Every organisation carries risks. Traditionally, risk assessments have focussed on risks which might lead to employees or customers being hurt. These risks include things such as working with dangerous substances, working at heights or with machinery and slip and trip hazards. Increasingly, boards are recognising that the risk management methodology should also be applied to risks such as loss of key customers or suppliers, market downturn or bank failure.
What is a risk assessment?
A risk assessment identifies risks and how these can be dealt with. The process of carrying out a risk assessment involves:
- Identifying and analysing the risks or hazards. For each risk, an estimation of its likelihood of occurring, and impact on the business if it does occur should be made.
- Identifying ways in which a risk can be minimised. For instance, risk of fraud might be reduced by effective finance procedures.
- Recording the information in an accessible format.
- Reviewing the risk assessment on a regular basis and updating it when necessary
Who carries out a risk assessment?
Risk assessments should have input from everyone in the organisation, including the board. Staff working on the ground are well-placed to identify dangers in their working environment. Company management should identify corporate risks and the board should identify governance risks.
What is the board’s role in risk assessment?
It is the responsibility of the board to ensure that a risk assessment has been carried out, and is reviewed regularly to ensure any changes to the environment are taken into consideration. The board may delegate this role to a relevant committee, such as an audit and risk committee. The risk register should be discussed regularly at board level, and will influence the board agenda and decision making. All board members must make themeselves aware of the key risks facing the organisation.
What are typical risks?
Risks can be strategic or operational, but typical risks might include such things as:
- Risks associated with the business such as operating machinery
- Office risks such as working with computers
- Loss of key personnel
- Loss of key customers or suppliers
- Loss of finance arrangements
- Loss of reputation
Further examples can be found in our checklist of common risks and hazards.
What problems might I encounter in developing a risk assessment, and how can I deal with them?
- Staff not bought in to the process
- Ensure staff are aware that the outcome of the process is a safer working environment for all
- Link the risk assessment to corporate objectives
Steps in developing a risk assessment
- Identify potential risks
- Record these on the risk assessment record
- Prioritise these by assessing what impact they might have on the operation of the organisation. Score the impact as low, medium or high (1, 2 or 3)
- Assess and record the likelihood of the risk happening. Score the impact as low, medium or high (1, 2 or 3)
- Give the risk an overall score by multiplying the impact and likelihood scores. This will allow you to focus on the most serious risks
- Identify ways to minimise the likelihood of the risk occurring
- Develop a plan to implement risk reduction
- Identify who is responsible for each element and agree timescales
- Monitor the risk assessment on a regular basis
- The board should review the risk managment arrangements at least annually.
Is this an area of concern for you? Contact Leading Governance for more help.