Assess the risks:
If you have done a thorough job of identifying risks, you may end up with a long (and overwhelming) list.
The next step is to assess each of the risks based on the (1) likelihood or frequency of the risk occurring and (2) the severity of the consequences.
Using a risk map to plot the likelihood of occurrence and the severity of the consequences will help you prioritize your next steps.
Develop strategies for managing risks:
Consider the most appropriate risk management strategies for each identified risk:
Avoidance – Stop providing the service or doing the activity because it is too risky.
Acceptance – Some risky activities are central to the mission of an organization and an organization will choose to accept the risks.
Modification – Change the activity to reduce the likelihood of the risk occurring or reduce the severity of the consequences. Policies and procedures are an important part of this risk management strategy because they communicate expectations and define boundaries. Learn more about writing policies and procedures. When it comes to third party risk management, you might want to deploy additional strategies.
Transfer or sharing – Purchase insurance or transfer the risk to another organization through signing a contractual agreement with other organizations to share the risk (for example, having a contractual agreement with a bus company to transport clients rather than staff driving clients).
When you have decided which risk management strategies will be the most effective and affordable for your organization, practically outline the steps and who is responsible for each step in the risk management plan.
Communicate the plan and ensure that there is buy-in from all who are involved in the organization (staff, volunteers, clients, other relevant stakeholders).
Provide training for all organizational staff and volunteers so they understand the rationale of the risk management plan as well as the expectations, procedures, forms, etc.
Consider the following questions and document any changes to the plan:
- Is your plan working?
- Have your risks changed?
- Have you expanded or reduced your programs and services?
- Are changes or updates required?
- Are staff and volunteers following the risk management plan?
- Do they need re-training on the details?
- Do we need to better communicate the plan?