How to Conduct a Risk Assessment That Actually Works

Risk assessment is legally required under Czech law — specifically under § 102 of the Labour Code and the implementing regulations. But the difference between a risk assessment that ticks a box and one that genuinely protects your workers is significant, and most employers fall on the wrong side of that line.

The five-step framework

The classic five-step approach remains the most practical structure:

1. Identify the hazards — walk the workplace, review past incidents and near-misses, consult workers
2. Decide who might be harmed and how — think about all groups including new starters, young workers, contractors, visitors
3. Evaluate the risks and decide on precautions — use a risk matrix, consider existing controls, determine what more is needed
4. Record your findings and implement them — write it down, assign actions, set deadlines
5. Review and update as needed — risk assessments are living documents, not annual filing exercises

The most common mistakes

Completing assessments without involving workers

The people doing the job every day understand the hazards far better than anyone sitting in an office. Not involving them means you'll miss things — and you'll produce a document workers don't trust or use.

Using generic assessments without site-specific review

Downloading a template risk assessment for "office work" and filing it without review is almost useless. Generic assessments must be adapted to your specific people, processes, and environment.

Rating everything as "low risk" to close the job

This is unfortunately common. Risk assessments that show only low risks tell you nothing useful and provide no protection when something goes wrong. Be honest about severity and likelihood — that's the only way the assessment drives real improvements.

Not reviewing after incidents or changes

Every near-miss, injury, or change in process, equipment, or personnel should trigger a review of relevant risk assessments. The assessment that existed when the incident happened was clearly inadequate — update it.

What "suitable and sufficient" means in practice

The legal standard for risk assessments in Czech law (mirroring EU Directive 89/391/EEC) is that they must be suitable and sufficient. In practice this means:

• The significant risks have been identified (you don't need to document trivial risks)
• The people who might be affected have been considered
• The precautions are reasonable and the remaining risk is low
• The assessment was carried out by a competent person

Competent person under Czech law means someone with sufficient knowledge, skills, and experience — which in many cases means engaging an external HSE consultant like Solid Safety, particularly for complex or high-risk tasks.

A practical tip: start with your incident history

If you're not sure where to focus your risk assessment efforts, start by reviewing your incident and near-miss records for the past two years. The hazards that have already caused harm or near-harm are almost certainly your highest priorities.

If you don't have incident records, that's itself a significant gap you should address first.

---

If you'd like help developing a risk assessment programme for your organisation, or reviewing assessments you already have in place, get in touch with Solid Safety.