0203 011 4242   
Contact us

Praxis42

Health and Safety eLearning Consultancy

What are the 5 stages of risk assessment?

Risk assessment checklist


A structured approach to identifying and managing risks is the foundation of a strong health and safety culture. The 5 stages of risk assessment provide a clear, evidence-based framework for managing risks effectively, helping organisations create safer, more efficient, and legally compliant workplaces.

This guide explains the five stages of risk assessment set out by the Health and Safety Executive (HSE), from identifying hazards to reviewing controls. Practical insights, legal context, and real-world examples are included to help organisations strengthen their risk management processes and foster a positive, proactive safety culture.

How many steps in a risk assessment?

The HSE sets out five risk assessment steps:

  1. Identify hazards
  2. Assess the risks
  3. Control the risks
  4. Record your findings
  5. Review the controls

Additional practical guidance is available in the HSE leaflet INDG163 โ€“ Five steps to risk assessment (PDF), which provides examples of how the process can be applied in different workplaces.

Together, these resources form the recognised standard in the UK for conducting effective risk assessments, helping organisations prevent harm, comply with legal duties, and foster a strong safety culture.

What is the 5-step risk assessment?

A well-structured risk assessment helps organisations spot potential hazards before they cause harm. By following the HSEโ€™s recognised five-step model, employers can systematically identify and manage risks, ensuring legal compliance and safer workplaces.

Below, we explore each of the five stages of risk assessment in detail, with practical examples to help put them into action.

Step 1: Identify the hazards

The first step of a risk assessment is to identify anything that could potentially cause harm. This involves observing the workplace, reviewing activities, and consulting those who understand the tasks best, such as employees and supervisors.

Examples of hazards include:

  • Physical: moving machinery, trailing cables, uneven floors, working at height.
  • Chemical: cleaning products, solvents, fumes, or dust.
  • Biological: bacteria, viruses, mould, or sharps.
  • Ergonomic: poor workstation setup, repetitive tasks, or heavy lifting.
  • Psychosocial: stress, bullying, or long working hours.

Practical steps might include walking through the workplace to spot visible risks, reviewing accident records, and checking manufacturersโ€™ instructions or data sheets for equipment and substances. Consider risks to employees and anyone who might be affected.

Step 2: Decide who might be harmed and how

Once hazards have been identified, the next step is to determine who could be harmed and in what way. This helps to tailor controls appropriately and ensures no group is overlooked.

Consider the following groups:

  • Employees and supervisors carrying out the work
  • Contractors and maintenance staff
  • Cleaners, visitors, and members of the public
  • People who may be more vulnerable, such as young workers, expectant mothers, or those with health conditions

For each hazard, record who might be at risk and how the harm could occur. For example, cleaners might be exposed to harmful substances during routine tasks, or office workers could suffer musculoskeletal injuries due to poor workstation setup.

Step 3: Evaluate the risks and decide on precautions

At this stage, assess how likely it is that harm could occur and how severe the outcome might be. The goal is to prioritise the most serious risks and decide what measures can reduce or remove them.

The hierarchy of control is a framework that ranks risk control measures from the most effective to the least effective. It encourages organisations to remove hazards entirely where possible.

The hierarchy of control has five levels. The idea is to start at the top and only move down the list when higher-level controls are not practical or possible:

  1. Eliminate the hazard altogether. This is the most effective form of control because it removes the risk completely. For example, redesigning a task so that manual handling is no longer required eliminates the associated musculoskeletal risk.
  2. Substitute with something safer. If elimination is not feasible, replace the hazard with a less dangerous alternative, such as using a less toxic cleaning agent or a quieter machine.
  3. Implement engineering controls. These are physical changes that isolate people from the hazard, such as installing machine guards, local exhaust ventilation, or barriers to separate workers from moving vehicles.
  4. Introduce administrative controls. This involves changing the way work is organised. Examples include limiting the amount of time employees spend on a high-risk activity, rotating tasks, providing supervision, or implementing safe systems of work and training.
  5. Use personal protective equipment (PPE). PPE should only be used when other controls cannot fully eliminate or reduce the risk. It acts as a last line of defence, for instance, using gloves, safety goggles, or hearing protection when exposure cannot be prevented by other means.

Applying the hierarchy of control ensures you prioritise preventing harm at its source rather than relying on behaviour or PPE. Always choose measures that are reasonably practicable, balancing risk reduction against time, effort, and cost. Document your decisions, and ensure controls are clear, effective, and well maintained.

Step 4: Record your findings and implement them

Writing down your findings provides evidence that a thorough risk assessment has been carried out and helps to ensure controls are put in place.

Under Regulation 3(6) of the Management of Health and Safety at Work Regulations 1999, employers with five or more employees must keep a written record of their risk assessments. However, the HSE recommends that all organisations document their risk assessments.

Your record should show:

  • The hazards identified โ€“ a clear description of anything with the potential to cause harm, including physical, chemical, biological, or psychosocial hazards.
  • Who might be harmed and how โ€“ specify the groups of people affected (employees, contractors, visitors, the public) and describe the nature of the potential harm.
  • The measures you have implemented โ€“ explain the control measures already in place and any additional actions needed to reduce the level of risk.
  • Who is responsible for each action โ€“ assign responsibility to specific individuals or roles to ensure accountability and timely completion.
  • Deadlines for completion โ€“ include target dates for implementing new controls and reviewing existing ones to keep the process active and monitored.

Once the findings are recorded, the next step is to act by implementing controls, briefing staff, updating procedures, and verifying that new measures are working. Communicating the results to employees through meetings, signage, or toolbox talks ensures everyone understands their role in maintaining safety.

Step 5: Review and update the assessment

Risk assessment is a continuous process that supports a proactive approach to workplace safety.

As workplaces, equipment, and processes evolve, new hazards can appear, or existing risks may change. The fifth stage focuses on regularly reviewing and updating your assessment to ensure it remains accurate, relevant, and effective.

Reviews should be carried out whenever circumstances change or at agreed intervals to confirm that existing control measures are still working as intended.

Reviews should be triggered by:

  • Significant workplace or process changes โ€“ such as introducing new layouts, altering workflows, or changing work patterns that could affect how people interact with hazards.
  • Introduction of new equipment or substances โ€“ new machinery, tools, or chemicals may bring different risks that must be assessed before use.
  • Accidents, near misses, or reported concerns โ€“ any incident or feedback from employees can reveal shortcomings in existing controls or highlight previously unidentified hazards.
  • Periodic checks (for example, annually or biannually) โ€“ scheduled reviews help maintain consistency and demonstrate an ongoing commitment to continuous improvement in safety management.

Regularly updating and reviewing your assessment demonstrates that health and safety is an active, living process. It helps show how your organisationโ€™s approach to managing risk has evolved and provides valuable evidence of compliance and continual improvement.

IOSH Approved Risk Assessment Training

Understanding and applying the 5 stages of risk assessment is essential for creating safer, more compliant workplaces. Our IOSH Approved Risk Assessment Training helps participants build the confidence and competence to identify hazards, evaluate risks, and implement effective control measures in line with UK legislation and best practice.

Risk Assessment Training can be tailored to your organisation, and it can be completed online, virtually, or face-to-face at a venue of your choice. Find out more on our website, or contact our friendly team today on 0203 011 4242 / info@praxis42.com

Adam Clarke

Managing Director (Consulting)

Adam is Managing Director of Consulting at Praxis42. His professional experience includes work in the private and public sector, focussed on construction, facilities management, education, retail and housing. He regularly presents webinars and co-hosts our Risk. Sleep. Repeat podcast. 

    Related resources

    Discover our library of expert guides, webinars and video.