What Is a Risk Assessment?

The short definition
A risk assessment is a careful examination of what, in your work, could cause harm to people — so you can weigh up whether you have done enough to prevent it, or whether you should do more. The result is usually a written record: a list of tasks or job steps, the hazards attached to each, who might be hurt, and the controls that reduce the risk.
It helps to separate two words that are often used interchangeably. A hazard is anything with the potential to cause harm — electricity, working at height, a moving vehicle, a hazardous substance. Risk is the chance that the hazard actually hurts someone, combined with how badly. A frayed cable is a hazard; the risk depends on who is nearby, how often it is used, and what controls are in place.
Crucially, a risk assessment is a process, not a piece of paper. The document is evidence that the thinking happened — but its real value is in forcing you to look at a job clearly before anyone starts work.
The four questions every risk assessment answers
Strip away the jargon and every assessment — in any country, in any industry — is answering the same four questions.
What could go wrong?
Identify the hazards in the task: the energy sources, substances, heights, plant, and conditions that could cause harm.
Who could be harmed?
Workers, contractors, visitors, and the public — including vulnerable groups like new, young, or lone workers.
How likely, and how bad?
Evaluate each risk. Many regions score it on a likelihood × consequence matrix to prioritise the worst risks first.
What will we do about it?
Decide on controls using the hierarchy of controls — eliminate the hazard where you can, and fall back to PPE only as a last line.
A short history of risk assessment
The idea that an employer should systematically anticipate harm is surprisingly modern. For most of history, workplace injury was treated as bad luck or the worker's own fault. That began to change with the Industrial Revolution, when factories, mills, and mines concentrated large numbers of people around fast, powerful, and poorly-guarded machinery.
Britain's early Factory Acts — starting with the Health and Morals of Apprentices Act of 1802 and the Factory Act of 1833, which created the first factory inspectors — were among the first laws to accept that the state, and employers, had a duty to protect workers. But these rules were prescriptive: they dictated specific requirements rather than asking employers to think for themselves about their own particular risks.

The modern, risk-based approach traces back to the UK's Robens Report of 1972. It argued that endless prescriptive rules could never keep pace with real workplaces, and that responsibility should sit with those who create the risk. This led directly to the Health and Safety at Work etc. Act 1974 and its famous standard: employers must protect workers “so far as is reasonably practicable.” That single phrase turned safety into a balancing exercise — weighing the size of a risk against the effort needed to control it — which is exactly what a risk assessment does.
From there the approach spread. The European Framework Directive (89/391/EEC) made risk assessment a legal requirement across Europe, and the UK's Management of Health and Safety at Work Regulations 1999 required every employer to carry out a “suitable and sufficient” assessment. In the United States, the Occupational Safety and Health Act of 1970 created OSHA and popularised the Job Hazard Analysis. Australia and New Zealand later adopted Robens-style duties too — Australia through the harmonised model WHS Act (2011) and the concept of the PCBU, and New Zealand through the Health and Safety at Work Act 2015, passed after the Pike River mine disaster.
Today the underlying logic is near-universal, even where the paperwork has different names. Whether you call it a JHA, a SWMS, a RAMS, or an SSSP, you are doing the same thing the Robens Report described half a century ago: thinking clearly about a job before it starts.
How a risk assessment works in practice
The process is usually described in five steps. See the full walkthrough in our guide on how to do a risk assessment.
- 1
Identify the hazards
Walk the task and note what could cause harm — energy, height, traffic, manual handling, plant, chemicals, and the environment. See hazard identification.
- 2
Decide who might be harmed and how
Name the people exposed to each hazard and the mechanism of harm, including anyone more vulnerable than average.
- 3
Evaluate the risk
Judge likelihood and consequence, often using a risk matrix, and prioritise the highest ratings.
- 4
Record and apply controls
Choose controls using the hierarchy of controls, write them down, and put them in place before work begins.
- 5
Review and update
Revisit the assessment after incidents or near-misses, or whenever the method, site, equipment, or crew changes.
Risk assessment vs JHA, SWMS, RAMS and SSSP
“Risk assessment” is the umbrella term. The specific document you produce — and what the law calls it — depends on where you work and the type of job. A Job Hazard Analysis (JHA) is the US form, focused on job steps. A Safe Work Method Statement (SWMS) is required for high-risk construction work in Australia. In the UK, a Risk Assessment & Method Statement (RAMS) pairs the assessment with the method of work, and in New Zealand a Safe System of Work Plan (SSSP) does a similar job.
The hazards are universal; only the terminology and the regulator change. That is why RiskForms asks for your region and then produces the right document, with the correct governing law and columns, automatically.
Keep reading
Step-by-step walkthrough
What is a risk assessment?Definition & legal context
Hazard identificationSpotting hazards before work
Risk matrix explained5×5 likelihood × consequence
Hierarchy of controlsElimination through to PPE
Job Hazard Analysis (US)OSHA JHA / JSA
SWMS (Australia)Safe Work Method Statement
RAMS (UK)Risk Assessment & Method Statement
SSSP (New Zealand)Safe System of Work Plan
Job Hazard Analysis (Canada)Provincial & federal JHA
Put the definition into practice
Describe your task and get a complete, region-specific risk assessment in seconds — ready to review and sign.
Try RiskForms free