Risk identification, assessment, and management is a process, and there are some clear steps to help you consider the risks. Step one is about identifying what project, activity, or day-to-day operation you’re focusing on. In step two, you’ll brainstorm risks. Think through what happens in the environment or when doing the task. Step three is about using the matrix provided to assess how serious the risk is. 

Consider the financial, reputational, and human risks when setting the impact. If it’s a low impact, what does this mean? For example, is it a financial loss of $200 or $2,000? It’s important to be clear on the impact to best determine how serious the risk is. In step four, you should brainstorm what you can do to either mitigate, that means reduce the likelihood of the risk, or manage the risk, if it happens. 

Step five is for your committee to determine how they expect your service manager to monitor and review the risks? A good tip for your secretary is to add a standard agenda item called risk to make sure you’re receiving these reports from your service manager. Be sure to also involve a selection of relevant stakeholders in regular reviews. Consult with them and include them in problem solving when managing risk.