Written by
Bryan Sim, Business Development at AnjouHealth
An OHS programme developer at AnjouHealth focused on designing workplace health and safety initiatives that help organisations create safer, healthier, and more engaged environments. He works on translating ergonomic assessments and workplace risk insights into practical initiatives such as safety campaigns, wellbeing programmes, and workplace interventions that are impactful, sustainable, and aligned with operational needs.
Overview
Every workplace accident that happens in Singapore is, in some way, a failure of risk assessment. Either the hazard was never identified, the risk was underestimated, the control measures were inadequate, or the findings were never communicated to the workers who needed them most.
Under the Workplace Safety and Health Act, all employers in Singapore must conduct risk assessments for all work activities carried out in their workplaces. This applies to every industry and business size, from small offices to large construction sites. The risk assessment must be conducted by a competent person, and records must be kept for at least 3 years.
For companies pursuing bizSAFE Level 3, a properly conducted and documented risk assessment is the core deliverable that your RM Implementation Audit will assess. For all other Singapore employers, it is a legal obligation under the WSH (Risk Management) Regulation, one that carries significant penalties if neglected.
This guide by AnjouHealth walks you through the complete risk assessment process step by step, what it involves, who should conduct it, how to assess each hazard, what controls to implement, and what to document for compliance and audit readiness.
In This Guide
- What is a workplace risk assessment and why it is required in Singapore
- Who must conduct the risk assessment
- Step 1: Assemble your risk assessment team
- Step 2: Identify all workplace hazards
- Step 3: Evaluate the risk level of each hazard
- Step 4: Implement control measures
- Step 5: Document your findings
- Step 6: Communicate findings to all workers
- Step 7: Review and update regularly
- Common mistakes that fail MOM inspections and bizSAFE audits
- Risk assessment and your bizSAFE journey
- Frequently asked questions
What Is a Workplace Risk Assessment?
A risk assessment is a systematic process of identifying workplace hazards, evaluating the likelihood and severity of harm, and determining appropriate control measures.
It is not a paperwork exercise, it is the structured process through which employers fulfil their legal duty to identify foreseeable risks to anyone affected by their work activities, and take reasonably practicable steps to eliminate or control those risks before someone gets hurt.
The key legislation governing risk assessment in Singapore includes the Workplace Safety and Health Act (WSHA), Section 12 requires every employer to take reasonably practicable measures to ensure safety and health, which includes conducting risk assessments and the WSH (Risk Management) Regulations, which specifies the requirement for risk assessment, the methodology to be used, review requirements, and communication obligations.
Who Must Conduct the Risk Assessment?

Under the WSH (Risk Management) Regulations, every employer and self-employed person must conduct a risk assessment of any work that may pose a risk to the safety and health of persons at the workplace. The RA must be conducted by a competent person, someone who has attended an approved RM course.
For bizSAFE companies, this is typically the Risk Management Champion appointed at Level 2, the person who attended the WSQ Develop a Risk Management Implementation Plan course. Their training equips them with the knowledge and skills to lead the risk assessment process competently.
A risk assessment should not be done alone or purely from a desk. Assemble a team that includes a trained Risk Assessment leader, someone who has completed the approved RA course and workers who perform the activities, as they know the actual hazards better than anyone. Worker participation is essential for a credible and practical risk assessment.
Step 1: Assemble Your Risk Assessment Team

A risk assessment conducted by one person sitting at a desk is one of the most common and most dangerous, mistakes Singapore employers make. Your RA team should include:
- The Risk Management Champion
Who leads the process, applies the risk matrix, and ensures documentation meets MOM requirements
- Supervisors and team leaders
Who understand how work is actually done, including shortcuts, workarounds, and non-routine activities that often carry the highest risk
- Frontline workers
Who face the hazards every day and can identify risks that are invisible from a management perspective
- Maintenance staff
For hazards related to equipment, machinery, and infrastructure
- WSH Officer or Coordinator
Where applicable, to provide technical guidance and ensure regulatory compliance
Before the team starts work, walk the actual workplace together. Observe work being done in real time, not staged for inspection, but as it actually happens on a normal working day.
Step 2: Identify All Workplace Hazards

Hazard identification is the foundation of the entire risk assessment. Walk through your workplace and identify anything that could potentially cause harm. Common hazard categories include physical hazards ( noise, vibration, extreme temperatures, radiation and chemical hazards, toxic substances, flammable materials, dust, fumes.)
A comprehensive hazard identification covers all six hazard categories:
- Physical hazards
Noise, vibration, extreme temperatures, radiation, lighting, working at height, slips and falls, moving machinery, manual handling loads, electrical hazards, and fire risks.
- Chemical hazards
Toxic substances, flammable or combustible materials, corrosives, dust and fumes, solvents, and any hazardous chemicals used, stored, or generated during work activities.
- Biological hazards
Exposure to bacteria, viruses, fungi, or other biological agents, relevant for healthcare, food handling, waste management, and laboratory environments.
- Ergonomic hazards
Repetitive movements, awkward postures, sustained force, prolonged standing or sitting, poor workstation design, and manual handling tasks that risk musculoskeletal injury.
- Psychosocial hazards
Workplace stress, excessive workload, harassment, shift work, fatigue, and other factors that affect mental health and well-being.
- Safety hazards
Housekeeping issues, blocked emergency exits, inadequate signage, unsecured equipment, vehicle and pedestrian interactions, and permit-to-work gaps.
Important: Do not limit hazard identification to routine work activities. Non-routine activities such as maintenance, cleaning, and emergency situations often pose higher risks than routine work and must be included in your risk assessment.
Step 3: Evaluate the Risk Level of Each Hazard

Once hazards are identified, each one must be evaluated using Singapore’s risk matrix framework. This involves assessing two dimensions:
Likelihood: how probable is it that the hazard will cause harm?
| Rating | Likelihood | Description |
| 1 | Rare | Has not happened before and is unlikely to occur |
| 2 | Unlikely | Has happened before but infrequently |
| 3 | Possible | Could happen at some point |
| 4 | Likely | Has happened several times |
| 5 | Almost certain | Happens regularly or is expected to occur |
Severity: how serious would the consequences be if harm occurred?
| Rating | Severity | Description |
| 1 | Negligible | Minor injury requiring first aid only |
| 2 | Minor | Injury requiring medical treatment |
| 3 | Moderate | Injury causing temporary disability or hospitalisation |
| 4 | Major | Permanent disability or serious injury |
| 5 | Catastrophic | Fatality or multiple serious injuries |
Risk Level = Likelihood × Severity
| Score | Risk Level | Action Required |
| 1 – 4 | Low | Monitor and maintain existing controls |
| 5 – 9 | Medium | Implement additional controls as soon as practicable |
| 10 – 14 | High | Implement controls urgently, work should not proceed without controls |
| 15 – 25 | Extreme | Stop work immediately, do not proceed until risk is reduced |
The risk level determines the urgency and nature of control measures required and the priority order in which they should be addressed.
Step 4: Implement Control Measures

For every hazard assessed as medium risk or above, appropriate control measures must be identified and implemented. Singapore’s WSH framework requires employers to follow the hierarchy of controls, starting from the most effective and working down:
- Elimination
- Remove the hazard entirely. The most effective control measure. Example: stop using a hazardous chemical by switching to a safer process that does not require it.
- Substitution
- Replace the hazard with something less dangerous. Example: replace a solvent-based cleaning product with a water-based alternative.
- Engineering Controls
- Physical measures that isolate workers from the hazard. Example: install machine guarding, exhaust ventilation, noise enclosures, or anti-slip flooring.
- Administrative Controls
- Changes to how work is done to reduce exposure. Example: job rotation to limit exposure time, permit-to-work systems, safe work procedures, toolbox meetings, and training requirements.
- Personal Protective Equipment (PPE)
- The last line of defence, used when other controls cannot adequately reduce the risk. Example: safety helmets, gloves, ear protection, respirators, safety harnesses.
Important: PPE should never be the only control measure for a significant hazard. It is the least effective control because it relies entirely on individual behaviour and can fail. Always combine PPE with higher-level controls where possible.
For each control measure identified, document:
- What the control is
- Who is responsible for implementing it
- The target implementation date
- The residual risk level after controls are in place
Step 5: Document Your Findings

Records must be kept for at least 3 years. Your risk assessment documentation must include:
- Work activity
A clear description of the task or process being assessed
- Hazard
what could cause harm
- Who might be harmed
Employees, contractors, visitors, members of the public
- Likelihood rating
With justification
- Severity rating
With justification
- Risk level
The product of likelihood and severity
- Existing controls
What is already in place
- Additional controls required
What needs to be done, by whom, and by when
- Residual risk level
The risk level after all controls are implemented
- Safe Work Procedures
For medium and high risk activities
- Date of assessment
And the names of team members involved
- Review date
When the assessment will next be reviewed
Your documentation does not need to follow a specific template, but it must be specific to your actual workplace and work activities not a generic document copied from another company or downloaded from the internet.
Step 6: Communicate Findings to All Workers

A risk assessment that is filed in a folder and never shared with the people doing the work has failed its most important purpose. Critically, communicate the findings to all affected workers. The WSH (Risk Management) Regulations require that workers are informed of the hazards, risks, and control measures relevant to their work. Display RA summaries in the workplace and incorporate them into safety briefings and induction programmes.
Practical ways to communicate risk assessment findings include:
- Toolbox meetings
Brief workers on the specific hazards and controls relevant to the day’s tasks
- Safety inductions
Ensure new workers are briefed on relevant risk assessments before starting work
- Posted RA summaries
Display key hazards and controls at the relevant workstation or work area
- Safe Work Procedures
Provide written step-by-step guidance for medium and high risk tasks
- Ongoing training
Ensure workers understand not just what the controls are, but why they matter
For multilingual workforces, ensure briefings are conducted in languages workers understand, or supplement verbal communication with visual aids and diagrams.
Step 7: Review and Update Regularly

The regulations mandate a review of the RA under specific circumstances: periodically at a minimum, every risk assessment must be reviewed and, if necessary, revised at least once every 3 years. After an Incident: a review is mandatory following any accident, dangerous occurrence, or near-miss that results in bodily injury. When Changes Occur: a review must be conducted whenever there is a significant change in work practices, procedures, machinery, or the work environment.
In practice, best-practice companies review their risk assessments more frequently than the minimum 3-year requirement, particularly in industries where work activities, equipment, and personnel change regularly. A risk assessment that was accurate two years ago may no longer reflect current workplace conditions.
Build review triggers into your safety management calendar:
- Annual review of all high-risk activity assessments
- Immediate review after any incident, near miss, or dangerous occurrence
- Review whenever new equipment, chemicals, or work processes are introduced
- Review when new workers or contractors join the team for high-risk activities
Common Mistakes That Fail MOM Inspections and bizSAFE Audits
Generic risk assessments copied from another company or template without customisation to your specific workplace and activities are one of the most common failures. Desk-based assessments, completed without visiting the workplace or consulting workers and ignoring non-routine activities (maintenance, cleaning, and emergency situations) are also frequently flagged.
Other common mistakes include:
- Underestimating likelihood or severity
Being overly optimistic about risk levels to avoid the burden of implementing controls. Auditors look for realistic assessments that reflect actual workplace conditions.
- No worker involvement
Risk assessments completed entirely by management or consultants without input from frontline workers miss the hazards that only those doing the work can identify.
- No safe work procedures for high-risk activities
Documenting a hazard as high risk but failing to develop a safe work procedure to go with it is a direct audit failure point.
- Conducting but not communicating the risk assessment to workers
This breaks the compliance chain even if the document exists.
- Not updating after changes
A risk assessment that does not reflect the current state of your workplace is not compliant, regardless of when it was last formally reviewed.
- Treating it as a one-time exercise
Risk assessment is a continuous process, not a document you produce once and file.
Risk Assessment and Your bizSAFE Journey
For companies pursuing bizSAFE certification, the risk assessment is not just a compliance document, it is the central deliverable of the entire programme:
- Level 2
Your RM Champion learns how to conduct a risk assessment through the WSQ course and develops the initial Risk Management Implementation Plan
- Level 3
Your completed risk assessment is independently audited by a MOM-approved Auditing Organisation. The auditor will verify that hazards are correctly identified, risk levels are realistic, controls are appropriate, and the plan is actually being implemented
- Level 4
Your risk assessment feeds into the broader WSHMS, which integrates risk management with objectives, legal compliance, and continual improvement
- Star
Your WSHMS, including the risk assessment framework, is audited against ISO 45001
A risk assessment that is thorough, specific, well-documented, and actively communicated to workers will pass your bizSAFE Level 3 audit and provide a strong foundation for every level above it.
Looking to Strengthen Your Workplace Safety Culture?

A risk assessment identifies the hazards, AnjouHealth helps you manage them. At AnjouHealth, we are a trusted workplace health and safety partner in Singapore, with over 1,200 professionals trained and a client satisfaction rate exceeding 95%. We help businesses build lasting WSH cultures through evidence-based programmes that go beyond documentation.
- Workplace Safety Campaigns
Interactive, hands-on campaigns that bring your risk assessment findings to life for every worker on the ground
- Workplace Ergonomics Risk Assessment (WERA)
A structured assessment of ergonomic hazards that feeds directly into your Risk Management Plan
- Occupational Health Programmes
Onsite health screenings, hearing tests, and wellness initiatives that address health hazards identified during risk assessment
- Customised WSH Solutions
Tailored programmes built around your industry, workforce size, and specific risk profile
Frequently Asked Questions
- Is a risk assessment legally required for all Singapore businesses?
- Yes. Every business in Singapore is legally required to conduct risk assessments under the Workplace Safety and Health (Risk Management) Regulations, whether you run a construction site, a manufacturing plant, or even a small office.
- Who qualifies as a competent person to conduct a risk assessment?
- A competent person is someone who has attended an approved Risk Management course such as the WSQ Develop a Risk Management Implementation Plan course attended by bizSAFE Level 2 RM Champions. They must have the knowledge and skills to identify hazards, evaluate risks, and determine appropriate control measures for the specific workplace being assessed.
- How long must risk assessment records be kept?
- Under Regulation 5(2) of the WSH (Risk Management) Regulations, all risk assessment records must be kept for a minimum of 3 years.
- How often must risk assessments be reviewed?
- At a minimum, every 3 years. However, reviews are also mandatory after any workplace accident, dangerous occurrence, or near miss, and whenever there is a significant change in work practices, equipment, or the workplace environment.
- What is the difference between a risk assessment and a Safe Work Procedure?
- A risk assessment identifies hazards and evaluates their risk level. A Safe Work Procedure is the operational document that tells workers how to perform a specific task safely incorporating the control measures identified in the risk assessment. For medium and high risk activities, both documents are required.
- Can I use a generic risk assessment template?
- You can use a template as a starting point, but the completed risk assessment must be specific to your actual workplace, your specific work activities, and your actual workforce. A generic risk assessment that does not reflect real conditions will not satisfy MOM requirements or pass a bizSAFE audit.
- Does my risk assessment need to cover contractors and visitors?
- Yes. The WSH Act requires employers to ensure the safety of anyone who may be affected by their work activities, including contractors, subcontractors, visitors, and members of the public. Hazards that could affect these groups must be included in the risk assessment.
Read Next
- bizSAFE Singapore: The Complete Guide — All Levels Explained
- bizSAFE Level 2 Singapore: The Risk Management Champion Guide
- bizSAFE Level 3 Singapore: Requirements & Certification Guide
- Toolbox Meetings Singapore: A Complete Guide for Employers
- Workplace Safety Compliance Singapore: What Employers Must Do