All organisations aim to run risk free operations, however the truth is that no matter how careful they are there is always a danger of exposure to unexpected and unplanned for threats.

Implementing a risk management policy throughout an organisation is the best way of identifying and managing these threats before they become costly problems.

Embedding such a policy within daily operations also helps with making well informed choices as decision-makers better understand and evaluate the wider impact their actions have.

For organisations who don't yet have a risk management policy in place, there are some basics to include within its development:

a) Risk assessment and identification

What threats are posed to the organisation now and in the future? Are there any vulnerabilities that leave the organisation exposed to risks? Consider information, assets, personnel, reputation, legal, financial and technical aspects that may be at threat.

This stage of the process should also consider what controls and measures are already in place to deal with risks This will help to identify any weaknesses in current risk strategies that need strengthening.

b) Risk ranking

To help carry out this task it is a good idea for organisations to adopt some form of risk classification system. This helps analyse and rank risks in a consistent manner and focus the allocation of resources.

Each risk needs to be ranked within a logical framework. For example, how significant is the risk? High, medium or low priority. Is it financial, legal, operational or strategic?

c) Action plan

An action plan details how each risk will be effectively dealt with and by whom. The plan will allocate each risk to a person or department and make clear the expectations for dealing with the threat.

The plan will also consider resources available for dealing with the risk, cost-effectiveness of planned risk management activity and deadline for remedial action.

d) Assessment and review.

Reviewing risks needs to be an on-going process. Risk management activity should be reviewed at regular intervals to ensure its' effectiveness and uncover any weaknesses.

Where weaknesses occur this provides opportunity for upgrading internal processes to strengthen them against repeat threats.

e) Compliance

Where necessary the risk management policy should also ensure controls and measures in place comply with quality standards and corporate governance.

f) Review and improvement

Risk management policies are an evolving beast and should be under constant scrutiny to ensure they remain relevant and effective. New risks need incorporating, less significant risks may need removing. Allocation of resources may need updating and responsibility reassigned according to findings. All this will ensure a strong risk management policy.

Once implemented a risk policy requires careful management to ensure it meets statutory and regulatory obligations. Using risk management software is an effective, consistent and cost effective means of automating key risk manager processes throughout an organisation, whilst meeting necessary checks and measures.