What Is a Suitable and Sufficient Risk Assessment?

Most risk assessments look fine.

Boxes ticked.
Hazards listed.
Likelihood and severity rated.
Job done, right?

Except it’s not.
Because here’s the truth:

A risk assessment can be legally “in place”…
…and still completely useless.

It’s not about the paperwork.

It’s about the decisions the paperwork supports.

A risk assessment isn’t a form.
It’s not a file to keep the HSE off your back.
It’s not something you do once a year to feel covered.

It’s supposed to help people make better decisions.

And if your assessment doesn’t:

• Reflect the real task flow (not the idealised version)

• Include the people doing the job

• Highlight what could actually go wrong

• Lead to controls people can and will follow

…it’s not suitable. And it’s definitely not sufficient.

Here’s what I keep seeing:

• Assessments written by someone who’s never seen the job

• Copy-paste controls that sound great but don’t fit reality

• No involvement from the people actually exposed to the risk

• Out-of-date reviews with no visible check that things still match

All that means you’re exposed.
Even if the folder looks impressive.

What “suitable and sufficient” really means

The HSE won’t care that you’ve “got one.”
They’ll care whether it helped prevent the incident.

Suitable = covers the actual risk, the actual task, the actual people
Sufficient = detailed enough to control that risk and guide decisions

What to do instead (without writing a novel)

Start with reality.
Watch the job.
Talk to the people doing it.

Then ask:

• What actually goes wrong here?

• What do people really do, not what’s in the manual?

• What makes the task awkward, rushed, or skipped?

Then build the assessment around that.

Want a checklist to test yours?

I’ve put together a quick 5-point check to see if your risk assessments pass the “suitable and sufficient” test.

Grab it here – and see if your paperwork would hold up in court…
…or collapse the second something goes wrong.