Risk Assessment And Hazard Identification: How To Comply

If you handle hazardous substances or ship dangerous goods, you already know that one missed hazard or a flimsy risk assessment can shut down operations, invite enforcement, or put people at real risk. The sticking point is rarely intent—it’s knowing what to assess, when to do it, and how to turn a form into controls that actually work on the floor, in the warehouse, or during transport.

The good news is that compliance doesn’t have to be complicated. By following a simple, HSE‑aligned process—identify hazards, assess likelihood and severity, control what’s reasonably practicable, record, and review—you can build a risk assessment that stands up to scrutiny and genuinely reduces harm. Add clear roles, proportionate tools (like risk matrices and field‑level checks), and focused training, and you’ll move from box‑ticking to confident, day‑to‑day risk management.

This guide shows you exactly how to do that. You’ll learn who must comply in the UK and when to assess, what key terms actually mean, and a step‑by‑step method you can apply immediately. We’ll cover the hierarchy of control, vulnerable workers, practical tools, COSHH and dangerous goods specifics, and how to align workplace assessments with IATA, IMDG, ADR and RID. You’ll also see what regulators expect in your documentation, common pitfalls to avoid, and a worked example on lithium batteries. Let’s get you compliant—and confident.

Who must comply in the UK and when to assess

In the UK, every employer must manage health and safety risks by carrying out a suitable and sufficient risk assessment. You can do it yourself or appoint a competent person to help. If you employ 5 or more people, you must record your significant findings. Involve workers in the process—they often spot issues early and their input is expected.

You should assess and review risks:

  • Before change: When introducing or changing staff, processes, substances, or equipment.
  • For non‑routine work: During maintenance, cleaning, or other out‑of‑cycle activities.
  • If controls may fail: When you suspect measures are no longer effective or workers raise concerns.
  • After incidents: Following accidents or near misses.
  • Periodically: To confirm controls still work and remain proportionate to the risk.

What risk assessment and hazard identification mean

Risk assessment and hazard identification work together. Hazard identification is the systematic process of finding, listing and describing anything that could cause harm—how people work, equipment, substances, conditions, processes and behaviours. Risk assessment is the overall method of deciding who might be harmed and how, evaluating the likelihood and severity of that harm, choosing controls, then recording and reviewing. In simple terms, Risk = probability x severity, and your duty is to reduce real risks so far as is reasonably practicable.

  • Hazard: a potential source of injury or ill health.
  • Risk: the chance and seriousness of harm if exposed to a hazard.
  • Controls: measures to eliminate or reduce risk (prioritised by the hierarchy of control).

Step 1. Scope and plan your assessment

Before you start inspecting, scope and plan the work. A suitable and sufficient risk assessment begins with clear boundaries, the right people, and a method everyone understands. Decide what activity, area or process you’re assessing, and set out how you’ll gather evidence and make decisions.

  • Scope and boundaries: Define jobs/tasks, locations, equipment, and phases (routine and non‑routine such as maintenance or cleaning).
  • Team and competence: Appoint a competent person; involve supervisors and workers who do the job.
  • Stakeholders: Consult workers; consider contractors, visitors, and the public who may be affected.
  • Information sources: SDS, manuals, incident/ill‑health records, and previous assessments.
  • Method and criteria: Choose a qualitative or semi‑quantitative matrix; define likelihood/severity scales and use Risk = probability x severity.
  • Legal and standards: Note applicable laws, codes, and company procedures.
  • Plan and deliverables: Timetable, site walk‑throughs, and a template capturing hazards, risk ratings, controls, owners, and due dates.

Step 2. Identify hazards in your workplace

This is the heart of risk assessment and hazard identification: look for anything with the potential to cause harm across normal work and the unusual (start‑ups, maintenance, cleaning, changeovers). Use multiple evidence sources so you don’t miss hidden hazards, and note how each could cause harm to employees, contractors, visitors or the public.

  • Inspect the workplace: Observe how people work, how plant/equipment is used, housekeeping, traffic routes, storage, and energy sources (electricity, pressure, heat).
  • Consult workers: Involve people who do the job; they know about near misses and workarounds. Capture contractor input too.
  • Review records and information: Accidents, near misses and ill‑health, Safety Data Sheets, equipment manuals and previous assessments.
  • Include non‑routine operations: Maintenance, cleaning, breakdowns, shutdowns/start‑ups, emergencies and adverse weather.
  • Cover all locations and interfaces: Loading bays, yards, vehicles, remote/off‑site work and public access areas.
  • Use simple tools: Checklists, photos and hazard mapping on floor plans to mark hotspots.

Think broadly about hazard types:

  • Item/equipment, substance/material, source of energy, condition, process/practice, behaviour, plus biological, chemical, ergonomic, physical, psychosocial and safety hazards (e.g., manual handling, chemicals, vehicle movement, working at height, stress).

Step 3. Decide who might be harmed and how (including vulnerable workers)

Once you’ve listed hazards, map exposure. For each one, identify who could be affected and in what way. During risk assessment and hazard identification, look beyond employees to contractors, visitors and the public. Consider proximity, frequency and duration of exposure, non‑routine tasks, and lone or off‑site work. Pay particular attention to vulnerable workers and any specific adjustments they may need.

  • Employees by role/task: Operators, cleaners, maintenance staff during shutdowns; e.g., chemical exposure, manual handling injuries.
  • Contractors and agency staff: Often unfamiliar with site rules; risks from plant, access and permits.
  • Visitors/public: Delivery drivers or customers near loading bays; vehicle movement, slips and trips.
  • Vulnerable workers: Young workers, migrant workers, new or expectant mothers, people with disabilities—risks may be higher; tailor controls.
  • Lone/remote workers: Working alone may limit ability to call for help.
  • Others nearby/adjacent activities: Neighbouring teams affected by noise, energy sources or accidental releases.

Step 4. Evaluate and rate the risks (likelihood x severity)

Now turn each listed hazard into a clear risk rating. Consider how likely harm is and how bad it could be if it happens, taking account of current controls. Use evidence: incident and ill‑health records, Safety Data Sheets, manuals and worker feedback. Always think beyond routine work to maintenance, cleaning, start‑ups/shutdowns, emergencies and adverse weather, and consider frequency/duration of exposure and how many people could be affected.

  • Set your scales: Define simple, shared criteria for probability (e.g., low/medium/high or rare to almost certain) and severity (e.g., negligible to catastrophic), so everyone scores consistently.
  • Estimate likelihood: Judge how often the hazardous event could reasonably occur, using data and experience (include non‑routine situations and foreseeable misuse).
  • Estimate severity: Judge the worst credible consequence (e.g., first‑aid only, lost‑time injury, irreversible harm or fatality).
  • Rate the risk: Apply Risk = probability x severity and place it on your chosen matrix to assign a level (e.g., very low, low, medium, high, immediately dangerous).
  • Match actions to rating:
    • Immediately dangerous: stop work and implement controls now.
    • High: investigate and control immediately.
    • Medium: continue with a plan and deadline to reduce risk.
    • Low/very low: monitor and maintain controls.
  • Assess residual risk: Evaluate how effective existing controls are and what more is reasonably practicable to reduce the risk further.
  • Document rationale: Record the evidence and assumptions behind each rating to support consistency and future reviews.

Step 5. Select controls using the hierarchy of control

With risks rated, choose controls in priority order to eliminate hazards or reduce them so far as is reasonably practicable. Start at the top of the hierarchy and only drop down when higher-level options are not feasible. Consider routine and non‑routine tasks, foreseeable misuse, and how people actually work, then layer measures to create robust protection.

  • Eliminate: Remove the hazard or task entirely (e.g., outsource a process, design out manual lifts).
  • Substitute: Replace with something safer (e.g., less hazardous substance, battery tools with lower energy).
  • Engineering controls: Isolate people from the hazard (e.g., guarding, local exhaust ventilation, segregation, interlocks, spill containment).
  • Administrative controls: Reduce exposure via rules and organisation (e.g., restricted access, permits, SOPs, job rotation, scheduling, inspections).
  • PPE: Last line of defence (e.g., gloves, eye protection, respirators), with fit, training and maintenance.

Record why higher tiers aren’t practicable, specify the residual risk, and define supporting measures (training, supervision, maintenance, monitoring) to ensure controls remain effective.

Step 6. Record your findings and assign actions

Turn your evaluation into a record that drives action. In the UK, if you employ 5 or more people you must record your significant findings; if you employ fewer, it’s still good practice. Capture the essentials from your risk assessment and hazard identification in a clear template or risk register, then track actions to completion. Don’t rely on paperwork—your priority is controls working in practice.

  • Hazard and scenario: What could cause harm and when (include non‑routine tasks).
  • Who might be harmed and how: Roles/groups and exposure routes.
  • Existing controls and effectiveness: What’s in place and any gaps.
  • Risk rating (before/after): Initial and residual risk using your defined matrix.
  • Further actions/controls: What is reasonably practicable to reduce risk.
  • Owner, deadline, status: Named person, due date, progress.
  • Evidence and review: References (SDS, manuals, incident data), next review date and triggers.

Step 7. Implement, communicate and train

Controls only reduce risk when they’re put in place, explained clearly, and practised. Convert each action into a concrete change on the floor—procedures, engineering modifications, access rules and permits—and make sure people understand what’s changed and why. Provide training that matches the task and risk, confirm competence (not just attendance), and use short field‑level checks to keep hazards front of mind.

  • Implement controls: Install guards/LEV, set segregation and access rules.
  • Update documents: SOPs, permits, COSHH information, signage and emergency instructions.
  • Communicate: Team briefs, toolbox talks, contractor and visitor inductions.
  • Train and verify: Practical training, supervised practice, competence checks and refreshers.
  • Equip correctly: Issue PPE, ensure fit/compatibility, maintain and replace.
  • Supervise: Monitor use of controls, stop unsafe work, use FLRA/point‑of‑work checks.

Step 8. Review, monitor and improve

Risk assessment and hazard identification are not one‑off exercises. Build a simple cycle: check that controls are working, learn from what actually happens, and improve. Use both leading indicators (inspections, safe behaviours, completion of field‑level checks) and lagging indicators (incidents, near misses, ill‑health) to judge effectiveness, and involve workers in spotting drift, workarounds and degraded controls.

Review your assessment and controls:

  • On change: staff, processes, substances, or equipment.
  • After events: accidents, near misses, alarms, or non‑compliance.
  • If performance dips: audits/inspections show issues or workers raise concerns.
  • When knowledge updates: new information on harm, or regulatory/standard changes.

Make monitoring routine:

  • Verify controls: supervision, inspections and functional checks.
  • Test and maintain: planned maintenance, calibrations and safety checks.
  • Measure and learn: track KPIs, analyse trends, and agree actions with owners and deadlines.
  • Update and brief: revise the risk record and communicate changes promptly.

Methods and tools you can use (risk matrices, checklists, field-level assessments)

The right tools make risk assessment and hazard identification faster, more consistent and easier to defend. Pick methods that match task complexity and the pace of your operation, and define clear scoring rules so different assessors reach similar conclusions.

  • Risk matrices (qualitative or semi‑quantitative): Use defined likelihood and severity scales to rate risk (Risk = probability x severity) and link ratings to action levels.
  • Checklists: Prompt systematic hazard spotting from SDS, manuals, incidents and inspections; cover routine and non‑routine tasks.
  • Field‑level risk assessments (FLRA): On‑site, dynamic checks done before/during work to confirm hazards and controls in changing conditions; complements formal assessments.
  • Hazard mapping: Workers mark hazard hot spots on floor plans to surface local knowledge and prioritise fixes.
  • Templates/risk registers: Standardise records of hazards, exposure, existing controls, ratings, further actions, owners and deadlines.
  • Advanced methods (as needed): HAZOP, bowtie, or FMEA for complex processes or higher‑hazard scenarios.

Special considerations for dangerous goods and hazardous substances (COSHH)

Handling chemicals and other hazardous substances demands deeper, substance‑specific controls under COSHH. Build these into your risk assessment and hazard identification so you capture how exposure actually happens during receipt, storage, use, transfer, cleaning and disposal, not just during steady‑state production.

  • Inventory and SDS: Maintain an up‑to‑date list of substances and tasks that generate exposure (fumes, vapours, dusts, mists, biological agents). Use Safety Data Sheets and manuals to understand hazards and required controls.
  • Exposure picture: Identify routes (inhalation, skin/eye, ingestion), people affected (including contractors and vulnerable workers), frequency/duration, quantities and worst‑credible scenarios (spills, mixing errors).
  • Hierarchy‑led controls: Prioritise elimination/substitution, then engineering (e.g., local exhaust ventilation, closed systems, segregation and containment), administrative controls (permits, SOPs, restricted access, housekeeping) and only then PPE with fit and maintenance.
  • Storage and compatibility: Segregate incompatibles, use correct containers, secondary containment, temperature/vent controls and clear labelling/signage.
  • Emergency preparedness: Spill kits, eyewash/showers, first aid, clear alarms and practiced response; include non‑routine work and maintenance.
  • Waste and disposal: Defined procedures and containers; prevent secondary exposures during clean‑up.
  • Monitoring and health checks: Verify controls (e.g., LEV checks) and consider health surveillance where indicated by the substance and exposure.
  • Training and communication: Task‑specific instruction, contractor briefings and point‑of‑work checks; update assessments when SDS or processes change.

Integrating transport regulations (IATA, IMDG, ADR, RID) into workplace risk assessments

If you move dangerous goods, your risk assessment and hazard identification must dovetail with the modal rules you operate under: IATA (air), IMDG (sea), ADR (road) and RID (rail). Treat these regulations as defined control standards—use them to shape your classification, packaging, segregation, documentation, and training measures, and embed their checks into day‑to‑day operations.

  • Classification and identification: Confirm UN numbers, proper shipping names and hazard classes; this dictates labels, segregation and emergency actions.
  • Packaging and containment: Follow modal packing instructions and use approved packagings; include competence on closures and inner pack use, plus LQ/EQ limits where applicable.
  • Marking, labelling and placarding: Apply and verify all required marks on packages and transport units; integrate visual checks before dispatch.
  • Segregation and loading: Observe incompatibility rules, stowage conditions, load restraint and environmental controls (e.g., ventilation, temperature).
  • Quantity limits: Respect per‑package, per‑consignment and mode‑specific limits; build controls into picking, consolidation and load planning.
  • Documentation and declarations: Complete required transport documents (e.g., air and sea declarations) and ensure accompanying emergency information is available.
  • Emergency preparedness and security: Provide suitable equipment, instructions and security measures proportionate to the load and route.
  • Training and competence: Ensure role‑specific, mode‑specific training and appoint competent persons (e.g., DGSA) as required.

Link these requirements to pre‑dispatch checklists, gate controls and audits, and trigger reviews when any modal rule updates.

Documentation that stands up to scrutiny (what regulators expect)

Inspectors look for records that are suitable and sufficient, current, and actually used to manage risk—not just filed away. If you employ 5 or more people you must record your significant findings; if fewer, it’s still best practice. Your documentation should show clear reasoning, proportionate controls, and a live action trail from risk assessment and hazard identification through to review.

  • Scope and version control: What was assessed, where and when; author, reviewers, approvals, revision history.
  • Significant findings: Hazards, who might be harmed and how, existing controls, and risk ratings using defined criteria (Risk = probability x severity).
  • Evidence base: SDS, manuals, incident/ill‑health data, photos, calculations, assumptions.
  • Action plan: Further controls, owner, deadline, status, and residual risk.
  • Operational artefacts: SOPs/permits, training and competence records, inductions, briefings.
  • Assurance records: Inspections, maintenance and test logs (e.g., guarding, LEV), PPE fit and checks.
  • Emergency readiness: Spill/first‑aid provisions, drills, contact points.
  • Review triggers and dates: Change events, incidents, periodic reviews, and outcomes.

Keep records accessible, consistent with site reality, and retained per your legal and company requirements.

Building competence and appointing a competent person

Competence makes your risk assessment and hazard identification credible and effective. In the UK you can do it yourself or appoint a competent person; in practice, use a competent person or team with good knowledge of the work, and involve supervisors and workers who do the job.

  • What competence looks like: the right mix of skills, knowledge and experience for the tasks, understanding of your processes and hazards, and familiarity with relevant regulations and company procedures.
  • How to build it: targeted training, coached practice on live assessments, access to SDS/manuals/incident data, and clear scoring criteria so assessors rate risk consistently.
  • Appoint and support: name the competent person, define responsibilities and authority, provide time and resources, refresh training, and bring in specialist advice (e.g., modal dangerous goods or DGSA expertise) when needed.

Common mistakes to avoid and how to fix them

Even well‑run sites stumble on repeatable pitfalls that weaken risk assessment and hazard identification. Avoid these, and your assessments will be both compliant and effective.

  • Treating it as paperwork: verify controls in practice with walk‑throughs.
  • Not involving workers/contractors: consult early; use toolbox and field‑level checks.
  • Ignoring non‑routine and change: include maintenance, cleaning, start‑ups; set review triggers.
  • Undefined risk criteria: agree likelihood/severity scales; record evidence behind ratings.
  • Jumping straight to PPE: apply the hierarchy; pursue elimination, substitution, engineering first.
  • Overlooking vulnerable workers: tailor tasks, information and controls to their needs.
  • Skipping reviews after incidents or rule updates: reassess promptly and brief changes.
  • Ignoring transport rules for dangerous goods: embed IATA/IMDG/ADR/RID checks pre‑dispatch.

Example walkthrough: assessing lithium battery packing in a warehouse

You’re consolidating orders and packing lithium batteries for shipment from a busy warehouse. Apply the same risk assessment and hazard identification steps: define scope (packing bench to despatch bay, including rework/returns), involve packers and supervisors, walk the process, and use a simple matrix to rate risks using Risk = probability x severity.

  • Key hazards: Source of energy (battery short‑circuit or damage leading to heat/fire), crush/puncture during packing, incompatible goods mixed in error, manual handling of heavy cartons, and vehicle movement at the bay.
  • Who’s at risk: Packers, pickers, drivers, contractors, visitors and the public near loading areas; include lone/after‑hours work.
  • Risk ratings (examples): Short‑circuit during packing – likelihood medium, severity high → high risk. Manual handling – likelihood medium, severity moderate → medium risk.
  • Controls (hierarchy):
    • Eliminate: Remove and quarantine damaged/swollen batteries from the process.
    • Substitute: Prefer supplies with integral terminal protection/inner packs.
    • Engineering: Use approved inner/outer packagings and terminal insulation; segregate packing area; fit local detection and suitable containment; organise safe traffic routes.
    • Administrative: SOPs and checks for damage, quantity limits and segregation rules, pre‑despatch modal checklists, trained sign‑offs, housekeeping.
    • PPE: Gloves and eye protection for packing/rework.
  • Implement and review: Mark/label packages, complete documentation, brief teams and contractors, verify controls at point‑of‑work, and re‑assess after any incident or regulatory update.

Next steps

You now have a clear, HSE‑aligned way to run risk assessment and hazard identification, pick proportionate controls, document what matters, and keep improving—while folding in COSHH and dangerous‑goods requirements across air, sea, road and rail. The fastest gains come from starting small, proving the approach, and scaling deliberately.

  • Choose a pilot area: scope it, involve the team, walk the job, and rate risks with your defined matrix.
  • Turn findings into action: create an owner‑led register with deadlines; brief changes and verify controls on the floor.
  • Set review triggers: change, incidents, or rule updates; add routine checks to keep controls effective.
  • For dangerous goods: map tasks to modal requirements, tighten SOPs and pre‑dispatch checks, and ensure role‑specific training (DGSA support if applicable).
  • Build competence: nominate your competent person and standardise templates, criteria and training.

If you want expert help, practical templates or accredited training, talk to Logicom Hub today: get compliant, confidently.