Risk management is a 5-step process that involves risk identifying, analysing, controlling, monitoring and reviews.
Sometimes written or online material on risk management may differ slighly from the above in wording, and some will combine the last two steps. Essentially however, the process is the same. In a nutshell, you need to identify, assess and monitor your risks in order to control (manage) them effectively so you can protect your assets and people.
This is also a circular and continuous process – never really coming to an end (until the organisation closes).
When should you do a risk assessment?
Ideally you should consider an assessment whenever there is a change in your organisation, such as:
- moving or changing premises;
- starting a new project, running a big event or travelling overseas;
- after a catastrophic event (e.g. fire or flood);
- creating a new workforce and / or new work procedures and tasks; and / or
- developing new risk control measures in response to a risk review.
It is also a good idea to conduct an assessment annually, before renewing your church insurance cover. This helps ensure you get the right types and level of cover for your church or faith centre.
The risk management process
Identifying hazards and risks
Risks and hazards are not necessarily always tangible. While there will be important physical risks to consider (such as trip or slip hazards), there can also be psycho-social risks that prevent employees being safe at work (e.g. bullying), or risks that impact on the organisation’s reputation.
Of course it would be impossible to identify every minor blip and it’s also not a good idea to create elaborate unlikely scenarios. The important thing in this step is to identify significant risks and hazards within your organisation that could have a substantial impact.
Our previous post on common risks in churches may help you in this first step.
Analysing / assessing risks
This step involves determining the likelihood of a risk occurring and how much damage it could create or cause.
We have a risk management form on the website designed for this under Members / Forms (scroll down to find it). Note that while the form relates to events it could also be used generally.
The form contains rating and ranking tables for analysing the identified risks. These enable you to determine the probability and consequence of a risk and give it a score of either low, medium or high.
From this you can then create a plan to control the risk or develop corrective acton to reduce its score (known as ‘residual score’).
Risk control measures
There can be more than one way to manage risk. While in some cases you may be able to elimate a risk altogether, in others you can only minimise or reduce its likelihood.
The hierarchy of risk control goes as follows:
- Elimination – complete removal. This would result in a zero risk score.
- Substitution – using processes or methods that are less hazardous.
- Engineering – changing the physical characteristics of the risk.
- Isolation – for example, cordoning off dangerous zones.
- Administration – reduce risk exposure through administrative controls.
- PPE – provide Personal Protective Equipment.
For example, let’s say you identify a slip hazard. You could control the risk of people slipping through substitution (slip-resistant mats), isolation (closing off the area), engineering (improving lighting), and so on.
Obviously the higher the level the better, as this leads to a lower risk of harm or damage. Also note that if a risk has a very low score (that is, it’s highly unlikely) then you may not need to take any action at all.
Recording / monitoring
The fourth step involves keeping records of any accidents and incidents of harm and of all your findings.
There are several forms on our website you can use for this if you wish. These include:
- Incident Report – to record individual incidents and details of injuries sustained;
- Incident Register – summary of all incidents; and
- Injury or Illness Report – First-Aid record.
In a very small church it may not be mandatory to do this, legally speaking. However we would still recommend it as a means of monitoring and controlling your risks and hazards.
Reviewing your risk plan
The final step is to review how well your risk management solutions are working, based on the records you have kept.
For example, you may find a lot of accidents occurred during the year in a particular part of the building. Having this data informs you of what remedial or corrective action to take to reduce the risk and prevent further accidents.
Risk transferrence and insurance cover
Another way to manage risks is to transfer them to someone else, such as (for example) through contracts that shift the liability to another party.
Insurance cover is also sometimes referred to as a means of transferring risk, as it passes on the risk of financial losses. However, insurance providers expect you to take whatever measures you can to reduce your risks, and they could refuse a claim if you have not done so.
Types of insurance for churches include:
- Property cover – for building and contents and business interruption.
- General liability – Public and Products.
- Professional Indemnity – liability cover for professional services.
- Management liability – Directors and Officers cover.
- Personal Accident cover – for Ministers and / or Volunteers.
- Additional policies – motor vehicle, travel, crime, cyber risk, contract works.
See the insurance page for more information.
Useful links for more information
Written by Tess Oliver
Tags: asset protection, health & safety, insurance, risk management