Running a small or medium-sized business (SME) is demanding enough without the added worry of
health and safety compliance. But the truth is, effective risk assessment doesn’t have to be
complicated, expensive, or time-consuming – and it can save you a lot of money, hassle, and legal
exposure in the long run.
This guide will walk you through what a risk assessment is, why it matters, and how to carry one out
in a way that’s practical, proportionate, and aligned with industry best practice.
Why Risk Assessment Matters
Every business, no matter how small, has a legal duty under the Health and Safety at Work Act
1974 to protect employees, contractors, visitors, and anyone else affected by its work.
A risk assessment is the foundation of that duty. It’s a structured process for:
- Identifying potential hazards in your workplace
- Evaluating who might be harmed and how
- Deciding on sensible controls to reduce risk
- Recording and reviewing those controls over time
Far from being “red tape”, risk assessments:
- Prevent accidents and ill-health
- Improve productivity (fewer disruptions)
- Demonstrate compliance if inspected by the HSE or insurers
- Build employee trust and a strong safety culture
Step 1: Identify the Hazards
Hazards are anything that can cause harm. In an SME setting, they often include:
Slips, trips and falls – wet floors, trailing cables, uneven ground
- Fire hazards – poor housekeeping, faulty electrics, blocked exits
- Manual handling – lifting, carrying, pushing heavy loads
- Hazardous substances – cleaning chemicals, dust, fumes
- Work equipment and machinery – unguarded moving parts, lack of training
- Display Screen Equipment (DSE) – poor workstation setup, eye strain
- Vehicles and transport – delivery vans, forklifts, reversing risks
- Psychosocial factors – stress, fatigue, lone working
Practical tip: Walk the workplace with fresh eyes, involve your staff, and look at accident/near-miss reports – they often reveal hidden risks.
Step 2: Decide Who Might Be Harmed and How
Think beyond employees. Who else interacts with your workplace?
- Employees (including vulnerable groups: young workers, pregnant staff)
- Contractors or agency workers
- Visitors, customers, or delivery drivers
- Members of the public (if you work in shared or open spaces)
Practical tip: Consider how different groups are affected by the same hazard. For example, a slippery floor might be inconvenient for office staff but far more dangerous for an older visitor.
Step 3: Evaluate the Risks and Decide on Controls
Not every hazard poses a serious risk. The aim is to decide whether risks are low, medium, or high, and what control measures are needed.
The Hierarchy of Control is an industry best practice approach:
- Eliminate the hazard altogether (e.g., remove trip hazards).
- Substitute for something safer (e.g., use less hazardous cleaning chemicals).
- Engineering controls (e.g., machine guards, ventilation).
- Administrative controls (e.g., training, safe systems of work, signage).
- Personal Protective Equipment (PPE) – as a last resort.
Practical tip: Always start at the top of the hierarchy – don’t jump straight to PPE.
Step 4: Record Your Findings
If you employ five or more people, you are legally required to record your risk assessments. Even
with fewer staff, keeping records is good practice.
A typical record should include:
- The hazards identified
- Who might be harmed and how
- The controls in place (and further actions required)
- The date and person responsible for completion
Best practice format: A simple table with columns for Hazard | Who at Risk | Controls in Place | Further Action Needed | Person Responsible | Date.
Practical tip: Keep it short and focused – regulators value clear evidence of control, not paperwork for its own sake.
Step 5: Review and Update Regularly
Risk assessments are not one-off tasks. They should be reviewed if:
- There is a significant change (new equipment, process, or layout)
- An accident or near miss occurs
- At least annually as a matter of routine
Practical tip: Set reminders (e.g., every 12 months) and link reviews to business cycles such as insurance renewal or annual staff training.
Common Mistakes SMEs Make with Risk Assessments
Over-complicating the process – Risk assessments should be proportionate to your
business.
- Copy-and-paste templates – Generic documents don’t reflect real risks in your workplace.
- Failing to involve staff – Employees often know the risks better than managers.
- Filing it and forgetting it – A risk assessment is only useful if it drives day-to-day practice.
- Over-reliance on PPE – PPE is important, but it should not replace eliminating or reducing risks higher up the hierarchy.
Industry Best Practice Tips for SMEs
- Engage your team – Run toolbox talks and encourage hazard reporting.
- Use dynamic risk assessments – Train staff to make quick, on-the-spot checks when conditions change (e.g., deliveries, weather).
- Leverage technology – Use simple apps or spreadsheets to log and track risks.
- Keep it proportionate – A small office needs different controls than a large construction site.
- Link to culture – Make risk assessment part of everyday decision-making, not a tick-box exercise.
Conclusion
Risk assessments are the backbone of health and safety compliance for SMEs. Done properly, they:
- Keep people safe
- Protect your business from legal and financial penalties
- Improve efficiency and staff morale
By following the five steps – Identify, Decide, Evaluate, Record, Review – and applying the
hierarchy of control, you’ll build a risk assessment process that is both practical and legally robust.
Remember: Health and safety is not about paperwork – it’s about protecting people and enabling
your business to thrive.
Next Steps for SMEs:
- Carry out a baseline risk assessment this month.
- Involve your employees – they’re your best resource for spotting hazards.
- Put review reminders in your business calendar.