What is a risk management strategy?

A risk management strategy provides a structured and coherent approach to identifying, assessing and managing risk. It builds in a process for regularly updating and reviewing the assessment based on new developments or actions taken. A risk management strategy can be developed and implemented by even the smallest of groups or projects or built into a complex strategy for a multi-site international organisation.

The process of identifying and reviewing the risks that you face is known as risk assessment. By assessing risks you are able to be actively aware of where uncertainty surrounding events or outcomes exists and identifying steps that can be taken to protect the organisation, people and assets concerned. How this is achieved and the level of detail which is considered can vary between organisations. In many circumstances, where staff or volunteers have a more hands-on role in the organisation, the Management Committee may not carry out the risk assessment themselves.

Example 1:

Implementing a risk management strategy in a small organisation

Lone Fathers Action Group set aside one committee meeting per year to review the major risks faced by the group. One committee member has responsibility for risk management and facilitates the discussion. They ensure that the discussion is documented and use subsequent meetings to check progress against actions are then followed up in subsequent meetings. Every 6 months this committee member reports to the committee on any changes in the levels of risk faced.

Example 2:

Implementing a risk management strategy in a large organisation

In Tree Conservation International, risk management is one of the key responsibilities of the Assistant Director. They provide training for each manager within the organisation to ensure that risk assessment is built into their working practices and to enable them to carry out annual risk assessments of each project, using the organisation's templates. These are then collated by the Assistant Director to enable Senior Managers to discuss and assess the overall risks to the organisation. A prioritised profile of the top 30 risks is then presented to the Management Committee for their consideration to ensure they are happy to accept the risks to the organisation and approve the actions being taken. This process usually takes 2 months. Progress is reviewed after 6 months with a report sent to the Management Committee. Risks are reassessed annually.

Conducting risk assessment

Regardless of who carries it out, risk assessment should be:

  • systematic;
  • recorded; and
  • regularly reviewed.

As a Management Committee, you will want to concern yourself most with identifying and managing major risks. 

"Major risks are those risks which have a high likelihood of occurring and would, if they occurred, have a severe impact on operational performance, achievement of aims and objectives or could damage the reputation of the charity, changing the way management committee members, supporters or beneficiaries might deal with the charity." (Charity Commission for England and Wales Guidance)

However, it is sensible and good practice to ensure that risk assessment forms an integral part of management and planning for the whole organisation and its projects.