Risk Management Policy


Our Institute’s goals is to identify, reduce and prevent undesirable incidents or outcomes and to review past incidents and implement changes to prevent or reduce future incidents. Our Institute will continuously analyse and improve upon their policies and procedures that affect the continued success of our Institute.

Risk Management Procedure

  • Our Institute will identify the potential risks involved in the context of all the stakeholders.  The following processes will be considered:
    • Long-term strategic objectives of Our Institute;
    • Operational and day-to-day activities of Our Institute Financial management and controls of Our Institute;
    • Intellectual and information technology actions and knowledge of Our Institute;
    • Compliance/regulatory issues and policy decisions of Our Institute.
  • At the Annual Quality Management Meeting the Director will sit with all stakeholders involved in Our Institute and use the following points as guidelines to identify, prevent or reduce future risks/incidents:
    • Identify potential risks
    • Write down all the things that could potentially go wrong and how that might happen. Divide this information into sections to address each individually.
    • Analyse all the potential risks that have been identified.
    • Write down how they may occur and potential methods of prevention, additional steps that could be taken to prevent them, and how those risks are evaluated and assessed regularly.
    • Assess all the past incidences that Our Institute has encountered and how these occurrences were handled.
    • Consult past records to determine how frequently incidents have happened, and how they were handled, including processes that worked and those where there were areas of improvement.
    • Estimate the likelihood of each risk re-occurring based on the history of   Our Institute, best practices, and peer experiences.
    • Develop a treatment plan for all the risks that Our Institute identified, prioritizing the risks that Our Institute have found will be more likely to occur.
    • Be sure to outline a step-by-step expectation for how each risk will be avoided, how it will be handled if it does occur, and how it will be recorded.
    • Calculate and include cost estimation for the steps needed to align with the risk management policy recommendations.
    • Provide this information to Our Institute stakeholders when the policy is reviewed.
    • Prepare a report for both internal and external stakeholders, sharing what auditing steps are in place to revisit and evaluate the policy.
    • The internal and external audiences need different information; internal audiences need to know the greatest risks; who is accountable for what; and how the process will be monitored. External audiences need to know risk management is a part of the organization’s culture and how the process and policy has been laid out.
    • Create a data tracking system to input all statistics on risk management successes and failures, training employee to use it.
    • Creating a risk assessment form for use after an incident can be a useful tool to examine whether more precautions will have been taken. This allows all the data to be recorded right after the occurrence, and for the same information to be gathered each time. (Refer to Form 3)
  • Set up a regular monitoring process to review all risks and evaluate how the treatment plan has been working.
  • Revisit the risk management policy every 6 months to evaluate its effectiveness by comparing incident occurrence rates.
  • Revise the plan as necessary.

Our Institute is aware that Risk management planning and evaluation will be a continuous, evolving process that integrates seamlessly into a Institute or organization’s culture.

Risk Management Process Flow