January 10, 2020
How to Create a Risk Management Plan
When we think of risk, the first thing that usually comes to mind is insurance. But insurance is just one component of a sound risk management plan.
A risk management plan includes insurance, plus all the other strategies you need for dealing with the risks associated with your business or organization.
The following steps outline the main components of a traditional risk management plan as practiced by professional risk managers all over the world. While large corporations follow this procedure, it works just as well for all sizes of organization. Even a one-person retail operation will find following this procedure helpful for identifying, assessing and managing risks. (This version has been adapted from an article published by the Small Business Development Corporation of Australia):
Identify the risk.
Some useful techniques include:
- Evaluating the functions of your business that could have a negative impact — for example, slips and falls in a store, harmful effects from a product you make, injuries to the public from your vehicles, etc.
- Reviewing your records such as safety incidents and complaints.
- Identifying the external risks that could impact your business (weather, city planning decisions, etc.). Some of the ways to accomplish this include asking yourself and your staff questions like “what if”:
- you lost power
- your premises were damaged or not accessible?
- your suppliers went out of business?
- there was a natural disaster in your area?
- one of your key staff members resigned or was injured at work?
- your computer system was hacked?
- your business documents were destroyed?
Assess the risk.
Next, assess each risk you’ve identified by establishing:
- the likelihood (frequency) of it occurring
- the consequence (impact) if it occurred
TIP: The level of risk is calculated using this formula: Level of risk = likelihood x consequence.
To determine the likelihood and consequence of each risk it is useful to identify how each risk is currently controlled.
Controls may include:
- engineering controls
- administrative controls
- personal protective equipment.
The risk analysis matrix below can help you to determine levels of risk. After you’ve assessed the risk, you need to determine how to:
Manage the risk.
Managing risks involves developing cost effective options to deal with them including:
- transferring (including insurance)
Avoid the risk — change your business process, equipment or material to achieve a similar outcome but with less risk.
Reduce the risk — if a risk can’t be avoided, reduce its likelihood and consequence. This could include staff training, documenting procedures and policies, complying with legislation, maintaining equipment, practicing emergency procedures, keeping records safely secured and contingency planning.
Transfer the risk — transfer some or all of the risk to another party through contracting, insurance, partnerships or joint ventures.
Accept the risk — this may be your only option.
Once you’ve evaluated your risks, by identifying, assessing and determining the best ways to manage them with a risk management plan, frequently:
Monitor and review.
You should monitor and review your risk management plan regularly and ensure that the control measures and insurance coverages you’ve provided are adequate. Discuss your risk management plan with your broker regularly.