Risk assessments – and how to get them right

Tuesday 12 May 2020
In the wake of new government guidance on getting back to work safely, here are the fundamental principles for managing risk.


On Sunday night the British prime minister Boris Johnson gave a televised statement in which he encouraged those who can work to get back to work. The statement has been followed by a series of guidance documents about the rules and limitations about getting back to work while also maintaining social distancing measures.

Bullet point number two in the government’s official guidance on getting back safely to work is “Carry out a Covid-19 risk assessment, in consultation with workers or trade unions”. In a survey of CMI members that we conducted in the middle of last week, many of you talked of the importance of effective risk assessments. These are the words on the minds of many leaders and managers right now.

Peter Webb is managing director at Electronic Temperature Instruments (ETI), a digital thermometer manufacturer based in Worthing, Sussex. His company produces digital and infra-red thermometers for the food and drink service industry. They have continued production as a critical supplier, providing supermarkets, NHS food services, and food processing and public sector catering.

“Risk assessments in the given circumstances are challenging,” Peter says. “The first thing you need to do is review your existing risk register. Every manufacturing company like ours will have these in place, but they need to be re-assessed before any action takes place. Our production managers have demonstrated flexibility and ‘out of the box’ thinking to change the way our production teams operate.”

They’re making gangways one-way, staircases are one-way, and ETI is doing everything it can to ensure the correct social distancing. “The layout changes of our factories to comply with social distancing rules has seen us remove all wide-span shelving down our centre aisles between the benches and we have also started the process of removing further work benches. New shelving is being installed to replace any removed benches, reinstating adequate local storage areas.”

One of the biggest problem areas has been breakout rooms and canteens, but ETI is now staggering breaks and lunch hours to make sure employees don’t congregate all at once and are being responsible.

Peter is one of thousands of managers grappling with these issues right now. To help, we took a ‘deep dive’ into CMI’s ManagementDirect (free to CMI members) to unearth some tried-and-tested risk-assessment principles.

Let’s explore

In our Strategic Risk Management checklist, we define risk management as “the discipline of continuously analysing and assessing the internal and external risks, to which an organisation is exposed, both actual and potential.”

Here are some issues you need to consider and action before your workplace is safe enough for employees to return.

Risk management

We face risks everyday – some larger than others – and it’s part of human nature to make judgement calls.

Risks may hinder or even prevent your team and wider business achieving its goals, causing operational disruption, financial losses, or escalating costs. But by doing a risk assessment, you can mitigate the problem factors by taking them into account early on. Of course, while no-one could have predicted a worldwide pandemic forcing many countries into lockdown, we can make sure that we use the knowledge we do have to create as safe a space as possible for those employees returning to the workplace.

We’ve got a fantastic risk management checklist that will help you in the process of understanding the nature of the risks facing your organisation.

What you need to assess

Assessments need to be done in context; that is, what are you assessing and why? Break down a checklist of things you need to go through, such as: working conditions, IT and telecommunications systems, people and supply chain issues, financial risks and regulatory compliance.

When assessing organisational vulnerabilities, it is important to be aware that the risks to which an organisation is exposed will depend on its size, the nature of its activities and the sector in which it operates. Companies in the pharmaceutical industry, for example, face risks related to the handling of hazardous substances that will be irrelevant to many service sector organisations. Working within the most recent information from the government, you may need to make serious practical adjustments to conform to their safety guidelines.

The government recommends staggering shifts and returns to work, enabling homeworking wherever possible, and maintaining social distancing measures. Therefore, consider the office or working environment layout, move equipment so they’re at least two metres apart, and mark the floor with instructions for keeping distance. Wessex Garages is one company that’s done this and has produced a useful video about it.

Make a risk register

A risk register is typically composed of three different types of fields: descriptor, risk category and management. This must be updated as and when necessary. With all the new information coming in from the government, and with these being tested live with your staff, you must update your risk register with any learnings. This will then help you to keep moving forward and creating an ever-safer environment.

Risk register descriptors include:

  • Title – a clear description of the risk
  • Description – precise issues involved with the risk and the process of mitigation
  • Likelihood and impact – the chance of the risk occurring, and the severity is ordered from high to medium to low
  • Cost – for example, a high risk could be a 65% increase on the budget or a £1m single payment
  • Time – the delay in the project schedule if the risk arises. It can be difficult to measure the exact time frame of a delay, so if in doubt, overestimate to ensure that the risk is given due attention

Checklist 241 in CMI’s ManagementDirect will help you put together an effective risk register.

Follow the guidance

Finally, you’ll need to take account of current legislation and ACOPs (Approved Codes of Practice) when drawing up any guidelines for assessments. These include, but are not limited to:

  • Control of Noise at Work Regulations 2005
  • Environmental Protection Act 1990
  • Health and Safety (Display Screen Equipment) Regulations 1992, as amended in 2002
  • Manual Handling Operations Regulations (MHO) 1992 as amended in 2004
  • Lifting Operations and Lifting Equipment Regulations (LOLER) 1998
  • Personal Protective Equipment at Work Regulations 1992 as amended in 2002
  • Control Of Substances Hazardous to Health (COSHH) 2002 as amended
  • Control of Asbestos at Work Regulations 2012
  • Provision and Use of Work Equipment Regulations (PUWER) 1998 as amended in 2002
  • Management of Health and Safety at Work Regulations 1999 as amended in 2003
  • Construction (Design and Management) Regulations 2015
  • Electricity at Work Regulations 1989
  • Workplace (Health, Safety and Welfare) Regulations 1992

These documents are free to download and of course be aware that several regulations require a specific risk assessment to be made.

We’ve opened up the most relevant and insightful resources from ManagementDirect onto our Knowledge Bank, where CMI members and non-members alike can reach them. You can read more about Strategic Risk Management or see our Risk Management Checklist here.

Don’t miss out - get notified of new content

Sign-up to become a Friend of CMI to recieve our free newsletter for a regular round-up of our latest insight and guidance.

CMI members always see more. For the widest selection of content, including CPD tools and multimedia resources, check out how to get involved with CMI membership.