How to Write a Risk Assessment — A Plain English Guide for UK Businesses

By Assessment First · Published 10 January 2026

What is a risk assessment?

A risk assessment is a systematic process of identifying hazards in your workplace, evaluating the risk they pose, and deciding on the measures you will put in place to eliminate or control those hazards. In the UK, carrying out a risk assessment is a legal requirement under the Management of Health and Safety at Work Regulations 1999.

Who needs to carry out a risk assessment?

Under UK law, every employer must carry out a suitable and sufficient risk assessment. This includes employers of all sizes, self-employed workers where their activities could affect others, and principal contractors under CDM 2015. If you have five or more employees, you must record the significant findings in writing.

The HSE five-step approach

Step 1: Identify the hazards

Walk around your workplace and identify what could reasonably cause harm. Talk to your employees — they often have the best knowledge of day-to-day hazards.

Step 2: Decide who might be harmed and how

For each hazard, consider who could be harmed: employees, contractors, visitors, or members of the public. Pay particular attention to vulnerable groups.

Step 3: Evaluate the risks and decide on precautions

Risk depends on likelihood and severity. Use the hierarchy of controls: eliminate the hazard first, then substitute, engineer, administrative controls, then PPE as a last resort.

Step 4: Record your findings

Write down the significant hazards, who could be harmed, and what controls are in place. Assessment First generates a professional, structured record automatically.

Step 5: Review and update

Review your assessment at least annually, after any accident or near-miss, or whenever your working practices change significantly.

Common mistakes to avoid