Health and Safety
Performance Standard HSPS 010
Risk Assessment
HSPS.009/SHE Unit/BA/issued Aug09
1
Safety, Health and Environment Unit
Title
Risk Assessment
Reference
Number
HSPS 009
DOCUMENT HISTORY
Issue
Date
Details
1
28.08.09
Supercedes Guidance Notes for Assessors Jan 1994
Author
Bernard Angus
Signature
Date
Authorised by
Keith Mander
Chair of SHEEC
Signature
Date
Issued by
SHE Unit
Signature
Date
2
Contents
Page
1. Purpose of Performance Standard
4
2. Related procedures and other documents
4
3. Details of the Performance Standard
3.1 General
3.2 Responsibilities
3.2.1
Heads of Department
3.2.2
Managers and Supervisors
3.2.3
Employees
3.3 Principles of Competence
3.4 The Five Steps to Risk Assessment (HSE Guidelines)
3.4.1
Identify the Hazards
3.4.2
Decide Who is at Risk and How
3.4.3
Identify Risks and Consider Control Measures
3.4.4
Record Findings
3.4.5
Review of Risk Assessments
4
4
4
4
5
5
6
6
6
6
6
8
8
4. Associated Definitions
9
Appendix 1 Risk Assessment Form
10
3
1. Purpose of Performance Standard
To outline the responsibilities and actions required to ensure that careful assessments are made of
the hazards associated with the occupation of premises, work carried out and tools and equipment
used in the execution of such work, at the University of Kent. When the appropriate level of risks
has been determined, to ensure that adequate control measures are put in place to eliminate the
risks, or reduce them to an acceptable level. To record the findings of these assessments, review
them regularly and update them as appropriate. This process is known as RISK ASSESSMENT and
forms a fundamental part of the University’s Health and Safety Policy.
2. Related procedures and other documents
Health and Safety at Work etc. Act 1974 (HASWA)
Management of Health and Safety at Work Regulations 1992 (MHSWR)
The University of Kent Health and Safety Policy
Health and Safety Executive leaflet “Five Steps to Risk Assessment”
Risk Assessment forms
3. Details of the Performance Standard
3.1 General
The assessment of risks is a common, every day procedure which everyone carries out, albeit subconsciously. A person would not walk through a low door or drive through a very narrow gap
without “assessing” the clearance available; neither would a person cross a road without looking to
“assess” the traffic movement. These are simple yet relevant forms of risk assessment.
The Management of Health and Safety at Work Regulations 1992 make it a legal requirement for
employers to carry out risk assessments and where appropriate to record their findings. The
responsibility for risk assessments rests with the Employer, although the actual task of carrying out
the assessment may be delegated to managers or supervisors who are competent to carry out such
assessments, (see 3.3).
3.2 Responsibilities
3.2.1 Heads of Department (HoDs)
Heads of Department shall be responsible for ensuring that all necessary risk assessments are
carried out within their own departments. They shall also ensure that risk assessments are carried
out by persons who are competent within a particular area of work, to undertake such
assessments. A reasonable assessment of competence to undertake such assessments would be to
consider the knowledge, training and experience gained by the person to whom the task of
assessing risks is to be delegated. If any of the above criteria are lacking then the authority for
carrying out risk assessments should not be given to that person. When there are staff changes at
senior level the Head of Department shall ensure that any devolved authority for undertaking and
reviewing risk assessments is also re-allocated. In some cases the Head of Department may have
to re-assess the working methods of his/her department if unacceptable risks are brought to his
attention by managers or supervisors, or by Safety, Health and Environment [SHE] Unit staff.
4
3.2.2 Managers and Supervisors
Managers and supervisors who are tasked with undertaking risk assessments shall ensure that
they have adequate knowledge, have received adequate training and are experienced in the
activities to be assessed, prior to undertaking a risk assessment.
The findings of all risk assessments undertaken for the University of Kent are to be formally
recorded and reviewed. This review shall be carried out either annually, or when the particular
work process which is the subject of the assessment is changed in a way which alters the risks or
introduces new risks.
Managers or supervisors who undertake to produce risk assessments shall, as part of the
procedure, consult widely with the employees who are likely to be at risk and where appropriate,
with other persons who may be at risk from the same operation.
Where a risk assessment establishes that a particular activity poses unacceptably high risks, even
after all possible or reasonable control measures have been put in place to reduce the risk, then
this should be brought to the attention of the Head of Department who should follow the
guidance in Section 3.4.3 of this Standard.
Managers and supervisors shall not make assumptions about risk, if they do not have adequate
knowledge, training or experience about a particular activity, but shall seek appropriate
specialist advice from the SHE Unit. It may be possible to find alternative methods of working
so that the desired result can be achieved in another way.
3.2.3 Employees
All employees shall assist their managers/supervisors in the preparation of risk assessments.
Employees undertaking activities have the key role in providing information for a risk
assessment and should be encouraged to offer assistance and suggestions at any time during the
process.
When a risk assessment is completed, employees who are, or may be, involved in the activity
concerned, must familiarise themselves with the risk assessment and ensure that they are
satisfied that it addresses all of the risks associated with the activity.
Normally, risk assessments should be reviewed by managers/supervisors whenever working
practices change. However, employees have a responsibility to bring to the attention of their
manager or supervisor any new risks which may have developed as a result of changing working
practices, or equipment associated with an activity which has already been assessed.
It is the responsibility of all employees to work in a manner which complies with the required
control measures specified in appropriate risk assessments.
3.3 Principles of Competence
Only “competent persons” shall undertake risk assessments. A competent person is one who has a
detailed knowledge of the type of activity which is to be risk assessed, a broad knowledge of the
employer’s undertaking and a general understanding of legal health and safety requirements. This
knowledge, a significant amount of which should have been gained by training, should be supported
by a reasonable amount of experience. It is unlikely that employees who do not have some basic
5
supervisory role are ‘competent’ to assess risks, while they may be very competent to undertake
their particular activity. For this reason, it is assumed that risk assessment will be undertaken by
supervisors, supported by managers in the appropriate work area. Under no circumstances should
the assessment of workplace risks be just delegated to the employees themselves.
These principles are the foundations of good risk assessment and should be applied by Heads of
Department when devolving authority for risk assessment.
3.4 The Five Steps to Risk Assessment (HSE Guidelines)
(Things to consider when you are assessing risk)
3.4.1 Identify the Hazards
Before this can be done, it is important to fully understand the activity which is to be carried out.
The activity may only involve actually being in an area, e.g. perhaps just to inspect a building,
but if the building structure is unsafe, a risk assessment will be required. List all of the
significant hazards, ignoring trivial things. Write down the hazards and prioritise them, so that
the most dangerous are given the highest priority.
3.4.2 Decide Who is at Risk and How
Some of those at risk will be obvious; the people actually ‘doing the work’. Others may not be
so obvious; passers-by, observers, those working in an adjacent area. Consider them all and how
they could be affected. If there is work being undertaken in the vicinity, by persons not under
your control, assess its likely impact on your staff and their work and obtain a copy of the other
person’s risk assessment, if it is available.
3.4.3 Identify Risks and Consider Control Measures - (Evaluation)
From the previously identified hazards it will be possible to identify the risks, which are
foreseeable. Some may already have control measures in place to reduce the risks to a level
which a competent person may assess as acceptable; e.g. The risks to the public from a low rise
building site may be adequately controlled by the already installed security fencing. However, on
the same site there will almost certainly be higher risks to the workforce which require additional
control measures to be taken.
A starting point should always be to remove the hazard if at all possible, thereby reducing the
risk to zero. In many instances this will not be possible and the next step must always be to
reduce the risk to a level which is as low as is reasonably practicable. The control measures
which are applied to a risk situation should be appropriate to the level of risk, i.e. the risk factor.
The risk factor is determined by considering two elements of each situation:1. The probability of harm being done to someone, and
2. The severity of the harm which ensues.
The Risk Factor is defined as the multiple of these two elements.
Probability
probable
possible
unlikely
3
2
1
Severity
critical
serious
minor
3
2
1
6
Risk Factor
high
medium
low
6-9
4
1-3
The matrix above demonstrates a simple form of what is commonly known as ‘numerical risk
assessment’. This system can be used, but it is recommended that it is not used in work areas
where the risks are relatively low, as it introduces an unnecessary complication. To use the
terms High, Medium or Low is adequate in most cases.
Below is some basic guidance on how to categorise some levels of risk. The information which
follows is not definitive, as each activity should be assessed considering all of its particular
aspects.

Typical high risk operations are working at height (including roofs), working in confined
spaces, working with, or in the vicinity of, certain types of tools or machinery, most
demolition work, working with certain dangerous chemicals or working in temperature
extremes.

Typical low risk operations could be working with computers at a work station, filing and
storing light equipment or general cleaning.

Medium risk operations could be some of the first group, scaled down or some of the
second group, scaled up for a variety of different reasons. In general terms this group would
cover such things as operation of electrical or mechanical machinery, which is serviceable,
guarded if appropriate and maintained, in accordance with a recognised procedure or
construction activities at ground level, or general manual handling using proper mechanical
aids following training in the tasks.

It is easy to understand how some very similar activities may fall into different categories;
what must always be clear and defensible are the reasons for the difference. As one moves
to the extremes the ‘picture becomes less grey’. Obviously, work at height, no matter how
many barriers or harnesses are used, cannot possibly be categorised as “Low Risk”.
Likewise, office cleaning at ground level is never likely to be ‘High Risk’; but window
cleaning at height will be.

Assessing and categorising risks is about considering everything and making a
balanced and informed judgement.

Control measures are the means by which risks to persons or undertakings can be reduced.
In general terms, risks can only be eliminated totally if the hazard which is responsible for
the risk is eliminated. This should always be the primary objective, when starting to
assess risks.
Control measures should be reasonable and in proportion to the risk which they are intended
to control. Ideally, for economic reasons, they should not be in excess of those measures
which are required. More importantly, for health and safety reasons, they should always be
adequate, at the very least. ‘Adequate’ is the minimum which is acceptable.


As a general rule, always aim to eliminate hazards. If they cannot be eliminated, ensure that
the risks are reduced, by the application of the best control measures which can reasonably
be applied. If it is not reasonable to apply the required control measures for economic
reasons, the activity which has been risk assessed must not take place. Another way must
be found to achieve the objective.
7
3.4.4 Record Findings
All University of Kent risk assessments are to be recorded in writing and made available for use
by the appropriate employees. It is the aim at the University to have all departmental risk
assessments available to staff within that department in a common accessible file on the
departmental network. It is recognised that some departments, such as Biosciences or Physical
Sciences, will need to have more complicated risk assessment forms than other departments
where the risks are limited to office and administration type risks. So long as these forms follow
the general principles of the ‘Five Step’ approach then they will be legally compliant.
The form shown in Appendix A will address most basic situations, but does not necessarily need
to be used if a more specialised version is necessary.
However, whatever forms are used by Departments, they must include the following:1) Hazards identified
2) Who might be harmed and how, (persons at risk and risk factor established)
3) Control measures in place (and adequacy)
4) Residual risks (and acceptability)
5) Review period
Note
Heads of Department should consider requiring employees to sign the risk assessments
appropriate to their work, confirming that they have read and understood them.
3.4.5 Review of Risk Assessments
A regular review of all Risk Assessments should be carried out in accordance with the following
requirements:1) At least annually
2) When existing activities are changed (change to method of working)
3) When new activities are introduced
4) At the request of the employee(s) undertaking the activities
5) If there has been an accident
6) When a female employee, working to an existing risk assessment, advises she is pregnant
8
4. Associated definitions
Hazard
-
Something which has the potential to cause harm
Risk
-
The likelihood of harm occurring as a result of the identified hazard (s)
Control Measure
-
Something put in place to reduce risk. These can have time and resource
implications, (financial and human) and should be proportional to the
benefit achieved in terms of risk reduction, by their application.
Some examples of control measures are:







work instructions or procedures
relevant training and experience (and evidence)
planned working patterns
co-operation and sharing of information with others
regular inspections
supervision
segregation of work areas
isolation of sources of energy
This list is not exhaustive, but represents measures which should be
considered in all risk assessments at work.
Personal Protective Equipment (PPE)
-
Includes items of clothing or other equipment, designed to be a last resort
measure to separate the person at risk from the hazard(s). PPE should
never be used on its own as a method of controlling risks, but can and in
many cases must, be used to supplement other control measures which
have been put in place. (E.g. when using a chain saw).
Reasonably Practicable
- What a reasonable person, having some knowledge of the tasks and the
risks involved, would assume to be reasonable, in the circumstances.
A control measure which is ‘reasonably practicable’ is one where the cost
of the measure in terms of effort, (intellectual, financial and physical)
does not outweigh the benefit achieved, in terms of risk reduction, by
imposing the measure.
Electronic Recording and Sharing of Risk Management Information
The Health and Safety Plan for the University includes the introduction of electronic recording of
risks and their control measures. This will enable a sharing of information and facilitate easier and
more accurate auditing of the health and safety situation, by Heads of Department, the Safety,
Health and Environment Unit and possibly Internal Audit if and when appropriate.
9
Appendix A - Standard Risk Assessment Form
Sheet No :………………….
RISK ASSESSMENT FORM
(BASED ON HSE “FIVE STEPS TO RISK ASSESSMENT”)
Department /Section ……………………….….………
Work Area ……………………….….….……
Date of Assessment …….….………………….…….
Assessor ……………………….….…………………….
Signature ……………………….….….….…
Date of Review …….….……………………..….…….
HAZARD
(List)
PERSONS AT RISK AND HOW
(Consider all persons, including those
who may not be involved with the job)
EXISTING CONTROL MEASURES
AND ADEQUACY
(List the control measures appropriate
to each hazard and consider the level
of residual risk; is it high, medium or
low?) If using a risk matrix then show
risk factor (R) = (hazard x risk)
ADDITIONAL REQUIREMENTS
(If the residual risk is high, you must
take additional practicable measures
to reduce it, or abort the proposed
task)
NOTE: All assessors should read the Performance Standard for undertaking risk assessments (this document) and have been trained in risk
assessment. On completion, appropriate employees should be briefed by the assessor who should ensure that they fully understand the risk
assessment.
10