When is a Risk Assessment no Longer Fit for Purpose?

Written By Lewis Dale

Risk assessments are foundational in safety-critical industries. They identify hazards, evaluate risk, and justify operational decisions. In aviation and other complex systems, they're often central to safety cases, change management processes, and regulatory assurance.

But here's the uncomfortable truth: having a risk assessment doesn't automatically mean risk is being properly understood or managed. Over time, risk assessments can lose relevance, accuracy, and value -sometimes without anyone noticing. Recognising when a risk assessment is no longer fit for purpose is critical to maintaining effective safety governance.

What a risk assessment should do

At its core, a risk assessment exists to support decision-making. It should provide structured, reasoned understanding of hazards, potential consequences, and the effectiveness of controls, allowing organisations to make informed choices about how work is planned and conducted.

A fit-for-purpose risk assessment reflects the current operational context, identifies credible hazards and failure modes, considers how work is actually performed, and supports proportionate, defensible decisions.

When these conditions aren't met, the assessment may still exist on paper, but its safety value has evaporated.

When assumptions stop being true

Many risk assessments are built on assumptions about operating conditions, equipment, staffing, procedures, or external factors. Over time, these assumptions can quietly become outdated.

Operational tempo or workload changes. New technology or interfaces get introduced. Staffing levels, competence, or experience shift. Procedures drift in how they're actually applied.

When the assumptions underpinning a risk assessment no longer reflect reality, the assessment itself becomes unreliable, even if it's never been formally invalidated or withdrawn.

The static document problem

A common weakness in safety management systems is treating risk assessments as static documents. Once completed, they get filed, approved, and rarely looked at again unless prompted by an incident or audit finding.

But in complex systems, risk is dynamic. Operations evolve, controls degrade, interactions change. A risk assessment that hasn't been reviewed for several years, particularly in an environment that's experienced change, should be treated with significant caution.

Regular review doesn't necessarily mean starting from scratch, but it does require actively considering whether the assessment still reflects reality.

Generic assessments and false comfort

Generic or template-based risk assessments can be useful starting points, but they're often leaned on too heavily. When assessments are overly generic, they fail to capture local conditions, specific interfaces, or operational nuances.

Warning signs include hazards described in vague or generic terms, controls that are procedural on paper but poorly linked to actual practice, risk ratings that haven't changed despite operational change, and language that no longer reflects current equipment or processes.

In these cases, the assessment provides reassurance without genuine insight - which is arguably worse than no assessment at all.

When box-ticking takes over

In some organisations, completing a risk assessment becomes an end in itself - a requirement to satisfy rather than a tool to support thinking. This leads to assessments focused on format and scoring rather than substance.

A risk assessment that exists primarily to demonstrate compliance may understate uncertainty, avoid challenging uncomfortable assumptions, or fail to explore credible but unwelcome scenarios.

When risk assessments stop informing actual decisions, they've ceased to fulfill their intended purpose.

The value of independent challenge

Independent safety assurance can play an important role in identifying when risk assessments are no longer fit for purpose. An independent perspective challenges assumptions, tests the validity of controls, and assesses whether documented risks align with operational reality.

Not every risk assessment needs external review. But for higher-risk activities, complex systems, or significant changes, independent challenge can prevent outdated or ineffective assessments from being blindly relied upon.

Keeping assessments alive

To remain fit for purpose, risk assessments need to be treated as living documents, not static records. This means linking assessments to change management processes, periodically reviewing assumptions and controls, using operational feedback to test whether controls actually work as intended, and ensuring assessments genuinely inform real decisions.

The goal isn't producing more documentation - it's maintaining a meaningful understanding of risk that reflects how your operation actually functions.

Final thoughts

A risk assessment that's no longer fit for purpose can be more problematic than having no assessment at all. It creates false confidence, obscures emerging risk, and discourages the critical thinking that safety-critical operations depend on.

In these environments, the question shouldn't be "do we have a risk assessment?" but rather "does this assessment still reflect how our system actually operates, and is it helping us make better decisions?"

If the honest answer is no, it's time for a conversation about what needs to change.

Lewis Dale
Previous

What “Good” Compliance Looks Like in Safety-Critical Organisations
Next

What Does “Independent Safety Assurance” Actually Mean in Practice?