Knowing which policies and procedures might complement your risk management can be challenging. Having appropriate formal processes in place whilst not producing more than you can manage is important.
Your organisation may benefit from a risk management policy. You can think of this document as an outline of the risk management procedures and processes that your organisation commits to. In addition, it can serve as an index for any other related policies or procedures that you deem appropriate for your organisation to adopt.
The Risk Management Policy
Your risk management policy may be broad; there’s no need to follow a template as every case will be different. Some risk management policies will be very succinct, simply explaining your organisation’s risk appetite, process for managing risk, responsibilities and any related policies or procedures.
Depending on the size and complexity of your organisation and the nature of your activities and service users, you may choose to include some of the following sections within your risk management policy or in their own policy or procedure.
It is likely that your organisation will choose to develop a thorough Business Continuity Plan and for all but the smallest organisations, this is likely to be a separate document that is referenced in your risk management policy. Read more about business continuity planning.
Health and Safety
There is a duty on employers to ensure the health, safety and welfare of employees, volunteers, beneficiaries, service users, trustees and visitors who may be affected by the actions of your organisation. It is likely that you will require a health and safety policy for your workplace and you may choose to reference this in your risk management policy.
This guidance is from NCVO Knowhow Nonprofit; read more.
Once you have reviewed the risks that your organisation faces, you should set up a simple spreadsheet to serve as a risk register, with a basic scoring or rating mechanism. Whilst this is likely to be a separate document to your risk assessment policy, you will likely choose to reference your risk register and how it ties in to you risk management procedure. Read more about risk registers.
Risk assessments are individual documents that are completed per event, activity or operation that requires review. It is unlikely that you would include your risk assessments in your risk management policy, however, you may choose to detail your organisation’s approach to and procedures surrounding risk assessments. This might include when they are required, who should complete or review them, what training is required to complete them etc. Read more about risk assessments.
Safeguarding is an important responsibility. If your organisation works with children, young people or adults at risk this will certainly involve developing a safeguarding policy that matches your organisation’s size and complexity, activities and service users. It should demonstrate your commitment to safeguarding and set out the roles and responsibilities volunteers and staff have to play in protecting vulnerable people from harm. It should also give clear procedures for how to report and record concerns or incidents. This guidance is from NCVO Knowhow Nonprofit; read more.
If your organisation hosts events or is likely to do so in future, you may wish to include detail on how your organisation approaches assessing and managing risk for these events. Read more about running safe events.
If any staff, volunteers or service users might travel overseas during their involvement with your organisation, you may wish to include detail on how your organisation assesses and manages risk for overseas travel, including reference to FCO guidance and any relevant insurance. Read more about overseas travel.