Our Blog


5x5 Risk Assessments Explained Simply

20 December 2022
5x5 Risk Assessments Explained Simply

A wise man once said, that common sense was not that common! We tend to agree, but here is a “common sense” take on completing Risk Assessments. We are not going to give you legal advice nor recite the legislation, you are all big enough and bold enough (and required by law incidentally) to do that yourselves. What we will do however is give you the benefit or our experiences in layman’s language. 

1) First things First, it’s the Law

Let’s be clear here, you don’t have a choice. You must complete, and prove, that you have completed your Risk Assessments and you must also review them when circumstances change. 

We will explain what a Risk Assessment is later, but it is not something that you can choose to do, it’s a requirement. That requirement is there for all companies regardless of size, industry, colour or creed.

Of course, a request from your insurance company may be the only time you are ever asked to produce a risk assessment. If you are ever in the unfortunate position that the authorities come looking, then you better have your house in order, as they take no prisoners or excuses. If there has been an incident on your site, and you haven't properly been risk assessing, then the outcomes are never good. The Company, the Directors (the company secretary in particular) and even the person responsible for health & safety, are all potentially on the hook - both as entities and personally. It’s not a position you want to be in. In fact a Farm Building Company in Co. Wexford got fined €180,000 when a worker fell 6m from a height. Not an insignificant sum, particularly if Insurance Companies won't support you if there was negligence on behalf of the company!!

By the way, it’s important to note that all employees of the business must ensure they are familiar with the current arrangements in place to control risks within their workplace. 

2) Risk Assessments are NOT Complicated 

Lots of people make lots of money, making Risk Assessments sound complicated. And it’s really easy to be taken in by these people if you haven’t been educated properly on the Regulations. This is particularly more relevant to the smaller companies who may not have a full time health and safety resource. Well we are here to tell you it isn’t that complicated - when you know how!

Do we advise employing an expert in Risk Assessments, particularly if you aren’t up to speed on the requirements? Absolutely we do (by the way dulann are not purporting to be Risk Assessment experts so we aren’t touting for business). In fact, the law says you need to have a ‘Competent Person’ to do this - someone with the knowledge, experience, understanding and relevant training and education commensurate for the task. This blog is designed to give you an overview of how to complete some simple steps in a typical Risk Assessment. We use a matrix method called (5*5) which is best practice, but there are more complicated assessments for more complex situations (7*7), and more simple ones such as (3*3). More about that later!

3) So What Exactly is a Risk Assessment?

Let’s not make this too complicated, and if you are doing this every day, then you can skip the nest piece before re-joining us… In Health and Safety, a Hazard is something that can cause harm, and a Risk is the likelihood of the harm occurring. So in short a Risk Assessment is a process of giving your best guess to the likelihood of harm occurring to someone, and looking at the controls in place and more importantly what additional controls you need to implement. You then need to communicate your findings with the relevant people, record your findings, and then review. It doesn’t get more complicated than that.

4) What Types of Typical Hazards Would I Encounter in the Workplace?

To make this really simple, you can break the hazards down into hazard types. Sometimes specific hazards can fall into a couple of different categories, but don’t worry about that. Once you have all the hazards identified, that’s the main thing. Each business must identify the hazard types and hazards relevant to their own situation, but here are some typical hazards and hazard types to get you started:

  • Ergonomic. A simple example of an ergonomic hazard would be a poor chair setup that would lead to poor posture that in turn would result in a musculoskeletal injury.
  • Physical. Typically a hazard that is in the employees environment that could result in injury, regardless of whether they had to touch the hazard or not. The potential to fall from a height is considered a physical hazard.
  • Psychosocial. Becoming an increasingly talked about subject in today’s world, psychosocial hazards include anything that can have adverse impacts on the employees wellbeing. This includes stress or sexual harassment.
  • Safety. Probably the one that people focus on the most. Typically this covers anything to do with unsafe work practices or conditions. A broken guard on a machine is a good example of a safety hazard. 
  • Chemical. Self-explanatory really but includes anything that can cause adverse effects to the body e.g. occupational asthma or dermatitis.
  • Electrical. Any hazard that can harm through unsafe electrical appliances etc.
  • Biological. This may also be self-explanatory but we include it because some of the diseases and illness resulting from this hazard may not be so easily identifiable at the start. Diseases like Covid 19, Legionnaires Disease from stagnant water in unused showers, or Weil’s disease from rats in high risk areas like ports, all fall under this hazard type. 

5) Before we Begin, Consultants do NOT Remove your Obligations!

So whilst we recommend employing a highly experienced and educated third party to assist you with your obligations, it does not take away your obligations as an employer. It may reduce or mitigate the risk somewhat, but essentially the blame is always at your door, when the proverbial hits the fan. We mentioned earlier the simple 5*5 matrix that we use, so let’s get into that in a little bit more detail. 

6) Use Templates

In our opinion, the best place to start is to get your hands on some “relevant” templates. Whether they are on paper or in digital format, having these templates is a fantastic start. We prefer digital templates obviously, as they are far easier to amend to your own particular situation, and also they are quicker to fill in. Above all though you complete less paperwork, less filing, less admin and at the same time have much better business intelligence. It's far easier to stay on top of corrective actions, and it's far easier to notify affected parties automatically. Anyway, enough of that. Get your hands on some templates and tailor them to your own specific needs. Templates won’t be relevant for every specific situation, but they will help in a lot of cases. Please don’t cut and paste either because that won’t work and we also advise against pre-filled templates. You need to actually assess the risk as it is in your situation, otherwise you are missing the point and probably putting staff at risk.

7) Identify Hazards

So by now you know your obligations, you’ve taken some advice from a competent person, you know that risk assessments are relatively simple to complete and you also have a couple of templates. Time to roll up the sleeves…

We aren’t a massive fan of a checklist of hazards as sometimes significant hazards can be left out of a checklist, or perhaps the hazard has appeared since the last time the checklist was updated. Maybe even the environment or work practices have changed which in turn created new hazards. Digital forms are far quicker to amend and issue by the way so they reduce the risk of outdated paperwork. They also give the business consistency and that is very important when approaching risk assessments, particularly if there are multiple different people completing the risk assessment. Having said that checklists do have a role to play, you just need to use your common sense if using them. 

8) Identify Who Will be Harmed

So depending on your jurisdiction, the legislation varies, and the advice varies even more so. Some jurisdictions state that identifying who will be harmed is no longer a step in the proces, but we would strongly suggest that it stays an integral part of the process. If you stop thinking about the people involved, it is a dangerous position to be in. You must think of every person as a father, a mother, a son or a daughter, a friend and /or a colleague. An example of this for us is simple… let’s say we have identified a particular safety hazard in our car park. Let’s say it is poor lighting. In theory, and every employer is different, the people that could be affected by this are employees, visitors and contractors. If you are in the car park every day as an employee, the likelihood of you having a prang is greater than if you only visit occasionally as a contractor. As such identifying who could be harmed is a critical step for us as you may decide to have different control measures, different communication strategies etc. 

9) Assess the Risk

Now we have identified the hazards and who may be harmed, let's assess the risk. So this is where your risk assessment matrix comes in very handy. There are multiple variations of this matrix, but again let's not confuse matters, the most important thing is that you are using a standardised process that works for you, and one that is in line with your legal obligations. 

For illustration purposes, we have included one that we use. Again this is much simpler when using a digital tool like on our dulann Compliance Management System, but if you don’t have one, a pen and paper will work just fine.

10) Control the Risk 

Simply put, Control Measures are actions that you put in place to eliminate or reduce the risk from the hazards. This is all about helping to prevent harm. There are dozens of specific control measures that you can apply, but as we just want to give you a flavour, here is an explanation of what is called the “Hierarchy of Controls”. This is a commonly used method, as It ranks risk controls from the highest level of protection and reliability, to the lowest and least reliable protection:

  • Elimination. Elimination of the hazard is not always achievable. However, it removes the hazard and eliminates the risk of exposure e.g. don’t work with Asbestos.
  • Substitution. Substituting the hazard may not remove all of the hazards associated with the process or activity. Instead, it may introduce different risks, but the overall harm or health effects will be lessened e.g. Use domestic cleaners instead of Corrosive Acid for a cleaning task.
  • Engineering. Isolating the hazard is achieved by restricting access to plant and equipment or locking them away under strict controls e.g. Safety Stop buttons, Safety Guards on the meat slicer etc
  • Administrative. Administrative controls include adopting standard operating procedures or safe work practices, or providing appropriate training, instruction or information to reduce potential harm and/or adverse health effects to person(s). Isolation and permit-to-work procedures are examples of administrative controls e.g. Comprehensive Safety Training Induction.
  • Personal Protective Equipment (PPE). Personal protective equipment (PPE) includes gloves, glasses, ear defenders, aprons, safety footwear, dust masks etc designed to reduce exposure to the hazard. PPE is usually seen as the last line of defence and is used in conjunction with one or more control measures.

11) Record your Findings

It is critical that you record as much as is practical, but critically you must record the very basics like the hazards themselves, who is likely to be harmed, what you are doing to control the risk, and also communication with those affected. 

The Safety Statement itself will also provide details around hazard identification and risk assessment processes.

General guidance from the authorities would be to ensure your focus is on controlling the risks in the workplace, rather than relying on paperwork in the event of a doomsday scenario. Software systems like dulann allow for significantly greater efficiencies in this regard, but personal knowledge and experience is critical in all situations. 

12) Communicate

Once you have done all the hard work you now need to communicate your findings to the relevant people - don’t forget to get them to sign off that they have been trained on the RAs and understand them.

13) Review

Risk assessments must be reviewed if there is a significant change that affects the risk, or at least annually. 

In many instances, organisations complete reviews periodically, just to catch all and any eventualities. Best practice in our opinion however, is to also carry out a certain number of unannounced audits, if for no other reason but to see if the control measures are still valid, and if they are still efficient. 

It is important to note that risk assessments and the risk assessment matrix is a general tool. In order to carry out a risk assessment to a sufficient standard, and effectively use a risk assessment matrix, a thorough understanding of the risk assessment process by a competent person is needed.

dulann are a Compliance Management System that makes Environmental, Health, Safety & Quality Compliance as Easy as Booking a Flight!

Book a demo today! https://www.dulann.com/demo

Like it. Share it!

Related Posts

All Blogs
Our Clients Achieve Real Results!

Read our Customer Success Stories!