Risk management

‘Risk management’ is a term used to describe a formal and structured process of identifying and managing risk.  Generally speaking, it involves assessing, and then actively managing, an organisation’s potential exposure to loss, damage or litigation.

Buying insurance is one part, but not the only part, of a risk management programme.  By paying the premium, the insured transfers some of its risk to a third party insurer.  In many cases, effective practical strategies for reducing risk, such as safety protocols and security devices, can work together with insurance to reduce risk exposure.  Indeed, some risk management strategies may result in reduced insurance costs by reducing the likelihood of claims.

Basic risk management steps

There are a number of basic steps involved in the process of managing an incorporated association's risks.  It is essentially a process of identifying each risk, evaluating each risk, deciding what actions need to be taken to address or reduce each risk and constantly monitoring and reviewing the process.

  1. Identify each risk.  This requires a thorough analysis of the association's operations, activities and business.  The aim is to identify what goes on in the association, what risks it is exposed to, what kinds of events occur that may present risks, and so on.
  2. Assess risks and consequences.  Assessment requires balancing the likelihood of a risk occurring against the potential consequences.  The association needs to decide which risks it will act upon and which risks it will ignore.  For example, an association may choose to avoid a risk by not continuing with a particular activity, or determine that the risk is so unlikely to occur that it does not require any action.
  3. Treat risks.  The association then needs to decide how it will deal with and manage each relevant risk.  This involves considering any existing risk control measures (eg insurance, security alarm), deciding whether the existing measures are adequate, considering any additional measures that may be required and so on.  This is also an exercise in balancing cost with consequences.
  4. Monitor and review the process on a regular basis.  It is important to regularly review if there has been any change in the association's risk position and, if necessary, repeat and review the process set out above.

Potential areas of risk

It is almost impossible to produce an exhaustive list of all potential risks that may apply to an incorporated association, as there are so many variables. 

However, common examples of categories of risk include:

  • individual and public health and safety;
  • security considerations (eg premises, records, computers);
  • financial and administrative risks;
  • reporting and legal requirements;
  • professional liability;
  • general liability;
  • potential for error or accident;
  • potential for damage; and
  • potential for litigation.