What It Is
An organization’s risk management plan outlines the potential risks it faces, as well as methods for minimizing or eliminating those risks. The risks and corresponding remedies vary depending on the organization, with examples including financial risks and safety risks.
Why It Matters
A risk management plan can help your organization identify and address liabilities, promote safe and effective practices, and secure employees’ commitment to improvement.
Risk management that incorporates sustainability factors is increasingly becoming a requirement to do business today. “Embracing sustainability is fundamental to managing a company’s risk profile and is essentially good business practice.”
- Step One: Gather data.
- Step Two: Identify potential risks.
“Risk management begins with data management. Integrating the fragmented data -from growth, acquisitions, and outgrown models – can lead to a more effective risk management strategy. To that end, a business leader needs data from various areas in his/her organization, including:
- human resources
After getting the data together, supervisors and employees can begin identifying organizational risks. Common organizational risks include:
- employee turnover
- poor communication
- safety hazards
- environmental vulnerabilities
- economic factors
To help identify and organize potential risks, Businessballs, a free organizational development resource, offers project management templates, including a risk analysis template. You will find the template on page 8 of this PDF.
After identifying risks, the next step is to decide how best to mitigate them. Employees can help devise ways to curtail risk, drawing from their departments of expertise to develop a plan of action to reduce risk factors. In some cases, if a deeper dive is desired, a manager may wish to hire a risk management consultant from outside the company.
For a fee, project managers can use software programs to help them manage potential risks. The Nonprofit Risk Management Center has created a program to guide organizations through the risk management planning process. SAS also offers RMP software.
Although best risk management practices vary depending on the organization, the CDC has identified eight best practices, which can be applied to any organization:
- identify early
- identify continuously
- define and plan
The London School of Business and Finance provides a series of short videos, which illustrate the importance of risk management planning. The videos discuss Skytrain, a now-defunct airline that suffered from poor risk management:
Introduction to Risk Management by LSBF Global MPA
Creating a written plan for risk management maximizes an organization’s chances of weathering storms and positioning itself for long-term success.
Resources for More Information
Arup, Resilience, Security and Risk
Center for Disease Control (CDC), Emergency Response Resources
Environmental Protection Agency (EPA), Risk Management Plan Rule
ISO Review, Organizational Risk Management and the Procurement Department
SAS, Risk Management Knowledge Exchange
Fundamentals of Risk Management by Paul Hopkin
Strategic Risk Taking: A Framework for Risk Management by Aswath Damodaran
Glossary of Related Terms
Business Continuity Plan: A business continuity plan describes how an organization prepares for future incidents that could jeopardize the organization’s core mission and its long-term health. Incidents include local incidents like building fires, regional incidents like earthquakes, or national incidents like pandemic illness.
 “What is a Risk Management Plan?” Community Risk Management and Insurance 14, no. 3 (September/October 2005): 1. Available in full at: http://www.nonprofitrisk.org/library/newsletter/0905.pdf
 David Singleton, “Sustainability: A Risk Management Perspective,” ARUP, 1. Available in full at: http://www.docstoc.com/docs/22969205/Sustainability-A-risk-management-perspective
 “Important Questions About Risk Management,” ECRI Institute, https://www.ecri.org/Clinical_RM_Program/Pages/Important_Questions_About_Risk_Management.aspx, accessed 7 August 2013.
 Waynette Tubbs, “Four benefits of data integration for risk management,” The Knowledge Exchange, 10 November 2011, http://www.sas.com/knowledge-exchange/risk/integrated-risk/four-benefits-of-data-integration-for-risk-management/index.html, accessed 7 August 2013.