Your risk assessment should include:
• Management responsibilities, including the name of the competent person and a description of your system
• Competence and training of key personnel
• Any identified potential risk sources
• Any means of preventing the risk or controls in place to control risks
• Monitoring, inspection and maintenance procedures
• Records of the monitoring results and inspection and checks carried out
• Arrangements to review the risk assessment regularly, particularly when there is reason to suspect it is no longer valid
If you conclude that there is no reasonably foreseeable risk or the risks are low and are being properly managed to comply with the law, your assessment is complete. You may not need to take any further action at this stage, but any existing controls must be maintained and the assessment reviewed regularly in case anything changes in your system.