Risk Management Plan Development

A Risk Management Plan should support your agency’s mission and vision. It pertains not only to operational and property risks and other potential business risks, but also to safety of consumers, employees, visitors and volunteers. Some companies may be required to have a written Risk Management Plan through their funding source. Also, if an organization is certified by their state and/or if they are nationally accredited, they may be required to have such a plan. Whether or not a business is “required” to have a written Risk Management Plan, it is good business practice to develop one. Done properly a Risk Management Plan may help identify trends as well as minimize risks and occurrence of errors.

Every agency’s plan will vary, depending on that agency’s potential risk. The list provided below contains some things that should be covered, but your organization may have other potential risk areas that are not listed here. Adjust your plans contents to your organizations individual needs.

• Property – building and grounds
• Regulatory compliance
• Human Resources
• Safety and Security
• Education of Staff
• Information Technology
• Social Media (facebook, twitter, etc) and Media (newspapers, newsletters)
• Preparation and management of Disasters
• Finance/billing (to include insurance coverage)
• Marketing
• Consumer Satisfaction
• Confidentiality
• Insurance Claims
• Funding Streams and contracts
• Quality performance
• Employee Credentialing

Each agency will have its own set of potential risks, while some things may be more of a standard for all agencies, such as financial, social media, human resources, consumer satisfaction, health and safety, etc.

The following example is, by no means, complete. Look at the list in the above paragraph to see what else your agency may need to cover as potential risks. Again, the type organization you have will determine your particular potential risks. If set up on a table, the above list would be things that may be listed as an identified potential risk in a row on the table.

For column headings, again each organizations may be different; you may wish to use headings such as Risk Definition - Causes - Consequences - Likelihood - Impact, etc.

The objective is to identify potential loss exposure, take action to reduce risk, determine results and analyze those results and use those results in reducing risk and improving your organization's performance.

The example below is what a simple Risk Management Plan might look like.

Compiling and analyzing data to monitor performance can be used to reduce future occurrence of adverse events, as well to improve your facility's performance. This data comes from reporting of adverse events, errors, unsafe conditions, critical incidents, etc. and includes internal and external reporting. These reports may be compiled monthly, quarterly, semi-annually or annually, whatever works best for your particular organization. Documentation is a key factor in tracking the data you need in improving performance in various areas of your organization. Analyzing potential business and operational risks, as well as safety and other risks may minimize an organization’s losses by proactively identifying, preventing and controlling risks. It also aids in protecting resources, both human and resources that are intangible, such as your agency’s reputation.

A Risk Management Plan and the activities listed therein, should be reviewed on a regular basis. Forming a committee that includes personnel from different departments of your agency may help keep your finger on the pulse of the agency’s performance in reducing potential risk. Use the data collected to identify and reduce risk. Goals for your organization’s performance improvement and policy and procedures should be developed for consistency with the Risk Management Plan and customer safety goals.

All employees should be responsible for risk management and customer safety. Documentation is important in keeping track of collected data. Employees’ feedback should be encouraged. Use errors made to discuss how improvements may be made.

In the long run, due diligence regarding areas of potential risk will mean a safer environment for employees, consumers and others. It also translates to money in the organization's coffer.