A risk assessment is a structured process for identifying hazards, evaluating the level of risk and determining the controls needed to reduce that risk to an acceptable level. It is a legal requirement under Australian WHS legislation and a core element of any workplace safety management system.
This guide walks through how to write a risk assessment from scratch, using the standard likelihood-and-consequence approach with a risk matrix. Whether you are assessing a routine task like manual handling or a high-risk activity like working at heights, the process is the same.
Before you start
Gather your risk assessment template, a risk matrix and a pen or digital device. If your organisation uses a standard template, use that. If not, download a free template and adapt it to your workplace.
Walk the area or observe the task before you sit down to write. A desk assessment written without first-hand observation misses hazards that are obvious to anyone doing the work. Involve the workers who perform the task, as they know the risks better than anyone.
Step-by-step risk assessment
1. Identify the task or activity
Clearly define what you are assessing. Be specific: "Unloading pallets from a flatbed truck using a forklift" is useful. "Warehouse operations" is too broad. Break large activities into individual tasks and assess each one. Include the location, equipment used, and number of workers involved.
2. Identify hazards
A hazard is anything that has the potential to cause harm. Walk through the task step by step and identify every hazard. Common categories include:
- Physical: moving machinery, falling objects, noise, vibration
- Chemical: fumes, dust, solvents, acids
- Biological: mould, bacteria, animal bites
- Ergonomic: manual handling, repetitive movement, awkward posture
- Psychological: fatigue, stress, bullying, lone work
- Environmental: heat, cold, UV, wet surfaces, poor lighting
Use a hazard identification form to capture findings systematically.
3. Assess who is at risk
Identify everyone who could be harmed by each hazard. This includes workers performing the task, nearby workers, visitors, contractors and members of the public. Note anyone who may be at higher risk, such as new workers, young workers, pregnant workers or those with pre-existing conditions.
4. Evaluate likelihood and consequence
For each hazard, assess the likelihood of it occurring and the severity of the consequence if it does. Use a risk matrix to determine the risk level. A standard 5x5 matrix uses these scales:
| Likelihood | Description |
|---|---|
| Rare | Could happen but only in exceptional circumstances |
| Unlikely | Could happen but not expected |
| Possible | Might happen at some point |
| Likely | Will probably happen in most circumstances |
| Almost certain | Expected to happen in most circumstances |
| Consequence | Description |
|---|---|
| Insignificant | No injury or minor first aid |
| Minor | First aid treatment, minor injury |
| Moderate | Medical treatment, lost time injury |
| Major | Serious injury, hospitalisation |
| Catastrophic | Death or permanent disability |
5. Determine controls (hierarchy of controls)
Apply controls in order of effectiveness using the hierarchy of controls. Higher-level controls are always preferred because they reduce or remove the hazard rather than relying on human behaviour.
- Elimination - remove the hazard entirely
- Substitution - replace with something less hazardous
- Isolation - separate people from the hazard
- Engineering controls - guards, ventilation, barriers
- Administrative controls - procedures, training, signage
- PPE - last resort, protects the individual only
Never rely on PPE as the primary control. It is the weakest level in the hierarchy and depends entirely on the worker using it correctly every time.
6. Document and sign
Record every hazard, its risk rating (before and after controls), the controls to be applied, the person responsible and the date. The document must be signed by the assessor and ideally by the workers involved. Use a digital form to capture signatures electronically.
7. Review and update
A risk assessment is a living document. Review and update it when the task changes, new equipment is introduced, an incident or near miss occurs, or at regular intervals (typically annually). The review date and reviewer must be recorded on the document.
Hazard vs risk
These terms are often confused. A hazard is something that has the potential to cause harm (e.g. an unguarded moving belt). A risk is the combination of the likelihood of that harm occurring and how severe it would be. Risk assessment is about evaluating the risk, not just listing the hazards.
Hierarchy of controls in practice
| Level | Example | Effectiveness |
|---|---|---|
| Elimination | Remove the task entirely, automate it | Highest |
| Substitution | Use a less toxic chemical | High |
| Isolation | Barrier around noisy compressor | High |
| Engineering | Machine guarding, ventilation system | Medium-high |
| Administrative | Safe work procedure, training, rotation | Medium |
| PPE | Gloves, ear plugs, respirator | Lowest |
Going digital with MapTrack
Paper risk assessments sit in folders and become outdated without anyone noticing. With MapTrack, you can create, assign and track risk assessments using digital forms that enforce completion of every required field. The risk matrix calculation can be built into the form, so workers select likelihood and consequence and the risk rating is calculated automatically.
Review dates trigger automated alerts, ensuring assessments are reviewed on schedule. All completed risk assessments are stored centrally and linked to the relevant asset or location in your compliance system, making audit preparation straightforward.
