The types of strategies outlined above are ways that we manage risks in our own life. They can also be used for managing risks in your organisation. This material will show you how to develop and implement a risk management plan through:
- Identifying the risks your organisation faces
- Assessing the probability and likely severity of those risks
- Developing strategies for managing those risks
- Implementing and monitoring your risk management plan
The ideas provided here will assist your organisation in managing its risks across a range of areas. A risk management plan can be applied to areas such as human resource management, control of your organisation's stock and property or choice of insurance policies. In fact, risk management principles can be applied anywhere that a risk exists.
Your risk management plan will need to be regularly reviewed and updated. Risks, and the strategies available to manage them, change over time. For example, the mass marketing of low cost fire alarms has provided an affordable addition to the range of strategies available to manage the risk of fire in the home. Likewise, new ventures, changed legislation, altered work practices, a change in staffing, and so on, can all affect the range of opportunities and risks you face. Your risk management plan needs to be kept up to date to reflect such changes.
Risk management is a management committee responsibility. The management committee has the ethical, and in most cases, the legal responsibility for what happens within the organisation they govern. As a first step, the management committee can form a small working group to develop a risk management plan. To ensure that the broad ranges of interests within the organisation are considered, the working group should include at least one staff member and one member of the management committee. While the working group will be responsible for developing the risk management plan, the management committee should oversee the process and make the final decisions required to implement the plan.
You will find a number of templates and forms for this process in Useful Resources at the end of this chapter, such as “Running the Risk? A Risk Management Tool for Volunteers Involving Organisations” by Volunteering Australia.
Identifying the risk
The types of risks your organisation could be exposed to include:
- Loss, theft or damage to property
- Loss of life or damage to health
- Breaches of corporate duties by an organisation or its officers
- Breaches of other laws
- Professional negligence
- Loss of your organisation's good name
Listed below are a range of steps which a risk management working group could use to identify the risks your organisation faces. The Risk List (Fig. 1) is a useful way to begin documenting what you find out as part of your risk management plan. As you identify the various risks your organisation faces, write them in the first column of the list. The purpose of the other four columns is explained later in this chapter.
Inspecting the site
Look around your work place. What potential risks can you find? Look at the workplace from the perspective of the different people who use it. Are there hazards for children, older people or people with impaired sight? What are the fire hazards? Are there loose electrical connections, or damaged furniture? How hot is your hot water, and how accessible is it to children? Take some photos, perhaps even a video if you can, and study it closely. It is a good idea to have a couple of people do the site inspection, so that you can compare notes.
Reviewing your organisation’s work practices
The activities carried out in your organisation will have varying degrees of risk. Do staff members work with potentially dangerous clients? Is staff required to perform physical activity which may result in injury (for example, lifting clients)? Is your organisation's work particularly stressful? Is staff required to do a lot of driving, and if so, are they using their own cars, your organisation's cars or both?
Review your work practices from the perspective of other people who use your service. Are clients exposed to risks from other clients, people off the street, or from other sources? What about volunteers and management committee members?
Explore your legal exposures
Your organisation may be exposed to a number of legal risks associated with issues such as workplace health and safety, liability to clients, judiciary duty or anti-discrimination legislation. Remember, many laws require strict compliance and their prescriptions must be met as there is no option to just ‘accept the risk’ of being detected by regulators. You must comply with the law. Other chapters in this manual explore a number of these issues in more detail.
Do a “What If” analysis
For example, what if:
- Your organisation's coordinator or manager had a serious accident tomorrow?
- Your organisation's files were burnt or stolen?
- You discovered someone had embezzled several thousand dollars?
- There was a major industrial accident?
- Industrial action was taken?
- Your organisation was sued?
Talk to staff
The people who do the work often have the best idea of the risks the organisation faces. Talking to staff and volunteers can be done through individual interviews, raising the issue of risk at a staff meeting, or having specially structured sessions.
Get as many staff, volunteers, and management committee members along for a brainstorming session. Write up every suggested risk.
Fig. 1 Sample risk list and examples of risks
Theft of office equipment
Loss of hard disk data
Damage to vehicles
Injury to volunteers
Fire in the office