based on the impact that event would have on the organization. Those two figures multiplied will give you each event or risk a risk score.

Zucker says he prefers to assign the numbers 1, 5, and 10 — for low, medium, and high — to both the likelihood of an event happening and its impact. In that scenario, an event with a low likelihood of happening (level of 1) and low impact (level of 1) would have a total risk score of 1 (1 multiplied by 1). An event with a high likelihood of happening (level of 10) and a large impact (level of 10) would have a total risk score of 100.

Zucker says he prefers using those numbers because a scale as small as one to three doesn't convey the importance of high-probability and high-impact risks. “A nine doesn't feel that bad,” he says. “But if it's 100, it's like, ‘Whoa, I really need to worry about that thing.’”

While these risk matrices use numbers, they are not really quantitative. Your teams are making qualitative judgments on events and assigning a rough score. In some cases, however, teams can determine a quantitative risk score.

Your team might determine, based on past projects or other information, that an event has a 10 percent chance of happening. For example, if that event will diminish your manufacturing plant’s production capacity by 50 percent for one month, your team might determine that it will cost your company $400,000. In that case, the risk would have a risk score of $40,000.

At the same time, another event might have a 40 percent chance of happening. Your team might determine the cost to the business would be $10,000. In that case, the risk score is $4,000.

“Just simple counts start to give you a quantifiable way of looking at risk,” says Wills. “A risk that is going to delay 10 percent of your production capacity is a different kind of risk than one that will delay 50 percent of it. Because you have a number, you can gather real operational data for a week or two and see how things support the argument. You can start to compare apples to apples, not apples to fish.”

Wills adds, “Humans, being very optimistic and terrible at predicting the future, will say, ‘Oh, I don't think it'll happen very often.’ Quantitative techniques help to get you away from this gambler fallacy kind of approach. They can make or break your argument to a stakeholder that says, ‘I've looked at this, and I can explain mechanically, count by the numbers like an accountant, what's going on and what might go wrong.’”

Step 5: Understand Your Risk Tolerance

As your team considers risks, it must understand the organization’s risk tolerance. Your team should know what kinds of risks that organizational leaders and stakeholders are willing to take to see a project through.

Understanding that tolerance will also help your team decide how and where to invest time and resources in order to prevent certain negative events.

Step 6: Decide How to Prioritize Risks

Once your team has determined the risk score for each risk, it will see which potential risks need the most attention. These are risks that are high impact and that your organization will want to work hard to prevent.

“You want to attack the ones that are high impact and high likelihood first,” says Romeu. 

“Some projects are just so vital to what you do and how you do it that you cannot tolerate the risk of derailment or major failure,” says Wills. “So you're willing to spend money, time, and effort to contain that risk. On other projects, you're taking a flier. You're willing to lose a little money, lose a little effort.”

“You have to decide, based on your project, based on your organization, the markets you're in, is that an ‘oh my gosh, it's gonna keep me up every night’ kind of strategic risk? Or is it one you can deal with?” he says.

Step 7: Develop Risk Response Strategies

Once your team has assessed all possible risks and ranked them by importance, you will want to dive deeper into risk response strategies. That plan should include ways to respond to both positive and negative risks.

These are the main strategies for responding to threats or negative risks:

• Mitigate: These are actions you will take to reduce the likelihood of a risk event happening or that will reduce the impact if it does happen. “For example, if you’re building a datacenter, we might have backup power generators to mitigate the likelihood or the impact of a power loss,” says Zucker. You can learn more, including more tips from experts, about project risk mitigation .
• Avoid: If a certain action, new product, or new service carries an unacceptably high risk, you might want to avoid it entirely. 
• Transfer: The most common way that organizations transfer risk is by buying insurance. A common example is fire insurance for a building. Another is cybersecurity insurance that would cover your company in the event of a data breach. An additional option is to transfer certain risks to other companies that can do the work and assume its risks for your company. “It could be if you didn't want to have the risk of running a datacenter anymore, you transfer that risk to Jeff Bezos (Amazon Web Services) or to Google or whoever,” Zucker says.

These are the main strategies for responding to opportunities or positive risks:

• Share: Your company might partner with another company to work together on achieving an opportunity, and then share in the benefits.
• Exploit: Your company and team work hard to make sure an event happens because it will benefit your company.
• Enhance: Your company works to improve the likelihood of something happening, with the understanding that it might not happen.

These are the main strategies for responding to both threats and opportunities, or negative and positive risks:

• Accept: Your company simply accepts that a risk might happen but continues on because the benefits of the action are significant. “You're not ignoring the risks, but you're saying, ‘I can't do anything practical about them,’” says Wills. “So they're there. But I'm not going to spend gray matter driving myself crazy thinking about them.”
• Escalate: This is when a project manager sees a risk as exceptionally high, impactful, and beyond their purview. The project manager should then escalate information about the risk to company leaders. They can then help decide what needs to happen. “Some project managers seem almost fearful about communicating risks to organization leaders,” Romeu says. “It drives me nuts. It's about communicating at the right level to the right people. At the executive level, it’s about communicating what risks are happening and what the impact of those risks are. If they happen, everybody knows what the plan is. And people aren't taken by surprise.”

Step 8: Monitor Your Risk Plans

Your team will want to understand how viable your organization’s risk plans are. That means you might want to monitor how they might work or how to test them.

A common example might be all-hands desktop exercises on a disaster plan. For example, how will a hospital respond to a power failure or earthquake? It’s like a fire drill, Zucker says. “Did we have a plan? Do people know what to do when the risk event occurs?”

Step 9: Perform Risk Assessments Continually

Your team will want to continually assess risks to the project. This step should happen throughout your project, from project planning to execution to closeout. 

Zucker explains that the biggest mistake teams tend to make with project risk assessment: “People think it's a one-and-done event. They say, ‘I’ve put together my risk register, we’ve filed it into the documents that we needed to file, and I'm not worrying about it.’ I think that is probably the most common issue: that people don't keep it up. They don't think about it.”

Not thinking about how risks change and evolve throughout a project means project leaders won’t be ready for something when it happens. That’s why doing continual risk assessment as a primary part of risk management is vital, says Wills.

“Risk management is a process that should start before you start doing that activity. As you have that second dream about doing that project, start thinking about risk management,” he says. “And when you have completely retired that thing — you've shut down the business, you've pensioned everybody off, you’re clipping your coupons and working on your backstroke — that's when you're done with risk management. It's just a living, breathing, ongoing thing.”

Experts say project managers must learn to develop a sense for always assessing and monitoring risk. “As a PM, you should, in every single meeting you have, listen for risks,” Romeu says. “A technical person might say, ‘Well, this is going to be difficult because of X or Y or Z.’ That's a risk. They don't understand that's a risk, but as a PM, you should be aware of that.”

Step 10: Identify Lessons Learned

After your project is finished, your team should come together to identify the lessons learned during the project. Create a lessons learned document for future use. Include information about project risks in the discussion and the final document.

By keeping track of risks in a lessons learned document, you allow future leaders of similar projects to learn from your successes and failures. As a result, they can better understand the risks that could affect their project.

“Those lessons learned should feed back into the system — back into that original risk checklist,” Romeu says. “So the next software development project knows to look at these risks that you found.”

How to Write a Project Risk Assessment Report

Teams will often track risks in an online document that is accessible to all team members and organization leaders. Sometimes, a project manager will also create a separate project risk assessment report for top leaders or stakeholders.

Here are some tips for creating that report:

• Find an Appropriate Template for Your Organization, Industry, and Project: You can find a number of templates that will help guide you in creating a risk assessment report. Find a project risk assessment report template in our project risk assessment starter kit.
• Consider Your Audience: As you create the report, remember your audience. For example, a report for a technical team will be more detailed than a report for the CEO of your company. Some more detailed reports for project team members might include a full list of risks, which would be 100 or more. “But don't show executives that list; they will lose their mind,” says Romeu.

Project Risk Assessment Starter Kit

Download Project Risk Assessment Starter Kit

This starter kit includes a checklist on assessing possible project risks, a risk register template, a template for a risk impact matrix, a quantitative risk impact matrix, a project risk assessment report template, and a project risk response table. The kit will help your team better understand how to assess and continually monitor risks to a project.

In this kit, you’ll find: 

• A risk assessment checklist PDF document and Microsoft Word to help you identify potential risks for your project. The checklist included in the starter kit is based on a document from Alluvionic Project Management Services.
• A project risk register template for Microsoft Excel to help you identify, analyze, and track project risks.
• A project risk impact assessment matrix for Microsoft Excel to assess the probability and impact of various risks.
• A quantitative project risk impact matrix for Microsoft Excel to quantify the probability and impact of various risks. 
• A project risk assessment report template for Microsoft Excel to help you communicate your risk assessment findings and risk mitigation plans to company leadership.
• A project risk response diagram PDF document and Microsoft Word to better understand how to respond to various positive and negative risks.

Expertly Assess and Manage Project Risks with Real-Time Work Management in Smartsheet 

Empower your people to go above and beyond with a flexible platform designed to match the needs of your team — and adapt as those needs change. 

The Smartsheet platform makes it easy to plan, capture, manage, and report on work from anywhere, helping your team be more effective and get more done. Report on key metrics and get real-time visibility into work as it happens with roll-up reports, dashboards, and automated workflows built to keep your team connected and informed. 

When teams have clarity into the work getting done, there’s no telling how much more they can accomplish in the same amount of time.  Try Smartsheet for free, today.

Discover why over 90% of Fortune 100 companies trust Smartsheet to get work done.

Builders Safety

Heath and Safety for Building and Construction

Website Search

Expert Method Statement & Risk Assessment Writing Service

In the ever-evolving landscape of construction and building projects, ensuring the safety of your workforce, adhering to regulatory standards, and maintaining efficient project execution is paramount. Method Statements and Risk Assessments are vital tools that help you achieve these goals. However, crafting these documents with precision and expertise can be a challenging task. That’s where our Method Statement & Risk Assessment writing service comes into play, backed by the expertise of a Chartered Building Engineer with decades of on-site experience.

The Importance of Method Statements & Risk Assessments

Method Statements and Risk Assessments are indispensable components of any construction or building project. They provide a structured approach to identifying potential hazards, assessing risks, and detailing safe working procedures. When meticulously prepared, these documents promote:

• Safety : Prioritising the well-being of your workforce and minimising accidents and injuries.
• Compliance : Ensuring that your project complies with health and safety regulations.
• Efficiency : Streamlining operations by providing clear guidelines for tasks and procedures.
• Accountability : Assigning responsibilities to specific individuals for each aspect of the project.

Expertise You Can Trust

Our Method Statement & Risk Assessment writing service is led by a Chartered Building Engineer with an extensive background in construction and site management. With decades of practical experience, our expert understands the intricacies of the industry and is well-versed in health and safety regulations. This ensures that every document we produce is tailored to your project’s unique needs and aligned with the latest industry standards.

Competitive Pricing

We believe that access to high-quality Method Statements and Risk Assessments should be affordable. Our pricing structure reflects this commitment. While the cost of our services depends on the complexity of your project, on average, we charge just £15.00 per document. This reasonable pricing makes our service accessible to both small-scale projects and large-scale developments.

Payment is made via PayPal (No PayPal Account Needed) an Invoice will be sent to you requesting payment, Completed documents will be delivered once payment has been received.

Swift Turnaround Time

We understand that time is of the essence in the construction industry. Delays can be costly and even dangerous. That’s why we are dedicated to providing rapid service. Our typical turnaround time is just 24 hours, ensuring that you receive your Method Statements and Risk Assessments promptly. We offer two delivery options: email or account download, allowing you to choose the method that suits you best.

Additional Services

In addition to Method Statements and Risk Assessments, we offer a range of supplementary documents to enhance your project’s health and safety protocols. These include:

• Bespoke Health & Safety Policy : Crafted to align perfectly with your project’s requirements and objectives, our bespoke policies provide a comprehensive framework for safety management. Price £25
• 200-Page Health & Safety Manual : For larger, more complex projects, we offer extensive manuals that cover every aspect of health and safety, offering a complete guide to safeguarding your workforce. Price £39

How to Get Started

Getting started with our Method Statement & Risk Assessment writing service is easy. Simply email us at   [email protected] with details about your project, and our expert will work closely with you to understand your specific needs. Once we have all the necessary information, we will promptly write and deliver the documents tailored to your project’s requirements.

In the construction and building industry, safety should never be compromised. Our Method Statement & Risk Assessment writing service, led by a Chartered Building Engineer with decades of site experience, is your reliable partner in ensuring that your projects are executed safely and efficiently. With competitive pricing and a swift turnaround time, we are committed to delivering the highest quality documents to support your project’s success. Don’t leave safety to chance – trust the experts and safeguard your workforce today.

For pre completed example documents please visit https://www.method-statement-template.info/

Information on the importance of Method Statements is available to read HERE

Share this:

Top posts & pages.

• 962,585 hits

Copyright Buildersafety .org 2024

Design by ThemesDNA.com

You cannot copy content of this page

• Skip to primary navigation
• Skip to main content
• Skip to primary sidebar
• Skip to footer

Health and Safety eLearning Consultancy

• Client login

How to write a risk assessment

In this guide we discuss how to write a risk assessment , step-by-step. We also talk about what a risk assessment is, how risk assessments promote safer working environments, and who is qualified to carry out risk assessments.

Listen to our episode of ‘Safety Made Simple’ relating to risk assessments:

Why are risk assessments carried out.

As an employer, you must control the risks in your workplace to prevent employees and others who might be affected by your activities (such as contractors, visitors, and passers-by) from suffering injury or illness.

Risk assessments are a requirement under the Management of Health and Safety at Work Regulations 1999 as part of an employer’s duty of care. Completing risk assessments supports compliance with the law which protects your organisation’s hard-earned reputation and prevents harm.

What is a risk assessment at work?

A risk assessment at work is a systematic and proactive method of identifying potential hazards and evaluating the associated risks.

By meticulously scrutinising the workplace, the risk assessment process pinpoints areas of concern and helps employers assess the likelihood and severity of potential harm that employees, visitors, or anyone interacting with the workplace or where its operations take place.

Our consultants at Praxis42 are often asked, ‘How do I write a risk assessment?’ These are the main steps:

1. Identify hazards

The first step is to identify what could cause harm. Anything that has the potential to cause harm is defined as a hazard and there could be many of them in the workplace or in the activities that performed on behalf of the organisation.

Hazards can be categorised as follows:

• Physical hazards. These include machinery, objects, and tools.
• Biological hazards, such as viruses.
• Chemical hazards. Liquids, fumes, and dust fall under this category.
• Ergonomic hazards. This is about how people use their workstations and equipment.
• Psychosocial hazards. These are factors at work that may cause stress or other difficulties for people.

To be able to identify all the hazards in your workplace, you need to have a good understanding of what is happening. This involves looking at all aspects of work activities and the work environment, for example:

• The people carrying out the work, their abilities, skills and knowledge.
• The work environments. Consider temperature, lighting, ventilation, or noise.
• The equipment and products being used, such as chemicals.
• The work process as a whole.  
• Previous accidents, incidents and near misses.
• Findings from audits, inspection or surveys.

Once you have a general understanding of what hazards there may be in your workplace, activities and operations you need to meticulously identify each one. There is no right or wrong way to do this. You can employ whatever method you feel is most appropriate, as long as you gather the required information.

Under health and safety law, employers must identify ‘reasonably foreseeable’ hazards. These are hazards that any ‘reasonable’ person could be expected to identify. For example, if there is a spillage of liquid on the floor, it is reasonable to think that if someone walks in it they could slip.

You might identify hazards by:

• Drawing on your own knowledge of a task or piece of equipment. If you have carried out a role for a number of years, you will have gained a wealth of knowledge and experience that enables you to spot hazards. You might identify trends where accidents commonly occur during a work process or in a particular environment.
• Walking around the workplace and watching jobs being undertaken firsthand. This will enable you to see where harm could potentially occur. Talking to people who are completing work and getting their perspectives on hazards is essential as is having a well-established consultation process
• Following advice issued by the manufacturers of the equipment and products you use. Manufacturers will tell you where harm could occur.
• Following approved codes of practice, guidance, best practice and industry guidance. There may be recommended safe ways to complete particular tasks or use certain products and equipment.

2. Identify who could be harmed and how

Anyone who is affected by the activities being carried out by your organisation must be taken into consideration in the risk assessment (employees, contractors, members of the public or visitors who may be in close proximity to work).

For example, a maintenance company working on a scaffold may have identified falling objects as a hazard. If their work is completed in an isolated location, then only their employees working at ground level may be affected. However, if work is taking place in a city centre, a member of the public that could be passing underneath must also be considered as they could also be at risk.  

3. Calculate risk

Once hazards have been identified, the next stage is to calculate the risk. This calculation is risk = likelihood x severity

‘Likelihood’ is how likely it is that a particular hazardous event could occur. This is determined on a scale that quantifies the chance of it happening: the hazardous event is extremely unlikely, there is a remote chance the hazardous event may happen, the hazardous event may occur occasionally, the hazardous event is probable, the hazardous event is extremely likely . Each of these can be given a rating of one to five (one being extremely unlikely, and five being extremely likely).

Scoring is a subjective judgement based on prior knowledge and experience of accidents and incidents and gathered information, so it is advisable to ask relevant colleagues, employees, or experts for their opinions.

Here is a basic example:

A pothole in the pavement has the potential to cause harm because someone could trip and fall. If the pothole is on a busy pavement in a city centre where the footfall is high, the likelihood of a hazardous event may be five. If the pothole is on a back street not used by members of the public, the likelihood of a hazardous event is considerably lower.

‘Severity’ is the likely outcome of a hazardous event and calculated in the same way. The scale might be: negligible injury, minor injury, moderate injury, significant injury and severe injury . Again, these may be rated from one to five. In the worst-case scenario, someone could trip and break their wrist, which is a significant injury, giving a severity rating of four.

Now we can calculate the risk that the pothole poses. We have got 5 for likelihood x 4 for severity, giving us a risk rating of 20.

This process needs to be followed for each hazard you have identified. Once you have numerical values assigned to hazards, you can identify the most significant risks in your workplace or within the work process.

4. Control and reduce risks

Once you have established what the hazards are, who could be harmed, and the level of risk posed to those people, you can consider how to control risks ‘so far as is reasonably practicable’.

In health and safety law, ‘ so far as is reasonably practicable ’ is about weighing up the level of risk against the financial cost of controlling the risk and the time and resources involved.

It is not worth investing a lot of money, time, effort, and resources to control a low-risk hazard or calculated risk. If, for example, you are using a highly toxic cleaning product, you may just need to swap it for a less hazardous product.

On the other hand, a high-risk hazard will warrant more investment. This might involve buying new equipment, investing in employee training, or making physical changes to the workplace.

To reduce risk, you need to introduce control measures, which could achieve one of the following:

• Eliminate the hazard. For example, a window cleaner may use an extendable pole rather than a ladder to eliminate the risk of serious injury from a potential fall from height. Eliminating a hazard is the ideal solution, but it is not always possible.
• Reduce the likelihood of harm occurring. This may involve reducing the amount of time someone spends on a task or exposed to the hazard. The less time they are doing something or exposed to something, the less likely they are to be harmed.
• Isolate the hazard. A worker can be protected from a dangerous moving part of a machine by a guard or enclosure.
• Control the hazard by creating a safe system of work, such as how to use display screen equipment safely .  

It may take time to find the best control measures. Once measures are in place, you need to recalculate the risk and if it isn’t low enough you may need to introduce further control measures. This stage can take some time and thought to get right.

5. Record findings

Once you have gathered all the information for the risk assessment, the next stage is to record your findings. There is no single way to do this, but some important points need to be considered.

Whatever format you decide to use, key information from each stage of the risk assessment process should be recorded with a focus on what the control measures are and how they are maintained.

If you have five or more employees, there is a legal requirement to document your risk assessment. However, if a risk assessment is not recorded it is very difficult for employees to follow it and to establish safe systems of work or provide related training.

A risk assessment is a tool that helps everybody in the workplace to reduce risks and stay safe. It can only do this if it is accessible and clearly communicated.

In addition, it is difficult to prove you are managing risks in accordance with the law without documentation.

When should a risk assessment be carried out?

A risk assessment is a dynamic document, and it should not just sit in a drawer. It is important to improve it over time. As your organisation or work activities change then so should your risk assessments.

In general, risk assessment reviews should ensure the following:

• All hazards have been identified.
• All control measures are suitable.
• Risk ratings are acceptable.
• Controls are being appled and used

Risk assessments should be reviewed at a set interval. For a low-risk task or work environment, this could be annually. For higher risk work, reviews will need to take place regularly or even after every time the task is completed.

Risk assessments should always be reviewed in the following circumstances:

Accidents and incidents

If there is an accident or incident the risk assessment will need to be reviewed. A risk assessment document demonstrates how you manage risk, so if there is an accident, you can check that the hazard that caused the accident was included in the risk assessment. You can also check whether the measures in place to control the hazard were sufficient.

If an accident happened as a result of a hazard that wasn’t documented in the risk assessment this could indicate that there need to be changes to the risk assessment process as a whole.

Significant changes

The other occasion when a risk assessment needs to be reviewed is when there has been a significant change. This could be a change to your work process, new equipment being used, different employees completing work, or changes to the workplace itself.

All these factors have the potential to introduce new hazards, requiring new risk ratings to be calculated and new controls to be introduced.

What is a ‘suitable and sufficient’ risk assessment?

The Management of Health and Safety at Work Regulations 1999 states that a risk assessment must be ‘suitable and sufficient’.

For your risk assessment to be deemed suitable and sufficient it must show that:

• All persons who could be affected by hazards have been considered (employees, visitors, contractors, and members of the public).
• All significant hazards have been identified. These are the foreseeable hazards.
• Control measures are suitable. This means that the measures introduced lower the risk rating to an acceptable level.
• Workers and their representatives have been consulted during the risk assessment process. Those who work with the hazards day-to-day are the most valuable source of information.
• The risk assessment has been completed by a ‘competent person’ (see below).

Who carries out a risk assessment?

Under health and safety law, a risk assessment must be completed by a ‘competent’ person.

The Health and Safety Executive (HSE) define a competent person as someone who has ‘the skills, knowledge and experience to be able to recognise hazards in your organisation and help you put sensible controls in place to protect workers and others from harm.’

The competent person could be you or someone else in your workplace. However, if you do not have the level of competency required, it is advisable to outsource your risk assessment to a health and safety consultant . It is important to choose a professional who knows how to write a risk assessment for your industry and can tailor their recommendations to your unique organisation.

Risk assessments must be comprehensive and robust to protect people’s safety and comply with the law. They are the foundation of a health and safety management system and vital for managing risks effectively.

Sign up to our Praxis42 newsletter

Get the latest fire, health and safety news, guides, webinars, videos and podcasts direct to your inbox. Sign up now!

Related resources

Discover our library of expert guides, webinars and video.

How do you manage event security?

IOSH risk assessment example

Best UK health and safety websites & resources

Workplace health and safety policy sample

About praxis42.

We're the leading compliance organisation trusted by businesses nationwide to meet their auditing, assessment and training needs. We work with all sectors and size of organisation. We have extensive accreditation and decades of safety management experience.

Company no. 04152524 · VAT no. 770517529

Explore Praxis42

Subscribe to our newsletter.

Stay up-to-date with the latest health and safety news, advice and offers.

Privacy Overview

How to write your own risk assessments

Download this free risk assessment template , a tool designed to guide you through the process of writing a risk assessment. Alternatively, you can read below for more information on how to write a risk assessment. This template is a practical resource that you can use to structure your risk assessment. For a more interactive experience, consider using the template in conjunction with the video tutorial.

This type of examination typically takes place with a qualified clinician, but if you feel more comfortable, a chaperone can be arranged. A chaperone is a person who can accompany you during the risk assessment process to provide support and ensure your comfort and safety.

This tutorial is designed to guide you, regardless of your industry sector or line of work, in writing effective risk assessments. Risk assessments are not industry-specific; they are a universal tool for eliminating or reducing the likelihood of hazards that may pose a risk to employees or others. Remember, all risks are subjective, and your understanding and management of them are crucial.

• Example 1: Every time we go to bed, we risk falling out of bed, which could cause injury. This is, without doubt, a risk that we all face every night. However, when we look at this subjectively, the likelihood of someone falling out of bed is extremely low, and the probable injuries would be minor.

The first lesson is knowing how to write a good risk assessment report, which starts with common sense. If you'd like to download our free risk assessment template HERE, you may find it easier to follow the rest of this tutorial. Additionally, there is an accompanying video on the left-hand side of this page that shows you how to write your own risk assessments using the template.

The critical elements in the template are the following sections:

• Potential hazards
• People at risk and how
• Actions already in place
• Further action required
• Target dates
• Substance risks

When writing risk assessments, the first consideration is 'Potential hazards'. This involves identifying potential hazards, their likelihood of occurrence, and the severity of potential harm. This is known as hazard identification, and it's a subjective process. While you can't prevent all accidents, you can try to eliminate risks where possible and control risks that cannot be eliminated. This is where control measures come in, empowering you to manage and mitigate risks effectively.

The image below shows the 'Potential hazards' column filled in. For this tutorial, I have chosen two types of falls from height: a hop-up and potentially falling into an excavation. Other types of falls from height may include various access equipment, from step ladders to scaffolding.

Now that I've identified two potential hazards, the next step in writing a suitable risk assessment is identifying the people at risk. This could be direct employees, subcontractors, members of the public, or anyone else who may be at risk. For this example, though, we are only considering the person who may fall.

In addition to identifying the risk, this column includes how the risk could lead to injury and the severity of any possible injuries. The image below shows an example of what to write in this column.

Next, we look at what actions are already in place to reduce the likelihood or severity of an accident or injury. On the surface, if actions are already in place, you do no need to write a risk assessment. However, the risk assessment is not written, so it ticks the boxes of a company's health and safety policy. It's there to give to the people at risk and educate them on how to minimise specific risks whilst carrying out tasks or using certain equipment.

As you can see from the image below, five actions are already in place for each risk. These actions can't take away the risk, but they are there to minimise the likelihood and severity of the risk. When writing your risk assessments, it's important to remember that the best solution is to eliminate risk by changing working practices or equipment. If this can't be done, actions are put in place to minimise the likelihood and severity of the risk.

We move on now to 'further action required'. This field is there to evolve the risk assessment and as a set of instructions to managers, ensuring that they carry out the required actions. The last three columns are also encompassed by this field as they show the initials of the person who is to take action on the additional control measures, the target date by which the actions should have taken place, and whether the actions have been completed at the next review.

Some FAQs we get asked when people are starting to write their risk assessment are:

‘Do I need to write a Risk Assessment?’

If your business has more than four employees, including yourself, the law dictates that you must control the risks in your workplace through risk assessments.

If you are self-employed, you will need to carry out Risk Assessments to evaluate whether your business may harm you and others and whether you are doing enough to prevent possible harm.

If you have under five employees or are a subcontractor, you may still have to provide Risk Assessments at the principal contractor’s behest.

‘When do I need to write a Risk Assessment?’

If you look at our Risk Assessment Template, you will see a review date every six months. One of the main reasons for this review date is that your Risk Assessments should be completed before you carry out any work, and once you start the job, you may find hazards that were not initially apparent.

Often, Health and Safety documents, including Risk, Method, COSHH, Policies, etc.,… have to be submitted during tendering processes so clients can see how you intend to carry out a job and manage the hazards. This means your Health and Safety package has to be in place before and in case you are awarded work.

‘Do I need to write a Risk Assessment every Year?’

No. You will need to create Risk Assessments for any hazards you’ve identified that have the potential to harm your staff or others. Once you’ve created the document, it can be used for life, provided the hazards and control measures remain the same. Each document should be edited and amended as required and reviewed at six-month intervals.

This becomes clearer once you’ve read the text below about an old van with three control measures fitted over twenty years.

‘What is a control measure?’

Control measures are actions or systems that can reduce the likelihood of harm. They have the potential to prevent or reduce hazards.

For example, an old panel van lacks a rear view mirror. One control measure to prevent collisions when reversing is the incorporation of wing mirrors.

A second control measure was invented and fitted ten years after the van was manufactured. This was a hazard warning played when the vehicle engaged the reverse gear. ‘Caution, this vehicle is reversing...   …caution, this vehicle is reversing…’

Five years after that, a third control measure was invented and fitted. These were rear parking sensors.

Five years after that, a fourth control measure was invented and fitted. This was a rear-view camera.

As you can see from the example above, the risks of harm, vehicle damage, collision, etc… remain the same during the life of the van. Yet towards the end of the van's life, it had an audible caution message, intelligent parking sensors and a rearview camera fitted. With the control measures fitted, although the risks were still there, the likelihood of a dangerous occurrence was drastically reduced, making reversing the van a much safer manoeuvre with control measures implemented.

Some control measures don’t try to prevent or reduce the likelihood of harm, yet they are not passive systems. Examples include ejector seats, seatbelts, and airbags, all designed to minimise damage once an incident has occurred. These measures do not control the likelihood of an event happening; they control the outcome of an event once it has occurred.

‘What is risk evaluation?’

Risk evaluation is a process that’s subjective and not set in stone. For example, if an astronaut left his spaceship without a space suit, he would die. However, there’s probably no documentation to tell an astronaut to wear a space suit before leaving the boat. There’s perhaps a Risk Assessment to say to him to examine the suit for wear, pressure tests the suit, make sure all joints are working, etc....….  but nothing to tell him to put the suit on in the first place.

It’s like telling employees to open a door before they walk through it.

To enter a car (If you’re the driver), go by the front right-hand door.

To stop at a red light and go at a green one.

Some things are considered obvious for adults of average intelligence.

So, evaluating a potential hazard for a Risk Assessment becomes subjective to the assessor. For example, if I were using a Risk Assessment Template for an astronaut leaving a space ship, I wouldn’t consider him going through the airlock without a space suit, yet someone else might think this relevant.

Because risk evaluation in health and safety is subjective, there is no point in using a ranking system as the person judging the potential outcomes is usually the author.

Risk evaluation simply involves examining a task, determining whether it has significant risks, and deciding whether control measures can be implemented to reduce the likelihood of the risk occurring.

As an example, let’s consider the evolution of the van’s control measures and summarise with the following when using the Risk Assessment Template:

Identify the hazards (Reversing)

Identify who is at risk, including non-employees (Driver, passenger, people or animals behind the van)

Identify existing control measures (Wing mirrors fitted as standard)

Evaluation of risks (What are the risks, and how can they be controlled)

Put control measures in place (Parking sensors, rearview camera)

Keep records (The date, why and when the rearview camera was installed)

Review and amend (Read, review, sign and date Risk Assessment every six months, or amend as new risks or control measures are relevant)

Share (There’s no point in carrying out a Risk Assessment if it doesn’t go to the people carrying out the task. In this case, give it to the driver)

GET THIS DOCUMENT

• Available in Word™
• Fully customisable
• Add your Company Logo
• UK & EU Compliant

What Our Customers Think

Direct links, our company, our quality, our policies.

© 2012 HSE Docs

Secure design by Webforward

Modal title

Fill in the box below now to receive your completely free document. your browser will then download it to your computer..

HSE Docs is strongly committed to protecting the personal data of our customers. Your name and email are your personal contact details and we protect that privacy and don't knowingly share your information with third parties. We comply with the EUs General Data Protection Regulation (GDPR) and will continue to do so. We don't currently send out marketing emails, but should we do in the future, you will always have the opportunity to opt out of any correspondence we send.

A complete guide to the risk assessment process

Lucid Content

Reading time: about 7 min

Mark Zuckerberg, the founder of Facebook, once said, “The biggest risk is not taking any risk. In a world that's changing really quickly, the only strategy that is guaranteed to fail is not taking risks.”

While this advice isn't new, we think you’ll agree that there are some risks your company doesn’t want to take: Risks that put the health and well-being of your employees in danger.

These are risks that aren’t worth taking. But it’s not always clear what actions, policies, or procedures are high-risk. 

That’s where a risk assessment comes in.

With a risk assessment, companies can identify and prepare for potential risks in order to avoid catastrophic consequences down the road and keep their personnel safe.

What is risk assessment?

During the risk assessment process, employers review and evaluate their organizations to:

• Identify processes and situations that may cause harm, particularly to people (hazard identification).
• Determine how likely it is that each hazard will occur and how severe the consequences would be (risk analysis and evaluation).
• Decide what steps the organization can take to stop these hazards from occurring or to control the risk when the hazard can't be eliminated (risk control).

It’s important to note the difference between hazards and risks. A hazard is anything that can cause harm , including work accidents, emergency situations, toxic chemicals, employee conflicts, stress, and more. A risk, on the other hand, is the chance that a hazard will cause harm . As part of your risk assessment plan, you will first identify potential hazards and then calculate the risk or likelihood of those hazards occurring.

The goal of a risk assessment will vary across industries, but overall, the goal is to help organizations prepare for and combat risk. Other goals include:

• Providing an analysis of possible threats
• Preventing injuries or illnesses
• Meeting legal requirements
• Creating awareness about hazards and risk
• Creating an accurate inventory of available assets
• Justifying the costs of managing risks
• Determining the budget to remediate risks
• Understanding the return on investment

Businesses should perform a risk assessment before introducing new processes or activities, before introducing changes to existing processes or activities (such as changing machinery), or when the company identifies a new hazard.

The steps used in risk assessment form an integral part of your organization’s health and safety management plan and ensure that your organization is prepared to handle any risk.  

Preparing for your risk assessment 

Before you start the risk management process, you should determine the scope of the assessment, necessary resources, stakeholders involved, and laws and regulations that you’ll need to follow. 

Scope: Define the processes, activities, functions, and physical locations included within your risk assessment. The scope of your assessment impacts the time and resources you will need to complete it, so it’s important to clearly outline what is included (and what isn’t) to accurately plan and budget. 

Resources : What resources will you need to conduct the risk assessment? This includes the time, personnel, and financial resources required to develop, implement, and manage the risk assessment. 

Stakeholders: Who is involved in the risk assessment? In addition to senior leaders that need to be kept in the loop, you’ll also need to organize an assessment team. Designate who will fill key roles such as risk manager, assessment team leader, risk assessors, and any subject matter experts. 

Laws and regulations: Different industries will have specific regulations and legal requirements governing risk and work hazards. For instance, the Occupational Safety and Health Administration (OSHA) sets and enforces working condition standards for most private and public sectors. Plan your assessment with these regulations in mind so you can ensure your organization is compliant. 

5 steps in the risk assessment process

Once you've planned and allocated the necessary resources, you can begin the risk assessment process.

Proceed with these five steps.

1. Identify the hazards

The first step to creating your risk assessment is determining what hazards your employees and your business face, including:

• Natural disasters (flooding, tornadoes, hurricanes, earthquakes, fire, etc.)
• Biological hazards (pandemic diseases, foodborne illnesses, etc.)
• Workplace accidents (slips and trips, transportation accidents, structural failure, mechanical breakdowns, etc.)
• Intentional acts (labor strikes, demonstrations, bomb threats, robbery, arson, etc.)
• Technological hazards (lost Internet connection, power outage, etc.)
• Chemical hazards (asbestos, cleaning fluids, etc.)
• Mental hazards (excess workload, bullying, etc.)
• Interruptions in the supply chain

Take a look around your workplace and see what processes or activities could potentially harm your organization. Include all aspects of work, including remote workers and non-routine activities such as repair and maintenance. You should also look at accident/incident reports to determine what hazards have impacted your company in the past.

Use Lucidchart to break down tasks into potential hazards and assets at risk—try our free template below.

2. Determine who might be harmed and how

As you look around your organization, think about how your employees could be harmed by business activities or external factors. For every hazard that you identify in step one, think about who will be harmed should the hazard take place.

3. Evaluate the risks and take precautions

Now that you have gathered a list of potential hazards, you need to consider how likely it is that the hazard will occur and how severe the consequences will be if that hazard occurs. This evaluation will help you determine where you should reduce the level of risk and which hazards you should prioritize first.

Later in this article, you'll learn how you can create a risk assessment chart to help you through this process.

4. Record your findings

If you have more than five employees in your office, you are required by law to write down your risk assessment process. Your plan should include the hazards you’ve found, the people they affect, and how you plan to mitigate them. The record—or the risk assessment plan—should show that you:

• Conducted a proper check of your workspace
• Determined who would be affected
• Controlled and dealt with obvious hazards
• Initiated precautions to keep risks low
• Kept your staff involved in the process

5. Review your assessment and update if necessary

Your workplace is always changing, so the risks to your organization change as well. As new equipment, processes, and people are introduced, each brings the risk of a new hazard. Continually review and update your risk assessment process to stay on top of these new hazards.

How to create a risk assessment chart

Even though you need to be aware of the risks facing your organization, you shouldn’t try to fix all of them at once—risk mitigation can get expensive and can stretch your resources. Instead, prioritize risks to focus your time and effort on preventing the most important hazards. To help you prioritize your risks, create a risk assessment chart.

The risk assessment chart is based on the principle that a risk has two primary dimensions: probability and impact, each represented on one axis of the chart. You can use these two measures to plot risks on the chart, which allows you to determine priority and resource allocation.

Be prepared for anything

By applying the risk assessment steps mentioned above, you can manage any potential risk to your business. Get prepared with your risk assessment plan—take the time to look for the hazards facing your business and figure out how to manage them.

Now it's time to create your own risk management process, here are five steps to get you started.

About Lucidchart

Lucidchart, a cloud-based intelligent diagramming application, is a core component of Lucid Software's Visual Collaboration Suite. This intuitive, cloud-based solution empowers teams to collaborate in real-time to build flowcharts, mockups, UML diagrams, customer journey maps, and more. Lucidchart propels teams forward to build the future faster. Lucid is proud to serve top businesses around the world, including customers such as Google, GE, and NBC Universal, and 99% of the Fortune 500. Lucid partners with industry leaders, including Google, Atlassian, and Microsoft. Since its founding, Lucid has received numerous awards for its products, business, and workplace culture. For more information, visit lucidchart.com.

Related articles

5 steps to any effective risk management process.

While you can’t entirely avoid risk, you can anticipate and mitigate risks through an established risk management process. Follow these steps!

5 steps of the strategic planning process

Implement the strategic planning process to make measurable progress toward achieving your company’s vision and make decisions that will keep you on the path to success for years to come.

Bring your bright ideas to life.

or continue with

By registering, you agree to our Terms of Service and you acknowledge that you have read and understand our Privacy Policy .

1st February, 2023

How To Write A Risk Assessment In 5 Minutes

Risk assessments are a legal requirement and are needed in practically every business of every size. Writing your risk assessments can be time-consuming, you need to go through your activity step by step, but we can help you write your risk assessment in just 5 minutes.

This post might take you a little over 5 minutes to read. But it will be time well spent because, by the end, you will know:

• how to write a risk assessment
• how to speed up the process
• and some free tools you can use to get started

Risk assessments are a legal requirement needed in every business of every size. Every employer (and self-employed person) should complete risk assessments to comply with health and safety regulations.

But a risk assessment should be much more than a document or paperwork. The aim of your risk assessment is to reduce the risks arising from the activity or task you are assessing as low as is reasonably practical .

If you have 5 or more employees, it's a legal requirement to write down your risk assessment. Even if you don't have 5 or more employees, writing down your risk assessment is good practice. It shows you have completed your risk assessment. And you may be asked for it by clients, your team, and others.

The risk assessments you produce help you to communicate and manage the risks involved in your work. They can often be used as the subject of the safety briefing, or toolbox talk - carried out before the activity takes place.

Risk assessment is more than paperwork

It's easy to think that a risk assessment is just paperwork. But it's so much more than that. Risk assessment is a process .

Yes, you should finish with a risk assessment document.

But this written document is a record of the risk assessment process. It is not the process.

A detective will get back to her office and write up a record of what people have told her and what evidence she's found. The paperwork isn't the work - it's a record of the work. You are like that detective, but you're hunting for hazards instead of criminals!

This blog post will show you how to write a risk assessment in 5 minutes, however, the actual writing of the risk assessment is only 20% of the risk assessment process.

It is step 4 of the 5 steps to risk assessment .

So, before you get to writing the risk assessment, you need to carry out the first 3 steps, which are:

• identify the hazards
• decide who might be harmed and how
• evaluate the risks to decide on precautions

A common mistake people make with risk assessments is to dive straight into the paperwork, without going through the earlier stages. This slows down the process and often leaves you with a document that isn't sufficient for the task.

Don't start writing your risk assessment until you have covered the first few steps. Otherwise, you are skipping over 50% of the work!

So before we start writing, let's quickly cover the first 3 steps to risk assessment. If you are unfamiliar with risk assessment and want a more detailed look, check out the 5 steps to risk assessment .

What you need to know to write a risk assessment

To complete your risk assessment document, you will need to know some essential information about the task you are assessing.

What are the hazards?

Hazards are the first thing you need to know before you write your risk assessment. Because the first section of your risk assessment will list the - you guessed it - hazards.

To identify hazards, look at how the activity is carried out, the tools used, the work procedure, and the environment. Familiarise yourself with the work and how it is completed. Are instructions and method statements being followed? Are shortcuts being taken? If so, why?

This is where you become like a detective because you can't see hazards from your desk. You need to check the environment where the task happens and speak to the people involved.

Those carrying out the activity (if you are not directly involved in the task) will be able to provide valuable information on the work and any challenges or problems encountered.

Who is at risk?

Before you can protect people, you need to know who might be harmed by the work - and how.

Consider who could get hurt. Is it just those completing the work, or are other staff, visitors, or even the public at risk, if things go wrong?

What controls are needed?

Once you have a good idea of the hazards involved and who might be harmed, you can begin to evaluate the risks - considering the likelihood of harm occurring, and how serious the consequences could be.

Now, you can decide on the precautions that would be appropriate, to lower the level of risk and keep your workforce and others safe.

And you can put all this information together to write the risk assessment!

How to write your risk assessment

Now you have the information gathered from the first three steps of the risk assessment process, you can finally start writing the risk assessment!

And this is where you should already notice the benefits of your preparation. Because you have a list of:

• people at risk
• controls needed

And this is all the information you need. The risk assessment document is a record of significant findings from your risk assessment process (that you have just done!).

How you write your risk assessment is up to you, but you need to include all the necessary information about the hazards and how to control the risk.

Here's an example for a spill hazard:

Hazard : Spillages

Risk : Workers could slip over

Controls : - All spillages are cleaned up immediately - Spills kits available - Wet floor signage provided - Workers wear non-slip footwear

Most activities involve several hazards, and you should list them all in your risk assessment document.

Remember, you're not writing a letter, so break down large sections of text into lists or instructions. Use headings, tables, and layouts so that the people reading your assessment can understand and follow it.

You can use the free risk assessment template to get an easy-to-follow layout for each section.

How long does a risk assessment take?

It depends.

The time it takes will depend on the complexity of the activity, how many people are involved, how familiar you are with the tasks and the team, and if it involves any unusual hazards.

Sorry, we can't give you an exact time, but a risk assessment is important - you shouldn't rush it.

We promised to show you how to write one in 5 minutes, and we will get to that shortly. Yes, there are some shortcuts you can take, to help you speed up writing your risk assessment.

But first remember, writing your risk assessment is only part of the risk assessment procedure.

Risk assessments can be time-consuming because you need to go through your activity step by step (see the 5 steps to risk assessment ).

You need to consider the hazards, people, the harm that could occur, and the controls needed to ensure the task or activity will be carried out safely. And that takes time before you can put pen to paper (or keyboard to screen).

And is a risk assessment ever really finished? After you have written your document, you will need to regularly review your risk assessment and update it as necessary.

How to write risk assessments quickly

Ok, we know what a risk assessment is, and what the 5 steps are, so now how can you write one in 5 minutes?

There are a couple of tools you can use to help speed things up:

• Risk assessment calculator
• Risk assessment templates

Wondering how to calculate and measure risk can slow you down when you need to assess multiple hazards - because much of risk measurement is down to the assessor's opinion.

The free risk assessment calculator helps you measure and prioritise your risks. You quickly know which controls to focus on, and the risk list can be copied across into your assessment.

Use templates

Writing a risk assessment from scratch in 5 minutes might be a little tricky, but you can use templates to reduce the time spent on the less important stuff, like picking a layout, adding business details and making things look pretty.

If you are worrying less about how to make your risk assessment look good, you can spend more time on the important content, like hazards and controls.

You can create templates as generic risk assessments that you can adapt for each project or site you work on.

To help you and your team reduce the time spent writing health and safety documentation, our health and safety experts prepare hundreds of ready-to-use health and safety documents, including risk assessment templates . You can use these templates in your business and adapt them to your activities.

Risk assessment templates can save you time because:

You no longer need to worry about the layout

You get a standard layout for the risk assessment, following best practices like the 5 steps to risk assessment .

If you have ever started creating a document from a blank sheet, you know how much time you can end up spending just deciding how to split the document up into sections, layout, tables etc.

Templates tell you what information is required

The template has each section and header ready to go.

• Risk levels
• People at risk

It's ready for you to enter your task-specific details where they are needed.

Information is pre-completed

Generic information for the task and controls needed are all pre-completed for you, so you can just make your edits, and add site-specific details .

You can choose from a variety of pre-completed risk assessments for activities such as groundwork, joinery, refurbishment, plumbing, from underground drainage to roof installation.

Using a pre-completed template makes writing your risk assessment in 5 minutes easy, just:

• Use the free risk assessment calculator to measure risk
• Choose a risk assessment template to get started.
• Add your business name and project details.
• Edit the template to add any additional project-specific details as required.
• Download your finished risk assessment.

Want to start from scratch? We can still help you reduce the time you spend on your paperwork. You can download a blank risk assessment template for free to help you get started.

Need help with your risk assessments? We have a large library of risk assessment templates you can edit and use for your business activities.

This article was written by Emma at HASpod . Emma has over 10 years experience in health and safety and BSc (Hons) Construction Management. She is NEBOSH qualified and Tech IOSH.

Need Health and Safety Documents?

Search hundreds of health and safety documents ready to edit and download for your business.

Recent posts like this...

How To Report An Accident Under RIDDOR

Employers or persons in charge of the premises are legally required to report certain accidents, incidents and work-related diseases to the HSE under RIDDOR. If you're wondering how to report a RIDDOR-related accident, that's exactly what we will cover in this article.

The 5 Steps To Risk Assessment (And How To Complete Them)

In this blog post, we look at what the 5 steps to risk assessment are, why you need them, and how to complete them. From identifying hazards and risks in your workplace to deciding on precautions and recording your assessment.

When Should A Risk Assessment Be Carried Out?

Risk assessments are a legal requirement, but when do you need to carry one out? Before you start an activity? Every time you do a task? What about changes? Let's take a look at what the regulations say and consider when you should carry out a risk assessment at work.

Spend less time on paperwork. Start with the free plan today.

Contact us on 0208 290 4560

• Business insurance
• How to Write a...

How to Write a Risk Assessment: Templates & Examples

Dec 15, 2021

Does your business have to carry out risk assessments?

Yes, is the short answer. The Health and Safety Executive (HSE) state that as an employer, you’re required by law to protect your employees, and others, from harm.

The Management of Health and Safety at Work Regulations 1999 sets a minimum requirement that businesses must

• identify what could cause injury or illness in your business (hazards)
• decide how likely it is that someone could be harmed and how seriously (the risk)
• take action to eliminate the hazard, or if this isn’t possible, control the risk

To meet your duty of care, you will need to carry out and document a risk assessment.

Find out if the rules apply to you if you are self-employed .

Whilst not necessarily required by law, it also makes sense to carry out risk assessments linked to the running of your business. Knowing the possible risks that could threaten your businesses survival puts you in the best possible position to deal with them should they arise.

How to write a risk assessment

If you’ve not written a risk assessment before, it can seem like a daunting task. But it doesn’t need to be. The HSE suggest taking a 5-step approach to writing a risk assessment.

• Identify hazards

Hazards can be thought of as things in the workplace which may cause harm. Take a walk around your workplace and identify things which have the potential cause harm – this could be things which could injure, or things which could pose a long-term threat to health– manual handling, loud noise, or workplace stress for example.

When it comes to hazards think about working practices, processes, substances, and activities which could cause harm. And when identifying the hazards, think about how they could cause harm to employees, contractors, visitors, or members of the public.

• Assess the risks

Once you have identified your risks, then think about the likelihood of them happening and how serious it would be if they did.

The HSE recommends thinking about:

• who might be harmed and how
• what you’re already doing to control the risks
• what further action you need to take to control the risks
• who needs to carry out the action
• when the action is needed by  
• Control the risks

Think about the steps you need to take to control the risks that you have identified.

The best possible outcome is that you can put controls in place which totally remove the identified risk. However, in many cases this just isn’t possible. So, you will need to think about the controls you can put in place to minimise the risks and the likelihood it will create harm.

Once you have identified the controls you need, put them into practice

• Record your findings

If you employ 5 or more people, then you must document the findings of your risk assessment.

You’ll need to include

• the hazards (things that may cause harm)
• what you are doing to control the risks

The HSE have created a risk assessment template to help you record your findings. And a quick Google search for ‘risk assessment template’ brings back multiple other template options which you may find useful and will mean you do not need to start from scratch.

• Review the controls

A risk assessment should not be thought of as a one time, box ticking exercise. It is important to that you review it on a regular basis. Make sure the controls you have identified remain appropriate and actually work in controlling the risks.

If anything changes in the way that you work (new staff, new processes, new premises etc) then make sure that you make a new assessment of the risks and work through the process listed above again.

COVID-19 is a good example of a new risk, requiring businesses to carry out COVID-19 specific risk assessments .

What type of risk assessment may your business need to carry out?

The obvious risk assessment that a business will need to carry out, and the one required by law referenced above, is linked to health and safety. Remember, you have a legal duty to protect your employees, and others, from harm

But there are also other risks which your business may face on a day-to-day basis, closely linked to your business success and survival.

So, you may need to carry out other risk assessments in areas such as:

• business continuity
• cyber security
• data security

You should be able to use the 5 principles above as a basis to writing any type of risk assessment.

Why your business should take risk seriously

Businesses face many risks in today’s environment. You just have to think of the shock which COVID-19 bought to the business world. And whilst it is one that we could not have foreseen, not giving enough time and effort to thinking about the risks your business faces and how you will respond if they should arise is a major risk to your business in itself.

At Anthony Jones we always say businesses should avoid falling into the trap of thinking ‘we would just….’ when it comes to risk management. The use of the word ‘just’ implies a level of simplicity in overcoming potential issues. But without prior thought, it is highly unlikely that you will have the answers to issues which may present themselves.

You also need to think about risk management when it comes to your insurance. Insurers are becoming increasingly selective, and we are seeing more requests for risk management information from insurers. They want to see how your business manages risk and how you are able to present this back can have a bearing on your ability to obtain the right insurance at the best possible price.

At Anthony Jones we focus on the areas of risk management with all of our clients. We work in partnership with Cardinus , a global risk and safety partner, to support our focus in this area. We can work with you to help you understand your business and attitude to risk and identify insurance covers which can offer protection. Get in touch with us on 020 8290 9080 or email us at [email protected] to discuss any of your business insurance requirements.

Get a Quote

You can call us during normal office hours, Monday to Friday, 9am to 5pm. Outside of office hours you can either email us or leave an answerphone message and we promise to get back to you the next working day.

General enquiries: 020 8290 4560 [email protected]

Sign up for news

Business Insurance Business Interruption Insurance Commercial Vehicle Insurance Cyber Insurance Fleet Management High Net Worth Insurance Intellectual Property Insurance Life & Critical Illness Cover Personal Insurance Transport & Logistics Vaping Insurance

Try for Free

System includes

Here is a list of what’s included in Protecting.

• 01 Risk Assessment Software Read details
• 02 RAMS Software Read details
• 03 COSHH Assessment Software Read details
• 04 Tasks / Action Plan Read details
• 05 Library Read details
• 06 Training Planner Read details
• 07 Accident and Incident Read details
• 08 Your Documents Read details

How to Write a Risk Assessment

Writing a risk assessment is important to identify and record hazards in your workplace and put in place steps to manage them. There are many ways to write a risk assessment. You can make one from scratch tailored to your business, use a template, and adapt it to your needs, or hire a professional to create a risk assessment for you.

Find out everything you need to know about writing risk assessments, including what they are, why they’re important, who can make them, and how to write a risk assessment from the start. Alternatively, try our risk assessment software from Protecting and take advantage of risk assessment templates online.

Start your free 15-day trial of our health and safety software and create unlimited risk assessments, RAMS, and COSHH assessments online in minutes. Use simple step-by-step templates crated by experts – or learn what it takes to write a risk assessment yourself with the rest of this guide.

What is a risk assessment?

A risk assessment is a written document that identifies all the hazards that exist in a workplace and what steps will be taken to protect people’s safety in the environment. It’s simply the process of thinking about the work you’re going to do, the harm it could cause you or others, and how to keep everyone safe.

You might not realise it, but you already carry out risk assessments throughout the day – just in your head. For example, if it looks dangerous to cross the road where you are, you walk to the traffic lights and wait for them to change to cross safely. A risk assessment is simply a written record of your findings from that process.

Risk assessments go into greater detail and lay out every possible hazard and methods to implement control measures that eliminate or minimise their potential impact. Workplaces such as offices, construction sites, restaurants, and airports all require risk assessments to protect employees, customers, visitors, and the businesses themselves.

Why are risk assessments important?

A risk assessment is a legal requirement for UK workplaces under the Management of Health and Safety at Work Regulations 1999. The minimum you must do as an employer is to identify the hazards that could cause injuries or illness, assess the level of harm and risk, and the actions to control or eliminate the risk.

A company risk assessment isn’t just for employees through. You also need to understand how the public, visitors, customers, and anyone else could be harmed by your work, operations, and activities. Risk assessments help protect the health and safety of everyone on your premises.

Beyond the legal requirements, many companies create risk assessments for financial and moral reasons. Risk assessments are essential to making work safer. The impact of workplace-related injuries are far-reaching and increases every year.

In the UK, costs of workplace injuries and illness were £20.7bn in 2023 – £7.7bn for workplace injuries and £13.1bn for sickness.

How many employees does there need to be to provide written risk assessments?

Even if you’re a one-man-band, you still need to complete a risk assessment before you start a job to understand any harm you may face. Every employer must complete a risk assessment, but you only need to write it down and keep a record if you have five or more employees .

However, if you’re a sole-trader or have under five employees, you don’t have to write down your findings, but we and the HSE strongly suggest you do to stay safe. You may be subcontracting and have been asked to provide a risk assessment for your part of the job. Or you want to go the extra mile to ensure employees stay safe.

It isn’t a legal requirement for you to write a risk assessment if you have a small company. However, be ready to create one if you want to win more work, look more professional, or work on part of a larger project.

I don’t have a health and safety team. Who can complete a risk assessment?

It doesn’t matter – you don’t need to be an expert in health and safety to write a risk assessment. You need to be a ‘competent person’ according to the Health and Safety Executive (HSE – the government body responsible for health and safety). This is ‘someone who has enough training and experience or knowledge’ in the area.

If you can identify things that may cause harm and figure out a way to stop people getting hurt, you can write your own risk assessment. This free guide walks you through what a risk assessment should include and how to create a risk assessment. If you do need support, check out the Protecting online resource library .

Why isn’t training enough to manage workplace risks?

We often hear from companies that have invested a lot in health and safety training but find themselves at square one when it comes to risk assessments. The people who received training still lack the ability to write a risk assessment. And when they do write them, documents get rejected by clients.

Where risk assessments are concerned, training is just the beginning. It’s important to plan for after training has been completed. Embedding safety within the culture of your organisation will ensure the long-term success of any training investment.

Managers of your organisation must help promote safe working practices. And there is a need for there to be the appropriate resources (time, money, and people) allocated to make sure safety is effectively managed. There should be a constant dialogue about safety, and staff must be able to speak up about safety concerns without fear.

These concerns should be captured and included in health and safety documentation, such as in all risk assessments. Companies that have a good safety culture experience fewer accidents and injuries and win more repeat work. Put the effort into health and safety, and you’ll reap the rewards long after the course ends.

How to create a risk assessment

Writing a risk assessment may seem like a daunting task at first. Fear of the blank page is a common problem – you might have no idea where to start or what to write. Using a risk assessment template provides an idea of what to include and where to place all the key information.

If you want to write a risk assessment from scratch we’ve also got you covered. Below we break down the core components of a risk assessment and walk you through how to create a risk assessment for your workplace and business. Follow these steps to make an effective company risk assessment:

Step 1: Identify the hazards

The first step of a risk assessment is to identify hazards in your workplace. Simply walk around and look for them – anything that has the potential to harm someone. Remember PEME: people, equipment, machinery, and environment when tackling the first stage of a risk assessment. Keep a lookout for:

• Objects that can cause slips and trips, like cables across the floor
• Things that may cause falls from height, like ladders and raised working areas
• Machinery and electrical hazards, such as frayed wires
• Biological hazards, like blood, bacteria, and animals
• Working situations that cause strain, such as lifting heavy objects, vibration, and poor posture
• Chemicals (COSHH)

Ask to see past accident records. Check the manufacturer’s label for products you use. And don’t forget to think about any long-term health hazards, such as asbestos-related diseases.

Step 2: Consider who might be harmed

After you’ve identified the hazards, the second step of a risk assessment is to work out who could be harmed by the risks. It’s not just employees – think about other people that may encounter the hazards. Some people may be more vulnerable than others, like those working on scaffolding who are more at risk of falling from a height.

For each hazard you identify, make a note of who has the potential to be harmed. Is it the employee, a contractor, members of the public, or all of them? Are they at risk of falling from height, walking under scaffolding, running the risk of an object falling on them? Think about every possibility and include in your risk assessment.

Step 3: Evaluate the risks

Assess how likely the risks you’ve identified are to happen and how severe they would be if they occur. Evaluating them helps prioritise areas to focus on and action to take for a safe workplace. One of the most common ways to complete this assessment is using a risk matrix.

A risk matrix is a grid that maps the severity of the risk against the likelihood of it happening. It helps to identify the steps you can take to reduce the potential harm, and which risks require the most attention. This is included in our RAMS software that you can use to create unlimited risk assessments and RAMS reports.

In 2020/21 – 441,000 workers suffered non-fatal injuries – with slips, trips, and falls the biggest cause.

Step 4: Control measures

Now you know who is likely to be hurt, how, and by what, it’s time to consider what to do to avoid or reduce the risks. Control measures are the actions you take to reduce the severity and/or likelihood of a hazard causing harm to anyone.

Consider all the different ways that you could remove or reduce this risk. Is there particular clothing that would protect your workers? Would regular cleaning help? Do you need to improve lighting in the area? Anything from changes to the environment, working practices, and training may help.

Another handy acronym to have at your disposal is ERIC PD – eliminate, reduce, isolate, control, PPE, and discipline. It’s important to go through control measures in that order. Many rely on PPE as the sole control measure; however, this should only ever be considered as a last resort.

Control measures often work best in combination with each other. They don’t have to be expensive to be effective, and they should be ‘sensible.’ This means that they shouldn’t get in the way of employees getting the job done but should protect them while they do so.

A great starting point for control measures is simply to use Protecting. There’s a huge amount of content available particularly around high-risk work, such as working from height and operating vehicles on site, that details how to plan for safety in these particular areas.

Step 5: Write a risk assessment

It’s time to write the risk assessment itself. The risk assessment should be clear and concise and cover the information you have pieced together in the previous steps. Check out our  free risk assessment template  for an example to follow.

It’s important to take your time when writing a risk assessment. Consider all possibilities and take every risk into account.

Risk assessments are the first things HSE inspectors turn to after a near-miss/accident is reported. If they find fault, your business could face a substantial fine. Beware of the three most common faults that inspectors find in risk assessments:

• Incorrect hazards – failing to identify all hazards linked to an activity and not explaining the hazard enough. Including the wrong hazards in your risk assessment may lead to your document being rejected or worse.
• The wrong people – it’s a common mistake to forget about the public when considering people at risk of a hazard. Ensure you consider all the possible people who could be harmed, don’t just think about your employees.
• Not providing the full picture – take the time to really think about your risk assessment, and whether you’ve covered all possibilities. Have you included reactive work as well as planned? Have you included every reasonable control measure? Have you provided details on how the measures can reduce the risk?

Your risk assessment needs to make it clear how lives will be protected.

Step 6: Regularly review

Few workplaces stay the same. Sooner or later, you’ll bring in new equipment, substances, or procedures or hire new team members that could create fresh hazards. It makes sense to review what you do on an ongoing basis.

It’s standard practice to review a risk assessment annually as a minimum. However, you need to set a review process that works for your organisation. Remember – a risk assessment is only complete when the job is. As your job progresses, make sure to review your risk assessment on an ongoing basis and ask yourself:

• Have there been any significant changes?
• Are there improvements you still need/can make?
• Have your workers spotted a problem?
• Have you learnt anything from accidents or near misses?

You don’t have to get your risk assessment right the first time. Do the best you can, then continue to enhance it as the project progresses.

How do you make your risk assessment easy to understand?

It’s important to create a written risk assessment that’s simple to understand. Risk assessments are only effective if those involved know what they need to do to stay safe.

A risk assessment tends to cover an entire project, such as installing a new bathroom. This means that the work included may vary, involving different trades and activities. Deliver a quick understanding of the job at hand.

It’s helpful if the hazards are grouped by task. This makes it easy for the reader to gain a quick understanding of every single risk involved in a specific task.

Under each task there should then be a record of every hazard involved. Each hazard should have an assigned risk value. It’s common practice to use the traffic light system for this to make it really clear how dangerous a task can be.

The higher the risk, the more you should do about it. Using the traffic light system, if a risk is marked red the potential to cause serious harm is high. Readers then know to pay close attention to the control measures to ensure they complete the task safely.

The hazards with the highest level of risk should be listed first to ensure they get the most attention. Include a risk matrix at the start of the risk assessment so readers can understand how the values have been worked out.

Apply clear and concise controls

It must be easy to understand how to remove or reduce the risk involved in a task. Take your time writing control measures but keep them short and to the point. You want them to be quickly understood by everyone reading them on a busy site.

Control measures should be listed according to efficiency. The most effective should be presented first, followed by the remaining control measures, finishing with the least effective.

Then make it very clear who is at risk of harm. Common categories used are:

• All operatives on site
• The operative carrying out the work
• The general public
• Your client’s employees

These won’t work for every environment, so create categories relevant to your work.

Five parts of a successful risk assessment

Read about the 5 steps to a risk assessment and consider a final few things to remember before you get started on writing your risk assessment:

• Write a new document for each job

The temptation to copy a risk assessment from a previous job can be strong, but no two jobs are the same. Each one has its own risks and controls that must be considered and included. Take the time to start each risk assessment with fresh eyes and consider the individual tasks carefully.

• Know the site rules

Make sure your first stop when you’re getting to know your workplace hazards is the site/office manager. It’s crucial that any specific rules for the site are included in your risk assessment. Think about first aid guidelines, waste management, and site access rules.

• Regularly review control measures

A control measure that seems so straightforward you could copy and paste it from job to job still needs reviewing every time. Each site is different, so controls that worked on one site may not necessarily work in the same way on another one. Use a risk matrix to quickly amend the risk value, reducing or increasing the likelihood or severity of each task.

• Ensure someone is responsible for enforcing control measures

It’s great to come up with control measures that keep workers safe, but if there isn’t anyone making sure they’re followed, the exercise was pointless. There should be a named person responsible for every control measure. They’re responsible for ensuring control measures are followed, that the risk is reduced, and the control measure is updated after any changes.

• Have a system in place to make it easy to update

A fundamental element of a successful risk assessment is that it can be updated easily. Say a task crops up unexpectedly, some extra contractors are added to the job, or you’ve had a near miss or accident. Situations like this mean you need to update your risk assessments and do it quickly to prove you’re on top of the new situation.

Use Protecting’s risk assessment software to create risk assessments in minutes and update them in seconds online. Having an open dialogue with workers will help you stay aware of changing conditions. The latest version of a risk assessment should be found easily, and you must be able to make and share updates with the team immediately after a change is made.

About Protecting

Protecting is a cloud-based software that makes the process of creating risk assessments, RAMS, and COSHH safety documents very easy. You can create unlimited numbers of risk assessments to keep your organisation safe. Give it a go today with a free 15-day trial .

We make risk assessments accessible for companies of all shapes and sizes.

• Sign up for free
• SafetyCulture

Risk Assessment Templates

Identify hazards and prioritize safety controls with digital forms

Basic Risk Assessment Template

• Eliminate paperwork with digital checklists
• Generate reports from completed checklists
• Free to use for up to 10 users

Use this basic risk assessment form to identify, assess, and control hazards in the workplace. This template can be used at any time when assessing risk and control measures but should be ideally conducted before the commencement of new tasks. It includes:

• A description of the procedure, task, or worksite being assessed
• Identify the hazards and document them
• Identify the risks associated with each activity
• Attach photos of the hazards
• Determine a risk rating

Check out this completed risk assessment example report in the formats of PDF and Web.

What is a Risk Assessment Template?

A risk assessment template is a tool used to identify and control risks in the workplace. It involves a systematic examination of a workplace and its environment to identify hazards, assess injury severity and likelihood, and implement control measures to reduce risks.

Why Perform In-house Operational Risk Assessments?

While outsourcing can save your team time and effort, performing in-house operational risk assessments can bolster your company’s culture in several ways:

1. Enable workers to be proactive rather than reactive

A proactive approach to safety pays off in the long run since the majority of workplace injuries are preventable only if workers know the possible risks and how to handle the situation.

2. Reinforce responsibility and accountability

When workers are obligated to look out for one another’s safety through in-house operational risk assessments, the habit and culture of responsibility and accountability are reinforced.

3. Promote transparency and collaboration against operational risks

To identify, evaluate, and control operational risks, teams need to be open and transparent with their activities and processes.

Creating a Report with Risk Assessment Templates

One of the main things to keep in mind is the format of your report, which will serve as the outline of the risk assessment, depending on its type .

What is the Correct Format of the Template?

When creating a report, the following information should always be present:

• Who is at risk? It is important to specify the demographic that is at risk of an identified hazard.
• Current control measures Find out and include what the organization is currently doing to lower the risk of injury for identified demographics.
• Necessary improvements /changes to control measures Come up with ideas on how they can be improved or replaced to further lower the risk of injury for identified demographics.
• Assignments and deadlines Finally, include the names of personnel who will be responsible for the updates, along with clear deadlines.

Writing the Title Page

• Who prepared it? Refers to the name of an individual risk assessor or the company/team working on the risk assessment report.
• Who is it for? Indicate what or who the risk assessment is for.
• Done on Specify the date on which the risk assessment and the report were completed.
• Review date This indicates a specific date set for reviewing risk assessment protocols. As a general rule, a risk assessment review must be done whenever significant changes are made to operations.

Writing the Main Body

The two types of risks are physical and substance risks. Slips, trips, falls, getting or injuries due to falling objects all fall under physical risk. Injuries due to toxic, flammable, and caustic materials are covered under substance risks. 

Risk Assessment Report Example

Here’s a sample basic risk assessment template to help get you started. Download and customize it according to your business needs.

Risk Assessment Template | Download as printable PDF or using SafetyCulture

FAQs About Risk Assessment Templates

Who should use a risk assessment template.

Safety officers, risk managers, and decision-makers can use a risk assessment template. Employers should choose those who have the right knowledge and credentials to perform risk assessments on a set schedule or when it is deemed necessary. 

How do I do a risk assessment using a template?

Risk assessments with a template can be summarized into 5 steps:

• Identify hazards
• Evaluate the level of risks
• Determine the appropriate controls
• Record and document
• Review the assessment and update if necessary

What should a risk assessment template include?

A general risk assessment template should mainly include the following:

• Description of procedure, task, or worksite being assessed
• Hazards observed and identified
• Tasks and activity that the hazard is associated with
• Risk rating
• Control measures

Use SafetyCulture (formerly iAuditor) for Effective Risk Assessments

SafetyCulture is a mobile-first software that can help organizations keep track of hazards, risks, control measures, and corrective actions . Beyond complying with regulatory authorities, it can also help identify hazard trends and proactively improve workplace safety.

Risk assessment apps and cloud software can provide a more seamless workflow by replacing paper forms, Excel spreadsheets, scanning, and faxing. Use SafetyCulture for your risk assessments and be able to: 

• Create and customize risk assessment reports online.
• Perform risk assessment using a mobile or tablet device.
• Capture or attach photos, videos, pdfs, and annotations for better context.
• Save all risk assessment reports in secure cloud storage and share them with relevant people via the following format: weblink, PDF, Word, or CSV.— preview a report here .
• Gain insights and data from your risk assessments to pinpoint areas for improvement. 

Use it for free with small teams. Unlimited reports and storage for premium accounts .

Featured Risk Assessment Templates

Environmental risk assessment template.

Use this template to assess environmental factors that could cause hazards and expose workers to injury.

Dynamic Risk Assessment Template

Use this generic dynamic risk assessment template to capture a variable number of observed hazards.

Risk Assessment Matrix Template

This Risk Matrix Checklist Template can be used to assess a variable number of risks in your business.

Construction Risk Assessment Template

Use this construction risk assessment checklist to identify common construction hazards, assess the risk severity and rating, and propose control measures.

Office Risk Assessment Template

This office risk assessment template can be used to identify general at-risk activities in your office environment and help formulate an implementation plan.

Manufacturing Risk Assessment

This template can be used to perform workplace risk assessments for manufacturing facilities. It enables inspectors to add more hazards as required.

Job Hazard Analysis Template

This Job Hazard Analysis template should be used as a guide to break down jobs into smaller tasks, identify potential hazards, and determine preventive measures to control hazards.

Working at Height Risk Assessment Template

Use this template when working at heights to identify potential risks like falling, slipping, or tripping.

Fire Risk Assessment Template

This general fire risk assessment template aims to identify and reduce the risk of fire and can be used for any building. It focuses on identifying hazards and control measures.

COSHH Risk Assessment Form

This Control of Substances Hazardous to Health (COSHH) risk assessment form is used to control exposure to hazardous substances to prevent serious illnesses and health problems.

Excavation Risk Assessment Template

This free excavation risk assessment checklist can be used before starting excavation or trenching work.

Welding Risk Assessment Template

This template can be used to perform welding safety and risk assessment checks before commencing welding, cutting, and brazing activities.

HSE Risk Assessment

Use this template to document a risk assessment to manage health and safety hazards in your workplace.

Manual Handling Risk Assessment

This Manual Handling Risk Assessment Template aims to identify hazards when doing manual handling or lifting heavy loads that may cause various musculoskeletal injuries to a worker.

Jona Tarlengco

Explore more templates.

• Download free template

Related pages

• Integrated Risk Management Software
• Operational Risk Management Software
• Risk Based Inspection Software
• Supplier Risk Management Software
• Risk Register Software
• Risk Assessment Examples
• Risk Management Training
• Integrated Risk Management
• Supplier Risk Mitigation
• Enterprise Risk Assessment
• Contract Risk Assessment Checklist
• Point of Work Risk Assessment Template
• 7 Best Risk Assessment Templates
• 5×5 Risk Matrix Template
• Risk Mitigation Plan Template

Managing risks and risk assessment at work

1. overview.

As an employer, you're required by law to protect your employees, and others, from harm.

Under the Management of Health and Safety at Work Regulations 1999, the minimum you must do is:

• identify what could cause injury or illness in your business (hazards)
• decide how likely it is that someone could be harmed and how seriously (the risk)
• take action to eliminate the hazard, or if this isn't possible, control the risk

Assessing risk is just one part of the overall process used to control risks in your workplace.

For most small, low-risk businesses the steps you need to take are straightforward and are explained in these pages.

If your business is larger or higher-risk, you can find detailed guidance here .

If you're self-employed, check if health and safety law applies to you .

View a printable version of the whole guide

Is this page useful?

Risk assessment process and key points to risk identification in virtual interactions

Published: March 2023

Virtual interactions with people that access care and support are here to stay, in one form or another. Where it is appropriate and proportionate to interact with an individual in a way other than face to face, it is necessary to be confident and competent to practice in a way that recognises and works effectively with risk.

This guide will help social care practitioners to understand:

• The key principles of how to gather evidence and information, so they are able to identify and assess risks virtually when it is not necessary or appropriate to do so through face-to-face contact.
• The importance of being aware that our professional decisions may become more reliant on assumptions or information provided by others, as we may have less ability to observe and draw conclusions from direct observation. However, as with any social care practice, it is essential that we are able to defend any decision made with the evidence that underpins it.
• That regardless of the method of interaction we should always be mindful of situations that present risk and should try to gather as much information as possible about the individuals’ circumstances to ensure any risks are identified and looked at properly.
• The importance of clearly documenting the entirety of the risk assessment process and particularly evidence associated with risk.
• “Critical, reflexive and careful judgement … with the fully considered evidence of incomplete knowledge so that you can defend and justify your assessments, plans and interventions” (Cooper, 2011).

If the adult lacks capacity, some of the statements below will not apply, and decisions and agreements will be made with as much involvement as possible from the adult but not solely with them.

Risk assessment as a process

Risk assessment is an important process in adult social care as we work with individuals to enable them to achieve the outcomes that matter to them and promote their individual wellbeing.

The risk assessment process has four distinctive and  sequential  stages, and social care practitioners should go through each of them with the individual.

• Understanding the person’s circumstances
• Identifying risks
• Assessing impact and likelihood of risks
• Managing risks – risk enablement and planning

This framework is evident in a study undertaken by Clarke et al. (2011) which outlined a four-stage process for exploring risk with individuals and families living with dementia. However, this further guidance is equally as applicable for working with all individuals:

• Identify risks in the life-context of the individual and their circumstances (and therefore impact on quality of life and individual wellbeing).
• Identify risk perspectives from all the people involved.
• Identify weighting of risks (to establish high and low risk concerns, impact on emotional, social and psychological wellbeing).
• Identify current and past strategies for managing risks.

When we work with individuals during the risk assessment process it is important to remember that a person’s ability to engage can fluctuate either as a result of a cognitive impairment of the mind or brain or due to physical or emotional difficulties. In such circumstances it will be necessary to arrange conversations at times that are appropriate for them and/or provide additional support if required such as:

• Appropriate Person
• Independent Advocate, or
• Independent Mental Capacity Act Advocate.

What is risk?

Simply put, risk is:

• The probability that an event will occur with beneficial or harmful outcomes for a particular person or others with whom they come into contact.
• A product of the likelihood that an event will occur and the impact that it will have if it does occur.

The four stages of risk assessment as a process

Understanding the person’s circumstances (stage 1).

Risk is part of everyday life and “people with disabilities, both mental and physical, have the same human rights as the rest of the human race. It may be that those rights have sometimes to be limited or restricted because of their disabilities, but the starting point should be the same as that for everyone else” (Lady Hale, 2014).

When we work with individuals requiring support from Adult Social Care, we do so to promote choice and control for which there are likely to be elements of risk present. However, our practice is underpinned by strengths-based principles which recognises strengths, capabilities and potentials for self-directed support towards goals and outcomes that matters to the individual.

It may therefore be necessary and/or beneficial for some risk to be present but in such circumstances the decision should be made through,

Weighing up the potential benefits and harms of exercising one choice of action over another. This means identifying the potential risks involved, and developing plans and actions that reflect the positive potentials and stated priorities of the service user. It involves using available resources and support to achieve desired outcomes, and to minimise potential harmful outcomes.

Read  “principles of practice”  for some further guidance to help you understand the person’s circumstances.

Identifying risks and protective factors (Stage 2)

A social care practitioner’s role is to support an individual to identify, define and explore the beneficial or harmful outcomes of the identified activity/decision with the individual. This is to enable a thorough exploration which will allow consideration of the likelihood and impact and promote their ability to live the life they want and do the things that are important to them as independently as possible. Our role is not to stop people doing things but to trust people to make decisions and direct their own support, with help where they need and want it.

The first step of the risk assessment process is to jointly work with the individual, with or without the support of another person (for example an appropriate individual or independent advocate), to enable us to understand:

• what the activity means to them
• why is it important to them and for them
• what impact being able/unable to undertake the activity will have on their individual wellbeing.

It is important that when we engage in conversations, we begin from a position of strength, focusing on what is strong for the individual and not on what is wrong with the decisions they are wanting to make. We can learn from the principles of  appreciative inquiry  and rather than seeing the situation as a problem to be solved, consider it as a mystery to be embraced, utilising strengths, rather than seeking to overcome or minimise the weaknesses. We can, with an open mind, seek to explore and discover moments of strengths in the individual’s life, personal qualities and the networks around them. We can be open to seeing new potential and possibilities using the collective knowledge of the social care practitioner and the individual to whom the assessment belongs.

Once you have established a baseline understanding of the persons circumstances from their perspective, it is important to work with them to identify both the potential benefits and the potential harms of a given action, decision, behaviour, etc.

This enables us to support the individual to explore the risks that they are facing, or are likely to face, and the impact of the activity on them or others, now or in the future.

Working virtually with an individual will place a greater reliance upon the questions we ask in order to establish a baseline understanding of the person and find the answers to potential benefits or harms as we cannot use our other senses such as seeing for ourselves.

From the available information and initial contact with the individual, it should be possible to gauge a level of insight as to the potential harmful outcomes, likelihood of occurrence and potential impact. We should use this to determine which  method of interaction  is required, for example it is necessary to visit the individual in person or it is appropriate to, at least, start the risk assessment process virtually. It is important that we record our rationale for the chosen method(s) of interaction.

Pause for thought: Case study – about Amitesh

Amitesh is a 28-year-old male who lives with an acquired brain injury and limited use of his right side. He moved from residential care to supported living one year ago. He is unable to access the community without support which is authorised by a community Deprivation of Liberty Safeguard. (DOLiC)

You have arranged to review Amitesh’s care and support plan with his support worker and Mum, who is acting as his Appropriate Person. The appointment will be via video call. He has explained that he wants to discuss how he will be able go to the local supermarket without support.

Thinking about the first two steps of the risk process, what questions do you think you need to ask? SCIE will share its thoughts below to offer further guidance to shape your question creation.

SCIE’s thoughts

It is important that the conversations that we have enable us to evidence some key points, such as:

• What is it that is trying to be achieved and why?
• How will it be achieved and why will it be done this way?
• What are the potential benefits of the action being considered? To self, to others, from others, etc.
• What could go wrong? – what are the risks to self, to others, from others etc.

The answer to these questions:

• Must  be seen from the individual’s point of view, though we will support the individual in exploring and understanding all the potential benefits and harms.
• Should  include the individual wishes and aspirations.
• May  include potential benefits for others but  must  include any potential harm to others.

Potential prompts to go through with the individual are:

• What is the good thing about doing this?
• What will I get out of it?
• What could go wrong if I don’t do it?
• What could go wrong if I do it?

With support, Amitesh was able to identify that it was important for him to go to the shops by himself to buy chocolate. He wants to do this as his friends who lived around him did so and not being able to do it made him feel sad and frustrated and it made him feel like a child.

Being able to go to the shop when he wanted and by himself would help him feel independent and he could use the communal mobility scooter to help him get there because he cannot walk very far.

Amitesh identified that it had been over 10 years since he had been out in the community without support, that he might get lost on the way to the shop and/or forget what he had gone to the shop for or not know if he has been given the right change.

To explore further the concern around not getting the right change and to ascertain if it is a risk, Amitesh was asked if he has any money close by and if he knows the value of the notes and coins that he had; simple questions were asked such as if he paid with a £5 note would he expect any change if the item cost 50 pence?

A balance sheet for supporting exploration of risk, protective factors and options

During the conversation we need to be able explore ways in which Amitesh could achieve the outcome he wishes to achieve, and a balance sheet tool may be a useful way of doing this.

The format of such a tool is not important but the detail which we add to it is key. A balance sheet:

• Provides an opportunity to work through and identify possible options for the person to achieve their desired outcome while minimising risk, where possible.
• Enables recording of the evidence gathered to demonstrate the advantages and disadvantages of the considered option which will be used to make decisions.
• Supports the analysis as to why it is or is not a realistic option, with reference to the facts that resulted in the decisions made.
• Enables the process to be open and transparent with the people we work with.

Activity: Getting to the shop

It may be necessary to have more than one interaction with Amitesh, to ascertain all the risks involved in relation to the decision to be made. These interactions can be using one or different methods.

The important thing is that we can evidence and define with clarity what the risks are from the perspective of the individual, the social care practitioner and any others as this will support the next stages or be affected by the decision. It is not possible to consider the impact and likelihood of a situation or take steps to manage it if we cannot define what the risk is first.

Assessing risks: impact and likelihood (stage 3)

Once the risk has been clearly defined and the potential beneficial and harmful effects identified, we will explore with the individual the impact and likelihood of each of the potential benefits and harms identified to assess the risk.

This stage is not:

• a method to prevent a person to achieve the outcomes that they would choose
• an opportunity to focus on the problem/s and things that are perceived to be a risk.

As a social care practitioner is not our responsibility to take the risk away. At this stage we should:

• Support the individual with their unique strengths, abilities and aspirations to make decisions that matter to them.
• Support the individual in understanding the likelihood and impact of all the identified potential benefits and harms, what is important for them alongside what is important to them and why.

It is essential that there is an evidenced based analysis of the severity and likelihood of harm which could arise.

When we assess risk, it is necessary to explore:

• How likely is this to occur? This  should  be proportionate to the potential consequences specified, and  must  be based on good information and evidence and consider the same factors – is the information up to date? Is it relevant? Can it be evidenced? What are the protective factors which could reduce the likelihood of the occurrence? Consider the strengths of the person’s current situation, the environment and what their family/friends/other support network are or can contribute. What additional actions would promote benefit and reduce the likelihood of the occurrence, for example the use of assistive technology, interventions to improve ability of the individual, maximising existing support networks?
• If something went wrong, what would the severity of the impact be? It is important to consider both a best-case and worst-case scenario, e.g. death, serious injury, admission to hospital, loss of accommodation. If it works, what is the level of benefit of the impact? It is important to consider equally the potential negative consequences and the potential benefits What are the protective factors which could reduce the severity of the impact? What additional actions would promote the benefit and reduce the severity of the impact, for example the use of assistive technology, interventions to improve ability of the individual, maximising existing support networks.

Thinking about the impact and likelihood that of the risk process, what questions do you think you need to ask based on the information you have?

It is important to have conversations that will enable us to evidence some key points, such as:

• The likelihood of risk (degree of intent; immediacy/frequency of its occurrence or re-occurrence; timing: do different times of day or different days elevate or reduce the risk?).
• The severity of risk (i.e. the impact it could have if it occurs).
• Has something like this happened before, what are the similarities and the differences, how were they managed and to what end? Use your knowledge and experience to explore if previous solutions could help in this case.
• What’s the worst that could happen? For whom?
• What’s the best that could happen? For whom?
• What could happen if we don’t support the person to take the risk?
• Must  be seen from individual’s point of view, though we will support the individual in exploring and understanding the likelihood and severity of the decision.

An example of a risk assessment for Amitesh

Low, medium, high

Unlikely, likely, very likely

What is the decision or choice to be made?  Is it safe for Amitesh to go to the shops alone?

What are the potential  benefits?

• Amitesh can be independent in going to the shops, his confidence will grow.
• Amitesh can feel like an adult and make his own decisions about when he goes to the shop.
• Amitesh will grow as an individual.
• It is something important for Amitesh and which he aspires to achieve.
• It is very likely that these benefits could be achieved.
• Amitesh’s confidence could be increased, and he may even be able to take a next step within time.
• Staff will be available to support other residents.

What are the potential  harms?

• Amitesh could get lost. This could stress him out and/or make him vulnerable to other risks.
• Amitesh may forget what he went to the shop for and get stressed or lose his way.
• Amitesh may not get the right change and lose some money.
• It is very likely that it will go wrong as Amitesh has not been out without support for 10 years and does not have the necessary skills to be able to do so at this time.
• It is very likely that Amitesh may get lost.
• It is very likely that Amitesh may not get the right change.
• The severity could be high as Amitesh may get scared about being lost and when he is overwhelmed his ability to cope with a situation is reduced.
• Amitesh lives in a supported living complex with staff on site 24 hours.
• Amitesh has a telephone and has the phone number of the complex on speed dial which he is able to use.
• Amitesh has been using the local community, with support, and so may have recollection of important landmarks which will help him to return home.
• Supporting Amitesh to undertake a period of travel training to enable him to develop skills required to access the shop independently.
• Not taking too much money to the shop.
• Preparing a shopping list with staff in advance of going to the shop.
• Using a phone to contact staff if he gets lost.
• Using a phone to check in with staff when he has got his change.
• If staff work with Amitesh in addressing the factors that increase the risk, the risk will be properly managed.
• If staff conclude that they can’t provide Amitesh with the necessary skills and support to be able to address the factors that increase the risk, a decision should be made as to whether the remaining risk should be taken.

Stages one through three of the risk assessment process will enable the social care practitioner, regardless of method in which the intervention is undertaken, to recognise and work effectively with risk. It will enable the social care practitioner to arrive at a decision which should include the following narrative elements:

• A statement of the decision.
• The reasons for the decision.
• A description of the main alternatives.
• Reasons why the alternative may not be the best option or why the alternative may be the best option.

When we are working virtually with individuals to explore risk it is important that we are confident with the information we have been able to gather to enable us to make an informed and defendable decision:

Decisions that will withstand the harsh scrutiny of hindsight bias in the event of a risk failure … informed, balanced, proportionate and just risk decisions.

Managing risks: risk enablement and positive risk-taking (stage 4)

Risk is part of everyday life and risk management is not about trying to eliminate risk but managing risks to maximise people’s choice and control over their lives. It is about weighing up the options and utilising the available resources to achieve the desired outcome. It is “not negligent ignorance of the potential risks … it is usually a very carefully thought-out strategy for managing a specific situation or set of circumstances” (Morgan, 2004).

Not all risk can be reduced or mitigated, but all can be managed if they have been properly identified and assessed. On some occasions the management of risks entail reduction or mitigation.

Individual choice* in risk enablement: It is the adult and/or carer’s right to make choices and take risks once they understand the information available and are aware of the risks.

Risk enablement: Risk enablement involves supporting adults and/or carers to identify and assess risks and then supporting them to take the risk they choose.

* unless assessed to lack capacity.

Key aims of positive risk-taking:

Some of the key aims of positive risk-taking are:

• Empowering people
• Working in partnership with adults and/or carers
• Developing trusting working relationships
• Supporting people to access opportunities and take worthwhile chances
• Learning from experiences
• Understanding consequences of different choices/actions
• Sometimes tolerating short-term risk for long-term gain
• Making decisions based on accurate/available choices.

Once the risks have been identified and assessed, the next step is to agree with the individual how the risks are going to be managed.

The goal of risk management

The goal of the management of risk is to develop contingency actions for any predicted pitfalls, in a way which improve the quality of life of the person, to promote their independence or to stop these deteriorating if possible. Please note that this may be just to make the individual aware of the potential consequences of the risk.

To manage risk effectively, it is important to:

• Develop and implement the action plan agreed with the adult/carer.
• Have clear monitoring and reviewing systems in place if appropriate.
• Ensure accurate documentation and sharing of risk assessment/action plan with relevant partners.
• Be ready to respond to the consequences.
• Agree risks owners – who takes responsibility.

Risk action plan

A risk action plan should include:

• What actions have been agreed?
• How the actions will be carried out and their significance to success?

Who will be responsible for them?

• What is the time frame? Bear in mind that different aspects might have different time frames.

How will good communication be ensured?

• What could go wrong – and how to overcome?
• What could go well – and how to build onto it?
• Review plan and agree timescale.

Amitesh wished to be able to go to the shop without a support worker or his mum so that he could:

• be like his friends
• be more spontaneous about his day
• have his favourite chocolate bar when he wanted and not just when he had a scheduled shopping session
• have greater independence.

The assessment of risk concluded:

• There was a probability of a harmful outcome for Amitesh if he was to go to the shop alone as he could get lost, forget what he was going to the shop for and not be given the right change.
• The likelihood of the harmful outcome was high due to him having had protective oversight while accessing the community for the past 10 years.
• The impact if something goes wrong could be high as he is not able to cope with his emotions when he is feeling overwhelmed.

There are additional actions which would promote his ability to achieve his goal.

Using the information available what might the risk action plan include?

The Care Act 2014 is very clear that the starting point for care and support planning is the assumption that an individual can plan for themselves. This should be extended to the development of a risk action plan as should the notion that the plan is written in the first person to make it clear that it is the individual who owns it as it is there to support the individual to live a safer life.

Where possible, principles of co-production should be applied to support the individual to have as much control as possible over the choices that they can make.

What actions have been agreed

• I will be supported to try and learn how to get to the shop by myself.
• I will use pictures to build my shopping list so that I do not forget what I am going to the shop for.
• I will work with my support worker to learn about money and to try and understand how much money I will need for my shopping list and how much change I will get.

How the actions will be carried out and their significance to success

• I will work with my support worker for three hours each week.
• Support worker will plan the session with Amitesh.
• Support worker will notify social care practitioner of session plan and outcome.
• Support worker.
• Social care practitioner.

What is the time frame, bearing in mind that different aspects might have different time frames?

• I will work with my support worker until Christmas (three months).
• Review monthly.
• Weekly catch-up scheduled for use as required.
• My support worker will let the social care practitioner know how each session has gone.
• I can call the social care practitioner if I want to.

What could go wrong, and how to overcome it?

• The pace of activity may be overwhelming for Amitesh. Usual mood chart to be implemented before each session to enable support worker/Amitesh to gauge pitch of session and what the session will look like.
• Amitesh to be supported to use mood chart to explain feelings if it appears that he is becoming overwhelmed.
• Amitesh to be given opportunity to choose another activity to undertake if he is feeling overwhelmed.

Review plan and agree timescale

• Four-weekly.

How to work with risk virtually

During face-to-face interactions, we use our observation skills, amongst others, to understand any potential risks for the individual. Working virtually could reduce the opportunity to observe certain circumstances, behaviours, reactions, the non-verbal communication, the ability to see the unseen which could impact on evidence-based decision making.

Please note that whereas we have tried to include a wide range of risk factors there may be others not listed.

Working virtually places greater reliance on the use of effective strengths-based conversations, underpinned by open-ended questions and establishing  meaningful relationships . This will enable a two-way exploration of the presence of risk, risk identification, risk assessment, and risk management to explore how best to support the individual to achieve the outcomes that are important to them.

From the available information and initial contact with the individual, it should be possible to gauge a level of insight as to the potential risks. We should use this to determine which  method of interaction  is more suitable for example it is necessary to visit with the individual in person? Or is it appropriate to at least start the risk assessment process virtually?

Important considerations

If we are working with people virtually, we will:

• Need to use this information as a starting point to consider the conversations and the information we need to gather from the individual.
• Need to review historical/available information so that we are aware of what gaps in evidence we have.
• Consider what existing information needs to be checked out so that we do not make assumptions that the current circumstances are the same.
• Need to ensure that any sharing of data, via email for example, is done so in accordance with sharing of information and joint working protocols to prevent data breaches in line with the  Data Protection Act 2018 .
• Where possible always seek permission from the individual before requesting and sharing information but if it is necessary to facilitate the provision to the individual of health or social care services, section 2(3) of the  Health and Social Care (Safety and Quality) Act 2015  will limit repercussion.

If the adult lacks capacity, some statements will not apply, and decisions and agreements will be made with as much involvement as possible from the adult but not solely with them.

Please note that you can find information on Safeguarding risks with adults in  further reading .

What information can help social care practitioners in the identification and/or assessment of different types of risks when working virtually?

The below information is intended to support social care practitioners to ascertain which questions could be asked and/or considered to supplement the lack of opportunity to gather intelligence through observation when undertaking virtual interactions.

Please note that although we have included a wide range of risk factors, the list is not exhaustive.

The below indicators of higher risk should not be used to make assumptions, but to prompt questions and source evidence. The risks considered in this resource are those of:

• Personal/self-neglect
• Incontinence
• Environmental neglect

Carer breakdown

• Social isolation.

Examples of types of risks and factors that could increase the level of risk

Factors to increase risk of falls.

• Medical conditions
• Mobility, balance and gait
• Nutritional deficiencies
• Impaired cognition
• Visual impairments
• Foot problems
• Environmental hazards

What would be useful to know?

• Has anything changed?
• From when, why?
• Permanent or temporary?
• Previous history of falls over a 12-month period.
• What are the known side effects of medication being taken?

How might you find out if your interaction is not face-to-face?

• From the individual
• From family/friends
• From paid professionals, i.e. carers/personal assistants
• From health professionals
• From historical notes

Personal and self-neglect:

Factors to increase risk of self-neglect.

• Mental health
• Social circumstance

Signs of self-neglect

• Mouth hygiene
• Unkempt general appearance
• Visible dirt
• Sweating and body odour (especially sweat patches)
• Skin – spots
• Becoming ill often
• Not cleaning the toilet
• Not getting rid of rubbish
• Not washing clothes and bedding frequently
• Not storing food properly
• What is the person’s own perspective on their self-care?
• What are the hazards to wellbeing, mental and physical health?
• Are they able to seek help or access services to support them?
• Do they have income to resource their ability to care for themselves?

Read more:  Self-neglect at a glance .

Malnutrition:

Factors to increase risk of malnutrition.

• Mental health conditions

Signs of malnutrition

• Little or no appetite, a lack of interest in eating and drinking*
• Weight loss*
• Low energy and feeling tired
• Poor concentration
• Reduced physical ability
• Getting ill often and taking a long time to recover
• Wounds taking a long time to heal
• Feeling cold most of the time

*Can be difficult to determine if the person isn’t open and you are not seeing them face-to-face; therefore important to ask the question if other signs are flagged.

• Any known mental health conditions such as dementia, depression or eating disorders?
• Is there any social isolation?
• Is there enough income into the house, has anything recently changed?
• Are there any physical limitations, is this a recent change?
• Are there any long-term health conditions which affect appetite?
• Any issues with ability to swallow (i.e. dysphagia)?
• Any issues with ability to chew (i.e. dental issues)?

Environmental neglect and/or hoarding:

Factors to increase risk, signs of environmental neglect/hoarding.

• Unusually large number of items on furniture and/or on the floor
• Keep or collect items that may have little or no monetary value, such as junk mail and carrier bags
• Find it hard to categorise or organise items
• Have difficulties making decisions
• Struggle to manage everyday tasks, such as cooking, cleaning and paying bills
• Have poor relationships with family and/or friends
• Suspicion of other people touching items
• Obsessive thoughts and actions: fear of running out of an item or of needing it in the future; checking bins for accidentally discarded objects
• People who live alone, are unmarried
• Have had a deprived childhood (i.e. with lack of material objects)
• Has there been a change in income availability?
• Are there any long-term health conditions which is preventing them for keeping their home to their level of normal?
• Many people with hoarding disorders also experience other mental disorders, including depression, anxiety disorders, attention deficit/hyperactivity disorder or alcohol use disorder

What factors increase the risk of carer breakdown?:

Factors to increase risk of carer breakdown.

• Role confusion
• Unrealistic expectations
• Lack of control
• Unreasonable demands

Signs of carer breakdown

• Anxiety, depression, irritability
• Feeling tired and run down
• Difficulty sleeping
• Overreacting to minor nuisances
• New or worsening health problems
• Trouble concentrating and relaxing
• Feeling increasingly resentful and impatient
• Drinking, smoking, or eating more
• Neglecting own needs and responsibilities
• Cutting back on leisure activities
• Withdrawal from friends and family
• Carer’s life revolves around caregiving, but it gives them little satisfaction
• Feeling helpless and hopeless
• Is this a new behaviour?
• When did it start?
• Do they find they are irritated, angry or snappy?
• Do they feel emotional, are they anxious, worried, stressed?
• Have their food habits changed?
• Are they finding other ways to cope such as drinking or smoking more often?
• How well are they sleeping?
• How much energy do they have?
• How is their health?

Credit:  10 symptoms of carer stress – and how to beat them  (Live Better With).

What factors increase the risk of social isolation?

Factors to increase risk of social isolation.

• Living alone
• Limited finances
• Impaired mobility
• No family close by
• Sexual orientation issues
• Transportation challenges
• Divorced, separated, or widowed
• Inability to remain physically and mentally active
• Lack of access and inequality due to rural living or being part of a marginalised group
• Poor health and wellbeing including untreated hearing loss, frailty, substance abuse and poor mental health, including depression
• Societal barriers such as ageism and lack of opportunities for older adults to engage and contribute
• Unemployment
• Lack of an adequate social support network
• Bereavement
• Domestic violence
• Some mild forms of autism, such as Asperger’s Syndrome
• Dementia and Alzheimer’s

Signs of social isolation

• Deep boredom, general lack of interest and withdrawal
• Losing interest in personal hygiene
• Poor eating and nutrition
• Significant disrepair, clutter and hoarding in the house
• Strong difficulty in connecting with others in a non-superficial way
• Not having close friends, just mainly acquaintances or casual friends
• Low self-esteem and negative feelings of self-doubt
• When you try to connect or reach out, it’s not reciprocated, and you’re not seen or heard
• Leaving the house feels like stepping into the scary unknown
• Lack of motivation to arrange any calls or meetings

When exploring the suggestions, consider:

Other risks

There are other risks that social care practitioners should find out about, such as: cognitive deterioration, risk of hospital admission, risk of not taking prescribed medication, damage to equipment, lack of access to technology or the necessary skills need to use it effectively which should be addressed in line with the  Equality Act (2010) .

• Gather as much evidence as possible through questions, asking for descriptions, examples of behaviours, etc.
• Ensure you go through the risk process stage-by-stage jointly with the adult and/or carer, if they have capacity.
• Record appropriately the existing risks, their potential benefits and/or harms, their assessment and how they will be managed, including if the adult and/or carer is taking responsibility – if there is capacity – of the potential harms to themselves.
• Ensure you have a person-centred and risk enabler approach.

Don’t:

• Make assumptions – the existence of a risk factor or indicator does not mean there is a risk.
• Allow your threshold for risk to draw you to conclusions.
• Underestimate the potential benefits of taking a risk.

Clarke, C.L., Wilkinson, H., Keady, J. & Gibb, C.E. (2011) Risk assessment and management for living well with Dementia, Jessica Kingsley Publishers

Cooper, B. (2011) ‘Criticality and reflexivity: best practice in uncertain environments’, in Seden, J., Matthews, S., McCormick, M. and Morgan, A. (eds) Professional Development in Social Work: Complex Issues in Practice, London, Routledge, pp. 17-23

Kemshall, H. (2009), Working with sex offenders in a climate of public blame and anxiety: How to make defensible decisions for risk, Journal of Sexual Aggression, 15:3. 331-343

Morgan, S. (2004) ‘Positive risk-taking: an idea whose time has come’ Health Care Risk Report, 10(10), pp.18-19

Further reading

Risk identification, assessment and management – positive risk-taking.

• Guides on ethics, risk assessments and virtual meetings  (Social Work England, 2020)
• Independence, choice and risk: a guide to best practice in supported decision making  (Department of Health, 2007)
• Managing risk positively: A guide for staff in health and social care  (Isle of Wight Council)
• Nothing ventured, nothing gained day  (summary slides) (Moriarty, J and Manthorpe, J, 2011)
• Nothing ventured, nothing gained: Risk guidance for people with dementia  (page 52) (Department of Health, 2010)
• Positive risk and shared decision-making  (Social Care Wales)
• Positive risk-taking policy  (Gateshead Council)
• Positive risk-taking policy  (Lancashire County Council Adult and Community Services)
• Positive risk-taking policy: Easy read version  (Cumbria Learning Disability Services)
• The common core principles to support self-care – A guide to support implementation  (Skills for Care, 2015)

Personal hygiene

• Dignity in care: Personal hygiene  (video) (SCIE, 2015)
• Social workers must address service users’ poor hygiene  (Community Care, 2011)
• Are you at risk of falling?  (NHS England, 2018)
• Falls – risk assessment  (NICE, 2019)
• What are the main risk factors for falls amongst older people and what are the most effective interventions to prevent these falls?  (WHO (Europe), 2004)

Malnutrition

• Assessing nutritional risk  (Royal Wolverhampton NHS Trust, 2016)
• Malnutrition: What you need to know (Medical News Today)
• 10 symptoms of carer stress – and how to beat them  (LiveBetterWith, 2020)
• Caregiver burnout  (Cleveland Clinic, 2019)
• Care stress and burnout  (Helpguide, 2020)

Social isolation

• Causes of social isolation in elderly adults  (Griswold Home Care, 2020)
• Do you recognise the early signs of social isolation?  (Mort, A)
• Recognising the signs of isolation  (Where You Live Matters)
• Signs and symptoms of chronic loneliness  (Cigna)
• Social isolation: symptoms and signs  (MedicineNet)
• Quiz – signs of social isolation  (UCLA Loneliness scale)

Hoarding and environmental neglect

• Clinical assessments for hoarding  (International OCD Foundation)
• Hoarding disorder  (NHS England, 2018)
• Hoarding: The basics  (Anxiety and Depression Association of America)
• Professional practice note: Hoarding and how to approach it, guidance for Environmental Health Officers and others  (Chartered Institute of Environmental Health, 2004)
• What is hoarding disorder?  (American Psychiatric Association, 2017)

Safeguarding

• COVID-19 and safeguarding adults: frequently asked questions  (LGA and ADASS, 2020)
• Guidance for safeguarding adults during Covid-19 pandemic: addendum: safeguarding adults in placements (BASW, 2020)
• Professional practice guidance for safeguarding adults during COVID-19 pandemic  (BASW, 2020)

Self-neglect

• Risk assessment and management of patients whom self-neglect: a ‘grey area’ for mental health workers  (Journal of Psychiatric and Mental Health Nursing. Volume 10, Issue 3, pages 287–296, June 2003)
• Self-neglect at a glance  (SCIE, 2018)

Back to Main Page

DD 2977 Deliberate Risk Assessment Worksheet

DA 7566 Composite Risk Management Worksheet

    Thanks for your contributions!

We need more examples. Examples can be contributed by using the form below.

DD Form 2977 Deliberate Risk Assessment Worksheet (DRAW)

The DA Form 7566 Composite Risk Management (CRM) form was replaced by DD Form 2977 Deliberate Risk Assessment Worksheet dated SEP 2014.

To contribute examples, use this form.

Duty Title:

Contact     © copyright armywriter.com     Disclaimer

Purdue Online Writing Lab Purdue OWL® College of Liberal Arts

Welcome to the Purdue Online Writing Lab

Welcome to the Purdue OWL

This page is brought to you by the OWL at Purdue University. When printing this page, you must include the entire legal notice.

Copyright ©1995-2018 by The Writing Lab & The OWL at Purdue and Purdue University. All rights reserved. This material may not be published, reproduced, broadcast, rewritten, or redistributed without permission. Use of this site constitutes acceptance of our terms and conditions of fair use.

The Online Writing Lab at Purdue University houses writing resources and instructional material, and we provide these as a free service of the Writing Lab at Purdue. Students, members of the community, and users worldwide will find information to assist with many writing projects. Teachers and trainers may use this material for in-class and out-of-class instruction.

The Purdue On-Campus Writing Lab and Purdue Online Writing Lab assist clients in their development as writers—no matter what their skill level—with on-campus consultations, online participation, and community engagement. The Purdue Writing Lab serves the Purdue, West Lafayette, campus and coordinates with local literacy initiatives. The Purdue OWL offers global support through online reference materials and services.

A Message From the Assistant Director of Content Development 

The Purdue OWL® is committed to supporting  students, instructors, and writers by offering a wide range of resources that are developed and revised with them in mind. To do this, the OWL team is always exploring possibilties for a better design, allowing accessibility and user experience to guide our process. As the OWL undergoes some changes, we welcome your feedback and suggestions by email at any time.

Please don't hesitate to contact us via our contact page  if you have any questions or comments.

All the best,

Social Media

Facebook twitter.

Consent to electronic delivery & terms and conditions of use

The allocations provided are based on generally accepted investment principles. There's no guarantee, however, that any particular asset allocation or combination of investments will meet your objectives. All investments involve risks, and fluctuations in the financial markets and other factors may cause the value of your account to decline. You should consider all of your options carefully before investing. The investor questionnaire is provided to you free of charge. It doesn't provide comprehensive investment or financial advice. Vanguard isn't responsible for reviewing your financial situation or updating the suggestions contained herein.

By selecting  Accept , you agree to the terms outlined on this page.

Duration of election & consent  Your consent applies only to this particular request. If you request additional information, you may be required to consent to electronic delivery again.

Costs & risks

Vanguard doesn't charge you a fee to use our website, but you could incur expenses from an internet service provider when you access information online. Also, be aware that your internet service provider may occasionally experience system failure, and hyperlinks to documents may not function properly.

Start your investing journey

Our quiz can help you find a path that best fits your needs .

The Investor Questionnaire suggests an asset allocation based on information you enter about your investment objectives and experience, time horizon, risk tolerance, and financial situation. Your asset allocation is how your portfolio is divided among stocks, bonds, and short-term reserves. As your financial circumstances or goals change, it may be helpful to complete the questionnaire again and reallocate the investments in your portfolio.

Before you begin, please review the questionnaire's  assumptions  and limitations  and accept our terms and conditions by choosing  Start the quiz .

Limitations

Caveats on the investor questionnaire's ability to provide financial forecasts.

The asset allocation we suggest for you depends on your assessment of subjective factors, such as your risk tolerance and financial situation. The suggested allocation is limited to 3 broad classes of investments: stocks, bonds, and short-term reserves (such as money market accounts and certificates of deposit). They don't include other assets, such as real estate, personal property, or precious metals.

You should view the suggested asset allocation only as a general guideline for how you might consider investing your savings. It doesn't provide comprehensive investment advice—such as advice on buying a specific stock or bond mutual fund or ETF (exchange-traded fund)—and shouldn't be considered the sole or primary basis on which you make investment decisions.

It's important to carefully review the historical returns of various combinations of stocks, bonds, and short-term reserves over various holding periods to see if you can accept the level of risk in a given investment mix.

See how 9 model portfolios have performed in the past

Any modifications to your current mix of investments can be made gradually to lessen the impact of significant market changes and potential tax implications.

Finally, over time, your answers to these questions may change based on your experience and changing goals. The investor questionnaire doesn't provide comprehensive investment advice. We therefore recommend that you return to the questionnaire as needed to ensure that your asset allocation continues to meet your evolving needs. You may wish to consult a professional investment advisor, accountant, attorney, or broker before making or changing an investment, now or in the future.

Assumptions

The investor questionnaire suggests 1 of 9 asset allocations based on your answers to the questions. Investment returns for the asset allocations are based on the following benchmark indexes:

Source: The Vanguard Group.

Keep in mind that the suggested allocation is based on limited information. You should conduct additional research or consult a professional advisor for more detailed recommendations.

*For U.S. stock market returns, we use the Standard & Poor’s 90 Index from 1926 to March 3, 1957 and the Standard & Poor's 500 Index thereafter.

**For U.S. bond market returns, we use the Standard & Poor’s High Grade Corporate Index from 1926 to 1968; the Salomon High Grade Index from 1969 to 1972 and the Barclays U.S. Long Credit Aa Index thereafter.

***For U.S. short-term reserves, we use the Ibbotson U.S. 30-Day Treasury Bill Index from 1926 to 1977 and the FTSE 3-Month U.S. Treasury Bill Index thereafter.

Past performance is not a guarantee or prediction of future results.

• Do Not Sell My Personal Info

•  ⋅ 
• Digital Marketing

Understanding Information Security & Risk Management

Protect important information with risk management strategies. Learn how to safeguard confidential data and mitigate potential risks.

This edited extract is from How to Use Customer Data by Sachiko Scheuing ©2024 and reproduced with permission from Kogan Page Ltd.

I have an extremely confidential piece of information on a particular sheet of paper. This A4-sized paper contains a list of Christmas presents I plan to give to my family members.

To make sure that no one gets access to this information, I have hidden it in my home office, in the cupboard next to my desk. There you find a chunky English dictionary.

When you open the page where “Christmas” is listed, you will find my precious list, carefully folded into two.

But what if my children or my other half comes to look something up in an analogue dictionary? Arguably, the risk is small, but I am not taking any chances. I have a secret language called Japanese.

My family might find that piece of paper, but all they will see will be タータンチェックの野球帽 and 腕時計, which are basically hieroglyphs to them.

Thanks to this, my family enjoys wonderful moments exchanging gifts every Christmas. Just writing about this makes me grin, imagining the surprised faces and a burst of laughter, surrounded by the green scent of the Christmas tree and the obligatory mulled wine.

This motivates me to conceal this highly sensitive information even more!

We will discuss how companies and their marketing department can protect their secrets, and their data, so that they, too, can bring a smile to their customers’ faces.

Understanding Information Security

In some games, you have this “get out of jail card.” With these cards, you can avoid missing out on a round of games. What if I said GDPR has something similar?

It is called data security.

The GDPR provisions for data security are in line with the risk-based approach embedded in law, where risk is mini­mized, and more flexibility is given to controllers.

For instance, when regulators decide on fines, they must take security measures companies have put in place to protect the data into consideration (see Article 83(2)c of GDPR) (legislation.gov.uk, 2016 ).

Say your laptop is stolen.

If it was encrypted, you do not need to inform your customers that there was a data breach. Not having to inform your customers saves the brand image your marketing department has been building for years.

That is one reason why data security is such an important discipline. Many organizations have a separate security department and a chief information security officer who heads the functional areas.

Those marketers who had security incidents published by news outlets must know how life-saving security colleagues can be in times of need.

Definition Of Information Strategy

The word data security is not found in Article 4 of GDPR, the article where definitions are listed. Instead, the word “security” appears in Article 5, where the basic premises of the data protection law are described.

In other words, data security is one of the main principles of the GDPR, “integrity and confi­dentiality.”

GDPR expects organizations to ensure the prevention of unauthorized or unlawful processing, accidental loss, destruction, or damage of data as one of the starting points for protecting personal data.

TOMs must be implemented to this end so that the integrity and confidentiality of the data are protected (Article 5(f) GDPR) (legislation.gov.uk, 2016).

Outside Of GDPR, Information Security Is Defined As Follows

Information security is the safeguarding of information and information systems against deliberate and unintentional unauthorized access, disruption, modification, and destruction by external or internal actors. (Gartner, Inc., 2023)

Information security is the technologies, policies, and practices you choose to help you keep data secure. (gov.uk, 2018)

Information security : The protection of information and information systems from unauthorized access, use, disclosure, disruption, modification, or destruction in order to provide confidentiality, integrity, and availability. (NIST, 2023)

Approach To Information Security

Just as marketing professionals created strategic frameworks – 4Ps, 7Ps, 4Cs, and so on – so the school of information security strategy has come up with frameworks: the CIA triad and the Parkerian Hexad.

CIA stands for Confidentiality, Integrity, and Availability.

Donn Parker, a security consult­ant, later expanded this framework with three more elements, namely Utility, Authenticity, and Possession.

Below is a brief description of the six aspects of the Parkerian Hexad (Bosworth et al, 2009).

Availability

Availability refers to the ability of the organization to access data. When, for instance, there is a loss of power and your marketers cannot access customer data, it is considered an availability problem.

The file is there, so it is not stolen. However, the marketer is temporarily unable to access the particular data.

Utility of the Parkerian Hexad relates to the problem of losing the usefulness of the data. For instance, if a campaign manager loses the encryption key to the data, the data is still there, and it can be accessed.

However, the data cannot be used because the emails needed for carrying out an email campaign are encrypted so they are useless.

Maintaining integrity refers to preventing unauthorized changes to the data.

For instance, if an intern of the marketing department accidentally deletes the field “purchased more than two items” within the dataset, this is an integ­rity-related security incident.

If the manager of the intern can undo the deletion of the field, then the integrity of the data is intact.

Typically, integ­rity is maintained by assigning different access rights, such as read-only access for interns and read-and-write access for the marketing manager.

Authenticity

Authenticity relates to the attribution of data or information to the rightful owner or the creator of that data or information.

Imagine a situation where your advertising agency, acting as your data service provider, receives a fake email which instructs them to delete all your customer data.

The agency might think that it is a genuine instruction from your company, and executes the command. This is then an authenticity problem.

Confidentiality

When someone unauthorized gets access to a particular marketing analytic file, confidentiality is being breached.

The Parkerian Hexad uses the term possession to describe situations where data or information is stolen.

For instance, a malevolent employee of the marketing department downloads all the sales contact information to a mobile device and then deletes them from the network. This is a possession problem.

Risk Management

In addition to understanding the problems you are facing, using the Parkerian Hexad, your organization must know the potential security risks for the business.

Andress suggests a useful and generic five-step risk management process, for a variety of situations (Andress, 2019).

Step 1: Identify Assets

Before your organization can start managing your marketing department’s risks, you need to map out all data assets belonging to your marketing department.

In doing so, all data, some distributed in different systems or entrusted to service providers, must be accounted for.

Once this exercise is completed, your marketing department can determine which data files are the most critical. RoPA, with all processes of personal data mapped out, can be leveraged for this exercise.

Step 2: Identify Threats

For all data files and processes identified in the previous step, potential threats are determined. This may mean holding a brainstorming session with marketers and security and data protection departments to go through the data and processes one by one.

The Parkerian Hexad from the previous section can be a great help in guiding through such sessions. It will also be helpful to identify the most critical data and processes during this exercise.

Step 3: Assess Vulnerabilities

In this step, for each data-use surfaced in Step 2, relevant threats are identified.

In doing so, the context of your organization’s operation, products and services sold, vendor relations as well as the physical location of the company premises are considered.

Step 4: Assess Vulnerabilities

In this step, the threats and vulnerabilities for each data and process are compared and assigned risk levels.

Vulnerabilities with no corresponding threats or threats with no associated vulnerabilities will be seen as not having any risk.

Step 5: Mitigate Risks

For the risks that surfaced in Step 4, measures necessary to prevent them from occurring will be determined during this stage.

Andress identifies three types of controls that can be used for this purpose. The first type of control, logical control, protects the IT environment for processing your customer data, such as password protection and the placing of firewalls.

The second type of control is administrative control, which is usually deployed in the form of corporate security policy, which the organization can enforce. The last type of control is physical control.

As the name suggests, this type of control protects the business premises and makes use of tools such as CCTV, keycard-operated doors, fire alarms, and backup power generators.

With the time, risks may change.

For instance, your marketing department may be physically relocated to a new building, changing the physical security needs, or your company might decide to migrate from a physical server to a cloud-based hosting service, which means your customer data will have to move, too.

Both such situations necessitate a new round of the risk management process to kick off.

In general, it is advisable to revisit the risk management process on a regular interval, say annually, to keep your company on top of all risks your marketing department, and beyond, carry.

Approaching Risk Management With Three Lines Of Defence

Institute of Internal Auditors (IIA) established a risk management model called Three Lines of Defence.

The model requires three internal roles: (1) the governing body, with oversight of the organization, (2) senior management, which takes risk management actions and reports to the governing body, and (3) internal audit, which provides independent assurance, to work together and act as robust protections to the organization (IIA, 2020).

The elements of the Three Lines of Defence are ( IIA, 2020) :

First Line Of Defence

Manage risks associated with day-to-day operational activities. Senior management has the primary responsibility, and emphasis is put on people and culture.

Marketing managers’ task here is to make sure that their department is aware of data protection risks, including security risks, and are following relevant corporate policies.

Second Line Of Defence

Identify risks in the daily business operation of the business. Security, data protection, and risk management teams carry out monitoring activities.

Senior management, including the CMO, is ultimately accountable for this line of defence. A well-functioning second line of defence requires good cooperation between marketing and security, data protection, and risk management teams.

Practically, it would mean understanding the importance of operational-level auditing and providing input to the security team, even when there are other pressing deadlines and business issues.

Third Line Of Defence

Provide independent assurance on risk management by assessing the first and second lines of defence. Independent corporate internal audit teams usually have this role.

Here, too, the marketing department will be asked to cooperate during audits. Assurance results reported to the governance body inform the strategic business actions for the senior management team.

• Andress, J (2019) Foundations of information security, No Starch Press, October 2019.
• Bosworth, S, Whyne, E and Kabay, M E (2009) Computer Security Handbook, 5th edn, Wiley, chapter 3: Toward a new framework for information security, Donn B Parker
• Gartner, Inc. (2023) Information technology: Gartner glossary, www.gartner.com/ en/information-technology/glossary/information-security (archived at https:// perma.cc/JP27-6CAN)
• IIA (2020) The Institute of Internal Auditors (IIA), The IIA”s Three Lines model, an update of the Three Lines of Defense, July 2020, www.theiia.org/globalassets/documents/resources/the-iias-three-lines-model-an-update-of-the-three-lines-ofdefense-july-2020/three-lines-model-updated-english.pdf (archived at https://perma.cc/9HX7-AU4H)
• legislation.gov.uk (2016) Regulation (EU) 2016/679 of the European Parliament and of the Council, 27 April 2016, www.legislation.gov.uk/eur/2016/679/ contents (archived at https://perma.cc/NVG6-PXBQ)
• NIST (2023) National Institute of Standards and Technology, US Department of Commerce, Computer Security Resource Centre, Information Technology Laboratory, Glossary, updated 28 May 2023, https://csrc.nist.gov/glossary/term/ information_security (archived at https://perma.cc/TE3Z-LN94); https://csrc. nist.gov/glossary/term/non_repudiation (archived at https://perma.cc/DJ4A- 44N2)

To read the full book, SEJ readers have an exclusive 25% discount code and free shipping to the US and UK. Use promo code SEJ25 at koganpage.com here .

More resources: 

• Google Analytics 4 Features To Prepare For Third-Party Cookie Depreciation
• What Is First-Party Data And How Do You Use It?
• Google Testing IP Proxies: What This Means & How You May Be Impacted

Featured Image: Paulo Bobita/Search Engine Journal

Sachiko Scheuing is an award-winning privacy professional based in Frankfurt, Germany. She serves on the Europe Middle East and Africa senior ...

Subscribe To Our Newsletter.

Conquer your day with daily search marketing news.

Unfortunately we don't fully support your browser. If you have the option to, please upgrade to a newer version or use Mozilla Firefox , Microsoft Edge , Google Chrome , or Safari 14 or newer. If you are unable to, and need support, please send us your feedback .

We'd appreciate your feedback. Tell us what you think! opens in new tab/window

CRediT author statement

CRediT (Contributor Roles Taxonomy) was introduced with the intention of recognizing individual author contributions, reducing authorship disputes and facilitating collaboration. The idea came about following a 2012 collaborative workshop led by Harvard University and the Wellcome Trust, with input from researchers, the International Committee of Medical Journal Editors (ICMJE) and publishers, including Elsevier, represented by Cell Press.

CRediT offers authors the opportunity to share an accurate and detailed description of their diverse contributions to the published work.

The corresponding author is responsible for ensuring that the descriptions are accurate and agreed by all authors

The role(s) of all authors should be listed, using the relevant above categories

Authors may have contributed in multiple roles

CRediT in no way changes the journal’s criteria to qualify for authorship

CRediT statements should be provided during the submission process and will appear above the acknowledgment section of the published paper as shown further below.

*Reproduced from Brand et al. (2015), Learned Publishing 28(2), with permission of the authors.

Sample CRediT author statement

Zhang San:  Conceptualization, Methodology, Software  Priya Singh. : Data curation, Writing- Original draft preparation.  Wang Wu : Visualization, Investigation.  Jan Jansen :  Supervision. : Ajay Kumar : Software, Validation.:  Sun Qi:  Writing- Reviewing and Editing,

Read more about CRediT  here opens in new tab/window  or check out this  article from  Authors' Updat e:  CRediT where credit's due .

An official website of the United States government

Here's how you know

Official websites use .gov A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS A lock ( Lock Locked padlock ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Suspended Counterparty Program

FHFA established the Suspended Counterparty Program to help address the risk to Fannie Mae, Freddie Mac, and the Federal Home Loan Banks (“the regulated entities”) presented by individuals and entities with a history of fraud or other financial misconduct. Under this program, FHFA may issue orders suspending an individual or entity from doing business with the regulated entities.

FHFA maintains a list at this page of each person that is currently suspended under the Suspended Counterparty Program.

This page was last updated on 03/26/2024

Cookies on GOV.UK

We use some essential cookies to make this website work.

We’d like to set additional cookies to understand how you use GOV.UK, remember your settings and improve government services.

We also use cookies set by other sites to help us deliver content from their services.

You have accepted additional cookies. You can change your cookie settings at any time.

You have rejected additional cookies. You can change your cookie settings at any time.

Register to vote Register by 18 June to vote in the General Election on 4 July.

COVID-19: guidance for people whose immune system means they are at higher risk

• Department of Health & Social Care
• UK Health Security Agency

Updated 21 May 2024

Applies to England

© Crown copyright 2024

This publication is licensed under the terms of the Open Government Licence v3.0 except where otherwise stated. To view this licence, visit nationalarchives.gov.uk/doc/open-government-licence/version/3 or write to the Information Policy Team, The National Archives, Kew, London TW9 4DU, or email: [email protected] .

Where we have identified any third party copyright information you will need to obtain permission from the copyright holders concerned.

This publication is available at https://www.gov.uk/government/publications/covid-19-guidance-for-people-whose-immune-system-means-they-are-at-higher-risk/covid-19-guidance-for-people-whose-immune-system-means-they-are-at-higher-risk

This guidance only applies to people living in England. There is separate guidance available for people living in Scotland, Wales and Northern Ireland.

Introduction

The success of the COVID-19 vaccination programme has meant that the requirement for shielding and identifying people as clinically extremely vulnerable ( CEV ) is no longer necessary.

Most people who were part of this CEV patient cohort are no longer at substantially greater risk than the general population and are advised to follow the same guidance as everyone else on staying safe and preventing the spread of COVID-19 and other respiratory infections, as well as any further advice received from their healthcare professional.

However, there remains a smaller number of people whose weakened immune system means they may be at higher risk of serious illness from COVID-19, despite vaccination.

Enhanced protection measures, such as those offered by specific treatments or additional vaccinations alongside other protective behaviours, may benefit these individuals. This guidance is for those individuals who remain at higher risk.

This page contains information on:

• who this guidance is for
• keeping yourself safe

COVID-19 vaccines

Covid-19 treatments, covid-19 testing.

• what to do if you test positive for COVID-19
• what to do if you test negative for COVID-19 and still feel unwell

Who this guidance is for

Immunosuppression means you have a weakened immune system due to a particular health condition or because you are on medication or treatment that suppresses your immune system. People who are immunosuppressed, or who have specific other medical conditions, may have a reduced ability to fight infections and other diseases, including COVID-19.

Most people with immunosuppression will be under the care of a hospital specialist and/or known to their GP. As a result of this they will usually be eligible for either or both of:

additional vaccines including COVID-19 boosters

Further information on who is included in these groups of people is included in the sections on vaccination and treatments below. If you are in one of these groups, consider following the guidance below on keeping yourself safe.

Keeping yourself safe

The following advice on ‘keeping yourself safe’ is aimed at adults. Children and young people are recommended to continue to attend education, unless they are advised otherwise by their clinician. Attending education is hugely important for children and young people’s health and their future.

If you have been advised by the NHS that you are in one of these groups, you are advised to:

• ensure you have had all of the vaccines you are eligible to receive
• continue to follow any condition-specific advice you may have been given by your specialist

You are advised to try to avoid contact with people who have symptoms of COVID-19 or other respiratory infections. A detailed description of COVID-19 symptoms can be found in guidance for people with symptoms of a respiratory infection including COVID-19 .

If you have visitors to your home, consider ventilating your rooms by opening windows and doors to let fresh air in. More advice on ventilating your home can be found on GOV.UK.

Consider asking visitors to your home to take additional precautions, such as keeping their distance. COVID-19 tests are no longer free for the general public, but you may wish to ask visitors to take a lateral flow device ( LFD ) test before visiting. You might also consider asking them to wear a face covering and you may want to wear a face covering yourself.

If it feels right for you, work from home if you can. If you cannot work from home, speak to your employer about what arrangements they can make to reduce your risk. It may be that you are entitled to a Reasonable Adjustment under the Equality Act . See Public health principles for reducing the spread of COVID-19 and other respiratory infections in the workplace

If you are too ill to work, you may be eligible for Statutory Sick Pay .

When out and about, you may want to try to keep your distance from others if that feels right for you, and consider reducing the time you spend in crowded spaces or anywhere that is enclosed or poorly ventilated. Wash your hands regularly and avoid touching your face.

Consider wearing a well-fitting face covering in crowded public spaces. Although face coverings are primarily worn to protect others, because they cover the nose and mouth, which are the main routes of transmission of the virus that causes COVID-19 infection, they may also provide some limited protection to the wearer.

Further advice about face coverings can be found in guidance on living safely with respiratory infections including COVID-19 .

If you have a weakened immune system due to a health condition or medical treatment, and you are aged 6 months or over, you are eligible for a COVID-19 vaccination this spring if it has been at least 3 months since your last vaccination.

This is to help improve any protection you may have built from previous vaccination or infection.

By having a further dose of vaccine, you may reduce your chance of catching the COVID-19 infection. If you do catch COVID-19, the symptoms may be less severe and the illness shorter than if you had not had the extra vaccination.

Further information, including about those who may need an extra dose this spring, is available . You should receive a letter inviting you to book. If not, check with your GP or specialist whether you are eligible.

You should be offered an appointment between April and June, with those at highest risk being called in first.

How to book

If you are eligible for a vaccine, you can book a COVID-19 vaccine:

• on the national booking system
• by going to a walk-in COVID-19 vaccination site
• on the NHS app
• by talking to a local NHS service, such as a GP surgery
• by talking to your care home

It will help to take the vaccination invite letter, an NHS letter describing your condition or treatment, or a repeat prescription slip with you, or you can show your health record or prescription history in the NHS App.

You can book or manage a COVID-19 vaccination online through the NHS website.

If you can’t book online, phone 119 free of charge, 9am to 5:30pm Monday to Friday. You can ask someone else to do this for you. Please ensure you have your NHS number at hand. If you have difficulties communicating or hearing, or are a British Sign Language ( BSL ) user, you can use textphone 18001 119 or the NHS BSL interpreter service .

The NHS strongly encourages those with a weakened immune system to take up their offer for the spring 2024 COVID-19 vaccination as soon as possible to ensure they have the highest possible level of protection.

Further information on COVID-19 vaccinations is available on NHS.UK.

The NHS is offering treatments to those people with COVID-19 who are at highest risk of becoming seriously ill and who are aged 12 years or above. Not all treatments are suitable for people aged 12 to 17 years.

The list of eligible people who are offered these treatments is regularly reviewed and is available on the NHSE and GOV.UK websites. The list currently includes some people who have:

• Down’s syndrome, or another chromosomal disorder that affects their immune system
• certain types of cancer or have received treatment for certain types of cancer
• sickle cell disease
• certain conditions affecting their blood
• chronic kidney disease ( CKD ) stage 4 or 5
• severe liver disease
• had an organ transplant
• certain autoimmune or inflammatory conditions (such as rheumatoid arthritis or inflammatory bowel disease)
• HIV or AIDS and have a weakened immune system
• a condition affecting their immune system
• a condition affecting the brain or nervous system, such as multiple sclerosis, muscular dystrophy, motor neurone disease, myasthenia gravis, Huntington’s disease, Parkinson’s disease or certain types of dementia
• certain lung conditions or treatments for lung conditions

This list is a summary and does not cover everything.

If you were identified as being eligible for assessment for COVID-19 treatments before 27 June 2023, you will have been contacted by the NHS to make you aware of this.   

If you have become eligible for assessment for COVID-19 treatments since June 2023 (or become eligible), you will have been told about this (or will be told about this) by your doctor or specialist at the point that you were diagnosed with a qualifying condition or began a qualifying treatment. 

If you are unsure whether you are eligible, speak to your doctor or hospital specialist who can advise you.

Treatments for COVID-19 are most effective if they are started early (ideally within 5 days of you first developing symptoms). It is therefore important that you take a COVID-19 test as soon as possible if you develop symptoms so that you can access treatments early if you test positive for COVID-19. 

A broader group of patients (currently those aged 18 years and over, and with underlying health conditions) may also be able to take part in the  PANORAMIC clinical study  if they test positive for COVID-19 and are symptomatic.

In England, patients eligible for COVID-19 treatments can access free LFD  tests.

If you are eligible for COVID-19 treatments, please make sure you have a supply of  LFD  tests at home so that you can test yourself quickly if you develop symptoms of COVID-19. You can now obtain free LFD tests from your local pharmacy. You can also use tests you’ve paid for, for example, a test you’ve bought from a supermarket or pharmacy. Further information is available on NHS: Treatments for COVID-19 .

Symptoms of COVID-19, flu and other respiratory infections include, among others:

• a high temperature
• unexplained tiredness or lack of energy
• shortness of breath
• a loss of, or change to, your normal sense of smell or taste

Test kits contain instructions and links to support those who need assistance in testing.

If you test positive

If you test positive, you should try to stay at home and avoid contact with other people. Further advice about staying at home can be found in guidance for people with symptoms of a respiratory infection including COVID-19 .

If you are eligible for treatment, it’s important to start as soon as you can. To be effective, treatments for COVID-19 need to be given quickly after your symptoms start.

If your COVID-19 test result is positive, follow the information for accessing treatments in your area on the NHS COVID-19 treatments page.

If you test negative and you still feel unwell

If your test is negative but you still have symptoms, you should take another test on each of the next 2 days (3 tests in total over 3 days).

If you continue to feel unwell, you should seek healthcare advice via your GP or NHS 111. If it is an emergency, you should call 999.

Is this page useful?

• Yes this page is useful
• No this page is not useful

Help us improve GOV.UK

Don’t include personal or financial information like your National Insurance number or credit card details.

To help us improve GOV.UK, we’d like to know more about your visit today. Please fill in this survey (opens in a new tab) .