Our new website is live! Some content may still be missing. The new portal is available — please log in and use “Forgot Password” to reset your password.

Phoenix STS Logo
News

The Importance of Risk Assessments

Author

Paddy McDonnell

Date Published

Workplace health and safety risk assessment documentation and hazard identification checklist used during Phoenix STS training

Introduction: Employer Obligations Under Irish Health and Safety Law

Every employer in Ireland has a legal duty to identify hazards in the workplace, assess the risks those hazards present, and implement appropriate control measures. This obligation is not discretionary. It is enshrined in Section 19 of the Safety, Health and Welfare at Work Act 2005, which requires employers to carry out risk assessments and to record the findings in a written safety statement.

Failure to comply can result in enforcement action by the Health and Safety Authority (HSA), including improvement notices, prohibition notices, and criminal prosecution. In serious cases, fines of up to €3,000,000 or imprisonment of up to two years may apply.

This guide explains what risk assessments are, why they matter, the legal framework that governs them in Ireland, and how to carry them out effectively. Whether you operate in construction, healthcare, manufacturing, or an office environment, the principles are the same.

What Is a Risk Assessment?

A risk assessment is a systematic process of identifying hazards in the workplace, evaluating the likelihood and severity of harm they could cause, and determining what control measures are necessary to eliminate or reduce the risk to an acceptable level.

A hazard is anything with the potential to cause harm — a wet floor, an unguarded machine, a hazardous chemical, or even work-related stress. Risk is the likelihood that someone will actually be harmed by the hazard, combined with the potential severity of that harm.

The purpose of a risk assessment is not to eliminate every hazard — that is rarely possible. Rather, it is to ensure that risks are managed sensibly, proportionately, and in accordance with best practice and legal requirements.

Key Components of a Risk Assessment

  • Identification of workplace hazards across all activities, processes, and environments
  • Assessment of who may be harmed and how — employees, contractors, visitors, members of the public
  • Evaluation of existing controls and determination of whether further measures are required
  • Documentation of findings and communication to all relevant parties
  • Regular review and updating of assessments as circumstances change

Legal Requirements for Risk Assessments in Ireland

Irish health and safety legislation places specific and enforceable duties on employers to conduct risk assessments. The principal legal instruments are outlined below.

Section 19 — Safety, Health and Welfare at Work Act 2005

Section 19 of the Safety, Health and Welfare at Work Act 2005 is the cornerstone of risk assessment law in Ireland. It requires every employer to identify hazards in the place of work, assess the risks presented by those hazards, and prepare a written assessment of the risks. The assessment must consider the safety, health, and welfare of employees and any other persons who may be affected by workplace activities.

The Act also requires that the risk assessment be reviewed where there has been a significant change in the matters to which it relates, or where there is reason to believe the assessment is no longer valid.

Section 20 — The Safety Statement

Section 20 of the 2005 Act requires employers to prepare a written safety statement based on the risk assessment carried out under Section 19. The safety statement must specify the hazards identified, the risks assessed, the protective and preventive measures taken, and the resources allocated to maintaining safety in the workplace.

The safety statement must be brought to the attention of employees at least annually, and whenever it is updated. Employers with three or fewer employees may comply with a Code of Practice published by the HSA rather than preparing an individual safety statement.

Safety, Health and Welfare at Work (General Application) Regulations 2007

The General Application Regulations 2007 (S.I. No. 299 of 2007) provide detailed requirements for specific workplace risks. These regulations cover areas such as manual handling, display screen equipment (DSE), work at height, personal protective equipment (PPE), noise, vibration, and workplace welfare. Each set of regulations requires that specific risk assessments be carried out.

For example, Part 2, Chapter 4 of the Regulations requires a specific assessment of manual handling operations where there is a risk of injury. Similarly, Chapter 5 addresses the assessment of display screen equipment workstations.

Types of Risk Assessments

While the general principles of risk assessment remain constant, different workplace environments and activities require specific types of assessment. The following are the most common types encountered in Irish workplaces.

Fire Risk Assessment

A fire risk assessment evaluates the likelihood of a fire starting, the potential for fire to spread, and the adequacy of fire safety measures in place. It considers sources of ignition, fuel sources, oxygen sources, means of escape, fire detection and warning systems, firefighting equipment, and emergency procedures.

Under the Fire Services Acts 1981 and 2003, persons having control of premises are required to take reasonable measures to guard against the outbreak of fire and to ensure the safety of persons on the premises. A comprehensive fire risk assessment is the foundation of compliance.

Manual Handling Risk Assessment

Manual handling injuries remain one of the most common causes of workplace injury in Ireland. A manual handling risk assessment examines the task, the load, the working environment, and the individual capability of the worker. The aim is to eliminate the need for hazardous manual handling where possible, or to reduce the risk to the lowest level reasonably practicable.

Chemical Risk Assessment (COSHH)

Where employees work with or are exposed to hazardous chemical agents, a chemical risk assessment must be carried out in accordance with the Safety, Health and Welfare at Work (Chemical Agents) Regulations 2001 (S.I. No. 619 of 2001). This assessment must identify all chemical agents present, evaluate the nature and degree of exposure, and determine appropriate preventive and protective measures, including ventilation, PPE, health surveillance, and emergency procedures.

Workplace Risk Assessment

A general workplace risk assessment covers the physical working environment — flooring, lighting, ventilation, temperature, welfare facilities, traffic routes, and structural safety. It is the broadest form of assessment and typically forms the basis of the employer's safety statement under Section 20.

Display Screen Equipment (DSE) Assessment

Employers must carry out a DSE workstation assessment for employees who habitually use display screen equipment as a significant part of their normal work. The assessment must evaluate the screen, keyboard, desk, chair, lighting, and the general working environment. This is particularly relevant for office-based and remote workers.

Biological Agents Risk Assessment

Where there is a risk of exposure to biological agents — bacteria, viruses, fungi, or parasites — a specific biological agents risk assessment is required under the Safety, Health and Welfare at Work (Biological Agents) Regulations 2013 (S.I. No. 572 of 2013). This is particularly relevant in healthcare, laboratory, agricultural, and waste management settings.

The Risk Assessment Process: Five Steps

The HSA recommends a structured five-step approach to risk assessment. This process is well-established, practical, and applicable across all sectors and workplace types.

Step 1: Identify the Hazards

Walk through the workplace and observe all activities, processes, and environments. Consult with employees — they often have the most direct knowledge of the hazards they face daily. Review accident and incident records, manufacturer instructions, safety data sheets, and industry guidance. Consider both routine and non-routine activities, including maintenance, cleaning, and emergency situations.

Step 2: Determine Who Might Be Harmed and How

For each hazard, identify the groups of people who may be affected. This includes employees, contractors, visitors, customers, and members of the public. Pay particular attention to vulnerable groups such as young workers, new or expectant mothers, lone workers, persons with disabilities, and workers whose first language is not English. Consider how the harm might occur — through direct contact, inhalation, repetitive strain, or other mechanisms.

Step 3: Evaluate the Risks and Decide on Control Measures

Assess the level of risk by considering the likelihood of harm occurring and the potential severity of that harm. Evaluate whether existing control measures are adequate or whether further action is needed. Apply the hierarchy of controls in the following order of preference:

  • Elimination — remove the hazard entirely
  • Substitution — replace the hazard with something less dangerous
  • Engineering controls — physical measures such as guards, ventilation, or barriers
  • Administrative controls — safe systems of work, training, signage, and supervision
  • Personal protective equipment (PPE) — the last line of defence, not the first

Step 4: Record the Findings

Document the significant findings of the risk assessment in writing. This record must include the hazards identified, the persons at risk, the existing control measures, the risk rating, and any further actions required. Under Section 20 of the 2005 Act, these findings must be incorporated into the workplace safety statement. The record serves as both a legal compliance document and a practical management tool.

Step 5: Review and Update

Risk assessments are not static documents. They must be reviewed regularly and updated whenever there is a significant change in the workplace. The review process should be systematic, documented, and involve consultation with employees and their safety representatives.

When Risk Assessments Must Be Updated

A risk assessment should be treated as a living document. The 2005 Act and associated regulations require that assessments be reviewed and, where necessary, amended in the following circumstances:

  • When there has been a significant change in the work carried out or the way it is organised
  • Following the introduction of new equipment, technology, substances, or processes
  • After an accident, incident, near miss, or case of work-related ill health
  • When new information about hazards or risks becomes available
  • Following changes in legislation, regulations, or approved codes of practice
  • When the workforce changes significantly — for example, the employment of young persons or new/expectant mothers
  • At regular planned intervals, even where no specific trigger event has occurred — annual review is considered best practice

Sector-Specific Requirements

While the general duty to carry out risk assessments applies universally, certain sectors face additional and more stringent requirements.

Healthcare and Residential Care (HIQA)

Healthcare facilities and residential care settings regulated by the Health Information and Quality Authority (HIQA) must demonstrate robust risk management systems as part of their registration and inspection processes. HIQA's National Standards require that risks to the health, safety, and welfare of residents and service users are systematically identified, assessed, and managed. Risk registers must be maintained and reviewed regularly by senior management.

Risk assessments in healthcare must also address infection prevention and control, medication management, vulnerable adult safeguarding, and the specific clinical risks associated with the services provided.

Construction

The construction sector is subject to the Safety, Health and Welfare at Work (Construction) Regulations 2013 (S.I. No. 291 of 2013). These regulations impose specific duties on clients, project supervisors for the design process (PSDP), project supervisors for the construction stage (PSCS), and contractors. Risk assessments are required for every phase of a construction project, and specific hazards such as work at height, excavation, demolition, confined spaces, and proximity to services must be addressed.

Method statements and risk assessments (often referred to as RAMS) must be prepared for each significant activity and made available to all workers before work commences.

Manufacturing

Manufacturing environments present a wide range of hazards, including moving machinery, noise, hazardous substances, manual handling, and electrical risks. Risk assessments must address machine guarding in accordance with the Safety, Health and Welfare at Work (General Application) Regulations 2007, Part 2, Chapter 2 (Use of Work Equipment). ATEX (explosive atmospheres) assessments may also be required where flammable or explosive substances are present.

Employers in manufacturing must also consider the risks associated with shift work, fatigue, and repetitive tasks when carrying out their assessments.

Legislative Framework

The following legislation forms the principal legal framework governing risk assessments in Ireland:

  • Safety, Health and Welfare at Work Act 2005 — the primary legislation establishing duties on employers, employees, and other duty holders
  • Safety, Health and Welfare at Work (General Application) Regulations 2007 (S.I. No. 299 of 2007) — detailed regulations covering specific hazards and risk types
  • Safety, Health and Welfare at Work (Construction) Regulations 2013 (S.I. No. 291 of 2013) — specific duties for the construction sector
  • Safety, Health and Welfare at Work (Chemical Agents) Regulations 2001 (S.I. No. 619 of 2001) — requirements for chemical risk assessment
  • Safety, Health and Welfare at Work (Biological Agents) Regulations 2013 (S.I. No. 572 of 2013) — requirements for biological hazards
  • Fire Services Acts 1981 and 2003 — duties relating to fire safety and fire risk assessment
  • Safety, Health and Welfare at Work (Reporting of Accidents and Dangerous Occurrences) Regulations 2016 (S.I. No. 370 of 2016) — reporting obligations following workplace incidents

Frequently Asked Questions

Who is responsible for carrying out a risk assessment?

The employer holds the primary legal duty to carry out risk assessments. However, the employer may appoint a competent person to assist with this task. A competent person is someone who has sufficient training, experience, and knowledge to identify hazards and assess risks appropriately. Many organisations engage external health and safety consultants to ensure their assessments meet legal requirements and industry best practice.

How often should risk assessments be reviewed?

There is no fixed statutory interval for reviewing risk assessments. However, best practice is to review them at least annually, and immediately following any significant change in the workplace, an accident or near miss, or the introduction of new legislation or guidance. The key principle is that the assessment must remain current and valid at all times.

What happens if an employer fails to carry out a risk assessment?

Failure to carry out a risk assessment is a criminal offence under the 2005 Act. The HSA may issue improvement notices or prohibition notices, and may prosecute employers in the District Court or, for more serious offences, on indictment. Penalties on summary conviction include fines of up to €5,000 and/or imprisonment for up to twelve months. On indictment, fines of up to €3,000,000 and/or imprisonment for up to two years may be imposed.

Do small businesses need to carry out risk assessments?

Yes. The duty to carry out risk assessments applies to all employers regardless of size. Employers with three or fewer employees may use the HSA's Guidelines on Risk Assessments and Safety Statements rather than preparing an individual safety statement from scratch. However, the risk assessment itself must still be completed and documented.

Can I carry out a risk assessment myself, or do I need a professional?

There is no legal requirement to hire an external consultant. However, the person carrying out the assessment must be competent — that is, they must have sufficient training, knowledge, and experience. For complex or high-risk environments, engaging a qualified health and safety professional is strongly recommended to ensure thoroughness, accuracy, and legal compliance.

What is the difference between a risk assessment and a safety statement?

A risk assessment (Section 19) is the process of identifying hazards and evaluating risks. A safety statement (Section 20) is the written document that records the findings of the risk assessment, sets out the protective and preventive measures in place, and specifies the duties of employees and management in relation to safety. The safety statement is built upon the risk assessment — one cannot exist without the other.

Do risk assessments apply to remote workers?

Yes. Employers owe the same duty of care to remote and home-based workers as to those working on-site. A DSE workstation assessment, ergonomic review, and assessment of the home working environment should be carried out. The HSA has published specific guidance on employer obligations for remote working arrangements.

What records must be kept?

Employers must maintain a written record of the risk assessment findings and incorporate them into the safety statement. Records of any specific assessments (manual handling, DSE, chemical agents, etc.) should also be retained. While there is no specified retention period in the 2005 Act, best practice is to retain records for a minimum of ten years, or longer where claims may arise.

How Phoenix STS Can Help

Phoenix Safety & Training Solutions provides comprehensive risk assessment services to businesses across Ireland. Our qualified health and safety consultants work with organisations in all sectors to identify workplace hazards, assess risks, and develop practical, legally compliant control measures.

Whether you require a general workplace risk assessment, a fire risk assessment, a chemical risk assessment, or sector-specific guidance for healthcare, construction, or manufacturing environments, our team can assist.

Enquire Now — contact our team to discuss your risk assessment requirements. Call us on 043 334 9611 or visit our contact page to get started.

Related Services

Disclaimer

This article is provided for general informational purposes only and does not constitute legal advice. While every effort has been made to ensure the accuracy of the information presented, legislation and regulations are subject to change. Employers should seek professional advice tailored to their specific circumstances and consult the latest versions of all referenced legislation. Phoenix STS accepts no liability for any actions taken or not taken based on the content of this article.