
If you employ anyone, or if members of the public visit your premises, you are almost certainly legally required to have a general risk assessment in place. Most small business owners know they need one but aren’t entirely sure what it involves, what it needs to cover, or whether what they already have would hold up to scrutiny. This guide answers all of that in plain English.
What is a general risk assessment?
A risk assessment is a systematic process of identifying hazards in your workplace, evaluating the likelihood and severity of harm they could cause, and putting controls in place to reduce that risk to an acceptable level. The end result is a written document that demonstrates you have considered the health and safety of your employees and anyone else who might be affected by your work.
Under the Management of Health and Safety at Work Regulations 1999, every employer — and every self-employed person who works with employees or members of the public — is required to carry out a suitable and sufficient risk assessment. This is not optional, and it is not just for large organisations or high-risk industries.
What does a general risk assessment cover?
A general risk assessment covers the everyday hazards present in your workplace — the things that could cause injury or ill health to your employees, visitors, contractors, or members of the public. Common hazards covered include:
- Slips, trips, and falls — wet floors, trailing cables, uneven surfaces, poor lighting
- Manual handling — lifting, carrying, pushing, or pulling heavy or awkward loads
- Working at height — ladders, stepladders, mezzanines, rooftop access
- Electrical hazards — damaged equipment, overloaded sockets, inadequate PAT testing
- Fire — ignition sources, combustible materials, blocked escape routes
- Display screen equipment — workstations, posture, eye strain for office-based staff
- Violence and lone working — relevant for retail, healthcare, and field-based staff
- Stress and mental health — increasingly expected in modern risk assessments
A general risk assessment does not cover hazardous substances — those require a separate COSHH assessment. It also does not cover fire specifically — that requires a fire risk assessment. A general risk assessment covers everything else.
What does a compliant risk assessment need to include?
To be compliant, a risk assessment must cover five key steps for each hazard identified:
- Identify the hazard — what is it that could cause harm?
- Identify who might be harmed and how — employees, visitors, contractors, members of the public, vulnerable groups
- Evaluate the risk — how likely is harm to occur, and how severe would it be? This produces a risk rating
- Record your controls — what measures are already in place to reduce the risk, and what additional controls are needed?
- Review date — when will the assessment be reviewed? Best practice is at least annually, or when something changes
If you employ five or more people, you are legally required to record your risk assessment in writing. If you employ fewer than five, you are still required to carry it out — you just are not legally obliged to write it down, though doing so is strongly recommended.
Who needs a general risk assessment?
The short answer is: almost every business. If any of the following apply to you, a general risk assessment is a legal requirement:
- You employ one or more members of staff
- Members of the public visit your premises
- You are self-employed and your work could affect others
- You have contractors or visitors on site
This covers the vast majority of small businesses — hair salons, cafes, garages, offices, retail units, tradespeople, cleaning companies, farms, and many more. The nature of the hazards will differ by industry, but the requirement is the same.
What happens if you don’t have one?
An HSE inspector can visit any business at any time, with or without prior notice. If they find that you have no risk assessment, or that your risk assessment does not reflect your actual workplace and processes, the consequences can include:
- Improvement notice — a formal legal notice requiring you to address the issue within a set timeframe
- Prohibition notice — an immediate halt to the activity causing the risk
- Fee for Intervention — HSE charges for the time spent investigating a breach, currently £163 per hour
- Prosecution — for serious or repeated breaches. The average HSE fine for prosecuted cases exceeds £100,000
Beyond enforcement, a missing or inadequate risk assessment leaves you personally liable if an employee or visitor is injured on your premises. Your employer’s liability insurance may also be invalidated if you cannot demonstrate you took reasonable steps to manage risk.
How is a general risk assessment different from a COSHH assessment?
A general risk assessment covers physical and environmental hazards in your workplace — slips, trips, manual handling, fire, working at height, and so on. A COSHH assessment specifically covers hazardous substances — chemicals, cleaning products, solvents, paints, dusts, and fumes.
Many businesses need both. If your workplace involves both physical hazards and the use of hazardous substances — which includes most businesses in construction, hospitality, manufacturing, beauty, and cleaning — you will need a general risk assessment and a separate COSHH assessment. Our COSHH + Risk Assessment bundle covers both at a combined rate of £575, saving £70 compared to commissioning them separately.
Can I do a risk assessment myself?
Yes — the law does not require you to use a consultant. However, it does require the assessment to be carried out by a competent person: someone with sufficient knowledge, training, and experience to identify the hazards in your workplace and assess the risks accurately.
For many small businesses, the owner is capable of carrying out a basic risk assessment with guidance. The problems arise when assessments are too generic to reflect the actual workplace, when hazards are missed, or when the risk ratings and controls are not accurate. An assessment that wouldn’t hold up to scrutiny offers no legal protection.
A qualified consultant produces an assessment that is specific to your business, accurate, and defensible — and typically turns it around within five working days.
Need your risk assessment sorted?
Ironshore Safety produces general risk assessments for small businesses across the Southwest. Every assessment is tailored to your specific workplace and carried out by a qualified consultant — IOSH Managing Safely certified — and turned around within 5 working days. Fixed pricing from £295, or £575 for the COSHH + Risk Assessment bundle.
Get in touch for a free 15-minute call — I’ll tell you exactly what your business needs and what it’ll cost. No obligation.
Ironshore Safety is based in Braunton, North Devon and serves businesses across the Southwest.