Whether you’re risk averse or a risk taker, there’s no escaping the fact that in primary care, risk assessments are essential; in fact, they’re a legal requirement. If you or I were asked to describe risk assessments in one word, I’m sure there would be some descriptors that would be edited out of this blog!

Question: risk assessments are what? To me, my one-word answer would be: subjective. Why? Because in the main they’re based on individual opinions, experience, knowledge, perceptions and, to a certain extent, feelings. This is quite shocking really – especially as the purpose of a risk assessment is to identify hazards, determine the likelihood of the risk, and implement actions to control the risk.

So, you’d think there would be no room for opinions or feelings when carrying out a risk assessment; they should be objective, fact-based, and follow a systematic process, using a pre-determined template. However, it’s unlikely that all subjectivity can be removed because rating a risk is very much down to perception; one individual may perceive the likelihood as ‘very low’, whereas their colleague may perceive and rate the likelihood as ‘low’.

We must accept that there will be an element of subjectivity, but much of that subjectivity can be removed if the risk assessment is carried out by a competent person who can enable you to meet the requirements of health and safety law. But surely, we’re all competent? I’d like to think so! The Health and Safety Executive (HSE) state, “A competent person is someone who has sufficient training and experience or knowledge and other qualities that allow them to assist you properly.”

Now, if you’re thinking that sounds expensive, think again! Because the HSE also advise, “When getting help, you should give preference to those in your own organisation who have the appropriate level of competence (which can include the employer themselves) before looking for help from outside.” So, an inside job is perfectly acceptable. Hurrah!

That’s the HSE hurdle overcome, so what about the CQC – what do they expect? Well, recent experience and discussions with those in the know at the CQC lead us to understand that one of the issues with risk assessments, from a CQC perspective, is that “they are not robust”, “don’t include sufficient detail” and “have been completed in a tick-box-like manner”. When risk assessments are an integral part of health and safety management in the workplace, that’s not good! I suppose writing, “Don’t do anything wrong today, don’t do anything wrong tomorrow and repeat” wouldn’t be an acceptable control measure? (Asking for a friend…)

So just exactly what is a robust risk assessment? Maybe we need to rephrase that and ask what makes for a suitable and sufficient risk assessment? Well, let’s start with the wording. When writing your risk assessment, do so in a clear and concise manner, avoid jargon, and keep it succinct. Make sure you take into consideration all the potential hazards associated with a particular risk. Have you involved those who might be affected by the risk, to gain not only their concerns but suggestions to reduce or remove the risk?

Does your risk assessment show that you’ve dealt with the most significant and obvious risks, and that all control measures (or mitigating actions) have been taken, and, so far as is reasonably practicable, you’ve ensured that the residual risk rating is a low as possible?

HSE advise that “the level of detail in a risk assessment should be proportionate to the risk and appropriate to the nature of the risk”. Also, remember that you can’t anticipate unforeseeable risks! So, your risk assessments can only include what you can reasonably be expected to know. Another hurrah perhaps? Maybe.

What else should your assessment include? It should explain what further action you need to take to control the risks, who is responsible for carrying out these actions, a target date for completion, and the date that the action was completed. Risk assessment done – just remember to review it regularly!

But what do you do with your risk assessments? Where do you keep them and are they easy to review? Why not use the Risk Register Manager, which is part of the Compliance Package, accessible on the HUB. It’s a quick and easy way to record and assess your practice risks, apply ratings, and monitor actions, in one central place. To learn more, take a look at this video.

If you’re still uncertain about completing a suitable and sufficient risk assessment, have a look at the Risk assessment guidance document [PLUS] and also the Risk and issues guidance document [PLUS].

Risk management is just one of the many hats we, as PMs, must wear, unless we have the luxury of delegating the responsibility to one of the team. To ensure compliance and to satisfy both the HSE and CQC, there must be an effective risk management system in place. Afterall, “If you don’t invest in risk management, it doesn’t matter what business you’re in, it’s a risky business” (Gary Cohn)