You know you need to conduct a workplace risk assessment, but where do you actually start? Most guides throw complex frameworks at you when what you really need is a clear process your team can follow right away. The confusion often leads to incomplete assessments or safety gaps that put people at risk.
The good news? A proper risk assessment follows four straightforward steps: identify hazards, assess risks, implement controls, and monitor results. This process works whether you’re managing a small team or coordinating across multiple worksites. You don’t need a safety degree to get it right.
This guide walks you through each step of the risk assessment process with practical examples and clear actions. You’ll learn how to spot hazards that others miss, prioritise risks that actually matter, choose controls that work, and keep your documentation audit ready. By the end, you’ll have a repeatable system that protects your team and meets your compliance requirements.
What is a workplace risk assessment
A workplace risk assessment is a systematic examination of everything in your workplace that could potentially cause harm to people. You document hazards, evaluate the likelihood and severity of injuries or illnesses, and determine what steps you need to take to protect your team. This isn’t a one-time box-ticking exercise but rather an ongoing process that adapts as your work changes.
The assessment follows a logical sequence that makes sense once you understand the flow. You start by walking through your workplace to spot dangers, whether that’s slippery floors, hazardous chemicals, or repetitive strain from manual tasks. Then you evaluate how serious each risk actually is and who might be affected. Your goal is to create a documented plan that shows you’ve thought through the dangers and taken reasonable steps to address them.
A proper risk assessment proves you’re meeting your legal duty of care to prevent foreseeable harm in your workplace.
Australian workplace safety regulations require you to manage risks "so far as is reasonably practicable." This means you balance the cost and effort of controls against the level of risk. You don’t need to eliminate every possible danger, but you do need to show you’ve taken sensible precautions based on what you know about the hazards your team faces.
Step 1. Identify hazards in your work
Hazard identification is where your risk assessment process steps begin, and it requires you to look at your workplace through fresh eyes. You need to spot anything that could cause harm before it actually hurts someone. This means walking through your physical space, reviewing your work procedures, and talking to the people who do the work every day because they often notice dangers that managers miss.
Walk through your workplace systematically
Start by dividing your workplace into zones or work activities so you don’t overlook areas. Walk through each zone during normal operations, not just when everything is clean and quiet. Watch how people actually work rather than how procedures say they should work. You’ll spot real hazards like blocked emergency exits, frayed electrical cords, or awkward postures that policies and diagrams never reveal.
Your team members hold valuable knowledge about hazards they encounter daily, so involve them in this identification process from the start.
Common workplace hazards to spot
Focus your attention on these five hazard categories that cause most workplace injuries:
- Physical hazards: Slippery floors, working at heights, moving machinery, noise, temperature extremes, poor lighting
- Chemical hazards: Cleaning products, fuel, paints, dusts, fumes that can be inhaled or contact skin
- Biological hazards: Bacteria, viruses, moulds, animal waste, contaminated materials
- Ergonomic hazards: Repetitive movements, heavy lifting, awkward postures, prolonged standing or sitting
- Psychosocial hazards: Work pressure, bullying, fatigue from shift work, violence from customers or colleagues
Document each hazard you find with specific location details and brief descriptions. Take photos where possible. Your documentation doesn’t need fancy formatting, but it should clearly describe what the hazard is and where someone would encounter it during normal work.
Step 2. Assess and prioritise the risks
Once you’ve identified hazards, you need to work out how dangerous each one actually is to your team. Risk assessment means evaluating both the likelihood that harm will occur and the severity of that harm if it does happen. You’re not making wild guesses here but rather using your knowledge of the workplace, past incidents, and industry standards to make informed judgements about which hazards deserve immediate attention.
Calculate the risk level for each hazard
Evaluate each hazard by asking two questions: how likely is someone to be harmed by this hazard, and how badly could they be hurt? You can use a simple scoring system where likelihood ranges from rare to almost certain, and severity ranges from minor injury to fatality. Multiply these scores together to get your risk rating, or use a risk matrix to plot where each hazard sits.
| Severity | Likelihood: Rare | Likelihood: Possible | Likelihood: Likely |
|---|---|---|---|
| Minor injury | Low risk | Low risk | Medium risk |
| Serious injury | Low risk | Medium risk | High risk |
| Fatality | Medium risk | High risk | Critical risk |
The combination of likelihood and severity determines which risk assessment process steps you take next, so accurate evaluation at this stage prevents wasted effort on low-priority hazards.
Focus on high-priority risks first
Tackle critical and high risks immediately because these pose the greatest danger to your team. You can’t fix everything at once, so prioritisation keeps you focused on what matters most. Medium risks need controls but can wait slightly longer, while low risks might only require monitoring or simple improvements when resources allow.
Consider vulnerable workers during your assessment because the same hazard affects people differently. New employees, young workers, pregnant staff, or people with disabilities may face higher risks from hazards that seem manageable for experienced team members. Document any special considerations these groups need in your risk register.
Step 3. Choose and apply control measures
After you’ve assessed and prioritised your risks, you need to select control measures that will eliminate or reduce the hazards you’ve identified. This step of the risk assessment process steps requires you to choose the most effective controls based on the hierarchy of control measures, not just the easiest or cheapest options. You must always aim to eliminate the hazard completely as your first choice, and only move down the hierarchy when that’s not reasonably practicable.
Follow the hierarchy of controls
The hierarchy of controls ranks protection methods from most effective to least effective, giving you a clear framework for decision-making. You start at the top and work your way down only when higher-level controls aren’t feasible for your specific situation.
| Control Level | Action | Example |
|---|---|---|
| Elimination | Remove the hazard completely | Use ground-level window cleaning equipment instead of ladders |
| Substitution | Replace with something safer | Switch from toxic solvents to water-based cleaners |
| Engineering controls | Modify equipment or workspace | Install machine guards or ventilation systems |
| Administrative controls | Change work procedures | Implement job rotation to reduce repetitive strain |
| Personal protective equipment | Provide safety gear | Supply gloves, safety glasses, or hearing protection |
Always combine multiple control levels where necessary because relying on a single control measure rarely provides adequate protection.
Implement controls that actually work
Put your chosen controls in place with clear timeframes and responsibilities assigned to specific people. A control measure written in a document but never implemented protects nobody. Schedule installation dates for equipment, book training sessions for new procedures, and purchase any required safety gear before you consider the control measure complete.
Test each control after implementation to verify it actually reduces the risk as intended. Watch workers using the new equipment or following new procedures to spot any practical problems. Your team needs to understand why controls exist and how to use them correctly, so provide training and clear instructions alongside any physical changes you make to the workplace.
Step 4. Record, monitor and review
Recording your findings completes the risk assessment process steps by creating documentation that proves you’ve met your legal obligations and gives your team a reference point for safe work practices. You need to document the hazards you identified, the risk levels you assigned, the control measures you implemented, and who’s responsible for maintaining those controls. This record becomes your evidence that you’ve taken reasonable steps to protect workers, which matters enormously if an incident occurs or a regulator inspects your workplace.
Keep documentation simple and accessible
Store your risk assessment in a format your team can actually access and understand when they need it. A complex document locked in a manager’s office helps nobody. Use a simple spreadsheet or template that lists each hazard, its risk rating, the controls in place, and review dates. Your documentation should answer these questions for each hazard:
- What is the specific hazard?
- Who might be harmed and how?
- What controls are currently in place?
- Who is responsible for maintaining these controls?
- When will this assessment be reviewed?
Documentation isn’t paperwork for its own sake but rather a practical tool that helps everyone understand workplace risks and how to manage them.
Schedule regular reviews
Set specific dates for reviewing your risk assessment rather than leaving it as a vague future task. Review whenever you introduce new equipment, change work processes, hire new staff, or after an incident occurs. Even if nothing changes, conduct a complete review annually to ensure your controls still work effectively and you haven’t missed emerging hazards in your workplace.
Bringing it all together
You now have a complete framework for conducting workplace risk assessments that protect your team and meet compliance requirements. The four risk assessment process steps (identify hazards, assess risks, implement controls, and record findings) give you a repeatable system that works across any workplace setting. Start with your highest-priority risks and tackle them systematically rather than trying to fix everything at once.
Regular reviews keep your assessments current as your workplace evolves. Set calendar reminders for annual reviews and train new team members on existing controls as part of their onboarding. If your business operates commercial vehicles or fleet operations, remember that proper insurance coverage complements your safety processes. Get a competitive quote for your commercial vehicles to ensure comprehensive protection for your business assets alongside your workplace safety measures.
