A risk assessment is one of the most important parts of maintaining workplace health and safety. Whether you run a small office, manage construction projects or oversee industrial operations, understanding who should perform a risk assessment is essential for legal compliance and protecting employees from harm.
Under UK health and safety legislation, every employer has a legal duty to assess risks in the workplace and implement suitable control measures. However, many businesses still ask questions such as who should carry out a risk assessment of the workplace, when is a risk assessment necessary, and whether self employed people also need to conduct risk assessments.
This guide explains who is responsible for carrying out risk assessments, what the law says, when assessments should be completed, and why competent individuals are critical to the overall process of workplace risk management.
Many organisations now use risk assessment software to streamline hazard identification, document control measures and maintain accurate compliance records across multiple workplace locations.
What is a risk assessment?
A risk assessment is a systematic process used to identify hazards, evaluate potential risks and implement appropriate measures to reduce the likelihood of injury, ill health or workplace accidents.
The purpose of a risk assessment is to identify potential hazards that may affect employees, contractors, visitors or members of the public. Once hazards identified within the workplace are reviewed, businesses can introduce control measures to minimise risk and improve workplace health and safety.
Risk assessments are important because they help organisations:
- Identify hazards before incidents occur
- Control risks effectively
- Reduce workplace accidents
- Meet legal requirements
- Improve workplace health
- Protect employees from harm
- Support occupational health initiatives
- Maintain legal compliance
Risk assessments are a legal requirement for all UK businesses, as required in Great Britain under the Health and Safety at Work Act 1974 and the Management of Health and Safety at Work Regulations 1999, and in Northern Ireland under the Health and Safety at Work (Northern Ireland) Order 1978 and Management of Health and Safety at Work Regulations (Northern Ireland) 2000.
Who should perform a risk assessment?
The employer is ultimately responsible for ensuring assessments are completed properly. However, employers can delegate the task to competent employees, health and safety officers or external consultants with the appropriate knowledge and experience.
The person conducting a risk assessment must possess appropriate knowledge, training and experience relevant to the specific workplace hazards, regardless of their formal position within the organisation.
This means the individual carrying out the assessment should understand:
- The working environment
- Workplace hazards
- Industry safety regulations
- Existing control measures
- Risks involved in specific tasks
- Relevant health and safety legislation
- Hazard identification procedures
- Appropriate protective measures
Competence is a key requirement for those conducting risk assessments, meaning they must have sufficient training, experience and knowledge to perform the task effectively, regardless of their job title.
Even if the task of conducting risk assessments is delegated, the legal responsibility for ensuring that they are completed properly remains with the employer.
What does UK law say about risk assessments?
Under the Management of Health and Safety at Work Regulations 1999, all employers in Great Britain must assess risks to workers and anyone affected by their activities, making risk assessment training crucial.
UK law mandates that employers appoint a competent person and consult with employees on matters affecting their health and safety.
The Management of Health and Safety at Work Regulations 1999 states that employers must take reasonable steps for the effective planning, organisation, control, monitoring and review of preventive and protective measures, making them ultimately responsible for risk assessments.
Employers are legally required to:
- Identify potential hazards
- Assess risks to employees and visitors
- Implement control measures
- Review assessments regularly
- Record findings where required
- Ensure suitable protective measures are in place
Failure to conduct adequate risk assessments can result in prosecution by the Health and Safety Executive (HSE), potentially leading to unlimited fines and personal liability for workplace accidents.
The Health and Safety Executive regularly investigates organisations that fail to control risks properly, especially in higher risk sectors such as construction, manufacturing, logistics and engineering.
Who can carry out risk assessments?
Several people within a business may carry out a risk assessment depending on the size and complexity of the workplace.
Employers
In small businesses, the employer often conducts risk assessments directly. This is common where there are fewer than five employees and workplace hazards are relatively straightforward.
Even in smaller workplaces, employers must still assess risks properly and ensure reasonable control measures are implemented.
Competent employees
Larger organisations often appoint competent employees to conduct risk assessments on behalf of management.
Competent individuals may include:
- Site managers
- Department supervisors
- Facilities managers
- Health and safety officers
- Operations managers
These employees typically understand workplace hazards and daily work practices better than external parties.
External consultants
Some businesses hire external consultants when dealing with higher risk activities or specialist workplace hazards.
External consultants may be used for:
- Fire safety assessments
- COSHH reviews
- Occupational health risks
- Hazardous substances
- Engineering environments
- Construction projects
- Complex industrial operations
Large Scale Assessments are performed for complex hazard sites such as the nuclear and oil and gas industries, utilising advanced techniques like Quantitative Risk Assessment (QRA).
Using external consultants can also help businesses ensure assessments remain objective and legally compliant.
When is a risk assessment necessary?
Many businesses ask when should a risk assessment be carried out or when is a risk assessment required.
Risk assessments should be completed before work activities begin and reviewed whenever circumstances change.
Risk assessments must be reviewed regularly, especially when there are significant changes to work activities, equipment or personnel, and at least annually even if no changes occur.
You should carry out risk assessments when:
- Starting a new business
- Introducing new equipment
- Changing work regulations
- Hiring new staff
- Moving premises
- Identifying new hazards
- Investigating workplace accidents
- Introducing hazardous substances
- Changing work practices
- Updating safety policy documents
- Managing higher risk activities
Businesses should also review assessments after incidents involving harm, near misses or equipment failures.
When should risk assessments be carried out?
One of the most searched questions online is when should risk assessments be carried out.
The answer is simple; employers should conduct risk assessments before employees are exposed to workplace hazards.
Assessments should also be reviewed:
- Annually
- Following workplace accidents
- After significant changes
- When introducing machinery
- When legislation changes
- If control risks are ineffective
- When hazards identified increase the overall risk level
This ensures assessments remain accurate and legally compliant.
Once a risk assessment has been completed, businesses should communicate findings clearly to employees and ensure appropriate measures are implemented throughout the workplace.
Are risk assessments legally required?
Risk assessments are legally required across almost every industry in the UK.
Employers must conduct risk assessments regardless of the number of employees, but written records are required if there are five or more employees.
This means businesses with fewer than five employees still need to assess risks even if documentation requirements differ.
Self employed people also have legal obligations under health and safety legislation where their work activities may affect others.
For example, a self employed contractor working on-site must still identify hazards, control risks and follow workplace safety regulations.
Failure to comply with risk assessment legislation can result in:
- Enforcement notices
- Criminal prosecution
- Unlimited fines
- Increased insurance costs
- Reputational damage
- Civil claims following workplace accidents
Failure to conduct adequate risk assessments can lead to significant financial losses for businesses, including fines, civil actions and damage to reputation.
Why competence matters in risk assessments
Competence is one of the most important aspects of carrying out suitable and sufficient risk assessments.
The law does not state that only managers or directors can conduct risk assessments. Instead, it focuses on whether the individual has the required knowledge and experience to assess risks effectively.
Risk assessment training is designed to teach individuals how to identify hazards, evaluate potential risks and implement effective control measures in the workplace.
Training in risk assessment ensures staff understand the fundamentals of workplace risk management and helps organisations build a culture of safety and compliance.
Risk assessment training is essential for anyone responsible for safety or decision making in the workplace, including business owners, site managers and HR professionals.
Without proper competence, organisations may overlook:
- Workplace hazards
- Existing control measures
- Fire safety concerns
- Manual handling risks
- Occupational health issues
- Hazardous substances
- Engineering controls
- Administrative controls
- Personal protective equipment requirements
Proper risk assessment reduces the likelihood of legal fines and saves money on injury compensation or damage to equipment.
Formal vs dynamic risk assessments
Not every risk assessment follows the same format.
Dynamic risk assessments are informal and often conducted subconsciously in everyday life, while formal risk assessments involve documented processes to identify and manage workplace hazards.
Dynamic assessments are commonly used by:
- Emergency services
- Maintenance engineers
- Lone workers
- Construction teams
- Delivery drivers
These assessments help workers respond quickly to changing workplace hazards in real time.
Formal risk assessments are carried out by competent individuals who document hazards, risk level ratings and control measures properly.
In many industries, formal assessments are legally required before work begins.
RAMS and construction risk assessments
The construction industry relies heavily on documented risk management processes due to the risks involved in daily operations.
A Risk Assessment Method Statement (RAMS) is a type of risk assessment that details hazards and step-by-step procedures for controlling risks, commonly used in the construction industry.
Construction companies often use RAMS software to manage hazard identification, safety procedures and legal compliance across multiple projects.
RAMS documents typically include:
- Hazards identified
- Control measures
- Personal protective equipment
- Emergency procedures
- Manual handling guidance
- Fire safety protocols
- Safe systems of work
These documents help employers assess risks properly and demonstrate compliance with health and safety legislation.
Fire risk assessments
Fire safety remains a major legal responsibility for businesses across the UK.
Employers, landlords and responsible persons must identify potential hazards relating to fire risks and ensure suitable protective measures are introduced.
Many organisations now use fire risk assessment software to manage inspections, document findings and maintain audit-ready compliance records.
Fire risk assessments typically review:
- Escape routes
- Fire alarms
- Ignition sources
- Electrical equipment
- Emergency lighting
- Storage of hazardous substances
- Existing control measures
These assessments help minimise risk while supporting workplace health and legal compliance obligations.
Why are risk assessments carried out?
Risk assessments are carried out to protect people from harm and ensure businesses meet legal requirements.
Carrying out suitable and sufficient risk assessments is a primary management tool in effective risk management, ensuring the health, safety, and wellbeing of employees and others.
Risk assessments are crucial for preventing workplace accidents, as they help identify hazards and minimise risks, ultimately saving lives and reducing injuries.
They also help organisations:
- Raise awareness around workplace hazards
- Improve safety culture
- Reduce downtime
- Improve work regulations compliance
- Support occupational health initiatives
- Protect visitors and contractors
- Improve workplace health standards
For many businesses, carrying out risk assessments is also a cost effective way to reduce insurance claims and improve operational performance.
Common workplace hazards that require risk assessments
Every workplace has different potential hazards depending on the industry and working environment.
Common workplace hazards include:
- Slips and trips
- Manual handling
- Hazardous substances
- Fire safety issues
- Electrical risks
- Machinery hazards
- Lone working
- Work at height
- Noise exposure
- Poor ventilation
Higher risk environments may also require specialist assessments involving engineering controls and additional protective measures.
Required specific assessments are mandated under legislation, such as the Control of Substances Hazardous to Health (COSHH) regulations, which necessitate assessments for handling hazardous substances.
General assessments manage workplace risks and are required under health and safety regulations like Occupational Safety and Health Administration (OSHA) in the US and HSE in Great Britain, ensuring a safe working environment for employees.
What happens after a risk assessment?
Once assessments are completed, employers must ensure findings are acted upon properly.
This may include:
- Introducing new control measures
- Updating safety policy documents
- Providing staff training
- Improving personal protective equipment
- Adjusting work practices
- Introducing administrative controls
- Monitoring hazards more closely
Ensuring assessments remain updated is just as important as completing them initially.
Employers should continuously monitor risks and review whether control measures remain effective.
Final thoughts
Understanding who should perform a risk assessment is essential for every organisation, regardless of size or industry.
While employers hold the legal responsibility, they can delegate assessments to competent individuals, health and safety officers or external consultants with the right expertise.
The most important factor is competence. Whoever conducts risk assessments must understand workplace hazards, legal obligations and how to implement effective control measures that reduce harm and maintain compliance.
By carrying out risk assessments properly, businesses can protect employees, reduce workplace accidents, improve occupational health standards and meet legal requirements under UK health and safety legislation.
FAQs
Who should carry out a risk assessment of the workplace?
Employers are legally responsible for ensuring risk assessments are completed, although competent employees or external consultants may conduct risk assessments on their behalf.
When is a risk assessment necessary?
A risk assessment is necessary whenever workplace hazards could cause harm to employees, contractors or visitors. Assessments should also be reviewed after significant changes or workplace accidents.
How often should risk assessments be done?
Risk assessments should be reviewed regularly and at least annually, even where no major changes have occurred.
Are self employed people legally required to carry out risk assessments?
Self employed people must assess risks where their work activities could affect other people.
Why are risk assessments important?
Risk assessments are important because they help identify hazards, minimise risk, reduce workplace accidents and ensure legal compliance.
What is the difference between formal and dynamic risk assessments?
Dynamic risk assessments are informal assessments carried out in changing environments, while formal risk assessments are documented and follow a structured process.
What happens if businesses fail to assess risks properly?
Failure to conduct adequate risk assessments can lead to prosecution by the health and safety executive, unlimited fines, reputational damage and increased legal liability.
