News & Press: The Consult

Risk Management is a Continuous Process

Tuesday, March 24, 2020  
Share |

Author: Lorraine Mazurek, CEO of Achieving Accreditation, LLC

Risk Management is a cycle. That means that it is not something that gets checked off a to-do list. Rather, it is a continuous activity. Having a risk management process means that your organization knows and understands the risks to which you are exposed. It also means that your organization has deliberately evaluated the risks and strategies in place to remove the risk altogether, reduce the likelihood of the risk happening, or minimize harm if something happens.

At a very basic level, risk management focuses you on two fundamental questions:

  • What can go wrong?
  • What will we do to prevent the harm from occurring in the first place and in response to the harm or loss if it happens?

Identify the Risk

The very first step is to identify the risks. Ask yourself what can go wrong. Every activity of an organization poses a risk, so brainstorm and document them. Consider both the general risks that could happen to any organization and the risks specific to your organization.

Risks can be:

  • Abuse that is either one-time or ongoing (physical, emotional, psychosocial, sexual, financial)
  • Personal Injury
  • Medical
  • Environmental
  • Property
  • Financial
  • Reputation/goodwill
  • Other

Good Practice Suggestion

Involving staff and your governing body in the risk identification process will give you a comprehensive picture of the risks based on different people's involvement in different areas of the organization. You may also wish to engage the services and opinions of an accountant or lawyer.


Assess the Risk

If you have done a thorough job identifying risks, you may end up with a long (and overwhelming) list.

  • The next step is to assess each of the risks based on:
    • Likelihood or frequency of the risk occurring
    • Severity of the consequences
  • Using a risk map to plot the likelihood of occurrence and the severity of the consequences will help you prioritize your next steps

Develop Strategies for Managing Risks

Consider the most appropriate risk management strategies for each identified risk:

  • Avoidance: Stop providing the service or doing an activity because it is too risky.
  • Acceptance: Some risky activities are central to your mission of your organization and your organization will choose to accept the risks
  • Modification: Change the activity to reduce the likelihood of the risk occurring or reduce the severity of the consequences. Policies and procedures are an important part of the risk management strategy because they communicate expectations and define boundaries.
  • Transfer or Sharing: Purchase insurance or transfer the risk to another organization through signing a contractual agreement with other organizations to share the risk. For example, having a contractual agreement with a laundry service to transport, clean and deliver linens rather than you providing laundry services for your linens.


When you have decided which risk management strategies will be the most effective and affordable for your organization, then:

  • Practically outline the steps and who is responsible for each step in the risk management plan
  • Communicate the plan and ensure that there is a buy-in from all who are involved in the organization, e.g. staff, and patients and other relevant stakeholders
  • Provide training for all staff so they understand the rationale of the risk management plan as well as the expectations, procedures, forms, etc.


Consider the following questions and document any changes to the plan:

  • Is your plan working?
  • Have your risks changed?
  • Have you expanded or reduced your programs and services?
  • Are changes or updates required?
  • Are staff following the risk management plan?
  • Do they need re-training on the details?
  • Do we need to better communicate the plan?

Good Practice Suggestion

Risk management is an evolving field. Therefore, it is good practice to keep current and reevaluate your organization's risk management system on an annual basis.

Achieving Accreditation is a preferred partner of AACS. Learn more.

<< Back to main page of The Consult