NHS Logo

Quality and safety

Risk assessment

Risk assessments should take place at least annually, more often if there are Folder graphicmajor changes in care, services or environment or new hazards are identified. They should be performed at all sites, services and clinical areas and also for key clinical issues such as infection control, devices, local high risk procedures and major new practices and treatments.

- Read less + Read more


  • Other aspects of care/service may require risk assessments at the discretion of staff where there is potential for significant risk.
  • Any hazards identified must be assessed and appropriate controls identified. Completed assessments will be kept by the lead for the relevant area and a copy submitted to the risk department.
  • The outcome of any risk assessments must be communicated to staff, along with notification of the actions that are required by them to reduce associated risks.

Risk registersUnwell person graphic

  • Every site, clinical area and department must have its own risk register reflecting its particular risks and degree of severity.
  • Registers will be shared or co-managed with the partner trust.
  • Risk registers will be kept by the relevant leads and managers and a copy submitted to the risk department.
  • All staff must be fully informed of their responsibilities, populate their local risk registers and update the directorate risk register regularly.
  • Formal review of significant risks should take place at least quarterly at performance meetings.
  • Where it is not possible for a risk to be managed locally or it is significant, it should be escalated to the corporate risk register, via the relevant director.
  • The corporate risk register will contain the high level risks that cannot be managed at directorate level or are organisation-wide or strategic in nature. The executive lead for corporate governance will manage the corporate risk register which will be reviewed by the board.

Risk mitigation

Management of risk should take place day to day in all clinical and non-clinical areas. It is anticipated that the hierarchy below, shown in priority order, will be followed:

  • Avoid/eliminate the risk: for example cease the activity with which the risk is associated.
  • Treat the risk, ie implement a control measure to reduce either the likelihood or consequence of the risk.Risk assessment checklist graphic
  • Transfer the risk to another party, such as an insurance company or contractor.
  • Considerations:
    – Is the cost of mitigating the risk proportionate?
    – Does the mitigation affect other people who should be informed?
    – Do you have contingency plans in case the risk materialises?