What Is A Risk Assessment In Small Business? And Why It’s So Important.

Below we explore what a risk assessment is and the importance of one for your business.

In this guide, we cover the different types of assessments along with the important facts to ensure your business remains safe and on top of any potential hazards.

A risk assessment is a way to identify potential hazards and dangers within a business that could impact people, processes, and infrastructure.

Starting a business? Check out our step by step: How to set up a business.

What Is A Risk Assessment In Business?

Risk assessment in business refers to identifying hazards that could negatively impact an organisation’s ability to conduct smooth and profitable operations.


A well thought out, risk assessment can help identify fundamental business risks and provide measures, processes, and controls to reduce the impact of these risks on your enterprise.

What Are The Types Of Risk Assessment?

Several different types of risk assessments are undertaken by businesses.

Qualitative Risk Assessments

You’ll find that the bulk of risk assessments are qualitative. They rely on one thing and one thing only: the judgment of an assessor.

A qualitative risk assessor will use their skills, experience and education to identify hazards throughout your business operations.

These risks will then either be categorised as:  

  • High Risk
  • Medium Risk
  • Low Risk

The assessor will then typically develop an assessment of those risks and put together the necessary measures to control them.

Quantitative Risk Assessments 

These kinds of assessments are a bit different.

They employ quantitative methods to measure risk levels. A specific risk matrix may be used so that a value can be assigned to the likelihood and severity of risks.

In comparison, a qualitative risk assessment (which we discussed above) is more subjective, focusing on identifying risks to measure both the likelihood of a specific event and the impact it will have during the project life cycle.

While the purpose of both assessments is broadly the same, quantitative risk analysis uses verifiable data to analyse the risks in terms of cost overruns and resource consumption (rather than the personal judgment of an experienced assessor). 

Generic Risk Assessments

These assessments are, as their name suggests, ‘generic’.

They’re mainly designed to focus on any generic hazards and risks involved in a work-related activity. For that reason, many templates used across organisations are based on generic risk assessments.

You’ll find that they are used in different places, and by a wide range of businesses, for broadly the same kind of activities.

While it may seem pragmatic to just use a general risk assessment template, every workplace is different. There’s no tried and true ‘one-size-fits-all’ approach to risk management.

Ironically, there is a ‘risk’ in using a ‘generic’ risk assessment! Any differences between your workplace and a general can affect the precise accuracy of the final analysis.

Ensure that if you do have a template, update it periodically to account for the changing circumstances of your business (as we discuss below).

Site-Specific Risk Assessments

These are arguably the most valuable assessments for any business – as they’re designed to assess the particular risks presented specifically by the operations of your business operations.

Whether you’re running an office, a factory, a warehouse, an airport or a kitchen – site-specific risk assessments are extremely valuable.

These risk assessments delve into the nitty-gritty of exactly how activities are conducted across your operations. The results could potentially transform your processes into a much safer environment for everybody.

You won’t just make your business that much safer. You can shield your operations from the reputational damage of being an unsafe employer and also help defend yourself against a potential work health and safety prosecution.

Dynamic risk assessments

These are ‘dynamic’ because they’re typically performed in a ‘spur-of-the-moment’ kind of situation.

If there are unexpected changes to the health and safety of the workplace (such as, to use a dramatic example, a mine shaft suddenly collapsing in on itself), you may simply not have time to conduct a thorough qualitative or quantitative risk assessment.

You’ll probably need to conduct an assessment on the spot – as it may not be safe to carry out any further work.

What Are The 5 Principles Of Risk Assessment?

So we’ve gone through the nature of the different types of risk assessment, but what principles must we follow when carrying them out?

1.Identifying hazards

If you’re a business that engages workers, you’ll have a legal and moral responsibility to assess the work health and safety risks that arise.

These could range from physical hazards (from sitting incorrectly on a chair to breathing in silicon dust) to mental hazards (from working ridiculously long hours to being bullied).

Hazards can also be biological: the risk of COVID-19 infection is one of the most prominent new and emerging risks we are seeing across workplaces of all kinds.

2.Identifying who is at risk

Business owners must highlight who is at risk of these hazards within their organisation – this may include permanent employees, casuals, labour-hire, contract staff, visitors, the public, clients and others.

With COVID-19 seeing more and more people work from home, persons conducting a business will need to think creatively as to how they can identify who is at risk and, as we discuss below, assess those risks.

3.Assess the risks and act.

Once the risks have been identified, they must be assessed and – even more importantly – acted upon.
Employers must consider how likely it is that each hazard could cause harm to the people under their care.

This will be especially tricky for those businesses whose employees are working remotely.

The assessment will determine whether you should reduce the level of risk as even after all precautions have been taken, some uncertainty (and therefore risk) will usually linger behind.

Decide how serious the risk is, and act accordingly.

4.Record findings

Record everything you find. Having a thorough record-keeping system is not only just a good habit to have, but also critical should you need to defend yourself in an investigation or against prosecution.

You should be noting:

  • The details of any hazards you find in the risk assessment; and
  • The action you’ve taken to reduce or eliminate risk.

Your findings will be a working document and should always be readily available for anybody to read.  

5.Review the risk assessment.

You should always constantly review your risk assessments.

This is so that agreed safe working practices continue to be applied across the board at all levels of management.

It’s also always an excellent idea to receive professional tailored advice from an expert work health and safety consultant or lawyer and seek guidance from SafeWork Australia or your State’s work health and safety regulator.

Mistakes To Avoid In Your Assessment

The most common mistakes to avoid in risk assessments are as follows:

  • Not involving employees– Not consulting and involving your employees can have both legal and practical implications in your business. Employees should be aware of all risks and their potential, this will also help to mitigate the risks through education and cooperation.
  • Out of date assessments. – Having an out of date risk assessment is very dangerous as you may have new risks within your business that are unknown due to internal change.
  • Using generic assessment templates. – Not adjusting the assessment template to suit your specific business can lead to oversight and an increase in the likelihood something bad will happen.
  • No actions– Once you have assessed potential risks, there must be an action plan to help in the mitigation and management of said risks, otherwise, the document becomes redundant.

Risk Matrix

Below is a 3 by 3 risk matrix, this is a visual representation of your risks and a way to priorities them based on severity.

The matrix allows you to rate potential risks based on calculating likelihood and severity, this will then allow you to assign a score used for prioritisation.

3x3 Risk Matrix

Other Important Questions

What are the 3 levels of risk? Answer: The generally used levels of risk are, low, medium, and high.

What are the 4 elements of a risk assessment? Answer: Identification, Analysis, Likelihood & impact, and cost of the solution.